ics 434: computer and internet crime
DESCRIPTION
ICS 434: Computer and Internet crime. Aj. Thoranin Intarajak. Agenda. IT security incidents: A worsening problem. Type of attacks. Perpetrators. Reducing vulnerabilities. IT security incidents: A worsening problem. - PowerPoint PPT PresentationTRANSCRIPT
ICS 434: Computer and Internet crime
Aj. Thoranin Intarajak
Agenda.
IT security incidents: A worsening problem.
Type of attacks. Perpetrators. Reducing vulnerabilities.
IT security incidents: A worsening problem. The security of information technology
used in business is of utmost importance. Unfortunately, the number of IT-related
security incidents is increasing not only USA but also around the world.
Computer Emergency Response Team Coordination Center (CERT/CC) was established in 1988 at the software engineering institute Carnegie Mellon University in Pittsburgh, Pennsylvania to deal with these incidents.
IT security incidents: A worsening problem (cont).
Increasing Complexity Increases Vulnerability. Network, computers, operating
systems, applications, web site, switches, routers, and gateway are interconnected and driven by hundreds of millions of line of code.
IT security incidents: A worsening problem (cont). Higher Computer User Expectations.
Today, time mean money, and the faster that computer users can solve a problem, the sooner they can be productive.
Computer help desks are under intense pressure to provide fast responses to users’ questions.
Help desk personnel sometimes forget to verify users’ identities or to check whether they are authorized to perform a requested action.
IT security incidents: A worsening problem (cont).
Expanding and Changing Systems Introduce New Risks. Business has moved from an era of
stand-alone computers to network era. Businesses have moved quickly into e-
commerce, mobile computing, collaborative work groups, global business, and interorganizational information systems.
IT security incidents: A worsening problem (cont).
Increased Reliance on Commercial Software with Know Vulnerabilities. An exploit is an attack on an information
system that takes advantage of a particular system vulnerability.
Once the vulnerability is discovered, software developers quickly create and issue a “fix” or patch to eliminate problem.
Type of attacks.
Viruses. Worms. Trojan horses. Denial-of-Service (DoS) Attacks.
Type of attacks (cont). Viruses is a computer program that can
copy itself and infect a computer without permission or knowledge of the user.
True virus does not spread itself from computer to computer.
To propagate to other machines, virus must be pass on to other users through infected e-mail document attachments.
Type of attacks (cont). Worms is a self-replicating computer program. worm uses a network to send copies of itself to
other nodes (computer terminals on the network) and it may do so without any user intervention.
Unlike a virus, it does not need to attach itself to an existing program.
Worms almost always cause harm to the network, if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer.
Type of attacks (cont). Trojan horses is a piece of software
which appears to perform a certain action but in fact performs another such as a computer virus.
The Opanki worm disguised itself as a file coming from apple computer’s popular online iTunes music service.
It was distributed via an instant message that read “this picture never gets old.”
An unsuspecting user who clicked a link in the message would install the virus.
Type of attacks (cont).
Denial-of-Service (DoS) attacks is an attempt to make a computer resource unavailable to its intended users.
DoS is one in which a malicious hacker takes over computer on the internet and causes them to flood a target site with demands for data and other small tasks.
Perpetrators.
Hackers and crackers. Malicious Insiders. Industrial Spies. Cybercriminals. Cyberterrorists.
Perpetrators (cont).
Hackers and crackers. Hacker is someone involved in
computer security/insecurity, specializing in the discovery of exploits in systems or in obtaining or preventing unauthorized access to systems through skills, tactics and detailed knowledge.
Perpetrators (cont). Cracker is the act of breaking into a computer
system, often on a network. A cracker can be doing this for profit, maliciously, for
some altruistic purpose or cause, or because the challenge is there.
For example, in 2005, a cracker broke into ApplyYourself, an admissions management system used by many college and universities.
