ZeePedia

Antivirus software: Scanners, Active monitors, Behavior blockers, Logical intrusion, Best Password practices, Firewall

<< Physical vs. Logical access, Viruses, Sources of Transmissions, Technical controls
Types of Controls: Access Controls, Cryptography, Biometrics >>
img
VU
Information System (CS507)
LESSON 33
Antivirus software
Use of antivirus software is another very important technical control against the spread of virus.
33.1  Scanners
They scan the operating system and application soft ware for any virus based on the viruses they
contain. Every virus has a different bit pattern. These unique bit patterns act as an identity for the
virus and are called signatures. These signatures are available in virus definitions. Every scanner
contains in it certain virus definitions which in fact are signatures (bit patterns) for various kinds of
virus. The scanner checks or scans the operating system and other application soft wares installed
on the hard drives. While scanning, it checks the bit patterns in all software against the bit patterns
contained in the virus definitions of the scanner. If they found similar, they are labeled as virus.
Active monitors
33.2
This software serves the concurrent monitoring as the system is being used. They act as a guard
against viruses while the operating system is performing various functions e.g connected to
internet, transferring data, etc. It blocks a virus to access the specific portions to which only the
operating system has the authorized access. Active monitors can be problem some because they
can not distinguish between a user request and a program or a virus request. As a result, users are
asked to confirm actions, including formatting a disk or deleting a file or a set of files.
Behavior blockers
33.3
Focus on detecting potentially abnormal behavior in function of operating system or request made
by application software. Focus on detecting potentially abnormal behavior in function of operating
system or request made by application software, such as writing to the boot sector, or the master
boot record, or making change to executable files. Blockers can potentially detect a virus at an early
stage. Most hardware-based antivirus mechanisms are based on this concept.
Logical intrusion
33.4
The skills needed to exploit logical exposures are more technical and complex as compared to
physical exposures. Generally a similar term used in relation to logical intrusion is hacking.
In the 1990's dotcom boom encouraged many organizations to use internet for executing
transactions. Initially internet used was more oriented to providing information to the general
public. With the enhanced focus of the organizations to reduce operational costs, and increase
sales, the use of internet started increasing.
Today many commercial transactions can be performed on internet. Whether we are looking at
retail sales, booking airline tickets, banking, property management, staff management, shipping or
host of other applications, the whole world is trading and managing goods and services via web
based systems. This not only helped organizations to earn higher volumes of dollars, but also
exposed to un desirable threats. Customers and criminals are finding it convenient to have an
access to the information system of the organization.
Organizations presuppose that an online system is inherently safer than a high-street store. For
instance, A couple of guys walk up to the counter of a pharmacy at 2 a.m. in the morning, show a
knife and ask for money in the cash register and they walk away with the cash. Compare above
143
img
VU
Information System (CS507)
situation with this one. Two guys walk into the online store of a retail seller through a BACK
DOOR (A hole in the security of a system deliberately left in place by designers or maintainers.
They Access the database and steal the credit information of all the customers. There is no video,
no witness and no record. Neither of the above mentioned scenarios is rare. Intrusion into the
information system is simply not restricted through the internet. Intrusion can be made through
LAN or by actually sitting on the targeted terminal or computer. A person making an intrusion is
generally termed as intruder. However, he can be classified according to the way he operates.
Possible perpetrators include:
·  Hackers
·  Hacktivists
·  Crackers
Hackers
A hacker is a person who attempts to invade the privacy of the system. In fact he attempts to gain
un authorized entry to a computer system by circumventing the system's access controls. Hackers
are normally skilled programmers, and have been known to crack system passwords, with quite an
ease. Initially hackers used to aim at simply copying the desired information from the system. But
now the trend has been to corrupt the desired information.
Hacktivsts
This refers to individuals using their skills to forward a political agenda, possibly breaking the law
in the process, but justifying their actions for political reasons.
Crackers
There are hackers who are more malicious in nature whose primary purpose or intent is to commit
a crime through their actions for some level of personal gain or satisfaction. The terms hack and
crack are often used interchangeably.
Its very common for hackers to misuse passwords and Personal identification number, in order to
gain unauthorized access.
Passwords
"Password is the secret character string that is required to log onto a computer system, thus
preventing unauthorized persons from obtaining access to the computer. Computer users may
password-protect their files in some systems."
Misuse of passwords
A very simple form of hacking occurs when the password of the terminal under the use of a
particular employee is exposed or become commonly known. In such a situation access to the
entire information system can be made through that terminal by using the password. The extent of
access available to an intruder in this case depends on the privilege rights available to the user.
Best Password practices
33.5
·
Keep the password secret ­ do not reveal it to anyone
·
Do not write it down ­ if it is complex, people prefer to save it in their cell phone memory, or
write on a piece of paper, both of these are not preferred practices.
144
img
VU
Information System (CS507)
·
Changing password regularly ­ Passwords should be associated with users not machines.
Password generation program can also be used for this purpose.
·
Be discreet ­ it is easy for the onlookers to see which keys are being used, care should be taken
while entering the password.
·
Do not use obvious password ­ best approach is to use a combination of letters, numbers,
upper case and lower case. Change passes word immediately if you suspect that anyone else
knows it.
