Ch.11

Hacker- computer enthusiast or individuals who gain unauthorized access to computer systems for the purpose of stealing and corrupting data.

White-hat hacker- has skills of hacker, but is paid by companies to hack into their own systems..

Black-hat hacker- between 14-22, majority is male, usually mentored by other black-hat hacker.

Script-kitties-  teenagers who find programs black-hat hackers has written, learn how to use it, then BOOM.

Cracker-  they steal, kill, and destroy. Sole purpose is to sneak into computer systems for playful pranks.

Cyber theft- stealing money through new technology

Computer viruses-

Unauthorized use at work-

Piracy- there is copyright laws

*security breaches are on the rise

denial of service- software program that causes a computer to be overloaded with information and causes the system to shut down. They come from script-kitties and black-hat hackers.

1 to 1 dos- you use on your own computer

sniffer program- covertly search individual packets of data as the pass through net

spoofing- faking an Email address to trick users into passing along critical information(passwords or credit card numbers)

Trojan Horse- program that exploits known vulnerabilities

Back doors-  go in the back way to steal

Buffer overflows- the #1 problem. Crashing or gaining control of a computer b y sending too much data to the buffer in a computers memory.

SECURITY MANAGEMENT

ENCRYPTION- passwords, messages, files, and other data can be transmitted in scrambled form and unscrambled by computer systems for authorized users only.

VIRUS DEFENSES-  centralizing the distribution and updating of antivirus software as a responsibility of there is departments.

DENIAL OF SERVICES DEFENSES- monitor and block traffic spikes, filter spoofed IP addresses, create backup servers, limit connections, dont open Email attachments.

FIRE WALLS- protects a companys computer networks from intrusion by providing a filter and safe transfer point for access to and from the internet and other networks

OTHERS

Multi-faceted Access Controls, Security monitors, Backup files & business recovery, biometric security controls

COMPUTER SYSTEM FAILURE CONTROLS

FAULT TOLERANT SYSTEMS

1. FAIL-OVER- runs a couple of hours then shut down
2. FAIL-SAFE- uninterruptible power supply(generator)
3. FAIL-SOFT- operate at reduced level

THREATS

1. environmental faults
2. outages
3. data errors
4. transmission errors
5. HW & SW faults
6. media errors
7. HW faults

DISASTER RECOVERY PLAY

-         Comprehensive action to be taken before, during, and after a disaster along with documented tested procedures that ensures the continuity of business.

Site backup- another place to do work and run computers

A.     Mutual aid pact-other companies allows you to use their computers if disaster

strikes (vice versa).

B.     Cold site- a building (empty) to use during a disaster

C.     Hot site (Recovery Operations Center) a building with computers if disaster

D.     silo -  a trailer with computers

(cont.)

1. data backup- backup of data(duh)!!!!!

2. Software copies- copies of software (install most important first)

3. Supplies- gotta have supplies

4. Documentation and Manuals- especially the docs

PLAN

1. IDENTIFY CRITICAL APPLICATIONS(RANK)
2. IDENTIFY/CREATE DRP team
3. IDENTIFY SPECIFIC RECOVERY STEPS
4. CHECKLIST OF NECESSARY COMPONENTS
5. TEST DRP, PLEASEEEEEE!!!!!

E-BUSINESS SYSTEM CONTROLS

Input controls-               security codes, encryption, error signals

Processing Controls-     firewalls, software, hardware, checkpoints

Storage controls-           security codes, backup files, encryption, audit trail

Output controls-            security codes, encryption, control totals, user feedback

*create error file when security briefs occur