Information is an organization asset, it must be protected
- security-policies , procedures, technical measures used to prevent unauthorized access, alteration, theft, or physical damages to info systems.
- protection of info from accidental or intentional misuse by persons inside or outside the organization.
-methods, policies, and organizational procedures that ensure safety's organizations assets; accuracy and relability of its accounting records, and operational adherence to management standards.
why are systems vulnerable
-breakdowns, configuration errors
- programming errors, installation errors, unauthorized changes
-power failures,flood fires, and so one
use of computers and networks outside of firms control
-domestic or offshore outsourcing vendors
- internet vulnerablities-email used for trade secrets
- IM messages lack security, intercepted
why are systems vulnerable?
wireless security challenges
radio frequency bands easy to scan
- -SSID (secuirty set identifiers)
- identity access points
- broadcast multiple times
- -War Driving-
- -eavesdroppers drop by buildings and try to intercept and network traffic.
- -when hacker gains access to SSID, has acces to networks resources
- WEP (Wired Equivalent Privacy)
- -security standard for 802.11
- -basic specification uses shared passwords for both users and acces points
- -users often fail to use security features
software written with malicious intent to cause annoyance or damage to computer system or network
examples: worms , viruses, trojan horse, spyware
- -rogue sw program that attaches itself to other sw program or data files to be executed
- -when the program or operating system containing the virus is used, the virus attaches itself to other files and spreads.
- -seriousness of damage virus
- -virus hoaxes can also cause damage
- -usually given names,
- i love you, michaelangelo
- -independent programs that can spread themselves without having being attached to a host program
- -travel from computer to computer in a network
- -replicates to full blwon version that eats up computing resources, slwoing halting system.
- -well known worms
- CODE RED, Melissa, Sasser, Conficker
- -sw program that begins okay but then does something other than expected.
- -contains code to disrupt a computer, network or website
- -malicious code hides inside a popular program or a program that appears to be useful
-secretly gathers info about users while they browse the web; can come hidden from free downloads and tracks online movements, mines the info stored on a computer, or the computers CPU or storage from the task the user knows nothing about.
-intstall anitvirus or antispyware software
- -Can collect info different wayssale of info-to online marketers
- illegal uses-such as identity theft
- Modify user in experience-to market to the user by presenting and banners, pop-ups, etc
- -monitor and records keystrokes and mouse clicks
- -sometimes used by companys to track employees use of email or Internet
- -can be used for malicious purposes
-some antivirus or antispyware programs protect against keyloggers
- -misrepresenting oneself by using fake email addresses or masquerading as someone else
- -attempting to gain access to a network or data by posing as authorized user to find sensitive info
- -often involves returning the forge address of an email so that the message appears to come from someone other than the actual spender
- -may be used spam of phising attempts
- -redirecting a web link to an address different from the intended one.
- -type of eavesdropping program that monitors info traveling over a network
- -sw used to capture and record network traffic
- -can be used for legitamate purposes to help identify potential network trouble spots,monitor network performance, or spot criminal activity
- -often used by hackers to intercept info
denial of service attack
-often targets internet servers
- -floods a network or server with thousands of false service requests.
- prevents legitamate users access to the system
- -DDOS distributed denial of service attackhundreds of thousands computers work together to bombard a website with thousands of requests for information in a short period
- -difficult to trace
networks of zombie pc's inflatrated by bot malware
-a high tech scam in which an email requests the update or confirmation of sensitive personal information by masquerading as a legitamate request/web site.
- fradulent emails that seem to come form legitamate resources
-directs email recipients to false web sites in order capture private info
variations of phising
- redirects users to a bogus web page, even when individual types corrrects web page addresses into his or her browser
wireless networks that pretend to offer trustworthy wi fi connections to the internet.
when individual or computer program fraudently clicks on online ad without any intention of learning more about the advertiser or making the purchase
security threats often orginate inside an organization
insiders-legitamate users who purposely or accidentally misuse their acces to info or resources and cause some kind of business-affecting event.
- inside knowledge
- sloppy security procedures
- -user lack of knowldege.
people who very knowledgeable about computers who use their skill to invade other peoples computers
-black hat hackers(crackers)
- -white hat hackers(ethical hackers)
- -script kiddies or bunnies