Internet security
1 / 19

Internet & Security - PowerPoint PPT Presentation

  • Uploaded on

Internet & Security. Information Systems Today Jessup & Valacich, Chapter.6 . How the Internet Works – Web Addresses & Domains. Domain Identifies the Website (host) Comes in many suffixes such as: .edu (educational institutions) .org (organizations; non-profit) .mil (military)

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Internet & Security' - cissy

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Internet security

Internet & Security

Information Systems Today

Jessup & Valacich, Chapter.6

How the internet works web addresses domains
How the Internet Works – Web Addresses & Domains

  • Domain

  • Identifies the Website (host)

  • Comes in many suffixes such as:

    • .edu (educational institutions)

    • .org (organizations; non-profit)

    • .mil (military)

    • .net (network organizations)

  • Example:

  • IP Address

  • Each domain is associated with one or more IP addresses

  • Format: a 32-bit address written as 4 numbers (from 0-255) separated by periods

  • Example:

  • (URL) Uniform Resource Locator

  • Identifies particular Web pages within a domain

  • Example:

How the internet works managing the internet
How the Internet Works – Managing the Internet

  • Domain Name System (DNS)

  • Maintained by the Internet Registry

  • Used to associate hosts or domains with IP addresses

  • InterNic Registration Service

  • Assigns Internet Domains and IP addresses

  • Internet Corp. for Assigned Names and Number (ICANN) has responsibility for managing IP Addresses, domain names, and root server system management

World wide web
World Wide Web

  • Hypertext:

  • A Web page stored on a Web server

  • Contains information and links to other related information (hyperlinks)

  • HTML (Hypertext Markup Language)

  • A standard method used to specify the format of Web pages

  • Uses codes/tags which stipulate how the content should appear to the user

  • Web Browser

  • A software program used to locate and display Web pages

  • Includes text, graphics, and multimedia content

World wide web1
World Wide Web

  • HTTP (Hypertext Transfer Protocol)

  • A protocol used to process user requests for displaying Web pages from a Web server

  • Web Servers

  • A special computer that is specifically designed to store and “serve up” Web pages

  • This machine contains special hardware and software to perform its many specialized functions

How the internet works packet switching
How the Internet Works – Packet Switching

  • Packet Switching

  • Allows millions of users to send large and small chucksof data across the Internet concurrently

  • Based on the concept of turn taking, packets from each user are alternated in the shared network (below)

  • Networks connected to the Internet use this concept

How the internet works tcp ip routers
How the Internet Works – TCP/IP & Routers

  • TCP – Transmission Control Protocol

  • Breaks information into small chucks called data packets

  • Manages the transfer of the packets from computer to computer

  • Reassembles data packets into a message at the destination

  • IP – Internet Protocol

  • Controls how data packets are formed

  • Addresses each packet with the source and destination address

  • A data packet conforming to the IP spec is called an IP datagram

  • Routers

  • Connect one network to another

  • Identify each device on a network as unique using IP protocol

  • Serve as the “Traffic Cop” directing packets to their destination

Example: Sending a message from Computer A to D


Reads IP Address of packet, routes message to Network 2 and Computer D

(Computer A)

TCP - Breaks message

into data packets

IP - Adds address of

destination Computer D

(Computer D)

TCP - Checks

for missing packets,

reassembles message,

discards duplicate


Information system security
Information System Security

IS Security

Precautions taken to keep all aspects of information systems safe from unauthorized use access

  • Managerial Methods

  • Several techniques are commonly used to manage information systems security:

    • Risk Assessment

    • Controlling Access

    • Organizational Policies and Procedures

    • Backups and Recovery

Security Resources

A number of organizations exist to raise awareness, research, develop standards, and advise on solutions for Internet security (e.g. CERT/CC, CSD, CSIT)

Information system security managerial techniques
Information System Security – Managerial Techniques

  • Assessing Risk

  • Security Audit identifies all aspects of information systems and business processes that use them

  • Risk Analysis assesses the value of assets being protected

  • Alternatives based on Risk Analysis:

    • Risk Reduction – implementing active counter measures to protect systems (e.g. firewalls)

    • Risk Acceptance – implementing no counter measures

    • Risk Transference – transferring risk…buying insurance

  • Controlling Access

  • Keeping information safe by only allowing access to those that require it to do their jobs

