CHAPTER 16

IT CONTROLS PART II:

SECURITY AND ACCESS

OPERATING SYSTEM

 The computer’s control program

 It allows users and their applications to share and access common computer
resources, such as processors, main memory, databases, and printers.

Operating Systems

 Perform three main tasks:

1. translates high-level languages into the machine-level language
 COBOL, C++, BASIC and SQL
 Language translator modules of OS is called compilers and
interpreters.

2. allocates computer resources to user applications

 Assigning memory work space (partitions) to applications and
authorizing access terminals, telecommunication links, databases
and printers

3. manages the tasks of job scheduling and multiprogramming

Jobs are submitted to the system in three ways:
 Directly by the system operator
 From various batch queues,
 Telecommunication link from remote workstations

FIVE fundamental control objectives:

the operating system must…

1. protect itself from users.

2. protect users from each other.

3. protect users from themselves.

4. be protected by itself.

5. be protected from its environment.

Operating Systems Security

 Involves policies, procedures, and controls that determine who can access the
operating system, which resources (files, programs, printers) they can access
and what actions they can take.

 Log-On Procedure
 first line of defense – user IDs and passwords

 Access Token
 contains key information about the user

 Access Control List

 defines access privileges of users (fig. 16-2)

 Discretionary Access Control

 allows user to grant access to another user

Threats to Operating System Integrity

 Accidental Threats
 Hardware failures

 Intentional Threats
 Privileged Personnel who abuse authority (systems admin & personnel)
 Individuals – browse and exploit security flaws
 Individuals – insert computer viruses

Operating Systems Controls

Access Privileges
 Audit objectives: verify that access privileges are consistent with separation of
incompatible functions and organization policies

 Audit procedures: review or verify…

 policies for separating incompatible functions
 a sample of user privileges, especially access to data and programs
 Personnel records and have security clearance checks of privileged
employees
 formal acknowledgements to maintain confidentiality of data
 users’ log-on times
Password Control
 Audit objectives: ensure adequacy and effectiveness of password policies for
controlling access to the operating system

 Audit procedures: review or verify passwords…

 required for all users
 instructions for new users
 changed regularly
 file for weak passwords
 encryption file
 standards (length & expiration interval)
 account lockout policies and procedures

Malicious & Destructive Programs

 Audit objectives: verify effectiveness of procedures to protect against programs
such as viruses, worms, back doors, logic bombs, and Trojan horses

 Audit procedures: review or verify…

 training of operations personnel concerning destructive programs
 testing of new software prior to being implemented
 currency of antiviral software and frequency of upgrades

System Audit Trail Controls

 System audit trails – logs that record activity at the system, application and user
level.
 Managements needs to decide on the “threshold” between information
and irrelevant facts

 Two types of audit logs:

 (Keystroke Monitoring) - Detailed logs of individual keystrokes
 Event Monitoring – oriented logs

Audit Trail Controls

 Audit objectives: used to (1) detect unauthorized access, (2) facilitate event
reconstruction, and/or (3) personal accountability

 Audit procedures: review or verify…

 how long audit trails have been in place
 archived log files for key indicators
 monitoring and reporting of security violations
Database Management Controls

Two crucial database control issues:

Access controls – designed to prevent unauthorized individuals from viewing, retrieving,

corrupting or destroying the entity’s data.

 Audit objectives: (1) those authorized to use databases are limited to data
needed to perform their duties and (2) unauthorized individuals are denied
access to data

Backup controls – ensure that in the event of data loss due to unauthorized access,
equipment failure, or physical disaster, the organization can recover its files and
database.

 Audit objectives: backup controls can adequately recover lost, destroyed, or

corrupted data

Access Controls

 User views – based on sub-schemas

 Database authorization table – allows greater authority to be specified

 User-defined procedures – used to create a personal security program or routine

 Data encryption – encoding algorithms

 Biometric devices – fingerprints, retina prints, or signature characteristics

Database Authorization Table

Access Controls

Audit procedures: verify…

 responsibility for authority tables & subschemas
 granting appropriate access authority
 use or feasibility of biometric controls
 use of encryption

Subschema Restricting Access

Backup Controls

 Database backup – automatic periodic copy of data

 Transaction log – list of transactions that provides an audit trail

 Checkpoint features – suspends data during system reconciliation

 Recovery module – restarts the system after a failure

 Audit procedures: verify…

 that production databases are copied at regular intervals

 backup copies of the database are stored off site to support disaster
recovery
Controlling networks

Internet and Intranet Risks

 The communications component is a unique aspect of computer networks:

 different than processing (applications) or data storage (databases)

 Network topologies – configurations of:

 communications lines (twisted-pair wires, coaxial cable, microwaves, fiber
optics)
 hardware components (modems, multiplexers, servers, front-end
processors)
 software (protocols, network control systems)

Sources of Internet & Intranet Risks

Internal and external subversive activities

Audit objectives:
1. prevent and detect illegal internal and Internet network access
2. render useless any data captured by a perpetrator
3. preserve the integrity and physical security of data connected to the
network

Equipment failure
Audit objective: the integrity of the electronic commerce transactions by determining that
controls are in place to detect and correct message loss due to equipment failure

Risks from Subversive Threats

 Include:
 unauthorized interception of a message
 gaining unauthorized access to an organization’s network
 a denial-of-service attack from a remote location

IC for Subversive Threats

Firewalls provide security by channeling all network connections through a control

gateway.

