SlideShare a Scribd company logo

Internet threats and defence mechanism

Download as PPT, PDF
CAS
CAS

1. Internet Threats 1.1 Cyber-bullying 1.2 Cyberstalking 1.3 Phishing 1.4 Webspam 1.5 E-mail Spoofing 1.6 What Is Spam? 1.7 Denial-of-Service (DoS) Attack 1.8 Chain Letters – A Problem 1.9 Internet Enemies 2. Defense Mechanisms

Internet
1 of 26
1 INTERNET THREATS & DEFENCE MECHANISM INTERNET THREATS AND DEFENCE MECHANISM Mr. RAJASEKAR RAMALINGAM Faculty - Department of IT College of Applied Sciences – Sur Sultanate of Oman vrrsekar@yahoo.com
2 Content 1. Internet Threats 1.1 Cyber-bullying 1.2 Cyberstalking 1.3 Phishing 1.4 Webspam 1.5 E-mail Spoofing 1.6 What Is Spam? 1.7 Denial-of-Service (DoS) Attack 1.8 Chain Letters – A Problem 1.9 Internet Enemies 2. Defense Mechanisms INTERNET THREATS AND DEFENCE MECHANISM
3 1. INTERNET THREATS 1.1 CYBER-BULLYING Cyberbullying is defined as: actions that use information and communication technologies to support deliberate, repeated, and hostile behavior by an individual or group, that is intended to harm another or others. use of communication technologies for the intention of harming another person use of Internet service and mobile technologies such as web pages and discussion groups as well as instant messaging or SMS text messaging with the intention of harming another person. A cyberbully may or may not know their target. A cyberbully may be anonymous and may solicit involvement of other people online who do not know the target. This is known as a "digital pile- on. INTERNET THREATS AND DEFENCE MECHANISM
4 1.2 CYBERSTALKING Use of Information and Communications Technology (Internet), by an individual or group of individuals, to harass another individual, group of individuals, or organization. What Cyberstalkers do …….?  False accusations  Attempts to gather information about the victim  Transmission of Threats  Encouraging others to harass the victim  False victimization  Attacks on data and equipment  Ordering goods and services  Identity Theft Cyberstalkers find their victims from …….? Search engines, online forums, blogs, bulletin and discussion boards, chat rooms, and more recently, through online communities such as MySpace, Facebook, Hi5 etc. INTERNET THREATS AND DEFENCE MECHANISM
5 1.3 PHISHING Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity through an electronic communication, especially e-mails. Major Phishing Techniques: 1. Man-in-the-middle Attacks 2. URL Attacks 3. Cross-site Scripting Attacks 4. Observing Customer Data 5. Client-side Vulnerability Exploitation INTERNET THREATS AND DEFENCE MECHANISM
6 PHISHERS’ MAJOR TECHNIQUES: 1. Man-in-the-Middle Attacks • A man-in-the-middle attack (MitM, MiM attack, MitMA) is an attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other. • One example of man-in-the-middle attacks is active eavesdropping, in which the attacker makes independent connections with the victims and relays messages between them to make them believe they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker. • The attacker must be able to intercept all relevant messages passing between the two victims and inject new ones. This is straightforward in many circumstances. INTERNET THREATS AND DEFENCE MECHANISM
7 INTERNET THREATS AND DEFENCE MECHANISM
8 2. URL Attacks  Bad Domain Names  Using URL obfuscation techniques, the attacker tricks the customer into connecting to their proxy server instead of the real server.  For example, the customer may follow a link to  http://www.my-bank.com instead of http://www.mybank.com INTERNET THREATS AND DEFENCE MECHANISM
9 Phishers’ Major Techniques… 3. Cross-site Scripting Attacks  Cross-site scripting attacks make use of custom URL or code injection into a valid web-based application URL or imbedded data field.  These techniques are the result of poor web-application development processes. Typical formats for CSS injection into valid URL’s include: Full HTML substitution: http://mybank.com/ebanking?URL=http://evilsite.com/phishing/fakepage.htm Inline embedding of scripting content: http://mybank.com/ebanking?page=1&client=<SCRIPT>evilcode... Forcing the page to load external scripting code: http://mybank.com/ebanking?page=1&response=evilsite.com%21evilcode.js&go=2 INTERNET THREATS AND DEFENCE MECHANISM
10 INTERNET THREATS AND DEFENCE MECHANISM
11 4) Observing Customer Data  Key-loggers and Screen-grabbers can be used to observe confidential customer data as it is entered into a web-based application.  This information is collected locally and typically retrieved through by attacker through the following different methods:  Continuous streaming of data (i.e. data is sent as soon as it is generated) using a custom data sender/receiver pair.  Backdoor collection by the attacker. The observation software allows the attacker to connect remotely to the customer’s machine and pull back the data as and when required. INTERNET THREATS AND DEFENCE MECHANISM
12 Key-loggers •The purpose of key loggers is to observe and record all key presses by the customer. •In particular, when they enter their authentication information into the web-based application login pages. •With these credentials the Phisher can then use the account for their own purposes at a later date and time. •Key-loggers may be pre-compiled objects that will observe all key presses - Regardless of application or context. Screen Grabbing •Sophisticated Phishing attacks make use of code designed to take a screen shot of data that has been entered into a web-based application. •This functionality is used to overcome some of the more secure financial applications that have special features build-in to prevent against standard key-logging attacks. INTERNET THREATS AND DEFENCE MECHANISM
