PPT on MIS
-
Upload
govind-tanwar -
Category
Documents
-
view
48 -
download
2
Transcript of PPT on MIS
![Page 1: PPT on MIS](https://reader036.fdocuments.in/reader036/viewer/2022081421/553571f35503463f7c8b45e3/html5/thumbnails/1.jpg)
MANAGEMENT INFORMATION SYSTEM (MIS)
MBA II SEM(SEC-A)
PRESENTED BY THAKUR SINGH GOVIND SINGH TANWER DHARMVIR
![Page 2: PPT on MIS](https://reader036.fdocuments.in/reader036/viewer/2022081421/553571f35503463f7c8b45e3/html5/thumbnails/2.jpg)
Overview
The FLI Model Infiltrations:
– Viruses / Worms– Lessons Learned
Firewalls & Attacks– What is a firewall?– How do they work?– How to prevent attacks
![Page 3: PPT on MIS](https://reader036.fdocuments.in/reader036/viewer/2022081421/553571f35503463f7c8b45e3/html5/thumbnails/3.jpg)
Security Problems & Solutions
Failure (Process/Storage)
Lies Infiltration
Prevention Physical Security Uninterruptible Power
Firewalls
AuthenticationAuthorizationNon-RepudiationTime-StampingDigital Signatures
Hardware Protection
Firewalls
“Common Sense” Management Non-Stop ProcessesFault-ToleranceWatchdog ProcessorReplication, RAID Backups
Byzantine AgreementReputation Systems
Intrusion DetectionAnti-virus Software
Recovery Fail-OverHot SwappingKey Escrow
Fail-Stop Digital Signatures
Auditing
Certificate Revocation
![Page 4: PPT on MIS](https://reader036.fdocuments.in/reader036/viewer/2022081421/553571f35503463f7c8b45e3/html5/thumbnails/4.jpg)
Morris Worm (1988)
Damage: 6000 computers in just a few hours What: just copied itself; didn’t touch data Exploited:
– buffer overflow in fingerd (UNIX)– sendmail debug mode (exec arbitrary cmds)– dictionary of 432 frequently used passwords
![Page 5: PPT on MIS](https://reader036.fdocuments.in/reader036/viewer/2022081421/553571f35503463f7c8b45e3/html5/thumbnails/5.jpg)
Morris Worm (1988)
Lessons Learned from Morris– Diversity is good.– Big programs have many exploitable bugs.– Choose good passwords.– Don’t shut down mail servers: did prevent worm
from spreading but also shut down defense– CERT was created to respond to attacks
![Page 6: PPT on MIS](https://reader036.fdocuments.in/reader036/viewer/2022081421/553571f35503463f7c8b45e3/html5/thumbnails/6.jpg)
Melissa (1999)
What: just copied itself; did not touch data When date=time, “Twenty-two points, plus triple word
score, plus fifty points for using all my letters. Game’s over. I’m outta here.”
Exploited:– MS Word Macros (VB)– MS Outlook Address Book (Fanout = 50)
“Important message from <user name> …”
![Page 7: PPT on MIS](https://reader036.fdocuments.in/reader036/viewer/2022081421/553571f35503463f7c8b45e3/html5/thumbnails/7.jpg)
Melissa (1999)
Lessons Learned:– Homogeneity is bad.– Users will click on anything.– Separation of applications is good.– Users “trusted” the message since it came from
someone they knew.– Don’t open attachments unless they are expected.
