Security Awareness      Chapter 3  Internet Security
Objectives                 After completing this chapter, you                 should be able to do the following:         ...
How the Internet Works   • Internet         – Worldwide set of           interconnected           computers, servers, and ...
The World Wide Web  • World Wide Web (WWW)     – Better known as the Web     – Internet server computers that provide onli...
The World Wide Web                 (cont’d.)                                  Figure 3-1 How a browser displays HTML      ...
The World Wide Web                 (cont’d.)                 • Hypertext Transport Protocol (HTTP)                    – St...
The World Wide Web                 (cont’d.)                 • Transfer-and-store process                    – Entire docu...
The World Wide Web                   (cont’d.)Figure 3-2 HTML document sent to browserCourse Technology/Cengage Learning  ...
E-Mail                • Number of e-mail messages sent each day to be                  over 210 billion                   ...
E-Mail (cont’d.)                                  Figure 3-3 E-mail transport                  Course Technology/Cengage L...
E-Mail (cont’d.)       • IMAP (Internet Mail Access Protocol, or         IMAP4)          – More advanced mail protocol    ...
Internet Attacks      • Variety of different attacks           – Downloaded browser code           – Privacy attacks      ...
Downloaded Browser Code        •   JavaScript             – Scripting language                • Similar to a computer prog...
Downloaded Browser Code                 (cont’d.)                                  Figure 3-4                             ...
Downloaded Browser Code                 (cont’d.)          • Java                – complete programming language          ...
Downloaded Browser Code                 (cont’d.)                                       Figure 3-5 Java                   ...
Downloaded Browser Code          • ActiveX             – Set of rules for how               applications under the        ...
Privacy Attacks      • Cookies         – User-specific information file created by           server         – Stored on lo...
Privacy Attacks (cont’d.)          • Adware             – Software that delivers advertising content             – Unexpec...
Attacks while Surfing      • Attacks on users can occur while        pointing the browser to a site or just        viewing...
Attacks while Surfing                 (cont’d.)                           Table 3-1 Typical errors in enteringSecurity Awa...
Attacks while Surfing                 (cont’d.)                 • Drive-by downloads                       – Can be initia...
E-Mail Attacks             • Spam                  – Unsolicited e-mail                  – 90 percent of all e-           ...
E-Mail Attacks (cont’d.)               • Other techniques to circumvent spam filters                 – GIF layering       ...
E-Mail Attacks (cont’d.)            • Embedded hyperlinks                  – Clicking on the link will open the Web       ...
Figure 3-12 Embedded hyperlink                Course Technology/Cengage LearningSecurity Awareness, 3rd Edition           ...
Internet Defenses                  • Several types                        – Security application programs                 ...
Defenses Through                 Applications                 • Popup blocker                    – Separate program or a f...
Walrus Break
Defenses Through           Applications (cont’d.)• Spam filter (cont’d.)     – E-mail client spam blocking features       ...
Defenses Through                 Applications (cont’d.)                                  Figure 3-16 Spam filter on SMTP s...
Defenses Through                 Applications (cont’d.)                 • E-mail security settings                       –...
Defenses Through Browser                 Settings                 • Browsers allow the user to                   customize...
Defenses Through Browser                 Settings (cont’d.)           • IE Web browser defense categories (cont’d.):      ...
Defenses Through Browser                 Settings (cont’d.)                                  Table 3-3 IE Web security zon...
E-mail Defenses Through                 Good Practices                 • Use common-sense procedures to protect           ...
Internet Defense Summary                                     Table 3-4 Internet defense                                   ...
Summary                 • Internet composition                       – Web servers                       – Web browsers   ...
Summary (cont’d.)           • Privacy risk              – Cookies              – Adware           • Security risk         ...
Walrus Risk• Walrus Risk – They may look cute, but  walruses are dangerous. They can poke  your eyes out with their tusks!
