Top Banner
22-06-06 Unit 6 1 IT Management Unit 9 - Computer Crime & Backup and Recovery Identify the risks and controls required when a systems is exposed to the Web Identify risks and controls required to minimize exposure to the organization’s own staff Describe techniques commonly used to perpetuate computer crime. Identify the key elements in a comprehensive Backup/Recovery Plan
26
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: Unit 9: Computer Crime

23-04-08 Unit 6 1

IT Management

Unit 9 - Computer Crime & Backup and Recovery• Identify the risks and controls required

when a systems is exposed to the Web

• Identify risks and controls required to minimize exposure to the organization’s own staff

• Describe techniques commonly used to perpetuate computer crime.

• Identify the key elements in a comprehensive Backup/Recovery Plan

Page 2: Unit 9: Computer Crime

23-04-08 Unit 6 2

IT Management

Who Commits Computer Crimes?

• Disgruntled employees

• Opportunistic employees

• Hackers

• Common criminals

Page 3: Unit 9: Computer Crime

23-04-08 Unit 6 3

IT Management

Examples of Computer Crimes????

Page 4: Unit 9: Computer Crime

23-04-08 Unit 6 4

IT Management

Examples of Computer Crimes

• Theft – Hardware, software, money, proprietary ideas, unauthorized use, and time are stolen from businesses.

• Illegal Software – All software must be properly licensed.

• Viruses - Various programs that cause damage to data and/or steal computing resources.

• Denial of Service (DoS) - Usually done by a “worm” that propagates itself then sends requests to a specific host that overloads the network causing legitimate traffic not to get through.

Page 5: Unit 9: Computer Crime

23-04-08 Unit 6 5

IT Management

Examples of Computer Crimes

• Network Eavesdropping – gain access to proprietary information through wiretapping, internet scanning, wireless network scanning (data and voice);

• Scanners - Programs that “scan” the internet looking for security weaknesses. Ports are tested for – services available, users currently active, anonymous logins allowed, authentication loopholes.

• Password Crackers - Usually simple programs that try common passwords or letter/number combinations until right one is found.

Page 6: Unit 9: Computer Crime

23-04-08 Unit 6 6

IT Management

Examples of Computer Crimes

• Sniffers - Devices (hardware/software) that capture all packets of information on a network. Normal devices on the network hear all the traffic but only capture packets intended for them (with their IP address).

• Spoofing - A device pretends to be a “trusted” device. This is done by “cracking” the host’s configuration file of trusted devices. The “Spoofing” device then sends packets containing the sender address of a “trusted” device.

• Backdoors - Sometimes intentionally and sometimes unintentionally hardware and software components have a security flaw that allows unauthorized access.

Page 7: Unit 9: Computer Crime

23-04-08 Unit 6 7

IT Management

Examples of Computer Crimes

• Internal (Usually a programmer) - Data Diddling (change input data); Trojan horse (add extra code); salami techniques (taking small assets from large volume – like round up fraud); trap doors (code left in from debugging); logic bombs – set to go off under certain conditions .

Page 8: Unit 9: Computer Crime

23-04-08 Unit 6 8

IT Management

How do you prevent computer crime?

• Risk Assessment

o identify threats and vulnerabilities

o implement policies and procedures

o internet usage, software piracy, and proprietary information agreements signed by employees

Page 9: Unit 9: Computer Crime

23-04-08 Unit 6 9

IT Management

Your Turn - How do you prevent computer crime? Small groups: each gets one

1. Identify and Protect Physical Assets

2. Implement Appropriate Physical Security such as access, shredders, etc

3. User Security:account/passwords

4. User Security:need to know, security background chk

5. Program Deterrents: code review, file compares

6. Review Logs:network,security access violations

7. Review logs: internet usage, FTP

8. Network:firewalls

9. Network: DNS

10. Network: virus protection

11. Network:encryption, SSL

12. Network sniffers, isolate LAN from Internet

Page 10: Unit 9: Computer Crime

23-04-08 Unit 6 10

IT Management

Your Turn - How do you prevent computer crime?

Small Groups Answer:

Questions: 1. Describe what the control is in your own

words. 2. For each of the listed examples, explain

how this control deters crime.

Page 11: Unit 9: Computer Crime

23-04-08 Unit 6 11

IT Management

How do you prevent computer crime?• Identify & Protect Assets

o Tag Physical Assetso Inventory/Validate Assetso Security guards at entrances

• Implement Appropriate Physical Securityo Limited Access to Computer & Server

Rooms/Sign-in and Sign-out o Laptop Chainso Shredders for source code listings/sensitive datao Card access for buildings and secured rooms

within buildingso Lockup policies & facilities in place for sensitive

information

Page 12: Unit 9: Computer Crime

23-04-08 Unit 6 12

IT Management

How do you prevent computer crime?

• Implement User Security

o Group, Account, Password

o Enforce Password Change

o Enforce Password Length (at least 7 characters)

o Disable accounts after 3 attempts;

o Restrict access on need to know/use basis, particularly unrestricted access

o Perform security background checks on any employee with access to sensitive data

o Password protected screen savers after period of inactivity on PCs

Page 13: Unit 9: Computer Crime

23-04-08 Unit 6 13

IT Management

How do you prevent computer crime?