The cracker posted the procedure in a Business week online forum that more than 100 people used to gain access to the admission-decision page before the school intended it to be publish.
School officials identified the people who broke into the system and said that their actions would have a strong impact one the acceptance decision.
Perpetrators (cont). Malicious insiders is an adversary who
operates inside the trusted computing base, basically a trusted adversary.
Malicious insiders are extremely difficult to detect or stop because they’re often authorized to access the vary system they abuse.
Insiders are not necessarily employees; they can also be consultants and contractors.
Perpetrators (cont). Industrial spies use illegal means to obtain
trade secrets from competitions of their firm.
Tread secrets are most often stolen by insiders, such as disgruntled employees and ex-employees.
Industrial espionage can involve the theft of new product designs, production data, marketing information, or new software source code.
Perpetrators (cont). Cybercriminals is usually restricted to
describing criminal activity in which the computer or network is an essential part of the crime.
For example credit card fraud, to reduce the potential for online credit card fraud, most e-commerce website use some form of encryption technology to protect information as it comes in from the cunsumer.
Perpetrators (cont). Cyberterrorists is the leveraging of a target's
computers and information technology, particularly via the Internet, to cause physical, real-world harm or severe disruption of infrastructure.
Three years before 911 2001, U.S. government considered the thread of cyberterrorism serious enough that it established the National Infrastructure Protection Center.
This infrastructures include telecommunications, energy, banking and finance, water, government operations, and emergency services.
Successful cyberattacks on such targets could cause widespread and massive disruptions to society.
Reduce Vulnerabilities. Risk assessment.
An organization’s review of potential threats to its computers and network and the probability of those threats occurring.
Establishing a security policy. The good policy delineates responsibilities
and expected behavior by members of the organization.
A security policy outlines what need to be done, but not how to be do it.
Reduce Vulnerabilities (cont).
Educating employees, contractors, and part-time workers. They must be educated about the
importance of security so they will be motivated to understand and follow the security policy.
Reduce Vulnerabilities (cont). Prevention
Installing a corporate firewall is the most common security precaution taken by businesses.
Installing antivirus software or personal computers, antivirus software should be install on each user’s PC to regularly scan a computer’s memory and disk drives for viruses.
Reduce Vulnerabilities (cont).
Implementing safeguards against attacks by malicious insiders, corporate security managers believe some of their worst security branches come from corporate users who access information they are not authorized to see.
Addressing the most critical internet security threats, the overwhelming majority of successful computer attacks are made possible by taking advantage of well-known vulnerabilities.
Reduce Vulnerabilities (cont).
Verifying backup processes for critical software and databases, it is imperative to back up critical applications and data regularly.
Conducting periodic IT security audits, a security audit evaluates whether an organization has a well-considered security policy in place and if it is being followed.
Reduce Vulnerabilities (cont). Detection.
Intrusion detection systems, monitors system and network resources and activities, then notifies the proper authority when it identifies possible intrusions from outside the organization or misuse from within the organization.
Intrusion prevention systems, evolved from network intrusion detection systems, they work to prevent an attack by blocking viruses, malformed packets, and other threats from getting into the company network.
Reduce Vulnerabilities (cont).
Honeypots is to provide would-be hackers with fake information about a network by means of a decoy server to confuse them, trace them, or keep a record for prosecution.
Response Incident notification to define who to notify
and who not to notify. Protecting evidence and activity logs, an
organization should document all detail of a security incident as it works to resolve the incident.
Reduce Vulnerabilities (cont).
Incident containment, it is necessary to act quickly to contain ac attack and to keep a bad situation from becoming even worse.
Incident eradication, before the it security group begins the eradication effort, it must collect and log all possible criminal evidence from the system, and then verify that all necessary backups are current, complete, and free of any virus.
Reduce Vulnerabilities (cont).
Incident follow-up, an essential part of follow-up is to determine how the organization’s security was compromised so that it can be prevented from happening again.