  • Authentication – verifying identity before granting access (e.g. passwords)

  • Access Control – Granting access to only those system areas where the user is authorized (e.g. accounting)

Information system security managerial techniques1
Information System Security – Managerial Techniques

  • Organizational Policies and Procedures

  • Acceptable Use Policies – formally document how systems should be used, for what, and penalties for non-compliance

  • Backups and Disaster Recovery

  • Backups – taking periodic snapshots of critical systems data and storing in a safe place or system (e.g. backup tape)

  • Disaster Recovery Plans – spell out detailed procedures to be used by the organization to restore access to critical business systems (e.g. viruses or fire)

  • Disaster Recovery – executing Disaster Recovery procedures using backups to restore the system to the last backup if it was totally lost

State of is security security threats technologies
State of IS Security - Security Threats & Technologies

  • Security Threats

  • Today we hear about many security breaches that affect organizations and individuals. Some recently in the news:

  • Identity Theft – gaining access to some ones personal information allowing them to imitate you (stolen laptop)

  • Denial of Service – attacks on websites using zombie computers that overwhelm the site and shuts it down

  • Others: Spyware, Spam, Wireless Access, Viruses

  • Security Technologies

  • Companies and research organizations continue to develop and refine technologies to prevent security breaches. Some Include:

  • Firewalls

  • Biometrics

  • VPN and Encryption

Is security technology
IS Security: Technology


A system of software, hardware or both designed to detect intrusion and prevent unauthorized access to or from a private network

  • Firewall Techniques

  • Packet Filter – examine each packet entering and leaving network and accept/reject based on rules

  • Application Level Control – Performs certain security measures based on a specific application (e.g. file transfer)

  • Keyword based filtering

  • Destination (URL) based filtering

    • Certain URLs not permitted (OR)

    • Certain URLs only are permitted

Security threat spyware spam and cookies
Security Threat: Spyware, Spam, and Cookies

  • Spyware

  • Any software that covertly gathers information about a user through an Internet connection without the users knowledge

  • Problems: uses memory resources, uses bandwidth, and can cause system instability

  • Prevention: Firewalls and Spyware software

  • Spam

  • Electronic junk mail or junk newsgroup postings usually for purpose of advertising for some product and/or service

  • Problems: nuisance, wastes time deleting, uses storage

  • Prevention: Spam Blocker software

  • Cookies

  • A message passed to a browser from a Web server. Used by legitimate programs to store state and user information

  • Problems: can be used to track user activities

  • Prevention: browser settings, firewall

Security technology biometrics
Security Technology: Biometrics

  • Biometrics

  • A sophisticated authentication technique used to restrict access to systems, data and/or facilities

  • Uses biological characteristics to identify individuals such as fingerprints, retinal patterns in the eye, etc. that are not easily counterfeited

  • Has great promise in providing high security

Security threat access to wireless
Security Threat: Access to Wireless

  • Unauthorized Access to Wireless Networks

  • With the prevalence in use of wireless networks this threat is increasing

  • Problems - Drive-by hacking an attacker accesses the network, intercepts data from it, and can use network services and/or sends attack instructions without entering the building

  • Prevention - Encryption between network and user devices

Security technology vpn and encryption
Security Technology: VPN and Encryption

  • VPN (Virtual Private Network)

  • Called a secure tunnel

  • Dynamically generated network connection to connect users or nodes

  • This approach uses both authentication and encryption

  • Used extensively for remote access by employees

  • Encryption

  • The process of encoding messages before they enter the network or airwaves, and then decoding at the receiving end

  • Public Key - known and used to scramble messages (SSL)

  • Private Key - not known and used by receiver to descramble

  • Certificate Authority – a third party that issues keys

Security threat viruses
Security Threat: Viruses


Programs that can attack a computer and/or a network and delete information, disable software, use up all system resources, etc.

Prevention Steps:

AntiVirus software: install this software which is designed to block all known viruses and offers automatic or manual updates to virus patterns to block future viruses

No Disk Sharing – Viruses can be transferred to clean computers by inserting disks containing infected files

Delete Suspicious Email Messages – Do not open suspicious e-mail messages…Delete Only!

Report Viruses – If you get a virus, report it to you network administrator immediately!