More Related Content
Similar to Cscu module 06 internet security (20)
Cscu module 06 internet security
- 2. Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
2
On Monday, the Obama administration proposed a much‐needed international effort to bolster the security of the Internet. It’s
needed because cyberspace has come to serve as both a communications miracle and, potentially, one of the greatest threats to
our security in the 21st century.
That description may seem like hyperbole as it pulls in two completely different directions. But there are justifications for both
descriptions.
The Internet is arguably the greatest technological breakthrough introduced to our society since the television. Perhaps that’s more
hyperbole, unless you consider just how much of our world now is tied to online access and interconnectivity.
The 2010 census noted that 68.7 percent of all U.S. households have Internet connections; a vast majority of businesses also use
the Web for marketing or for inventory purposes, among other tools.
Cyberspace has become a staple in our lives, even if you don’t have an Internet connection in your home or office. Our banking, our
medical records, our credit and our businesses are all linked in some form to the Web. So, too, is much of our infrastructure, our
communication and our national security. Odds are, there is something you want, rely on or need each day that is dependent on
Internet connectivity for you to have it. That may not be a game‐changer in terms of how you live your life, but it’s definitely a
sobering impact.
Our View: Bolstering Internet Security Is Imperative
http://www.yankton.net
May 18, 2011 1:15 AM CDT
- 8. Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
8
Internet Explorer Security
Settings: ActiveX Controls
ActiveX controls are small programs that work
over the Internet through the browser
They include customized applications that are
required to gather data, view select files, and run
animations when the user visits websites
Malware is downloaded onto the user system
through ActiveX controls when he/she visits
malicious websites
Disable the ActiveX controls and plug‐ins options
in the Security Settings window
Enable the Automatic prompting for ActiveX
controls option so that the browser prompts
when there is a requirement of ActiveX controls
and plug‐ins to be enabled
Click OK to apply the settings
- 18. Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
18
Mozilla Firefox: Security Settings
Select Security from the Options window
Check the option Warn me when sites try to
install add‐ons so that the browser prompts
before installing add‐ons to the browser
Click the Exceptions button and enter the URL into
Address of Website box and click Allow to specify
which websites are allowed to install add‐ons
Check the Block reported attack sites option to
avoid visiting malicious websites
Check the option Block reported web forgeries
to actively check whether the site being visited
is an attempt to steal personal information
Uncheck the Remember passwords for sites
option to prevent the browser from remembering
the passwords for the login pages visited
- 31. Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
31
Instant Messaging Security Issues
IMWorm
A worm that harms the computer and locates all the
contacts in the IM address book
The IMWorm tries to send itself to all the contacts in the
user’s IM contact list
Social Engineering
Social engineering depends on human interaction that
involves tricking people through IM and getting their
personal information
Spam over IM( SPIM)
SPIM is spam delivered through IM instead of delivering
it through email
IM systems such as Yahoo! Messenger, AIM, Windows
Live Messenger, and chat rooms in social networking
sites are popular targets for spammers
- 37. Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
37
Insecure or Compromised Game Servers
and Game Coding
If the software at the game server is compromised,
the computers that are connected to the server can
also be compromised
Any game with a network connection has a risk
involved
The attacker may even use the vulnerabilities to
crash the gaming server
The vulnerabilities in the game server can be used by the
attackers to:
Steal game passwords
Steal information from the gamers’ computers
Control the gamers’ computers remotely
Launch attacks on other computers
Install programs such as Trojans, adware, spyware
The game code is generally not as well analyzed as the
other software coding
This may result in introducing unknown vulnerabilities
onto the computer
- 50. Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
50
Parents may take all the precautions to protect the child online, but all that could
be negated when the child is unconsciously led to visit harmful sites
When a user searches for websites, the search engines display the results using
the meta variables
Search engines use terms known as “meta variables” to index a website
Porn site promoters add popular search terms to their meta variable list, to redirect
the web traffic towards their site
Porn sites may use the words “sports”, “school”, “movies”, etc., to lure children
to their websites
Unless a filtering software is used, the search engines cannot distinguish between
the search requests of an adult and a child
Misdirected Searches
1
2
3
4
5
6
Example: a sports website may be indexed by the meta terms “soccer”,
“football”, “scores”, etc.