Upcoming SlideShare
Loading in …5
×

Internet security

458 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
458
On SlideShare
0
From Embeds
0
Number of Embeds
5
Actions
Shares
0
Downloads
11
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Internet security

  1. 1. Security Awareness Chapter 3 Internet Security
  2. 2. Objectives After completing this chapter, you should be able to do the following: •Explain how the World Wide Web and e-mail work •List the different types of Internet attacks •Explain the defenses used to repel Internet attacksSecurity Awareness, 3rd Edition 2
  3. 3. How the Internet Works • Internet – Worldwide set of interconnected computers, servers, and networks – Not owned or regulated by any organization or government entity – Computers loosely cooperate to make the Internet a global information resource Security Awareness, 3rd Edition 3
  4. 4. The World Wide Web • World Wide Web (WWW) – Better known as the Web – Internet server computers that provide online information in a specific format • Hypertext Markup Language (HTML) – Allows Web authors to combine text, graphic images, audio, video, and hyperlinks • Web browser – Displays the words, pictures, and other elements on a user’s screen Security Awareness, 3rd Edition 4
  5. 5. The World Wide Web (cont’d.) Figure 3-1 How a browser displays HTML codeSecurity Awareness, 3rd Edition 5
  6. 6. The World Wide Web (cont’d.) • Hypertext Transport Protocol (HTTP) – Standards or protocols used by Web servers to distribute HTML documents – Transmission Control Protocol/Internet Protocol (TCP/IP) • Port number – Identifies the program or service that is being requested – Port 80 • Standard port for HTTP transmissionsSecurity Awareness, 3rd Edition 6
  7. 7. The World Wide Web (cont’d.) • Transfer-and-store process – Entire document is transferred and then stored on the local computer before the browser displays it – Creates opportunities for sending different types of malicious code to the user’s computerSecurity Awareness, 3rd Edition 7
  8. 8. The World Wide Web (cont’d.)Figure 3-2 HTML document sent to browserCourse Technology/Cengage Learning Security Awareness, 3rd Edition 8
  9. 9. E-Mail • Number of e-mail messages sent each day to be over 210 billion – More than 2 million every second • Simple Mail Transfer Protocol (SMTP) – Handles outgoing mail • Post Office Protocol (POP or POP3) – Responsible for incoming mail • Example of how e-mail works Security Awareness, 3rd Edition 9
  10. 10. E-Mail (cont’d.) Figure 3-3 E-mail transport Course Technology/Cengage LearningSecurity Awareness, 3rd Edition 10
  11. 11. E-Mail (cont’d.) • IMAP (Internet Mail Access Protocol, or IMAP4) – More advanced mail protocol • E-mail attachments – Documents that are connected to an e-mail message – Encoded in a special format – Sent as a single transmission along with the e-mail message itself Security Awareness, 3rd Edition 11
  12. 12. Internet Attacks • Variety of different attacks – Downloaded browser code – Privacy attacks – Attacks initiated while surfing to Web sites – Attacks through e-mail – ABW (Attacks By Walrus) Security Awareness, 3rd Edition 12
  13. 13. Downloaded Browser Code • JavaScript – Scripting language • Similar to a computer programming language that is typically ‘‘interpreted’’ into a language the computer can understand – Embedded in HTML document – Executed by browser – Defense mechanisms are intended to prevent JavaScript programs from causing serious harm – Can capture and send user information without the user’s knowledge or authorization Security Awareness, 3rd Edition 13
  14. 14. Downloaded Browser Code (cont’d.) Figure 3-4 JavaScriptSecurity Awareness, 3rd Edition 14
  15. 15. Downloaded Browser Code (cont’d.) • Java – complete programming language • Java applet – Can perform interactive animations, immediate calculations, or other simple tasks very quickly – Unsigned or signedSecurity Awareness, 3rd Edition 15
  16. 16. Downloaded Browser Code (cont’d.) Figure 3-5 Java applet Course Technology/Cengage LearningSecurity Awareness, 3rd Edition 16
  17. 17. Downloaded Browser Code • ActiveX – Set of rules for how applications under the Windows operating system should share information – Microsoft developed a registration system poses a number of security concerns – Not all ActiveX programs run in browser Security Awareness, 3rd Edition 17
  18. 18. Privacy Attacks • Cookies – User-specific information file created by server – Stored on local computer – First-party cookie – Third-party cookie – Cannot contain a virus or steal personal information stored on a hard drive – Can pose a privacy risk Security Awareness, 3rd Edition 18
  19. 19. Privacy Attacks (cont’d.) • Adware – Software that delivers advertising content – Unexpected and unwanted by the user – Can be a privacy risk • Tracking function • Popup – Small Web browser window – Appears over the Web site that is being viewed Security Awareness, 3rd Edition 19