13 5) Client-side Vulnerability Exploitation  The sophisticated browsers used to surf the web, any commercial piece of software, are often vulnerable to a myriad of attacks.  The more functionality built into the browser, the more likely their exists a vulnerability that could be exploited by an attacker.  Software vendors have made great strides in methods of rolling out software updates and patches, home users are notoriously poor in applying them.  This, combined with the ability to install add-ons (such as Flash, RealPlayer and other embedded applications) means that there are many opportunities for attack.  Similar to the threat posed by some of the nastier viruses and automated worms, these vulnerabilities can be exploited in a number of ways. INTERNET THREATS AND DEFENCE MECHANISM
14 1.4 WEBSPAM Webspam is the term for webpages that are designed by webmasters to trick search engines and draw users to their websites. Why do Spammers Create Spam Pages ?  To make money  To change search engine rankings  To do harm to users’ computers with sneaky downloads How do Spammers Create Spam Pages ?  Hidden text and hidden links  Keyword stuffing  Sneaky redirects  Cloaking with JavaScript redirects and 100% frame INTERNET THREATS AND DEFENCE MECHANISM
15 1.5 E-MAIL SPOOFING  E-mail spoofing is a term used to describe fraudulent e-mail activity in which the sender address and other parts of the e-mail header are altered to appear as though the e-mail originated from a different source.  E-mail spoofing is a technique commonly used for spam e-mail and phishing to hide the origin of an e-mail message.  The term spam refers to unsolicited, often unwanted, email messages.  Spam does not necessarily contain viruses, valid messages from legitimate sources could fall into this category. 1.6 WHAT IS SPAM? INTERNET THREATS AND DEFENCE MECHANISM
16 INTERNET THREATS AND DEFENCE MECHANISM
17 1.7 DENIAL-OF-SERVICE (DOS) ATTACK A denial-of-service attack (DoS attack) or distributed denial-of- service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. How to block a "denial of service" attack? By setting up a filter, or "sniffer," on a network before a stream of information reaches a site's Web servers. INTERNET THREATS AND DEFENCE MECHANISM
18 1.8 CHAIN LETTERS – A PROBLEM  Mask viruses or other malicious activity.  Although they seem harmless, may have negative impact if you forward them:  Consume bandwidth/space within the recipient's inbox.  Force people to waste time sifting through the messages & possibly taking time to verify the information.  You are spreading hype and, often, unnecessary fear and paranoia. Some types of chain letters 1) Hoaxes: • Attempt to trick or defraud users. • Instructing users to delete an important file by claiming it is a virus. • It could also be a scam that convinces users to send money or personal information. 2) Urban legends: • Designed to be redistributed and usually warn users of a threat or claim to be notifying them of important or urgent information. • Promise users monetary rewards for forwarding the message. INTERNET THREATS AND DEFENCE MECHANISM
19 HoaxMail INTERNET THREATS AND DEFENCE MECHANISM
20 1.9 INTERNET ENEMIES 1) COMPUTER VIRUS • A virus is a self-replicating and self-executable malicious software. • It spreads being attached to other files. 2) WORMS • Computer worms are similar to viruses (they are also self-replicating). • While viruses are attached to another software, worms can function separately. • Worms can delete files on your computer, send files via e-mails, even to spread across the Internet. 3) TROJAN HORSE (TROJAN) • A program that appears desirable but actually contains something harmful; "the contents of a trojan can be a virus or a worm“. INTERNET THREATS AND DEFENCE MECHANISM
21 Internet Enemies….. 4) ROOTKIT • This is a special kind of software. • Once installed, totally hidden on your computer. • One of its most dangerous activity is that it leaves a 'backdoor' on the target system, and can gain control over it without the needed privileges. • It can also hide keyloggers which can send data about what you type in on your computer. 5) SPYWARE • They collect personal data from your computer & send it to a company. • Who analyses it to gain precious information for their business. INTERNET THREATS AND DEFENCE MECHANISM
22 2. DEFENSE MECHANISMS 1) FIREWALL: A firewall helps protect your computer by preventing unauthorized users from gaining access to it through a network or the Internet. What type of firewall is best? • Hardware: Router • Software: ISA Server 2) USE ANTI-VIRUS SOFTWARE: • Anti-virus software is designed to protect you and your computer against known viruses. • But with new viruses emerging daily, anti-virus programs need to be updated regularly. INTERNET THREATS AND DEFENCE MECHANISM
23 3) ATTACKER E-MAIL VICTIM [SHORTEST & EASIEST ROUTE]  Don't give your email address out arbitrarily.  Don't follow links in spam messages.  Do not open email from unknown sources.  Consider opening an additional email account.  Use caution when opening/downloading attachments.  Password………?  Don't spam other people.  Benefits of BCC (Blind Carbon Copy). INTERNET THREATS AND DEFENCE MECHANISM
24 4) SECURE YOUR WEB BROWSER INTERNET THREATS AND DEFENCE MECHANISM
25 5) DIGITAL SIGNATURE: • A digital signature is basically a way to ensure that an electronic document (e-mail, spreadsheet, text file, etc.) is authentic. 6) AUTHENTICATION: • Authentication is the process of verifying that information is coming from a trusted source. Methods: Passwords, Checksum, CRC etc. 7) ENCRYPTION: • Encryption is the process of taking all the data that one computer is sending to another and encoding it into a form that only the other computer will be able to decode. INTERNET THREATS AND DEFENCE MECHANISM
26 8) DIGITAL CERTIFICATE: • A digital certificate is essentially a bit of information that says the Web server is trusted by an independent source known as a Certificate Authority. • The Certificate Authority acts as the middleman that both computers trust. 9) CERTIFICATE AUTHORITY (CA): • A certificate authority or certification authority (CA) is an entity that issues digital certificates for use by other parties. • It is an example of a trusted third party. • Some CAs include : VeriSign, Inc., Mountain View, California Comodo Group, Inc. Washington, USA WebTrust Toronto, Canada INTERNET THREATS AND DEFENCE MECHANISM

