Computer and Network Security Overview: Dr. Ebenezer Ankrah

lecturer dr ebenezer ankrah dept of information n.w
1 / 41
Embed
Share

Explore computer and network security concepts as presented by Dr. Ebenezer Ankrah from the Dept. of Information Studies. Learn about policies, procedures, and technical measures to safeguard information systems, alongside key topics like general controls and network security strategy.

  • Security
  • Network Security
  • Information Systems
  • Computer Security
  • Cybersecurity
rayaanacharya
clif_803 Follow

Uploaded on | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Lecturer: Dr. Ebenezer Ankrah, Dept. of Information Studies Contact Information: eankrah@ug.edu.gh College of Education School of Continuing and Distance Education 2014/2015 2016/2017

  2. Session Overview Computer and network security are Policies, procedures and technical measures used to prevent unauthorized access, alteration, theft, or physical damage to information systems. The motivation behind protecting computers and stored data is from the value associated with an organizational data and the potential for exposure or loss of that data. This session seeks to explain the security and control issues in terms of computer systems and computer networks. Slide 2

  3. Session Overview At the end of the session, the student will Be able to explain computer security and control issues Understand and apply the network security planning to a given organization Understand and identify threats to network security. Be able to describe firewall and its relevance Slide 3

  4. Session Outline The key topics to be covered in the session are as follows: Computer Security General Controls Network Security Strategy Slide 4

  5. Reading List http://crime.about.com/od/Crime_101/f/What-Is-A- Computer-Crime.htm http://www.wifinotes.com/computer-networks/security- issues-of-computer.html http://www.liutilities.com/articles/computer-network- security-issues/#.VoQH1hHnm1s http://www.ciscopress.com/articles/article.asp?p=1626588 Slide 5

  6. Reading List Alan, E., Kendall, M., & Poatsy, M. A. (2015). Technology In Action Complete (12th ed.). Upper Saddle River: New Jersy. Prentice Hall. (Chapter 7 & 12) O brien, J. A., & Marakas, G. M. (2011). Management Information Systems (11th ed.). Boston: McGraw-Hill Irwin. (Chapter 11) Slide 6

  7. Topic One SECURITY Slide 7

  8. Security Security: Policies, procedures and technical measures used to prevent unauthorized access, alteration, theft, or physical damage to information systems. Slide 8

  9. Security Network security deals with the requirements needed for a company, organization or a network administrator to help in protecting the network, computer systems and the resources that are network accessible. They are protected from any unauthorized entry, malicious components as well as monitoring continuously, consistently and measuring the effectiveness or lack of effectiveness of the network. Slide 9

  10. Security Network security is a major concern of every company that has a computer and is connected to a network. A network security that has been compromised means that a competitor or any hacker can gain entry to the sensitive or critical data and they may delete or make off with the information resulting in data loss or complete system destruction. The terms information security and network security are most of the time used to represent the same meaning. Network security, though, is more specifically taken as the provision protection from outside intruders. Slide 10

  11. Security Computer Security, the branch of Computer Science Risk Management, was introduced in 1970s. It is capable of properly addressing the security issues of computer that is why it is named Security Engineering. Its purpose is to ensure that a particular system is preserved from all kinds of cyber attack. Thus, computer security is the science that preserves data, keep up interaction and ensure uninterrupted service. Living in global world is neither easy nor safe. Security issues of computer are continually debated because of their increasing significance and vulnerability. Everyday thousands of confidential document and precious information is shared between users that are always at the risk of hacking. Slide 11

  12. Security Computer s security issues usually deals with process that can be used to preserve and protect data that is shared between users, in not only theoretical but also practical aspect. None can deny the luring fear of getting hacked by any genius at any time in the depths of cyber space. The attack might rob of the important financial details of an individual and the priceless data and details of any organization. Slide 12

  13. Security The aim of computer security is CIA to secure the confidentiality, integrity and availability of all information stored in our computer. Confidentiality Confidentiality can be interpreted as privacy or secrecy. Security gap can range from embarrassment to disaster. Integrity By integrity we mean that information is protected from all unauthorized changes that are undetectable to authorized users. In most of the hacking cases, integrity of resources is compromised. Slide 13

