Chapter 8: Securing Information Systems

• There are a number of firewall screening technologies, including static packet filtering,
stateful inspection, Network Address Translation, and application proxy filtering.
• packet filtering: examines selected fields in the headers of data packets flowing back and
forth between the trusted network and the Internet, examining individual packets in
isolation.
• Stateful inspection : determines whether packets are part of an ongoing dialogue between
a sender and a receiver. It sets up state tables to track information over multiple packets.
Packets are accepted or rejected based on whether they are part of an approved
conversation or attempting to establish a legitimate connection.
• Network Address Translation (NAT): can provide another layer of protection when static
packet filtering and stateful inspection are employed. NAT conceals the IP addresses of the
organization’s internal host computer(s) to prevent sniffer programs outside the firewall
from ascertaining them and using that information to penetrate internal systems.
• Application proxy filtering : examines the application content of packets. A proxy server
stops data packets originating outside the organization, inspects them, and passes a proxy
to the other side of the firewall. If a user outside the company wants to communicate with
a user inside the organization, the outside user first communicates with the proxy
application, and the proxy application communicates with the firm’s internal computer and
vice versa.
• Firewalls can deter, but not completely prevent, network
penetration by outsiders and should be viewed as one
element in an overall security plan.
2- Intrusion Detection Systems:
• full-time monitoring tools placed at the most vulnerable
points or hot spots of corporate networks to detect and
deter intruders continually.
• The system generates an alarm if it finds a suspicious or
anomalous event.
• Scanning software looks for bad passwords, checks to see
whether important files have been removed or modified,
and sends warnings of vandalism or system administration
errors.
• The intrusion detection tool can also be customized to shut
down a particularly sensitive part of a network if it receives
unauthorized traffic.
3- Antivirus and Antispyware Software:
• Antivirus software prevents, detects, and removes
malware, including computer viruses, computer
worms, Trojan horses, spyware, and adware.
• Most antivirus software is effective only against
malware already known when the software was
written. To remain effective, the antivirus software
must be continually updated.
4- Unified Threat Management Systems:
• firewalls, virtual private networks, intrusion detection
systems, and web content filtering and anti-spam
software are called unified threat management
(UTM) systems.
• UTM products are available for all sizes of networks.
 Securing Wireless Networks
• The initial security standard developed for Wi-Fi,
called Wired Equivalent Privacy (WEP).
• not very effective because its encryption keys are
relatively easy to crack.
• Many Corporations can further improve Wi-Fi
security by using WEP in conjunction with virtual
private network (VPN) technology when
accessing internal corporate data.
• Instead of the static encryption keys used in WEP,
the new standard uses much longer keys that
continually change, making them harder to crack.
 Encryption and Public Key
Infrastructure
• Encryption is the process of transforming plain text or data into cipher text that cannot be
read by anyone other than the sender and the intended receiver.
• Data are encrypted by using a secret numerical code, called an encryption key.
• The message must be decrypted by the receiver.
- Methods of network traffic encryption:
1- Secure Sockets Layer (SSL) and its successor, Transport Layer Security (TLS), enable client
and server computers to manage encryption and decryption activities as they communicate
with each other during a secure web session.
2- Secure Hypertext Transfer Protocol (S-HTTP) is another protocol used for encrypting data
flowing over the Internet, but it is limited to individual messages.
• SSL and TLS are designed to establish a secure connection between two computers.
- Two methods of encryption
1- symmetric key encryption: the sender and receiver establish a secure Internet session by
creating a single encryption key and sending it to the receiver so, both the sender and receiver
share the same key. The longer the key, the more difficult it is to break the key.
2- public key encryption: more secure form of encryption because uses two keys: one shared
(or public) and one totally private.
To send and receive messages, communicators first create separate pairs of private and public
keys. The public key is kept in a directory, and the private key must be kept secret. The sender
encrypts a message with the recipient’s public key. On receiving the message, the recipient
uses his or her private key to decrypt it.
• Digital certificates: are data files used to establish the identity of users and
electronic assets for protection of online transactions. certificate system
uses a trusted third party, known as a certificate authority (CA), to validate
a user’s identity
• Public key infrastructure (PKI) , the use of public key cryptography working with a
CA, is now widely used in e-commerce.
 Ensuring System Availability
• the airline and financial services industries with critical applications
requiring online transaction processing have traditionally used fault-
tolerant computer systems for many years to ensure 100 percent
availability.
• online transaction processing , transactions entered online are
immediately processed by the computer. Multitudinous changes to
databases, reporting, and requests for information occur each instant.
• Fault-tolerant computer systems contain redundant hardware,
software, and power supply components that create an environment
that provides continuous, uninterrupted service.
• Fault-tolerant computers use special software routines or self-checking
logic built into their circuitry to detect hardware failures and
automatically switch to a backup device.
• Parts from these Fault-tolerant computers can be removed and repaired
without disruption to the computer or downtime.
• Downtime refers to periods of time in which a system is not operational.
 Controlling Network Traffic: Deep
Packet Inspection
• If network is very slow because of using the network
to download music or watch YouTube, etc. Therefore,
the solution is DPI
• deep packet inspection (DPI) is a technology helps
solve this problem.
• DPI examines data files and sorts out low-priority
online material while assigning higher priority to
business-critical files.
• Based on the priorities established by a network’s
operators, it decides whether a specific data packet
can continue to its destination or should be blocked
or delayed while more important traffic proceeds.
 Security Issues for Cloud Computing
and the Mobile Digital Platform
1- Security in the Cloud:
• Cloud applications reside in large remote data centers and server farms.
cloud computing providers often distribute work to data centers around
the globe where work can be accomplished most efficiently. you may not
know precisely where your data are being hosted. It is difficult to track
unauthorized activity.
• Virtually all cloud providers use encryption, such as SSL, but DDoS attacks
are especially harmful because they render cloud services unavailable to
legitimate customers.
• Some kinds of controls such as (how the cloud provider will respond if a
disaster strikes, whether the provider will be able to restore your data
completely, and how long this should take) can be written into the service
level agreement (SLA) before signing with a cloud provider.
• The Cloud Security Alliance (CSA) has created industry wide standards for
cloud security, specifying best practices to secure cloud computing
 Security Issues for Cloud Computing
and the Mobile Digital Platform
2- Securing Mobile Platforms:
• Companies should make sure that their corporate security policy
includes mobile devices, with additional details on how mobile
devices should be supported, protected, and used.
• They will need mobile device management tools to authorize all
devices in use; to maintain accurate inventory records on all
mobile devices, users, and applications; to control updates to
applications; and to lock down or erase lost or stolen devices so
they can’t be compromised.
• Companies should encrypt communication whenever possible.
• All mobile device users should be required to use the password
feature found in every smartphone.
• Mobile security products are available from Kaspersky, Symantec,
Trend Micro, and McAfee.
 Ensuring Software Quality
• By employing software metrics and rigorous software testing.
• Ongoing use of metrics allows the information systems
department and end users to measure the performance of the
system jointly and identify problems as they occur such as
response time, no. of transactions, no. of payroll printed, and etc.
• For metrics to be successful, they must be carefully designed,
formal, objective, and used consistently.
• Good testing begins before a software program is even written, by
using a walkthrough
• walkthrough —a review of a specification or design document by a
small group of people carefully selected based on the skills needed
for the particular objectives being tested.
• When errors are discovered, the source is found and eliminated
through a process called debugging