Recommended

Cyber security presentation
Cyber security presentation Cyber security presentation
Cyber security presentation sweetpeace1
 
Cyber security Information security
Cyber security Information securityCyber security Information security
Cyber security Information securityAYESHA JAVED
 
Phishing Presentation
Phishing Presentation Phishing Presentation
Phishing Presentation Nikolaos Georgitsopoulos
 
Internet threats
Internet threatsInternet threats
Internet threatsGicelDelaCruz
 
PPT on Phishing
PPT on PhishingPPT on Phishing
PPT on PhishingPankaj Yadav
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internetRohan Bharadwaj
 
Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks pptAryan Ragu
 
It security and awareness training 5 10-2018
It security and awareness training 5 10-2018It security and awareness training 5 10-2018
It security and awareness training 5 10-2018jubke
 

Recommended

Cyber security presentation
Cyber security presentation Cyber security presentation
Cyber security presentation sweetpeace1
 
Cyber security Information security
Cyber security Information securityCyber security Information security
Cyber security Information securityAYESHA JAVED
 
Phishing Presentation
Phishing Presentation Phishing Presentation
Phishing Presentation Nikolaos Georgitsopoulos
 
Internet threats
Internet threatsInternet threats
Internet threatsGicelDelaCruz
 
PPT on Phishing
PPT on PhishingPPT on Phishing
PPT on PhishingPankaj Yadav
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internetRohan Bharadwaj
 
Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks pptAryan Ragu
 
It security and awareness training 5 10-2018
It security and awareness training 5 10-2018It security and awareness training 5 10-2018
It security and awareness training 5 10-2018jubke
 
Phishing technology
Phishing technologyPhishing technology
Phishing technologyPreeti Papneja
 
Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing AttacksSysCloud
 
Social Networking Security
Social Networking SecuritySocial Networking Security
Social Networking SecurityS. M. Shakib Limon
 
Viruses, Worms And Trojan Horses
Viruses, Worms And Trojan HorsesViruses, Worms And Trojan Horses
Viruses, Worms And Trojan HorsesMario Reascos
 
Cyber kill chain
Cyber kill chainCyber kill chain
Cyber kill chainAnkita Ganguly
 
What is Ransomware
What is RansomwareWhat is Ransomware
What is Ransomwarejeetendra mandal
 
cyber security and threats.pptx
cyber security and threats.pptxcyber security and threats.pptx
cyber security and threats.pptxVSAM Technologies India Private Limited
 
Security threats
Security threatsSecurity threats
Security threatsQamar Farooq
 
Spam & Phishing
Spam & PhishingSpam & Phishing
Spam & PhishingGrittyCC
 
Security threats and safety measures
Security threats and safety measuresSecurity threats and safety measures
Security threats and safety measuresDnyaneshwar Beedkar
 
Spyware powerpoint
Spyware powerpointSpyware powerpoint
Spyware powerpointgalaxy201
 
Spyware and rootkit
Spyware and rootkitSpyware and rootkit
Spyware and rootkitNikhil Pandit
 
Introduction to Malware
Introduction to MalwareIntroduction to Malware
Introduction to Malwareamiable_indian
 
Phishing
PhishingPhishing
PhishingMaheshwar Singh
 
DoS or DDoS attack
DoS or DDoS attackDoS or DDoS attack
DoS or DDoS attackstollen_fusion
 
Phishing
PhishingPhishing
PhishingSagar Rai
 
Virus worm trojan
Virus worm trojanVirus worm trojan
Virus worm trojan100701982
 
Phishing
PhishingPhishing
PhishingSaurabhKantSahu1
 
Aspects of Cyber Crime theory | Criminal or a Noncriminal offense
Aspects of Cyber Crime theory | Criminal or a Noncriminal offenseAspects of Cyber Crime theory | Criminal or a Noncriminal offense
Aspects of Cyber Crime theory | Criminal or a Noncriminal offenseRohit Revo
 
Virus and malware presentation
Virus and malware presentationVirus and malware presentation
Virus and malware presentationAmjad Bhutto
 
types of cyber attack by taufiqurrahman.pptx
types of cyber attack by taufiqurrahman.pptxtypes of cyber attack by taufiqurrahman.pptx
types of cyber attack by taufiqurrahman.pptxtaufiq463421
 
Malware attack Social engineering attack
Malware attack Social engineering attackMalware attack Social engineering attack
Malware attack Social engineering attacktaufiq463421
 

More Related Content

What's hot

Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing AttacksSysCloud
 
Viruses, Worms And Trojan Horses
Viruses, Worms And Trojan HorsesViruses, Worms And Trojan Horses
Viruses, Worms And Trojan HorsesMario Reascos
 
Spam & Phishing
Spam & PhishingSpam & Phishing
Spam & PhishingGrittyCC
 
Security threats and safety measures
Security threats and safety measuresSecurity threats and safety measures
Security threats and safety measuresDnyaneshwar Beedkar
 
Spyware powerpoint
Spyware powerpointSpyware powerpoint
Spyware powerpointgalaxy201
 
Introduction to Malware
Introduction to MalwareIntroduction to Malware
Introduction to Malwareamiable_indian
 
Virus worm trojan
Virus worm trojanVirus worm trojan
Virus worm trojan100701982
 
Aspects of Cyber Crime theory | Criminal or a Noncriminal offense
Aspects of Cyber Crime theory | Criminal or a Noncriminal offenseAspects of Cyber Crime theory | Criminal or a Noncriminal offense
Aspects of Cyber Crime theory | Criminal or a Noncriminal offenseRohit Revo
 
Virus and malware presentation
Virus and malware presentationVirus and malware presentation
Virus and malware presentationAmjad Bhutto
 

What's hot (20)

Phishing technology
Phishing technologyPhishing technology
Phishing technology
 
Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing Attacks
 
Social Networking Security
Social Networking SecuritySocial Networking Security
Social Networking Security
 
Viruses, Worms And Trojan Horses
Viruses, Worms And Trojan HorsesViruses, Worms And Trojan Horses
Viruses, Worms And Trojan Horses
 
Cyber kill chain
Cyber kill chainCyber kill chain
Cyber kill chain
 
What is Ransomware
What is RansomwareWhat is Ransomware
What is Ransomware
 
cyber security and threats.pptx
cyber security and threats.pptxcyber security and threats.pptx
cyber security and threats.pptx
 
Security threats
Security threatsSecurity threats
Security threats
 
Spam & Phishing
Spam & PhishingSpam & Phishing
Spam & Phishing
 
Security threats and safety measures
Security threats and safety measuresSecurity threats and safety measures
Security threats and safety measures
 
Spyware powerpoint
Spyware powerpointSpyware powerpoint
Spyware powerpoint
 
Spyware and rootkit
Spyware and rootkitSpyware and rootkit
Spyware and rootkit
 
Introduction to Malware
Introduction to MalwareIntroduction to Malware
Introduction to Malware
 
