Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 3 Internet Security.

Slides:



Advertisements
Similar presentations
Enabling Secure Internet Access with ISA Server
Advertisements

Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.
Basic Communication on the Internet:
How the Internet Works Course Objectives Introduce the various web browsers Introduce some new terms Explain the basic Internet to PC hookup  ISP  Wired.
COMPUTER BASICS METC 106. The Internet Global group of interconnected networks Originated in 1969 – Department of Defense ARPANet Only text, no graphics.
Packet Analyzers, a Threat to Network Security. Agenda Introduction The background of packet analyzers LAN technologies & network protocols Communication.
The Internet Useful Definitions and Concepts About the Internet.
Web Server Administration
INTERNET DATABASE Chapter 9. u Basics of Internet, Web, HTTP, HTML, URLs. u Advantages and disadvantages of Web as a database platform. u Approaches for.
Internet…issues Managing the Internet
Security+ Guide to Network Security Fundamentals, Third Edition
Mobile Code and Worms By Mitun Sinha Pandurang Kamat 04/16/2003.
Computer Security and Penetration Testing
Practical PC, 7 th Edition Chapter 9: Sending and Attachments.
Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.
11 SECURING INTERNET MESSAGING Chapter 9. Chapter 9: SECURING INTERNET MESSAGING2 CHAPTER OBJECTIVES  Explain basic concepts of Internet messaging. 
INTRODUCTION TO WEB DATABASE PROGRAMMING
Computer Concepts 2014 Chapter 7 The Web and .
Data Security.
Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.
OCR Nationals – Unit 1 AO2 (Part 2) – s. Overview of AO2 (Part 2) To select and use tools and facilities to download files/information and to send.
Computer Networking From LANs to WANs: Hardware, Software, and Security Chapter 12 Electronic Mail.
Chapter 6: Web Security Security+ Guide to Network Security Fundamentals Second Edition.
Security Awareness Chapter 3 Internet Security. Security Awareness, 3 rd Edition2 Objectives After completing this chapter, you should be able to do the.
Syllabus outcomes Describes and applies problem-solving processes when creating solutions Designs, produces and evaluates appropriate solutions.
A form of communication in which electronic messages are created and transferred between two or more devices connected to a network.
Chapter 16 The World Wide Web Chapter Goals Compare and contrast the Internet and the World Wide Web Describe general Web processing Describe several.
DATA COMMUNICATION DONE BY: ALVIN SAMPATH CARLVIN SAMPATH.
Masud Hasan Secue VS Hushmail Project 2.
The Internet in Education Objectives Introduction Overview –The World Wide Web –Web Page v. Web Site v. Portal Unique and Compelling Characteristics Navigation.
Networks and Security Monday, 10 th Week. Types of Attacks/Security Issues  Viruses  Worms  Macro Virus  Virus  Trojan Horse  Phishing 
Lecture#2 on Internet and World Wide Web. Internet Applications Electronic Mail ( ) Electronic Mail ( ) Domain mail server collects incoming mail.
Web Browser Security Prepared By Mohammed EL-Batta Mohammed Soubih Supervised By Eng. Eman alajrami Explain Date 10. may University of Palestine.
Windows Vista Security Center Chapter 5(WV): Protecting Your Computer 9/17/20151Instructor: Shilpa Phanse.
Postacademic Interuniversity Course in Information Technology – Module C1p1 Contents Data Communications Applications –File & print serving –Mail –Domain.
Web Security Chapter 6. Learning Objectives Understand SSL/TLS protocols and their implementation on the Internet Understand HTTPS protocol as it relates.
COMPREHENSIVE Windows Tutorial 5 Protecting Your Computer.
3-Protecting Systems Dr. John P. Abraham Professor UTPA.
The Internet 8th Edition Tutorial 2 Basic Communication on the Internet: .
Security Awareness: Applying Practical Security in Your World Chapter 4: Chapter 4: Internet Security.
Microsoft Internet Explorer and the Internet Using Microsoft Explorer 5.
IT internet security. The Internet The Internet - a physical collection of many networks worldwide which is referred to in two ways: The internet (lowercase.
The Internet TexPREP Summer Camp Computer Science.
Chapter 18 Technology in the Workplace Section 18.2 Internet Basics.
CSCE 201 Web Browser Security Fall CSCE Farkas2 Web Evolution Web Evolution Past: Human usage – HTTP – Static Web pages (HTML) Current: Human.
.  At least one in ten web pages are booby-trapped with malware  Just viewing an infected Web page installs malware on your computer, if your operating.
Protecting Students on the School Computer Network Enfield High School.
Chapter 9 Sending and Attachments. 2Practical PC 5 th Edition Chapter 9 Getting Started In this Chapter, you will learn: − How works − How.
CSCE 201 Security Fall CSCE Farkas2 Electronic Mail Most heavily used network-based application – Over 210 billion per day Used across.
CHAPTER 7 THE INTERNET AND INTRANETS 1/11. What is the Internet? 2/11 Large computer network ARPANET (Dept of Defense) It is international and growing.
INTERNET PROTOCOLS. Microsoft’s Internet Information Server Home Page Figure IT2031 UNIT-3.
Security fundamentals Topic 9 Securing internet messaging.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Security Awareness Chapter 3 Internet Security. O BJECTIVES After completing this chapter, you should be able to do the following:  Explain how the World.
The Internet, Fourth Edition-- Illustrated 1 The Internet – Illustrated Introductory, Fourth Edition Unit B Understanding Browser Basics.
Microsoft Office 2008 for Mac – Illustrated Unit D: Getting Started with Safari.
Windows Vista Configuration MCTS : Internet Explorer 7.0.
(class #2) CLICK TO CONTINUE done by T Batchelor.
Windows Tutorial 5 Protecting Your Computer
BASIC CONCEPTS ON INTERNET &
TMG Client Protection 6NPS – Session 7.
Section A: Web Technology
Instructor Materials Chapter 5 Providing Network Services
IT Security  .
Browsing and Searching the Web
HISTORY OF COMPUTERS AND TECHNOLOGY
TexPREP Summer Camp Computer Science
INTERNET.
Amit Kulkarni February 17, 2004
Windows Vista Inside Out
Presentation transcript:

