Professional Documents
Culture Documents
IT Security Incidents: A
Worsening Problem
Page 68
3
IT Security Incidents: A
Worsening Problem (continued)
Page 69
4
Network era
Internet era
Easy to share information
Information technology
IT is necessary to achieve organization goals
Difficult to keep up with the pace of technology
changes
Page 70
5
Security Terms
Exploit
Attack that takes advantage of a particular
system vulnerability
Zero-day attack
Takes place before a vulnerability is discovered or
fixed
Patch
Fix to eliminate a problem
Problem: Users responsible to install patches
Page 70
6
Number of Vulnerabilities
Reported to CERT/CC
2004 Stopped
reporting attack
numbers
Page 71
7
Pages 72 - 75
8
Page 73
9
Perpetrators - Matching
_Collusion
_Cracker
_Cybercriminal
_Cyberterrorist
_Hacker
_Industrial Spy
_Insider
_Lamer
_Script kiddie
A.
B.
C.
D.
E.
F.
G.
H.
Page 75
10
Legal Overview:
The Check Clearing for the 21st Century Act
Page 79
11
Reducing Vulnerabilities
Security
Combination of technology, policy, and people
Requires a wide range of activities to be effective
Page 81
12
Risk Assessment
Page 82
13
Page 82
14
Prevention- Matching
_ Antivirus
_Firewall
_Risk
Assessment
_Security Policy
_Security
Training
_Virtual Private
Network
A.
B.
C.
D.
E.
F.
15
Prevention- Matching
_Backup
_Intrusion
Detection
System
_Intrusion
Prevention
System
_Honeypot
_Security Audit
A.
B.
C.
D.
E.
16
Firewall Protection
Page 84
17
Protect your PC
Anti-Virus Software
Page 85
18
Response Summary
Plan for the worse
1. Incident notification who and who not to
notify
2. Protect evidence using Activity Logs
3. Incident Containment
4. Incident Eradication
5. Incident Follow-up
6. How much effort to capture criminal?
Negative Publicity
Inform Customers?
Ethics in Information Technology, Second
Edition
Page 89
19
See www.sans.org/top20/
CERT/CC
See www.us-cert.gov/current/
20
Response
Page 90
21
Response
Act quickly to contain an attack
Eradication effort
Follow-up
Determine how security was compromised
Prevent it from happening again
Page 90
22
Response
Review
Determine exactly what happened
Evaluate how the organization responded
Page 91
23
Summary
Assessment
Questions
Chapter 3 Page 95
24
Unused Slides
Provided by Textbook
25
Objectives
26
Objectives (continued)
27
Objectives
28
Summary
Ethical decisions regarding IT security
include determining which information
systems and data most need protection
65-fold increase in the number of reported
IT security incidents from 1997 to 2003
Most incidents involve a:
Virus
Worm
Trojan horse
Denial-of-service
Page 94
29
Summary (continued)
Perpetrators include:
Hackers
Crackers
Industrial spies
Cybercriminals
Cyberterrorists
Page 94
30
Summary (continued)
Page 94
31
Page 69
32
Page 69-70
33
Classifying Perpetrators of
Computer Crime
Page 76
40
Hackers
Test limitations of systems out of intellectual
curiosity
Crackers
Cracking is a form of hacking
Clearly criminal activity
Page 76
41
Malicious Insiders
Top security concern for companies
Estimated 85 percent of all fraud is
committed by employees
Usually due to weaknesses in internal
control procedures
Collusion is cooperation between an
employee and an outsider
Insiders are not necessarily employees
Page 77
42
Industrial Spies
Illegally obtain trade secrets from
competitors
Trade secrets are protected by the
Economic Espionage Act of 1996
Competitive intelligence
Industrial espionage
Uses illegal means
Obtains information not available to the public
Ethics in Information Technology, Second
Edition
Page 77
43
Cybercriminals
Hack into corporate computers and steal
Engage in all forms of computer fraud
Chargebacks are disputed transactions
Loss of customer trust has more impact than
fraud
To reduce the potential for online credit card
fraud sites:
Page 78
44
Cybercriminals (continued)
Smart cards
Contain a memory chip
Are updated with encrypted data every time the
card is used
Used widely in Europe
Not widely used in the U.S.
Page 79
45
Cyberterrorists
Intimidate or coerce governments to
advance political or social objectives
Launch computer-based attacks
Seek to cause harm
Page 80
46
Establishing a Security
Policy
Not how to do it
Page 82
47
Trade-off between
Ease of use
Increased security
Areas of concern
E-mail attachments
Wireless devices
Page 83
48
Guarding passwords
Not allowing others to use passwords
Applying strict access controls to protect data
Reporting all unusual activity
Ethics in Information Technology, Second
Edition
Page 83
49
Prevention
Firewall
Limits network access
Antivirus software
Scans for a specific sequence of bytes
Known as the virus signature
Norton Antivirus
Dr. Solomons Antivirus from McAfee
Page 84
50
Prevention (continued)
Antivirus software
Continually updated with the latest virus
detection information
Called definitions
Page 85
51
Prevention (continued)
Page 87
52
Detection
Detection systems
Catch intruders in the act
Knowledge-based approach
Behavior-based approach
Page 88
53
Detection (continued)
Page 88
54
Detection (continued)
Honeypot
Provides would-be hackers with fake information
about the network
Decoy server
Well-isolated from the rest of the network
Can extensively log activities of intruders
Page 89
55