1 / 26

E-Business Threats

Table of Contents. IntroductionHacker AttacksMal-wareVirusesSpy-wareWormsManagerial Implications. Hacking Defined. ?Gaining unauthorized access to a computer system", other definitions exist but this is one that best describes the threat as far as an organization such as an E-Business is co

studs
Télécharger la présentation

E-Business Threats

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. E-Business Threats Seminar in E-Commerce 5233 For: Dr. Serenko By: Mike Barney Brendon Johnson

    2. Table of Contents Introduction Hacker Attacks Mal-ware Viruses Spy-ware Worms Managerial Implications

    3. Hacking Defined “Gaining unauthorized access to a computer system”, other definitions exist but this is one that best describes the threat as far as an organization such as an E-Business is concerned Access is gained by exploiting vulnerabilities in software, hardware and members of the organization

    4. Stages of a Typical Hack Attempt 1) Target Identification 2) Service Identification 3) Vulnerability Research 4) Execution and Action 5) Cleanup

    5. Target Identification Random (Ex.1 Random FTP Server) or War-dialing (outdated) Location Specific (Ex.2 Registration List) Specific Machine: DNS Lookup

    6. Service Identification Applications that listen on open ports Ie; HTTP, FTP, Telnet, SSH, IRCd Ex. 3 My PC’s current TCP/IP Network Connections Ex. 4 Screenshot of google.ca Portscan (with nmap)

    7. Vulnerability Research Attackers may test for weaknesses in the service by using the source code and binaries of the same version as on the victim machine on their own hardware Public Exploit Databases, Ex. http://msgs.securepoint.com/bugtraq/ Purchase 0-Day Exploits, Ex. http://it.slashdot.org/it/06/02/02/215210.shtml

    8. Execution and Action Vulnerable service is exploited which results in the attacker escalating his privileges on the system (ie; to get r/w access to system resources) May result in stolen customer information, defaced website http://www.zone-h.org/en/defacements, arbitrary system changes, XDCC service spawn (Ex. 5), etc.

    9. Cleanup Log wiping/deletion The attacker usually takes precautions through the entire process, not just in the cleanup stage (ie; daisy-chaining and war-driving)

    10. E-Businesses Best Defense Strong passwords Updated software (Check vendor patches and vulnerability/exploit databases) Firewalls & IDS Systems Frequent System Backups

    11. Mal-ware (Malicious) Defined as: Software designed to infiltrate or damage a computer system, without the owner's consent. The term describes the intent of the creator, rather than any particular features. (wikipedia.com3) Can include viruses, worms, spy-ware, ad-ware, trojans, etc.

    12. How Do They Work? Viruses are programs that are programmed to infect your local computer. Capable of self-replicating within one hard drive often targeting various systems and files This could cause slow downs of performance They can be spread a variety of ways (i.e. e-mail, downloads, etc.) Can have severe consequences for business Not as popular as once was?

    13. Viruses Viruses were coined in 1983 by Fred Cohen (cbs.com) In 1987 the Brain was released and is credited as being the first virus Norton Anti virus is released in 1991 Polymorphic viruses are also released Windows is released in 1995 but was still susceptible to viruses

    14. Famous Viruses & Worms The infamous Melissa virus is unleashed - 1999 I Love you virus released and causes over 8 billion dollars in damage - 2000 Man is charged but escapes from lack of laws in Philippines Anna Kournikova virus uses Outlook addresses to spread – 2001 Nimda worm attacks shortly after 9/11 – 2001 Perrun is launched, able to spread through picture files - 2002

    15. Viruses - Now Viruses seem to have decreased in the last six months according to Symantic Canada (in favour of personal info theft) Industry experts believe that a shift has taken place in the creation of virus attacks - with less desire for headlines and a greater desire for fraudulently acquired information.

    16. Impacts of Viruses Virus can slow down efficiency and lead to decrease in productivity Information loss is viable threat if infected Cost of repairing compromised systems can be prohibitive

    17. Virus Proof Install anti-virus software and keep it updated Training for employees Reduce accessible files Backup important files and increase security around key “weak spots” Use your brain!

