4-3. Protection of Information Flashcards
Mobile device: What are examples? Benefits?
iPhones, androids, blackberries, tablet computers.
Benefits: Ubiquitous computing - universal data availability.
Mobile device: risks?
- User-installed applications can create security risks (e.g. spyware)
- Loss or theft
Mobile device: challenges?
- Redesigning displays, ensuring functionality across platforms, etc
- Emerging technologies: Siri, Movie her, voice recognition/input, biometric identification
Mobile device: what is SDLC?
System development life cycle.
Mobile device: what are end-user system development risks?
- No knowledge or application of SDLC
- Inadequate system testing and documentation
- Poor data controls
- Poor integration with existing systems
- Poor system design
Mobile device: end-user system development risks: what is the responses?
Software and program development and implementation
- third-party review and testing of user-developed programs
- catalog and store programs in secure and off-site location
Segregation of duties
- third-party review of data entry (if any) and report production
- implement additional supervision and review as feasible
What is SBE?
Small business environment.
SBE: what are end-user computing risks?
- Hard to control
* Higher risk of errors, defalcation, system failure
SBE: characteristics?
- Exclusively microcomputers
- No centralized info. Technology (IT) dept often outsourced
- Poor segregation of duties (incompatible functions often combined)
SBE: computing risks and responses?
Risk: Unprotected computing sites
Response: Give > attention to locked doors and secure storage (e.g. CDs, DVDs, flash drives)
Risk: Logical (electronic) access
Response: Require usernames and strong passwords, automatic log out after unused period
Risk: Data backup
Response: Outsource, or establish and enforce policies (e.g. centralized and automate through network)
SBE: what is a compensating control?
Close involvement of knowledgeable owner.
Mobile device: what items should be included in mobile applications training?
- Organizational policies
- Password maintenance and protection
- When and how to use mobile devices
- Procedures for lost or stolen devices
Mobile device: definition?
Transportable (ubiquitous) computing devices; that is, computing devices that can be carried from place to place.
What are 3 approaches to consolidate data from multiple locations?
- Centralized system: data and processing at central location, user access via telecommunications channel
- Decentralized system: individual location processing and data, summarized data sent to central office, use is declining
- Distributed (hybrid) database system: distribute to locations according to need, seeks the best of centralized and decentralized, increasingly common
Centralized system: Advantages and disadvantages?
A: enables better data security, consistency in processing
D: high transmission costs, input/output bottlenecks at high traffic times (end of period), slow response to information requests
Decentralized system: Advantages and disadvantages?
A: lower transmission cost, lower processing power/storage needs at central site, lower input/output bottlenecks, higher response to local needs
D: higher data redundancy and poor information integration, higher security issues, higher hardware costs
Distributed database system: Advantages and disadvantages?
A: better communication between locations (all connected to distributed database), more current and complete info, reduce or eliminate need for expensive central processing center
B: similar to centralized systems, cost of communications among locations, access and update conflicts among locations
What are computer networks?
2 or more computing devices; Connected by a communications channel
What is node?
- Network access point
* A connected devices (computers, printers, headphones, etc) identified by type (linked to device protocols)
What is critical about nodes and security?
Controlling
What does node also could measure?
Measure of network complexity (e.g. 5 vs 30,000)
What is assigned to node?
A DNS and IP (internet protocol) address.
What is DNS?
Domain name system: translates network node into IP address.
What does network monitors do in relation to node?
Network monitors display node activity - status, extent of traffic, alarms (e.g. prohibited traffic)
Computer network: what are components?
- Switch (0,1) and/or router - router is increasingly common.
- Network Interface Card (NIC) or Network Adapter Card (NAC)
- Transmission media
Computer network: Describe switch and/or router.
- Route traffic and may include security features.
* Routers are smarter, more complex and cost more than switches.
Computer network: describe Network Interface Card (NIC) or Network Adapter Card (NAC).
- Circuit board and software on each node
- Translate between network and computer language
- Matches to transmission media
e. g. in each computer
Computer network: describe transmission media.
