1. The document discusses network security goals such as protecting confidentiality, ensuring data integrity, and ensuring data availability. 2. It recommends planning for security which includes creating security policies and procedures, performing risk assessments, and ensuring adequate funding and staff training. 3. The document defines various types of malware like viruses, trojans, spyware, worms, and bots, and explains spam and phishing scams.

1. NETWORK SECURITY MALIT 216: Information Networks and Resource Sharing May 17, 2010

2. I. Goals of Security 1. To protect confidentiality by ensuring private information is kept private. 2. To ensure data integrity by preventing data from being inappropriately changed or deleted. 3. To ensure data availability by making sure services are available and uninterrupted, that data can be accessed whenever it is needed and that data can be restored quickly.

3. Therefore, public access computer security must at least ensure: Availability Integrity Privacy Access

4. II. Planning for Security Create or modify policies and procedures Perform a Risk Assessment , which should include threats and vulnerabilities facing the library’s computers and networks. Create a Security Policy which includes specific protection strategies .

5. II. Planning for Security... Con’t 1/3 2. Revisit disaster recovery plans A disaster recovery plan should also be created that covers: Procedures to be followed in the event of a network attack or failure. The location of offsite storage of installation media and backup media Backup documentation and installation procedures documentation A technology asset inventory A list of personnel authorized and capable of system restoration

6. II. Planning for Security... Con’t 1/3 3. Ensure adequate funding -train and educate staff 4. Incorporate security lifecycle - using strong passwords

7. I. Goals of Security Internet Security involves the protection of a computer’s Internet account and files from intrusion of an unknown user. Basic security measures involve protection by well selected passwords, change of file permissions and back up of computer’s data.

8. Anti-virus programs and Internet security programs are useful in protecting a computer or programmable device/system from malware

9. Malware is the most general name for any malicious software designed for example to infiltrate, spy on or damage a computer or other programmable device or system of sufficient complexity. Viruses are programs which are able to replicate their structure or effect by integrating themselves or references to themselves, etc into existing files or structures on a penetrated computer. For example by deleting, corrupting or otherwise hiding information from its owner.

10. Trojans (Trojan Horses) are programs which may pretend to do one thing, but in reality steal information, alter it or cause other problems on a computer or programmable device/system. Spyware includes programs that surreptitiously monitor keystrokes, or other activity on a computer system and report that information to others without consent.

11. Worms are programs which are able to replicate themselves over a computer network, and also perform malicious acts that may ultimately affect a whole society/economy. Bots are programs that take over and use the resources of a computer system over a network without consent, and communicate those results to others who may control the Bots.

12. What is SPAM ? Title : SPAM AND PHISHING SCAMS WXGB6310 Management of Internet Resources Spam is defined as "Unsolicited Commercial E-mail". Spam is flooding the Internet with many copies of the same message, in an attempt to force the message on people who would not otherwise choose to receive it. Real spam is generally e-mail advertising for some product sent to a mailing list or newsgroup. Most spam is commercial advertising, often for dubious products, get-rich- ,quick schemes, or quasi- legal services. SPAM PHISHING SCAMS WEBLIOGRAPHIES

13. WXGB6310 Management of Internet Resources There are two main types of spam, and they have different effects on Internet users. Cancellable Usenet spam is a single message sent to 20 or more Usenet newsgroups. - Usenet spam is aimed at "lurkers", people who read newsgroups but rarely or never post and give their address away. Usenet spam robs users of the utility of the newsgroups by overwhelming them with a barrage of advertising or other irrelevant posts. Furthermore, Usenet spam subverts the ability of system administrators and owners to manage the topics they accept on their systems. SPAM PHISHING SCAMS WEBLIOGRAPHIES What is SPAM ? Title : SPAM AND PHISHING SCAMS

14. WXGB6310 Management of Internet Resources SPAM PHISHING SCAMS WEBLIOGRAPHIES What is it BAD? The free ride . E-mail spam is unique in that the receiver pays so much more for it than the sender does. For example, AOL has said that they were receiving 1.8 million spams from Cyber Promotions per day until they got a court injunction to stop it. 2. The ``oceans of spam'' problem . Many spam messages say ``please send a REMOVE message to get off our list.'' Even disregarding the question of why you should have to do anything to get off a list you never asked to join, this becomes completely impossible if the volume grows. Hardly. If spam grows, it will crowd our mailboxes to the point that they're not useful for real mail. Title : SPAM AND PHISHING SCAMS

15. WXGB6310 Management of Internet Resources SPAM PHISHING SCAMS WEBLIOGRAPHIES 3. The theft of resources . An increasing number of spammers, such as Quantum Communications, send most or all of their mail via innocent intermediate systems, to avoid blocks that many systems have placed against mail coming directly from the spammers' systems. 4. It's all garbage . The spam messages I've seen have almost without exception advertised stuff that's worthless, deceptive, and partly or entirely fraudulent. What is it BAD? Title : SPAM AND PHISHING SCAMS

16. WXGB6310 Management of Internet Resources SPAM PHISHING SCAMS WEBLIOGRAPHIES How to AVOID? 1. Disguise e-mail addresses posted in a public electronic place. 2. Use multiple e-mail addresses. 3. Use a filter. - Read carefully when filling out online forms requesting your e-mail address, and exercise your choice. 4. Short e-mail addresses are easy to guess, and may receive more spam. Title : SPAM AND PHISHING SCAMS

