1. CHAPTER 7
IT CONTROLS PART II :
SECURITY AND ACCESS
2. PRESENT BY :
NURULHIDAYAH MOHD NOOR 62288112187
SARAH MOHAMAD 62288112274
NUR ATIQAH MOHD NASARUDDIN 62288112181
NUR SABRINA AB RAHIM 62288112270
NURUL IZZATY ROZLAN 62288112292
3. LEARNING OBJECTIVES
• Be able to identify the principal threats to the
operating system and the control techniques used
to minimize the possibility of actual exposures.
• Be familiar with the principal risks associated with
electronic commerce conducted over intranets and
the Internet and understand the control techniques
used to reduce these risks.
• Be familiar with the risks to database integrity and
the controls used to mitigate them.
• Recognize the unique exposures that arise in
connection with electronic data interchange (EDI)
and understand how these exposures can be
reduced.
4. Operating System
What is Operating System ?
- Is the computer’s control program.
- Allows users and their applications to share
and access common computer resources, such
as processors, main memory, databases and
printers.
5. Operating System
Perform three main tasks:
– translates high-level languages into the
machine-level language.
– allocates computer resources to user
applications.
– manages the tasks of job scheduling and
multiprogramming.
6. Operating System
Requirements for Effective Operating Systems
Performance ;
• Protect against tampering by users
• Prevent users from tampering with the programs of
other users
• Safeguard users’ applications from accidental
corruption
• Safeguard its own programs from accidental
corruption
• Protect itself from power failures and other disasters
7. Operating System
- Because the operating system is common
to all users, the larger the computer
facility, the greater the scale of potential
damage.
- Therefore, OPERATING SYSTEM
SECURITY becomes an important issue.
8. Operating System Security
- Involves policies, procedures and controls that determine ;
-who can access the OS,
-which resources (files, programs, printers) they can access
-what actions they can take
- The following security components are found in secure
operating systems:
-Log On Procedure
-Access Token
-Access Control List
-Discretionary Access Privilege
10. • The OS’s first line of defense against
unauthorized access.
• Presented with a dialog box requesting
the user’s ID and password.
• The system compares the ID and
password to a database of valid users.
• If the system finds a match, then the log
on attempt is authenticated, h/ever if the
password or ID is entered incorrectly, the
log on attempt fails and a message is
returned to the user.
• After a specified number of attempts, the
system should lock out the user from the
system.
L
O
G
O
N
P
R
O
C
E
D
U
R
E
12. • If the log on attempt is successful, the OS
creates an ccess token that contains key
information about the user (including
user ID, password, user group, and
privileges granted to the user).
• The information in the access token is
used to approve all actions the user
attempts during the session.
A
C
C
E
S
S
T
O
K
E
N
15. • An access control list assigned to each
resource controls access to system
resources such as directories, files,
programs, and printers.
• These lists contain information that
defines the access privileges for all valid
users of the resource.
• When a user attempts to access a
resource, the system compares the user
ID and privileges contained in the access
token with those contained in the access
control list, if there is a match, the user is
granted access.
A
C
C
E
S
S
C
O
N
T
R
O
L
L
I
S
T
16. D
I
S
C
R
E
T
I
O
N
A
R
Y
A
C
C
E
S
S
P
R
I
V
I
L
E
G
E
17. • The central system administrator usually
determines who is granted access to
specific resources and maintains the
access control list.
• Resource owners in this setting may be
granted discretionary access privileges,
which allow them to grant access
privileges to other users.
• The use of discretionary access control
needs to be closely supervised to prevent
security breaches because its liberal use
D
I
S
C
R
E
T
I
O
N
A
R
Y
A
C
C
E
S
S
P
R
I
V
I
L
E
G
E
18. Threats to OS Control
Accidentally
Hardware failures
-Cause the OS crash
Errors in user application
programs
-Operating system cannot
interpret and cause OS failures
Whole segments of memory to
be dumped to disks and printers
-Resulting in the unintentional
disclosure of confidential info
Intentionally
Privileged personnel who abuse their
authority
-Systems administrators and systems
programmers may use their authority to
access user’s programs and data files
Individuals both internal and external in
the organization
-browse the OS to identify and exploit
security flaws.
Individuals who intentionally/ accidentally
-insert computer viruses to destruct
programs into the OS
19. OS Controls
Access Privileges
• Audit objectives: verify that access privileges are
consistent with separation of incompatible
functions and organization policies
• Audit procedures: review or verify..
– policies for separating incompatible functions
– a sample of user privileges, especially access to data and
programs
– security clearance checks of privileged employees
– formal acknowledgements to maintain confidentiality of data
– users’ log-on times
20. OS Controls
Password Control
• Audit objectives: ensure adequacy and effectiveness
of password policies for controlling access to the
operating system
• Audit procedures: review or verify..
