Information Systems for Managers INFO 6240 MBA Programme Management Center IIUM - PowerPoint PPT Presentation

1 / 40

About This Presentation

Title:

Information Systems for Managers INFO 6240 MBA Programme Management Center IIUM

Description:

... denial-of-service attack (DDoS) attacks from multiple computers that ... Code Red was first to combine worm and DoS attack ... – PowerPoint PPT presentation

Number of Views:100

Avg rating:3.0/5.0

Slides: 41

Provided by: drisk

Category:

more less

Transcript and Presenter's Notes

Title: Information Systems for Managers INFO 6240 MBA Programme Management Center IIUM

1
Information Systems for Managers INFO 6240MBA
ProgrammeManagement Center / IIUM
H

Ahmed M. Zeki
amzeki_at_iiu.edu.my
Mar - May 2007

2
INTRODUCTION

Computers are involved in crime in two ways
As the targets of misdeeds
As weapons or tools of misdeeds
Computer crimes can be committed
Inside the organization
Outside the organization

3
Examples of Computer Crimes that Organizations
Need to Defend Against
4
COMPUTER CRIME

Computer crime a crime in which a computer, or
computers, play a significant part

5
Crimes in Which Computers Usually Play a Part
6
Outside the Organization

Some statistics
In 2002
82 of companies had experienced a virus attack
80 had uncovered insider abuse costing over 11
million
In 2003
251 companies reported 65 million in theft of
info
DoS and virus attacks cost more than 27 million

7
Viruses

Computer virus (virus) software that was
written with malicious intent to cause annoyance
or damage
Macro virus spreads by binding itself to
software such as Word or Excel
Worm a computer virus that replicates and
spreads itself from computer to computer

8
The Love Bug Worm
9
SoBig Virus

SoBig virus
Arrived as e-mail attachment
Searched hard disk for e-mail addresses
Sent out huge numbers of useless e-mails
At its height, SoBig constituted 1 in 17 e-mails
world-wide

10
Slammer Worm

Slammer
Flooded the victim server to fill the buffer
Sent out 55 million bursts of information per
second
Found all vulnerable servers in 10 minutes

11
Stand-Alone Viruses

Spoofing forging of return address on e-mail so
that it appears to come from someone other than
sender of record
Klez family of worms
Introduced spoofing of sender and recipient

12
Trojan Horse Viruses

Trojan horse virus hides inside other software,
usually an attachment or download
Examples
Key logger (key trapper) software program that,
when installed on a computer, records every
keystroke and mouse click
Ping-of-Death DoS attack designed to crash Web
site

13
Misleading E-Mail Virus Hoax

Virus hoax is an e-mail telling you of a
non-existent virus
Signs that an alert is a virus hoax
Urges you to forward it to everyone you know
Describes awful consequences of not acting
Quotes a well-known authority

14
Misleading E-Mail To Cause Damage to Your System

Steps
Makes recipient believe that they already have a
virus and gives instruction on removal
Instructions are usually to delete a file that
Windows needs to function
Often purports to come from Microsoft
Microsoft always sends you to a Web site to find
the solution to such a problem

15
Denial-of-Service (DoS) Attacks

Denial-of-Service (DoS) attack floods a Web
site with so many requests for service that it
slows down or crashes
Objective is to prevent legitimate customers from
using Web site

16
Distributed DoS
Distributed denial-of-service attack (DDoS)
attacks from multiple computers that flood a Web
site with so many requests for service that it
slows down or crashes.
17
Combination Worm-DoS

Code Red was first to combine worm and DoS attack
E-mailed itself to as many servers as possible
Was posed to start a DoS attack on the White
Houses Web site
White House changed the IP address

18
Players

Hacker knowledgeable computer users who use
their knowledge to invade other peoples
computers
Thrill-seeker hackers break into computer
systems for entertainment
White-hat (ethical) hackers computer security
professionals who are hired by a company to
uncover vulnerabilities in a network

19
Players

Black hat hackers cyber vandals. Theyre the
people who exploit or destroy information
Crackers hackers for hire, are the people who
engage in electronic corporate espionage
Social engineering acquiring information that
you have no right to

20
Players

Hacktivists politically motivated hackers who
use the Internet to send a political message
Cyberterrorists those who seek to cause harm to
people or destroy critical systems or information

21
Players

Script kiddies (or bunnies) people who would
like to be hackers but dont have much technical
expertise
Are often used by experienced hackers as shields

22
Inside the Organization

Fraud and embezzlement are the most costly types
of computer-aided fraud
Employee harassment of other employees also
causes problems

23
COMPUTER FORENSICS

Computer forensics the collection,
authentication, preservation, and examination of
electronic information for presentation in court
Two phases
Collecting, authenticating, and preserving
electronic evidence
Analyzing the findings

24
Phase 1 Collection Places to Look for
Electronic Evidence
25
Phase 1 Preservation

If possible, hard disk is removed without turning
computer on
Special computer is used to ensure that nothing
is written to drive
Forensic image copy an exact copy or snapshot
of all stored information

26
Phase 1 Authentication

Authentication process necessary for ensuring
that no evidence was planted or destroyed
MD5 hash value mathematically generated string
of 32 letters and is unique for an individual
storage medium at a specific point in time
Probability of two storage media having same MD5
hash value is 1 in 1038, or
1 in 100,000,000,000,000,000,000,000,000,000,000,0
00,000

27
Computer Forensics Software Toolkit

EnCase software that finds all information on
disks
Quick View and Conversions Plus read files in
many formats
Mailbag Assistant reads most e-mail
Irfan View reads image files

28
Phase 2 Analysis

Interpretation of information uncovered
Recovered information must be put in context
Computer forensics software pinpoint files
location on disk, its creator, the date it was
created, and many other facts about the file

29
Files Can Be Recovered from
30
History of Disk Activity
31
Professional Organizations and Standards
32
RECOVERY AND INTERPRETATION

Snippets of e-mail, when put into context, often
tell an interesting story

33
Places to Look for Information

Deleted files and slack space
Slack space the space between the end of the
file and the end of the cluster
System and registry files
Controls virtual memory on hard disk
Has records on installs and uninstalls
Has MAC address (unique address of computer on
the network)

34
Places to Look for Information

Unallocated space set of clusters that has been
marked as available to store information but has
not yet received any
Unused disk space
Erased information that has not been overwritten

35
Ways of Hiding Information

Rename the file
Make the information invisible
Use Windows to hide files
Protect file with password
Encryption scrambles the contents of a file so
that you cant read it without the decryption key

36
Ways of Hiding Information

Steganography hiding information inside other
information
The watermark on dollar bills is an example
Compress the file
may not work with newer versions of computer
forensics software

37
Steganography
38
WHO NEEDS COMPUTER FORENSICS INVESTIGATORS?

Computer forensics is used in
The military for national and international
investigations
Law enforcement, to gather electronic evidence in
criminal investigations
Corporations and not-for-profits for internal
investigations
Consulting firms that special in forensics

39
Organizations Use Computer Forensics for Two
Reasons

Proactive education to educate employees on
What to do and not to do with computer resources
What to do if they suspect wrong-doing and how to
investigate it
Encouraged by the Sarbanes-Oxley Act, which
expressly requires implementation of policies to
prevent illegal activity and to investigate
allegations promptly

40
A Day in the Life