  14. Security Availability Availability reflects that the information is accessible to the authorized users. In national news we often heard of denial of service attacks; the unavailability of service is an attack of availability. Slide 14

  15. Security Why Systems Are Vulnerable Hardware problems Breakdowns, configuration errors, damage from improper use or crime. Software problems Programming errors, installation errors, unauthorized changes. Slide 15

  16. Security Disasters Power failures, flood, fires, etc. Use of networks and computers outside of firm s control E.g. with domestic or offshore outsourcing vendors Slide 16

  17. Security Internet vulnerabilities Network open to anyone. Size of Internet means abuses can have wide impact. Use of fixed Internet addresses with permanent connections to Internet eases identification by hackers. E-mail attachments. E-mail used for transmitting trade secrets. IM messages lack security, can be easily intercepted. Slide 17

  18. Security Malicious Software 1. Worms 2. Trojan Horses 3. Viruses 4. Spyware 5. Key loggers Slide 18

  19. Security Viruses Rogue software program that attaches itself to other software programs or data files in order to be executed. Worms Independent computer programs that copy themselves from one computer to other computers over a network. Slide 19

  20. Security Trojan horses Software program that appears to be benign but then does something other than expected. Spyware Small programs install themselves surreptitiously on computers to monitor user Web surfing activity and serve up advertising. Key loggers Record every keystroke on computer to steal serial numbers, passwords, launch Internet attacks. Slide 20

  21. Security Computer Crime Computer crime may be defined as any violations of criminal law that involve a knowledge of computer technology for their perpetration, investigation, or prosecution Computer crime, or cybercrime, is crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target. The use of a computer to take or alter data, or to gain unlawful use of computers or services. Slide 21

  22. Topic Two GENERAL CONTROLS Slide 22

  23. General Controls Controls: Methods, policies, and organizational procedures that ensure safety of organization s assets; accuracy and reliability of its accounting records; and operational adherence to management standards. Slide 23

  24. General Controls General controls General controls Govern design, security, and use of computer programs and security of data files in general throughout organization s information technology infrastructure. Apply to all computerized applications. Combination of hardware, software, and manual procedures to create overall control environment. Slide 24

  25. General Controls Types of general controls Software controls Hardware controls Computer operations controls Data security controls Implementation controls Administrative controls Slide 25

  26. General Controls SOFTWARE CONTROLS Monitor the use of system software and prevent unauthorized access of software program, system software, and computer programs. HARDWARE CONTROLS Ensure that computer hardware is physically secure, and check for equipment malfunction. Slide 26

  27. General Controls COMPUTER OPERATIONS CONTROLS Oversee the work of the computer department to ensure that programmed procedures are consistently and correctly applied to the storage and processing of data. DATA SECURITY CONTROLS Ensure that valuable business data files on either disk or tape are not subject to unauthorized access, change, or destruction while they are in use or in storage. Slide 27

  28. General Controls IMPLEMENTATION CONTROLS Audit the systems development process at various points to ensure that the process is properly controlled and managed. ADMINISTRATIVE CONTROLS Formalized standards, rules, procedures, and control disciplines to ensure that the organization s general and application controls are properly executed and enforced. Slide 28

  29. Topic Three NETWORK SECURITY STRATEGY Slide 29

  30. Network Security Strategy Developing security strategies that can protect all parts of a complicated network while having a limited effect on ease of use and performance is one of the most important and difficult tasks related to network design. Security design is challenged by the complexity and porous nature of modern networks that include public servers for electronic commerce, extranet connections for business partners, and remote-access services for users reaching the network from home, customer sites, hotel rooms, Internet cafes, and so on. Slide 30

  31. Network Security Strategy Following a structured set of steps when developing and implementing network security will help you address the varied concerns that play a part in security design. Many security strategies have been developed in a haphazard way and have failed to actually secure assets and to meet a customer's primary goals for security. Slide 31

