Free Essay

Security Attack

In:

Submitted By nifiralamak
Words 4780
Pages 20
Information Systems Security
By: Jessica Burnheimer, Kathleen Cline, Brian Weiss

Outline for Group paper

I. Introduction
II. Issues concerning Information Systems Security A. Define IS security B. Why IS security is necessary? C. History and Back round of IS security D. Current issues concerning IS security 1.) Spamming 2.) Hacking 3.) Jamming 4.) Malicious software 5.) Sniffing 6.) Spoofing 7.) Identity Theft
III. Solutions to contemporary IS security issues A. Solutions for “Spamming” B. Solutions for “Hacking” C. Solutions for “Jamming” D. Solutions for “Malicious Software” E. Solutions for “Sniffing” F. Solutions for “Spoofing” G. Solutions for “Identity Theft”
IV. The Future of Information Systems Security A. New technologies and techniques effecting the future of Information Systems Security B. Tips and information regarding maintaining a Secure Information System C. How security issues will continue to shape Information Systems Management

V. Conclusion

Abstract

The purpose of this paper is to discuss the pressing issues pertaining to Information Systems security. We will be covering the history of Information Systems Security, the current security issues, and why it is important to be knowledgeable in Information Systems security. Also, we will cover some solutions to the issues that we have discovered, and we will touch on the future of Information Systems security, with some tips and techniques on how to properly maintain and operate a secure Information System.
Introduction
Information Systems security is one of the biggest challenges facing society’s technological age. Information Systems have become an integral part of everyday life in the home, businesses, government, and organizations. Information Systems have changed the way that people live their lives, conduct business, even run the government. Information Systems have become such an important part of everyday life because there are many uses of Information Systems that make it much easier and faster to perform certain tasks, or even to perform certain tasks simultaneously. Information Systems have become so developed and detailed in their short history. Society has developed along with the Information Systems, becoming a more technologically-reliable generation, also known as the digital firm era. Along with an increasing reliability for Information Systems, the digital firm era has also brought about an increasing profitability, competitiveness, and efficiency for any business of any size that uses an Information Systems. Since the current technological generation has become so dependent upon Information Systems, the problems threatening Information Systems also threaten the order of everyday activities that many take for granted. The intricate role that Information Systems plays in daily activities has been developed near to perfection, but there are many current problems such as spamming, hacking, jamming, malicious software, sniffing, spoofing, and identity theft. These current problems are threatening the reliability and security of Information Systems. With these current problems threatening Information Systems, users of Information Systems have been in the search for new techniques and new technology that will help fix the devastating consequences. Along with new techniques and new technology fixing these problems, users of Information Systems must also protect themselves. There are certain ways that users of Information Systems can protect themselves against all of the current problems. The future of Information Systems is somewhat unknown since it lies in the hands of the users. This unexpectedness also means with many unexpected problems that the users will have to solve.

