Can you imagine what would happen if you tried to link to the Internet without a firewall or antivirus software? Your computer would be disabled in a few seconds, and it might take you many days to recover.
When large amounts of data are stored in electronic form, they are vulnerable to many more kinds of threats than when they existed in manual form. Through communications networks, information systems in different locations are interconnected. The potential for unauthorized access, abuse, or fraud is not limited to a single location but can occur at any access point in the network.
Fig. Contemporary Security Challenges and Vulnerabilities
Internet Vulnerabilities
Large public networks, such as the Internet, are more vulnerable than internal networks because they are virtually open to anyone. The Internet is so huge that when abuses do occur, they can have an enormously widespread impact. When the Internet becomes part of the corporate network, the organization's information systems are even more vulnerable to actions from outsiders.
Wireless Security Challenges
It depends on how vigilant you are. Even the wireless network in your home is vulnerable because radio frequency bands are easy to scan. Both Bluetooth and Wi-Fi networks is only several hundred feet, it can be extended up to one-fourth of a mile using external antennae.
Fig. Wi-Fi Security Challenges
Malicious Software: Viruses, Worms, Trojan Horses, and Spyware
Malicious software programs are referred to as malware and include a variety of threats, such as computer viruses, worms, and Trojan horses. Worms and viruses are often spread over the Internet from files of downloaded software, from files attached to e-mail transmissions, or from compromised e-mail messages or instant messaging. Many users find such spyware annyoing and some critics worry about its infringement on computer users' privacy.
Hackers and Computer Crime
A hacker is an individual who intends to gain unauthorized access to a computer system. Within the hacking community, the term cracker is typically used to denote a hacker with criminal intent, although in the public press, the terms hacker and cracker used interchangeably. Cybervandalism is the intentional disruption, defacement, or even destruction of a Web site or corporate information system.
Spoofing and Sniffing
Hackers attempting to hide their true identifies often spoof, or misrepresent, themselves by using fake e-mail addresses or masquerading as someone else. Spoofing also may involve redirecting a Web link to an address different from the intended one, with the site masquerading as the intended destination. A sniffer is a type of eavesdropping program that monitors information traveling over a network.
Denial-of-service Attacks
In a denial-of-service (DoS) attack, hackers flood a network server or Web server with many thousands of false communications or requests for services to crash the network. A distributed denial-of-service (DDoS) attack uses numerous computers to inundate and overwhelm the network from numerous launch points.
Computer Crime
Identity Theft
Identity Theft is a crime in which an imposter obtains key pieces of personal information, such as social security identification numbers, driver's license numbers, or credit card numbers, to impersonate someone else.
Click Fraud
Click Fraud occurs when an individual or computer program fraudulently clicks on an online ad without any intention of learning more about the advertiser or making a purchase.
Business Value of Security and Control
Many firms are reluctant to spend heavily on security because it is not directly related to sales revenue. However, protecting information systems is so critical to the operation of the business that it deserves a second look.
Legal and Regulatory Requirements for Electronic Records Management
If you work in the health care industry, your firm will need to comply with the Health Insurance Portability and Accountability Act (HIPAA) of 1996. If you work in a firm providing financial services, your firm will need to comply with the Financial Services Modernization Act of 1999, better known as the Gramm-Leach-Bliley Act after its congressional sponsors. If you work in a publicly traded company, your company will need to comply with the Public Company Accounting Reform and Investor Protection Act of 2002, better known as the Sarbanes-Oxley Act after its sponsors Senator Paul Sarbanes of Maryland and Representative Michael Oxley of Ohio.
Electronic Evidence And Computer Forensics
Computer forensics is the scientific collection, examination, authentification, preservation, and analysis of data held on or retrieved from computer storage media in such a way that the information can be used as evidence in a court of law. It deals with the following problems:
- Recovering data from computers while preserving evidential integrity
- Securely storing and handling recovered electronic data
- Finding significant information in a large volume of electronic data
- Presenting the information to a court of law
Role of Auditing
An MIS audit examines the firm's overall security environment as well as controls governing individual information systems.
Identity Management and Authentication
To gain access to a system, a user must be authorized and authenticated. Authentication refers to the ability to know that a person is who he or she claims to be. Authentication is often established by using passwords known only to authorized users.