  32. Network Security Strategy Breaking down the process of security design into the following steps will help you effectively plan and execute a security strategy: Identify network assets. Analyze security risks. Analyze security requirements and tradeoffs. Develop a security plan. Define a security policy. Develop procedures for applying security policies. Develop a technical implementation strategy. Achieve buy-in from users, managers, and technical staff. Train users, managers, and technical staff. Implement the technical strategy and security procedures. Test the security and update it if any problems are found. Maintain security. Slide 32

  33. Network Security Strategy Identifying Network Assets Network assets can include network hosts (including the hosts' operating systems, applications, and data), internetworking devices (such as routers and switches), and network data that traverses the network. Less obvious, but still important, assets include intellectual property, trade secrets, and a company's reputation. Slide 33

  34. Network Security Strategy Analyzing Security Risks Risks can range from hostile intruders to untrained users who download Internet applications that have viruses. Hostile intruders can steal data, change data, and cause service to be denied to legitimate users. Denial-of-service (DoS) attacks have become increasingly common in the past few years. Slide 34

  35. Network Security Strategy Analyzing Security Requirements and Tradeoffs In general, security requirements boil down to the need to protect the following assets: The confidentiality of data, so that only authorized users can view sensitive information The integrity of data, so that only authorized users can change sensitive information System and data availability, so that users have uninterrupted access to important computing resources Slide 35

  36. Network Security Strategy Developing a Security Plan One of the first steps in security design is developing a security plan. A security plan is a high-level document that proposes what an organization is going to do to meet security requirements. The plan specifies the time, people, and other resources that will be required to develop a security policy and achieve technical implementation of the policy. As the network designer, you can help your customer develop a plan that is practical and pertinent. The plan should be based on the customer's goals and the analysis of network assets and risks. Slide 36

  37. Network Security Strategy Developing a Security Policy A security policy is a formal statement of the rules by which people who are given access to an organization's technology and information assets must abide. A security policy informs users, managers, and technical staff of their obligations for protecting technology and information assets. The policy should specify the mechanisms by which these obligations can be met. As was the case with the security plan, the security policy should have buy-in from employees, managers, executives, and technical personnel. Slide 37

  38. Network Security Strategy Developing Security Procedures Security procedures implement security policies. Procedures define configuration, login, audit, and maintenance processes. Security procedures should be written for end users, network administrators, and security administrators. Security procedures should specify how to handle incidents (that is, what to do and who to contact if an intrusion is detected). Security procedures can be communicated to users and administrators in instructor- led and self-paced training classes. Slide 38

  39. Network Security Strategy Maintaining Security Security must be maintained by scheduling periodic independent audits, reading audit logs, responding to incidents, reading current literature and agency alerts, performing security testing, training security administrators, and updating the security plan and policy. Network security should be a perpetual process. Risks change over time, and so should security. Slide 39

  40. Network Security Strategy Cisco security experts use the term security wheel to illustrate that implementing, monitoring, testing, and improving security is a never-ending process. Many overworked security engineers might relate to the wheel concept. Continually updating security mechanisms to keep up with the latest attacks can sometimes make an administrator feel a bit like a hamster on a training wheel. Slide 40

  41. References French, C. S. (2001). Data processing and information technology (10th ed.). London, Continuum: Sage Publications Ltd. Hutchinson, S. E., & Sawyer, S. C. (2000). Computers, communication and information: A user s introduction (7th ed.). Boston: Irwin McGraw-Hill. O Leary, T. J. (2004). Computing today. Boston: McGraw Hill. O Leary, T. J., & O Leary, L. I. (2005). Computing Essentials. Boston: McGraw Hill. Thompson, R. L., & Cats-Bail, W. L. (2003). Information technology and management (2nd ed.). Boston: Irwin McGraw- Hill. Williams, et al (2003). Using information technology: a practical introduction of computers and communications. Boston: McGraw-Hill. Slide 41

Related


No related presentations.

More Related Content