Phishing
PhishingPhishing
Phishing
 
DoS or DDoS attack
DoS or DDoS attackDoS or DDoS attack
DoS or DDoS attack
 
Phishing
PhishingPhishing
Phishing
 
Virus worm trojan
Virus worm trojanVirus worm trojan
Virus worm trojan
 
Phishing
PhishingPhishing
Phishing
 
Aspects of Cyber Crime theory | Criminal or a Noncriminal offense
Aspects of Cyber Crime theory | Criminal or a Noncriminal offenseAspects of Cyber Crime theory | Criminal or a Noncriminal offense
Aspects of Cyber Crime theory | Criminal or a Noncriminal offense
 
Virus and malware presentation
Virus and malware presentationVirus and malware presentation
Virus and malware presentation
 

Similar to Internet threats and defence mechanism

types of cyber attack by taufiqurrahman.pptx
types of cyber attack by taufiqurrahman.pptxtypes of cyber attack by taufiqurrahman.pptx
types of cyber attack by taufiqurrahman.pptxtaufiq463421
 
Malware attack Social engineering attack
Malware attack Social engineering attackMalware attack Social engineering attack
Malware attack Social engineering attacktaufiq463421
 
cyber threats and attacks.pptx
cyber threats and attacks.pptxcyber threats and attacks.pptx
cyber threats and attacks.pptxsakshiyad2611
 
DEVSECOPS_the_beginning.ppt
DEVSECOPS_the_beginning.pptDEVSECOPS_the_beginning.ppt
DEVSECOPS_the_beginning.pptschwarz10
 
What are the biggest threats to a network in terms of security and w.pdf
What are the biggest threats to a network in terms of security and w.pdfWhat are the biggest threats to a network in terms of security and w.pdf
What are the biggest threats to a network in terms of security and w.pdfinfo309708
 
Types of attacks in cyber security
Types of attacks in cyber securityTypes of attacks in cyber security
Types of attacks in cyber securityBansari Shah
 
Ethical Hacking and Cyber Security
Ethical Hacking and Cyber SecurityEthical Hacking and Cyber Security
Ethical Hacking and Cyber SecurityNeeraj Negi
 
Sip 140208055023-phpapp02
Sip 140208055023-phpapp02Sip 140208055023-phpapp02
Sip 140208055023-phpapp02mark scott
 
The Whys and Wherefores of Web Security – by United Security Providers
The Whys and Wherefores of Web Security – by United Security ProvidersThe Whys and Wherefores of Web Security – by United Security Providers
The Whys and Wherefores of Web Security – by United Security ProvidersUnited Security Providers AG
 
Frontier Secure: Handout for small business leaders on "How to be Secure"
Frontier Secure: Handout for small business leaders on "How to be Secure" Frontier Secure: Handout for small business leaders on "How to be Secure"
Frontier Secure: Handout for small business leaders on "How to be Secure" Frontier Small Business
 
Man in the middle attack .pptx
Man in the middle attack .pptxMan in the middle attack .pptx
Man in the middle attack .pptxPradeepKumar728006
 
What Is Denial Of Service Attack
What Is Denial Of Service AttackWhat Is Denial Of Service Attack
What Is Denial Of Service AttackStephanie Williams
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanannewbie2019
 
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONS
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONSE-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONS
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONSrausdeen anfas
 
Study on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsStudy on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsIRJET Journal
 

Similar to Internet threats and defence mechanism (20)

types of cyber attack by taufiqurrahman.pptx
types of cyber attack by taufiqurrahman.pptxtypes of cyber attack by taufiqurrahman.pptx
types of cyber attack by taufiqurrahman.pptx
 
Malware attack Social engineering attack
Malware attack Social engineering attackMalware attack Social engineering attack
Malware attack Social engineering attack
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
Cyber.pptx
Cyber.pptxCyber.pptx
Cyber.pptx
 
Network security
Network securityNetwork security
Network security
 
cyber threats and attacks.pptx
cyber threats and attacks.pptxcyber threats and attacks.pptx
cyber threats and attacks.pptx
 
DEVSECOPS_the_beginning.ppt
DEVSECOPS_the_beginning.pptDEVSECOPS_the_beginning.ppt
DEVSECOPS_the_beginning.ppt
 
10 Types Of Cyber Attacks And How They Can Affect You- Detox technologies.pdf
10 Types Of Cyber Attacks And How They Can Affect You- Detox technologies.pdf10 Types Of Cyber Attacks And How They Can Affect You- Detox technologies.pdf
10 Types Of Cyber Attacks And How They Can Affect You- Detox technologies.pdf
 
What are the biggest threats to a network in terms of security and w.pdf
What are the biggest threats to a network in terms of security and w.pdfWhat are the biggest threats to a network in terms of security and w.pdf
What are the biggest threats to a network in terms of security and w.pdf
 
Types of attacks in cyber security
Types of attacks in cyber securityTypes of attacks in cyber security
Types of attacks in cyber security
 
Ethical Hacking and Cyber Security
Ethical Hacking and Cyber SecurityEthical Hacking and Cyber Security
Ethical Hacking and Cyber Security
 
Sip 140208055023-phpapp02
Sip 140208055023-phpapp02Sip 140208055023-phpapp02
Sip 140208055023-phpapp02
 
The Whys and Wherefores of Web Security – by United Security Providers
The Whys and Wherefores of Web Security – by United Security ProvidersThe Whys and Wherefores of Web Security – by United Security Providers
The Whys and Wherefores of Web Security – by United Security Providers
 
Frontier Secure: Handout for small business leaders on "How to be Secure"
Frontier Secure: Handout for small business leaders on "How to be Secure" Frontier Secure: Handout for small business leaders on "How to be Secure"
Frontier Secure: Handout for small business leaders on "How to be Secure"
 
Man in the middle attack .pptx
Man in the middle attack .pptxMan in the middle attack .pptx
Man in the middle attack .pptx
 
What Is Denial Of Service Attack
What Is Denial Of Service AttackWhat Is Denial Of Service Attack
What Is Denial Of Service Attack
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanan
 
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONS
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONSE-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONS
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONS
 
