MKTG 476 SECURITY Lars Perner, Instructor 1 Internet Security Servers Hacking Publicly available...
-
Upload
valentine-owen -
Category
Documents
-
view
219 -
download
1
Transcript of MKTG 476 SECURITY Lars Perner, Instructor 1 Internet Security Servers Hacking Publicly available...
MKTG 476 SECURITY Lars Perner, Instructor 1
Internet SecurityInternet Security
ServersServers HackingHacking Publicly available informationPublicly available information Information storageInformation storage Intrusion methodsIntrusion methods
– PhishingPhishing– PharmingPharming– SpywareSpyware
VirusesViruses SpamSpam Identity theftIdentity theft
MKTG 476 SECURITY Lars Perner, Instructor 2
Concerns Shared by Firms and Concerns Shared by Firms and ConsumersConsumers
Identity theftIdentity theft Fraudulent use of credit cards or bank Fraudulent use of credit cards or bank
accountsaccounts Loss of privacyLoss of privacy Consumer reluctance to shop online due to Consumer reluctance to shop online due to
fears of fraudfears of fraud Costs of authenticationCosts of authentication
MKTG 476 SECURITY Lars Perner, Instructor 3
Consumer Privacy ConcernsConsumer Privacy Concerns
Large amounts of consumer Large amounts of consumer information can be bought information can be bought onlineonline
Some information is available to Some information is available to the public through government the public through government offices—e.g.,offices—e.g.,– Real estate ownershipReal estate ownership– Vehicle registrationsVehicle registrations– Licenses (driver’s /professional)Licenses (driver’s /professional)– Personal records—e.g.,Personal records—e.g.,
Marriage divorceMarriage divorce Certain tax liensCertain tax liens Certain criminal recordsCertain criminal records Bankruptcies Bankruptcies
Information inadvertently posted Information inadvertently posted onlineonline
Information posted without Information posted without consent of customerconsent of customer– E.g., employment recordsE.g., employment records– E.g., membership directoriesE.g., membership directories
MKTG 476 SECURITY Lars Perner, Instructor 4
Consumer Privacy Concerns, Part IIConsumer Privacy Concerns, Part II
Online services Online services combining informationcombining information– Information sold by Information sold by
vendors (e.g., unlisted vendors (e.g., unlisted phone numbers of phone numbers of customers; purchase customers; purchase histories)histories)
– Aggregation of Aggregation of databases (e.g., databases (e.g., combining multiple combining multiple phone directories and phone directories and real-estate recordings)real-estate recordings)
Information that is only Information that is only supposed to be supposed to be available when available when authorizedauthorized– Credit recordsCredit records– MedicalMedical
Some information may Some information may be available only to be available only to certain kinds of userscertain kinds of users
MKTG 476 SECURITY Lars Perner, Instructor 5
Online Data StorageOnline Data Storage
Types of information stored on customersTypes of information stored on customers– Login, passwordsLogin, passwords– Credit card informationCredit card information– Purchase historiesPurchase histories– Home addressesHome addresses– Other personal infoOther personal info
May or may not have resulted from online May or may not have resulted from online transactions—databases are often transactions—databases are often networked for internal firm usenetworked for internal firm use
MKTG 476 SECURITY Lars Perner, Instructor 6
““Vulnerable” InformationVulnerable” Information
Social security numbersSocial security numbers Place and date of birth; mother’s maiden Place and date of birth; mother’s maiden
namename Home addressHome address Login and passwordsLogin and passwords Financial informationFinancial information
MKTG 476 SECURITY Lars Perner, Instructor 7
Data InterceptionData Interception
By employees or others with direct access to By employees or others with direct access to informationinformation
Cyber thieves may attempt to access information Cyber thieves may attempt to access information throughthrough– Phishing/pharmingPhishing/pharming– Host computerHost computer
Log-in through insecure passwordsLog-in through insecure passwords HackingHacking
– Internet trafficInternet traffic– Local networks—especially wireless with limited or no Local networks—especially wireless with limited or no
securitysecurity
MKTG 476 SECURITY Lars Perner, Instructor 8
Password VulnerabilitiesPassword Vulnerabilities
Disclosure to strangersDisclosure to strangers Theft of databasesTheft of databases PhishingPhishing Use of obvious passwordsUse of obvious passwords
– Common wordsCommon words– Personal information—e.g., phone number, address, Personal information—e.g., phone number, address,
birthdaybirthday
Passwords not frequently changedPasswords not frequently changed Password “sniffers”Password “sniffers”
MKTG 476 SECURITY Lars Perner, Instructor 9
Some Security MeasuresSome Security Measures
EncryptionEncryption Tracking of IP address of entry into the Tracking of IP address of entry into the
computercomputer Secondary passwordsSecondary passwords Consumer chosen iconConsumer chosen icon
– In e-mailsIn e-mails– At site, once origin IP address is recognizedAt site, once origin IP address is recognized
MKTG 476 SECURITY Lars Perner, Instructor 10
ServersServers
““Denial of service”Denial of service”– Numerous “requests to Numerous “requests to
identify” are sent to identify” are sent to targeted servertargeted server
– The server may slow The server may slow down or become down or become entirely in accessibleentirely in accessible
– Computers and servers Computers and servers infected through viruses infected through viruses are often targetedare often targeted
– Mostly intended as Mostly intended as “vandalism”“vandalism”
HackingHacking– ““Hackers” break into Hackers” break into
computer systemscomputer systems– PurposesPurposes
Taking on Taking on challenge/political challenge/political expressionexpression
VandalismVandalism Stealing informationStealing information