- 51. Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
51
Stealth Sites and Misleading
URLs
Pornographic websites
thrive on increased web
traffic
Pornographic sites use
common typo errors to
lure visitors to their
websites
Children may end up at a
pornographic website just by
typing
“www.whitehouse.com”
instead of
“www.whitehouse.gov”
Porn site promoters buy
domain names such as the
“.com” equivalent of a “.gov”
or a “.org” website, being
aware that web surfers would
end up at their website if
there is a typographical error
- 52. Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
52
Child Pornography, Grooming, and
Cyberbullying
Child Pornography Grooming Cyberbullying
“Under federal law (18 U.S.C.
§2256), child pornography is
defined as any visual depiction,
including any photograph, film,
video, picture, or computer or
computer‐generated image or
picture, whether made or
produced by electronic,
mechanical, or other means, of
sexually explicit conduct, where
the production of the visual
depiction involves the use of a
minor engaging in sexually
explicit conduct”
“Grooming” is an act of
befriending and establishing
emotional connection with
children
Child grooming is used for
lessening the child’s
inhibitions and preparing
them for child abuse
The offenders target children
through attention, affection,
kindness and sympathy, and
offer gifts and/or money
Cyberbullying occurs when a
child, preteen or teen, is
threatened, harassed, and/or
embarrassed using the
Internet or mobile phones or
other communication media
Cyberbullying signs:
Upset after using the
computer
Refuse to step out of the
house or to go to school
Draws away from friends
and family
‐http://www.missingkids.com
- 53. Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
53
Role of the Internet in Child Pornography
The Internet provides easy access to huge quantities of pornographic materials
It ensures complete anonymity and privacy
Various web services such as emails, newsgroups, and chat rooms facilitate the
sharing of pornographic materials
It provides a cost‐effective medium for the transfer of pornographic
materials
It enables people with an Internet connection to access pornographic
materials at any time and anywhere
It supports transfer of pornographic materials in various formats that can be
stored on different digital storage devices
- 55. Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
55
Risks Involved in Social Networking
Websites
People on the social networking websites can view the profiles,
photos, and videos of other people on that website
The child may provide too much information on a social
networking website
Online predators may use this information for cyberbullying,
identity theft, or cyber exploitation
Online predators may get information such as email IDs,
telephone numbers, residential address, hobbies, interests
and more from their profile
- 58. Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
58
Finding if Children are at Risk Online
The parent can find if their children are facing any online threats from the following symptoms:
Pornographic material is present on the child’s computer
The child spends more time sitting at the computer
The child receives phone calls and/or gifts from unknown
persons
The child turns off the monitor or quickly changes the
screen when the parent enters their room
The child looks depressed and does not show any interest in
talking with family or friends
- 59. Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
59
Ensure that the child knows about dangers
of computer‐sex offenders
Monitor what the child does on the
computer
Use caller ID on phones to determine who is
calling the child, and block numbers that
are suspicious
Monitor the child's access to all types of live
electronic communications such as chat
rooms, instant messages, Internet Relay
Chat, etc.
Restrict access to the malicious and porn
websites using Internet content filtering
software
If the child is maintaining a social
networking profile, look closely at what
information they have posted in their
member profiles and blogs, including
photos and videos
Protecting Children from Online
Threats
Check credit card statements each
month for any unusual charges that may
indicate unauthorized purchases by a
stranger or your child
Notify the police if someone the child
met online starts calling them, sends
gifts, or trying to lure them for revealing
sensitive information
Ensure that the child does not:
Provide personal information such as
name, address, phone, school name
Meet anyone online without
permission
Open emails from unknown senders
Share their photos/videos with
strangers over the Internet
- 64. Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
64
Actions To TakeWhen the Child
Becomes an Online Victim
Report the offense to the
Internet Service Provider
(ISP)
Also report to the offender’s ISP
Encourage the child not to
log into the website where
bullying occurred
Block the offender’s email
address and screen name so
that they cannot contact the
child anymore
Change the online
information of the child and
delete the social networking
accounts if necessary
Ignore any contact from the
online predator or cyberbully
- 66. Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
66
Internet Laws
Why you need to
know Internet laws:
Internet laws cover: Important laws:
Defamation
Intellectual property
Patents
Copyrights
Privacy infringement
Child protection, etc.