Study on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsStudy on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing Tools
 

More from CAS

CCNA 200-301 IPv6 addressing and subnetting MCQs Collection
CCNA 200-301 IPv6 addressing and subnetting MCQs CollectionCCNA 200-301 IPv6 addressing and subnetting MCQs Collection
CCNA 200-301 IPv6 addressing and subnetting MCQs CollectionCAS
 
RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5CAS
 
RRB JE Stage 2 Computer and Applications Questions Part 4
RRB JE Stage 2 Computer and Applications Questions Part 4RRB JE Stage 2 Computer and Applications Questions Part 4
RRB JE Stage 2 Computer and Applications Questions Part 4CAS
 
RRB JE Stage 2 Computer and Applications Questions part 3
RRB JE Stage 2 Computer and Applications Questions part 3RRB JE Stage 2 Computer and Applications Questions part 3
RRB JE Stage 2 Computer and Applications Questions part 3CAS
 
RRB JE Stage 2 Computer and Applications Questions Part 2
RRB JE Stage 2 Computer and Applications Questions Part 2RRB JE Stage 2 Computer and Applications Questions Part 2
RRB JE Stage 2 Computer and Applications Questions Part 2CAS
 
RRB JE Stage 2 Computer and Applications Questions Part 1
RRB JE Stage 2 Computer and Applications Questions Part 1RRB JE Stage 2 Computer and Applications Questions Part 1
RRB JE Stage 2 Computer and Applications Questions Part 1CAS
 
Introduction to IoT Security
Introduction to IoT SecurityIntroduction to IoT Security
Introduction to IoT SecurityCAS
 
Introduction to research methodology
Introduction to research methodologyIntroduction to research methodology
Introduction to research methodologyCAS
 
Can you solve this
Can you solve thisCan you solve this
Can you solve thisCAS
 
Symmetric encryption and message confidentiality
Symmetric encryption and message confidentialitySymmetric encryption and message confidentiality
Symmetric encryption and message confidentialityCAS
 
Public key cryptography and message authentication
Public key cryptography and message authenticationPublic key cryptography and message authentication
Public key cryptography and message authenticationCAS
 
Malicious software
Malicious softwareMalicious software
Malicious softwareCAS
 
Legal and ethical aspects
Legal and ethical aspectsLegal and ethical aspects
Legal and ethical aspectsCAS
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessmentCAS
 
It security controls, plans, and procedures
It security controls, plans, and proceduresIt security controls, plans, and procedures
It security controls, plans, and proceduresCAS
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionCAS
 
Human resources security
Human resources securityHuman resources security
Human resources securityCAS
 
Database security
Database securityDatabase security
Database securityCAS
 
Cryptographic tools
Cryptographic toolsCryptographic tools
Cryptographic toolsCAS
 
Internet security association and key management protocol (isakmp)
Internet security association and key management protocol (isakmp)Internet security association and key management protocol (isakmp)
Internet security association and key management protocol (isakmp)CAS
 

More from CAS (20)

CCNA 200-301 IPv6 addressing and subnetting MCQs Collection
CCNA 200-301 IPv6 addressing and subnetting MCQs CollectionCCNA 200-301 IPv6 addressing and subnetting MCQs Collection
CCNA 200-301 IPv6 addressing and subnetting MCQs Collection
 
RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5
 
RRB JE Stage 2 Computer and Applications Questions Part 4
RRB JE Stage 2 Computer and Applications Questions Part 4RRB JE Stage 2 Computer and Applications Questions Part 4
RRB JE Stage 2 Computer and Applications Questions Part 4
 
RRB JE Stage 2 Computer and Applications Questions part 3
RRB JE Stage 2 Computer and Applications Questions part 3RRB JE Stage 2 Computer and Applications Questions part 3
RRB JE Stage 2 Computer and Applications Questions part 3
 
RRB JE Stage 2 Computer and Applications Questions Part 2
RRB JE Stage 2 Computer and Applications Questions Part 2RRB JE Stage 2 Computer and Applications Questions Part 2
RRB JE Stage 2 Computer and Applications Questions Part 2
 
RRB JE Stage 2 Computer and Applications Questions Part 1
RRB JE Stage 2 Computer and Applications Questions Part 1RRB JE Stage 2 Computer and Applications Questions Part 1
RRB JE Stage 2 Computer and Applications Questions Part 1
 
Introduction to IoT Security
Introduction to IoT SecurityIntroduction to IoT Security
Introduction to IoT Security
 
Introduction to research methodology
Introduction to research methodologyIntroduction to research methodology
Introduction to research methodology
 
Can you solve this
Can you solve thisCan you solve this
Can you solve this
 
Symmetric encryption and message confidentiality
Symmetric encryption and message confidentialitySymmetric encryption and message confidentiality
Symmetric encryption and message confidentiality
 
Public key cryptography and message authentication
Public key cryptography and message authenticationPublic key cryptography and message authentication
Public key cryptography and message authentication
 
Malicious software
Malicious softwareMalicious software
Malicious software
 
Legal and ethical aspects
Legal and ethical aspectsLegal and ethical aspects
Legal and ethical aspects
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessment
 
It security controls, plans, and procedures
It security controls, plans, and proceduresIt security controls, plans, and procedures
It security controls, plans, and procedures
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
 
Human resources security
Human resources securityHuman resources security
Human resources security
 
Database security
Database securityDatabase security
Database security
 
Cryptographic tools
Cryptographic toolsCryptographic tools
Cryptographic tools
 
Internet security association and key management protocol (isakmp)
Internet security association and key management protocol (isakmp)Internet security association and key management protocol (isakmp)
Internet security association and key management protocol (isakmp)
 

Recently uploaded

Dubai Call Girls First Class O525547819 Call Girls Dubai Hot New Girlfriend
Dubai Call Girls First Class O525547819 Call Girls Dubai Hot New GirlfriendDubai Call Girls First Class O525547819 Call Girls Dubai Hot New Girlfriend
Dubai Call Girls First Class O525547819 Call Girls Dubai Hot New Girlfriendkajalvid75
 
