ZeePedia buy college essays online


Information Systems

<<< Previous Internet Security Controls, Firewall Security SystemsIntrusion Detection Systems, Components of IDS, Digital Certificates Next >>>
 
img
VU
Information System (CS507)
LESSON 40
Factors Encouraging Internet Attacks
Generally, Internet attacks of both a passive and active nature occur for a number of reasons,
including availability of tools and techniques on the Internet or as commercially available software
that an intruder can download easily. For example, to scan ports, an intruder can easily obtain
network scanners, various password cracking programs are available free or at a minimal cost. Lack
of security awareness and training among an organization's employees. No matter how perfect a
system is made by removing all possible vulnerabilities, there are still chances that weaknesses exist
and the system can be intruded at any given time. Inadequate security over firewalls and operating
systems may allow intruders to view internal addresses and use network services indiscriminately.
40.1  Internet Security Controls
Information Systems can be made secure from the threats discussed last slides. There is not a
single control available to cater for the risk of vulnerabilities associated with web (Internet). Some
of the solutions are:
 Firewall Security Systems
 Intrusion Detection Systems
 Encryption
40.2  Firewall Security Systems
Every time a corporation connects its internal computer network to the Internet if faces potential
danger. Because of the Internet's openness, every corporate network connected to it is vulnerable
to attack. Hackers on the Internet could break into the corporate network and do harm in a
number of ways: steal or damage important data, damage individual computers or the entire
network, use the corporate computer's resources, or use the corporate network and resources as a
way of posing as a corporate employee. Companies should build firewalls as one means of
perimeter security for their networks. Likewise, this same principle holds true for very sensitive or
critical systems that need to be protected from entrusted users inside the corporate network.
Firewalls are defined as a device installed at the point where network connections enter a site; they
apply rules to control the type of networking traffic flowing in and out. The purpose is to protect
the Web server by controlling all traffic between the Internet and the Web server.
To be effective, firewalls should allow individual on the corporate network to access the Internet
and at the same time, stop hackers or others on the Internet from gaining access to the corporate
network to cause damage. Generally, most organizations can follow any of the two philosophies
 Deny-all philosophy -- which means that access to a given recourses will be denied unless
a user can provide a specific business reason or need for access to the information
resource.
 Accept All Philosophy -- under which everyone is allowed access unless someone can
provide a reason for denying access.
System reports may also be generated to see who attempted to attack to system and tried to enter
the firewall from remote locations.
167
img
VU
Information System (CS507)
Firewalls are hardware and software combinations that are built using routers, servers and variety
of software. They should control the most vulnerable point between a corporate network and the
Internet, and they can be as simple or complex as the corporate security policy demands. There are
many types of firewalls, but most enable organization to:
 Block access to an organization sites on the Internet
 Limit traffic on an organization's public services segment to relevant addresses.
 Prevent certain users from accessing certain servers or services.
 Monitor communications between an internal and an external network
 Monitor and record all communications between an internal and the outside world to
investigate network penetrations or detect internal subversion.
 Encrypt packets of data that are sent between different physical locations within an
organization by creating a VPN over the Internet.
Firewalls encrypt packets that are sent between different physical locations within an organization
by creating a VPN over the Internet. The capabilities of some firewalls can be extended so that
they can also provide for protection against viruses and attacks directed to exploit known operating
system vulnerabilities. Remote Location server protected by fire walls and IDS further
complemented by IPS (Intrusion Prevention system) ­ Defining Specific ranges of IP addresses
that may access the location with defined rights.
40.3  Intrusion Detection Systems (IDS)
Another element to securing networks is an intrusion detection system (IDS). IDS is used in
complement to firewalls. An IDS works in conjunction with routers and firewalls by monitoring
network usage anomalies. It protects a company's information systems resources from external as
well as internal misuse.
Types of IDS includes:
 Signature-based: These IDS systems protect against detected intrusion patterns. The
intrusive patterns they can identify are stored in the form of signatures.
 Statistical-based: These systems need a comprehensive definition of the known and
expected behaviour of systems.
 Neural networks: An IDS with this feature monitors the general patterns of activity and
traffic on the network and creates a database.
Signature-based IDSs will not be able to detect all types of intrusions due to the limitations of
detection rules. On the other hand, statistical-based systems may report many events outside of the
defined normal activity but which are normal activities on the network. A combination of
signature- and statistical ­based models provides better protection. IDS is used as part of the
network. It may be used in the form of hardware and software or a software may only be installed
on the server. An IDS is located in between firewall and corporate network and works in
compliment with the firewall. However it can also be installed before the fire wall. IDS helps to
detect both on-site unauthorized access through network based IDS, and remote unauthorized
access through the use of host based IDS Biometrics may also be used However biometrics helps
to prevent only on site illegal access. A log can be maintained in an IDS to detect and observe
attempts of intrusions made and those successful. IDS is more concerned with recording and
detecting intrusions. For blocking intrusions, an other system called Intrusion Prevention System
(IPS) is used which takes input from IDS. IDS reports the IP addresses that are attacking the
168
img
VU
Information System (CS507)
organizational network.
