Security Awareness Chapter 3 Internet Security. O BJECTIVES After completing this chapter, you should be able to do the following:  Explain how the World.

Slides:

Advertisements

Similar presentations

WEB DESIGN TABLES, PAGE LAYOUT AND FORMS. Page Layout Page Layout is an important part of web design Why do you think your page layout is important?

Advertisements

4.01 How Web Pages Work.

COMPUTER BASICS METC 106. The Internet Global group of interconnected networks Originated in 1969 – Department of Defense ARPANet Only text, no graphics.

1 Chapter 12 Working With Access 2000 on the Internet.

XP Browser and Basics1. XP Browser and Basics2 Learn about Web browser software and Web pages The Web is a collection of files that reside.

CIS101 Introduction to Computing Week 05. Agenda Your questions Exam next week - Excel Introduction to the Internet & HTML Online HTML Resources Using.

The Internet Useful Definitions and Concepts About the Internet.

INTERNET DATABASE Chapter 9. u Basics of Internet, Web, HTTP, HTML, URLs. u Advantages and disadvantages of Web as a database platform. u Approaches for.

CIS101 Introduction to Computing Week 05. Agenda Your questions CIS101 Survey Introduction to the Internet & HTML Online HTML Resources Using the HTML.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 3 Internet Security.

Introduction to HTML 2006 CIS101. What is the Internet? Global network of computers that are connected and communicate via a series of Protocols Protocols.

Introduction to HTML 2006 INT197B. What is the Internet? Global network of computers that are connected and communicate via a series of Protocols Protocols.

Introduction to HTML 2004 CIS101. What is the Internet? Global network of computers that are connected and communicate via a series of Protocols Protocols.

Computer Security and Penetration Testing

COMPUTER TERMS PART 1. COOKIE A cookie is a small amount of data generated by a website and saved by your web browser. Its purpose is to remember information.

CIS101 Introduction to Computing Week 06. Agenda Your questions Excel Exam during second hour Our status after the snow day Introduction to the Internet.

WEB DESIGNING Prof. Jesse A. Role Ph. D TM UEAB 2010.

Web Design Terms and Concepts Ms. Scales. Q. What is a Server? A. A server is a computer that stores information many people can access. It runs special.

11 SECURING INTERNET MESSAGING Chapter 9. Chapter 9: SECURING INTERNET MESSAGING2 CHAPTER OBJECTIVES  Explain basic concepts of Internet messaging. 

Internet Services -World Wide Web - -Conferencing and Newsgroups -File Transfer & Updating -Chat/Instant Messaging.

INTRODUCTION TO WEB DATABASE PROGRAMMING

Computer Concepts 2014 Chapter 7 The Web and .

Copyright © cs-tutorial.com. Introduction to Web Development In 1990 and 1991,Tim Berners-Lee created the World Wide Web at the European Laboratory for.

Computer Networking From LANs to WANs: Hardware, Software, and Security Chapter 12 Electronic Mail.

Chapter 6: Web Security Security+ Guide to Network Security Fundamentals Second Edition.

Security Awareness Chapter 3 Internet Security. Security Awareness, 3 rd Edition2 Objectives After completing this chapter, you should be able to do the.

A form of communication in which electronic messages are created and transferred between two or more devices connected to a network.

Chapter 16 The World Wide Web Chapter Goals Compare and contrast the Internet and the World Wide Web Describe general Web processing Describe several.

DATA COMMUNICATION DONE BY: ALVIN SAMPATH CARLVIN SAMPATH.

Lesson 2 — The Internet and the World Wide Web

The Internet in Education Objectives Introduction Overview –The World Wide Web –Web Page v. Web Site v. Portal Unique and Compelling Characteristics Navigation.

Lecture#2 on Internet and World Wide Web. Internet Applications Electronic Mail ( ) Electronic Mail ( ) Domain mail server collects incoming mail.

1 Chapter 2 & Chapter 4 §Browsers. 2 Terms §Software §Program §Application.

Web Browser Security Prepared By Mohammed EL-Batta Mohammed Soubih Supervised By Eng. Eman alajrami Explain Date 10. may University of Palestine.

Web Security Chapter 6. Learning Objectives Understand SSL/TLS protocols and their implementation on the Internet Understand HTTPS protocol as it relates.

3-Protecting Systems Dr. John P. Abraham Professor UTPA.

The Internet 8th Edition Tutorial 2 Basic Communication on the Internet: .

Chapter 4 Networking and the Internet. © 2005 Pearson Addison-Wesley. All rights reserved 4-2 Chapter 4: Networking and the Internet 4.1 Network Fundamentals.

