Information

System Security

1
 The Information Age
► Most organizations store information
electronically
► Reasons: - compact, easy to share, easy access
► However, information stored electronically faces
security threats
► Threat can be directed to:
► Hardware,
► Software or
► Data 2
 Forms/Sources of Threat

I. Environmental
II. Electrical
III. Hardware
IV. Human
V. Software

3
 I/ Environmental Threats
► Water
► Rain, floods
► Drinking Water, Spillages (coffee , tea)

► Security Measures
► Labs to be sighted at higher levels/ floors
► Water proofing equipment, e.g. Waterproof laptop bags
► User education –workshops and seminars
► No eating/ drinking in labs
► Use of storage clouds
4
I/ Environmental threats ct’d
► Climate/ Weather
► Heat waves
► Volcanoes, (at least not in Zimbabwe)
► Earthquakes
► Snow

► Security Measures
► Air conditioners.
► Constant maintenance of fans.
► Distance back up, cloud storage

5
 II/ Electrical Threats
► Threats
► Electrical fires
► Power Surges
► Insufficient Power

► Security Measures
► Bundling of cables
► Fire detectors and extinguishers
► Fire proof computer rooms
► Fireproof safes and cupboards
► Surge protectors
► Uninterruptible power supplies

6
 III/ Hardware Threats
► Threats
► Theft/ Loss (portable storage devices)
► Mechanical failure – may result from wear and tear or poor quality components
► End of lifespan

► Security Measures
► Lock and key, or
► Backup
► Equipment renewal
► Maintenance

7
 IV/ Human Threats - Internal
► Negligent Employees
► Employee Sabotage
► destroying hardware or facilities,
► planting logic bombs that destroy programs or data,
► entering data incorrectly,
► deleting data,
► changing data.
► Social Engineering (Falsifying of one’s identity to get classified info from
employees)

8
Human Threats - External

► Industrial Espionage (Gathering proprietary data from private companies

for the purpose of aiding another company(ies)
► Hackers/ Crackers – can use rogue access points to capture confidential
information from unsuspecting users
► Shoulder surfing – Can take various forms
► Dumpster Diving (Going through trash to find confidential information)

9
Hacking

A 10 B
 Shoulder Surfing

Can get to extremes when done through

11

blinders
Security Measures Against
Human Threats
► Guards
► Locks & keys
► Burglar bars in buildings/ Motion detectors
► Restricted entry/ swipe cards
► Biometrics for log in
► Computer access logs
► Backup
► Alertness

12
Software Threats – Malware
► A section of code introduced into a program for malicious purposes,
► Code might trigger a process which will, for example, eliminate data files,
corrupt legitimate code.
► The effects of malware can extend to many users
► Spreads though e-mail, text messages, Bluetooth, file downloads,
removable storage devices
► Malware comes in many forms

13
Forms of Malware

► Trojan Horse: A program that performs a desired task, but that also
includes unexpected (and undesirable) functions.
► Name originated from the Greek Trojan horse
► Could be in the form of a Login emulator, stealing users’ password &
storing it elsewhere
► Can be in the form of Spyware,
► Spyware serves to download ads to display on the user’s system, create pop-up
browser windows when certain sites are visited
► or Capture information from the user’s system and return it to a central site
(ako covert channel)

14
 Forms of Malware
► Worm: A self-replicating program that is self-contained and does not
require a host program.
► The program creates a copy of itself and causes it to execute; no user
intervention is required.
► Worms commonly use network services to propagate to other host
systems.
► May reproduce themselves & clog/shut down a network
► Destroy data, programs & clog networks
► Check the Morris Internet worm, Sobig worm, etc.

15
Malware -Trap Door
► A hole in the software that is only known & used by the system designer
► e.g. Embezzlement of funds from banks by including rounding errors in the
code and having the occasional half-cent credited to the designer’s
account
► Trap doors could also be incorporated in the compiler code, making it
difficult to track

16
Malware - Logic Bomb

► A program that initiates a security incident only under

certain circumstances.
► Invokes a trap door only under given circumstances
► Code to detect if programmer was still employed at the
company, and cause damage if otherwise

17
 Malware - Viruses
► Fragment of code embedded in a legitimate program
► Attaches itself to other software programs (e.g. Trojan horse) or data files
in order to be executed
► Normally spread from computer to computer when humans take an action,
such as sending an e-mail attachment or copying an infected file
► Easily spread through social networking sites

18
Virus Categories

File -Infects a system by appending itself to a file.

