slide1 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Information Technology Security Issues PowerPoint Presentation
Download Presentation
Information Technology Security Issues

Loading in 2 Seconds...

play fullscreen
1 / 40

Information Technology Security Issues - PowerPoint PPT Presentation


  • 88 Views
  • Uploaded on

Topic 8. Information Technology Security Issues. Text Materials Chapter 8 – Protecting People and Information. IT Security Issues. The IT security issue. Different types/categories of Cybercrime and IT security threats. Some popular historical viruses and worms. Security Precautions.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Information Technology Security Issues' - edda


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

Topic 8

Information Technology Security Issues

Text Materials

Chapter 8 – Protecting People and Information

slide2

IT Security Issues

  • The IT security issue.
  • Different types/categories of Cybercrime and IT security threats.
  • Some popular historical viruses and worms.
  • Security Precautions.
slide4

IT Security Issues

Threats are escalating!

  • 90% of all businesses affected each year.
  • $17B+ annual cost.
  • 5%+ of IT budget.
slide5

U.S. Corporations Top Security Concerns

Data

Theft

Systems

Penetration

DoS

Attacks

Percent of respondents concerned in each category.

Source: Adapted from InfoWorld, November 16th, 2001

slide6

Financial Loss Areas

Note: In 2008, the most expensive incidents are still Financial Fraud, followed by Bots.

Source: Adapted from CSI/FBI Security Survey, 2002, 2007

slide7

Percent of Organizations Hit by Various Types of Breaches

Source: Adapted from CSI Security Survey, 2008

slide8

Post Incident Actions

Source: Adapted from CSI Security Survey, 2008

slide9

Percentage of IT Budget Spent on Security, Average 5%

Source: Adapted from CSI Security Survey, 2008

slide10

IT Security Issues

Intrusions, Not reported

Dollar Losses are soaring

FBI, $10B annual losses total-2002

Some estimates go much higher

503 Respondents

Cross-Section of Organizations

slide11

Profile of a Computer Criminal

  • Thousands and thousands of Web Sites
  • Easy to write

Business Week 2/21/2000

  • Male 19-30, no criminal record
  • Computer specialist, clerical, student, manager
  • Self confident, eager, energetic
  • High IQ, personable, creative
  • Egocentric
  • Ax to grind
  • Anti-establishment
  • Doesn’t view himself as a criminal

A substantial amount of technical knowledge.

Contempt of the law or feeling above the law.

Manipulative and risk-taking nature.

An active imagination.

Other Sources:Information Technology for Management, thinkquest.org & nsca.com

slide13

Identity Theft

Identity theft occurs when someone uses the personal information of another (i.e., name, date of birth, social security number, credit card numbers, bank account numbers, etc.), fraudulently and without permission. Criminals usually do this to obtain money or goods and services, but identity theft is also perpetrated to obtain false drivers’ licenses, birth certificates, social security numbers, visas and other official government papers.

Source: Motes, K. “Identity Theft”, http://www.odl.state.ok.us, December 27, 2002.

slide14

ID Theft - CNET News.comNovember 25, 2002, 2:34 PM PT

Calling it the largest such bust ever, the U.S. Attorney in Manhattan and the FBI apprehended an alleged ring of identity thieves, accusing three men of stealing tens of thousands of credit reports.

The ring is alleged to have operated over a period of three years, suspected of pilfering credit reports from the three major commercial credit reporting agencies and using that information to siphon funds from bank accounts and make fraudulent purchases. Authorities have accounted for $2.7 million in losses so far.

At the center of the scheme as outlined Monday by Justice Department and FBI officials is a help-desk employee of Teledata Communications (TCI), a company in Bay Shore, N.Y., that lets banks and other lenders access credit histories compiled by Equifax, Experian and TransUnion.

The TCI employee, Philip Cummings, stands accused of wire fraud and conspiracy in filching lenders' passwords and subscriber codes that let a network of identity thieves obtain tens of thousands of credit reports of more than 30,000 individuals.

TCI declined to comment.

