Information Technology and Ethics/Cyber- Crimes I
Types of Computers attacks
Viruses are pieces of computer programming code that causes a computer to behave in an undesirable way. Viruses can be attached to files or stored in the computers memory. Viruses may be programmed to different things such when they are downloaded or activated by a specific action for example viruses attached to file will infect that computer and any file created or modified on that machine.Viruses may also programmed to display a message when certain action are performed to execute the virus.Worms like viruses bury themselves in the memory of a machine and then duplicates itself with help from any help. It can send itself through emails and other connections. Phishing is when hackers try to obtain financial or other confidential information from Internet users, typically by sending an e-mail that looks as if it is from a legitimate organization, usually a financial institution, but contains a link to a fake Web site that replicates the real one. These con - artists urge the recipient of such emails to take action for rewards or avoid consequences. Hackers may use a backdoor within a computer system that is vulnerable, this allows them to remain undetected while they access important information. Key-logger programs allow attackers to view information that has been logged into a particular machine undetected. Botnets are a collection of computers that could bee spread around the world the are connected to the internet, they are controlled by one single computer.
Reason for Attacks
The complexity of networks, computers, operating systems, applications and other technology are interconnected and driven by many lines of code. This increases the number of back-doors with the more equipment attached. Inability to keep up with the change in technology, leaves little room for IT Professional to quickly find solutions for problems. A reliance on products with known vulnerabilities allows entrance into networks and personal computers before programmers are able to create a patch.
Impact on Business
The downtime required to repair networks that have been attacked, may harm the business's productivity, revenue, financial performance and damage the companies reputation. The impact on business may range from low to extreme impact. For example downtime that has minor impact on business may mean that minimal amount of systems are affected.While on the other side of the coin is the extreme impact on business,the company's future is at stake and cost of recover is inconsequential. Here is a list of cost involved of downtime:
- Direct Losses
- Loss of future earnings
- Billing losses of revenue
- Cash flow
- Stock price
- Overtime costs
- Loss of reputation
Prevention and Detection
A firewall guards the companies network from outside intrusion and to prevent employees from accessing prohibited sites. Intrusion prevention systems prevent attacks by blocking viruses and other threats from getting into the network. Antivirus software prevents viruses from infecting a computer by scanning for virus signatures. For antivirus to be effective
Intrusion protection system is software or hardware that monitors system resources, it identifies possible intrusions into the system from either within or outside of the organization.there are three types of intrusion systems:
- NIDS(network intrusion detection system) identifies intrusions through network traffic and monitors multiple hosts
- HIDS(Host based intrusion detection system) it identifies intrusions by reviewing host activities
- SIDS(Stack based intrusion system)packets are examined as they pass through the TCP/IP stack.
Since there is increased dependence on information and related systems, this also means companies have increased investments in information. This has the ability to impact business positively and negatively. In order to protect their investments companies must audit their security program in order to discover weaknesses and protect their organization. Internal auditors assure managers that policies and procedures they have implemented are working. They also monitor and test the reliability of the system.While external auditors evaluates the reliability and validity of the control systems.