- Communication link between nodes (here a cable)
* May be wired or wireless
Computer network: what are types of nodes?
- Client
* Server
Computer network: describe client node.
- Usually an end user’s microcomputer
* Uses but does not provide network resources
Computer network: describe server node.
*Provide services or resources to network
*End-users access server resources but generally don’t use directly
*Server may lack keyboard and video (access through network)
E.g. a file server maintains centralized application and data files.
A printer server provides access to high quality printers
Computer network: What are types of networks?
- Local Area Networks (LANs)
- Wide Area Networks (WANs)
- Storage Area Networks (SANs)
- Personal Area Networks (PANs)
Computer network: describe LANs.
- use dedicated communication lines (i.e. used only by the network)
- cover limited area
Computer network: describe WANs.
*use public or shared communication lines (e.g. telephone lines, television cables)
Computer network: describe SANs.
- type of LAN
- dedicated: connected storage devices to servers and other devices
- centralize data storage
- increasing use in cloud computing
Computer network: describe PANs.
- create/used by individual person
- wireless: e.g. use Bluetooth (or IrDA) to connect a device (e.g. iPad) to keyboard, headset, mouse, another computer, etc
- wired: use fiber optics, twisted pair, coax or other cable (e.g. Apple) to connect
Computer network: why necessary?
- File and data sharing/resources
- Printing
- Remote access
- Directories (locate services on the network)
Computer network: what are types of communication media?
- Wired: twisted pair (copper), coaxial cable, fiber optic cable
- Wireless: microwave transmission, Wi-Fi or spread-spectrum radio transmission, Bluetooth, digital cellular
Computer network: wired: what are twisted pair?
- Originally for phone connections
- Historically, slowest, least secure (e.g. easy to tap), lowest capacity, most interference of wired media (EMI=electromagnetic interference)
- Low cost and common in US buildings (rapidly being replaced)
Computer network: wired: what is coaxial cable?
- Cable for your wired cable TV system
- Faster, more secure, moderate capacity, less subject to interference
- Slightly higher cost, common due to cable TV systems
Computer network: wired: what are fiber optic cable?
- Fast and secure, high capacity
- Light pulses not electrical impulses; no electrical interference, no degradation over long distances
- More expensive and often not already in US buildings
Computer network: wireless: what are microwave transmission?
- Use of terrestrial microwave and/or satellite microwave transmission
- Primarily used in WANs
Computer network: wireless: what are Wi-Fi or spread-spectrum radio transmission?
- Used in both large commercial networks and small home networks
- Used in LAN and also to provide access to WANs
- Currently: Wi-Fi connections often slower than wired coaxial systems
- (Ethernet) or fiber optic cable
Computer network: wireless: what are Bluetooth?
- A wireless communication protocol
- Same radio frequencies as Wi-Fi
- Lower power consumption and weaker connection; (10 meter range)
- Provide direct communication link between 2 devices (e.g. headset and cell phone)
- Used in personal area networks (PANs)
- E.g. cell phone receiving signal from GPS
Computer network: what are advantages of wireless and wired network?
Wireless: Scalable, flexible, often lower cost, mobility
Wired: Reliable, security, speed, occasionally lower cost
Large LANs and WANs often include both
Computer network: what are 3 types of ownerships?
Private, public, cloud computing/cloud services.
Computer network: describe private ownership, pros/cons.
Small number of applications or restricted set of users.
A: Secure, flexible, performance exceeds that of public
D: Costly
Computer network: describe public ownership, pros/cons.
*Owned by third-party companies and leased to users.
*Access is typically through dial-up circuits (e.g. what is used at Starbucks, McDonalds, etc).
*Exploding use
A and D: Opposite of private networks
Computer network: what are management tools for control?
- Response time reports
- Downtime reports
- Online monitors
- Network monitors
- Protocol analyzers
- Simple network management protocol (SNMP)
- Help desk reports
What is Internet?
- A “network of networks”
- Global network of billions of interconnected computers and networks
- World’s largest client-server network
Internet: what are 2 common protocols?
