Textbook Notes (290,000)
CA (170,000)
McMaster (10,000)
COMMERCE (2,000)
Chapter 8

COMMERCE 2KA3 Chapter Notes - Chapter 8: Machine-Readable Medium, Rogue Security Software, Sql Injection

Course Code

This preview shows pages 1-3. to view the full 9 pages of the document.
Commerce 2KA3
Chapter 8: Securing Information Systems
System Vulnerability and Abuse
Security: refers to the polices, procedures, and technical measures used to prevent
unauthorized access, alteration, theft, or physical damage to information systems
Controls: are methods, policies, and organizational procedures that ensure the safety of
the organization’s asset, the accuracy and reliability of its records, and operational
adherence to management standards
Large amounts of data in electronic form are more vulnerable than that which would be in
manual form. Through communications networks, information systems, in different
locations are interconnected. There is greater potential for unauthorized access, abuse, and
fraud, but it is not limited to a single location b/c its electronic
Threats can stem from technical, organizational, and environmental factors compounded
by poor management decisions. Users at the client level cause harm by introducing errors
or by accessing systems without authorization. Radiation can disrupt network
Internet and other large public networks are more vulnerable than internal networks
because they are open to anyone, thus the impact of a few can have effects on the many.
Computers are linked to the internet via cable models or digital subscriber lines (DSL) are
more open to penetration because their address is fixed unlike dial up where it is only a
temporary address.
Vulnerability has increased form widespread use of email, instant messaging, peer-to-peer
file sharing programs.
find more resources at oneclass.com
find more resources at oneclass.com

Only pages 1-3 are available for preview. Some parts have been intentionally blurred.

The Service Set Identifiers (SSIDs) that identify the access points in a Wi-Fi network are
broadcast multiple times and can be picked up fairly easily by intruders sniffer program.
War Driving: eavesdroppers drive by buildings or park outside and try to intercept
wireless network traffic. Once an intruder has associated with an access point by using the
correct SSID is capable of accessing other resources on the network
Malicious Software
Malware: a term used to refer to malicious software, and include a variety of threats such
as computer viruses, worms, and Trojan horses
Computer Virus: a rogue software program that attaches itself to other software programs
or data files in order to be executed, usually without user knowledge or permission. Viruses
deliver a payload such as displaying a message or image, or destroying data, clogging
computer memory, or reformatting a computer’s hard drive
Worms: are independent computer programs that copy themselves from one computer to
other computers over a network. Unlike viruses worms can operate on their own without
attaching to other computer program files and rely less on human behaviour in order to
spread from computer to computer
Drive-by downloads: consisting of malware that comes with a downloaded file that a user
intentionally or unintentionally requested
Trojan Horse: a software program that appears to be benign but then does some thing
other than expected. The Trojan horse is not itself a virus because it does not replicate, but
is often a way for viruses or other malicious code to be introduced into a computer system.
SQL injection attacks: have become a major malware threat. SQL injection attacks take
advantage of vulnerabilities in poorly coded web application software to introduce
malicious program code into a company’s system and networks.
Spyware: many users find this very annoying, and some critics worry about its
infringement on computer users’ privacy
Keyloggers: record every keystroke made on a computer to steal serial numbers for
software, to launch Internet attacks, to gain access to e-mail accounts, to obtain passwords
find more resources at oneclass.com
find more resources at oneclass.com

Only pages 1-3 are available for preview. Some parts have been intentionally blurred.

to protected computer systems, or to pick up personal information such as credit card
Hackers and Computer Crime
Hacker: is an individual who intends to gain unauthorized access to a computer system.
There are cracker is typically used to denote a hacker with criminal intent although, in
public press, the terms hacker and cracker are used interchangeably.
Cybervandalism: the intentional disruption, defacement, or even destruction of web site
or corporate information system.
Spoofing: also may involve redirecting a web link to an address different from the
intended one, with the site masquerading as the intended destination
Sniffing: a type of eavesdropping program that monitors information travelling over a
network. When used legitimately sniffers help identify potential network trouble spots or
criminal activity on networks, but when used for criminal purposes, they can be damaging
and difficult to detect
Denial-of-Services Attacks (DOS): hackers flood a network server or web server with
many thousand of false communications or requests for services to crash the network. The
network receives so many queries that it cannot keep up and thus cannot service legit
Distributed Denial of Service (DDOS): attack that uses many computers to inundate and
overwhelm the network from numerous launch points
Botnet: perpetrators of DDoS attacjs often use thousands of zombie PCs infected with
malicious software without their owners knowledge and organized into a botnet
Computer crime: most hacker activities are criminal offenses, and the vulnerabilities of
systems we have just described make them targets for other types of computer crimes as
find more resources at oneclass.com
find more resources at oneclass.com
You're Reading a Preview

Unlock to view full version