ITSS 3300 Lecture Notes - Lecture 8: Proxy Server, Public-Key Cryptography, Public Key Certificate
25 Jun 2018
School
Department
Course
Professor
CH 8 information security
Why are systems vulnerable:
Security: policies, procedures and technical measures used to prevent unauthorized access, altercation,
theft etc
Controls:
Accessibility of networks
Hardware and software probs
Disasters
Use of networks/computer outside of firm’s control
Loss and theft
Figure 8.1 contemporary security challenges
Malicious software: rogue software program that attaches itself to other software programs or data
files in order to be executed.
-malware: virous, worms, trojans, spyware
worms- independent computer programs that copy themselves from one computer to other
computers over a network.
Trojan horse- often a way for viruses or other malicious code to be introduced into a computer system.
-drive by downloads
find more resources at oneclass.com
find more resources at oneclass.com
-SQL injection networks-take advantage of vulnerabilities in poorly coded Web application software to
introduce malicious program code into a company’s systems and networks.
-ransomware
-social network malware
-Keyloggers record every keystroke made on a computer to steal serial numbers for software
Hackers vs crackers
Hacker- intends to gain unauthorized access to a computer system.
Cracker- denote a hacker with criminal intent.
Activities include:
-system intrusion
- Spoofing (redirecting a Web link to an address different from the intended one) and sniffing
(eavesdropping program that monitors information traveling over a network) to gather info on which
websites u visit.
Hackers and computer crime:
Denial of service attacks (Dos)- arrest more than one machine and sending multiple requests to one
website
Distributed denial of service attacks (take over of multiple machines, more invasive)
-Botnets (multiple computers doing the attack, certain actions- arrest data, arrest hardware etc)
-Spam
Computer crime
-computer may be target crime
-computer may be instrument of crime
Identity theft:
-phishing- fake emails from untrusted places tht pose as legitmate
-evil twins- replicates legit wi-fi networks, so fake one, access to ur computer now
-pharming- redirects users to a bogus Web page.
Click fraud- individual or computer program fraudulently clicks on an online ad without any intention of
learning more about the advertiser or making a purchase.
Cyberterrorism
cyberwarfare
risks:
-customer/employee data can be breached
-social engineering-Malicious intruders seeking system access sometimes trick employees into revealing
their passwords by pretending to be legitimate members.
-Financial assets
-SOX, to invade SOX and break the controls
Trade secrets-information property/ trade secrets leaked
Commercial software:
Software vulnerability:
-hidden bugs or program code defects
-small pieces of software called patches to repair the flaws without disturbing the proper operation of
the software.
Business value of security:
-A security breach may cut into a firm’s market value almost immediately
find more resources at oneclass.com
find more resources at oneclass.com
Document Summary
Security: policies, procedures and technical measures used to prevent unauthorized access, altercation, theft etc. Use of networks/computer outside of firm"s control. Malicious software: rogue software program that attaches itself to other software programs or data files in order to be executed. Malware: virous, worms, trojans, spyware worms- independent computer programs that copy themselves from one computer to other computers over a network. Trojan horse- often a way for viruses or other malicious code to be introduced into a computer system. Sql injection networks-take advantage of vulnerabilities in poorly coded web application software to introduce malicious program code into a company"s systems and networks. Keyloggers record every keystroke made on a computer to steal serial numbers for software. Hacker- intends to gain unauthorized access to a computer system. Spoofing (redirecting a web link to an address different from the intended one) and sniffing (eavesdropping program that monitors information traveling over a network) to gather info on which websites u visit.
