Study Guides (248,073)
Canada (121,281)
York University (10,191)
Accounting (98)
ACTG 4620 (4)

Final Exam Notes - Chapter 8.docx

11 Pages
Unlock Document

ACTG 4620
David Chan

Chapter 8: Common Access Controls Security Threats Hacking rootkit o Risks Obtaining sensitive information Defacing website Changing website information Bringing down/jamming website o Controls Firewall Strong passwords Intrusion prevention/detection system Encryption Hardware theft loss or disclosure of information o Controls Notebook locks User education Enforce passwords and encryption Identity theft o Examples Social engineering Phishing o Controls User education Train to follow procedure and challenge strangers Inappropriate use of IT resources bad reputation or legal liability o Policy must state what uses are not acceptable Internal breach o Internal hacking, password cracking, copying information from an unattended computer Spam virus, give out personal info, accidentally delete work-related messages Sniffing gain unauthorized access to information o Examples Installing sniffing program on a networked computer Connecting a sniffing device to a router or switch Connecting a sniffing device to a circuit Connecting a computer w/ a sniffing program or a sniffing device to a wireless channel o Wireless network Access point must require strong authentication for connection by user devices Software theft legal liability, loss of competitiveness o Controls Access controls Employee education Stringent procedures covering software updates, storage and distribution Spoofing obtaining access using false identity, email spoofing/MAC address spoofing o Controls Firewall Intrusion detection system Encryption for wireless network Hardened work station and server OS parameters Digital signatures, user education and firewall (email spoofing) Virus has to be triggered o Risks Erasing o/s files causing computer to misbehave or shut down Erasing passwords Password copying Infecting other email addresses Disabling o/s security settings Sending to other computers o Controls Anti-virus software User education Worm looks for security hole in a system software product (e.g. o/s) and generate high volume of packets to clog up computer and network o Denial of service attack o Controls Software patches Reinstall anti-virus software Cookies o Manipulated by end users to elevate privileges or impersonate others o Sniffed/stolen o Track more information than necessary, invading privacy o Controls Encrypt contents of cookies Avoid strong authentication credentials in cookies server side storage of data Risks/attacks against web applications o Improper input validation (e.g. changing URL) Control implement edit checks on the server side o Cross-site scripting attacks o Buffer overflow attacks Malicious input spills into sensitive portions of memory compromising applications Crash, failed execution, running of malicious code on application Controls Enforce boundary checks Educate programmers Use Java code o SQL injection attacks Malicious SQL commands are passed into web applications via user inputs Web application malfunction, user impersonation, loss of sensitive data Controls Reject known bad data/characters Accept only valid data Cleaning bad data Use parameterized SQL Minimize privileges of database application user o Improper error handling Access Controls Access control is a major type of general control, but also can be implemented at application level Mitigates risk of
More Less

Related notes for ACTG 4620

Log In


Join OneClass

Access over 10 million pages of study
documents for 1.3 million courses.

Sign up

Join to view


By registering, I agree to the Terms and Privacy Policies
Already have an account?
Just a few more details

So we can recommend you notes for your school.

Reset Password

Please enter below the email address you registered with and we will send you a link to reset your password.

Add your courses

Get notes from the top students in your class.