The Issues The problems which are facing information systems have either occurred through computer crime or computer abuse. Computer crime and computer abuse is widely becoming a widespread problem since technology can help accomplish almost any illegal or unethical task. There is a difference between computer crime and computer abuse, though; computer crime is when a person uses a computer to commit an illegal act, while computer abuse is when a person uses a computer to commit an unethical but not always illegal act. Computer crime and computer abuse has become a widespread problem since the evolution of Information Systems. Before Information Systems were invented, data was protected more because most information was stored only in paper files, and only in certain departments of a business where many users would not have access to the data. With the evolution of Information Systems, large amounts of data can be stored in electric form rather than in paper files, so the data can be viewed by a larger number of users. Since more users can access the data electronically rather than manually, the data in turn, is more susceptible to the threat of computer crime and computer abuse. Many businesses and individuals often feel serious effects from the following computer crime and computer abuse problems. Often at times, the users of Information Systems depend so heavily on the systems that a small setback will often cause huge setbacks for the business and individual. From a few minutes to a few days, the side effects of computer crime and computer abuse can be damaging to a business or individual who relies heavily on Information Systems to accomplish certain everyday tasks. The current computer crime and computer abuse problems have threatened Information Systems due to the increased reliability of businesses and individuals on Information Systems, but also because of an increased risk of threat due to insecure telecommunication networks. Many of the ordinary threats to Information Systems such as hardware failure, fire, software failure, electrical problems, personnel actions, user errors, and telecommunication problems also can lead to easier access to large volumes of data. When the telecommunication network itself is threatened, Information Systems of an individual or business becomes even more threatened. One of the current computer crime and abuse problems threatening the future of Information Systems is spamming. According to Laundon, spamming can be defined as “the practice of sending unsolicited e-mail and other electronic communication.” Spamming has become such a threatening problem with information systems because it is one of the cheapest and easiest methods to abuse a computer system. The spammers who send out all of these e-mails are only charged a few cents to send out the unsolicited e-mails to users who have not requested the information. There are laws prohibiting the use of spamming to abuse a computer system, but spammers rarely get punished since the laws are hardly enforced. The next problem facing information systems is hacking. Hacking is when an illegal user tries to access private information that they are not entitled to access. This illegal access is done either by using Trojan horses, logic bombs, and many other types of software that can very easily be hidden. Sometimes the hackers will even go as far crashing an entire network. According to Laundon, “hackers flood a network server or Web server with many thousands of false communications or requests in order to crash the network.” The repercussions from the attack of hackers can do serious harm to a business. Jamming is also another computer crime and abuse problem that is threatening to information systems. It is not one of the most common, but it is one of the easiest to accomplish. The illegal purpose behind jamming is to find a way to tie up the lines to a computer is the central brain behind a website. Once the lines are tied up, then legitimate visitors can access the site, therefore, the lines are “jammed” with illegal users. Malicious software is the most common form of computer crime against Information Systems. This computer crime occurs when computer viruses are sent through a means, usually the Internet, and these computer viruses “infect” the computer, often disabling programs or maybe even causing the computer to “crash,” become inoperable. Once the computer virus is implanted into a computer’s hard drive, it can be spread very easily, causing even more widespread damage. Some of the effects of computer viruses or malicious software are destroying programs, data, “crashing” a computer’s operating system, clogging memory, etc. Again, if a business or individual receives a computer virus on their computer, the damage can be small to devastating. Malicious software has become the most common form of computer crime because there are so many new computer viruses being spread. According to Laundon, “many thousands of viruses are known to exist, with two hundred or more new viruses each month.” Some examples of damaging computer viruses are “Monkey”, “Chernobyl”, and “Code Red”. The computer virus known as “Monkey” does not let the Windows operating system run, thus causing the hard drive disk to look like it is not working properly. “Chernobyl” is the nickname for a computer virus that infects a computer’s files, and this computer virus ruins a computer’s hard drive and ROM BIOS, which is the basic input/output system of a computer. “Code Red” is another computer virus that slows down the Internet and other computer processes. This computer virus is often spread as a “worm” as an attachment to an email, and then it hooks itself onto other computers once the email is sent, thus creating a very damaging chain-reaction. Two more computer crime and computer abuse problems that pose a threat to Information Systems security are “sniffing” and “spoofing.” “Sniffing” is a computer abuse problem which can let unauthorized users access private information about an individual because a piece of software can be used to cross the lines between an Internet user and a web site so the “sniffer” can intercept sensitive data. “Spoofing” is somewhat like “sniffing,” but “spoofing” involves the “spoofer” making a false web site geared to collect personal information from an Internet user to use it in criminal or unethical acts. The side effects of “sniffing” and “spoofing” are an increased risk of unsuspecting Internet users losing personal information. Once the personal information is collected, such as credit card numbers, social security numbers, birthdates, etc., the unsuspecting user is faced with a serious threat of misuse of that information, often resulting in horrible consequences. Identity theft, a common computer crime, is the most common side effect of “sniffing” and “spoofing” and often times, the most horrible of all the computer crime and computer abuse problems. With an insecure Information System, identity theft often arises as a serious computer crime. Identity theft occurs, according to the Federal Trade Commission, “when someone possesses or uses [a person’s] name, address, Social Security number, bank or credit card account number, or other identifying information without [a person’s] knowledge with the intent to commit fraud or other crimes.” Identity theft can occur through a variety of low-technological and highly technological methods. Identity theft occurs through most businesses and organizations when illegal users gain access to stolen electronical records stolen from an employer. Identity theft vandals can also gain unauthorized access to records through bribery of an employer or someone in the business which has legal access to the records. Conning is also another way that illegal users can find information in a business or organization. The most common form of unauthorized access to computer is through hacking into an Information System of a business or organization. Once the information is illegally accessed, the results can be very harmful for the victim.

