chap 7 IS 3003

  1. Information is an organization asset, it must be protected
    • security-policies , procedures, technical measures used to prevent unauthorized access, alteration, theft, or physical damages to info systems.
    • protection of info from accidental or intentional misuse by persons inside or outside the organization.

    controls-methods, policies, and organizational procedures that ensure safety's organizations assets; accuracy and relability of its accounting records, and operational adherence to management standards.
  2. why are systems vulnerable
    hardware problems-breakdowns, configuration errors

    software problems - programming errors, installation errors, unauthorized changes

    disasters-power failures,flood fires, and so one

    use of computers and networks outside of firms control-domestic or offshore outsourcing vendors

    • internet vulnerablities-email used for trade secrets
    • IM messages lack security, intercepted
  3. why are systems vulnerable?

    wireless security challenges
    radio frequency bands easy to scan

    • -SSID (secuirty set identifiers)
    • identity access points
    • broadcast multiple times

    • -War Driving-
    • -eavesdroppers drop by buildings and try to intercept and network traffic.
    • -when hacker gains access to SSID, has acces to networks resources

    • WEP (Wired Equivalent Privacy)
    • -security standard for 802.11
    • -basic specification uses shared passwords for both users and acces points
    • -users often fail to use security features
    software written with malicious intent to cause annoyance or damage to computer system or network

    examples: worms , viruses, trojan horse, spyware
    • -rogue sw program that attaches itself to other sw program or data files to be executed
    • -when the program or operating system containing the virus is used, the virus attaches itself to other files and spreads.
    • -seriousness of damage virus
    • -virus hoaxes can also cause damage
    • -usually given names,
    • i love you, michaelangelo
  6. WORMS
    • -independent programs that can spread themselves without having being attached to a host program
    • -travel from computer to computer in a network
    • -replicates to full blwon version that eats up computing resources, slwoing halting system.
    • -well known worms
    • CODE RED, Melissa, Sasser, Conficker
    • -sw program that begins okay but then does something other than expected.
    • -contains code to disrupt a computer, network or website
    • -malicious code hides inside a popular program or a program that appears to be useful
  8. Spyware
    -secretly gathers info about users while they browse the web; can come hidden from free downloads and tracks online movements, mines the info stored on a computer, or the computers CPU or storage from the task the user knows nothing about.

    • -Can collect info different ways
    • sale of info-to online marketers
    • illegal uses-such as identity theft
    • Modify user in experience-to market to the user by presenting and banners, pop-ups, etc

    -intstall anitvirus or antispyware software
    • -monitor and records keystrokes and mouse clicks
    • -sometimes used by companys to track employees use of email or Internet
    • -can be used for malicious purposes

    -some antivirus or antispyware programs protect against keyloggers
  10. Spoofing
    • -misrepresenting oneself by using fake email addresses or masquerading as someone else
    • -attempting to gain access to a network or data by posing as authorized user to find sensitive info
    • -often involves returning the forge address of an email so that the message appears to come from someone other than the actual spender
    • -may be used spam of phising attempts
    • -redirecting a web link to an address different from the intended one.
  11. Sniffer
    • -type of eavesdropping program that monitors info traveling over a network
    • -sw used to capture and record network traffic
    • -can be used for legitamate purposes to help identify potential network trouble spots,monitor network performance, or spot criminal activity
    • -often used by hackers to intercept info
  12. DOS
    denial of service attack
    • -floods a network or server with thousands of false service requests.
    • prevents legitamate users access to the system

    -often targets internet servers

    • -DDOS distributed denial of service attack
    • hundreds of thousands computers work together to bombard a website with thousands of requests for information in a short period
    • -difficult to trace

    -botnets-networks of zombie pc's inflatrated by bot malware
  13. Phishing
    -a high tech scam in which an email requests the update or confirmation of sensitive personal information by masquerading as a legitamate request/web site.

    - fradulent emails that seem to come form legitamate resources

    -directs email recipients to false web sites in order capture private info
  14. variations of phising
    • pharming
    • redirects users to a bogus web page, even when individual types corrrects web page addresses into his or her browser

    evil twin-wireless networks that pretend to offer trustworthy wi fi connections to the internet.
  15. click fraud
    when individual or computer program fraudently clicks on online ad without any intention of learning more about the advertiser or making the purchase
  16. system perpertators

    security threats often orginate inside an organization
    insiders-legitamate users who purposely or accidentally misuse their acces to info or resources and cause some kind of business-affecting event.

    • inside knowledge
    • sloppy security procedures
    • -user lack of knowldege.
  17. system perpetrators

    people who very knowledgeable about computers who use their skill to invade other peoples computers

    -black hat hackers(crackers)

    • -white hat hackers(ethical hackers)
    • -script kiddies or bunnies
    • -hactivists
    • -cyberterrorists.
Card Set
chap 7 IS 3003
chap 7 IS 3003