MIS 601 : Information Systems Management

Security and Ethical Challenges Topic # 8

Contents: Ethical and Security impacts on Society Ethical responsibilities of Business Professionals Computer Crime Internet abuses at work place Hacking Software Piracy issues Computer Viruses and Worms Cyber Theft

Ethical and Security impacts on Society

The use of IT in Business presents a major security challenges, poses serious ethical questions and affects society in significant ways. But, its important to note that Business/IT has had beneficial results as well as detrimental effects on Society and people in each of these areas.

Security and Ethical Challenges

Employment Education

Health

Security Ethics and Society

Crime

Individuality

Working Conditions

Computer Crime
Its a growing threat to society caused by criminal or irresponsible actions of individuals who take advantages of the widespread use and vulnerability of computers and the Internet & other networks.

AITP definition of Computer Crime:

Unauthorized use, access, modifications and destructions of hardware, software, data or network resources. Unauthorized release of Information Unauthorized copying of software Denying an end user access to his/her own hardware, software, data or Network Resources Using or Conspiring to use computer or network resources to illegally obtain information or tangible property.

Types of Computer Crimes

Cyber Theft
Many computer Crimes involve the theft of money. Mostly cyber thefts involve an insider from the organisation. Eg Russian Hacker Vladimir Levin CITIBANK $ 11 millions

Software Piracy
This is the major form of Software Theft. Software Publishers Association is an industry association of Software Developers used in major Corporations in the States. NASSCOM in India. Software packages are protected by the Computer Software Piracy and Counterfeiting Amendment Law in the USA.

Case Example: RIAA vs NAPSTER

Recording Industry Association of America (RIAA) It won its suit against Napster in 2002. Napster went out of business in USA in 2002. Peer to Peer music sharing

Computer Viruses and Worms

These are the most destructive example of Computer Crime. Virus: is a program code that cannot work without being inserted into another program. Worm: is a distinct program that can run unaided

Computer Viruses and Worms

Computer Viruses
Resident Virus:
These viruses reside in the Boot sector of the Computer Hard disk. They can be copied from there to any other floppy disk etc inserted into the infected computer.

.Exe Virus:
These viruses come attached with files such as a Words Document (with Macro) or any other EXE files.

Security Management of IT List of Contents: Need for Security Management? Properties of Secure Communications. Security management Techniques: Encryption
Symmetric Encryption Asymmetric Encryption

Firewalls Virus Defenses

Security Management of IT
The Goal of Security Management is the accuracy, integrity and safety of all Information system Processes & resources. The objectives of Security Management is to : Reduce Errors Reduce Frauds Minimize Losses in Information Systems

Network and Internet Security: Following are the desirable properties of Secure Communications:Confidentiality Authentication Message Integrity and Non Repudiation Availability and Access Control

Security Management Techniques

Encryption Fire Walls

Virus Defenses

Encryption :
Encryption has become an important way to protect data. Passwords, messages, files etc are transmitted in scrambled format and unscrambled by computer. Encryption involves using special mathematical algorithms or keys to transform digital data into a scrambled code before they are transmitted and to decode the data when they are received at the other end.

Encryption :

Symmetric Encryption Algorithm

This is also called as Conventional encryption or single key encryption This was first used by Julius Caesar. The algorithm has five ingredients:1. 2. 3. 4. 5. Plaintext Encryption Algorithm Secret Key Ciphertext Decryption algorithm

Symmetric Encryption Algorithm

INS 601 ISM 8th June 2011 Vishwesh Akre

Symmetric Encryption Algorithm

Symmetric algorithm remains the most popular and widely used of the two algorithms. It has two requirements:-

A Strong Encryption Algorithm. Sender and receiver must have obtained the keys in a secure manner.

Example of Algorithm DES (Digital Encryption Standard) 1977 (56 bit Key)

Asymmetric Encryption Algorithm

Also called as Public Key Encryption . Was proposed by Diffie and Hellman (1976). It is called Asymmetric Encryption algorithm because of use of different keys for Encryption and Decryption respectively. Example: RSA Public Key Encryption algorithm developed by RON RIVEST, ADI SHAMIR and LEN ADLEMAN at MIT in 1978

Asymmetric Encryption Algorithm Six Ingredients of Public Key Algorithm :

Plaintext Encryption Algorithm Public Key Private Key Ciphertext Decryption Algorithm

Asymmetric Encryption Algorithm Essential Steps:

1. Each user generates a pair of keys to be used for encryption and decryption of messages. 2. Each user places one of the two keys in a public register. This is the Public Key. The other key is kept secret. That is called as Private Key. 3. If one user wants to send message to another user, he encrypts the message using the public key of the intended recipient. 4. The recipient decrypts the message using his private key.

Asymmetric Encryption Algorithm

INS 601 ISM 8th June 2011 Vishwesh Akre

Asymmetric Encryption Algorithm

Important Characteristics:

It is computationally infeasible to determine the decryption key given only the knowledge of the cryptographic algorithm and the encryption key. For most public key schemes, either of the two related keys can be used for encryption, the other can be used for decryption.

Firewalls
A network firewall can be a communication processor (like router) or a dedicated server along with firewall software. A firewall serves as a Gatekeeper system that protects a companys internets and other computer networks from intrusion by providing a filter and a safe transfer point for access to & from the Internet and other networks. It screens all network traffic for proper passwords or other security codes and allows unauthorized transmissions in & out of the network.

Firewalls

Internal company data servers Internal Firewall Prevents users From accessing Company PCs Sensitive data External Firewall Examines each packet and discards some types of requests.

Internet

Firewall types
External Firewalls keeps out unauthorized Internet users. Internal Firewalls prevents users from accessing sensitive Human Resources or Firewall Data. Passwords and Browser Security features control access to specific Intranet resources. Intranet server features provide authentication and encryption where applicable. Network Interface Software is carefully crafted to avoid creating security holes to back end resources.

Types of Firewalls

TCP / IP The Internet Backbone

Architecture Protocols SMTP, HTTP, FTP,TFTP,TELNET

TCP, UDP IP, ICMP, ARP, RARP

Network Access Protocols

Packet Filtering Firewall

Packet Filters operate by first parsing packet headers and then applying filtering rules from an Administrator specified set of rules to determine whether : To Drop Data Packet? To let Data Packet Pass?

Filtering decisions are based on : IP source or destination address TCP or UDP source and destination port ICMP message types

Application Gateway (Firewall)

An Application Firewall is an application specific server through which all applications data (inbound & outbound) must pass. Multiple Application Gateways may run on same host, but each Gateway is a separate server with its own processes. Organisations may often have multiple Application Firewalls: Firewall Gateway for HTTP Firewall Gateway for FTP Firewall Gateway for Email

Virus Defenses
Many companies are building defenses against spread of viruses by centralising the distribution & updating of antivirus software as responsibilities of IS departments. Other companies are outsourcing Virus Protection responsibilities to ISP or Security Management Companies.

Virus Defenses Some Virus Security Products

Trend Micro (PC cillin) McAfee (VirusScan) Symantec (Norton Antivirus) Security Suites:
These are software's which integrate Virus Protection with Firewalls, Web Security & Content Blocking Features. ZoneAlarm Security Suite 2005 Norton Internet Security 2004