Security Awareness: Applying Practical Security in Your World Chapter 4: Chapter 4: Internet Security.

Microsoft Internet Explorer and the Internet Using Microsoft Explorer 5.

Web Programming : Building Internet Applications Chris Bates CSE :

XP New Perspectives on The Internet, Sixth Edition— Comprehensive Tutorial 1 1 Browser Basics Introduction to the Web and Web Browser Software Tutorial.

CSCE 201 Web Browser Security Fall CSCE Farkas2 Web Evolution Web Evolution Past: Human usage – HTTP – Static Web pages (HTML) Current: Human.

.  At least one in ten web pages are booby-trapped with malware  Just viewing an infected Web page installs malware on your computer, if your operating.

Chapter 8 Browsing and Searching the Web. 2Practical PC 5 th Edition Chapter 8 Getting Started In this Chapter, you will learn: − What is a Web page −

Application Layer Khondaker Abdullah-Al-Mamun Lecturer, CSE Instructor, CNAP AUST.

Chapter 9 Sending and Attachments. 2Practical PC 5 th Edition Chapter 9 Getting Started In this Chapter, you will learn: − How works − How.

ECEN “Internet Protocols and Modeling”, Spring 2012 Course Materials: Papers, Reference Texts: Bertsekas/Gallager, Stuber, Stallings, etc Class.

How the Web Works Building a Website – Lesson 1. How People Access the Web Browsers People access websites using software called a web browser. To view.

CSCE 201 Security Fall CSCE Farkas2 Electronic Mail Most heavily used network-based application – Over 210 billion per day Used across.

Chapter 29 World Wide Web & Browsing World Wide Web (WWW) is a distributed hypermedia (hypertext & graphics) on-line repository of information that users.

27.1 Chapter 27 WWW and HTTP Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

Internet Applications (Cont’d) Basic Internet Applications – World Wide Web (WWW) Browser Architecture Static Documents Dynamic Documents Active Documents.

The Internet, Fourth Edition-- Illustrated 1 The Internet – Illustrated Introductory, Fourth Edition Unit B Understanding Browser Basics.

Lesson 10—Networking BASICS1 Networking BASICS The Internet and Its Tools Unit 3 Lesson 10.

Microsoft Office 2008 for Mac – Illustrated Unit D: Getting Started with Safari.

A SSIGNMENT #3 Com tech. ANSL HTML Hypertext Markup Language, a standardized system for tagging text files to achieve font, color, graphic, and hyperlink.

The Internet Salihu Ibrahim Dasuki (PhD) CSC102 INTRODUCTION TO COMPUTER SCIENCE.

Windows Vista Configuration MCTS : Internet Explorer 7.0.

Tutorial 1 Getting Started with Adobe Dreamweaver CS5.

(class #2) CLICK TO CONTINUE done by T Batchelor.

1 Chapter 1 INTRODUCTION TO WEB. 2 Objectives In this chapter, you will: Become familiar with the architecture of the World Wide Web Learn about communication.

Section A: Web Technology

SMTP SMTP stands for Simple Mail Transfer Protocol. SMTP is used when is delivered from an client, such as Outlook Express, to an server.

Instructor Materials Chapter 5 Providing Network Services

Chapter 8 Browsing and Searching the Web

WWW and HTTP King Fahd University of Petroleum & Minerals

SMTP SMTP stands for Simple Mail Transfer Protocol. SMTP is used when is delivered from an client, such as Outlook Express, to an server.

Browsing and Searching the Web

Chapter 27 WWW and HTTP.

Presentation transcript:

Security Awareness Chapter 3 Internet Security

O BJECTIVES After completing this chapter, you should be able to do the following:  Explain how the World Wide Web and work  List the different types of Internet attacks  Explain the defenses used to repel Internet attacks S ECURITY A WARENESS, 3 RD E DITION 2

H OW THE I NTERNET W ORKS  Internet  Worldwide set of interconnected computers, servers, and networks  Not owned or regulated by any organization or government entity  Computers loosely cooperate to make the Internet a global information resource S ECURITY A WARENESS, 3 RD E DITION 3

T HE W ORLD W IDE W EB  World Wide Web (WWW)  Better known as the Web  Internet server computers that provide online information in a specific format  Hypertext Markup Language (HTML)  Allows Web authors to combine text, graphic images, audio, video, and hyperlinks  Web browser  Displays the words, pictures, and other elements on a user’s screen S ECURITY A WARENESS, 3 RD E DITION 4