 Network level firewalls

 Low cost and low security access control
 Do not explicitly authenticate outside users
 Filter junk or improperly routed messages
  Experienced hackers can easily penetrate the system

 Application level firewalls

 Customizable network security, but expensive
 Sophisticated functions such as logging or user authentication

Dual-Homed Firewall

IC for Subversive Threats

 Denial-of-service (DOS) attacks

 Security software searches for connections which have been half-open for
a period of time.

 Encryption
 Computer program transforms a clear message into a coded (cipher) text
form using an algorithm.

SYN Flood DOS Attack

In a DOS Attack, the sender sends hundreds of messages, receives the

SYN/ACK packet, but does not response with an ACK packet. This leaves the receiver
with clogged transmission ports, and legitimate messages cannot be received.
Controlling DOS Attacks

 Controlling for three common forms of DOS attacks:

 Smurf attacks—organizations can program firewalls to ignore an attacking

site, once identified

 SYN flood attacks—two tactics to defeat this DOS attack

• Get Internet hosts to use firewalls that block invalid IP addresses
• Use security software that scan for half-open connections

 DDos attacks–many organizations use Intrusion Prevention Systems (IPS)

that employ deep packet inspection (DPI)

• IPS works with a firewall filter that removes malicious packets from
the flow before they can affect servers and networks

• DPI searches for protocol non-compliance and employs predefined

criteria to decide if a packet can proceed to its destination

(See chapter 12 for more on DOS attacks)

Encryption

 The conversion of data into a secret code for storage and transmission

 The sender uses an encryption algorithm to convert the original cleartext

message into a coded ciphertext.

 The receiver decodes / decrypts the ciphertext back into cleartext.

 Encryption algorithms use keys

 Typically 56 to 128 bits in length
 The more bits in the key the stronger the encryption method.

 Two general approaches to encryption are private key and public key encryption.

Private Key Encryption

 Advance encryption standard (AES)

 A 128 bit encryption technique
 A US government standard for private key encryption
 Uses a single key known to both sender and receiver
  Triple Data Encryption Standard (DES)
 Considerable improvement over single encryption techniques
 Two forms of triple-DES encryption are EEE3 and EDE3
 EEE3 uses three different keys to encrypt the message three times.
 EDE3—one key encrypts, but two keys are required for decoding

 All private key techniques have a common problem

 The more individuals who need to know the key, the greater the probability
of it falling into the wrong hands.
 The solution to this problem is public key encryption.

The Advanced Encryption Standard Technique

EEE3 and EDE3 Encryption

IC for Subversive Threats

 Digital signature – electronic authentication technique to ensure that…

 transmitted message originated with the authorized sender
 message was not tampered with after the signature was applied

 Digital certificate – like an electronic identification card used with a public key
encryption system
 Verifies the authenticity of the message sender

Digital Signature

IC for Subversive Threats

 Message sequence numbering – sequence number used to detect missing

messages

 Message transaction log – listing of all incoming and outgoing messages to

detect the efforts of hackers

 Request-response technique – random control messages are sent from the

sender to ensure messages are received

 Call-back devices – receiver calls the sender back at a pre-authorized phone

number before transmission is completed
Auditing Procedures for Subversive Threats

 Review firewall effectiveness in terms of flexibility, proxy services, filtering,

segregation of systems, audit tools, and probing for weaknesses.

 Review data encryption security procedures

 Verify encryption by testing

 Review message transaction logs

 Test procedures for preventing unauthorized calls

IC for Equipment Failure

Line errors are data errors from communications noise.

 Two techniques to detect and correct such data errors are:

 echo check – the receiver returns the message to the sender

 parity checks – an extra bit is added onto each byte of data similar to
check digits

Vertical and Horizontal Parity using Odd Parity

Auditing Procedures for Equipment Failure

 Using a sample of messages from the transaction log:

 examine them for garbled contents caused by line noise

 verify that all corrupted messages were successfully retransmitted

Electronic Data Interchange

 Electronic data interchange (EDI) uses computer-to-computer communications

technologies to automate B2B purchases.

 Audit objectives:
1. Transactions are authorized, validated, and in compliance with the trading
partner agreement.

2. No unauthorized organizations can gain access to database

3. Authorized trading partners have access only to approved data.

4. Adequate controls are in place to ensure a complete audit trail.

EDI Risks

 Authorization
 automated and absence of human intervention

 Access
 need to access EDI partner’s files

 Audit trail
 paperless and transparent (automatic) transactions

 Authorization
 use of passwords and value added networks (VAN) to ensure valid partner

 Access
 software to specify what can be accessed and at what level

 Audit trail
 control log records the transaction’s flow through each phase of the
transaction processing
EDI System