ITM 102 Chapter Notes - Chapter 8: Web Server, Cybercrime, Records Management

29 views6 pages
Chapter 8- Securing Information Systems
System Vulnerability and Abuse
Security: Refers to the policies , procedures, and technical measures used to prevent
unauthorized access, alteration, theft, or physical damage to information systems
Controls: Methods, policies, and organizational procedures that ensure the safety of
the organizations assets, the accuracy and reliability of its records, and operational
adherence to management standards
Why Systems are Vulnerable
-When large amounts of data are stored in electronic form, they are vulnerable to many
more kinds of thats than when they existed in manual form
-Accessibility of networks
-Hardware problems(breakdowns, configuration, errors, damage from improper use or
crime
-Software problems(program errors, installation errors, unauthorized change)
-Disasters, use of networks/ computers outside of firms control
-Loss and theft of portable devices
Internet Vulnerabilities
-More vulnerable because they are open to virtually anyone
-Size of the internet means abuses can have wide impact
-Vulnerability has also increased from widespread use of e-mail, instant messaging, and
peer to peer file sharing profiles
Wireless Security Challenges
-Radio frequency bands are easy to scan
-Service Set Identifiers (SSIDs) that identify the access points in a Wifi network are
broadcast multiple times and can be picked up easily by intruders sniffer programs
War Driving: Eavesdroppers drive by buildings or park outside and try to intercept
wireless network traffic
-Users often fail to implement WEP or stronger systems
Malicious Software: Viruses, Worms, Trojan Horses, and Spyware
Malware: Malicious software programs (software that is intended to damage or disable
computers and computer systems)
Computer Virus: A rouge software program that attaches itself to other software
programs or data files in order to be executed, usually without user knowledge
-Can spread by email attachments
find more resources at oneclass.com
find more resources at oneclass.com
Unlock document

This preview shows pages 1-2 of the document.
Unlock all 6 pages and 3 million more documents.

Already have an account? Log in
Worms: Independent computer programs that copy themselves from computer program
from one computer to other computers over a network
-Can destroy data, programs and halt operation of computer networks
-Worm and viruses spread over the internet
-From files attached to e-mails ads, or IM
-Drive by downloads: consisting of malware that comes with a downloaded file that a
user intentionally or unintentionally requests
-Through blogs,wikis, and social networking sites
Trojan Horse: A software program that appears to be benign, but then does something
unexpected
-Often transports a virus into a computer system
SQL Injection Attacks: Takes advantages of vulnerabilities in poorly coded Web
applications software to introduce malicious program code into a company systems and
networks
Keyloggers: Record every keystroke made on a computer to steal serial numbers for
software, to launch Internet attacks, to gain access to e-mail accounts, to obtain
passwords protected computer systems
Hackers and Computer Crime
Hacker:An individual who intends to gain unauthorized access to a a computer system
Cracker: A hacker with criminal intent
Cybervandalism: The intentional disruption, defacement, or even destruction of a Web
site or corporate information system
Spoofing and Sniffing
Spoofing: Also may involve redirecting a Web link to an address different from the
intended one, with the site masquerading as the intended destination
Ex.Hackers redirecting customers to a fake Website that looks similar to the actual site
Sniffer: A type of eavesdropping program that monitors information travelling over a
network
-Enables hackers to steal proprietary information such as e-mail, company files, etc
Denial-of-Service Attacks
Denial-of-Service: Hackers flood a network server of Web server with many thousands
of false communications or requests for services to crash the network
Distributed Denial of Service: Attack uses many computer to inundate and overwhelm
the network from numerous launches
Often use Botnets
-Deliver 90% of world spam, 80%of world malware
find more resources at oneclass.com
find more resources at oneclass.com
Unlock document

This preview shows pages 1-2 of the document.
Unlock all 6 pages and 3 million more documents.

Already have an account? Log in

Get access

Grade+
$10 USD/m
Billed $120 USD annually
Homework Help
Class Notes
Textbook Notes
40 Verified Answers
Study Guides
1 Booster Class
Class+
$8 USD/m
Billed $96 USD annually
Homework Help
Class Notes
Textbook Notes
30 Verified Answers
Study Guides
1 Booster Class