a) Sniffer : allows individuals to capture data as it is transmitted over a network. This technique is used by network professionals to diagnose network issues, and by malicious users to capture unencrypted data, like passwords and usernames. If this information is captured in transit, a user can gain access to a system or network.

b) Phishing : a cyber-attack that uses disguised email as a weapon. The goal is to trick the email recipient into believing that the message is something they want or need a request from their bank, for instance, or a note from someone in their company and to click a link or download an attachment.

c) Pharming :a scamming practice in which malicious code is installed on a personal computer or server, misdirecting users to fraudulent Web sites without their knowledge or consent. Pharming has been called "phishing without a lure.

d)Spoofing : a type of scam where an intruder attempts to gain unauthorized access to a user's system or information by pretending to be the user. The main purpose is to trick the user into releasing sensitive information in order to gain access to one's bank account, computer system or to steal personal information, such as passwords.

 

> Secure Sockets Layer (SSL) and successor Transport Layer Security (TLS) enables client & server computers to manage encryption & decryption activities; so they communicate with each other during a secure web session. 

> Secure Hypertext Transfer Protocol (SHTTP) is used for encrypting data flowing over the Internet but it is limited to individual messages, whereas SSL & TLS are designed to establish a secure connection between 2 computers.
b) Briefly explain the following terms:

i. Cyber warfare:
State-sponsored activity designed to cripple & defeat another state or nation by penetrating its computers or networks for the purposes of causing damage & disruption.

ii. Computer Forensic:
Scientific collection, examination, authentication, preservation, and analysis of data from computer storage media for use as evidence in court of law and it includes recovery of ambient and hidden data.

 

 

Intrusion Detection System - An intrusion detection system (IDS) is a system that monitors network traffic for suspicious activity and issues alerts when such activity is discovered. It alert administrators when someone or something is trying to compromise information system through malicious activities or through security policy violations. It also inspects all inbound and outbound network activity and identifies suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise a system.

 

Antivirus Software - Antivirus software is a program or set of programs that are designed to prevent, search for, detect, and remove software viruses, and other malicious software like worms, trojans, adware, and more. These tools are critical for users to have installed and up-to-date because a computer without antivirus software protection will be infected within minutes of connecting to the internet. 

 

b) General Controls 

These are policies and procedures that relate to many applications and support the effective functioning of application controls by helping to ensure the continues proper operation of information systems.

-It governs design, security and use of computer programs and security of data. 

-It basically applies to all computerized applications.

-It is a combination of hardware, software and manual procedures to create overall control environment. 

-The types of general controls include implementation controls and software controls.

 

Application controls are the controls specific to a particular accounting application.

-It is a specific control unique to each computerized applications such as payroll or order processing.

-It includes automated and manual procedures and IPO controls.

-It is used to ensure the completeness and accuracy of all processing and the validity of the accounting entries made. 

The types of application controls include input controls and output controls.

2) Virus: a program or programming code that replicates by being copied or initiating its copying to another program, computer boot sector or document. Viruses can be transmitted as attachments to an e-mail note or in a downloaded file, or be present on a diskette or CD

3) Worm: a self-replicating virus that does not alter files but duplicates itself. It is common for worms to be noticed only when their uncontrolled replication consumes system resources, slowing or halting other tasks.

4) Logic bomb: programming code, inserted surreptitiously or intentionally, that is designed to execute (or "explode") under circumstances such as the lapse of a certain amount of time or the failure of a program user to respond to a program command. It is in effect a delayed-action computer virus or Trojan horse. A logic bomb, when "exploded," may be designed to display or print a spurious message, delete or corrupt data, or have other undesirable effects.

 

b) ·      There are internet vulnerabilities which mean network is open to anyone and size of Internet means abuses can have wide impact. 

·      There are wireless security challenges whereby eavesdroppers can drive by buildings and try to intercept network traffic and hacker that gains access to SSID, has access to network’s resources. 

·      There are malicious software such as worms, viruses, Trojan horses and spyware. 

 

 c) 1.    Identity management software which automatically keeps track of all users & privileges authenticates users, protecting identities, and controlling access.

2.    Authentication which is a system that checks the identification of an end user who wants to access it. Some types of authentications are token, smart cards, biometric authentication and two-factor authentication.

3.    Firewalls which is a combination of hardware and software that prevents unauthorized users from accessing private networks and provides additional security by determining whether packets are part of an on-going dialogue between sender & receiver.

 

b) i) Password Based Technologies

-Password may be of any form such as string of alphabets, numbers and special characters. This password is necessarily to be known by the entity or a person that is being authenticated.

ii) Certificate Based Technologies

It is a digital document which digitally signed by a reliable third party known as the Certificate Authority (CA). Then these Digital Certificates can be reused for user authentication. Certificate based authentication is stable as compared to password based authentication.

iii) E-Token Based Technologies

An E-Token authentication is a small device that develop/generates a new odd/random value every time it is used. This random value becomes the basis for authentication such as an alternative to a password. It can be implemented on a USB key fob or on a smart card. Data is protected on the device itself.

iv)  Biometric Based Technologies

Biometric authentication mention is the recognition or identification of humans by their personality or characteristics such as Face, fingerprint, human voice, retina, iris pattern of the eye, vein pattern etc. It's used in computer science as a form of realization or recognition and access control. It is also used to find or select persons in groups that are under consideration.

 It's a form of malicious software or malware which encrypts documents on a PC or even across a network. The malware encrypts your files so that they cannot be opened, or it locks you out of your computer completely to prevent access to all of those important photos, videos, accounting files and work documents. The malicious attackers responsible for sending you the malware then contacts you to demand a ransom, promising to decrypt the files after you pay. 

