4. Web beacon cont…
• Also called a Web bug or a pixel tag or a clear GIF.
• Used in combination with cookies, a Web beacon is an often-
transparent graphic image, usually no larger than 1 pixel x 1
pixel, that is placed on a Web site or in an e-mail that is used to
monitor the behavior of the user visiting the Web site or
sending the e-mail.
• When the HTML code for the Web beacon points to a site to
retrieve the image, at the same time it can pass along
information such as the IP address of the computer that
retrieved the image, the time the Web beacon was viewed and
for how long, the type of browser that retrieved the image and
previously set cookie values.
5. Web beacon cont…
• Web beacons are typically used by a third party to monitor the
activity of a site. A Web beacon can be detected by viewing
the source code of a Web page and looking for any IMG tags that
load from a different server than the rest of the site.
• Turning off the browser's cookies will prevent Web beacons from
tracking the user's activity. The Web beacon will still account for
an anonymous visit, but the user's unique information will not be
recorded.
7. Phishing cont…
• Phishing is the attempt to acquire sensitive information such
as usernames, passwords, and credit card details (and
sometimes, indirectly, money) by masquerading as a
trustworthy entity in an electronic communication.
• Phishing emails may contain links to websites that are
infected with malware.Phishing is typically carried out
by email spoofingor instant messaging, and it often directs
users to enter details at a fake website whose look and
feel are almost identical to the legitimate one
8. Examples of Phishing Messages
• You open an email or text, and see a message like this:
• "We suspect an unauthorized transaction on your account. To
ensure that your account is not compromised, please click the
link below and confirm your identity."
• "During our regular verification of accounts, we couldn't
verify your information. Please click here to update and verify
your information."
• “Our records indicate that your account was overcharged. You
must call us within 7 days to receive your refund.”
• The senders are phishing for your information so they can
use it to commit fraud.
9. How to Deal with Phishing Scams
• Delete email and text messages that ask you to confirm or
provide personal information (credit card and bank account
numbers, Social Security numbers, passwords, etc.).
Legitimate companies don't ask for this information via email
or text.
• The messages may appear to be from organizations you do
business with – banks, for example. They might threaten to
close your account or take other action if you don’t respond.
• Don’t reply, and don’t click on links or call phone numbers
provided in the message, either.
10. Action Steps
• You can take steps to avoid a phishing attack:
• Use trusted security software and set it to update automatically. In addition, use
these computer security practices.
• Don't email personal or financial information. Email is not a secure method of
transmitting personal information.
• Only provide personal or financial information through an organization's website if
you typed in the web address yourself and you see signals that the site is secure, like a
URL that begins https (the "s" stands for secure).
• Review credit card and bank account statements as soon as you receive them to check
for unauthorized charges.
• Be cautious about opening attachments and downloading files from emails,
regardless of who sent them
12. What makes transactions insecure?
• Public networks
• Insecure protocols
• Unseen parties and many more…
Solution HTTPS…
13. What is HTTPS?
• Hyper Text Transfer Protocol Secure (HTTPS) is the secure version of HTTP, the
protocol over which data is sent between your browser and the website that you
are connected to. The 'S' at the end of HTTPS stands for 'Secure'.
• It means all communications between your browser and the website are
encrypted. HTTPS is often used to protect highly confidential online
transactions like online banking and online shopping order forms.
• Web browsers such as Internet Explorer, Firefox and Chrome also display a
padlock icon in the address bar to visually indicate that a HTTPS connection is
in effect.
14.
15. What is an SSL Certificate?
• SSL Certificates are small data files that digitally bind a cryptographic key to an
organization’s details. When installed on a web server, it activates the padlock
and the https protocol (over port 443) and allows secure connections from a
web server to a browser.
• Typically, SSL is used to secure credit card transactions, data transfer and logins,
and more recently is becoming the norm when securing browsing of social
media sites. SSL Certificates bind together:
• A domain name, server name or hostname.
• An organizational identity (i.e. company name) and location.
16.
17.
18. • To view the details of an SSL Certificate, go to a secure site, click on the padlock
and select “View Certificate”. All browsers are slightly different, but the
Certificate always contains the same information.
19. Public Key Infrastructure (PKI) related
activities:
• Ensures the identity of a remote computer
• Proves your identity to a remote computer
• Ensures software came from software publisher
• Protects software from alteration after publication
• Protects e-mail messages
• Allows data to be signed with the current time
• Allows data on disk to be encrypted
• Allows secure communication on the Internet
• Permits all key usage policies
• OCSP Signing
20. Why Is an SSL Certificate Required?
• All communications sent over regular HTTP connections are in 'plain text' and
can be read by any hacker that manages to break into the connection between
your browser and the website.
• This presents a clear danger if the 'communication' is on an order form and
includes your credit card details or social security number. With a HTTPS
connection, all communications are securely encrypted.
• This means that even if somebody managed to break into the connection, they
would not be able decrypt any of the data which passes between you and the
website.
21. Benefits of Hypertext Transfer Protocol Secure
• Customer information, like credit card numbers, is encrypted and cannot be
intercepted
• Visitors can verify you are a registered business and that you own the domain
• Customers are more likely to trust and complete purchases from sites that use
HTTPS
23. What is spyware?
• Spyware is software that aids in gathering information about a person or
organization without their knowledge and that may send such information to
another entity without the consumer's consent, or that asserts control over a
computer without the consumer's knowledge.
