Security Threats in the Information Age MBAA 609 R. Nakatsu
Case Study: Mat Honan gets attacked “In the space of one hour, my entire digital life was destroyed. First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. And worst of all, my AppleID was broken into, and hackers used it to remotely erase all of the data on my iPhone, iPad, and MacBook.” Read the complete Wired article here. This is an example of social engineering.
Two-Factor Authentication When using cloud-based services, use two-factor authentication whenever possible. Three Factors are: • What you know (e.g., password) • What you own (e.g., cellphone) • Who you are (e.g., biometric authentication) See Google two-factor authentication example.
Security Threats On The Internet • Denial of Service (DoS) Attacks: A web server is overwhelmed with requests for data in order to cripple the network. • What is a distributed denial of service (DDoS) attack? • Intrusions:Human hackers gain access to an organization’s internal IT systems. • How do they occur? • Malware (e.g., viruses, worms, spyware): malicious software programs that spread rapidly through computer systems, sometimes destroying or modifying data.
Specific Threats: Know the Terminology Phishing: Email fraud where the perpetrator sends out legitimate-looking emails to collect information about you, or download malware. Example: Cryptolocker Spyware:Program that hides on your system with the intent of collecting marketing information about you and your surfing habits, and/or displaying pop up ads on your screen (e.g., keyloggers capture and record your keystrokes). Drive-by Downloads: A program that is automatically downloaded to your computer—no action on your part is necessary!
A Multi-Pronged Approach to Securing Networks • Gateway security devices: these devices (e.g., firewalls and routers) protect the “front” door to the Internet, by comparing every bit of information going in and out of your network with a database of signatures. • Wireless security:encrypt your wireless transmissions. • Desktop security: install anti-virus/anti-malware on each computer.
The Internet Router Extranet Fire wall Intranet Server Fire wall Router Intranet Server Host System Gateway Security
The Need for Data Encryption • Every packet of data sent over the Internet traverses many public networks • At any step of the way, many people could have access to those packets. • The Internet can be used for transmitting highly confidential information such as credit card data or proprietary corporate data.
Data Encryption: The Basics Encryption is the process of encoding (or “scrambling”) information so that only authorized parties can read it. Plaintext: the “readable”, unencrypted message Encryption key: specifies how the message is encrypted Ciphertext: the “unreadable”, encrypted message. Public-key encryption: the encryption key is public for anyone to use and encrypt messages. The decryption key is private—only the receiving party can decrypt, or unscramble messages. Questions: Where do we see encryption today? What happened in the Target security breach?
Other IT Solutions • Have a backup strategy • Practice good digital hygiene • Transaction log: a log of all changes applied to a database in chronological order • Creation of a DMZ (de-militarized zone): place a proxy server in this zone.
Have a Back Up Strategy! Disk drives fail: don’t be surprised if this happens to you! • 3-2-1 Strategy: Have at least three copies of your data, on at least two separate media storage devices, at least one copy offsite. • Cloud-based services like Carbonite, and Dropbox offer affordable and convenient offsite, “cloud” storage. • Create a disk image (e.g., timemachine on the Mac, superduper, drivesnapshot.de, among other programs)
Digital hygiene means practicing safe behaviors on the Internet • Don’t open email attachments from strangers; be careful even if it’s from someone you know. • Update your OS regularly. • Don’t click links in email. That link could lead you to a phishing site, or the link may lead you to install malicious software. • Don’t download files from places you aren’t absolutely sure are safe. Stick with the well known sites. • Use a firewall. The best firewall is a hardware router. • Run as a limited user; do not run as an administrator. Here’s an articleon how to require a password as an administrator.
Transaction Log Transaction records contain: • Transaction identifier • Time of transaction • Type of transaction (e.g., read, insert, update, delete, abort) • Identifier of data item affected • Before-image of the data item • After-image of the data item From the transaction log, you can re-create a database up to a given point in time.
Network Diagram of a DMZ DMZ: the area between the two firewalls—neither a part of the internal network nor the public Internet.