MKTG 476 SECURITY Lars Perner, Instructor 11
HackingHacking
Established software has “holes” that are Established software has “holes” that are gradually discoveredgradually discovered
May be able to “crash” sites and access May be able to “crash” sites and access “core dump” files intended for use by “core dump” files intended for use by programmers to identify problemsprogrammers to identify problems
Exploitation of “back doors” left by Exploitation of “back doors” left by programmersprogrammers
MKTG 476 SECURITY Lars Perner, Instructor 12
PhishingPhishing
Consumer receives an e-Consumer receives an e-mail asking that he or she mail asking that he or she log in to take care of log in to take care of account issuesaccount issues
This e-mail contains a This e-mail contains a legitimate-looking legitimate-looking hyperlink title but the hyperlink title but the actual link is to a take siteactual link is to a take site
1% of consumers are 1% of consumers are estimated to fall for the estimated to fall for the hoaxhoax
The consumer logs into a The consumer logs into a fake site, providing login, fake site, providing login, password, and other infopassword, and other info
MKTG 476 SECURITY Lars Perner, Instructor 13
Phishing--RemediesPhishing--Remedies
Consumer educationConsumer education Software safeguardsSoftware safeguards
– Warning if the internal link Warning if the internal link does not match the titledoes not match the title Feasible only when the title Feasible only when the title
features an actual addressfeatures an actual address
E-mail filtersE-mail filters– E-mail programsE-mail programs– ServerServer– Anti-virus softwareAnti-virus software
Quick identification of Quick identification of phishing sitesphishing sites– Cooperation with hostCooperation with host– Denial-of-service attacks if Denial-of-service attacks if
neededneeded– Massive entry of fake dataMassive entry of fake data
Tracing of logins based Tracing of logins based from origin of phishing e-from origin of phishing e-mail or sitemail or site
MKTG 476 SECURITY Lars Perner, Instructor 14
PharmingPharming
The user attempts to go to a The user attempts to go to a legitimate web site address but legitimate web site address but is redirectedis redirected– Through hacking of DNS servers Through hacking of DNS servers
(match domain names with (match domain names with numerical IP address)numerical IP address)
– Through false report of changed Through false report of changed server to DNS registrarserver to DNS registrar
– Malicious code in “trojan horse” or Malicious code in “trojan horse” or virus to redirect trafficvirus to redirect traffic
MKTG 476 SECURITY Lars Perner, Instructor 15
VirusesViruses
““Malicious code” that attacks a computer toMalicious code” that attacks a computer to– Cause damage (vandalism)Cause damage (vandalism)– Serve as spam or denial of service attack serverServe as spam or denial of service attack server– Transmit dataTransmit data
Spread throughSpread through– Software (as trojan horse or through infection of Software (as trojan horse or through infection of
legitimate software)legitimate software)– E-mail attachmentsE-mail attachments– Online activityOnline activity
MKTG 476 SECURITY Lars Perner, Instructor 16
Trojan HorsesTrojan Horses
Legitimate-looking Legitimate-looking software intended to software intended to spread malicious codespread malicious code
User downloads User downloads software and once run, software and once run, malicious code is run malicious code is run with results similar to with results similar to those of virusesthose of viruses
MKTG 476 SECURITY Lars Perner, Instructor 17
““Spyware”Spyware”
Software that sends back user information Software that sends back user information through Internet connectionthrough Internet connection
Legal vs. illegalLegal vs. illegal– Legitimate and authorized by userLegitimate and authorized by user– Non-malicious intent but not authorizedNon-malicious intent but not authorized– MaliciousMalicious
May be spread through program, trojan, or May be spread through program, trojan, or virusvirus
MKTG 476 SECURITY Lars Perner, Instructor 18
E-mail SpamE-mail Spam
Unsolicited e-mail messagesUnsolicited e-mail messages Unsolicited contacts have always happened Unsolicited contacts have always happened
but telemarketing and bulk mail are more but telemarketing and bulk mail are more expensive than e-mailexpensive than e-mail
Very low response rate but very low cost of Very low response rate but very low cost of distributiondistribution
Usually sent byUsually sent by– Unauthorized vendorsUnauthorized vendors– Fraudulent persons/vendorsFraudulent persons/vendors
MKTG 476 SECURITY Lars Perner, Instructor 19
Determining When E-mail Is Likely to Determining When E-mail Is Likely to Be WelcomeBe Welcome
Individual vs. mall mailingIndividual vs. mall mailing Established relationship with receiverEstablished relationship with receiver
– Logistical communicationLogistical communication– Offering of new servicesOffering of new services– Promoting services by othersPromoting services by others
Opt-in policiesOpt-in policies
MKTG 476 SECURITY Lars Perner, Instructor 20
Spam RemediesSpam Remedies
Termination by hostTermination by host– E-mail generally sent E-mail generally sent
through SMTP servers through SMTP servers located at the Internet located at the Internet Service Provider (ISP) siteService Provider (ISP) site
– ProblemsProblems Foreign governments may Foreign governments may
not cooperatenot cooperate Spammer may move on to Spammer may move on to
other addresses quicklyother addresses quickly
Anti-spam programsAnti-spam programs– LocationsLocations
In e-mail serversIn e-mail servers On the user’s computerOn the user’s computer At local serverAt local server
– ProblemsProblems Distinguishing legitimate Distinguishing legitimate
messages from non-messages from non-legitimate legitimate
– Imperfect algorithms Imperfect algorithms
RegulatoryRegulatory– Legal limitsLegal limits– Litigation of offenders in Litigation of offenders in
reachable jurisdictionsreachable jurisdictions