ISNE101 Dr. Ken Cosh Week 14. This Week Challenges (still) facing Modern IS Reliability Security.

ISNE101Dr. Ken Cosh

Week 14

This Week

Challenges (still) facing Modern IS

Reliability

Security

Reliability

Redundancy is the Key!

Spare components

Components running in parallel

Triple Modular Redundancy

Identify unreliable components and arrange back ups.

UPS

Multiple ISPs

Security

Data stored digitally & transmitted through networks == Greater security threats.

After all digital data can be copied more easily

Security Threats

Unauthorised AccessErrorsViruses/WormsSpyware

TappingSniffingMessage AlterationTheft/Fraud

HackingVandalismDoS attacksTheft/Copy DataHardware/Software

Failure

Malware (Malicious Software):Viruses / Worms / Trojans / Spyware

Virus

Display message -> destroying data

Spread by human action;

i.e. sending infected email, or copying a file

Worms

Don’t need human action;

Copy themselves across network on their own.

Destroy data / Disrupt network

Malware (Malicious Software):Viruses / Worms / Trojans / Spyware

Trojan Horses Software appears benign, but then does something

unexpected Doesn’t replicate (so not a virus), but may facilitate viruses

Spyware Program installs itself and then serves up advertising Keyloggers record all keystrokes – including passwords /

CC numbers etc. Some spyware uses up memory / redirect search

requests / reset browser home page

Hackers & Computer Crime

Objective: to gain unauthorised access

Steal information

System damage

Cybervandalism

Defacing websites

Spoofing / Sniffing

Spoofing Masquerade as someone else

[email protected] Redirect you to similar webpage

www.hsbc.net Sniffing

Eavesdropping on data passed through a networkLegitimately to identify trouble spots / criminal activityBut also to steal information

V. difficult to detect

DoS Attacks

Denial of Service

DDoS – Distributed Denial of Service

Fake communications / requests submitted simultaneously through network to slow it down and prevent legitimate usages.

Identity Theft

Perhaps by Phishing

Asking users for confidential data through fake emails/websites

“Please update your records…”

Or Evil Twins

I could set up a “trustworthy” wifi network connection in a hotel lobby

Countering the Threats

Tight Security Policies

Access Control

Authentication

Password

Biometrics

Firewalls

Anti Virus

Encryption

Security Policies

Access Control Lists (ACL) Limit which users can do what (e.g. update websites)

Signed agreements for service When allowing users onto a network, normally they sign an

agreement, regarding terms of use. Noticeably none at Payap / CMU?

Policies could include, Regular password changes Whether personal use of service is permitted Antivirus updates

Can help against, external attacks, intrusion, virus / worms

Encryption

Encoding the contents of a transmission so it can’t be decrypted on route.

Symmetric-key encryption

Public / Private key encryption

Helps prevent interception.

Symmetric Key Encryption

Both sender and receiver use the same ‘code’ to encrypt and then decrypt a message. If I tell you to move each

character back two in the alphabet, and then send you this message;

Jgnnq Encuu Anyone who intercepts the

message gets nothing, but you are able to decrypt it.

More interesting patterns can be created to increase security. Substitution Transposition

Key:FANCY

Message:eatitnihmexnetmgmedt

Decoding