Assuring Reliable and Secure IT Services

Download Report

Transcript Assuring Reliable and Secure IT Services

Agendas
Chapter 5 (Recap)
Chapters 6 – Diverse IT Infrastructures
Case – The iPremier Company: Denial of Service Attack
1
Course Road Map
ISQS 5231
Business Impacts
Networked
Infrastructure
and Operations
Making Case for
IT
Internetworking
Infrastructure
IT and Strategy
Diverse IT
Infrastructures
IT and
Organization
Reliable and
Secure IT
Services
Extending the
Enterprise
Leadership
Issues
Management IT
Functions
Managing IT
Projects
Management IT
Outsourcing
Network Elements – LAN
LAN Topologies
3
Packet Switching
Chapter 6: Assuring Reliable and Secure IT Services

Reliability through redundancy


Tradeoff – complexity and cost
IS Security and Control

Malicious threats (download) – New Architecture for IntraDomain Network by Huang and Cao et al. (2006)
5
Chapter 6: Assuring Reliable and Secure IT Services
Managing Infrastructure Risk
6
Chapter 6: Assuring Reliable and Secure IT Services
Availability – Serial Processing
7
Chapter 6: Assuring Reliable and Secure IT Services
8
Chapter 6: Assuring Reliable and Secure IT Services
Availability – Parallel Processing
(Reliability = 1 – Probability of failure)
9
Chapter 6: Assuring Reliable and Secure IT Services
10
Why Systems Are Vulnerable?
Telecommunications networks vulnerabilities
Why Systems Are Vulnerable?
Type of computer crimes and criminals
Hacker: An outside person who has penetrated a computer system, usually
with no criminal intent.
Cracker: A malicious hacker.
Social engineering: Getting around security systems by tricking computer
users into revealing sensitive information or gaining unauthorized access
privileges.
Cybercrimes: Illegal activities executed on the Internet.
Identify theft: A criminal (the identity thief) poses as someone else.
Cyberwar: War in which a country’s information systems could be paralyzed
from a massive attack by destructive software.
Virus: Software that can attach itself to (“infect”) other computer programs
without the owner of the program being aware of the infection.
IS Security and Control
Security Treats
Method
Definition
Virus
Secret instructions inserted into programs (or data) that are innocently ordinary tasks. The secret instructions may destroy or alter
data as well as spread within or between computer systems
Worm
A program that replicates itself and penetrates a valid computer system. It may spread within a network, penetrating all connected
computers.
Trojan horse
An illegal program, contained within another program, that ‘’sleep' until some specific event occurs then triggers the illegal
program to be activated and cause damage.
Salami slicing
A program designed to siphon off small amounts of money from a number of larger transactions, so the quantity taken is not
readily apparent.
Super zapping
A method of using a utility ‘’zap’’ program that can bypass controls to modify programs or data
Trap door
A technique that allows for breaking into a program code, making it possible to insert additional instructions.
Logic bomb
An instruction that triggers a delayed malicious act
Denial of services
Too many requests for service, which crashes the site
Sniffer
A program that searches for passwords or content in packet of data as they pass through the Internet
Spoofing
Faking an e-mail address or web-page to trick users to provide information instructions
Password cracker
A password that tries to guess passwords (can be very successful)
War dialling
Programs that automatically dial thousands of telephone numbers in an attempt to identify one authorized to make a connection
with a modem, then one can use that connection to break into databases and systems
Back doors
Invaders to a system create several entry points, even if you discover and close one, they can still get in through others
Malicious applets
Small Java programs that misuse your computer resource, modify your file, send fake e-mail, etc
Protecting the Digital Firm

Firewall screening technologies
Static packet filtering
 Network address translation
 Application proxy filtering


Intrusion detection systems
Scanning software
 Monitoring software

Security and Electronic Commerce
Encryption
 Authentication
 Message integrity
 Digital signatures
 Digital certificates
 Public key infrastructure (PKI)

Article Discussion (Team DIY – Take
Home)
The Myth of Secure Computing (Austin and Darby,
2003, HBR)
 Why senior executives often ignore the digital security
issue?
 According to the authors, what are the major treats to
digital security? Explain each of them.
 How to mitigate the risks in digital security? What is
the bottom-line?

16
IS Security and Control
Public key encryption (in a nutshell)
IS Security and Control
Digital certificates
Chapter 6: Assuring Reliable and Secure IT Services
Taxonomy of Networking Attacks
Adopted from Huang and Cao et al. {Communications of ACM, 49 (11), 2006}
19
Chapter 6: Assuring Reliable and Secure IT Services
Secure framework
Adopted from Huang and Cao et al. {Communications of ACM, 49 (11), 2006}
20