  20. 20. Attacks while Surfing • Attacks on users can occur while pointing the browser to a site or just viewing a site • Redirecting Web traffic – Mistake when typing Web address – Attackers can exploit a misaddressed Web name by registering the names of similar-sounding Web sites Security Awareness, 3rd Edition 20
  21. 21. Attacks while Surfing (cont’d.) Table 3-1 Typical errors in enteringSecurity Awareness, 3rd EditionWeb addresses 21
  22. 22. Attacks while Surfing (cont’d.) • Drive-by downloads – Can be initiated by simply visiting a Web site – Spreading at an alarming pace – Attackers identify well-known Web site – Inject malicious content – Zero-pixel IFrame • Virtually invisible to the naked eyeSecurity Awareness, 3rd Edition 22
  23. 23. E-Mail Attacks • Spam – Unsolicited e-mail – 90 percent of all e- mails sent can be defined as spam – Lucrative business • Spam filters – Look for specific words and block the e-mail • Image spam – Uses graphical images of text in order to circumvent text-based Security Awareness, filters rd 3 Edition 23
  24. 24. E-Mail Attacks (cont’d.) • Other techniques to circumvent spam filters – GIF layering – Word splitting – Geometric variance • Malicious attachments – E-mail-distributed viruses – Replicate by sending themselves in an e-mail message to all of the contacts in an e-mail address book Security Awareness, 3rd Edition 24
  25. 25. E-Mail Attacks (cont’d.) • Embedded hyperlinks – Clicking on the link will open the Web browser and take the user to a specific Web site – Trick users to be directed to the attacker’s “look alike” Web site Security Awareness, 3rd Edition 25
  26. 26. Figure 3-12 Embedded hyperlink Course Technology/Cengage LearningSecurity Awareness, 3rd Edition 26
  27. 27. Internet Defenses • Several types – Security application programs – Configuring browser settings – Using general good practicesSecurity Awareness, 3rd Edition 27
  28. 28. Defenses Through Applications • Popup blocker – Separate program or a feature incorporated within a browser – Users can select the level of blocking • Spam filter – Can be implemented on the user’s local computer and at corporate or Internet Service Provider levelSecurity Awareness, 3rd Edition 28
  29. 29. Walrus Break
  30. 30. Defenses Through Applications (cont’d.)• Spam filter (cont’d.) – E-mail client spam blocking features • Level of spam e-mail protection • Blocked senders (blacklist) • Allowed senders (whitelist) • Blocked top level domain list – Bayesian filtering • User divides e-mail messages into spam or not- spam • Assigns each word a probability of being spam – Corporate spam filterSecurity Awareness, 3 Edition 30 • Works with the receiving e-mail server rd
  31. 31. Defenses Through Applications (cont’d.) Figure 3-16 Spam filter on SMTP server Course Technology/Cengage LearningSecurity Awareness, 3rd Edition 31
  32. 32. Defenses Through Applications (cont’d.) • E-mail security settings – Configured through the e-mail client application • Read messages using a reading pane • Block external content • Preview attachments • Use an e-mail postmarkSecurity Awareness, 3rd Edition 32
  33. 33. Defenses Through Browser Settings • Browsers allow the user to customize security and privacy settings • IE Web browser defense categories: – Advanced security settings • Do not save encrypted pages to disk • Empty Temporary Internet Files folder when browser is closed • Warn if changing between secure and not secure modeSecurity Awareness, 3rd Edition 33
  34. 34. Defenses Through Browser Settings (cont’d.) • IE Web browser defense categories (cont’d.): – Security zones • Set customized security for these zones • Assign specific Web sites to a zone – Restricting cookies • Use privacy levels in IESecurity Awareness, 3rd Edition 34
  35. 35. Defenses Through Browser Settings (cont’d.) Table 3-3 IE Web security zones Course Technology/Cengage LearningSecurity Awareness, 3rd Edition 35
  36. 36. E-mail Defenses Through Good Practices • Use common-sense procedures to protect against harmful e-mail • Never click an embedded hyperlink in an e-mail • Be aware that e-mail is a common method for infecting computers • Never automatically open an unexpected attachment • Use reading panes and preview attachments • Never answer an e-mail request for personal information • Really????Security Awareness, 3rd Edition 36
  37. 37. Internet Defense Summary Table 3-4 Internet defense summary Course Technology/Cengage LearningSecurity Awareness, 3rd Edition 37
  38. 38. Summary • Internet composition – Web servers – Web browsers • Internet technologies – HTML – JavaScript – Java – ActiveXSecurity Awareness, 3rd Edition 38
  39. 39. Summary (cont’d.) • Privacy risk – Cookies – Adware • Security risk – Mistyped Web address – Drive-by downloads • Email security – Spam – Attachments • Security applicationsSecurity Awareness, 3rd Edition 39
  40. 40. Walrus Risk• Walrus Risk – They may look cute, but walruses are dangerous. They can poke your eyes out with their tusks!

×