Firewalls
Firewalls prevent unauthorized users from accessing private networks. A firewall is a combination of hardware and software that controls the flow of incoming and outgoing network traffic.
Fig. A Corporate Firewall
Intrusion Detection Systems
Intrusion Detection Systems feature full-time monitoring tools placed at the most vulnerable points or "hot spots" of corporate networks to detect and deter intruders continually.
Antivirus and Antispyware Software
Antivirus software is designed to check computer systems and drives for the presence of computer viruses.
Encryption and Public Key Infrastructure
Two methods for encrypting network traffic on the Web are SSL and S-HTTP. Secure Sockets Layer (SSL) and its successor Transport Layer Security (TLS) enable client and server computers to manage encryption and decryption activities as they communicate with each other during a secure Web session. Secure Hypertext Transfer Protocol (S-HTTP) is another protocol used for encrypting data flowing over the Internet, but it is limited to individual messages, where as SSL and TLS are designed to establish a secure connection between two computers. A more secure form of encryption called public key encryption uses two keys: one share (or public) and one totally private. The keys are mathematically related so that data encrypted with one key can be decrypted using only the other key.
Fig. Public Key Encryption
Digital certificates are data files used to establish the identity of users and electronic assets for protection of online transactions.
Ensuring System Availability
In online transaction processing, transactions entered online are immediately processed by the computer. Multitudinous changes to databases, reporting, and requests for information occur each instant. Fault-tolerant computer systems contain redundant hardware, software, and power supply components that create an environment that provides continuous, uninterrupted service.
Controlling Network Traffic: Deep Packet Inspection
A technology called deep packet inspection (DPI) examines data files and sort out low-priority online material while assigning higher priority to business-critical files.
Security Issues For Cloud Computing and The Mobile Digital Platform
Security in the Cloud
Cloud users should ask whether cloud providers will submit to external audits and security certifications. These kinds of controls can be written into the service level agreement (SLA) before to signing with a cloud provider.
Securing Mobile Platforms
If mobile devices are performing many of the functions of computers, they need to be secured like desktops and laptops against malware, theft, accidental loss, unauthorized access, and hacking attempts. Mobile devices accessing corporate systems and data require special protection.
Summary
Digital data are vulnerable to destruction, misuse, error, fraud, and hardware or software failures. The Internet is designed to be an open system and makes internal corporate systems more vulnerable to actions from outsiders. Lack of sound security and control can cause firms relying on computer systems for their core business functions to lose sales and productivity. Firms need to establish a good set of both general and application controls for their information systems. A risk assessment evaluates information assets, identifies control points and control weaknesses, and determines the most cost-effective set of controls. Firewalls prevent unauthorized users from accessing a private network when it is linked to the Internet. Companies can use fault-tolerant computer systems or create high-availability computing environments to make sure that their information systems are always available. Use of software metrics and rigorous software testing help improve software quality and reliability.
That's wonderful stuff you've written up here. Been searching for it all around. Great blog..
ReplyDeleteThere are many ways to create a website but however with certain restrictions. The best way I would like to suggest is to know the basics of web design with HTML and CSS and then start creating the website of your choice. we do digital marketing too. no matter the device we can develop an app for that we develop the web application that provides capabilities for multiple users with different permission levels Website designing
thank for ur post , we give wireless network solutions in dubai
ReplyDeleteSecurium Solutions is the best Network Security Devices in Abu Dhabi to be known, you can contact us here at support@securiumsolutions.com to get optimal solutions to your problems.
ReplyDelete
ReplyDeleteIt is so nice blog. I was really satisfied by seeing this blog.
Workday Integration Online Training
Workday Integration Course India
If you want to have services for DDoS and Web Application in Abu Dhabi, then Securium Solutions is the best DDoS and Web Application Company in Abu Dhabi.
ReplyDeleteIts an amazing blog post where I get knowledge about technology the best quality of Mobile & Tablet Security Display Stands for your any purpose.
ReplyDeleteThe discussion on securing information systems and addressing vulnerabilities is crucial in today's digital landscape! Understanding potential abuses helps us better protect our data. If you're sharing more insights on cybersecurity, consider using tsoHost for reliable hosting to spread awareness and knowledge!
ReplyDelete