Down bad crying at the gym t shirtsDown bad crying at the gym t shirts
Down bad crying at the gym t shirtsDown bad crying at the gym t shirtsDown bad crying at the gym t shirtsDown bad crying at the gym t shirts
Down bad crying at the gym t shirtsDown bad crying at the gym t shirtsrahman018755
 
一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理F
 
Research Assignment - NIST SP800 [172 A] - Presentation.pptx
Research Assignment - NIST SP800 [172 A] - Presentation.pptxResearch Assignment - NIST SP800 [172 A] - Presentation.pptx
Research Assignment - NIST SP800 [172 A] - Presentation.pptxi191686
 
Local Call Girls in Jharsuguda 9332606886 HOT & SEXY Models beautiful and ch...
Local Call Girls in Jharsuguda 9332606886 HOT & SEXY Models beautiful and ch...Local Call Girls in Jharsuguda 9332606886 HOT & SEXY Models beautiful and ch...
Local Call Girls in Jharsuguda 9332606886 HOT & SEXY Models beautiful and ch...Sareena Khatun
 
一比一原版(NYU毕业证书)美国纽约大学毕业证学位证书
一比一原版(NYU毕业证书)美国纽约大学毕业证学位证书一比一原版(NYU毕业证书)美国纽约大学毕业证学位证书
一比一原版(NYU毕业证书)美国纽约大学毕业证学位证书c6eb683559b3
 
Independent Escorts & Call Girls In Aerocity Delhi - 9758998899 - Escortgram ...
Independent Escorts & Call Girls In Aerocity Delhi - 9758998899 - Escortgram ...Independent Escorts & Call Girls In Aerocity Delhi - 9758998899 - Escortgram ...
Independent Escorts & Call Girls In Aerocity Delhi - 9758998899 - Escortgram ...Escortgram India
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查ydyuyu
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsMonica Sydney
 
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime BalliaBallia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Balliameghakumariji156
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样ayvbos
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样ayvbos
 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdfMatthew Sinclair
 
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime NagercoilNagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoilmeghakumariji156
 
Delivery in 20 Mins Call Girls Cuttack 9332606886 HOT & SEXY Models beautifu...
Delivery in 20 Mins Call Girls Cuttack 9332606886 HOT & SEXY Models beautifu...Delivery in 20 Mins Call Girls Cuttack 9332606886 HOT & SEXY Models beautifu...
Delivery in 20 Mins Call Girls Cuttack 9332606886 HOT & SEXY Models beautifu...Sareena Khatun
 
💚 Call Girls Bahraich 9332606886 High Profile Call Girls You Can Get The S...
💚 Call Girls Bahraich 9332606886 High Profile Call Girls You Can Get The S...💚 Call Girls Bahraich 9332606886 High Profile Call Girls You Can Get The S...
💚 Call Girls Bahraich 9332606886 High Profile Call Girls You Can Get The S...Sareena Khatun
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsMonica Sydney
 
South Bopal [ (Call Girls) in Ahmedabad ₹7.5k Pick Up & Drop With Cash Paymen...
South Bopal [ (Call Girls) in Ahmedabad ₹7.5k Pick Up & Drop With Cash Paymen...South Bopal [ (Call Girls) in Ahmedabad ₹7.5k Pick Up & Drop With Cash Paymen...
South Bopal [ (Call Girls) in Ahmedabad ₹7.5k Pick Up & Drop With Cash Paymen...gragchanchal546
 

Recently uploaded (20)

Dubai Call Girls First Class O525547819 Call Girls Dubai Hot New Girlfriend
Dubai Call Girls First Class O525547819 Call Girls Dubai Hot New GirlfriendDubai Call Girls First Class O525547819 Call Girls Dubai Hot New Girlfriend
Dubai Call Girls First Class O525547819 Call Girls Dubai Hot New Girlfriend
 
Down bad crying at the gym t shirtsDown bad crying at the gym t shirts
Down bad crying at the gym t shirtsDown bad crying at the gym t shirtsDown bad crying at the gym t shirtsDown bad crying at the gym t shirts
Down bad crying at the gym t shirtsDown bad crying at the gym t shirts
 
一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理
 
Research Assignment - NIST SP800 [172 A] - Presentation.pptx
Research Assignment - NIST SP800 [172 A] - Presentation.pptxResearch Assignment - NIST SP800 [172 A] - Presentation.pptx
Research Assignment - NIST SP800 [172 A] - Presentation.pptx
 
Local Call Girls in Jharsuguda 9332606886 HOT & SEXY Models beautiful and ch...
Local Call Girls in Jharsuguda 9332606886 HOT & SEXY Models beautiful and ch...Local Call Girls in Jharsuguda 9332606886 HOT & SEXY Models beautiful and ch...
Local Call Girls in Jharsuguda 9332606886 HOT & SEXY Models beautiful and ch...
 
一比一原版(NYU毕业证书)美国纽约大学毕业证学位证书
一比一原版(NYU毕业证书)美国纽约大学毕业证学位证书一比一原版(NYU毕业证书)美国纽约大学毕业证学位证书
一比一原版(NYU毕业证书)美国纽约大学毕业证学位证书
 
Independent Escorts & Call Girls In Aerocity Delhi - 9758998899 - Escortgram ...
Independent Escorts & Call Girls In Aerocity Delhi - 9758998899 - Escortgram ...Independent Escorts & Call Girls In Aerocity Delhi - 9758998899 - Escortgram ...
Independent Escorts & Call Girls In Aerocity Delhi - 9758998899 - Escortgram ...
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
 
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime BalliaBallia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
 
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime NagercoilNagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
 
Delivery in 20 Mins Call Girls Cuttack 9332606886 HOT & SEXY Models beautifu...
Delivery in 20 Mins Call Girls Cuttack 9332606886 HOT & SEXY Models beautifu...Delivery in 20 Mins Call Girls Cuttack 9332606886 HOT & SEXY Models beautifu...
Delivery in 20 Mins Call Girls Cuttack 9332606886 HOT & SEXY Models beautifu...
 