Solutions These technological issues that have arisen pose many hindrances to the flow of meaningful information as well as security of information being sent. In spite of these impediments there are solutions to these problems. Some solutions come in the form of counter programming, others as legislation passed by various governing bodies. There is not, however, a single solution that solves or circumvents the issues the plague information systems and their security, each unique problem necessitates an equally unique solution. The issue of junk e-mail or spamming is a point of much debate as to possible solutions. Currently many internet service providers offer policies against spamming and/or some sort of application that attempts to curb the amount of spam in user’s mailboxes. America On-line, in particular, prohibits the sending of spam mail on their network cited laws such as the Computer Fraud and Abuse Act (18 U.S.C. 1030 et seq.) and the Virginia Computer Crimes Act (Va.Code Ann. 18.2-152.2 et seq.). Civil and criminal penalties may also apply to e-mail transmitted to the AOL Network in violation of the CAN-SPAM Act of 2003 (AOL, 1). Additionally they offer a “Spam Blocker” bundled with their main program which identifies some spam and prevents it from reaching their users accounts. MSN holds similar prohibitions regarding the sending of spam and uses Microsoft’s “Smart Screen” technology to filter spam from their user’s incoming mail (MSN, 1). For some users the degree of protection presented by their internet service providers is insufficient and they seek alternative forms of spam prevention. These users are forming groups to lobby for anti-spam laws. These laws would prevent spam form ever being sent by attaching criminal charges to those found sending mass unsolicited e-mails. US Code 47.5.II, section 227 which is commonly known as “The Junk Fax Law” is a law prohibiting mass unsolicited faxes. Although much of the language in this law may seem to be applicable to computers and e-mail, the actual concept has yet to be tested in court or to have firm ruling. New Jersey Congressman Christopher Smith has drafted a bill which modifies the junk fax law by including an electronic e-mail address of an individual in the existing prohibition against sending unsolicited advertising transmissions to fax machines. This law is truly 'opt-in' and is has a good deal support by consumers and internet service providers alike (Whitney, 2). In addition there are many completely new proposed laws circulating at the federal and state government levels which may completely solve the issue of spamming. Hacking has remained a hot topic in the government for the better part of a decade. There are some preventative measures that can be taken by administrators or end users. On such preventative measure, a Firewall is a program used to closely monitor precisely what information passes in and out of a computer or information system. These programs can be set to keep other users out of to prevent information from leaving the computer or information system. The solution to dealing with these “cyber vandals”, however, has been primarily found in the form of new legislation. There are a plethora of laws that deal with different types of hacking. The Computer Fraud and Abuse Act (as amended Oct. 3, 1996) is one such law; it covers subjects ranging from knowingly accessing a computer without authorization to intentionally causing harm to computers without permission. Unfortunately, there can be no true solution because as innovative as programmers become hackers will match their innovations and skill. The key to controlling this issue is to stay one step ahead of these hackers and to continually develop new and better forms of protection. Jamming is an additional form of computer crime and abuse. Jamming can be prevented in a number of ways. The practice of jamming is considered illegal and is prosecuted under many of the same laws that govern hacking (i.e. The Computer Fraud and Abuse Act) (Manor, 5). The dilemma that makes jamming difficult to detect, prosecute and define is that it simulates actual web page traffic. Most administrators will not regularly check the sources of most of the traffic to their sites (AOL Canada, 1). Additionally, when a jamming is noticed it is exceedingly difficult to trace the source or sources responsible for the act. Sniffing, another form of computer crime and abuse is also difficult to detect. Sniffing can take one of two forms: Software which is downloaded either knowingly or unknowingly onto a computer or system, or physical in which a sniffing device is placed on the computer at the Ethernet port (Klaus, 6). Detecting sniffing software on a computers hard drive can be done using software designed to detect sniffing programs or they can be manually sought out by an administrator or user. As software is constantly being upgraded this can be difficult to do, though not impossible. If a physical sniffing device is used they can only be detected by a person physically checking the Ethernet connection of each individual machine. Penalties for this type of abuse also fall under the mesh of The Computer Fraud and Abuse Act. Computer crime and abuse can also be seen in the form of spoofing also know as “phishing”. This form of cyber crime is particularly current and harmful. These sites and e-mails are usually very well disguised and difficult to spot. Many instances of spoofing can be prevented by newer routers and firewalls (Jupiter Images). In instances where newer routers or firewalls are not available of should a site or an e-mail slip past these defenses there are some warning signs users can use to identify spoofing themselves. Some such signs are: 1. If the e-mail asks you for private account information or passwords. 2. If you are unfamiliar with the sender. 3. If the e-mail is unsolicited 4. Keeping your operating system and web browser up to date 5. Schedule spy ware protection software to run regularly on your computer 6. Run firewall software on your computer or ensure your home computer network is protected by a firewall-enabled network router. 7. Treat the links contained in any e-mails with suspicion. (four, 7)

Many say that the most rampant and dangerous form of computer crime is identity theft. Identity theft comes in many forms and levels. Identity theft can stretch from the theft of e-mail addresses from message boards, to stealing social security numbers, bank account numbers and passwords. Detecting identity theft is very difficult and prosecuting it can often be even more difficult. The best solution to identity theft is prevention. Keeping ones personal information close and guarding it well is the best solution to this problem. A person who has had their identity stolen or believes that they have should follow the subsequent steps:

1. Contact the fraud departments of any one of the three major credit bureaus to place a fraud alert on your credit file. The fraud alert requests creditors to contact you before opening any new accounts or making any changes to your existing accounts. As soon as the credit bureau confirms your fraud alert, the other two credit bureaus will be automatically notified to place fraud alerts, and all three credit reports will be sent to you free of charge. 2. Close the accounts that you know or believe have been tampered with or opened fraudulently. Use the ID Theft Affidavit when disputing new unauthorized accounts. 3. File a police report. Get a copy of the report to submit to your creditors and others that may require proof of the crime. 4. File your complaint with the FTC. The FTC maintains a database of identity theft cases used by law enforcement agencies for investigations. Filing a complaint also helps us learn more about identity theft and the problems victims are having so that we can better assist you (FTC, 9).