17. WXGB6310 Management of Internet Resources SPAM PHISHING SCAMS WEBLIOGRAPHIES What is PHISHING SCAMS? - The term "phishing" – as in fishing for confidential information - refers to a scam that encompasses fraudulently obtaining and using an individual's personal or financial information. - Phishing scams are just another attempt to get valuable information . Scammers send a mass email to every address they can find. Typically the message will appear to come from a bank or financial institution. The email states that you should update your information for one reason or another, and they usually provide a link that you can click to do so. Title : SPAM AND PHISHING SCAMS

18. WXGB6310 Management of Internet Resources SPAM PHISHING SCAMS WEBLIOGRAPHIES How PHISHING SCAMS works? 1. A consumer receives an e-mail which appears to originate from a financial institution, government agency, or other well-known/reputable entity. 2. The message describes an urgent reason you must "verify" or "re-submit" personal or confidential information by clicking on a link embedded in the message. 3. The provided link appears to be the Web site of the financial institution, government agency or other well-known/reputable entity, but in "phishing" scams, the Web site belongs to the fraudster/scammer. Title : SPAM AND PHISHING SCAMS

19. WXGB6310 Management of Internet Resources SPAM PHISHING SCAMS WEBLIOGRAPHIES Once inside the fraudulent Web site, the consumer may be asked to provide Social Security numbers, account numbers, passwords or other information used to identify the consumer, such as the maiden name of the consumer's mother or the consumer's place of birth. When the consumer provides the information, those perpetrating the fraud can begin to access consumer accounts or assume the person's identity. How PHISHING SCAMS works? Title : SPAM AND PHISHING SCAMS

20. WXGB6310 Management of Internet Resources SPAM PHISHING SCAMS WEBLIOGRAPHIES Example Of Phishing Scams Title : SPAM AND PHISHING SCAMS

21. WXGB6310 Management of Internet Resources SPAM PHISHING SCAMS WEBLIOGRAPHIES Example Of Phishing Scams Title : SPAM AND PHISHING SCAMS

22. WXGB6310 Management of Internet Resources SPAM PHISHING SCAMS WEBLIOGRAPHIES Example Of Phishing Scams Title : SPAM AND PHISHING SCAMS

23. WXGB6310 Management of Internet Resources SPAM PHISHING SCAMS WEBLIOGRAPHIES Educating yourself to the dangers of phishing is critical to preventing theft of your personal and financial information. 2. Never respond directly to email requesting personal information. 3. If you doubt a message's authenticity, verify it by contacting the institution itself. 4. Be cautious about opening any attachment or downloading any files from emails you receive, regardless of who they're from. Things You Do to protect Yourself from Phishing Attacts? Title : SPAM AND PHISHING SCAMS

24. WXGB6310 Management of Internet Resources SPAM PHISHING SCAMS WEBLIOGRAPHIES 5. Avoid filling out forms in email messages asking for personal financial information. 6. Avoid spoofed sites by typing the URL directly into your browser's address bar yourself. 7. When prompted for a password, give an incorrect one first. A phishing site will accept it; a legitimate one won't. Things You Do to protect Yourself from Phishing Attacts? Title : SPAM AND PHISHING SCAMS

25. WXGB6310 Management of Internet Resources SPAM PHISHING SCAMS WEBLIOGRAPHIES Differences Between PHISHING and SPAM Messages Given phishing email is unsolicited, it is a form of spam. However, the differences between old-style spam and phishing email are critical. Old-style spammed email is often authentic, albeit a nuisance, promoting a real product or service, while phishing email messages are based on fraud and deceit. While spammers often seek attention through the use of their messages, phishers avoid attention, masquerading as a trusted source in order to get you to divulge information they can use for their own malicious purposes. Title : SPAM AND PHISHING SCAMS

26. WXGB6310 Management of Internet Resources SPAM PHISHING SCAMS WEBLIOGRAPHIES Phishing Scams http://www.microsoft.com/athome/security/email/phishing.mspx?ifs=0 http://banking.about.com/od/securityandsafety/a/phishingscams.htm http://www.uh.edu/infotech/news/story.php?story_id=802 http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?ID=38328 5. http://www.fdic.gov/consumers/consumer/alerts/phishing.html 6. http://www.onguardonline.gov/topics/phishing.aspx http://www.ehow.com/how_2003261_phishing-web-page.html http://www.hoax-slayer.com/phisher-scams.html http://banking.about.com/od/securityandsafety/a/phishingscams.htm 10. http://spamlinks.net/scams-phish.htm 1. http://spam.abuse.net/overview/whatisspam.shtml http://en.wikipedia.org/wiki/Spam_(electronic) 3. http://www.cdt.org/speech/spam/030319spamreport.shtml http://www.spamprimer.com/ http://www.webopedia.com/TERM/s/spam.html http://computer.howstuffworks.com/spam.htm http://www.spamhaus.org/definition.html http://www.paulgraham.com/antispam.html http://www.accc.gov.au/content/index.phtml/itemId/54073 http://www.stopspamhere.ca/ Spam Title : SPAM AND PHISHING SCAMS