Presentation is loading. Please wait.

Presentation is loading. Please wait.

Internet & Security Information Systems Today Jessup & Valacich, Chapter.6.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Internet & Security Information Systems Today Jessup & Valacich, Chapter.6."— Presentation transcript:

1 Internet & Security Information Systems Today Jessup & Valacich, Chapter.6

2 Domain Identifies the Website (host) Comes in many suffixes such as:.edu(educational institutions).org (organizations; non-profit).mil (military).net (network organizations) Example: microsoft.com (URL) Uniform Resource Locator Identifies particular Web pages within a domain Example: http://www.microsoft.com/security/default.mspx IP Address Each domain is associated with one or more IP addresses Format: a 32-bit address written as 4 numbers (from 0-255) separated by periods Example: 1.160.10.240 How the Internet Works – Web Addresses & Domains

3 Domain Name System (DNS) Maintained by the Internet Registry Used to associate hosts or domains with IP addresses InterNic Registration Service Assigns Internet Domains and IP addresses Internet Corp. for Assigned Names and Number (ICANN) has responsibility for managing IP Addresses, domain names, and root server system management How the Internet Works – Managing the Internet

4 World Wide Web Hypertext: A Web page stored on a Web server Contains information and links to other related information (hyperlinks) HTML (Hypertext Markup Language) A standard method used to specify the format of Web pages Uses codes/tags which stipulate how the content should appear to the user Web Browser A software program used to locate and display Web pages Includes text, graphics, and multimedia content

5 World Wide Web HTTP (Hypertext Transfer Protocol) A protocol used to process user requests for displaying Web pages from a Web server Web Servers A special computer that is specifically designed to store and “serve up” Web pages This machine contains special hardware and software to perform its many specialized functions

6 How the Internet Works – Packet Switching Packet Switching Allows millions of users to send large and small chucks of data across the Internet concurrently Based on the concept of turn taking, packets from each user are alternated in the shared network (below) Networks connected to the Internet use this concept Packet Switching Allows millions of users to send large and small chucks of data across the Internet concurrently Based on the concept of turn taking, packets from each user are alternated in the shared network (below) Networks connected to the Internet use this concept

7 How the Internet Works – TCP/IP & Routers TCP – Transmission Control Protocol Breaks information into small chucks called data packets Manages the transfer of the packets from computer to computer Reassembles data packets into a message at the destination IP – Internet Protocol Controls how data packets are formed Addresses each packet with the source and destination address A data packet conforming to the IP spec is called an IP datagram Routers Connect one network to another Identify each device on a network as unique using IP protocol Serve as the “Traffic Cop” directing packets to their destination

8 Example: Sending a message from Computer A to D (Computer A) TCP - Breaks message into data packets IP - Adds address of destination Computer D (Computer D) TCP - Checks for missing packets, reassembles message, discards duplicate packets (Router) Reads IP Address of packet, routes message to Network 2 and Computer D

9 Information System Security IS Security Precautions taken to keep all aspects of information systems safe from unauthorized use access IS Security Precautions taken to keep all aspects of information systems safe from unauthorized use access Managerial Methods Several techniques are commonly used to manage information systems security: Risk Assessment Controlling Access Organizational Policies and Procedures Backups and Recovery Managerial Methods Several techniques are commonly used to manage information systems security: Risk Assessment Controlling Access Organizational Policies and Procedures Backups and Recovery Security Resources A number of organizations exist to raise awareness, research, develop standards, and advise on solutions for Internet security (e.g. CERT/CC, CSD, CSIT) Security Resources A number of organizations exist to raise awareness, research, develop standards, and advise on solutions for Internet security (e.g. CERT/CC, CSD, CSIT)

10 Information System Security – Managerial Techniques Assessing Risk Security Audit identifies all aspects of information systems and business processes that use them Risk Analysis assesses the value of assets being protected Alternatives based on Risk Analysis: Risk Reduction – implementing active counter measures to protect systems (e.g. firewalls) Risk Acceptance – implementing no counter measures Risk Transference – transferring risk…buying insurance Controlling Access Keeping information safe by only allowing access to those that require it to do their jobs Authentication – verifying identity before granting access (e.g. passwords) Access Control – Granting access to only those system areas where the user is authorized (e.g. accounting)

11 Organizational Policies and Procedures Acceptable Use Policies – formally document how systems should be used, for what, and penalties for non-compliance Backups and Disaster Recovery Backups – taking periodic snapshots of critical systems data and storing in a safe place or system (e.g. backup tape) Disaster Recovery Plans – spell out detailed procedures to be used by the organization to restore access to critical business systems (e.g. viruses or fire) Disaster Recovery – executing Disaster Recovery procedures using backups to restore the system to the last backup if it was totally lost Information System Security – Managerial Techniques

12 State of IS Security - Security Threats & Technologies Security Technologies Companies and research organizations continue to develop and refine technologies to prevent security breaches. Some Include: Firewalls Biometrics VPN and Encryption Security Threats Today we hear about many security breaches that affect organizations and individuals. Some recently in the news: Identity Theft – gaining access to some ones personal information allowing them to imitate you (stolen laptop) Denial of Service – attacks on websites using zombie computers that overwhelm the site and shuts it down Others: Spyware, Spam, Wireless Access, Viruses