    18. Spy-ware Spy-ware: “refers to a broad category of malicious software designed to intercept or take partial control of a computer's operation without the informed consent of that machine's owner or legitimate user.” (wikipedia.com) Requires installation by user (agreement waivers) Began with peer-to-peer sharing of files such as music downloads i.e. freeware Capable of transmitting back user information to programmer Can send valuable market data to creator

    19. Consequences of Spy-ware Significantly impact the confidentiality of business information stored on client user workstations Privacy of individuals using these workstations E-Commerce business models (ability to disrupt applications) Security suspicions and fears may reduce traffic Reduce bandwidth therefore affecting performance

    20. Protection against Spy-ware Install spy-ware remover and keep it updated (i.e. McAfee VirusScan, Norton Anti-Virus, etc) Use caution when downloading Carefully read all user agreements Links can also install spy-ware when clicked Keep up to date with latest trends and information about spy-ware Consistently scan your computer for suspicious activity Use your brain!

    21. Ad-ware Ad-ware: software that displays advertisements on your computer. These are ads that inexplicably pop up on your display screen, even if you're not browsing the Internet. (microsoft.com) frequently refers to any software which displays advertisements, whether or not it does so with the user's consent. (wikipedia.com)

    22. What does it do? Unsolicited pop-up advertisements Can change your browser settings without users permission Could negatively affect performance May cause economic damage by over-riding paid advertisements currently on the web Will send you to sites developed by creators Irritating and frustrating

    23. Worms “A worm is a virus that does not infect other programs. It makes copies of itself, and infects additional computers (typically by making use of network connections) but does not attach itself to additional programs; however a worm might alter, install, or destroy files and programs.” www.unitedyellowpages.com/internet/terminology.html They spread by exploiting vulnerabilities in software like hackers do except in an autonomous fashion Hit-list scanning, permutation scanning, internet-scale hit list, etc. propagation mechanisms

    24. A Lesson from the Code Red Worm Hourly probe rate data for inbound port 80 at the Chemical Abstracts Service during the initial outbreak of Code Red I on July 19th, 2001 (Staniford et al, 2002) Scanning for suitable hosts vulnerable to buffer overflow in Microsoft's IIS Web server (CVE-2001-0500 ) using localized scanning

    25. Managerial Implications Mal-ware’s impact on information security was ranked #3 in study conducted in 2004; user awareness & training was #2 (www.ic2.org) This report identified 4 major constructs to increasing security effectiveness: User Training Security Culture Policy Relevance Policy Enforcement

    26. References Forte, Dario, Spyware: more than a costly annoyance, Network Security Volume: 2005, Issue: 12, December, 2005, pp. 8-10 Shaw, Geoff, Spyware & Adware: the Risks facing Businesses, Network Security Volume: 2003, Issue: 9, September, 2003, pp. 12-14 Put spyware on the security, The Computer Bulletin Volume: 47, Issue: 1, January 1, 2005, pp. 18-19 Simon Avery, Viruses declines as hackers targets PC users for money, theglobeandmail.com., Originally posted March 7, 2006 http://www.theglobeandmail.com/servlet/story/LAC.20060307.RSECURITY07/TPStory/Business - accessed March 7, 2006 Kim Zetter, Viruses: The Next Generation, PC World, December 2000, re-run March 2006. http://www.pcworld.com/reviews/article/0,aid,32802,pg,7,00.asp (accessed March 6, 2006) CBSnews.com, ttp://www.cbsnews.com/htdocs/cyber_crime/timeline.html (accessed March 6, 2006) http://en.wikipedia.org/wiki/Malware (accessed March 06, 2006) http://en.wikipedia.org/wiki/Spyware (accessed March 06, 2006)

    27. References Cont. Brian Krebs (compiled)., A Short History of Computer Viruses and Attacks, washingtonpost.com, February 14, 2003. http://www.washingtonpost.com/wp-dyn/articles/A50636-2002Jun26_3.html (accessed March 7, 2006) Jerry Honeycutt., How to Protect Your Computer from Spyware and Adware Microsoft.com., Published: April 20, 2004 http://www.microsoft.com/windowsxp/using/security/expert/honeycutt_spyware.mspx (accessed march 08, 2006) Kenneth J. Knapp, PhD, et el. Managerial Dimensions in Information Security:A Theoretical Model of Organizational Effectiveness, (ISC)2 Inc.Palm Harbor, Florida, USA & Management Information Systems Department College of Business., Auburn University, Alabama, USA - October 15, 2005 https://www.isc2.org/download/auburn_report2005.pdf - (accessed March 08, 2006) Turban, Efraim, et al, Electronic Commerce - A Managerial Perspective 2006, Pearson Education Inc, 2006. Upper Saddle River, New Jersey 07458

More Related