IT550 Assignment Unit 1 Kaplan University As the digital age progresses, more and more business is conducted electronically. Symbiotically illegal activities of those that wish to prosper from security vulnerabilities will increase. Cybercrime can be motivated by a number of factors including terrorism. Cyberterrorism is any terrorist act that uses computers as the vehicle for their attack. Cyber terrorists can be motivated to target organizations that will result in the radical’s group to cause the most harm and/or receive the most attention for their party.
Internal attacks can be more difficult to find as attackers have the potential to remove any evidence of the attack more easily as they have more knowledge or access rights on the system as opposed to an outside attack. Attacks can be administrated via removable devices such as a USB that could contain some form of malware on it such as a virus. Most internal attacks are conducted by unhappy employees who want to disrupt the organisation by using the knowledge they obtained in the organisation, against the organisation. Additionally, the employee may want to gain access to important data in order to infiltrate and sell the information onto another competing organisation. The
Attackers are always looking for devices and software that are newly added to a system and not updated correctly with the security measures in place already. This is the door they look for to get in. A method to avoid such opportunities is to deploy an automated asset inventory discovery tool and use it to build a preliminary asset inventory of systems connected to an organization's public and private network. This will help make the system capable of identifying any new unauthorized devices that are connected to the network within 24 hours, and of alerting or sending e-mail notification to a list of enterprise administrative personnel. Without such a tool in place an attacker will use the unpatched device or software to gain access and manipulate the network how they please.
I would change the administrative passwords on all systems routinely, implement a firewall program with remote access control which will not allow, hackers entry to your company’s system. Without passwords being assigned to data and systems, this simply protection becomes a target for hackers. Identity theft occurs in some of the largest companies and often times this security breach is kept quiet. This company has been hacked for customer’s birthdates twice in one month. This means that they are experiencing severe vulnerabilities and they need to take action immediately.
Ping Sweeps and Port Scans: Danger or Not? Guillermo Reveo Turnbull DeVry University SEC 280 Principles Information Systems Security Professor: Gregory Gleghorn May 11, 2015 Ping Sweeps and Port Scans: Danger or Not? The Information Technology world is constantly evolving with the passing of each and every day. As developments arise that add to the advancement of the various enterprises, there is still a growing concern for ways to protect intellectual property from being invaded by intrusive attacks employed by individuals or groups seeking to compromise the network security of many companies using some of the most clandestine approaches. The only intent is to wreak havoc at any possible moment.
Since confidentiality is an issue, smartphone transmissions signals can be hacked by accidental broadcast. Third party snooping, can hack blue tooth signals that transmit confidential information. Stolen phones create a threat to business and the community through fraud. Training employees can be a measure to minimize the risks that poses a threat to cell phones. Some measures to help in information security could be aimed to data encryption, passwords, software, network security solutions and service companies offering voice encryption.
The Computer Fraud and Abuse Act explicitly states “when a trespass is made with an intent to defraud that results in both furthering the fraud and the attacker obtaining something of value” (Gallegos & Senft, 2009). This definitely applies in this case, the attacker(s) used an attack known as spear fishing to dupe our customers into unintentionally installing a keystroke logging virus on to their computers. Once the virus was in place the attacker(s) waited for our customers to log into their bank accounts and recorded all the information necessary to create new user accounts and transfer funds from our customers account to other various accounts eventually ending up in the attacker(s) accounts located overseas. This would meet the qualifications stated in the Computer Fraud and Abuse Act; the attacker trespassed on these computers with the intent to obtain something of value. Also by taking the data provided by the key logger they violated the Electronics Communications Privacy.
People who have committed crimes and who have been caught have had their personal information entered into a computer system. These systems are being connected thought the world making it easier for law enforcement to track people’s movement. As long as an agency is connected to the system, they can receive information, such as DNA, fingerprints, pictures, and videos. This type of technology has made solving crimes quicker; however, this technology has also benefited criminal, who can know use the internet to commit crimes against others. This also caused crime rates to increase.
Hackers may want to strike critical points of our infrastructure such as our economy or government. “The threat of cyber attack has grown so severe that the need for cyber security has topped the Director of National Intelligence list of global threats for the second year”. All across the FBI agency, cyber security is becoming a top priority. Any breach of any part of the FBI can be severe damage. It is better to prevent and predict attacks than to have to respond to them.
Two basic approaches are used in deliberate attacks on computer systems: data tampering and programming attack. Data tampering is a common means of attack that refers to an attack when someone enters false, fabricated or fraudulent data into a computer or changes or deletes existing data. This is the method often used by insiders and fraudsters and is extremely serious because it may not be detected. Programming attacks are popular with computer criminals that use programming techniques to modify other computer programs. For these types of crimes, programming skill and knowledge of the targeted systems are needed.