Download - ISNE101 Dr. Ken Cosh Week 14. This Week Challenges (still) facing Modern IS Reliability Security
ISNE101Dr. Ken Cosh
Week 14
This Week
Challenges (still) facing Modern IS
Reliability
Security
Reliability
Redundancy is the Key!
Spare components
Components running in parallel
Triple Modular Redundancy
Identify unreliable components and arrange back ups.
UPS
Multiple ISPs
Security
Data stored digitally & transmitted through networks == Greater security threats.
After all digital data can be copied more easily
Security Threats
Unauthorised AccessErrorsViruses/WormsSpyware
TappingSniffingMessage AlterationTheft/Fraud
HackingVandalismDoS attacksTheft/Copy DataHardware/Software
Failure
Malware (Malicious Software):Viruses / Worms / Trojans / Spyware
Virus
Display message -> destroying data
Spread by human action;
i.e. sending infected email, or copying a file
Worms
Don’t need human action;
Copy themselves across network on their own.
Destroy data / Disrupt network
Malware (Malicious Software):Viruses / Worms / Trojans / Spyware
Trojan Horses Software appears benign, but then does something
unexpected Doesn’t replicate (so not a virus), but may facilitate viruses
Spyware Program installs itself and then serves up advertising Keyloggers record all keystrokes – including passwords /
CC numbers etc. Some spyware uses up memory / redirect search
requests / reset browser home page
Hackers & Computer Crime
Objective: to gain unauthorised access
Steal information
System damage
Cybervandalism
Defacing websites
Spoofing / Sniffing
Spoofing Masquerade as someone else
[email protected] Redirect you to similar webpage
www.hsbc.net Sniffing
Eavesdropping on data passed through a networkLegitimately to identify trouble spots / criminal activityBut also to steal information
V. difficult to detect
DoS Attacks
Denial of Service
DDoS – Distributed Denial of Service
Fake communications / requests submitted simultaneously through network to slow it down and prevent legitimate usages.
Identity Theft
Perhaps by Phishing
Asking users for confidential data through fake emails/websites
“Please update your records…”
Or Evil Twins
I could set up a “trustworthy” wifi network connection in a hotel lobby
Countering the Threats
Tight Security Policies
Access Control
Authentication
Password
Biometrics
Firewalls
Anti Virus
Encryption
Security Policies
Access Control Lists (ACL) Limit which users can do what (e.g. update websites)
Signed agreements for service When allowing users onto a network, normally they sign an
agreement, regarding terms of use. Noticeably none at Payap / CMU?
Policies could include, Regular password changes Whether personal use of service is permitted Antivirus updates
Can help against, external attacks, intrusion, virus / worms
Encryption
Encoding the contents of a transmission so it can’t be decrypted on route.
Symmetric-key encryption
Public / Private key encryption
Helps prevent interception.
Symmetric Key Encryption
Both sender and receiver use the same ‘code’ to encrypt and then decrypt a message. If I tell you to move each
character back two in the alphabet, and then send you this message;
Jgnnq Encuu Anyone who intercepts the
message gets nothing, but you are able to decrypt it.
More interesting patterns can be created to increase security. Substitution Transposition
Key:FANCY
Message:eatitnihmexnetmgmedt
Decoding