💚 Call Girls Bahraich 9332606886 High Profile Call Girls You Can Get The S...
💚 Call Girls Bahraich 9332606886 High Profile Call Girls You Can Get The S...💚 Call Girls Bahraich 9332606886 High Profile Call Girls You Can Get The S...
💚 Call Girls Bahraich 9332606886 High Profile Call Girls You Can Get The S...
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
 
South Bopal [ (Call Girls) in Ahmedabad ₹7.5k Pick Up & Drop With Cash Paymen...
South Bopal [ (Call Girls) in Ahmedabad ₹7.5k Pick Up & Drop With Cash Paymen...South Bopal [ (Call Girls) in Ahmedabad ₹7.5k Pick Up & Drop With Cash Paymen...
South Bopal [ (Call Girls) in Ahmedabad ₹7.5k Pick Up & Drop With Cash Paymen...
 
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
 

Internet threats and defence mechanism

  • 1. 1 INTERNET THREATS & DEFENCE MECHANISM INTERNET THREATS AND DEFENCE MECHANISM Mr. RAJASEKAR RAMALINGAM Faculty - Department of IT College of Applied Sciences – Sur Sultanate of Oman vrrsekar@yahoo.com
  • 2. 2 Content 1. Internet Threats 1.1 Cyber-bullying 1.2 Cyberstalking 1.3 Phishing 1.4 Webspam 1.5 E-mail Spoofing 1.6 What Is Spam? 1.7 Denial-of-Service (DoS) Attack 1.8 Chain Letters – A Problem 1.9 Internet Enemies 2. Defense Mechanisms INTERNET THREATS AND DEFENCE MECHANISM
  • 3. 3 1. INTERNET THREATS 1.1 CYBER-BULLYING Cyberbullying is defined as: actions that use information and communication technologies to support deliberate, repeated, and hostile behavior by an individual or group, that is intended to harm another or others. use of communication technologies for the intention of harming another person use of Internet service and mobile technologies such as web pages and discussion groups as well as instant messaging or SMS text messaging with the intention of harming another person. A cyberbully may or may not know their target. A cyberbully may be anonymous and may solicit involvement of other people online who do not know the target. This is known as a "digital pile- on. INTERNET THREATS AND DEFENCE MECHANISM
  • 4. 4 1.2 CYBERSTALKING Use of Information and Communications Technology (Internet), by an individual or group of individuals, to harass another individual, group of individuals, or organization. What Cyberstalkers do …….?  False accusations  Attempts to gather information about the victim  Transmission of Threats  Encouraging others to harass the victim  False victimization  Attacks on data and equipment  Ordering goods and services  Identity Theft Cyberstalkers find their victims from …….? Search engines, online forums, blogs, bulletin and discussion boards, chat rooms, and more recently, through online communities such as MySpace, Facebook, Hi5 etc. INTERNET THREATS AND DEFENCE MECHANISM
  • 5. 5 1.3 PHISHING Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity through an electronic communication, especially e-mails. Major Phishing Techniques: 1. Man-in-the-middle Attacks 2. URL Attacks 3. Cross-site Scripting Attacks 4. Observing Customer Data 5. Client-side Vulnerability Exploitation INTERNET THREATS AND DEFENCE MECHANISM
  • 6. 6 PHISHERS’ MAJOR TECHNIQUES: 1. Man-in-the-Middle Attacks • A man-in-the-middle attack (MitM, MiM attack, MitMA) is an attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other. • One example of man-in-the-middle attacks is active eavesdropping, in which the attacker makes independent connections with the victims and relays messages between them to make them believe they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker. • The attacker must be able to intercept all relevant messages passing between the two victims and inject new ones. This is straightforward in many circumstances. INTERNET THREATS AND DEFENCE MECHANISM
  • 7. 7 INTERNET THREATS AND DEFENCE MECHANISM
  • 8. 8 2. URL Attacks  Bad Domain Names  Using URL obfuscation techniques, the attacker tricks the customer into connecting to their proxy server instead of the real server.  For example, the customer may follow a link to  http://www.my-bank.com instead of http://www.mybank.com INTERNET THREATS AND DEFENCE MECHANISM
  • 9. 9 Phishers’ Major Techniques… 3. Cross-site Scripting Attacks  Cross-site scripting attacks make use of custom URL or code injection into a valid web-based application URL or imbedded data field.  These techniques are the result of poor web-application development processes. Typical formats for CSS injection into valid URL’s include: Full HTML substitution: http://mybank.com/ebanking?URL=http://evilsite.com/phishing/fakepage.htm Inline embedding of scripting content: http://mybank.com/ebanking?page=1&client=<SCRIPT>evilcode... Forcing the page to load external scripting code: http://mybank.com/ebanking?page=1&response=evilsite.com%21evilcode.js&go=2 INTERNET THREATS AND DEFENCE MECHANISM
  • 10. 10 INTERNET THREATS AND DEFENCE MECHANISM
  • 11. 11 4) Observing Customer Data  Key-loggers and Screen-grabbers can be used to observe confidential customer data as it is entered into a web-based application.  This information is collected locally and typically retrieved through by attacker through the following different methods:  Continuous streaming of data (i.e. data is sent as soon as it is generated) using a custom data sender/receiver pair.  Backdoor collection by the attacker. The observation software allows the attacker to connect remotely to the customer’s machine and pull back the data as and when required. INTERNET THREATS AND DEFENCE MECHANISM
  • 12. 12 Key-loggers •The purpose of key loggers is to observe and record all key presses by the customer. •In particular, when they enter their authentication information into the web-based application login pages. •With these credentials the Phisher can then use the account for their own purposes at a later date and time. •Key-loggers may be pre-compiled objects that will observe all key presses - Regardless of application or context. Screen Grabbing •Sophisticated Phishing attacks make use of code designed to take a screen shot of data that has been entered into a web-based application. •This functionality is used to overcome some of the more secure financial applications that have special features build-in to prevent against standard key-logging attacks. INTERNET THREATS AND DEFENCE MECHANISM