![Page 8: PPT on MIS](https://reader036.fdocuments.in/reader036/viewer/2022081421/553571f35503463f7c8b45e3/html5/thumbnails/8.jpg)
Other Viruses / Worms
CIH Chernobyl Virus, 1998, Taiwan:– Time bomb: April 26, or 26th of each month– Writes random garbage to disk start at sector 0– attempts to trash FLASH BIOS– Hides itself in unused spaces
Worm.ExploreZip, 1999: Melissa + zeroed out files BubbleBoy, 1999: Melissa-like except doesn’t require
opening an attachment (ActiveX) Love Bug, 2000: “I LOVE YOU” (like Melissa)
![Page 9: PPT on MIS](https://reader036.fdocuments.in/reader036/viewer/2022081421/553571f35503463f7c8b45e3/html5/thumbnails/9.jpg)
Code Red (2001)
Runs on WinNT 4.0 or Windows 2000 Scans port 80 on up to 100 random IP addresses Resides only in RAM; no files Exploits buffer overflow in Microsoft IIS 4.0/5.0
(Virus appeared one month after advisory went out) Two flavors:
– Code Red I: high traffic, web defacements, DDOS on whitehouse.gov, crash systems
– Code Red II: high traffic, backdoor install, crash systems Three phases: propagation (1-19), flood (20-27), termination (28-
31) Other victims: Cisco 600 Routers, HP JetDirect Printers
![Page 10: PPT on MIS](https://reader036.fdocuments.in/reader036/viewer/2022081421/553571f35503463f7c8b45e3/html5/thumbnails/10.jpg)
Nimda (2001)
Multiple methods of spreading(email, client-to-server, server-to-client, network sharing)
– Server-to-client: IE auto-executes readme.eml (that is attached to all HTML files the server sends back to the client)
– Client-to-server: “burrows”: scanning is local 75% of time– Email: readme.exe is auto executed upon viewing HTML email
on IE 5.1 or earlier
![Page 11: PPT on MIS](https://reader036.fdocuments.in/reader036/viewer/2022081421/553571f35503463f7c8b45e3/html5/thumbnails/11.jpg)
Just this week… BadTrans Worm
Spread via email; attacks Windows systems Records (once per second) keystrokes,
usernames, & passwords into windows with titles: LOG, PAS, REM, CON, TER, NET
Sends to – one of 20+ email addresses– one of 15+ from addresses– one of 15+ attachment names w/ 2 extensions
({.doc/.mp3/.zip},{.pif/.scr})
![Page 12: PPT on MIS](https://reader036.fdocuments.in/reader036/viewer/2022081421/553571f35503463f7c8b45e3/html5/thumbnails/12.jpg)
Firewalls
Two major technologies:– Packet Filters– Proxies
Related technologies– Network Address Translation (NAT)– Virtual Private Networks (VPN)
![Page 13: PPT on MIS](https://reader036.fdocuments.in/reader036/viewer/2022081421/553571f35503463f7c8b45e3/html5/thumbnails/13.jpg)
Packet Filtering Routers
Filter on: – IP Source, IP Dest, Protocol (TCP, UDP, ICMP)– TCP/UDP Source & Dest Ports– ICMP Message Type (req,reply,time exceed)– Packet Size– NICs
Stateful vs. Stateless Inspection– i.e., UDP DA/DP checking
Simple Protocol Checking– i.e., Format Checking, Disconnect “anonymous” FTP x-fers
![Page 14: PPT on MIS](https://reader036.fdocuments.in/reader036/viewer/2022081421/553571f35503463f7c8b45e3/html5/thumbnails/14.jpg)
Packet Filtering
Advantages– One router can protect entire network– Simple filtering is efficient– Widely available
Disadvantages– Hard to configure & test– Reduces router performance– Can’t enforce some policies (i.e., user-level)
![Page 15: PPT on MIS](https://reader036.fdocuments.in/reader036/viewer/2022081421/553571f35503463f7c8b45e3/html5/thumbnails/15.jpg)
Proxies
Security vs. Caching Proxies SOCKS: proxy construction toolkit Trusted Information Systems Firewall Toolkit
(TIS FWTK: Telnet, FTP, HTTP, rlogin, X11) Most used to control use of outbound services Can also be used to control inbound services
(reverse proxying)
![Page 16: PPT on MIS](https://reader036.fdocuments.in/reader036/viewer/2022081421/553571f35503463f7c8b45e3/html5/thumbnails/16.jpg)
Proxies
Advantages– Logging, Caching, Intelligent Filtering– User-level authentication– Guards against weak IP implementations
Disadvantages– Lag behind nonproxied services– Requires different servers for each service– Usually requires modifications to client applications
![Page 17: PPT on MIS](https://reader036.fdocuments.in/reader036/viewer/2022081421/553571f35503463f7c8b45e3/html5/thumbnails/17.jpg)
Firewall Architectures
Dual-Homed Host– Services can only be proxied
Screening Router w/ Bastion Host– Security by packet filtering– Bastion host is single point of failure
Screened Subnet– Ext Router, Perimeter, Bastion Host, Interior Router– Internal ethernet packets protected from perimeter
![Page 18: PPT on MIS](https://reader036.fdocuments.in/reader036/viewer/2022081421/553571f35503463f7c8b45e3/html5/thumbnails/18.jpg)
Example Attacks
IP Spoofing TCP SYN Flood SMURF Attack
– ICMP Ping w/ max payload to broadcast address