USA PATRIOT Act
Children’s Online Privacy
Protection Act (COPPA)
The Digital Millennium
Copyright Act
CAN‐SPAM Act
Computer Misuse Act 1990
European Union Data
Protection Directive
Data Protection Act 1998
Internet users should know the
Internet laws to leverage the
disputes against e‐commerce
vendors, fraudsters/Internet
criminals, etc.,
Knowing the Internet laws helps
the users to understand what
they can and cannot post on the
Internet
Also, users need to know the
Internet laws to be able to legally
use the immense content
present on the Internet
The web space is a vast terrain and with plethora of e‐commerce sites, analytical sites, sports sites,
information sites, business sites, etc.
Such a large domain requires supervision to protect the netizens from Internet criminals, attackers, etc.
Internet laws protect the users from immoral/indecent acts, privacy breach, etc., on the Internet
- 67. Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
67
USA PATRIOT Act
USA PATRIOT (Uniting and Strengthening
America by Providing Appropriate Tools
Required to Intercept and Obstruct Terrorism,
USAPA),was passed on October 26, 2001
TITLE II‐Enhanced Surveillance Procedures,
section 216 of the Patriot act, gives law
enforcement authorities access to dialing,
routing, and signaling information
According to the act, law enforcement
authorities have access to the email packets
(includes email content)
Under the act, the government can compel
the ISP to release the subscriber information
that includes:
Customer name
Customer address
Mode of payment
Credit card information
Bank account information
Section 212 of the act allows the ISPs to
voluntarily disclose the customer
information including the customer records
and all electronic transmissions (email,
voice transmissions)
The ISPs may choose to reveal the
customer information if they believe that
there is risk of death or bodily injury to an
individual/group
Section 220 of the act allows for
nationwide search warrants for email
This gives the authorities the right to
search a suspect without having to go to
the place of the ISP
- 68. Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
68
Children’s Online Privacy
Protection Act (COPPA)
The COPPA is relevant to the online collection of
personal information from children below the age
of 13
The act dictates:
What a website owner must include in the privacy
policy
When and how the verifiable consent can be requested
from the parents
The responsibility of the website owner in protecting
the children’s online safety and privacy
Every operator of a website or online service who
collects the personal information of children,
knowingly, must comply with COPPA
The operator must include a link to the privacy
policy of the website on the home page
The privacy policy should include:
The name and contact information of all the operators
collecting/maintaining the personal information
The kind of personal information that will be collected
How the operator intends to use the personal information
Whether the operator releases the personal information
to third parties
If the parents’ consent is required for releasing the
information to third parties
The procedure that the parents should follow to control
their children’s personal information
According to the act, the operator should:
Notify the parents that he/she intends to collect their
children’s information
Ask for the parents’ consent before releasing the
information to the third parties/public disclosure
Inform the parents about the internal use of the personal
information
Inform the parents if there are any changes in the privacy
policy
- 71. Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
71
The CAN‐SPAM act was signed into
law by the U.S. President George W.
Bush on December 16, 2003
The act establishes the standards for
sending commercial email
The CAN‐SPAM act:
Defines the rules for commercial email
Establishes the requirements for
commercial messages
Gives recipients the right to have the
sender stop emailing them
Each email that violates CAN‐SPAM act
is subject to penalties of up to
$16,000
Do not use false or misleading email
header information
If the message is an advertisement,
you are required to disclose it
clearly
You should tell the recipients how
they can opt out of receiving further
emails from you
You should honor the recipients opt‐
out request within 10 business days
If a third party is sending emails on
your behalf, monitor what they are
sending to the recipients
CAN-SPAM Act
Requirements
- 72. Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
72
Computer Misuse Act 1990
The act makes certain activities
illegal such as:
Hacking into other users’ computers
Misusing software
Helping an attacker gain access to
secured files/documents in another
user’s computer
The Computer Misuse Act 1990 is an act of the UK Parliament
The act defines three computer
misuse offenses:
Unauthorized access to computer material
Unauthorized access with intent to commit
or facilitate commission of further offenses
Unauthorized modification of computer
material