T HE W ORLD W IDE W EB ( CONT ’ D.) Figure 3-1 How a browser displays HTML code S ECURITY A WARENESS, 3 RD E DITION 5 Course Technology/Cengage Learning

T HE W ORLD W IDE W EB ( CONT ’ D.)  Hypertext Transport Protocol (HTTP)  Standards or protocols used by Web servers to distribute HTML documents  Transmission Control Protocol/Internet Protocol (TCP/IP)  Port number  Identifies the program or service that is being requested  Port 80 Standard port for HTTP transmissions S ECURITY A WARENESS, 3 RD E DITION 6

T HE W ORLD W IDE W EB ( CONT ’ D.)  Transfer-and-store process  Entire document is transferred and then stored on the local computer before the browser displays it  Creates opportunities for sending different types of malicious code to the user’s computer S ECURITY A WARENESS, 3 RD E DITION 7

T HE W ORLD W IDE W EB ( CONT ’ D.) Figure 3-2 HTML document sent to browser S ECURITY A WARENESS, 3 RD E DITION 8 Course Technology/Cengage Learning

E-M AIL  Number of messages sent each day to be over 210 billion  More than 2 million every second  Simple Mail Transfer Protocol (SMTP)  Handles outgoing mail  Post Office Protocol (POP or POP3)  Responsible for incoming mail  Example of how works S ECURITY A WARENESS, 3 RD E DITION 9

E-M AIL ( CONT ’ D.) Figure 3-3 transport S ECURITY A WARENESS, 3 RD E DITION 10 Course Technology/Cengage Learning

E-M AIL ( CONT ’ D.)  IMAP (Internet Mail Access Protocol, or IMAP4)  More advanced mail protocol  attachments  Documents that are connected to an message  Encoded in a special format  Sent as a single transmission along with the e- mail message itself S ECURITY A WARENESS, 3 RD E DITION 11

I NTERNET A TTACKS  Variety of different attacks  Downloaded browser code  Privacy attacks  Attacks initiated while surfing to Web sites  Attacks through S ECURITY A WARENESS, 3 RD E DITION 12

D OWNLOADED B ROWSER C ODE  JavaScript  Scripting language Similar to a computer programming language that is typically ‘‘interpreted’’ into a language the computer can understand  Embedded in HTML document  Executed by browser  Defense mechanisms are intended to prevent JavaScript programs from causing serious harm  Can capture and send user information without the user’s knowledge or authorization S ECURITY A WARENESS, 3 RD E DITION 13

D OWNLOADED B ROWSER C ODE ( CONT ’ D.) Figure 3-4 JavaScript S ECURITY A WARENESS, 3 RD E DITION 14 Course Technology/Cengage Learning

D OWNLOADED B ROWSER C ODE ( CONT ’ D.)  Java  complete programming language  Java applet  Can perform interactive animations, immediate calculations, or other simple tasks very quickly  Sandbox  Unsigned or signed S ECURITY A WARENESS, 3 RD E DITION 15

D OWNLOADED B ROWSER C ODE ( CONT ’ D.) Figure 3-5 Java applet S ECURITY A WARENESS, 3 RD E DITION 16 Course Technology/Cengage Learning

D OWNLOADED B ROWSER C ODE ( CONT ’ D.)  ActiveX  Set of rules for how applications under the Windows operating system should share information  Do not run in a sandbox  Microsoft developed a registration system poses a number of security concerns  Not all ActiveX programs run in browser S ECURITY A WARENESS, 3 RD E DITION 17

P RIVACY A TTACKS  Cookies  User-specific information file created by server  Stored on local computer  First-party cookie  Third-party cookie  Cannot contain a virus or steal personal information stored on a hard drive  Can pose a privacy risk S ECURITY A WARENESS, 3 RD E DITION 18

P RIVACY A TTACKS ( CONT ’ D.)  Adware  Software that delivers advertising content  Unexpected and unwanted by the user  Can be a privacy risk Tracking function  Popup  Small Web browser window  Appears over the Web site that is being viewed S ECURITY A WARENESS, 3 RD E DITION 19

A TTACKS WHILE S URFING  Attacks on users can occur while pointing the browser to a site or just viewing a site  Redirecting Web traffic  Mistake when typing Web address  Attackers can exploit a misaddressed Web name by registering the names of similar-sounding Web sites S ECURITY A WARENESS, 3 RD E DITION 20

A TTACKS WHILE S URFING ( CONT ’ D.) Table 3-1 Typical errors in entering Web addresses S ECURITY A WARENESS, 3 RD E DITION 21 Course Technology/Cengage Learning

