ICT Security Report

EXTERNAL THREATS

A business can also face many potential external threats that may try to retrieve or pilfer customer data. These external threats include hackers, viruses and Trojans, phishing, denial of services (DOS), operating problem services and by using public computers of wireless networks.

Hackers

Hackers are people who enjoy playing with computers, a small minority of whom commit computer crime for the intellectual challenge of breaking into a computer. They are individuals who generally gain access and exploit computer systems and networks without their owners' knowledge or consent.

The attacks can either be malicious or non-malicious. Malicious hackers break into the system either for their own personal gain or to obstruct or destroy documents or information held within that computer, they may also use the data for either fraudulent or theft purposes. Non-malicious hackers tap into computers or sites to prove that they can be obstructed or that they are under threat from such people. Other than using computers hackers are able to obtain or destroy information through other advanced technology such as mobile phones.

An example of someone trying to source and find information through hacking is Gary McKinnon (AKA Solo), from north London, who allegedly hacked into 97 military and NASA computers over a 12 month period from February 2001 until March 2002, causing an estimated £370,000 in damages. This type of hacking can be seen as malicious but of a vandalising nature as he did not use it for fraudulent or theft purposes.

Another example of extreme hacking is was during 1994, when the security of Citibank, the fifth largest bank in the world was breached. Vladimir Levin, a biochemistry graduate of St. Petersburg's Tekhnologichesky University in mathematics, led a Russian hacker group in the first publicly revealed international bank robbery over a network. He used a laptop computer based in London, to access the Citibank network, and then obtained a list of customer codes and passwords. Then he logged on numerous times over a period of weeks and transferred approximately $3.7 million through wire transfers to various accounts his group controlled in the United States, Finland, the Netherlands, Germany, and Israel. Levin and his accomplices can be again as malicious hackers but this time as those who use it for fraudulent and theft purposes in order to gain something out of it and in this instance nearly $4 million.

Viruses and Trojans

A virus is a computer program that is able to copy itself and infect a user’s computer without the user’s permission. That has been illegally introduced. Viruses can spread from one computer to another when information from the infected computer is taken to an uninfected computer. This can be done through the internet via downloads and emails, or even by carrying it on a removable hard-drive tool such as a floppy disk, CD or USB drive. Viruses can also be spread form one computer to another by infecting files on a network file system that can be accessed by another computer. This may take place through an organisation where all their computers work on the same business network.

Trojans are malicious software. These programs devised by professional hackers to detect activity on PC allowing the hacker to assume the user's identity. This is done because they carry codes that are not acknowledged for the purposed stated. Hackers are then able to run programs on the user’s computer without them knowing.

Phishing

Phishing is viewed as a form of social engineering. It is characterised by a persons attempt to fraudulently acquire sensitive information. This can include passwords and credit card details, and is done by a malicious person masking themselves as a trustworthy person or business that is seemed to be an official electronic communication. This is more often than not done through spoof emails. The fraudulent, provides an email or emails that contain familiar logos and appear to either report a technical fault or a new option that has become available, which requires you to enter your username and password. In some circumstances they may threaten you, by suggesting if you do not provide your information you will not be able to gain access to your account. This will then more than likely give enough evidence for the user to type in their user name and password, this will then get sent to the fraudulent. Meaning that they have now got your confidential information and subsequently means that they are know are able to steal your identity and your personal data such as the users’ card details and address.

Denial of Services (DoS)

A Denial of Service or DoS is a type of attack on a  that is designed to bring the network down by surging it with useless . This is so the computer then becomes unavailable for the user. Most attacks target big, high profiled web servers so that they then become unavailable on the Internet. DoS attacks are a registered computer crime that violates the  as indicated by the  (IAB). They are said to have two general forms:

• Force the victim computer(s) to reset or consume its resources such that it can no longer provide its intended service.
• Obstruct the communication media between the intended users and the victim so that they can no longer communicate adequately.

However, a DoS attack may not be the main element in a service attack. They may be used as a component, though it may be a large part of the attack.

On February 7th 2000 a hacker named ‘Mafia boy’ shut down the Yahoo website for 3 hours. This was the start of a wave of DoS attacks and continued on February 8th when Amazon, Buy.com, EBay and CNN.com were also shut down, and the following day, February 9th E*Trade and ZDNet were also shut down. All of this websites lost a huge amount of hits ranging from Yahoo loosing 2,221,350 to ZDNet losing 19,600. It also cost the companies to loose a market share of up to 7.8%, all due to this hacker flooding their web servers.