D-DOS Attack– Infiltrate, set up sleepers, attack at once
![Page 19: PPT on MIS](https://reader036.fdocuments.in/reader036/viewer/2022081421/553571f35503463f7c8b45e3/html5/thumbnails/19.jpg)
References
White-Hat Security Arsenal, A. Rubin Security Engineering, R. Anderson Gary Kessler Building Internet Firewalls, E. Zwicky, et. Al. Counter Hack, E. Skoudis
![Page 20: PPT on MIS](https://reader036.fdocuments.in/reader036/viewer/2022081421/553571f35503463f7c8b45e3/html5/thumbnails/20.jpg)
Network Address Translation (NAT)
Translates network addresses & ports Does not provide additional “security” Possibilities:
– One external address per internal address– Dynamically assign external address– Map multiple internal to one external (port sharing)– Dynamically assign external addresses and ports
![Page 21: PPT on MIS](https://reader036.fdocuments.in/reader036/viewer/2022081421/553571f35503463f7c8b45e3/html5/thumbnails/21.jpg)
Network Address Translation (NAT)
Advantages– Helps enforce control over outbound connections– Helps restrict incoming traffic– Helps conceal internal network configuration
Disadvantages– Not good for UDP (guess session lifetimes)– Doesn’t deal with embedded IP addresses– Interferes with authentication & encryption– Interferes with logging & packet filtering
![Page 22: PPT on MIS](https://reader036.fdocuments.in/reader036/viewer/2022081421/553571f35503463f7c8b45e3/html5/thumbnails/22.jpg)
Virtual Private Networks
Advantages:– Provides overall encryption– Allows use of protocols that are hard to secure any
other way
Disadvantages:– Involves “dangerous” network connections– Extends the network that must be protected
![Page 23: PPT on MIS](https://reader036.fdocuments.in/reader036/viewer/2022081421/553571f35503463f7c8b45e3/html5/thumbnails/23.jpg)
Management information system (MIS) An MIS provides managers with information and support
for effective decision making, and provides feedback on daily operations
Output, or reports, are usually generated through accumulation of transaction processing data
Each MIS is an integrated collection of subsystems, which are typically organized along functional lines within an organization
![Page 24: PPT on MIS](https://reader036.fdocuments.in/reader036/viewer/2022081421/553571f35503463f7c8b45e3/html5/thumbnails/24.jpg)
What is a computer virus?
Computer viruses are small software programs that are designed to spread from one computer to another and to interfere with computer operation.
A virus might corrupt or delete data on your computer, use your email program to spread itself to other computers, or even erase everything on your hard disk.
Computer viruses are often spread by attachments in email messages or instant messaging messages. That is why it is essential that you never open email attachments unless you know who it's from and you are expecting it.
Viruses can be disguised as attachments of funny images, greeting cards, or audio and video files
![Page 25: PPT on MIS](https://reader036.fdocuments.in/reader036/viewer/2022081421/553571f35503463f7c8b45e3/html5/thumbnails/25.jpg)
How to remove and avoid computer viruses
A computer virus is malicious software (also known as "malware") that can copy itself and infect other software or files on your computer.
If you suspect your computer has been infected, the Microsoft Windows website provides step-by-step instructions for removing viruses and other malware.
Fortunately, if you update your computer and use free antivirus software such as Microsoft Security Essentials, you can help permanently remove unwanted software and prevent installation in the first place.
![Page 26: PPT on MIS](https://reader036.fdocuments.in/reader036/viewer/2022081421/553571f35503463f7c8b45e3/html5/thumbnails/26.jpg)
What is spyware?
Spyware is a general term used to describe software that performs certain behaviors, generally without appropriately obtaining your consent first, such as:
Advertising Collecting personal information Changing the configuration of your computer Spyware is often associated with software that displays
advertisements (called adware) or software that tracks personal or sensitive information.
![Page 27: PPT on MIS](https://reader036.fdocuments.in/reader036/viewer/2022081421/553571f35503463f7c8b45e3/html5/thumbnails/27.jpg)
Trading tracking for services
That does not mean all software that provides ads or tracks your online activities is bad. For example, you might sign up for a free music service, but you "pay" for the service by agreeing to receive targeted ads. If you understand the terms and agree to them, you may have decided that it is a fair tradeoff. You might also agree to let the company track your online activities to determine which ads to show you.