A TTACKS WHILE S URFING ( CONT ’ D.)  Drive-by downloads  Can be initiated by simply visiting a Web site  Spreading at an alarming pace  Attackers identify well-known Web site  Inject malicious content  Zero-pixel IFrame Virtually invisible to the naked eye S ECURITY A WARENESS, 3 RD E DITION 22

E-M AIL A TTACKS  Spam  Unsolicited  90 percent of all s sent can be defined as spam  Lucrative business  Spam filters  Look for specific words and block the  Image spam  Uses graphical images of text in order to circumvent text- based filters S ECURITY A WARENESS, 3 RD E DITION 23

E-M AIL A TTACKS ( CONT ’ D.)  Other techniques to circumvent spam filters  GIF layering  Word splitting  Geometric variance  Malicious attachments  -distributed viruses  Replicate by sending themselves in an message to all of the contacts in an address book S ECURITY A WARENESS, 3 RD E DITION 24

E-M AIL A TTACKS ( CONT ’ D.)  Embedded hyperlinks  Clicking on the link will open the Web browser and take the user to a specific Web site  Trick users to be directed to the attacker’s “look alike” Web site S ECURITY A WARENESS, 3 RD E DITION 25

Figure 3-12 Embedded hyperlink S ECURITY A WARENESS, 3 RD E DITION 26 Course Technology/Cengage Learning

I NTERNET D EFENSES  Several types  Security application programs  Configuring browser settings  Using general good practices S ECURITY A WARENESS, 3 RD E DITION 27

D EFENSES T HROUGH A PPLICATIONS  Popup blocker  Separate program or a feature incorporated within a browser  Users can select the level of blocking  Spam filter  Can be implemented on the user’s local computer and at corporate or Internet Service Provider level S ECURITY A WARENESS, 3 RD E DITION 28

D EFENSES T HROUGH A PPLICATIONS ( CONT ’ D.)  Spam filter (cont’d.)  client spam blocking features Level of spam protection Blocked senders (blacklist) Allowed senders (whitelist) Blocked top level domain list  Bayesian filtering User divides messages into spam or not-spam Assigns each word a probability of being spam  Corporate spam filter Works with the receiving server S ECURITY A WARENESS, 3 RD E DITION 29

D EFENSES T HROUGH A PPLICATIONS ( CONT ’ D.) Figure 3-16 Spam filter on SMTP server S ECURITY A WARENESS, 3 RD E DITION 30 Course Technology/Cengage Learning

D EFENSES T HROUGH A PPLICATIONS ( CONT ’ D.)  security settings  Configured through the client application Read messages using a reading pane Block external content Preview attachments Use an postmark S ECURITY A WARENESS, 3 RD E DITION 31

D EFENSES T HROUGH B ROWSER S ETTINGS  Browsers allow the user to customize security and privacy settings  IE Web browser defense categories:  Advanced security settings Do not save encrypted pages to disk Empty Temporary Internet Files folder when browser is closed Warn if changing between secure and not secure mode S ECURITY A WARENESS, 3 RD E DITION 32

D EFENSES T HROUGH B ROWSER S ETTINGS ( CONT ’ D.)  IE Web browser defense categories (cont’d.):  Security zones Set customized security for these zones Assign specific Web sites to a zone  Restricting cookies Use privacy levels in IE S ECURITY A WARENESS, 3 RD E DITION 33

D EFENSES T HROUGH B ROWSER S ETTINGS ( CONT ’ D.) Table 3-3 IE Web security zones S ECURITY A WARENESS, 3 RD E DITION 34 Course Technology/Cengage Learning

E- MAIL D EFENSES T HROUGH G OOD P RACTICES  Use common-sense procedures to protect against harmful  Never click an embedded hyperlink in an  Be aware that is a common method for infecting computers  Never automatically open an unexpected attachment  Use reading panes and preview attachments  Never answer an request for personal information S ECURITY A WARENESS, 3 RD E DITION 35

I NTERNET D EFENSE S UMMARY Table 3-4 Internet defense summary S ECURITY A WARENESS, 3 RD E DITION 36 Course Technology/Cengage Learning

S UMMARY  Internet composition  Web servers  Web browsers  Internet technologies  HTML  JavaScript  Java  ActiveX S ECURITY A WARENESS, 3 RD E DITION 37

S UMMARY ( CONT ’ D.)  Privacy risk  Cookies  Adware  Security risk  Mistyped Web address  Drive-by downloads  security  Spam  Attachments  Security applications S ECURITY A WARENESS, 3 RD E DITION 38