Chapter 5: Networks, Internet & Ecommerce IT Auditing & Assurance, 2e, Hall & Singleton
LAN (Local Area Networks) WAN (Wide Area Networks Internet/Internet-Works NETWORKS: TYPES
NETWORKS Network topology Star (Figure 5-1, p.194) Hierarchical (Figure 5-2, p.196) Ring (Figure 5-3, p.196) Bus (Figure 5-4, p.197 ) Network architecture Peer-to-peer architecture Client/server architecture (Figure 5-5) Network protocols Function of protocols
Network Operating System (NOS) Polling Token passing Carrier sensing Nodes/terminals Dumb terminals Smart terminals Programmable terminals NETWORKS: COMPONENTS
Transmission channels / media ( Figure 5-9, p.206) Synchronous / asynchronous Simplex / half duplex / full duplex (Figure 5-8, p.205) Twisted pair (phone line) Coax cable (cable line) Fiber optic cable Six advantages -- p Microwave Communication satellites Wireless NETWORKS: COMPONENTS
Server / host Connecting devices Modem Digital signal to radio wave signal (figure 5-14, p.211) Modulation – demodulation (figure 5-15, p.212) Network Interface Card (NIC) Network processors Message switching PBX Packet switching NETWORKS: CONNECTING DEVICES
LAN Linking Devices and Systems Multiplexer Hubs Passive Manageable Switched Routers Switches Gateways Bridges NETWORKS: CONNECTING DEVICES
Internet Intranet Extranet INTERNET
Inter-company transfers Processed automatically by IS Processed in standardized format Figure 5-19, p.218 Third party (VANs) Protocols EDI
Benefits Reduces data keying Reduces paper Reduces postage Reduces errors Reduces inventory REDUCES COSTS EFT (figure 5-23, p.223) EDI audit trail EDI
Electronic commerce Types B2C B2B C2C Components Electronic payment systems SSL SET S-HTTP ELECTRONIC COMMERCE
Risks Internal Accidents / system failures Ineffective accounting Malicious activities Fraud External Intruders Hackers Cracker Script kiddies Viruses Cyberterrorism / cyber-crime ELECTRONIC COMMERCE
Controls Policies and procedures SDLC techniques Anti-virus systems Message sequence numbers Logs Monitoring systems CONTROLLING E-COMMERCE
Access control systems Call-back systems Challenge-response systems Multifaceted password systems Biometrics Firewalls IDS Misuse detection vs. anomaly detection Network-based vs. host-based systems Passive system vs. reactive systems Controlling DoS attacks CONTROLLING E-COMMERCE
Verify the security and integrity of transactions Can detect and correct message loss Can prevent and detect illegal access, internally and externally Will render useless any data captured Verify that backup procedures are sufficient Determine: All EDI and electronic transactions are authorized, validated, and compliant with SLA No unauthorized access to databases Authorized partners only have access to approved data Adequate controls are in place to ensure a complete audit trail for electronic transactions AUDIT OBJECTIVES
Backup control for networks Transaction validation Access control: Tests of validation control Tests of audit trail controls AUDIT OBJECTIVES
Select of sample of messages from transaction log and verify their integrity Review the message transaction logs to verify that all messages were received in proper sequence Test the operation of features such as call-back Review security procedures governing data Verify any encryption process by sending test messages Review the adequacy of firewalls (see list on page 240) AUDIT PROCEDURES
Chapter 5: Networks, Internet & Ecommerce IT Auditing & Assurance, 2e, Hall & Singleton