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 3 Internet Security

Security Awareness: Applying Practical Security in Your World, 2e 2 Objectives Explain how the World Wide Web and work List the types of Web and attacks Describe how to set Web defenses using a browser Identify the type of defenses that can be implemented in order to protect

Security Awareness: Applying Practical Security in Your World, 2e 3 How the Internet Works World Wide Web (WWW) –Composed of Internet server computers that provide online information HTML –Allows Web authors to combine the following into a single document Text, graphic images, audio, video, and hyperlinks

Security Awareness: Applying Practical Security in Your World, 2e 4

5 How the Internet Works (continued) Hypertext Transport Protocol (HTTP) –Subset of Transmission Control Protocol/Internet Protocol (TCP/IP) Port numbers –Identify what program or service on the receiving computer is being requested

Security Awareness: Applying Practical Security in Your World, 2e 6

7 Simple Mail Transfer Protocol (SMTP) –Handles outgoing mail –Server “listens” for requests on port 25 Post Office Protocol (POP3) –Responsible for incoming mail –POP3 “listens” on port 110

Security Awareness: Applying Practical Security in Your World, 2e 8

9 (continued) IMAP (Internet Mail Access Protocol, or IMAP4) –More advanced mail protocol – remains on server and is not sent to user’s local computer –Mail can be organized into folders on the mail server and read from any computer attachments –Documents in a binary (nontext) format

Security Awareness: Applying Practical Security in Your World, 2e 10

Security Awareness: Applying Practical Security in Your World, 2e 11 Internet Attacks Repurposed Programming –Using programming tools in ways more harmful than originally intended JavaScript –Used to make dynamic content –Based on the Java programming language –Special program code embedded into HTML document –Virtual Machine Java interpreter that is used within the Web browser to execute code

Security Awareness: Applying Practical Security in Your World, 2e 12

Security Awareness: Applying Practical Security in Your World, 2e 13 Repurposed Programming JavaScript programs –Can capture and send user information without user’s knowledge or authorization Java applet –Stored on Web server –Downloaded onto user’s computer along with HTML code –Can perform interactive animations or immediate calculations

Security Awareness: Applying Practical Security in Your World, 2e 14

Security Awareness: Applying Practical Security in Your World, 2e 15 Java Applet Sandbox –Defense against hostile Java applet Unsigned Java applet –Program that does not come from a trusted source Signed Java applet –Has digital signature that proves program is from a trusted source and has not been altered

Security Awareness: Applying Practical Security in Your World, 2e 16 Active X Set of technologies developed by Microsoft Set of rules for how programs should share information Security concerns –User’s decision to allow installation of an ActiveX control is based on the source of the ActiveX control –A control is registered only once per computer –Nearly all ActiveX control security mechanisms are set in Internet Explorer

