ITM 100 Lecture Notes - Lecture 8: Stuxnet, Network Address Translation, Cyberwarfare

Security: policies, procedures, and technical measures used to prevent unauthorized access, alteration, theft, or physical damage to information systems. Controls: methods, policies, and organizational procedures that ensure safety of orga(cid:374)izatio(cid:374)"s assets; a(cid:272)(cid:272)ura(cid:272)(cid:455) a(cid:374)d relia(cid:271)ilit(cid:455) of its a(cid:272)(cid:272)ou(cid:374)ti(cid:374)g re(cid:272)ords; a(cid:374)d operational adherence to management standards. Hardware problems (breakdowns, configuration errors, damage from improper use or crime) Software problems (programming errors, installation errors, unauthorized charges) Use of (cid:374)et(cid:449)orks/(cid:272)o(cid:373)puters outside of fir(cid:373)"s (cid:272)o(cid:374)trol. Use of fixed internet addresses with cable or dsl modems creates fixed targets for. Size of internet = abuses can have wide impact hackers. Interception: attachments with malicious software, transmitting trade secrets. Identify access points: broadcast multiple times, war driving: eavesdroppers drive by buildings and try to detect ssid and gain access to network and resources. Wep (wired equivalent privacy: security standard for 802. 11; use is optional, uses shared password for both users and access point, users often fail to implement wep or stronger systems.