SECURITY AND CONTROL BY SATYA PRAKASH JOSHI

SECURITY AND CONTROL

• Computer system play such a critical role in business, government and daily life that firms need to make security and control a top priority. • Security refers to the policies procedures, and technical measures used

to prevent unauthorized access, alteration, theft, or physical damage to information system. • Control consist of all the methods, policies, accuracy and reliability of

its accounting records, and operational adherence to management standards.

WHAT IS VULNERABILITY?

• a vulnerability is a weakness which allows an attacker to reduce a system's information assurance.• Vulnerability is the intersection of three elements: a system

susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw.

• Malware is a software which is specifically designed to disrupt or damage a computer system.

WHAT SYSTEM VULNERABILITY?

• Telecommunication networks are highly vulnerable to natural failure of hardware and software and to misuse by programmers, computer operators, maintenance staff and end-users.

• It is possible to tap communications lines and illegally intercept data. • High speed transformation over twisted wire communication channels

causes interfaces called crosstalk. • Radiations can disrupt a network at various point as well. • The potential for unauthorized access, abuse or fraud is not limited to a

single location but can occur at any access point in the network

WHY SYSTEMS ARE VULNERABLE?

• They can stem from technical, organization, and environmental factors compounded by poor management decisions.

• In the multitier client server computing environment vulnerability exist at each layer in the communications between the layers.

• Users at the client layer can cause harm by introducing errors or by accessing systems without authorization .

• It is possible to access data flowing over network steal valuable data during transmission or alter message without authorization.

• Radiation can disrupt a network at various points as well. • Intruders can launch denial of service attacks or malicious software to

disrupt the operation of websites.

CONTI…

INTERNAL THREATS

We think the security threats to a business originate outside the organization but the fact, the largest financial threats to business institutions come from insiders. Lack of knowledge is the single greatest cause of network security breaches. Many employees forget their passwords to access computer system or allow other co-workers to use them. • Hacker : A hacker is a person who gains unauthorized access to a

computer network for profits criminal, mischief or personal pleasure. • Security: Policies, procedures and technical measures used to prevent

unauthorized access, attraction, theft or physical damage or information system.

CONTEMPORARY SECURITY CHALLENGES AND VULNERABILITIES• Architecture of a web based application typically includes a web client,

a server, and corporate information system linked to database. • Each of these components presents security challenges and

vulnerabilities. Floods, fires, power failures, and other electrical problems can cause disruptions at any point in the network.

• System malfunction if computer hardware breaks down, if not configured properly or is damaged by improper use or criminal acts. i.e error in programming, improper installation, or unauthorized changes causes computer to fail.

INTERNET VULNERABILITIES

• Larger public network such as the Internet are most vulnerable than internal networks because they are virtually open to anyone.

• When the Internet becomes part of the corporate network, the organization’s information systems are even more vulnerable to action from outsiders.

• Most Voice Over IP (VoIP) traffic over the public Internet is not encrypted, so anyone linked to a network can listen in a conversations.

• Hackers can intercept conversation to obtain credit card and other confidential personal information or shut down voice service by flooding servers supporting VoIP with bogus traffic.

WIRELESS SECURITY CHALLENGES

• Wireless network using radio-based technology are even more vulnerable to penetration because radio frequency bands are easy to scan.

• WiFi – Wireless Fidelity only several hundred feed, it can be extended up to one-fourth of a mile using external antennae's.

• Local area networks (LANs that use the 802.11b (WiFi) standard can be easily penetrated by outsiders armed with laptops, wireless cards, external antennae and freeware hacking software.

• Hackers use these tools to detect unprotected networks, monitor network traffic, and in some cases, gain access to the Internet or to corporate networks.

SOFTWARE VULNERABILITY

• Software vulnerability cause huge lose of the company or any organization.

• Major problems with software is the presence of hidden bugs or program code defects.

• Virtually impossible to eliminate all bugs from large programs.• Even after rigorous testing, developers do not know for sure that a

piece of software is dependable until the product proves itself after much operational use.

CONT..

• To correct software flaws once they are identified, the software vendor creates lines of code called patches to repair the flaw without disturbing proper operation of the software.

• Best example is Firewall to protect against viruses and intruders, capabilities for automatic security updates.

• It is up to users of the software to track these vulnerabilities, test, and apply all patches. This process is called patch management.

BUSINESS VALUE OF SECURITY AND CONTROL

• Security and control have become a critical, although perhaps unappreciated, area of information system investment.

• When computer system fail to run or work as required, first that depends heavily on computer experience serious loss.

• Longer computer systems down serious loss. • These days every organization depends on Internet and Networked

system.

• 2003 corporate networks and home computer systems were overwhelmed by attacks from the SoBig.F worm. SoBig.

• SoBig caused an estimated $50 million in damage in the United States alone during that period, temporarily disabling freight and computer traffic

• Companies have very valuable information assets to protect. Systems often house confidential information about individuals’ taxes, financial assets, medical records, and job performance reviews.

• Businesses must protect not only their own information assets but also those of customers, employees, and business partners.