  • 13. 13 5) Client-side Vulnerability Exploitation  The sophisticated browsers used to surf the web, any commercial piece of software, are often vulnerable to a myriad of attacks.  The more functionality built into the browser, the more likely their exists a vulnerability that could be exploited by an attacker.  Software vendors have made great strides in methods of rolling out software updates and patches, home users are notoriously poor in applying them.  This, combined with the ability to install add-ons (such as Flash, RealPlayer and other embedded applications) means that there are many opportunities for attack.  Similar to the threat posed by some of the nastier viruses and automated worms, these vulnerabilities can be exploited in a number of ways. INTERNET THREATS AND DEFENCE MECHANISM
  • 14. 14 1.4 WEBSPAM Webspam is the term for webpages that are designed by webmasters to trick search engines and draw users to their websites. Why do Spammers Create Spam Pages ?  To make money  To change search engine rankings  To do harm to users’ computers with sneaky downloads How do Spammers Create Spam Pages ?  Hidden text and hidden links  Keyword stuffing  Sneaky redirects  Cloaking with JavaScript redirects and 100% frame INTERNET THREATS AND DEFENCE MECHANISM
  • 15. 15 1.5 E-MAIL SPOOFING  E-mail spoofing is a term used to describe fraudulent e-mail activity in which the sender address and other parts of the e-mail header are altered to appear as though the e-mail originated from a different source.  E-mail spoofing is a technique commonly used for spam e-mail and phishing to hide the origin of an e-mail message.  The term spam refers to unsolicited, often unwanted, email messages.  Spam does not necessarily contain viruses, valid messages from legitimate sources could fall into this category. 1.6 WHAT IS SPAM? INTERNET THREATS AND DEFENCE MECHANISM
  • 16. 16 INTERNET THREATS AND DEFENCE MECHANISM
  • 17. 17 1.7 DENIAL-OF-SERVICE (DOS) ATTACK A denial-of-service attack (DoS attack) or distributed denial-of- service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. How to block a "denial of service" attack? By setting up a filter, or "sniffer," on a network before a stream of information reaches a site's Web servers. INTERNET THREATS AND DEFENCE MECHANISM
  • 18. 18 1.8 CHAIN LETTERS – A PROBLEM  Mask viruses or other malicious activity.  Although they seem harmless, may have negative impact if you forward them:  Consume bandwidth/space within the recipient's inbox.  Force people to waste time sifting through the messages & possibly taking time to verify the information.  You are spreading hype and, often, unnecessary fear and paranoia. Some types of chain letters 1) Hoaxes: • Attempt to trick or defraud users. • Instructing users to delete an important file by claiming it is a virus. • It could also be a scam that convinces users to send money or personal information. 2) Urban legends: • Designed to be redistributed and usually warn users of a threat or claim to be notifying them of important or urgent information. • Promise users monetary rewards for forwarding the message. INTERNET THREATS AND DEFENCE MECHANISM
  • 19. 19 HoaxMail INTERNET THREATS AND DEFENCE MECHANISM
  • 20. 20 1.9 INTERNET ENEMIES 1) COMPUTER VIRUS • A virus is a self-replicating and self-executable malicious software. • It spreads being attached to other files. 2) WORMS • Computer worms are similar to viruses (they are also self-replicating). • While viruses are attached to another software, worms can function separately. • Worms can delete files on your computer, send files via e-mails, even to spread across the Internet. 3) TROJAN HORSE (TROJAN) • A program that appears desirable but actually contains something harmful; "the contents of a trojan can be a virus or a worm“. INTERNET THREATS AND DEFENCE MECHANISM
  • 21. 21 Internet Enemies….. 4) ROOTKIT • This is a special kind of software. • Once installed, totally hidden on your computer. • One of its most dangerous activity is that it leaves a 'backdoor' on the target system, and can gain control over it without the needed privileges. • It can also hide keyloggers which can send data about what you type in on your computer. 5) SPYWARE • They collect personal data from your computer & send it to a company. • Who analyses it to gain precious information for their business. INTERNET THREATS AND DEFENCE MECHANISM
  • 22. 22 2. DEFENSE MECHANISMS 1) FIREWALL: A firewall helps protect your computer by preventing unauthorized users from gaining access to it through a network or the Internet. What type of firewall is best? • Hardware: Router • Software: ISA Server 2) USE ANTI-VIRUS SOFTWARE: • Anti-virus software is designed to protect you and your computer against known viruses. • But with new viruses emerging daily, anti-virus programs need to be updated regularly. INTERNET THREATS AND DEFENCE MECHANISM
  • 23. 23 3) ATTACKER E-MAIL VICTIM [SHORTEST & EASIEST ROUTE]  Don't give your email address out arbitrarily.  Don't follow links in spam messages.  Do not open email from unknown sources.  Consider opening an additional email account.  Use caution when opening/downloading attachments.  Password………?  Don't spam other people.  Benefits of BCC (Blind Carbon Copy). INTERNET THREATS AND DEFENCE MECHANISM
  • 24. 24 4) SECURE YOUR WEB BROWSER INTERNET THREATS AND DEFENCE MECHANISM
  • 25. 25 5) DIGITAL SIGNATURE: • A digital signature is basically a way to ensure that an electronic document (e-mail, spreadsheet, text file, etc.) is authentic. 6) AUTHENTICATION: • Authentication is the process of verifying that information is coming from a trusted source. Methods: Passwords, Checksum, CRC etc. 7) ENCRYPTION: • Encryption is the process of taking all the data that one computer is sending to another and encoding it into a form that only the other computer will be able to decode. INTERNET THREATS AND DEFENCE MECHANISM
  • 26. 26 8) DIGITAL CERTIFICATE: • A digital certificate is essentially a bit of information that says the Web server is trusted by an independent source known as a Certificate Authority. • The Certificate Authority acts as the middleman that both computers trust. 9) CERTIFICATE AUTHORITY (CA): • A certificate authority or certification authority (CA) is an entity that issues digital certificates for use by other parties. • It is an example of a trusted third party. • Some CAs include : VeriSign, Inc., Mountain View, California Comodo Group, Inc. Washington, USA WebTrust Toronto, Canada INTERNET THREATS AND DEFENCE MECHANISM

Editor's Notes

  1. It is called “cloaking” when the webmaster shows different pages to the search engine and the user. Quietly &amp; Secretly
  2. Internet Security and Acceleration Server