 

b) Prevent and protect our computer from ransomware.

Scan attachments. Most malware tools give you the ability to scan any emails or attachments before opening them. Emails and email attachments should be scanned before for malware before you open them, especially if they’re coming from an unknown sender.

 

c) Effects of computer crime to an organization. 

It causes damage to intellectual property resulting in the loss of a competitive edge. Without diminishing the effects of the exposure of sensitive customer information, cybercrime and data leaks can also have a negative impact on a company's competitive edge. Consider the effects of having intellectual property like business ideas, marketing campaigns or business expansion plans stolen or exposed. This breach might render any of these ideas useless or ineffective and result in serious damage towards business growth and revenue gains, especially if they land up in the hands of one’s competitors. 

·       Security is no longer just a technology issue, it is also a business issue as well because majority of the companies out there today rely on computer systems to keep their employees information secure as well as their customers’ information, sales transactions, and the details on their vendors, their success is dependent on the secureness of this information. For a non-technologies business especially, they need to understand enough about security that they can take ownership of security approval processes. Ultimately it is because the business themselves that will bear the consequences of a poorly secured system. It is difficult to say that a case of internal fraud or financial misstatement is a purely IT issue. However, such incidents are preventable through a well-defined security structures allocated to the appropriate business users. Since the business bears the risk it is logical that they should be fully engaged in the design of the solutions to prevent the occurrence of such risks. Without adequate understanding and design of the computer security structures, users are not able to use the functions that they require in order to run the business processes. If incorrectly designed, the same security structures will allow users access data and functions that they should not be using including system administration functions, access to sensitive personal data or commercially sensitive data such as sales figures.

 

2. Who poses the biggest security threat: insiders or outsiders?

·       While an organization usually faces more external threats, the reality is that organizations need to be just as concerned about the insider threat. An insider attack is one of the biggest threats faced by organizations since these types of hacks can be very difficult for IT teams to identify. This is because an insider – whether he’s an employee or a contractor – is already entrusted with authorized access to at least some systems and applications on a corporate network. It can be very hard for those in IT to decipher whether he’s just performing his regular job tasks, or carrying out something sinister. An angry employee who already has access to company files could be secretly leaking documents to competitors, or he could be sabotaging systems or corrupting data because he is miffed at his employer. The same could be said about former employees, who often retain access to the network even long after leaving the organization.

 

3. Suppose your business had an e-commerce Web site where it sold goods and accepted credit card payments. Discuss the major security threats to this Web site and their potential impact. What can be done to minimize these threats?

·       Malware which is the malicious software that attackers insert into the web files or pages once they have gained access to the site. Malware may be found on an individual’s computer if they have themselves fallen victim to a phishing attack or otherwise been compromised, or it may be inserted directly onto the website after a successful SQL injection or if administrative account access has been granted to a harmful entity. As with software, malware can perform an extremely wide range of activities, from turning the computer into a botnet that can be part of a DDoS attack, to stealing credit card and account information from the website users. One type of malware that targeted Magento site was able to take credit card information and store it in images so that the attacker could easily access it without flags being raised. In order to minimize these threats, ones need to update the computer operating systems and patch regularly in order to defend against malware and phishing. This will help prevent vulnerabilities from being exploited and help detect and block threats from entering the system.

·       Yes, cyber-warfare is a serious problem because it is more complex than conventional warfare. Although the many potential targets are military a country’s power grids, financial systems, and a communication network can also be crippled. Non-state actors such as terrorist ore criminal groups can mount attacks, and it is often difficult to tell who is responsible. Nations must constantly to be on the alert for new malware and other technologies that could be used against them, and some of these technologies develop by skilled hacker groups are openly for sale to interested government. it can make one of the government destroy in term of their financial or education. it is a serious matter to be look and must been solved because there are a lot of hackers that can obtain others government information.

 

2. What solutions are available for this problem? Do you think they will be effective? Why or why not?

·       Because the whole issue of cyberspace and the problems and damage it can cause is quite new and is still on the rise, many things have not yet been internationally agreed on and many states take different measures. Cyber attacks can be prevented with two different types of measures: The first type intending to prevent states from carrying out cyber attacks and the second type being measures to increase security of the networks which have the highest risk of being attacked. Most states have laws regulating computer crimes done by individuals or non-state actors to hopefully prevent any cyber attacks but other states are not bound to any rules yet. They would only have to be aware of the reaction of the attacked country. Besides definitions of cyber warfare and information warfare and other important terms, an internationally agreed list of computer crimes or rules should therefore be established, maybe in combination with an organization monitoring the cyberspace, with large and serious consequences against states violating these rules.

 

·       In contrast, the strength of a security system is not always the most important part as the potential strength of attacks is steadily growing, sometimes it’s more important to take different measures. Two very controversial ideas are the kill switch and the electrical wall. The kill switch could shut down the internet of certain areas, whether it is only concerning a company, a city or a whole country, in case of serious cyber attacks. The electrical wall intends to inspect every data package coming into the country’s network and compares it to known signatures and in case of a match do not let them through. Both these ideas can be very useful and even save lives, however, if used by the wrong person or government, they can violate basic human rights by censoring certain parts of the internet. Therefore such measures have to be evaluated very carefully and include certain restrictions. In general all states should consider their possibilities with care as the internet is a symbol for freedom and a state interfering with the internet could lead to protest of the civilians. Because the internet connects everyone worldwide, each state is equally affected. Cooperations between countries and international agreements could therefore prove very useful leaving only non-state actors as a possible cyber threat.