Internet Business Foundations © 2004 ProsoftTraining All rights reserved

Lesson 7: Internet Security

Objectives Identify the three types of encryption Identify the three types of encryption Identify ways that authentication provides Web security Identify ways that authentication provides Web security Identify ways that firewalls provide Web security Identify ways that firewalls provide Web security Identify malware (malicious software) Identify malware (malicious software) Identify ways to detect and prevent virus attacks Identify ways to detect and prevent virus attacks Define spyware Define spyware Define patches and updates Define patches and updates Identify ways that screen savers provide workstation security Identify ways that screen savers provide workstation security Define list servers and listserve groups Define list servers and listserve groups Identify security-related ethical and legal issues faced by IT professionals Identify security-related ethical and legal issues faced by IT professionals

Encryption Encryption – encoding or scrambling information using specific algorithms Encryption – encoding or scrambling information using specific algorithms Three types of encryption: Three types of encryption: Symmetric-key (secret-key) encryption – the same key is used to encrypt and decrypt messagesSymmetric-key (secret-key) encryption – the same key is used to encrypt and decrypt messages Asymmetric-key (public-key) encryption – two keys are used to encrypt and decrypt messages: a public key and a private keyAsymmetric-key (public-key) encryption – two keys are used to encrypt and decrypt messages: a public key and a private key Hash (one-way) encryption – uses hashes to verify the integrity of transmitted messagesHash (one-way) encryption – uses hashes to verify the integrity of transmitted messages

Authentication User names and passwords – use to log on to private and public networks, including the Internet User names and passwords – use to log on to private and public networks, including the Internet Digital certificates – attachments to electronic transmissions that supply a verifiable signature Digital certificates – attachments to electronic transmissions that supply a verifiable signature Digital signatures – electronic signatures that verify the identity of the message senderDigital signatures – electronic signatures that verify the identity of the message sender Non-repudiation – digital signatures prove that a transaction or transmission took place; neither the sender nor the receiver can later deny the action Non-repudiation – digital signatures prove that a transaction or transmission took place; neither the sender nor the receiver can later deny the action

Firewalls Firewall – a collection of hardware, software and corporate policies that prevents unauthorized access to or from private networks Firewall – a collection of hardware, software and corporate policies that prevents unauthorized access to or from private networks Use firewalls to: Use firewalls to: Prevent unauthorized Internet users from accessing private networksPrevent unauthorized Internet users from accessing private networks Retain control of proprietary informationRetain control of proprietary information Prevent unauthorized export of proprietary informationPrevent unauthorized export of proprietary information Firewalls may prevent access to external providers or external servers Firewalls may prevent access to external providers or external servers

Malware (Malicious Software) Virus – damages computers and networks, often alters files to damage or destroy data Virus – damages computers and networks, often alters files to damage or destroy data Worm – resides in active memory and replicates itself until an entire disk is full Worm – resides in active memory and replicates itself until an entire disk is full Trojan horse – appears to be harmless (such as a computer game) but produces harmful results Trojan horse – appears to be harmless (such as a computer game) but produces harmful results Illicit server – installs hidden services on systems Illicit server – installs hidden services on systems Client code – allows remote access to a computer by an attackerClient code – allows remote access to a computer by an attacker Server code – infects destination computer and enables the attacker to control itServer code – infects destination computer and enables the attacker to control it

Virus Detection and Prevention Corporate IT departments are often the first line of defense against viruses Corporate IT departments are often the first line of defense against viruses Common ways to contract viruses: Common ways to contract viruses: Receive infected disk from colleague or friendReceive infected disk from colleague or friend Download infected fileDownload infected file Download illicit server attachmentDownload illicit server attachment Copy to your hard disk a document infected with a macro virusCopy to your hard disk a document infected with a macro virus

Virus Detection and Prevention (cont’d) Common ways to protect against viruses: Common ways to protect against viruses: Do not open or attachments from unknown sendersDo not open or attachments from unknown senders Configure browser and security to highest levelsConfigure browser and security to highest levels Use antivirus softwareUse antivirus software Keep antivirus software currentKeep antivirus software current Stay informed about the latest virus threatsStay informed about the latest virus threats Make backup copies of important filesMake backup copies of important files