A personal identification number (PIN) is a secret shared between a user and a system that can be
used to authenticate the user to the system. Typically, the user is required to provide a non-
confidential user identifier or token (such as an debit card) and a confidential PIN to gain access to
the system. Upon receiving the User ID and PIN, the system looks up the PIN based upon the
User ID and compares the looked-up PIN with the received PIN. If they match, then the user is
granted access. If they do not match, then the user is not granted access. PIN's are most often
used for ATMs. They are also sometimes used for online systems instead of alphanumeric
passwords, which may compromise security.
If the organization is linked to an external network, persons outside the company may be able to
get into the company's internal network either to steal data or to damage the system. System can
have fire walls, which disable part of the telecoms technology to prevent unwelcome intrusions
into the company but a determined hacker may be able to bypass even these.
Firewall
33.6
Firewall is the primary method for keeping a computer secure from intruders. A firewall allows or
blocks traffic into and out of a private network or the user's computer. Firewalls are widely used to
give users secure access to the Internet as well as to separate a company's public Web server from
its internal network. Firewalls are also used to keep internal network segments secure; for example,
the accounting network might be vulnerable to snooping from within the enterprise. In the home,
a personal firewall typically comes with or is installed in the user's computer. Personal firewalls may
also detect outbound traffic to guard against spy ware, which could be sending your surfing habits
to a Web site. They alert you when software makes an outbound request for the first time. In the
organization, a firewall can be a stand-alone machine or software in a server. It can be as simple as
a single server or it may comprise a combination of servers each performing some type of firewall
processing.
145
Table of Contents:
  1. Need for information, Sources of Information: Primary, Secondary, Tertiary Sources
  2. Data vs. Information, Information Quality Checklist
  3. Size of the Organization and Information Requirements
  4. Hierarchical organization, Organizational Structure, Culture of the Organization
  5. Elements of Environment: Legal, Economic, Social, Technological, Corporate social responsibility, Ethics
  6. Manual Vs Computerised Information Systems, Emerging Digital Firms
  7. Open-Loop System, Closed Loop System, Open Systems, Closed Systems, Level of Planning
  8. Components of a system, Types of Systems, Attributes of an IS/CBIS
  9. Infrastructure: Transaction Processing System, Management Information System
  10. Support Systems: Office Automation Systems, Decision Support Systems, Types of DSS
  11. Data Mart: Online Analytical Processing (OLAP), Types of Models Used in DSS
  12. Organizational Information Systems, Marketing Information Systems, Key CRM Tasks
  13. Manufacturing Information System, Inventory Sub System, Production Sub System, Quality Sub system
  14. Accounting & Financial Information Systems, Human Resource Information Systems
  15. Decision Making: Types of Problems, Type of Decisions
  16. Phases of decision-making: Intelligence Phase, Design Phase, Choice Phase, Implementation Phase
  17. Planning for System Development: Models Used for and Types of System Development Life-Cycle
  18. Project lifecycle vs. SDLC, Costs of Proposed System, Classic lifecycle Model
  19. Entity Relationship Diagram (ERD), Design of the information flow, data base, User Interface
  20. Incremental Model: Evaluation, Incremental vs. Iterative
  21. Spiral Model: Determine Objectives, Alternatives and Constraints, Prototyping
  22. System Analysis: Systems Analyst, System Design, Designing user interface
  23. System Analysis & Design Methods, Structured Analysis and Design, Flow Chart
  24. Symbols used for flow charts: Good Practices, Data Flow Diagram
  25. Rules for DFD’s: Entity Relationship Diagram
  26. Symbols: Object-Orientation, Object Oriented Analysis
  27. Object Oriented Analysis and Design: Object, Classes, Inheritance, Encapsulation, Polymorphism
  28. Critical Success Factors (CSF): CSF vs. Key Performance Indicator, Centralized vs. Distributed Processing
  29. Security of Information System: Security Issues, Objective, Scope, Policy, Program
  30. Threat Identification: Types of Threats, Control Analysis, Impact analysis, Occurrence of threat
  31. Control Adjustment: cost effective Security, Roles & Responsibility, Report Preparation
  32. Physical vs. Logical access, Viruses, Sources of Transmissions, Technical controls
  33. Antivirus software: Scanners, Active monitors, Behavior blockers, Logical intrusion, Best Password practices, Firewall
  34. Types of Controls: Access Controls, Cryptography, Biometrics
  35. Audit trails and logs: Audit trails and types of errors, IS audit, Parameters of IS audit
  36. Risk Management: Phases, focal Point, System Characterization, Vulnerability Assessment
  37. Control Analysis: Likelihood Determination, Impact Analysis, Risk Determination, Results Documentation
  38. Risk Management: Business Continuity Planning, Components, Phases of BCP, Business Impact Analysis (BIA)
  39. Web Security: Passive attacks, Active Attacks, Methods to avoid internet attacks
  40. Internet Security Controls, Firewall Security SystemsIntrusion Detection Systems, Components of IDS, Digital Certificates
  41. Commerce vs. E-Business, Business to Consumer (B2C), Electronic Data Interchange (EDI), E-Government
  42. Supply Chain Management: Integrating systems, Methods, Using SCM Software
  43. Using ERP Software, Evolution of ERP, Business Objectives and IT
  44. ERP & E-commerce, ERP & CRM, ERP– Ownership and sponsor ship
  45. Ethics in IS: Threats to Privacy, Electronic Surveillance, Data Profiling, TRIPS, Workplace Monitoring