13 - Securing IT Systems 2011

13 - Securing IT Systems 2011 - Securing IT Systems Bin Gu...

Info iconThis preview shows pages 1–9. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: Securing IT Systems Bin Gu, Ph.D. Assistant Professor of IM [email protected] Ph: 512-471-1582; Fax: 512-471-0587 • Why are information systems vulnerable to destruction, error, and abuse? • What is the business value of security and control? • What are the components of an organizational framework for security and control? • What are the most important tools and technologies for safeguarding information resources? LEARNING OBJECTIVES § Facebook – world’s largest social network § Problem – Identity theft and malicious software § Examples: § 2009 18-month hacker scam for passwords, resulted in Trojan horse download that stole financial data § Dec 2008 Koobface worm § May 2010 Spam campaigned aimed at stealing logins § Illustrates: Types of security attacks facing consumers § Demonstrates: Ubiquity of hacking, malicious software You’re on Facebook? Watch Out! • Security: • Policies, procedures and technical measures used to prevent unauthorized access, alteration, theft, or physical damage to information systems • Controls: • Methods, policies, and organizational procedures that ensure safety of organization’s assets; accuracy and reliability of its accounting records; and operational adherence to management standards System Vulnerability and Abuse • Why systems are vulnerable • Accessibility of networks • Hardware problems (breakdowns, configuration errors, damage from improper use or crime) • Software problems (programming errors, installation errors, unauthorized changes) • Disasters • Use of networks/computers outside of firm’s control • Loss and theft of portable devices System Vulnerability and Abuse The architecture of a Web-based application typically includes a Web client, a server, and corporate information systems linked to databases. Each of these components presents security challenges and vulnerabilities. Floods, fires, power failures, and other electrical problems can cause disruptions at any point in the network. Contemporary Security Challenges and Vulnerabilities • Internet vulnerabilities • Network open to anyone • Size of Internet means abuses can have wide impact • Use of fixed Internet addresses with cable or DSL modems creates fixed targets hackers • Unencrypted VOIP • E-mail, P2P, IM • Interception • Attachments with malicious software • Transmitting trade secrets System Vulnerability and Abuse • Wireless security challenges • Radio frequency bands easy to scan • SSIDs (service set identifiers) • Identify access points • Broadcast multiple times • War driving • Eavesdroppers drive by buildings and try to intercept network traffic • When hacker gains access to SSID, has access to network’s resources • WEP (Wired Equivalent Privacy) • Security standard for 802.11 • Basic specification uses shared password for both users and access point • Users often fail to use security features System Vulnerability and Abuse Many Wi-Fi networks can...
View Full Document

{[ snackBarMessage ]}

Page1 / 39

13 - Securing IT Systems 2011 - Securing IT Systems Bin Gu...

This preview shows document pages 1 - 9. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online