Operating System Problems

Operating systems can also contain potential threats to security. Threats to information security arise from three different types of behaviour. Information security can often be violated due to the carelessness of the authorized users of the system. If users are careless with their password, for instance, no other security mechanisms can prevent unauthorized access to your account and data. Many security problems can also be caused by browsers, authorized users of the system exploring the system looking for carelessly protected data. Furthermore, penetration represents deliberate attacks upon the system. An individual trying to penetrate the system will study it for security vulnerabilities and deliberately plan attacks designed to exploit those weaknesses. In order to try and minimise risks from these problems it is firstly suggested that a secure reliable and up-to-date system backup is installed. This is because with a good system backup, you can recover from any system problems with minimal loss. Another measure that can be taken is for unattended terminals to by automatically logged out after a certain period of time. This would minimise the risk of someone logging on and obtaining confidential information.

Public Computers

Public computers such as those located in libraries, are normally caused unintentionally by curious and persistent users—and sometimes intentionally by knowledgeable and malicious hackers. These threats are made more possible by software that has been installed improperly, software code that has inherent flaws, or insecure procedures. There are a numerous variety of threats that these public computers can become venerable to:

• Probes and Scans - This is when attempts are made to gain access or to discover information about remote computers. This is generally done by scanning listening ports.
• Account Compromise – This is when the hacker discovers user’s accounts and their passwords. It then allows an unauthorized user to gain access to all resources for which that user account is authorized.
• Packet Sniffer – This is the process of trying to capture data that is sent across a network from information packets; the data can contain sensitive information like passwords but normally only if the packet has been encrypted.

Wireless Networks

Wireless networks have the potential to make enterprise networking much more efficient and cost effective. It is much easier to set a user up with a wireless network connection than to run Ethernet cabling from the nearest switch, through the walls and install a network jack at their desk. Wireless networks also help resolve the fairly ubiquitous problem of having too few network connections in conference rooms, and the fact that the conference room network connections are always at the least functional location possible. However, wired network access can be controlled because the data is contained within the cabling that connects the computer to the switch. With a wireless network, the “cabling” between the computer and the switch is called “air”, which any device within range can potentially access. If a user can connect with a wireless access point from 300 feet away, then in theory anyone within that radius can also connect to the same wireless connection point.

Aside from the threat of unauthorized users accessing your network and eaves-dropping your internal network communications by connecting with your wireless LAN (WLAN), there are a variety of threats posed by insecure or improperly secured WLAN’s. Here is a brief list with descriptions of some of the primary threats:

• Rogue WLAN’s – Whether the user has an officially sanctioned wireless network or not, wireless routers are relatively inexpensive, and ambitious users may plug unauthorized equipment into the network. These rogue wireless networks may be insecure or improperly secured and pose a risk to the network at large.
• Spoofing Internal Communications – An attack from outside of the network can usually be identified as such. If an attacker can connect with your WLAN, they can spoof communications that appear to come from internal domains. Users are much more likely to trust and act on spoofed internal communications.
• Theft of Network Resources – Even if an intruder does not attack your computers or compromise your data, they may connect to your WLAN and hijack your network bandwidth to surf the Web. They can leverage the higher bandwidth found on most enterprise networks to download music and video clips, using your precious network resources and impacting network performance for your legitimate users.

There a many security measures that could be taken in order to try and obtain a safer and secure wireless network. This can either be done be introducing a LAN segmentation, it is used by many organizations to break the network down into smaller, more manageable compartments. On the other hand, the user could set up a firewall, or router ACL (access control lists), which allows you to restrict communications between the WLAN and the rest of the network.

PROTECTIVE MEASURES

Protective measure could be taken by businesses or organisations in order to try and minimize threats for the hackers stealing or destroying sensitive or confidential data.

Risk Assessment

This would be a great protective measure for an organisation to do. This is because it is a small examination of any hazards or threats the business could face or be at risk to. There is a simple five step approach into accessing your business’ risks.

1. Identify the hazards
2. Decide who might be harmed and how
3. Evaluate the risks and decide on precautions/controls
4. Implement the controls and record your findings and actions
5. Review your assessments regularly or when there is a significant change in the risk and update as necessary

This would greatly help provide a business with some protection as it would enable them to either install the correct software to help shield them. It would also enable them to take other measure such as training the staff and continuously reminding them that extreme care and safety precautions need to be taken when using confidential information.

Physical Security

This measure is a simple but effective exercise can help secure the business rather a lot. And if the business’ employees have common sense it should really already be a measure than it taken during the working day. It includes such issues as locking doors when they room is going to be left unattended, log off the computer when you again leave the room and make sure that you take all the safety precautions that are needed and required when dealing with confidential information such as taking your time and double checking over what you are doing or have done before you finally submit it.

User ID and Access Rights

Companies could also install a User ID were the employees have to enter a username and a password in order so they can access the company’s details. The company can also put in place an access control over the amount of things that each employee can reach. This is some what like turning up to a cinema with a ticket to see ‘James Bond’ and you want to see ‘Max Payne’ but you cannot access that film because you have the wrong ticket.