The government has fingered two other defendants, Linus Baptiste and Hakeem Mohammed, in related cases.

"The defendants took advantage of an insider's access to sensitive information in much the same way that a gang of thieves might get the combination to the bank vault from an insider," Kevin Donovan, assistant director in charge of the FBI's New York field office, said in a statement. "But the potential windfall was probably far greater than the contents of a bank vault, and using 2lst century technology, they didn't even need a getaway car. Using the same technology, we determined what was done and who did it, proving that technology is a double-edged sword."

Experts on identity theft said the existence of such a ring was the natural by-product of the existing system of computerized credit information.

"This situation was a problem waiting to happen," said Linda Foley, executive director of the Identity Theft Resource Center in San Diego. "We know that there are many cases of computer breaches where information (is stolen) leading to identity theft."

Experts also blamed TCI and the credit agencies for their roles in the identity theft problem.

"How much screening did (Cummings) go through before being hired for the help desk?" Foley said.

A Gartner analyst pointed out the problem of too many low-level employees having access to consumers' personal information.

"The fact that lower-tier employees, people who don't have as high a degree of accountability, have access to such information is a problem, and it's one we see on a regular basis," Gartner analyst Doug Barbin said.

Among the TCI clients whose passwords and subscribers codes the identity thieves used are Ford Motor Credit's Grand Rapids, Mich., branch; Washington Mutual Bank in St. Augustine, Fla.; Washington Mutual Finance in Crossville, Tenn.; Dollar Bank in Cleveland; and Central Texas Energy Supply.

slide15

Linus Baptiste

Hakeem Mohammed

“Hi, I’m Philip, may I help you?”

slide20

(3) Basic Categories of Threats

  • Network Attacks
  • Intrusions
  • Malicious Code
slide21

R

Increased Opportunity

for Data Interception > 10X

Public Network

Data Interception: Old Model Versus New Model

Private Network

slide22

1. Network Attacks

Slows Network Performance

Degrades Services

Often Does Not Breach Internal IT Workings

Can be Started by People with only Modest IT Skills

slide23

DoS Attack

  • Denial of Service Attack
  • Easy to Mount
  • Difficult to Defend Against
slide24

Denial of Service Attack

High Threat

  • $$$
  • Lost commerce
  • Image
  • Users are denied service to a server
  • Can tie up an organization’s network

IP Packet

111.111.11.33

212.212.75.86

Message/Request

Source

Address

Destination

Address

slide25

Normal Service

111.111.11.33

212.212.75.86

IP Packet

111.111.11.33

212.212.75.86

Message/Request

Source

Address

Destination

Address

slide26

Denial of Service Attack

111.111.11.33

212.212.75.86

IP Packet

Bogus.bogus.bogus

212.212.75.86

Message/Request

Source

Address

Destination

Address

slide29

Love Bug Virus

May 4th, 2000 45 Million Users

300,000 Internet host computers

E-Mail Replication

VBScript

Program

Characteristics:

Wide-Spread

Deletes Files

Replicates

Changes Home Page

slide30

Anna Kournikova Virus

February 12th, 2001

E-Mail Replication

VBScript

Program

Characteristics:

Replicates attachment

slide31

Slammer / Sapphire Worm

January 25th, 2003 100,000+ Servers

Buffer Overflow

Network Outages involving:

* Airline flights & ATM’s

* Internet backbone disruption – S. Korea

Random Scanning

Buffer

Originating

Computer

Vulnerable Server

Port 1434

Characteristics:

Wide-Spread Attacked specific port

Smallest, efficient, 376 bytes Easy to detect

Filled Internet Bandwidth, Overloaded Networks Random, went after every server

Very Rapid Spread, doubling time 8 seconds Took DB Servers out of operation

Did not destroy files

slide32

Security Precautions and Recommendations

  • Firewalls
  • Access Logs
  • Anti-virus software
  • Access Authentication
  • Encryption
slide33

Security Precautions and Recommendations

Source: Adapted from CSI Security Survey, 2008

slide35

Access Logs

Access

Log