ITM 102 Textbook Notes Chapters 8, 10-13

14 Pages
Unlock Document

Ryerson University
Information Technology Management
ITM 102
Vikraman Baskaran

ITM 102 Textbook NotesChapter 8Securing ISy After the September 11 attacks the US passed the Patriot Act giving American authorities the right to view personal data held by US organizations y Securityrefers to the policies procedures and technical measures used to prevent unauthorized access alteration theft or physical damage to IS y Controlsmethods policies and organizational procedures that ensure the safety of the organizations assets the accuracy and reliability of its records and operation adherence to management standards y Large public networks such as the Internet are more vulnerable than internal networks bc they are virtually open to anyone y Although the range of WiFi networks is only several 100 feet it can be extended up toof a mile using external antennae y LANs can be easily penetrated by outsiders armed with laptops wireless cards external antennae and hacking software y Service Set Identifiers SSIDs identifying the access points in a WiFi network are broadcast multiple times and can be picked up fairly easily by intruders sniffer programs y War Drivingeavesdroppers drive by buildings or park outside and try to intercept wireless network traffic y Malwaremalicious software programs that include a variety of threats such as computer viruses worms and Trojan horses y Computer Virusa rogue software program that attaches itself to other software programs or data files in order to be executed usually without user knowledgepermission y Wormsindependent computer programs that copy themselves from 1 computer to other computers over a network they destroy data and programs as ass as disrupt or even halt the operation of computer networksExample Frontal Ainstalls a corrupted file that causes phone failure and prevents the user from rebooting y Trojan Horsesoftware program that appears to be benign but then does something other than expected not a virus itself but a way for viruses or other malicious code to be introduced into a computer systemExample Pushdo Trojanuses electronic greetingcard lures in email to trick windows users into launching an executable program and once executed it pretends to be an Apache web server and tries to deliver executable malware programs to the infected windows machines y Spywaretechnology that aids in gathering information about a person or organization without their knowledge y Keyloggersrecord every keystroke made on a computer to steal serial s for software to launch Internet attacks to gain access to email accounts to obtain passwords to protected computer systems or to pick up personal information such as credit card s y Hackeran individual who intends to gain unauthorized access to a computer system y Cybervandalismintentional disruption defacement or even destruction of a website or corporate information systems y Spoofingattempts by hackers to hide their true identities by using fake email addresses or masquerading as someone else may involve redirecting a web link to an address diff from the intended 1 with the site masquerading as the intended destination y Sniffertype of eavesdropping program that monitors information travelling over a network y DenialofService DoS Attackhackers flood a network server or web server with many 1000s of false communications or requests for services to crash the network y Distributed DenialofService DDoSattack uses numerous computers to inundate and overwhelm the network from numerous launch points y Botnetgroup of computers that have been infected with bot malware without users knowledge enabling a hacker to use the amassed resources of the computers to launch distributed DoS attacks phishing campaigns or spam y Computer Crimeany criminal activity involving the copy of use of removal of interference with access to manipulation of computer systems andor their related functions data or programs y Identity Theftcrime in which an impostor obtains key pieces of personal information such as SINs drivers license s or credit card s to impersonate someone else y Phishinginvolves setting up fake websites or sending email messages that look like those of legitimate business to ask users for confidential personal data y Evil Twinswireless networks that pretend to offer trustworthy WiFi connections to the Internet such as those in airport lounges hotels or coffee shops y Pharmingredirects users to a bogus webpage even when the individual types the correct webpage address into hisher browser y Parliament addressed the threat of computer crime in 1985 with the Criminal Law Amendment Actmakes it illegal to access a computer system without authorization y Click Fraudoccurs when an individual or computer program fraudulently clicks on an online ad without any intention of learning more about the advertiser or making a purchase y Studies have found that user lack of knowledge is the single greatest cause of network security breaches y Social Engineeringmalicious intruders seeking system access sometimes trick employees into revealing their passwords by pretending to be legitimate members of the company in need of information y Bugssoftware program code defects main source is complexity of decisionmaking code y Studies have shown that it is virtually impossible to eliminate all bugs from large programs y Patchesrepair the flaws without disturbing the proper operation of the software y In 2002 the Ontario Legislature passed Bill 198 known as Canadian SOX CSOX in response to the US SarbanesOxley Actboth acts were designed to protect investors after the financial scandals at Enron WorldCom and other public companies y CSOXact passed by Parliament that imposes responsibility on companies and their managements to safeguard the accuracy and integrity of financial information that is used internally and released externally y Computer Forensicsscientific collection examination authentication preservation and analysis of data held on or retrieved from computer storage media in such a way that the information can be used as evidence in a court of lawIt deals with the following problems recovering data from computers while preserving evidential integrity securely storing and handling recovered electronic data finding significant information in a large volume of electronic data and presenting the information to a court of law
More Less

Related notes for ITM 102

Log In


Don't have an account?

Join OneClass

Access over 10 million pages of study
documents for 1.3 million courses.

Sign up

Join to view


By registering, I agree to the Terms and Privacy Policies
Already have an account?
Just a few more details

So we can recommend you notes for your school.

Reset Password

Please enter below the email address you registered with and we will send you a link to reset your password.

Add your courses

Get notes from the top students in your class.