*TCP (transmission control protocol)
*IP (Internet Protocol): All nodes assigned an IP address for delivery of information
These are core protocol transmission on the Internet
Internet: what is protocol?
Rules by which a network operates and controls flow and priority of messages.
Internet: what is packet (or block)?
Meanings by which information is transmitted.
e.g. sent files are broken into packets.
Internet: what does each packet contains?
- Header: routing info (address), length, protocol (maybe), originating info
- Data
- Trailer: used in some systems, error detection bits, end of message identifier
Internet: what are most heavily used internet feature (in organizations)?
* TCP
Internet: what are 2 components of email?
- Mail servers: host that deliver, forward and store mail
2. Clients: link users to servers. Allow you to read, compose, send, and store email
Internet: what does TCP do?
Breaks up sent messages into IP packets
*Sent to a router(s) (sort of an internet postman - delivers packets) and delivered
Internet: what is url?
uniform resource locator.
Web address of a resource: e.g. the part after http://
Internet: what does browser do?
*Translates the url to an ip address
*Sends request for URL via HTTP: e.g. “http://” says use the HTTP protocol, “https://” says use a protocol with great (SSL) security.
could use “telnet://” - use telnet protocol to remote connect
Internet: what is HTTP?
Hypertext transfer protocol.
Internet: what are protocols and services?
- Simple Mail Transfer Protocol (SMTP): for email services
- Internet Message Access Protocol (IMAP): permits access to remote mailboxes (e.g. on a server) as if they were local (e.g. on a client system)
- File Transfer Protocol (FTP): for uploading and downloading files
- Instant Messaging (IM): common for informal, internal corporate communications
- Voice over IP (VoIP): for internet-based phone communications
Internet: what is Markup (or Tagging) languages?
Codes that indicate how parts of a file are to be processed or displayed.
Internet: what is html?
Hypertext markup language: core makeup language (way of tagging text for display) for web pages and the basic building-block protocol for constructing webpages.
Internet: what is XML?
Extensible markup language: for encoding (tagging) documents in machine-readable form.
Internet: what is XBRL?
Extensible business reporting language: XML based - for encoding and tagging business information such as financial information.
- Used in fillings with SEC on EDGAR
- Some companies now report FS in both paper and XBRIL formats
Internet: security: what monitoring employee use entails?
- Detect and/or prevent unauthorized uses: non-work tasks (shopping), legal issues (e.g. child pornography, gaming)
- National security/political control (China, Egypt, U.S.)
- Packet sniffers (view and capture sent info)
- Desktop surveillance (keystroke and website logging): e.g. Wavecrest
Internet: what does ISP do?
Internet Service Providers provide access through;
- direct connections to Internet backbone (high speed, high capacity communications line)
- e.g. insight cable, Wind stream
Internet: what are intranets and extranets?
Private (e.g. limited access) network built using Internet protocols
- Allows access to network resources through web browsers rather proprietary interface
- Reduces training and system development time
- Rapidly replacing traditional proprietary LANs and WANs
- Easier to use, greater security
- Internet portal - the entry site (URL) for an intranet
Internet: Describe intranets.
Available only within an organization (business, school, association).
Often used to connect geographically separate LANs within a company.
Internet: Describe extranets.
Extend intranet to associates.
E.g. suppliers, customers, business partners. Extended beyond the company “firewall”
Internet: what is often used to extend an intranet to an extranet?
Use VPN (virtual private network) technology to secure communications.
Internet: what is Web 2.0?
2nd generation, web-based collaboration and community-generated content.
Internet: what are tools for Web 2.0?
- Blogs: focused discussion or (b)log led by a moderator (share ideas and opinions)
- Wiki: knowledge-sharing collaborative website
- Twitter: micro-variation of a blog with 140 character limit. Often “follow” friends and celebrities
- RSS (really simple syndication)/ATOM feeds: news and info source by (free) subscription
What does repeaters do?
Strengthen the signal.
What does Gateways do?
Gateways connect Internet computers of dissimilar networks.
