Upload
kathryn-carter
View
212
Download
0
Embed Size (px)
Citation preview
Security Issues and Strategies
Chapter 8 – Computers: Understanding Technology (Third
edition)
Network and Internet Security Risks
• Unauthorized access– UserID is normally public, so password is the only
secure part– System backdoor – created by the programmers of
the system
• Denial of service (DoS) attacks• Information theft
– Users often do not enable security for wireless devices
– Data Browsing – e.g IRS and tax returns
Hardware and Software Security Risks
• Power interruptions can damage computers – surge protectors
• Stolen hardware and software– Employee theft– Employee loss – e.g. laptops are more easily
taken than traditional computers and this has led to some widely-publicized incidents of possible compromise of sensitive data
Recent Laptop Thefts that Exposed Large Amounts of Sensitive Data
• Personal data of 26.5 million U.S. veterans was on a laptop taken from the home of a U.S. Department of Veterans Affairs employee
• A laptop that belonged to an Ernst & Young employee was stolen from a vehicle. The computer contained personal information of 243,000 Hotels.com customers.
• An unencrypted hard drive containing names, addresses and Social Security numbers of American Institute of Certified Public Accountants (AICPA) members was lost when it was shipped back to the organization by a computer repair company. Potentially 330,000 members were affected.
Source: Wikipedia, July 9, 2007
Security Strategies
• Physical security• Firewalls – used on computers connected to
internet, will allow web browsing but prohibit some other forms of communication
• Network sniffers – displays network traffic data• Antivirus software• Data backups – rotating backup allows one to
keep several versions rather than a single one• Disaster recovery plan – remotely located data
backups and redundant systems
Security Strategies (cont.)
• Authentication – Personal identification numbers, usernames
and passwords• User IDs and Passwords – passwords must be
easy to remember but hard to guess. The following also increase security
– Longer passwords– Increase in number of choices for each keystroke –
requirement for an uppercase letter, a lower case letter, and a number thus increases security of password
– Changing passwords more often (maybe)
– Smart cards
Security Strategies (cont.)
• Monitoring and auditing– Keystroke loggers and internet traffic trackers– Video surveillance
• Biometric authentication– Fingerprint– Hand geometry– Facial recognition– Voice – Signature– Iris and retinal– Keystroke dynamics – how an individual types
Security Strategies (cont.)
• Data encryption – Intelligence agencies want to limit use of
encryption technology so it can decipher communications in particular instances
– Secure Sockets Layer (SSL) protocol is used on sites where the URL starts with https rather than http