8/9/2019 MIS 205 Chapter 8

1/34

Management Information SystemsManagement Information SystemsMANAGING THE DIGITAL FIRM, 12THEDITION

SECRING INFORMATIONS!STEMS

C"a#ter $

8/9/2019 MIS 205 Chapter 8

2/34

Management Information SystemsManagement Information Systems

Fa%e&oo' ( )or*+s *argest so%ia* net)or'

-ro&*em ( I+entity t"eft an+ ma*i%io.s soft)are

E/am#*es0

2009 18-month hacker scam for passwords, resultedin Trojan horse download that stole financial data

Dec 2008 Koobface worm

a! 2010 "pam campai#ned aimed at stealin# lo#ins

I**.strates0 T!pes of securit! attacks facin#

consumers Demonstrates0 &i.ity of "a%'ing, ma*i%io.ssoft)are

!o.re on Fa%e&oo' 3at%" O.t4

CHA-TER $0 SECRING INFORMATION S!STEMS

Prentice Hall 20112

8/9/2019 MIS 205 Chapter 8

3/34

Management Information SystemsManagement Information Systems

Internet 5.*nera&i*ities

Net)or' o#en to anyone

Si6e of Internet means a&.ses %an "a5e

)i+e im#a%t se of fi/e+ Internet a++resses )it"%a&*e or DSL mo+ems %reates fi/e+targets "a%'ers

nen%ry#te+ 7OI-

E8mai*, -2-, IM $nterception %ttachments with malicious software Transmittin# trade secrets

System 7.*nera&i*ity an+ A&.se

CHA-TER $0 SECRING INFORMATION S!STEMS

Prentice Hall 20113

8/9/2019 MIS 205 Chapter 8

4/34

Management Information SystemsManagement Information Systems

3ire*ess se%.rity %"a**enges Ra+io fre.en%y &an+s easy to s%an

SSIDs 9ser5i%e set i+entifiers:

$dentif! access points &roadcast multiple times 3ar +ri5ing

'a(esdroppers dri(e b! buildin#s and tr! to detect""$D and #ain access to network and resources

3E- 93ire+ E.i5a*ent -ri5a%y: "ecurit! standard for 802)11* use is optional +ses shared password for both users and accesspoint

+sers often fail to implement ' or stron#ers!stems

System 7.*nera&i*ity an+ A&.se

CHA-TER $0 SECRING INFORMATION S!STEMS

Prentice Hall 20114

8/9/2019 MIS 205 Chapter 8

5/34

Management Information SystemsManagement Information Systems

Ma*)are 9ma*i%io.s soft)are:

7ir.ses .o#ue software pro#ram that attaches itself

to other software pro#rams or data files inorder to be e/ecuted

3orms $ndependent computer pro#rams that cop!themsel(es from one computer to other

computers o(er a network) Tro;an "orses

"oftware pro#ram that appears to be beni#nbut then does somethin# other than e/pected)

System 7.*nera&i*ity an+ A&.se

CHA-TER $0 SECRING INFORMATION S!STEMS

Prentice Hall 20115

8/9/2019 MIS 205 Chapter 8

6/34

Management Information SystemsManagement Information Systems

Prentice Hall 20116

8/9/2019 MIS 205 Chapter 8

7/34

Management Information SystemsManagement Information Systems

Ma*)are 9%ont

8/9/2019 MIS 205 Chapter 8

8/34

8/9/2019 MIS 205 Chapter 8

9/34

Management Information SystemsManagement Information Systems

S#oofing Re+ire%ting 3e& *in' to a++ress+ifferent from inten+e+ one, )it"

site mas.era+ing as inten+e++estination

Sniffer Ea5es+ro##ing #rogram t"at monitors

information tra5e*ing o5er net)or' Ena&*es "a%'ers to stea* #ro#rietaryinformation s.%" as e8mai*, %om#anyfi*es, et%LIC =E! ENCR!-TION

CHA-TER $0 SECRING INFORMATION S!STEMS

Prentice Hall 201133

8/9/2019 MIS 205 Chapter 8

34/34

ublic Ke! 'ncr!ption

T)o =eys ublic ke!? an 'ncr!pt onl!) %(ailableonline or pro(ided to the sender)

ri(ate@"ecret ke!? an Decr!pt onl!)

'/clusi(el! a(ailable to recei(er

-ro%ess

1) "ender encr!pts data usin# ublic

ke! and sends to recei(er 2) .ecei(er decr!pts data usin#ri(ate@"ecret ke!

Prentice Hall 2011 34