– passwords required for all users
– password instructions for new users
– passwords changed regularly
– password file for weak passwords
– encryption of password file
– password standards
– account lockout policies
21. OS Controls
Malicious & Destructive Programs
• Audit objectives: verify effectiveness of procedures to
protect against programs such as viruses, worms, back
doors, logic bombs, and Trojan horses
• Audit procedures: review or verify…
– training of operations personnel concerning destructive
programs
– testing of new software prior to being implemented
– currency of antiviral software and frequency of upgrades
22. OS Controls
Audit Trail Controls
• Audit objectives: used to (1) detect unauthorized
access, (2) facilitate event reconstruction, and/or (3)
promote accountability
• Audit procedures: review or verify…
– how long audit trails have been in place
– archived log files for key indicators
– monitoring and reporting of security violations
23. Database Management Controls
Two category :
A . Access Control
- design to prevent unauthorized individual to view,
corrupting and destroying company’s data
B. Backup Control
- to ensure that the data that loss due to unauthorized
access or equipment failure, the company can recover
its file and database.
24. Access Controls
• User views
a subset of the total database that defines the user’s
data domain and restrict his or her access to the
accordingly
• Database authorization table
allows greater authority to be specified
Each user is granted certain privileges that are coded in
the authority table
27. • User-defined procedures
Allow user to create a personal security program or routine to create more
positive identification than a password can.
For example, addition to password, the security procedure asks a series of
personal question.
• Data encryption
encoding algorithms to scramble selected data, thus making it unreadable to
an intruder browsing the database
• Biometric devices
Measure various personal characteristic such as fingerprints, retina prints,
or signature characteristics
Users characteristic will be digitized and stored permanently in database
security file.
Access Controls (Cont’)
28. Access Controls (Cont’)
Audit Objectives For Testing Access Controls
(1) those authorized to use databases are limited to data
needed to perform their duties and
(2) unauthorized individuals are denied access to data
29. Access Controls (Cont’)
Audit procedures for testing Access Controls
1. Responsibility for Authority Tables & Sub-schemas
Should verify that database administration personnel
responsibility for creating authority tables and designing user
views.
Evidence of compliance:
i. Reviewing company policy and job description
ii. Examining programmer authority table for access privileges to
data definition language (DLL) commands
iii. through personal interviews with programmers and database
administration personnel.
30. Audit procedures for testing Access Controls
2. Appropriate Access Authority
Select a sample of user and verify that their access privileges
stored in an authority table are consistent with their
organizational function.
3. Use or Feasibility of Biometric Controls
Evaluate the cost and benefits of biometric controls.
4. Use of Encryption Control
Verify that sensitive data, such as passwords are properly
encrypted.
Access Controls (Cont’)
31. • Database backup
Backup Controls
Makes an automatic periodic backup of entire data.
Should be performed at least once a day.
Then be stored in a secure remote area.
• Transaction log (journal)
list of transactions that provides an audit trail of all processed transaction.
• Checkpoint features
Suspends all data during system reconciliation and database change log
against the data base.
• Recovery module
Uses the log and backup files to restarts the system after a failure
32. Backup Controls (Cont’)
• Audit objectives:
backup controls can adequately recover lost, destroyed,
or corrupted data
• Audit procedures:
1. to verify that production databases are copied at
regular intervals
2. to verify through documentation that backup copies
of the database are stored off site to support disaster
recovery procedures
33. Control Network
A. Controlling risk from subversive treats
i. Firewall
ii. Controlling denial of service
iii. Encryption
iv. Digital signature
v. Digital certificate
vi. Massage sequence numbering
vii. Massage transaction log
viii. Request response technique
ix. Call back devices
34. Control Network
B. Controlling risk from equipment failure
• Line errors
i. Echo check
ii. Parity check
35. A. Controlling risk for
Subversive Threats
i. Firewalls provide security by channeling all network
connections through a control gateway.
• Network level firewalls
– Low cost and low security access control
– Do not explicitly authenticate outside users
– Filter junk or improperly routed messages
– Experienced hackers can easily penetrate the system
• Application level firewalls
– Customizable network security, but expensive
– Sophisticated functions such as logging or user
authentication
37. A. Controlling risk for
Subversive Threats (Cont’)
ii. Denial-of-service (DOS) attacks
– Security software searches for connections which have been
half-open for a period of time.
iii. Encryption
– The conversion of data into secret code for storage in database
and transmission over networks.
– Two general approaches to encryption are private key and
public key encryption.
38. SYN Flood DOS Attack
38
Sender Receiver
Step 1: SYN messages
Step 2: SYN/ACK
Step 3: ACK packet code
In a DOS Attack, the sender sends hundreds of messages, receives the
SYN/ACK packet, but does not response with an ACK packet. This
leaves the receiver with clogged transmission ports, and legitimate
messages cannot be received.