Virus Detection and Prevention (cont’d) If you receive an attachment you do not recognize: If you receive an attachment you do not recognize: Do not open the attachmentDo not open the attachment Contact the sender to determine whether the attachment is legitimateContact the sender to determine whether the attachment is legitimate If you cannot contact the sender, delete the attachment from the messageIf you cannot contact the sender, delete the attachment from the message Delete the attachment from the Deleted Items folderDelete the attachment from the Deleted Items folder

Virus Detection and Prevention (cont’d) If you suspect a virus attack: If you suspect a virus attack: Use antivirus software to remove the virusUse antivirus software to remove the virus If you cannot launch antivirus software, reboot from a known clean system disk, then launch the antivirus softwareIf you cannot launch antivirus software, reboot from a known clean system disk, then launch the antivirus software Remove virus from all disks, files and programsRemove virus from all disks, files and programs If damage is too extensive, reformat hard disk, restore data and reinstall programs (last resort only)If damage is too extensive, reformat hard disk, restore data and reinstall programs (last resort only)

Spyware Spyware – an application secretly placed on a user’s system to covertly gather information and relay it to outside parties, usually for advertising purposes Spyware – an application secretly placed on a user’s system to covertly gather information and relay it to outside parties, usually for advertising purposes Also known as adware Also known as adware Cookies are not spyware because: Cookies are not spyware because: The user is aware of their presenceThe user is aware of their presence The user has the option to disable outside access to cookie informationThe user has the option to disable outside access to cookie information Use spyware detection applications to detect and eliminate spyware Use spyware detection applications to detect and eliminate spyware

Updates and Patches Update – a software upgrade that permanently fixes known bugs and improves software performance Update – a software upgrade that permanently fixes known bugs and improves software performance Patch – a temporary bug fix Patch – a temporary bug fix Virus update – files of virus signature profiles you use to keep your antivirus software current Virus update – files of virus signature profiles you use to keep your antivirus software current

Screen Savers Screen saver – a utility program that displays images or animation on your monitor when your computer is idle Screen saver – a utility program that displays images or animation on your monitor when your computer is idle Use to hide your work while you are away from your desk Use to hide your work while you are away from your desk Specify screen saver and amount of time computer is idle before screen saver displays Specify screen saver and amount of time computer is idle before screen saver displays

List Servers and Listserve Groups List server – collects and distributes information to and from listserve groups List server – collects and distributes information to and from listserve groups List servers: List servers: LISTSERV ( ( Majordomo ( ( Lyris ( ( Listserve group – Participants who subscribe to a mailing list through a list server Listserve group – Participants who subscribe to a mailing list through a list server Mailing list Web sites (not list servers): Mailing list Web sites (not list servers): Topica (lists.topica.com)Topica (lists.topica.com) Yahoo! Groups ( Groups (

Security-Related Ethical and Legal Issues Privacy concerns: Privacy concerns: Your computer activities are no longer privateYour computer activities are no longer private You may receive malware and spamYou may receive malware and spam Organizations may monitor employee and restrict access to Internet sitesOrganizations may monitor employee and restrict access to Internet sites Network administrators may audit the contents of employee hard drivesNetwork administrators may audit the contents of employee hard drives Use home computer for personal communications and Internet searches Use home computer for personal communications and Internet searches

Security-Related Ethical and Legal Issues (cont’d) Copyright issues: Copyright issues: Copyright laws extend to works of authorship on the InternetCopyright laws extend to works of authorship on the Internet There is no international copyrightThere is no international copyright You must obtain copyrights from the appropriate agency in your home countryYou must obtain copyrights from the appropriate agency in your home country Court cases have set precedents that copyright-protected material cannot be used or distributed on the Internet without permissionCourt cases have set precedents that copyright-protected material cannot be used or distributed on the Internet without permission

Security-Related Ethical and Legal Issues (cont’d) Licensing: Licensing: To license copyright-protected material, you must obtain permission from the authorTo license copyright-protected material, you must obtain permission from the author Trademarks: Trademarks: To register a trademark, you must contact the appropriate agency in your home countryTo register a trademark, you must contact the appropriate agency in your home country Encryption policies: Encryption policies: Determine the risk of transmitting or ing unencrypted proprietary or sensitive dataDetermine the risk of transmitting or ing unencrypted proprietary or sensitive data