• Programmer Deterrents:

o Code reviewso Production control separate from programmingo Automated tools such as file compares to

pinpoint changeso Team programming (eXtreme Programming)

• Review Logs:

o Daily review security access logs for violationso Daily review network access logs for access

attemptso Daily review internet usage logso Daily review system usage logs

Page 14: Unit 9: Computer Crime

23-04-08 Unit 6 14

IT Management

How do you prevent computer crime?

• Protect Your Network Communicationso Locked services panels and server access o Use firewalls, virus scanners, etco Use non-public internet addresses internallyo Install software security releaseso Used leased line communications for sensitive

information transfero Encrypt emailo Internet – use SSL (socket level security

encryption) for secure transactionso Secure dial-up modemso Implement LANs not connected to the Internet

for particularly sensitive data (e.g., finance)o Use network sniffers to identify network traffic

Page 15: Unit 9: Computer Crime

23-04-08 Unit 6 15

IT Management

How do you prevent computer crime?

• Prosecute Criminals!

Resource: www.cerias.purdue.edu/hotlist/www.cert.orgwww.sans.org

Page 16: Unit 9: Computer Crime

23-04-08 Unit 6 16

IT Management

Your Turn - Backup and Recovery:

1. What factors will influence a company’s backup policy and procedures?

2. Backup schedules and methods will vary based on the different categories of software and files to be backed up.

a) What might some of these categories be? b) What factors will influence how often backup is

performed?

3. What type of situations would require a recovery from backup?

Page 17: Unit 9: Computer Crime

23-04-08 Unit 6 17

IT Management

Backup and Recovery:

What is backup and recovery? 

The ability to fully recover lost or damaged data and return operations to normal as quickly as possible.

What is backed up?

• databases

• application software

• system software

• user personal data

• client workstations

Page 18: Unit 9: Computer Crime

23-04-08 Unit 6 18

IT Management

Backup and Recovery:

When is recovery necessary?

• corruption of production databases or application software libraries;

• fallback from poorly tested implementations;

• problems with application software;

• disasters that make systems inoperable; and

• inquiries against archived data.

Page 19: Unit 9: Computer Crime

23-04-08 Unit 6 19

IT Management

Backup and Recovery:

Justification:

• How much will it cost for your system to be down?• • What does management considers an acceptable

amount of time to recover if the system is totally destroyed?

• What does management consider an acceptable amount of lost data that will have to be re-entered?

The lower the exposure the higher the cost.

Page 20: Unit 9: Computer Crime

23-04-08 Unit 6 20

IT Management

Backup and Recovery:

Strategy:

• Focus on what data, applications and configurations are required to conduct operations;

• Recommend alternate solutions to management for backup methods with acceptable risk;

• Prepare a management plan to keep the solution up to date; and

• Test all backup and recovery procedures to ensure they work.

Page 21: Unit 9: Computer Crime

23-04-08 Unit 6 21

IT Management

Backup and Recovery:

Guidelines:• Store backups off-site.• Copy to a separate medium e.g. to tape.• View the recovery from a business area

point of view.• Consider the many levels of recovery, from

a lost file to full-scale disaster recovery.• Copy data files after the online processing

prior to any batch updating takes place and after batch processing.

• Copy application software weekly and as major changes are made to the application software.

Page 22: Unit 9: Computer Crime

23-04-08 Unit 6 22

IT Management

Backup and Recovery:

Guidelines: (cont.)

• Define the number of backup files to be kept. The recommendation is:o Daily - 10 generations;o Weekly - 4 generations;o Monthly - 18 generations;o Annual - 7 generations; and o Paycycle - 24 generations

Page 23: Unit 9: Computer Crime

23-04-08 Unit 6 23

IT Management

Backup and Recovery:

Guidelines: (cont.)

• Implement procedures for creating reliable backups including:o Ensuring files are not in use by the

applications; o Verifying successful backup process;

and o Logging backup media appropriately.

Page 24: Unit 9: Computer Crime

23-04-08 Unit 6 24

IT Management

Backup and Recovery:

Guidelines: (cont.)

• Implement appropriate procedures for restoring files including:

o Selecting the proper data to be restored;

o Ensuring files are not in use by the applications; and

o Verifying successful restore process.

Page 25: Unit 9: Computer Crime

23-04-08 Unit 6 25

IT Management

Backup and Recovery:

Guidelines: (cont.)

• Implement appropriate procedures, technology, and automation for high availability critical applications/databases:o Database disk mirroringo Redundant fail-safe serverso Dual electrical power supply; a/c; heating; o Redundant ISP’s, alternate route

telecommunications paths & equipment

Page 26: Unit 9: Computer Crime

23-04-08 Unit 6 26

IT Management

Backup and Recovery:

Guidelines: (cont.)

• Implement appropriate procedures, technology, and automation for high availability critical applications/databases:o Online backups of software and data (such

as checkpoint/ restart from logs)o Hardware spareso Spread application load over multiple

servers and use load balancing hardware/software