Chapter 5: Networks, Internet & Ecommerce IT Auditing & Assurance, 2e, Hall & Singleton

 LAN (Local Area Networks)  WAN (Wide Area Networks  Internet/Internet-Works NETWORKS: TYPES

NETWORKS  Network topology  Star (Figure 5-1, p.194)  Hierarchical (Figure 5-2, p.196)  Ring (Figure 5-3, p.196)  Bus (Figure 5-4, p.197 )  Network architecture  Peer-to-peer architecture  Client/server architecture (Figure 5-5)  Network protocols  Function of protocols

 Network Operating System (NOS)  Polling  Token passing  Carrier sensing  Nodes/terminals  Dumb terminals  Smart terminals  Programmable terminals NETWORKS: COMPONENTS

 Transmission channels / media ( Figure 5-9, p.206)  Synchronous / asynchronous  Simplex / half duplex / full duplex (Figure 5-8, p.205)  Twisted pair (phone line)  Coax cable (cable line)  Fiber optic cable  Six advantages -- p  Microwave  Communication satellites  Wireless NETWORKS: COMPONENTS

 Server / host  Connecting devices  Modem  Digital signal to radio wave signal (figure 5-14, p.211)  Modulation – demodulation (figure 5-15, p.212)  Network Interface Card (NIC)  Network processors  Message switching  PBX  Packet switching NETWORKS: CONNECTING DEVICES

 LAN Linking Devices and Systems  Multiplexer  Hubs  Passive  Manageable  Switched  Routers  Switches  Gateways  Bridges NETWORKS: CONNECTING DEVICES

 Internet  Intranet  Extranet INTERNET

 Inter-company transfers  Processed automatically by IS  Processed in standardized format  Figure 5-19, p.218  Third party (VANs)  Protocols EDI

 Benefits  Reduces data keying  Reduces paper  Reduces postage  Reduces errors  Reduces inventory  REDUCES COSTS  EFT (figure 5-23, p.223)  EDI audit trail EDI

 Electronic commerce  Types  B2C  B2B  C2C  Components  Electronic payment systems  SSL  SET  S-HTTP ELECTRONIC COMMERCE

 Risks  Internal  Accidents / system failures  Ineffective accounting  Malicious activities  Fraud  External  Intruders Hackers Cracker Script kiddies  Viruses  Cyberterrorism / cyber-crime ELECTRONIC COMMERCE

 Controls  Policies and procedures  SDLC techniques  Anti-virus systems  Message sequence numbers  Logs  Monitoring systems CONTROLLING E-COMMERCE

 Access control systems  Call-back systems  Challenge-response systems  Multifaceted password systems  Biometrics  Firewalls  IDS  Misuse detection vs. anomaly detection  Network-based vs. host-based systems  Passive system vs. reactive systems  Controlling DoS attacks CONTROLLING E-COMMERCE

 Verify the security and integrity of transactions  Can detect and correct message loss  Can prevent and detect illegal access, internally and externally  Will render useless any data captured  Verify that backup procedures are sufficient  Determine:  All EDI and electronic transactions are authorized, validated, and compliant with SLA  No unauthorized access to databases  Authorized partners only have access to approved data  Adequate controls are in place to ensure a complete audit trail for electronic transactions AUDIT OBJECTIVES

 Backup control for networks  Transaction validation  Access control:  Tests of validation control  Tests of audit trail controls AUDIT OBJECTIVES

 Select of sample of messages from transaction log and verify their integrity  Review the message transaction logs to verify that all messages were received in proper sequence  Test the operation of features such as call-back  Review security procedures governing data  Verify any encryption process by sending test messages  Review the adequacy of firewalls (see list on page 240) AUDIT PROCEDURES

Chapter 5: Networks, Internet & Ecommerce IT Auditing & Assurance, 2e, Hall & Singleton