Computer abuse can also take the form of malicious software. There is a excess of programs designed to cause harm to computers and information systems. This software can take the form of viruses or worms that disable part of all of specific computers of entire systems. Software of a malicious nature can be prevented and detected by virus scans performed by programs made to detect such software. These scans can be performed regularly in a scheduled maintenance format or in a point of entry format wherein all removable disks, e-mails or incoming files are scanned as they are introduced to the computer (Whitney, 12). Virus scanning programs only work well if they are regularly updated with recent virus definitions.

Conclusion As mentioned above, there are many current issues concerning Information Systems security. Some of these issues include spamming, hacking, jamming, malicious software, sniffing, spoofing, and identity theft; each one of these problems fit under one of two heading, computer abuse or computer crime. There are a lot of different techniques that some one can use to keep their information system safe from these crimes and abuse. When you are dealing with spamming there are certain measures that you can take to guard your email account from spam. Spam is another term for unsolicited commercial email. Anyone that has an email account has at come point had an encounter with spam. Most people do not know how their email address got out to the people sending the spam; this is done through software called a Spambot. According to Scott Mueller, “a Spambot is a piece of software, a program that someone has written.” Mueller describes the process of a Spambot like this “A Spambot starts out on a web page. It scans the page for two things: hyperlinks and email addresses. It stores the email addresses to use as targets for spam, and follows each hyperlink to a new page, starting the process all over.” There are various ways to hide your email address form these Spambots, but the easiest and best way to avoid spam is to not give out your email address. The trick is to leave your email visible to human visitor, but hidden from the spambots. There are many ways to do this according to www.spam.abuse.net/spam/, the most effective and simplest way to hide your email address is to make it into a graphic. Spambots cannot read graphics; in fact most of them cannot even load graphics, because it slows them down considerably. A graphic is just a jpg or a gif file that contains your email address in it. The only draw back to using a graphic is that the user must be bale to view the image to see your email. Hacking is another large problem that information systems have to deal with today. The best, easiest, and lest costly way to stop someone from hacking on to your computer is to have a Firewall installed. HowStuffWorks.com says “A firewall is simply a program or hardware device that filters the information coming through the Internet connection into your private network or computer system. If an incoming packet of information is flagged by the filters, it is not allowed through.” Essentially, a firewall is a blockade to keep harmful forces away from your computer and personal information. There are three ways that a firewall can control traffic in and out of a network: Packet filtering, proxy server, and statefull inspection. Packet filtering is analyzing small pieces of information against filters. If the information does not make it through the filter then it is thrown out. Proxy server is when the firewall finds the information you need on the internet so that you are sure that the information is secure. HowStuffWorks.com states that Statefull inspection is “a newer method that doesn’t examine the contents of each packet but instead compares certain key parts of the packet to a database of trusted information. Information traveling from inside the firewall to the outside is monitored for specific defining characteristics, then incoming information is compared to these characteristics. If the comparison yields a reasonable match, the information is allowed through. Otherwise it is discarded.” Malicious software is used to help people infect computers on the internet with viruses. There are tool kits that Microsoft and other companies have made that can stop cyber vandals from passing on viruses to your computer. Microsoft’s Malicious Software Removal Tool is released once a month, it can according to the website, www.supportmicrosoft.com, “detect and remove current, prevalent malicious software. This malicious software includes viruses, worms, and Trojan horses.” Another computer crime is Sniffing. A Sniffer can be a self-contained software program or a hardware device with the appropriate software or firmware programming. They usually act as network snoops by examining network traffic, making copies of the data and possibly changing some of the content. This has become such a growing problem that the Federal Bureau of Investigation has had to design a sophisticated sniffer system called Carnivore. Carnivore's primary purpose is to intercept large volumes of electronic mail and other forms of electronic communication passing through a network (www.computerworkingabout.com). An additional computer crime is spoofing. Ankit Fadia defines spoofing as a technique used to gain unauthorized access to computers, whereby the intruder sends messages to a computer with an IP address indicating that the message is coming form a trusted hose. This is not hard for today’s hackers to accomplish, all they have to do is find a “spoof” IP address of a trusted host then modify the header so it seems like it is coming from that host. Basically spoofers pretend to be and organization or person that they are not, so that they can get private information about the visitors of the website. Unless you are very knowledgeable on spoofing it is very difficult to catch or prevent. So, the best advice to give so you do not get spoofed is to be sure that the site you are on is a legitimate one. And be very cautious who you give your personal information, and credit card number to when on a website because you can never be too sure who you are actually giving it to. Spoofing and identity theft go hand in hand when dealing with information systems. Identity theft occurs when someone steals your personal information without your knowledge to commit fraud or theft. They only need one of a few pieces of information to do so, such as your Social Security number, telephone calling card number, bank account or credit card number, or some other piece of your personal information for their own use. Many times you do not even know that your identity has been abducted, usually people find out when they check their credit card bills (Sherman). Identity Theft Costs Americans over 5 Billion Dollars a year, with an average loss per victim of $10,000 (Sherman). Here are a few tips to preventing identity theft: Never carry documents with your Social Security number, or credit card number, never give them over the phone because you cannot be 100% sure who are you actually speaking with and because phone lines are easily taped. Also, do not write your Social Security number on your personal checks, and avoid using your Social Security number as an personal ID at your place of work. Information Systems security is one of the biggest challenges facing our society the technological age. Information Systems have become an integral part of everyday life in the home, businesses, government, and private organizations. Information Systems have changed the way that people live their lives, conduct business, even how run the government. Information Systems have become such an important part of everyday life because there are many uses of Information Systems that make it much easier and faster to perform certain tasks, or even to perform certain tasks simultaneously. It the great abilities that this technology provides us we are burden with an ethical and moral obligation to manage and control ourselves as well as others for the greater good of man kind.

