1 agendas chapter 5 (recap) chapters 6 – diverse it infrastructures case – the ipremier company:...
TRANSCRIPT
1
Agendas
Chapter 5 (Recap)
Chapters 6 – Diverse IT Infrastructures
Case – The iPremier Company: Denial of Service Attack
Course Road Map
3
Network Elements – LAN
LAN Topologies
Packet Switching
5
Chapter 6: Assuring Reliable and Secure IT Services
Reliability through redundancy Tradeoff – complexity and cost
IS Security and Control Malicious threats (download) – New
Architecture for Intra-Domain Network by Huang and Cao et al. (2006)
6
Chapter 6: Assuring Reliable and Secure IT Services
Managing Infrastructure Risk
7
Chapter 6: Assuring Reliable and Secure IT Services
Availability – Serial
Processing
8
Chapter 6: Assuring Reliable and Secure IT Services
9
Chapter 6: Assuring Reliable and Secure IT Services
Availability – Parallel
Processing(Reliability = 1 – Probability of
failure)
10
Chapter 6: Assuring Reliable and Secure IT Services
Telecommunications networks vulnerabilities
Why Systems Are Vulnerable?
Hacker: An outside person who has penetrated a computer system, usually with no criminal intent.Cracker: A malicious hacker.Social engineering: Getting around security systems by tricking computer users into revealing sensitive information or gaining unauthorized access privileges. Cybercrimes: Illegal activities executed on the Internet.Identify theft: A criminal (the identity thief) poses as someone else. Cyberwar: War in which a country’s information systems could be paralyzed from a massive attack by destructive software.Virus: Software that can attach itself to (“infect”) other computer programs without the owner of the program being aware of the infection.
Type of computer crimes and criminalsWhy Systems Are Vulnerable?
Method Definition
Virus Secret instructions inserted into programs (or data) that are innocently ordinary tasks. The secret instructions may destroy or alter data as well as spread within or between computer systems
Worm A program that replicates itself and penetrates a valid computer system. It may spread within a network, penetrating all connected computers.
Trojan horse An illegal program, contained within another program, that ‘’sleep' until some specific event occurs then triggers the illegal program to be activated and cause damage.
Salami slicing A program designed to siphon off small amounts of money from a number of larger transactions, so the quantity taken is not readily apparent.
Super zapping A method of using a utility ‘’zap’’ program that can bypass controls to modify programs or data
Trap door A technique that allows for breaking into a program code, making it possible to insert additional instructions.
Logic bomb An instruction that triggers a delayed malicious act
Denial of services Too many requests for service, which crashes the site
Sniffer A program that searches for passwords or content in packet of data as they pass through the Internet
Spoofing Faking an e-mail address or web-page to trick users to provide information instructions
Password cracker A password that tries to guess passwords (can be very successful)
War dialling Programs that automatically dial thousands of telephone numbers in an attempt to identify one authorized to make a connection with a modem, then one can use that connection to break into databases and systems
Back doors Invaders to a system create several entry points, even if you discover and close one, they can still get in through others
Malicious applets Small Java programs that misuse your computer resource, modify your file, send fake e-mail, etc
Security Treats
IS Security and Control
Firewall screening technologies Static packet filtering Network address translation Application proxy filtering
Intrusion detection systems Scanning software Monitoring software
Protecting the Digital Firm
Encryption Authentication Message integrity Digital signatures Digital certificates Public key infrastructure (PKI)
Security and Electronic Commerce
Article Discussion (Team DIY – Take Home) The Myth of Secure Computing (Austin
and Darby, 2003, HBR) Why senior executives often ignore the
digital security issue? According to the authors, what are the
major treats to digital security? Explain each of them.
How to mitigate the risks in digital security? What is the bottom-line?
16
Public key encryption (in a nutshell)
IS Security and Control
Digital certificates
IS Security and Control
19
Chapter 6: Assuring Reliable and Secure IT Services
Taxonomy of Networking Attacks
Adopted from Huang and Cao et al. {Communications of ACM, 49 (11), 2006}
20
Chapter 6: Assuring Reliable and Secure IT Services
Secure framework
Adopted from Huang and Cao et al. {Communications of ACM, 49 (11), 2006}