what is risk online operation: massive movement of operation to the internet has attracted hackers...
TRANSCRIPT
What is risk online operation:
massive movement of operation to the internet has attracted hackers who try to interrupt such operation daily.
To unauthorized access, data theft ,and defacing of web pages
There has been a surge in denial of service attacks hijacking of computers.
Risks to Information System Risks to application and data
1. Theft of information
2. Data alteration, data destruction, and defacement
3. Computer viruses and logic bombs
4. No malicious misshapes
Risks to Information System
Risks to Online Operations
Many hackers try daily to interrupt online businesses
Types of attacks include: Unauthorized access Data theft Defacing of Web pages Denial of service Hijacking
Risks to online operation Denial of Service (DoS)
Too many requests are received to log on to a Web site’s pages
If perpetrated from multiple computers it is called distributed denial of service (DDoS)
Spoofing Deception of users to make them think they are
logged on at one site while they actually are on another
Risks to data and applications theft of data: may be for identity theft, corporate espionage, etc.
identity theft: using another person's credentials social engineering: using human weaknesses to gain access to
confidential information keystroke logging: intercepts keystrokes and either stores them or
sends them someplace on the Internet (very useful for stealing usernames, passwords, account information, etc.)
phishing: fraudulent messages (typically emails) which lure recipients into going to a fake website to try to get them to enter confidential information
pharming: replacing a real website with an impostor to try to get people to enter confidential information
data alteration: sometimes hard to notice. but can be very damaging
data destruction: usually very noticeable, and can be alleviated somewhat by having good backup procedures in place
web defacement: basically vandalism, similar to graffiti, but can cost businesses a lot in lost revenue
tarpit: a host on the network designed to expect attacks and respond very slowly, allowing the attacker to not get much done and spend enough time on the machine to be tracked
honey pot: a host on the network designed to lure attackers in so waiting monitors can attempt to track the attacker
honey token: a piece of data which is extremely unlikely to be accessed legitimately, but which an attacker is likely to access; it has special monitoring to immediately alert system administrators when it is accessed with information about where the access request originated
virus: software designed to spread from one computer to another based on something a user does, such as open a file
worm: software that can spread itself through a network without human intervention
Trojan horse: a malicious program disguised as a potentially helpful or useful program; the program may even appear to be carrying out useful tasks while the malicious part of the code silently carries out its tasks or waits for the right time to spring into action; Trojans are a form of virus
logic bomb: a program where malicious code lies dormant waiting for a specific time or set of conditions to become active and cause damage
DoS (denial of service): prevents the use of online resources; often done by flooding servers with so many requests that the servers can't handle legitimate traffic; can also be done by locking out access to a server or application
DDoS(distributed denial of service): a DoS attack where many computers are used to send the flood of requests; the attacking computers are usually machines which have been previously attacked and have malicious software waiting for commands from some other machine on the Internet
zombie: a zombie is a machine which has been attacked and has been infected with malicious software which awaits commands to carry out DDoS attacks; the user is usually unaware of the problem
hijacking: taking control of a computer or website without the owners consent; zombies are hijacked computers
Hijacking: using some or all of a computer’s resources without the consent of its owner Often done for making a DDoS attack Done by installing a software boot on the computer Main purpose of hijacking is usually to send spam
Bots are planted by exploiting security holes in operating systems and communications software A boot usually installs e-mail forwarding software
Denial of Service
Denial of service (DoS): an attacker launches a large number of information requests Slows down legitimate traffic to site
Distributed denial of service (DDoS): an attacker launches a DoS attack from multiple computers Usually launched from hijacked personal
computers called “zombies” No definitive cure for this A site can filter illegitimate traffic
Risks to ISs include risks to hardware, data, and networks, and natural disaster and vandalism
Risks to data and applications include theft of information, identity theft, data alteration, data destruction, defacement of Web sites, viruses, worms, logic bombs, and no malicious mishaps
Risks to online systems include denial of service and hijacking
Summary