Works Cited

America Online, Inc. AOL Postmaster.Info 22 June 2004. 3 Mar. 2005 .

America Online Canada Inc. Top Ten Tips to Avoid Phishing Scams. 2000. 5 Mar. 2005. .

Computer Security Resource Center, National Institute of Standards and Technology (NIST). "Engineering Principles for IT Security (EP-ITS) (A technical baseline for achieving security capabilities)." Draft document. URL:

Fadia, Ankit. New Order. New Order Team and Box Network ltd. 2005. 15 April 2005. http://neworder.box.sk/newsread.php?newsid=3825

Federal Information Systems Security Educators’ Association (FISSEA). 17 March 2005. 28 Mar. 2005 .

Jupiter Images. “IP spoofing.” Webopedia.com 10 Sept. 2004. 4 Mar. 2005. .

Klaus, Christopher. “Computer-security/sniffers FAQ.” Online posting. 28 June 1997. FAQS.org. 9 Mar. 2005 .

Laudon, Jane P., and Laundon, Kenneth C., Management Information Systems. New Jersey: Pearson Education, Inc., 2004.

Manor, James. “Hackers Attack: Jamming and its Effects.” Computer Culture Today 13.8 (2004) : 32 pars. 5 Mar. 2005. .

Maximum Security: A Hacker’s Guide to Protecting Your Internet Site and Network, 2nd edition, Sams, 1998.

Microsoft Network. MSN E-mail Solutions. 2005. 4 Mar. 2005 .

Mueller, Scott Hazen. Fight Spam on the Internet. 2005. 15 April 2005 http://spam.abuse.net/spam/

Sherman, Robert. Identity Theft Prevention and Victim Help. 2003-2005. 15 April 2005.

United States. Federal Trade Commission. Welcome to the Federal Trade Commission: Your National Resource for Identity Theft. 3 Mar. 2005 .

Whitney, Johnson L. “Existing and Emerging Laws on Junk E-mail.” Online Posting. 3 March. 2005 .

Similar Documents

Premium Essay

Security Recommendations to Prevent Social Engineering Attacks

...Security Recommendations To Prevent Social Engineering Attacks A social engineering attack is a non technical attack that attacks the mindset of the victim. An intruder prefers this attack, because the human mindset has more weaknesses than many systems do. There are several implementations that can be used to deter social engineering attacks. The following are list of security recommendations to thwart social engineering attacks that must be used by all company employees: · Do not click on any links in an e-mail instead scan the link with a virus scanner and type the link in the browser instead of clicking on the link. · Do not open any e-mail attachments without first during a virus scan on the e-mail or e-mail attachments can be blocked. · Do not talk about company business in front of anyone that is not a part of the company this includes family or friends. · Do not hold the door open to let anyone in the building instead have them go to the front desk to present their credentials. · Make sure that all paper company documents are burned in an incinerator. · Install mantraps where access cards must be used to enter in secure or employee only areas. · To obtain lost or forgotten passwords the user must come to the help desk with the proper identification and answer 2 security questions and the temporary password must be changed as soon as the account is accessed. · Internal e-mail addresses should only be given to employees with proper identification that can...

Words: 362 - Pages: 2

Free Essay

Denial of Service Attacks in Network Security

...Denial of service attacks in Network security introduction and short history of DoS attacks: Denial of service attacks are one of the major threat to the modern computer networks.It has been said that first DDoS attack was launched in 1999 against the IRC server of university of minnesota which affected 227 systems and server was down for several days.Another DoS attack was documented in the week of feb 7 2000.A 15 year old canadian hacker named “mafiaboy” performed a series of DoS attack against some sites like ebay and amazon.Companies suffered from 1.7 billion of damage.After that it became the best way of hacking among cybercriminals. People used to perform these attacks for profits.Hackers will follow the procedures like mafiaboy and ask for the money.In 2005 ,it became more easy to implement those attacks ,a boy of 18-yr old named Farid Essabar developed a worm called MyTob which used to open a backdoor in Ms windows hosts and connect to the remote IRC server.The computer then used to wait for the commands from the servers.Farid was arrested for distributing the worm.This was surely not the last case.DDoS attacks were used to attack and money extortion. As name suggests Denial of Service aka DoS, it’s main objective is to make the system to deny the legitimate service requests. Basically DoS attacks are performed by exhausting the resources of the computer like processing power,network bandwidth,TCP connection and service buffers,CPU cycles and so on.Hackers actually...

