Transcript IT Security Issues

Day 4 – Module 8
Information Technology
Security Issues
Text Materials
Chapter 8 – Protecting People and Information
IT Security Issues
• The IT security issue.
• Different types/categories of Cybercrime and IT security
threats.
• Some popular historical viruses and worms.
• Security Precautions.
IT Security Issues
IT Security Issues
Threats are escalating!
• 90% of all businesses affected each year.
• $17B+ annual cost.
• 5% - 10% of IT budget.
U.S. Corporations Top Security Concerns
80
70
60
50
40
30
20
10
0
Viruses
External
Systems
Hacking
Penetration
Financial
DoS
Fraud
Attacks
Site
Data
Vandalism
Theft
Percent of respondents concerned in each category.
Source: Adapted from InfoWorld, November 16th, 2001
Financial Loss Areas
Source: Adapted from CSI/FBI Security Survey, 2002, 2007
Theft of Proprietary Information
FBI, $Several Billion
all U.S. organizations
Millions of dollars, 503 organizations
180
160
140
120
100
80
60
40
20
0
1997
1998
1999
2000
2001
2002
Representative growth of data theft
IT Security Issues
Intrusions, Not reported
Dollar Losses are soaring
Losses in Millions
70
60
500
50
400
40
% Reported
30
300
% Know n
20
200
10
100
0
Losses
0
1999
2000
2001
2002
1997
1998
1999
2000
2001
2002
FBI, $10B annual losses total-2002
Some estimates go much higher
503 Respondents
Cross-Section of Organizations
Profile of a Computer Criminal
•1900 Web Sites
•Easy to write
Business Week 2/21/2000
•Male 19-30, no criminal record
•Computer specialist, clerical, student, manager
•Self confident, eager, energetic
•High IQ, personable, creative
•Egocentric
•Ax to grind
•Anti-establishment
•Doesn’t view himself as a criminal
Source:Information Technology for Management & nsca.com
Easy to Obtain Tools for Cyber Criminals
Identity Theft
Identity theft occurs when someone uses the personal information of
another (i.e., name, date of birth, social security number, credit card
numbers, bank account numbers, etc.), fraudulently and without
permission. Criminals usually do this to obtain money or goods and
services, but identity theft is also perpetrated to obtain false drivers’
licenses, birth certificates, social security numbers, visas and other
official government papers.
Source: Motes, K. “Identity Theft”, http://www.odl.state.ok.us, December 27, 2002.
ID Theft - CNET News.com
November 25, 2002, 2:34 PM PT
Calling it the largest such bust ever, the U.S. Attorney in Manhattan and the FBI apprehended an alleged ring of identity thieves, accusing three
men of stealing tens of thousands of credit reports.
The ring is alleged to have operated over a period of three years, suspected of pilfering credit reports from the three major commercial credit
reporting agencies and using that information to siphon funds from bank accounts and make fraudulent purchases. Authorities have accounted for $2.7
million in losses so far.
At the center of the scheme as outlined Monday by Justice Department and FBI officials is a help-desk employee of Teledata Communications (TCI), a
company in Bay Shore, N.Y., that lets banks and other lenders access credit histories compiled by Equifax, Experian and TransUnion.
The TCI employee, Philip Cummings, stands accused of wire fraud and conspiracy in filching lenders' passwords and subscriber codes that let a network of
identity thieves obtain tens of thousands of credit reports of more than 30,000 individuals.
TCI declined to comment.
The government has fingered two other defendants, Linus Baptiste and Hakeem Mohammed, in related cases.
"The defendants took advantage of an insider's access to sensitive information in much the same way that a gang of thieves might get the combination to the
bank vault from an insider," Kevin Donovan, assistant director in charge of the FBI's New York field office, said in a statement. "But the potential windfall
was probably far greater than the contents of a bank vault, and using 2lst century technology, they didn't even need a getaway car. Using the same
technology, we determined what was done and who did it, proving that technology is a double-edged sword."
Experts on identity theft said the existence of such a ring was the natural by-product of the existing system of computerized credit information.
"This situation was a problem waiting to happen," said Linda Foley, executive director of the Identity Theft Resource Center in San Diego. "We know that
there are many cases of computer breaches where information (is stolen) leading to identity theft."
Experts also blamed TCI and the credit agencies for their roles in the identity theft problem.
"How much screening did (Cummings) go through before being hired for the help desk?" Foley said.
A Gartner analyst pointed out the problem of too many low-level employees having access to consumers' personal information.
"The fact that lower-tier employees, people who don't have as high a degree of accountability, have access to such information is a problem, and it's one we
see on a regular basis," Gartner analyst Doug Barbin said.
Among the TCI clients whose passwords and subscribers codes the identity thieves used are Ford Motor Credit's Grand Rapids, Mich., branch; Washington
Mutual Bank in St. Augustine, Fla.; Washington Mutual Finance in Crossville, Tenn.; Dollar Bank in Cleveland; and Central Texas Energy Supply.
Linus Baptiste
Hakeem Mohammed
“Hi, I’m
Philip, may
I help you?”
IT Security Threats
(3) Basic Categories of Threats
1. Network Attacks
2. Intrusions
3. Malicious Code
Data Interception: Old Model Versus New Model
Private Network
R
Increased Opportunity
for Data Interception > 10X
Public Network
1. Network Attacks
Slows Network Performance
Degrades Services
Does Not Breach Internal IT Workings
Can be Started by People with only Modest IT Skills
DoS Attack
• Denial of Service Attack
• Easy to Mount
• Difficult to Defend Against
Denial of Service Attack
High Threat
$$$
•Lost commerce
•Image
•
Users are denied service to a server
•
Can tie up an organization’s network
IP Packet
111.111.11.33
Source
Address
212.212.75.86
Message/Request
Destination
Address
Normal Service
111.111.11.33
212.212.75.86
IP Packet
111.111.11.33
Source
Address
212.212.75.86
Message/Request
Destination
Address
Denial of Service Attack
111.111.11.33
212.212.75.86
IP Packet
Bogus.bogus.bogus
Source
Address
212.212.75.86
Message/Request
Destination
Address
2. Intrusions
3. Malicious Code
Love Bug Virus
May 4th, 2000 45 Million Users
300,000 Internet host computers
Medium Threat
E-Mail Replication
VBScript
Program
Characteristics:
Wide-Spread
Deletes Files
Replicates
Changes Home Page
Anna Kournikova Virus
February 12th, 2001
E-Mail Replication
Low Threat
VBScript
Program
Characteristics:
Replicates attachment
Slammer Worm
January 25th, 2003 100,000+ Servers
Buffer Overflow
Medium Threat
Network Outages involving:
* Airline flights & ATM’s
* Internet backbone disruption – S. Korea
Random Scanning
Buffer
Originating
Computer
Vulnerable Server
Port 1434
Characteristics:
Wide-Spread
Attacked specific port
Smallest, efficient, 376 bytes
Easy to detect
Filled Internet Bandwidth, Overloaded Networks
Random, went after every server
Very Rapid Spread, doubling time 8 seconds
Took DB Servers out of operation
Did not destroy files
Security Precautions and Recommendations
• Firewalls
• Access Logs
• Anti-virus software
• Access Authentication
• Encryption
Firewalls
Source: Vicomsoft (www.vicomsoft.com)
Access Logs
Access
Log
Encryption
Encryption
The “s” in https and
the padlock
Anti-virus software
Access Authentication