ZeePedia

Physical vs. Logical access, Viruses, Sources of Transmissions, Technical controls

<< Control Adjustment: cost effective Security, Roles & Responsibility, Report Preparation
Antivirus software: Scanners, Active monitors, Behavior blockers, Logical intrusion, Best Password practices, Firewall >>
img
VU
Information System (CS507)
LESSON 32
Unauthorized intrusion
Intrusion can be both either physical or logical. In physical intrusion, the intruder physically could
enter an organization to steal information system assets or carry out sabotage. For example the
Intruder might try to remove hard disks. In case of logical intrusion, the intruder might be trying to
have an unauthorized access to the system. The purpose could be damaging or stealing data,
installation of bug or wire tapping -- Spying on communication within the organization.
32.1  Physical Access Vs. Logical access
In computer security, being able to physically touch and interact with the computers and
network devices amounts to physical access. It lets someone insert a boot disk in the machine
and bypass normal operating system controls. Physical access enables people to install
unauthorized snooping equipment such as keystroke loggers. However, interact with data
through access control procedures such as identification, authentication and authorization.
Logical Threat
This refers to damage caused to the software and data without any physical damage to the
computers. Consequently there can be a situation where the damage of data or software may
render the hardware itself unusable. For example the virus or bug being installed to corrupt data
or software might create BAD SECTORS on the hard drive, leading to its preferable removal
from the computer.
Examples of logical Threat
Payroll data or details of draft corporate budget may be perceived as highly sensitive and
unauthorized access to it may be considered as a logical threat. A person tapping the
communication line to have a sniff-around on the organization's communications being
transferred through the communication line.
32.2  Viruses
It is Software used to infect a computer. After the virus code is written, it is buried within an
existing program. Once that program is executed, the virus code is activated and attaches copies
of itself to other programs in the system. Infected programs copy the virus to other programs.
It may be benign (gentle) or have a negative effect, such as causing a program to operate
incorrectly or corrupting a computer's memory. The term virus is a generic term applied to a
variety of malicious computer programs that send out requests to the operating system of the
host system under attack to append the virus to other programs.
Attacking Targets
Generally, viruses attack four parts of the computer.
·
Executable program files
·
The file-directory system, which tracks the location of all the computers files
·
Boot and system areas, which are needed to start the computer
·
Data files
Viruses vs. Worms
139
img
VU
Information System (CS507)
A Worm is a program which spreads over network connections. This is unlike a virus and does
not physically attach itself to another program. Worm typically exploits security weaknesses in
operating systems configurations to propagate itself to the host systems.
Virus vs. Bug
Bug is an internal malfunction of the software. It is an unintentional fault in a program. It is an
incorrect functioning of a particular procedure in a program. This is caused by improper
application of programming logic. For example, free trial versions of soft wares are available on
line. these beta versions are not tested fully and often contain bugs that can disrupt the system.
Incorrect definition of a formula or linkage can give incorrect results. Virtually all complex
programs contain virus. Incorrect/ unvalidated / uneditted data entry is not a programming fault
or a bug. The process of removing bugs from a software is termed as debugging. Virus is the
external threat which is not a malfunction of the software. However, a bug in the software can
create a virus.
32.3  Sources of Transmissions
Virus or worms are transmitted easily from the internet by downloading files to computers web
browsers. Other methods of infection occur from files received though online services, computer
bulletin board systems, local area networks. Viruses can be placed in various programs, for instance
1. Free Software ­ software downloaded from the net
2. Pirated software ­ cheaper than original versions
3. Games software ­ wide appeal and high chances
4. Email attachments ­ quick to spread
5. Portable hard and flash drives ­ employees take disks home and may work on their own
personal PC, which have not been cleaned or have suitable anti-viruses installed on them.
32.4  Types of Viruses
Although viruses are of many types, however broad categories have been identified in accordance
with the damage they cause. Some of these categories have been stated below
·
Boot Sector Viruses
·
Overwriting viruses
·
Dropper
·
Trojans
Boot sector Virus
The boot sector is part of computer which helps it to start up. If the boot sector is infected, the
virus can be transferred to the operating system and application software.
Overwriting Viruses
As the name implies, it overwrites every program/software/file it infects with itself. Hence the
infected file no longer functions.
Dropper
A dropper is a program not a virus. It installs a virus on the PC while performing another function.
Trojan horse
140
img
VU
Information System (CS507)
A Trojan horse is a malicious program that is disguised as or embedded within legitimate software.
They may look useful or interesting (or at the very least harmless) to an unsuspecting user, but are
actually harmful when executed. Examples are
·
Logic bomb ­ Trojan horses are triggered on certain event, e.g. when disc clean up reaches a
certain level of percentage
·
Time bomb ­ Trojan horse is triggered on a certain date.
Virus and worm controls
There are two ways to prevent and detect viruses and worms that infect computers and network
systems. One category of controls is called management controls which means by having sound
policies and procedures in place. The other category is called and technical Controls by technical
means, including antivirus software. Both types complement each other and are of little benefit and
effect without the other.
32.5  Management procedural controls
Following are various examples of management and procedural controls.
·
Build any system from original, clean master copies. Boot only from original diskettes whose
write protection has always been in place.