Words: 2218 - Pages: 9

Premium Essay

Varying Network Security Methodologies and Their Effect on Attack Frequency

...Network Security Methodologies and Their Effect on Attack Frequency John D Prather College of Southern Nevada Abstract This paper will examine the efficacy of the current methods to assess network security intrusions, and their associated losses. The only true security in an ever-more interconnected world is complete anonymity … the more robust one’s network security is, the bigger the target for unintended use. While unintended use can be benign, it can also be malicious. Years ago, if a computer network was compromised as part of a criminal act, it was often tertiary to the crime itself. Today, the data is the target, and the network intrusion the crime. Billions of dollars have been invested in security products such as firewalls, strong authentication, intrusion detection, and encryption over the past decades. However, system penetration attempts continue to occur. As a consequence financial losses continue to skyrocket for organizations. According to the 2012 CSI Computer Crime and Security Survey, average losses per respondent topped $2,500,000 for the year, with some intrusions causing losses topping $25,000,000!! (Richardson, 2012) It is not that security countermeasures are ineffective for companies that employ them correctly … it is that the pool of perpetrators, from basement teens to nation-states, is so large and the chance of being punished so absurdly small, that the cost-benefit-analysis to the criminal mind swings heavily in the direction of attack. Once...

Words: 842 - Pages: 4

Free Essay

Airport Security Improvements Before and After the September 11, 2001 Terrorist Attack

...Running head: Airport Security Airport Security Improvements Before and After the September 11, 2001 Terrorist Attack Andrew Fuller South Carolina State University Abstract The purpose of this study is to research improvements that have been made since the September 11, 2001 terrorist attack and study airport security before September 11. According to ABC News 4 much has changed in our country over the last seven years including airport security. Air travel has been greatly affected by 9/11. Security measures have caused an increase in passengers to face many more steps before boarding flights. In November 2001 The Transportation Security Administration (TSA) was formed to secure airports both inside and out. Statement of the Problem or Objective Since the September 11 attacks security as a whole has undergone drastic changes in America. All aspects have been upgraded and reevaluated to take all the necessary precautions to either prevent another event as such or to be better prepared if it were to happen again. In the past airport security was pretty basic. You arrived at the airport got checked in and left. Now you have to carry everything in little bottles and take your shoes off and other accessories to pass through the metal detectors. According to Security Solutions the most improvements have been made on airplanes. Cockpits are bullet proof and pilots and their crews are secured from the rest of...

Words: 1195 - Pages: 5

Premium Essay

On-Line Security: Attacks and Solutions

...EVREN KUCUKKAYA E-COMMERCE SEMINAR Elias A. Hadzilias, PhD NTUA Assignment: On-line security: attacks and solutions 2012 ISG – INTERNATIONAL MBA Table of Context 1. INTRODUCTION ................................................................................................................................... 3 2. MAIN TYPES OF MALWARE ................................................................................................................. 4 2.1. Computer Viruses ............................................................................................................................. 4 2.1. Computer Worms ............................................................................................................................. 5 2.3. Trojan Horses.................................................................................................................................... 6 2.4. Spyware ............................................................................................................................................ 6 2.5. Backdoor........................................................................................................................................... 6 2.6. Spams ............................................................................................................................................... 7 2.7. Keyloggers ....................................................................................................

Words: 5692 - Pages: 23

Premium Essay

On-Line Security: Attacks and Solutions

...EVREN KUCUKKAYA E-COMMERCE SEMINAR Elias A. Hadzilias, PhD NTUA Assignment: On-line security: attacks and solutions 2012 ISG – INTERNATIONAL MBA Table of Context 1. INTRODUCTION ................................................................................................................................... 3 2. MAIN TYPES OF MALWARE ................................................................................................................. 4 2.1. Computer Viruses ............................................................................................................................. 4 2.1. Computer Worms ............................................................................................................................. 5 2.3. Trojan Horses.................................................................................................................................... 6 2.4. Spyware ............................................................................................................................................ 6 2.5. Backdoor........................................................................................................................................... 6 2.6. Spams ............................................................................................................................................... 7 2.7. Keyloggers ....................................................................................................

