Information Technology Reference
In-Depth Information
Methods
Examples
Add, delete, or change inputs to the computer system.
Delete records of absences from class in a student's school
records.
Modify or develop computer programs that commit
the crime.
Change a bank's program for calculating interest to make it
deposit rounded amounts in the criminal's account.
Alter or modify the data files used by the
computer system.
Change a student's grade from C to A.
Operate the computer system in such a way as to commit
computer crime.
Access a restricted government computer system.
Divert or misuse valid output from the computer system.
Steal discarded printouts of customer records from a company
trash bin.
Steal computer resources, including hardware, software,
and time on computer equipment.
Make illegal copies of a software program without paying for
its use.
Offer worthless products for sale over the Internet.
Send e-mail requesting money for worthless hair growth product.
Blackmail executives to prevent release of harmful
information.
Eavesdrop on organization's wireless network to capture
competitive data or scandalous information.
Blackmail company to prevent loss of computer-based
information.
Plant logic bomb and send letter threatening to set it off unless
paid considerable sum.
Table 14.1
•
Do not provide overfriendly logon procedures for remote users (e.g., an organization that
used the word
welcome
on their initial logon screen found they had difficulty prosecuting
a criminal hacker).
Common Methods Used to
Commit Computer Crimes
•
Restrict physical access to the server and configure it so that breaking into one server
won't compromise the whole network.
•
Give each application (e-mail, File Transfer Protocol, and domain name server) its own
dedicated server.
•
Turn audit trails on.
•
Consider installing caller ID.
•
Install a corporate firewall between your corporate network and the Internet.
•
Install antivirus software on all computers and regularly download vendor updates.
•
Conduct regular IS security audits.
•
Verify and exercise frequent data backups for critical data.
Using Intrusion Detection Software
An
intrusion detection system (IDS)
monitors system and network resources and notifies
network security personnel when it senses a possible intrusion. Examples of suspicious
activities include repeated failed logon attempts, attempts to download a program to a server,
and access to a system at unusual hours. Such activities generate alarms that are captured on
log files. Intrusion detection systems send an alarm, often by e-mail or pager, to network
security personnel when they detect an apparent attack. Unfortunately, many IDSs frequently
provide false alarms that result in wasted effort. If the attack is real, network security personnel
must make a decision about what to do to resist the attack. Any delay in response increases
the probability of damage from a criminal hacker attack. Use of an IDS provides another
layer of protection in the event that an intruder gets past the outer security layers—passwords,
security procedures, and corporate firewall.
A firm called Internet Security Systems (ISS) manages security for other organizations
through its Managed Protection Services. The company's IDSs are designed to recognize 30
of the most-critical threats, including worms that go after Microsoft software and those that
intrusion detection system
(IDS)
Software that monitors system and
network resources and notifies
network security personnel when it
senses a possible intrusion.