·
USB port enabled devices should not be used until it has been scanned on a stand-alone
machine that is used for no other purpose and is not connected to the network.
·
Antivirus software should update virus definitions frequently.
·
Have vendors run demonstrations on their personal machines.
·
Scan before any new software is installed, as commercial software occasionally is supplied
with a Trojan horse.
·
Insist that field technicians scan their disks on a test machine before they use any of their
disks on the system.
·
Ensure all servers are equipped with an activated current release of the virus-detection
software.
·
Ensure bridge, router and gateway updates are authentic.
·
Exercise an effective back up plan.
·
Educate users so they will heed these policies and procedures. For example many viruses and
worms today are propagated in the form of e-mail attachments.
·
Review antivirus policies and procedures at least once a year.
·
Prepare a virus eradication procedure and identify a contact person.
32.6  Technical controls
Technical methods of preventing viruses can be implemented through software. The following
actions can reduce the risk of infection to hardware and operating systems,
·  Use boot virus protection (i-e., built-in, firmware-based virus protection).
·  Use remote booting, local hard drive of the system is not used for the boot up process. Use
a hardware-based password.
·  Use write-protected tabs on diskettes.
141
img
VU
Information System (CS507)
·
Ensure insecure protocols are blocked by the firewall from external segments and the
internet.
142
Table of Contents:
  1. Need for information, Sources of Information: Primary, Secondary, Tertiary Sources
  2. Data vs. Information, Information Quality Checklist
  3. Size of the Organization and Information Requirements
  4. Hierarchical organization, Organizational Structure, Culture of the Organization
  5. Elements of Environment: Legal, Economic, Social, Technological, Corporate social responsibility, Ethics
  6. Manual Vs Computerised Information Systems, Emerging Digital Firms
  7. Open-Loop System, Closed Loop System, Open Systems, Closed Systems, Level of Planning
  8. Components of a system, Types of Systems, Attributes of an IS/CBIS
  9. Infrastructure: Transaction Processing System, Management Information System
  10. Support Systems: Office Automation Systems, Decision Support Systems, Types of DSS
  11. Data Mart: Online Analytical Processing (OLAP), Types of Models Used in DSS
  12. Organizational Information Systems, Marketing Information Systems, Key CRM Tasks
  13. Manufacturing Information System, Inventory Sub System, Production Sub System, Quality Sub system
  14. Accounting & Financial Information Systems, Human Resource Information Systems
  15. Decision Making: Types of Problems, Type of Decisions
  16. Phases of decision-making: Intelligence Phase, Design Phase, Choice Phase, Implementation Phase
  17. Planning for System Development: Models Used for and Types of System Development Life-Cycle
  18. Project lifecycle vs. SDLC, Costs of Proposed System, Classic lifecycle Model
  19. Entity Relationship Diagram (ERD), Design of the information flow, data base, User Interface
  20. Incremental Model: Evaluation, Incremental vs. Iterative
  21. Spiral Model: Determine Objectives, Alternatives and Constraints, Prototyping
  22. System Analysis: Systems Analyst, System Design, Designing user interface
  23. System Analysis & Design Methods, Structured Analysis and Design, Flow Chart
  24. Symbols used for flow charts: Good Practices, Data Flow Diagram
  25. Rules for DFD’s: Entity Relationship Diagram
  26. Symbols: Object-Orientation, Object Oriented Analysis
  27. Object Oriented Analysis and Design: Object, Classes, Inheritance, Encapsulation, Polymorphism
  28. Critical Success Factors (CSF): CSF vs. Key Performance Indicator, Centralized vs. Distributed Processing
  29. Security of Information System: Security Issues, Objective, Scope, Policy, Program
  30. Threat Identification: Types of Threats, Control Analysis, Impact analysis, Occurrence of threat
  31. Control Adjustment: cost effective Security, Roles & Responsibility, Report Preparation
  32. Physical vs. Logical access, Viruses, Sources of Transmissions, Technical controls
  33. Antivirus software: Scanners, Active monitors, Behavior blockers, Logical intrusion, Best Password practices, Firewall
  34. Types of Controls: Access Controls, Cryptography, Biometrics
  35. Audit trails and logs: Audit trails and types of errors, IS audit, Parameters of IS audit
  36. Risk Management: Phases, focal Point, System Characterization, Vulnerability Assessment
  37. Control Analysis: Likelihood Determination, Impact Analysis, Risk Determination, Results Documentation
  38. Risk Management: Business Continuity Planning, Components, Phases of BCP, Business Impact Analysis (BIA)
  39. Web Security: Passive attacks, Active Attacks, Methods to avoid internet attacks
  40. Internet Security Controls, Firewall Security SystemsIntrusion Detection Systems, Components of IDS, Digital Certificates
  41. Commerce vs. E-Business, Business to Consumer (B2C), Electronic Data Interchange (EDI), E-Government
  42. Supply Chain Management: Integrating systems, Methods, Using SCM Software
  43. Using ERP Software, Evolution of ERP, Business Objectives and IT
  44. ERP & E-commerce, ERP & CRM, ERP– Ownership and sponsor ship
  45. Ethics in IS: Threats to Privacy, Electronic Surveillance, Data Profiling, TRIPS, Workplace Monitoring