Also by having the user ID the server can then look back and see the login times and the log out times, this may seem a bit extreme but it can help pin point people if a catastrophe happens and some data goes missing. Again by using this procedure the organisation could allow employees to only certain parts of the network, meaning that they are only allowed on items that they need to use for their affairs.

The company could also set up a safety measure that automatically logs the employee off when the computer has been laid idle for a certain amount of time. They could therefore use a time limit, and after this in order for the user to get back on to what they were doing they would have to log back on using their username and password.

Encryption

Encryption is the conversion of data into a form, called a cipher text that cannot be easily understood by unauthorized people. It is a security measure used to protect customer's information when interacting with a web site. It is also used to protect customers passwords held in internal databases, thereby removing the possibility of staff knowing customer's passwords. Decryption is the process of converting encrypted data back into its original form, so it can be understood.

This would be a good measure for any organisation to include in trying to protect classified information because only the people that are either sending or receiving it or dealing with it will known what the information is about and what it describes or says. And because of this a hacker would no be able to understand the documents and be able to maliciously use them in any way.

Secure Electronic Transactions (SET)

Secure Electronic Transaction (SET) is a system for ensuring the security of financial transactions on the Internet. It is supported initially by MasterCard, Visa, Microsoft, Netscape, and other well known trademarks. With SET, the user is given an electronic wallet or . A transaction is conducted and verified using a combination of digital certificates and s among the purchaser, a merchant, and the purchaser's bank in a way that ensures privacy and confidentiality.

By an organisation using this it would gain a user’s confidence and trust as it contains a certificate which would give them the feeling that the company is secure and trustworthy. Furthermore, if the organisation were to do this it would ensure that confidential details such as bank account numbers and users’ addresses would be kept safe and classified.

Secure Socket Layer (SSL)

A site which bares the Secure Socket Layer icon can also be credited as being incredibly safe, this is due to it have a secure safe connection.

When a user logs on a secure connection is established between the website host system and the users’ computer. This function is called Secure Socket Layer (SSL). This network security method takes care of the encryption of all the information that is sent to the website or received from the website. As soon as a SSL session starts a little padlock will appear either in the bottom right had corner of the status bar of you internet browser or just after the address bar on your internet browser.

You can also click on this padlock icon to see details of the security certificate. The certificate shows that the certificate is issued to and who issued it and when it is valid from and to.

By being issued with and SSL certificate it will again provide information to the users that the company is safe and secure. And for the business’ point of view it will mean that the organisation is safe and secure from such threats and other risks and hazards from hackers trying to corrupt, destroy or pilfer fields maliciously for their own personal gain.

Firewalls

A firewall is an integrated collection of security measures designed to prevent unauthorised electronic access to a networked computer system. It is also a device or set of devices configured to permit, deny, encrypt, decrypt, or proxy all computer traffic between different security domains based upon a set of rules and other criteria.

This would be a good security measure for an organisation to obtain because it would mean that all of these problems and threats get cut out of trying to implant themselves into the company’s computers and servers. Thus, meaning that they are less likely to come under attack from hackers using various procedures an malicious attacks in order to try and gain access, as they are protected and have their data secure.

Virus Protection

This is software that protects computers and servers against the spread of viruses. Again, this would be another safety measure as it would again enable the organisation to become more secure and protected. This is because it would once more mean that they are again protected against spyware or any other malicious activity such as Trojans and harmful viruses that may infect the computer or server system and begin destroying valuable or confidential data.

Secure Payment Systems

This would include registering with such organisations such as Pay Pal. Websites like this enable and help businesses and customers to send and receive payments by using this site as a sort of ‘middle man’. Meaning, that neither party has to worry about the financial burden and pressure of wondering whether the money has be sent or again received. Pay Pal is a registered SSL site and therefore shows it is a safe and secure transactional site. If the organisation was to register with this company it and add this as a safety measure it would mean that financial information such as billing addresses and bank account details would be safe and secure from both internal and external threats.

LEGISLATION

You should also mention the various laws passed to protect customer data e.g., and . Include a description of each law and a conclusion as to its effectiveness.  

EVALUATION

Finally you should include an overall conclusion into the effectiveness of the measures taken.  For full marks you must have produced a clear and balanced assessment, weighing-up the threats on the one hand against the measures/legislation on the other and reaching an informed conclusion about the risks.

BIBLIOGRAPHY

•  

•  
• http://www.theregister.co.uk/2007/07/04/fidelity_employee_steals_records/
•  
•  
• http://www.theregister.co.uk/2005/07/27/mckinnon_extradition_hearing_begins/
•  
•  
•  
•  
•  
•  
• http://en.wikipedia.org/wiki/Firewall_(networking)