► Alters the program so that execution jumps to its code,
returning ctrl to the program after execution.
► Leaves the host program still functional

Boot -Infects the boot sector of the system, executing

every time the system is booted and before the
operating system is loaded.
► Targets bootable media and infects them

19
Virus Categories
Polymorphic -Changes each time it is installed to avoid detection by antivirus
software
► Changes do not affect the virus’s functionality but rather change the
virus’s signature.
► Virus signature - pattern that can be used to identify a virus, typically a
series of bytes that make up the virus code.
Encrypted - Includes decryption code along with the encrypted virus to
avoid detection. The virus first decrypts and then executes.

20
 Virus Categories
Stealth. Conceals self by modifying parts of the system that could be used to
detect it.
► E.g. modifying the read system call so that if the file it has modified is
read, the original form of the code is returned rather than the infected
code.
Tunnelling- Attempts to bypass detection by an antivirus scanner by
installing itself in the interrupt-handler chain.
► Some install themselves in device drivers.

21
Protection against Malware
► Anti-viruses (e.g. McAfee, Norton (by Symantec) Avira,
Kaspersky, etc.)
► A utility that searches a hard disk for viruses and removes
any that is found. Most antivirus programs include an
auto-update feature that enables the program to
download profiles of new viruses so that it can check for
the new viruses as soon as they are discovered
► Use of up to date OS
► Use of firewalls (H/w, S/w tools programmed to screen
network traffic)
► Unified Threat Management Systems (incorporate
firewalls, antiviruses, antispyware, check Cisco SA500
Series) 22
Firewalling to Protect Systems and Networks
► A network firewall is placed between trusted and un trusted
hosts
► The firewall limits network access between these two
security domains
► Personal firewall is software layer on given host
► Can monitor / limit traffic to and from the host

► Intrusion detection systems (IDS) can also be used to

scan software and look for patterns indicative of
known methods of computer attacks, such as bad
passwords, modification in files, and to warn users of
vandalism or system administration errors.

► IDS normally placed at strategic points in the network.

23
IDEAL Organizational Security
Model
► Secure computer rooms with restricted access
► Frequent backups, with off-site storage of encrypted
data
► System backups of all software
► Cold sites (Room ready for computer installation)
► Hot sites (fully equipped spare computer room)
► Disk free stations, all data stored at the server

24
IDEAL Organizational Security
Model
► Use of Biometric methods, i.e. fingerprint, hand
geometry, face, eye, voice, signature & typing rhythms
► Computer locks, particularly for the server.
► Data encryption – data coding with special keys, for
data in transit
► Passwords
► Up to date anti-viruses
► Use of Firewalls to protect company network
► Use of intrusion detection systems to detect unwanted
traffic in the network

25
 IDEAL Organizational Security Model
► Printer and fax security, for sensitive material
► Use of Log functions
In a PC or computer system there should be a log function that
registers when the PC or computer system is used. In the
event of attacks by a hacker it is possible to find out at what
time it happened.
By using a log it is possible to determine, at least afterwards,
if files have been changed in order to commit a fraud

26
 Data and Information policy
► In a database environment, it is important that the
data for the business remains:
► accurate,
► reliable, and
► readily available to those who need it,
► This calls for special policies and procedures for data
management

27
 Information Policy
► A set of rules governing data and information use in
an organisation
► Stipulates rules for:
► sharing,
► disseminating,
► acquiring,
► standardizing,
► classifying, and inventorying information.
► Specifies:
► Data sources and sinks
►
28
procedures and responsibilities,
 Data Administration
► Data administration – specialised department responsible
for policies and procedures through which data can be
managed as an organizational resource.
► Develops information policy,
► Plan for data,
► Oversees logical database design and data dictionary
development, and
► Monitors use of data

29
 Data Quality
► An information policy should ensure data quality
► Data quality can be ensured through a data quality audit
► Data quality audit - a structured survey of the accuracy
and level of completeness of the data in an information
system.
► A quality audit may be done on an entire data file,
surveying samples from data files, or through surveying
end users for their perceptions of data quality

30
 Data Cleansing
► Also known as data scrubbing
► Detects and corrects data in a database that are incorrect,
incomplete, improperly formatted, or redundant.
► Enforces data consistency among different data sets from
different information systems.
► Specialized data-cleansing software can be used to
automatically scan data files, correct errors in the data,
and integrate the data in a consistent company-wide format

31