40.4  Components of an IDS
An IDS comprise of following components:
 Sensors that are responsible for collecting data. The data can be in the form of network
packets, log files, system call, traces, etc.
 Analyzers that receive input from sensors and determine intrusive activity
 An administrative console ­ it contains intrusion definitions applied by the analyzers.
 A user interface
Host-based IDS
The HIDS reside on a particular computer and provide protection for a specific computer system.
They are not only equipped with system monitoring facilities but also include other modules of a
typical IDS, for example the response module HIDS can work in various forms.
1. Systems that monitor incoming connection attempts. These examine host-based incoming
and outgoing network connections. These are particularly related to the unauthorized
connection attempts to various protocols used for network communication such as
TCP (Transmission Control Protocol) or
UDP (User Datagram Protocol) ports and can also detect incoming portscans.
2. Systems that examine network traffic that attempts to access the host. These systems
protect the host by intercepting suspicious packets and scanning them to discourage
intrusion.
Network Traffic ­ data travel in the form of packets on network
Packet ­ a specific amount of data sent at a time
Network Based IDS
The network-based type of IDS (NIDS) produces data about local network usage. The NIDS
reassemble and analyze all network packets that reach the network interface card. For example,
while monitoring traffic, The NIDS's capture all packets that they see on the network segment
without analyzing them and just focusing on creating network traffic statistics. Honeynet (s) ­ does
not allow the intruder to access actual data but leaves the intruder in a controlled environment
which is constantly monitored. Monitoring provides information regarding the approach of the
intruder.
Components of IDS
An IDS comprises on the following:
 Sensors that are responsible for collecting data. The data can be in the form of network
packets, log files, system call traces, etc.
 Analyzers that receive input from sensors and determines intrusive activity.
 An administration console
 A user interface.
Features of IDS
The features available in an IDS includes:
 Intrusion Detections
 Gathering evidence on intrusive activity
 Automated response (i.e. termination of connection, alarm messaging)
169
img
VU
Information System (CS507)
Security policy
Interface with system tools
Security policy management
Limitations of IDS
An IDS can not help with the following weaknesses :
 Incorrectness or scope limitation in the manner threats are defined
 Application-level vulnerabilities
 Backdoors into application
 Weakness in identification and authentication schemes
40.5  Web Server Logs
The major purpose of enhancing web security is to protect web server from attacks through the
use of internet. While doing that Logging is the principal component of secure administration of a
Web server. Logging the appropriate data and then monitoring and analyzing those logs are critical
activities. Review of Web server logs is effective, particularly for encrypted traffic, where network
monitoring is far less effective. Review of logs is a mundane activity that many Web administrators
have a difficult time fitting into their hectic schedules. This is unfortunate as log files are often the
best and/or only record of suspicious behavior. Failure to enable the mechanisms to record this
information and use them to initiate alert mechanisms will greatly weaken or eliminate the ability to
detect and assess intrusion attempts.
Similar problems can result if necessary procedures and tools are not in place to process and
analyze the log files. System and network logs can alert the Web administrator that a suspicious
event has occurred and requires further investigation. Web server software can provide additional
log data relevant to Web-specific events. If the Web administrator does not take advantage of these
capabilities, Web-relevant log data may not be visible or may require a significant effort to access.
Web Trust
Under the web trust approach, a WebTrust Seal of assurance is placed on the site to show potential
customers that a CPA or CA has evaluated the website's business practices and controls. The
purpose is to determine whether they are in conformity with the Web Trust Principles. The
WebTrust Principles and Criteria are intended to address user needs and concerns and are designed
to benefit users and providers of electronic commerce services. Your input is not only welcome, it
is essential to help ensure that these principles and their supporting criteria are kept up-to-date and
remain responsive to marketplace needs. Web trust principals broadly cover following aspects:
1. Business Practices Disclosures ­ The entity discloses how it does business with its electronic
commerce.
2. Transaction integrity ­ the website operator maintains effective controls and practices to
ensure that customer's orders placed using electronic commerce are completed and billed as
agreed.
3. Information protection ­ the entity maintains effective controls and practices to ensure that
private customer information is protected from uses not related to entity business.
40.6  Web Security audits
Going online exposes an entity to more hazards than otherwise. This requires implementation of
170
img
VU
Information System (CS507)
effective controls and checks to secure both the company's online data from undesired
manipulation, and the customer's information and orders. The organization may hire an audit firm
to offer these services and check the integrity of the website. Web audits help in gaining a web
rating which enhances the credibility of the audits. There are different levels of audits, tailored to
your needs and your budget. Among the issues we can carefully review on your site, resulting in a
detailed report with recommendations:
 performance, page load time
 graphics optimization
 navigation usability, consistency
 browser compatibility
 content formatting consistency
 accessibility compliance with ADA guidelines and Section 508 Standards
 broken links
 page errors, script errors
 search engine ranking
 interface layout
40.7
Digital Certificates
The digital equivalent of an ID card is also called "digital IDs," digital certificates are issued
by a trusted third party known as a "certification authority" (CA) such as VeriSign and
Thawte.