39. Controlling DOS Attacks
• Controlling for three common forms of DOS attacks:
i. Smurf attacks — organizations can program firewalls to ignore an
attacking site, once identified
ii. SYN flood attacks — two tactics to defeat this DOS attack
• Get Internet hosts to use firewalls that block invalid IP addresses
• Use security software that scan for half-open connections
iii. DDos attacks – many organizations use Intrusion Prevention Systems
(IPS) that employ deep packet inspection (DPI)
• IPS works with a firewall filter that removes malicious packets from the
flow before they can affect servers and networks
• DPI searches for protocol non-compliance and employs predefined
criteria to decide if a packet can proceed to its destination
40. • The conversion of data into a secret code for storage and
transmission
• The sender uses an encryption algorithm to convert the original
cleartext message into a coded ciphertext.
• The receiver decodes / decrypts the ciphertext back into
cleartext.
• Encryption algorithms use keys
– Typically 56 to 128 bits in length
– The more bits in the key the stronger the encryption method.
• Two general approaches to encryption are private key and public
key encryption.
Encryption
41. Private Key Encryption
• Advance encryption standard (AES)
– A 128 bit encryption technique
– A US government standard for private key encryption
– Uses a single key known to both sender and receiver
• Triple Data Encryption Standard (DES )
– Considerable improvement over single encryption techniques
– Two forms of triple-DES encryption are EEE3 and EDE3
– EEE3 uses three different keys to encrypt the message three times.
– EDE3—one key encrypts, but two keys are required for decoding
• All private key techniques have a common problem
– The more individuals who need to know the key, the greater the
probability of it falling into the wrong hands.
– The solution to this problem is public key encryption.
43. A. Controlling risk for
Subversive Threats (Cont’)
iv. Digital signature
– electronic authentication technique to ensure that…
– transmitted message originated with the authorized sender
– message was not tampered with after the signature was
applied
v. Digital certificate
– like an electronic identification card used with a public key
encryption system
– Verifies the authenticity of the message sender
45. A. Controlling risk for
Subversive Threats (Cont’)
vi. Message sequence numbering
– sequence number used to detect missing messages
vi. Message transaction log
– listing of all incoming and outgoing messages to detect the
efforts of hackers
vi. Request-response technique
– random control messages are sent from the sender to ensure
messages are received
vi. Call-back devices
– receiver calls the sender back at a pre-authorized phone
number before transmission is completed
46. Auditing Procedures for Subversive
Threats
• Review firewall effectiveness in terms of flexibility, proxy
services, filtering, segregation of systems, audit tools,
and probing for weaknesses.
• Review data encryption security procedures
• Verify encryption by testing
• Review message transaction logs
• Test procedures for preventing unauthorized calls
47. B. Controlling Risk from Equipment
Failure
Line errors are data errors from communications
noise.
• Two techniques to detect and correct such data
errors are:
i. echo check - the receiver returns the message to
the sender
ii. parity checks - an extra bit is added onto each byte
of data similar to check digits
49. Auditing Procedures for Equipment
Failure
• Using a sample of messages from the
transaction log:
– examine them for garbled contents caused by line
noise
– verify that all corrupted messages were
successfully retransmitted
50. Electronic Data Interchange
Electronic data interchange (EDI) uses computer-to-computer
communications technologies to automate B2B purchases.
EDI system that link two trading partners which the customer
(Company A) and Vendor (Company B) without human
intervention. Figure 16-9
Audit objectives:
1. Transactions are authorized, validated, and in compliance with the
trading partner agreement.
2. No unauthorized organizations can gain access to database
3. Authorized trading partners have access only to approved data.
4. Adequate controls are in place to ensure a complete audit trail.
52. EDI Risks and Control
• Transaction Authorization and Validation
– automated and absence of human intervention
– Both customer and vendor must establish that the transaction is to a valid trading
partner and is authorized.
– Control : use of passwords and value added networks (VAN) to ensure valid partner
• Access Control
– need to access EDI partner’s files
– For example, it may permit customer’s system to access the vendor’s inventory files
to determine if inventories are available.
– Control: software to specify what can be accessed and at what level
• Audit trail
– paperless and transparent (automatic) transactions
– Control: Maintain control log, which records the transactions flow through each
phase of EDI system.
53. 53
EDI System using Transaction Control
Log for Audit Trail
Figure 16-10
54. Auditing Procedures for EDI
• Tests of Authorization and Validation Controls
– Review procedures for verifying trading partner identification codes are verify
before transaction are processed.
– Review agreements with VAN facility to validate transaction and ensure
information is complete and correct.
– Review trading partner files for accuracy and completeness
• Tests of Access Controls
– Verify limited access to vendor and customer files to limited authorized employees
only
– Verify limited access of vendors to database
– Test EDI controls by simulation by a sample of trading partners and attempt to
violate access privileges.
• Tests of Audit Trail Controls
– Verify existence of transaction logs
– Review a sample of transactions and tracing the process which auditor verify that
key data were recorded correctly at each point.