Words: 5692 - Pages: 23

Free Essay

United States Security and Economic Cooperation (Policy) for West Africa Since the Terrorist Attacks of 9/11

...been the very beneficial to the U.S. and its economy particularly in the pre-9/11 and pre-2007 global financial crisis eras. But these events particularly the 9/11 attack for example have created serious blow to the U.S. global leadership and its image. Like in the area of the U.S. foreign policy in which its global image defends upon that has also significant implications on its economy, global economic and political interest. Hypothesis The evolution U.S. Foreign Policy for example has been intertwined with the changes of the socio-economic-political and technological landscapes. But for the first time in U.S. History, Terrorism has become the major cause of the abrupt changed in its Foreign Policy which has some serious implications on its national security, political and economic interests in different regions of the globe including West African region which composed of countries like Angola, Benin, Cameroon, Cape Verde, Democratic Republic of Congo, Côte d'Ivoire, Equatorial Guinea, Gabon, Gambia, Ghana, guinea, Guinea-Bissau, Liberia, Mauritania, Namibia, Nigeria, Sao Tome and Principe, Senegal, Sierra Leone, Togo, and Congo. Purpose The purpose of this paper is to conduct discussion and analysis on the United States Security and Economic Cooperation (policy) for West Africa Since the terrorist attacks of 9/11. As one must take note that such region is entwined with serious economic and political factors that would help the United States...

Words: 3410 - Pages: 14

Premium Essay

Target Cyber Security Attack Case

...1) Target is outstanding amongst other U.S. based retail chains, pulling in more than $73 billion yearly as displayed with cash related enlightenments from the alliance and serving a broad number of customers constantly. Despite how those figures are by and large vital for business, they moreover paint a target on the relationship's back for front line punks. Despite whether it's valuable data that can be sold on the black market, control access to budgetary records or other Target-guaranteed assets, there are particular purposes behind electronic guilty parties to ambush the retailer. Cyber security was not a need at Target. They comprehended it after the POS (Point of Sales) strike that it is a colossal issue that must be made in a flash, making nature ensured and secure. Spending check amidst the night, their surroundings was ensured and secure. Target discarded the malware in the find the opportunity to point, they were astoundingly certain that coming into Sunday guests could come to Target and shop with insistence and no risk, told. to appear to a more prominent degree a propelling record of the course of occasions instead of words beginning from...

Words: 1305 - Pages: 6

Premium Essay

Week 1 Is 4560

...There are many different threats that are involved in internet security. The three current major ones are health care, education and government. Healthcare, education, and government accounted for nearly two-thirds of all identities breached in 2012. More than 88 percent of attacks that are known are those performed by people outside those companies that are being attacked. Some of these attacks are very well planned and obviously an inside job there are examples given in the article about how people in the military have sent messages to others that have malware attached in them. According to the article web based attacks have increased by nearly 33 percent and it is continuing to grow. Health care in particular is a major threat since it contains so much personal data with all of the patient information that there is. Education counties to be a treat year after year due to the number of schools and information that can be accessed since most schools do not have the security that most major corporations have and last but definitely not leas is the government for so many reasons will always be a threat whether it is out of hate or just monetary gain the government will always have a target on its back. As time goes on and since we are still so new to the World Wide Web there will be even more sophisticated attacks planed and made every day, but so is security. at its current pace hackers seem to usually be one step ahead of the agencies that they are attacking however because of...

Words: 314 - Pages: 2

Free Essay

Information Security Chapter Two

...Chapter 2 Review Questions 1. Why is information security a management problem? What can management do that technology cannot? Decision-makers in organizations must set policy and operate their organization in a manner that complies with the complex, shifting political legislation on the use of technology. Management is responsible for informed policy choices and the enforcement of decisions that affect applications and the IT infrastructures that support them. 2. Why is data the most important asset an organization possesses? What other assets in the organization require protection? Without data there will be no record of anything that they have done. 3. Which management groups are responsible for implementing information security to protect the organization’s ability to function? Both General management and IT management. 4. Has the implementation of networking technology created more or less risk for businesses that use information technology? Why? More risk, now that attackers have the potential to access the networks from anywhere. 5. What is information extortion? Describe how such an attack can cause losses, using an example not found in the text. When information is held hostage until demands are met. 7. What measures can individuals take to protect against shoulder surfing? Avoid, if possible, accessing sensitive information whenever others are present. Be aware of your surroundings. 8. How has the perception of the hacker changed over recent years? What...

Words: 907 - Pages: 4

Free Essay

Issc

...applications that work with the browser such as ones in which you use to view videos like an adobe flash player for example should be patched and updated daily so that they do not become vulnerable to an attack, the popup blocker should be turned off to prevent you from accidentally clicking on malevolent pop-ups, it is possible to protect against session hijacking by changing the browser’s settings, when you have a screen in which you have to log into with a username, password, or both such as AMU website your computer’s web browser always ask you if it would like for you to allow it to remember the credentials so you do not have type it in every time. You should click no instead of yes because it prevents your credentials of that website from being stored into your web browser’s cookies and being used for session hijacking, in addition to that whatever website someone goes to that requires a log in, like AMU and facebook, they need to actually log themselves out of that page before closing the window so their session does not stay open and vulnerable to hijacking even when they close the window. A flooding attack can work against a web page, in order for it to be successful they have to mainly target the TCP/IP protocol suite and look for weaknesses there and overload it and create an attack that aims specifically for the server of that webpage and delivers a whole bunch of...