For example, CBR requires a NIFT class 2 digital certificate in order to facilitate filing
return electronically
NIFT itself is an affiliate of Verisign Inc. working as certification authority in pakistan.
The certificate is valid for one year.
The certificate is attached to email every time a message is attached and sent to recipient.
The CA verifies that a public key belongs to a specific company or individual (the
"subject"), and the validation process it goes through to determine if the subject is who it
claims to be depends on the level of certification and the CA itself.
The process of verifying the "signed certificate" is done by the recipient's software, which is
typically the Web browser. The browser maintains an internal list of popular CA's and their public
keys and uses the appropriate public key to decrypt the signature back into the digest. It then
recomputes its own digest from the plain text in the certificate and compares the two. If both
digests match, the integrity of the certificate is verified. Companies like VeriSign and thawte
provide a variety of security and telecom services like digital certificates.
171
Table of Contents:
  1. Need for information, Sources of Information: Primary, Secondary, Tertiary Sources
  2. Data vs. Information, Information Quality Checklist
  3. Size of the Organization and Information Requirements
  4. Hierarchical organization, Organizational Structure, Culture of the Organization
  5. Elements of Environment: Legal, Economic, Social, Technological, Corporate social responsibility, Ethics
  6. Manual Vs Computerised Information Systems, Emerging Digital Firms
  7. Open-Loop System, Closed Loop System, Open Systems, Closed Systems, Level of Planning
  8. Components of a system, Types of Systems, Attributes of an IS/CBIS
  9. Infrastructure: Transaction Processing System, Management Information System
  10. Support Systems: Office Automation Systems, Decision Support Systems, Types of DSS
  11. Data Mart: Online Analytical Processing (OLAP), Types of Models Used in DSS
  12. Organizational Information Systems, Marketing Information Systems, Key CRM Tasks
  13. Manufacturing Information System, Inventory Sub System, Production Sub System, Quality Sub system
  14. Accounting & Financial Information Systems, Human Resource Information Systems
  15. Decision Making: Types of Problems, Type of Decisions
  16. Phases of decision-making: Intelligence Phase, Design Phase, Choice Phase, Implementation Phase
  17. Planning for System Development: Models Used for and Types of System Development Life-Cycle
  18. Project lifecycle vs. SDLC, Costs of Proposed System, Classic lifecycle Model
  19. Entity Relationship Diagram (ERD), Design of the information flow, data base, User Interface
  20. Incremental Model: Evaluation, Incremental vs. Iterative
  21. Spiral Model: Determine Objectives, Alternatives and Constraints, Prototyping
  22. System Analysis: Systems Analyst, System Design, Designing user interface
  23. System Analysis & Design Methods, Structured Analysis and Design, Flow Chart
  24. Symbols used for flow charts: Good Practices, Data Flow Diagram
  25. Rules for DFDs: Entity Relationship Diagram
  26. Symbols: Object-Orientation, Object Oriented Analysis
  27. Object Oriented Analysis and Design: Object, Classes, Inheritance, Encapsulation, Polymorphism
  28. Critical Success Factors (CSF): CSF vs. Key Performance Indicator, Centralized vs. Distributed Processing
  29. Security of Information System: Security Issues, Objective, Scope, Policy, Program
  30. Threat Identification: Types of Threats, Control Analysis, Impact analysis, Occurrence of threat
  31. Control Adjustment: cost effective Security, Roles & Responsibility, Report Preparation
  32. Physical vs. Logical access, Viruses, Sources of Transmissions, Technical controls
  33. Antivirus software: Scanners, Active monitors, Behavior blockers, Logical intrusion, Best Password practices, Firewall
  34. Types of Controls: Access Controls, Cryptography, Biometrics
  35. Audit trails and logs: Audit trails and types of errors, IS audit, Parameters of IS audit
  36. Risk Management: Phases, focal Point, System Characterization, Vulnerability Assessment
  37. Control Analysis: Likelihood Determination, Impact Analysis, Risk Determination, Results Documentation
  38. Risk Management: Business Continuity Planning, Components, Phases of BCP, Business Impact Analysis (BIA)
  39. Web Security: Passive attacks, Active Attacks, Methods to avoid internet attacks
  40. Internet Security Controls, Firewall Security SystemsIntrusion Detection Systems, Components of IDS, Digital Certificates
  41. Commerce vs. E-Business, Business to Consumer (B2C), Electronic Data Interchange (EDI), E-Government
  42. Supply Chain Management: Integrating systems, Methods, Using SCM Software
  43. Using ERP Software, Evolution of ERP, Business Objectives and IT
  44. ERP & E-commerce, ERP & CRM, ERP Ownership and sponsor ship
  45. Ethics in IS: Threats to Privacy, Electronic Surveillance, Data Profiling, TRIPS, Workplace Monitoring