Professional Documents
Culture Documents
Securing Information Systems
Securing Information Systems
MALICIOUS SOFTWARE
A computer virus is a rogue software program that attaches itself to other software programs or data files in order to be executed, usually without user knowledge or permission. Worms are independent computer programs that copy themselves from one computer to other computers over a network Worms spread more rapidly than viruses
Trojan horse is a software program that appears to be benign but then does something other than expected. Key Loggers record every keystroke made on a computer to steal serial numbers for software, to launch internet attacks to gain access to email accounts, to obtain passwords or to pick up personal information such as credit card numbers.
Identity theft is a crime in which an imposter obtains key pieces of personal information to impersonate someone else. Evil twins are wireless networks that pretend to offer trustworthy Wi-Fi connections to the internet Pharming-redirects users to a bogus web page, even when the individual types the correct web page address into his or her browser
Click fraud-pay per click online advertising Cyberterrorism and Cyberwarfare Intruders seeking system access trick employees into revealing their passwords by pretending to be legitimate members of the company in need of information. This practice is called Social Engineering To correct software flaws once they are identified, the software vendor creates small pieces of software called patches. Eg-Microsofts XP service pact 2
Access Control
Access control consists of all the policies and procedures a company uses to prevent improper access to systems by unauthorized insiders and outsiders Authentication refers to the ability to know that a person is who he or she claims to be. Token, Smart Card, Biometric authentication
Firewalls
Firewall is a combination of hardware and software that controls the flow of incoming and outgoing network traffic. Placed between the organizations private internal networks and distrusted external network
2 methods of encryption: Symmetric key encryption the sender and receiver establish a secure internet session by creating a single encryption key and sending it to the receiver so both the sender and receiver share the same key Public key encryption uses 2 keys one shared and one totally private. Keys are mathematically related so that data encrypted with one key can be decrypted using only the other key