Textbook Notes (290,000)
CA (170,000)
McMaster (10,000)
COMMERCE (2,000)
Chapter 8&13

COMMERCE 2KA3 Chapter Notes - Chapter 8&13: Phishing, Wardriving, Malware


Department
Commerce
Course Code
COMMERCE 2KA3
Professor
A L I R M O N T A Z E M I
Chapter
8&13

This preview shows pages 1-3. to view the full 12 pages of the document.
CHAPTER EIGHT – SECURING INFORMATION SYSTEMS
Systems Vulnerability and Abuse
Security: policies, procedures, technical measures used to prevent unauthorized
access, alteration, theft, physical damage
Controls: methods, policies, organizational procedures that ensure safety of
organization’s assets
Why Systems Are Vulnerable
Large amounts of data stored in electronic form are more vulnerable than when
stored in manual form
Info systems in different locations are interconnected
Unauthorized access, abuse, fraud can occur at any access point in network
People capable of penetrating corporate systems can destroy/alter corporate data
stored in databases or files
Computer systems can be disrupted by:
oCriminal acts
oImproper use
oErrors in programming
oPower failures, floods, fires, etc.
Mobile devices increase risk because can be lost or stolen
Internet Vulnerabilities:
oInternet makes info systems even more vulnerable to actions from
outsiders
oMore open to penetration by outsiders because use fixed internet address
oFixed internet address creates a fixed target for hackers
oHackers can listen in to VoIP conversations since public internet is not
encrypted
oVulnerability increased due to widespread of email, IM, file-sharing
oGmail and Hotmail do not have same level of security as corporate email
systems
Wireless Security Challenges:
oBluetooth and Wi-Fi networks are susceptible to hacking by eavesdroppers
oHackers can use tools to detect unprotected networks, monitor network
traffic and gain access to corporate networks
oWireless networks in most locations cannot protect against war driving
oWar driving: eavesdroppers drive by buildings or park outside and try to
intercept wireless network traffic
oCan also gain access by using correct SSID (service set identifier)
oWEP protection for Wi-Fi networks (requires password) can easily be
decrypted by hackers
oWPA2 has stronger encryption and authentication but must be installed
Malicious Software: Viruses, Worms, Trojan Horses, Spyware

Only pages 1-3 are available for preview. Some parts have been intentionally blurred.

Malware: malicious software programs
Computer virus:
oRogue software program that attaches itself to other software
programs/data files without user permission
oSpread from computer to computer when some action is taken (ex. email
sent)
Worms:
oIndependent computer programs that copy themselves form one computer
to another computer over a network
oCan operate on their own without attaching to other computer programs
oCan destroy data/programs or halt operations of networks
Trojan horse:
oSoftware program that looks benign but does something unexpected
oNot a virus itself
oA way for viruses to be introduced into a computer system
SQL injection attacks:
oLargest malware threat
oTakes advantage of vulnerabilities in poorly coded web application
software
oIntroduces malicious program code into companys systems and networks
Keyloggers record every keystroke made on a computer to:
oSteal serial numbers from software
oLaunch internet attacks
oGain access to email accounts
oObtain passwords to protected computers
oPick up credit card numbers
Hackers and Computer Crime
Hacker: individual who intends to gain unauthorized access to a computer system
Cybervandalism: intentional disruption, defacement, destruction of a web site
Spoofing and Sniffing:
oHackers attempt to hide true identity by using fake email address
oMay redirect a web link to an address different from intended one
oDirect customers to fake website that looks almost like true site
oCan steal sensitive customer info
oSniffer: type of eavesdropper program that monitors info travelling over
network
oGood people use sniffers to help identify troubles spots or criminal
activity on networks
oCriminals use sniffers to steal emails, company files, confidential reports
Denial-of-Service Attacks:
oDenial-of-service (DoS) attack: hackers flood network with many false
communications/requests for service to crash network

Only pages 1-3 are available for preview. Some parts have been intentionally blurred.

oDistributed denial-of-service (DDoS) attack uses numerous computers to
overwhelm network from numerous launch points
oCause website to shut down making it impossible for legitimate users to
access site
oThis is very costly for e-commerce sites
Computer Crime:
oMost hacking activities are criminal offences
oMost economically damaging kinds of compute crime are DoS attacks,
introducing viruses, theft of services, disruption of computer systems
Identity Theft:
oImposter obtains key pieces of personal info to impersonate someone else
oE-commerce sites are rich sources of customer personal information
oPhishing: setting up fake websites that look like legitimate businesses to
ask users for confidential personal data
oEvil twins: wireless networks that pretend to offer trustworthy connections
to internet to capture passwords/credit card numbers
oPharming: redirects users to bogus web page even when individual types
correct web page address into browser
Click Fraud:
oAdvertisers pay a fee for each time someone clicks on their ad
oClick fraud: individual or computer program fraudulently clicks on an
online ad without any intention of learning more about ad
oSome companies hire third parties to click on a competitor’s ads to
weaken them by driving up marketing costs
Global Threats: Cyberterrorism and Cyberwarfare:
oCybercriminals can operate and do harm from anywhere in the world
oTerrorists may use internet to attack
oEx. attack software that runs electrical power grids, air traffic control
systems, networks of banks, etc.
Internal Threats: Employees
Employees have access to privileged info and are able to roam through systems
without leaving a trace
Lack of knowledge is greatest cause of network security breaches (ex. employees
forget passwords or allow co-workers to use them)
Social engineering: intruders trick employees into revealing their passwords by
pretending to e legitimate members of company
Software Vulnerability
Growing complexity of software programs and demands for timely delivery to
markets have increased software flaws
Major problem with software is presence of hidden bugs
Virtually impossible to eliminate all bugs from large programs
Fully testing programs would require thousands of years
You're Reading a Preview

Unlock to view full version