![Page 28: PPT on MIS](https://reader036.fdocuments.in/reader036/viewer/2022081421/553571f35503463f7c8b45e3/html5/thumbnails/28.jpg)
What spyware does
Other kinds of spyware make changes to your computer that can be annoying and can cause your computer slow down or crash. These programs can change your web browser's home page or search page, or add additional components to your browser you don't need or want. They also make it very difficult for you to change your settings back to the way you had them.
![Page 29: PPT on MIS](https://reader036.fdocuments.in/reader036/viewer/2022081421/553571f35503463f7c8b45e3/html5/thumbnails/29.jpg)
How to protect spyware
Spyware and other unwanted software can Invade your privacy Bombard you with pop-up windows Slow down your computer Make your computer crash
![Page 30: PPT on MIS](https://reader036.fdocuments.in/reader036/viewer/2022081421/553571f35503463f7c8b45e3/html5/thumbnails/30.jpg)
What is a computer virus?computer operation.
A virus might corrupt Computer viruses are small software programs that are designed to spread from one computer to another and to interfere with or delete data on your computer, use your email program to spread itself to other computers, or even erase everything on your hard disk.
Computer viruses are often spread by attachments in email messages or instant messaging messages. That is why it is essential that you never open email attachments unless you know who it's from and you are expecting it.
Viruses can be disguised as attachments of funny images, greeting cards, or audio and video files
![Page 31: PPT on MIS](https://reader036.fdocuments.in/reader036/viewer/2022081421/553571f35503463f7c8b45e3/html5/thumbnails/31.jpg)
How to remove and avoid computer viruses
A computer virus is malicious software (also known as "malware") that can copy itself and infect other software or files on your computer.
If you suspect your computer has been infected, the Microsoft Windows website provides step-by-step instructions for removing viruses and other malware.
Fortunately, if you update your computer and use free antivirus software such as Microsoft Security Essentials, you can help permanently remove unwanted software and prevent installation in the first place.
![Page 32: PPT on MIS](https://reader036.fdocuments.in/reader036/viewer/2022081421/553571f35503463f7c8b45e3/html5/thumbnails/32.jpg)
What is spyware?
Spyware is a general term used to describe software that performs certain behaviors, generally without appropriately obtaining your consent first, such as:
Advertising Collecting personal information Changing the configuration of your computer Spyware is often associated with software that displays
advertisements (called adware) or software that tracks personal or sensitive information.
![Page 33: PPT on MIS](https://reader036.fdocuments.in/reader036/viewer/2022081421/553571f35503463f7c8b45e3/html5/thumbnails/33.jpg)
Trading tracking for services
That does not mean all software that provides ads or tracks your online activities is bad. For example, you might sign up for a free music service, but you "pay" for the service by agreeing to receive targeted ads. If you understand the terms and agree to them, you may have decided that it is a fair tradeoff. You might also agree to let the company track your online activities to determine which ads to show you.
![Page 34: PPT on MIS](https://reader036.fdocuments.in/reader036/viewer/2022081421/553571f35503463f7c8b45e3/html5/thumbnails/34.jpg)
What spyware does
Other kinds of spyware make changes to your computer that can be annoying and can cause your computer slow down or crash. These programs can change your web browser's home page or search page, or add additional components to your browser you don't need or want. They also make it very difficult for you to change your settings back to the way you had them.
![Page 35: PPT on MIS](https://reader036.fdocuments.in/reader036/viewer/2022081421/553571f35503463f7c8b45e3/html5/thumbnails/35.jpg)
How to prevent spyware
Spyware and other unwanted software can Invade your privacy Bombard you with pop-up windows Slow down your computer Make your computer crash
![Page 36: PPT on MIS](https://reader036.fdocuments.in/reader036/viewer/2022081421/553571f35503463f7c8b45e3/html5/thumbnails/36.jpg)
Steps to protect your pc
Step 1: Use a firewall Step 2: Update your software Step 3: Adjust Internet Explorer security
settings Step 4: Download and install antispyware
protection Step 5: Surf and download more safely
![Page 37: PPT on MIS](https://reader036.fdocuments.in/reader036/viewer/2022081421/553571f35503463f7c8b45e3/html5/thumbnails/37.jpg)
Thank you