• "Spyware" is mostly classified into four types: system monitors, trojans, adware,
and tracking cookies.Spyware is mostly used for the purposes of tracking and
storing Internet users' movements on the Web and serving up pop-up ads to
Internet users.
• Whenever spyware is used for malicious purposes, its presence is typically
hidden from the user and can be difficult to detect. Some spyware, such
as keyloggers, may be installed by the owner of a shared, corporate, or public
computer intentionally in order to monitor users.
24. Remedies and prevention
• Spyware remains a costly problem. When a large number of pieces of spyware
have infected a Windows computer, the only remedy may involve backing up
user data, and fully reinstalling the operating system. For instance, some
spyware cannot be completely removed by Symantec, Microsoft, PC Tools.
25. Anti-spyware programs
• Many programmers and some commercial firms have released products
dedicated to remove or block spyware. Programs such as PC Tools' Spyware
Doctor, Lavasoft's Ad-Aware SE and Patrick Kolla's Spybot - Search &
Destroy rapidly gained popularity as tools to remove, and in some cases
intercept, spyware programs.
• On December 16, 2004,Microsoft acquired the GIANT
AntiSpyware software, rebranding it as Windows AntiSpyware beta and releasing
it as a free download for Genuine Windows XP and Windows 2003 users. (In
2006 it was renamed Windows Defender).
27. Anti-spyware programs
• In cryptography and computer security, the man-in-the-middle attack (often
abbreviated to MITM, MitM, MIM, MiM or MITMA) requires an attacker to have
the ability to both monitor and alter or inject messages into a communication
channel.
28. • The hacker is impersonating both sides of the conversation to gain access to funds.
This example holds true for a conversation with a client and server as well as
person-to-person conversations. In the example above, the attacker intercepts a
public key and with that can transpose his own credentials to trick the people on
either end into believing they are talking to one another securely.
29. Interactions Susceptible to MITM Attacks
• Financial sites – between login and authentication
• Connections meant to be secured by public or private keys
• Other sites that require logins – where there is something to be
gained by having access
31. Denial of services attacks
• In a denial-of-service (DoS) attack, an attacker attempts to prevent legitimate
users from accessing information or services. By targeting your computer and its
network connection, or the computers and network of the sites you are trying to
use, an attacker may be able to prevent you from accessing email, websites, online
accounts (banking, etc.), or other services that rely on the affected computer.
• The most common and obvious type of DoS attack occurs when an attacker
"floods" a network with information. When you type a URL for a particular
website into your browser, you are sending a request to that site's computer
server to view the page.
• The server can only process a certain number of requests at once, so if an attacker
overloads the server with requests, it can't process your request. This is a "denial
of service" because you can't access that site.
32. • An attacker can use spam email messages to launch a similar attack on your
email account. Whether you have an email account supplied by your employer
or one available through a free service such as Yahoo or Hotmail, you are
assigned a specific quota, which limits the amount of data you can have in your
account at any given time. By sending many, or large, email messages to the
account, an attacker can consume your quota, preventing you from receiving
legitimate messages.
33. What is a distributed denial-of-service
(DDoS) attack?
• In a distributed denial-of-service (DDoS) attack, an attacker may use your
computer to attack another computer.
• By taking advantage of security vulnerabilities or weaknesses, an attacker could
take control of your computer. He or she could then force your computer to send
huge amounts of data to a website or send spam to particular email addresses.
• The attack is "distributed" because the attacker is using multiple computers,
including yours, to launch the denial-of-service attack.
34.
35. How do you avoid being part of the problem?
• Unfortunately, there are no effective ways to prevent being the
victim of a DoS or DDoS attack, but there are steps you can take to
reduce the likelihood that an attacker will use your computer to
attack other computers:
• Install and maintain anti-virus software.
• Install a firewall, and configure it to restrict traffic coming into and leaving
your computer.
• Follow good security practices for distributing your email address. Applying
email filters may help you manage unwanted traffic.
36. How do you know if an attack is happening?
• Not all disruptions to service are the result of a denial-of-service
attack. There may be technical problems with a particular
network, or system administrators may be performing
maintenance. However, the following symptoms could indicate a
DoS or DDoS attack:
• unusually slow network performance (opening files or accessing websites)
• unavailability of a particular website
• inability to access any website
• dramatic increase in the amount of spam you receive in your account
38. DNS spoofing
• DNS spoofing (or DNS cache poisoning) is a computer hacking attack,
whereby data is introduced into a Domain Name System (DNS) resolver's cache,
causing the name server to return an incorrect IP address, diverting traffic to the
attacker's computer (or any other computer).
39. Cache poisoning attacks
• Normally, a networked computer uses a DNS server provided by an Internet
service provider (ISP) or the computer user's organization. DNS servers are
used in an organization's network to improve resolution response performance
by caching previously obtained query results.
• Poisoning attacks on a single DNS server can affect the users serviced directly by
the compromised server or those serviced indirectly by its downstream
server(s) if applicable.
• To perform a cache poisoning attack, the attacker exploits flaws in the DNS
software. Server should correctly validate DNS responses to ensure that they are
from an authoritative source (for example by using DNSSEC). Otherwise the
server might end up caching the incorrect entries locally and serve them to
other users that make the same request.