13 IS Security: Technology Firewall Techniques Packet Filter – examine each packet entering and leaving network and accept/reject based on rules Application Level Control – Performs certain security measures based on a specific application (e.g. file transfer) Keyword based filtering Destination (URL) based filtering Certain URLs not permitted (OR) Certain URLs only are permitted Firewalls A system of software, hardware or both designed to detect intrusion and prevent unauthorized access to or from a private network

14 Security Threat: Spyware, Spam, and Cookies Cookies A message passed to a browser from a Web server. Used by legitimate programs to store state and user information Problems: can be used to track user activities Prevention: browser settings, firewall Spyware Any software that covertly gathers information about a user through an Internet connection without the users knowledge Problems: uses memory resources, uses bandwidth, and can cause system instability Prevention: Firewalls and Spyware software Spam Electronic junk mail or junk newsgroup postings usually for purpose of advertising for some product and/or service Problems: nuisance, wastes time deleting, uses storage Prevention: Spam Blocker software

15 Security Technology: Biometrics Biometrics A sophisticated authentication technique used to restrict access to systems, data and/or facilities Uses biological characteristics to identify individuals such as fingerprints, retinal patterns in the eye, etc. that are not easily counterfeited Has great promise in providing high security

16 Security Threat: Access to Wireless Unauthorized Access to Wireless Networks With the prevalence in use of wireless networks this threat is increasing Problems - Drive-by hacking an attacker accesses the network, intercepts data from it, and can use network services and/or sends attack instructions without entering the building Prevention - Encryption between network and user devices

17 Security Technology: VPN and Encryption VPN (Virtual Private Network) Called a secure tunnel Dynamically generated network connection to connect users or nodes This approach uses both authentication and encryption Used extensively for remote access by employees Encryption The process of encoding messages before they enter the network or airwaves, and then decoding at the receiving end Public Key - known and used to scramble messages (SSL) Private Key - not known and used by receiver to descramble Certificate Authority – a third party that issues keys

18 How Encryption Works

19 Security Threat: Viruses Viruses Programs that can attack a computer and/or a network and delete information, disable software, use up all system resources, etc. Prevention Steps: AntiVirus software: install this software which is designed to block all known viruses and offers automatic or manual updates to virus patterns to block future viruses No Disk Sharing – Viruses can be transferred to clean computers by inserting disks containing infected files Delete Suspicious Email Messages – Do not open suspicious e-mail messages…Delete Only! Report Viruses – If you get a virus, report it to you network administrator immediately!

Download ppt "Internet & Security Information Systems Today Jessup & Valacich, Chapter.6."

Similar presentations

Intermediate 2 Computing

Intermediate 2 Computing
4.01 How Web Pages Work.

4.01 How Web Pages Work.
Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.

Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.
2 An Overview of Telecommunications and Networks Telecommunications: the _________ transmission of signals for communications (home net) (home net)

2 An Overview of Telecommunications and Networks Telecommunications: the _________ transmission of signals for communications (home net) (home net)
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
T HE I NTERNET AND S ECURITY Chapter 4. 2 SIX MAJOR ROLES AND GOALS OF IT 1.Increase employee productivity by reducing time, errors and costs using 2.Enhance.

T HE I NTERNET AND S ECURITY Chapter 4. 2 SIX MAJOR ROLES AND GOALS OF IT 1.Increase employee productivity by reducing time, errors and costs using 2.Enhance.
T HE I NTERNET AND S ECURITY Chapter 4. 2 SIX MAJOR ROLES AND GOALS OF IT 1.Increase employee productivity by reducing time, errors and costs using 2.Enhance.

T HE I NTERNET AND S ECURITY Chapter 4. 2 SIX MAJOR ROLES AND GOALS OF IT 1.Increase employee productivity by reducing time, errors and costs using 2.Enhance.
The Internet Useful Definitions and Concepts About the Internet.

The Internet Useful Definitions and Concepts About the Internet.
Chapter Extension 7 How the Internet Works © 2008 Prentice Hall, Experiencing MIS, David Kroenke.

Chapter Extension 7 How the Internet Works © 2008 Prentice Hall, Experiencing MIS, David Kroenke.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
4-1 Chapter 4 The Internet And Security www.prenhall.com/jessup.

4-1 Chapter 4 The Internet And Security
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Topics in this presentation: The Web and how it works Difference between Web pages and web sites Web browsers and Web servers HTML purpose and structure.

Topics in this presentation: The Web and how it works Difference between Web pages and web sites Web browsers and Web servers HTML purpose and structure.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
UNDERSTANDING WEB AND WEB PROJECT PLANNING AND DESIGNING AND EFFECTIVE WEBSITE Garni Dadaian.

UNDERSTANDING WEB AND WEB PROJECT PLANNING AND DESIGNING AND EFFECTIVE WEBSITE Garni Dadaian.
CLIENT A client is an application or system that accesses a service made available by a server. applicationserver.

CLIENT A client is an application or system that accesses a service made available by a server. applicationserver.

Similar presentations

Ads by Google