Security Awareness: Applying Practical Security in Your World, 2e 17 Cookies Small text files stored on user’s hard disk by a Web server Contain user-specific information Rules of HTTP –Make it impossible for Web site to track whether a user has previously visited that site

Security Awareness: Applying Practical Security in Your World, 2e 18 Cookies (continued) Cannot contain viruses or steal personal information Only contains information that can be used by a Web server Can pose a security risk First-party cookie –Created from the Web site that a user is currently viewing

Security Awareness: Applying Practical Security in Your World, 2e 19 Trojan Horse Malicious program disguised as a legitimate program Executable programs that perform an action when file is opened May disguise itself by using a valid filename and extension

Security Awareness: Applying Practical Security in Your World, 2e 20 Redirecting Web Traffic Typical mistakes users make when typing Web address –Misspelling address –Omitting the dot –Omitting a word –Using inappropriate punctuation Hackers can –Exploit a misaddressed Web name –Steal information from unsuspecting users through social engineering

Security Awareness: Applying Practical Security in Your World, 2e 21 Search Engine Scanning Search engines –Important tools for locating information on the Internet Attackers –Use same search tools to assess security of Web servers before launching an attack

Security Awareness: Applying Practical Security in Your World, 2e 22

Security Awareness: Applying Practical Security in Your World, 2e 23 Attacks attachments –Preferred method of distributing viruses and worms -distributed viruses –Use social engineering to trick recipients into opening document If file attached to message contains a virus –It is often launched when file attachment is opened

Security Awareness: Applying Practical Security in Your World, 2e 24 Spam Unsolicited Reduces work productivity Spammers –Can overwhelm users with offers to buy merchandise or trick them into giving money away U.S. Congress passed an anti-spam law in late 2003 –Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM)

Security Awareness: Applying Practical Security in Your World, 2e 25

Security Awareness: Applying Practical Security in Your World, 2e 26

Security Awareness: Applying Practical Security in Your World, 2e 27

Security Awareness: Applying Practical Security in Your World, 2e 28 Web Defenses through Browser Settings IE settings that should be turned on –Do not save encrypted pages to disk –Empty Temporary Internet Files folder when browser is closed –Warn if changing between secure and not secure mode

Security Awareness: Applying Practical Security in Your World, 2e 29

Security Awareness: Applying Practical Security in Your World, 2e 30

Security Awareness: Applying Practical Security in Your World, 2e 31

Security Awareness: Applying Practical Security in Your World, 2e 32 Security Zones Internet –Contains Web sites that have not been placed in any other zone Local Intranet –Web pages from an organization’s internal Web site can be added to this zone

Security Awareness: Applying Practical Security in Your World, 2e 33 Security Zones (continued) Trusted Sites –Web sites that are trusted not to pose any harm to a computer can be placed here Restricted Sites –Web site considered to be potentially harmful can be placed here

Security Awareness: Applying Practical Security in Your World, 2e 34

Security Awareness: Applying Practical Security in Your World, 2e 35 Restricting Cookies Privacy levels –Block All Cookies –High –Medium High –Medium –Low –Accept All Cookies

Security Awareness: Applying Practical Security in Your World, 2e 36

Security Awareness: Applying Practical Security in Your World, 2e 37 Defenses Technology-based defenses –Level of junk protection –Blocked senders –Blocked top level domain list

Security Awareness: Applying Practical Security in Your World, 2e 38

Security Awareness: Applying Practical Security in Your World, 2e 39

Security Awareness: Applying Practical Security in Your World, 2e 40 Technology-Based Defenses Whitelist –Names/addresses of those individuals from whom an message will be accepted Bayesian filtering –Used by sophisticated filters

Security Awareness: Applying Practical Security in Your World, 2e 41

Security Awareness: Applying Practical Security in Your World, 2e 42 Procedures Questions you should ask when you receive an e- mail with an attachment –Is the from someone that you know? –Have you received from this sender before? –Were you expecting an attachment from this sender?

Security Awareness: Applying Practical Security in Your World, 2e 43 Summary World Wide Web (WWW) –Composed of Internet server computers that provide online information in a specific format systems –Can use two TCP/IP protocols to send and receive messages Repurposed programming –Using programming tools in ways more harmful than for what they were intended

Security Awareness: Applying Practical Security in Your World, 2e 44 Summary (continued) Cookie –Computer file that contains user-specific information Spam, or unsolicited –Has negative effect on work productivity –May be potentially dangerous Properly configuring security settings on Web browser –First line of defense against an Internet attack