Words: 392 - Pages: 2

Free Essay

Literacy Narrative

...The pen is mightier than the sword In an instant, your existence can be altered. It only takes an instant when you might discovery yourself traveling down a dissimilar route than you started on. You may never identify it, but the meekest form of literacy could make the world of difference in one’s life. Between the ages of four and nine, your child will have to master some 100 phonics rules, learn to recognize 3,000 words with just a glance, and develop a comfortable reading speed approaching 100 words a minute. He must learn to combine words on the page with a half-dozen squiggles called punctuation into something – a voice or image in his mind that gives back meaning. (Paul Kropp, 1996). Writing, disbelieve it or not, is continuous in your daily life. Whether making a shopping list, comprising an electronic message, or just doing your schoolwork, there is no escape from writing. In my case, however, writing came to be my only recovery for righteousness. On an apparently ordinary, stress-free, fall day in Afghanistan, I found myself running down the street on the Forward Operating Base of Salarno where I spent my fourth tour overseas. It goes without saying that writing was next to the last thing on my mind as I was talking with friends and keeping a steady pace. As things seem to do, my priorities were about to severely change. As the Base was attacked by three men in an open field, I was knocked back by one single rocket hitting a nearby building. As I opened my eyes I saw...

Words: 825 - Pages: 4

Free Essay

Cmgt 420 Wk 1 Assessment

...risk could come from natural occurances to cyber attacks design to cripple the process of how a business function. 2. What would cause some Risk to be greater than others - how would you measure or score these Risks? The greater risk would be if the attack can be rebound from. I would have to rate a natural event as a greater risk especially if it is a flood or mud slide. Cyber attacks also are a great risk to operations because client information maybe stolen and this can cause life changing results. I would rank them at the top as far as damage to recovery goes. 3. In the technology growth we are in today - list 3 of the Risks that business or individuals face by doing business via the Internet. Identity thief, malware attacks, and viruses 4. How prepared are you for a disaster? How prepared do you feel most businesses are for a disaster? What could be done to minimize the effect of a natural or man-made business outage? I think that I am prepared for the risk as a use will face with the help of firewalls, anti-virus technologies, and backup of important data specific to me. Most businesses are well prepared for risk because this is somewhat the norm of doing business these days. They all use some sort of backup to systems and are deploying the help of IT departments from 3rd party outsources. 5. What are your expectations in taking this class? First is to learn that in which I do not know when it comes to security issues and solutions to the IT field. The Second...

Words: 327 - Pages: 2

Free Essay

Zara Innovation

...Islamic Somali state(Atwan, 2013 pp.111-114). Al-Shabaab would want to meet clandestinely with the pirates. Al-Shabaab’s need for financing, and al Qaeda’s emphasis on finding local sources, means that al-Shabaab supports pirates in exchange for receiving a portion of the pirates’ ransoms (Atwan, pp.121-126). Ports and maritime access are essential for piracy and al-Shabaab can use this as leverage for further collaboration (Akhgar, 2013 p.42). The failed US attack on an al-Shabaab Barawe stronghold and al-Shabaab’s subsequent deployment of beach defences are demonstrative of the advantages of operating out of al-Shabaab controlled ports and evidence of al-Shabaab’s ability to withstand attacks by foreign forces (Ahmed et al., 2013). When meeting with the pirates, al-Shabaab could ask for control of the AusAID/WFP food shipment and future pirate food hauls. Over 3 million people are reliant on aid in Somalia (Atwan, p.118) and the food could be used to restore Somali faith in al-Shabaab, lost after recent al-Shabaab attacks. Food supplies could provide incentive for recruitment to the al-Shabaab cause if distributed in Somalia, or in the Somali populated areas of Kenya and Ethiopia. Al-Shabaab would not meet with aid agencies such as the WFP. The WFP was ‘banned’ in 2009 as a result of negligent practices, where the flooding of food aid negated the Somali farmers’ opportunities to sell their harvest and ability to independently feed and establish themselves economically. Furthermore...

Words: 801 - Pages: 4

Premium Essay

Security Attaks

...In years past, security threats came from geniuses or nerdy students with lots of time. The numbers of these people were relatively small. Their main motivation was to prove that they could break into another network. Since then, the number of potential attackers and the sophistication of the attacks have increased exponentially. Attacks that once required attackers to have an advanced degree in computing now can be done with easily downloaded and freely available tools that the average junior-high student can figure out how to use. Every company and almost every person connects to the Internet, making essentially the whole world vulnerable to attack. The biggest danger today may be the changes in attacker’s motivation. Instead of looking for a challenge, or to steal millions, today’s attackers can be much more organized and motivated. Organized crime tries to steal billions by extorting companies by threatening a denial of service (DoS) attack on the companies’ public web servers. Or they steal identity and credit card information for sometimes hundreds of thousands of people with one sophisticated attack. Attacks might come from nation-states or terrorists. Not only might they attack military and government networks, but they might try to disrupt infrastructure services for utilities and transportation and cripple economies. Security is clearly a big issue, and one that requires serious attention. To appreciate a bit more about the dangers inside the Enterprise network, it...

Words: 1273 - Pages: 6