Download presentation
Presentation is loading. Please wait.
1
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 3 Internet Security
2
Security Awareness: Applying Practical Security in Your World, 2e 2 Objectives Explain how the World Wide Web and e-mail work List the types of Web and e-mail attacks Describe how to set Web defenses using a browser Identify the type of defenses that can be implemented in order to protect e-mail
3
Security Awareness: Applying Practical Security in Your World, 2e 3 How the Internet Works World Wide Web (WWW) –Composed of Internet server computers that provide online information HTML –Allows Web authors to combine the following into a single document Text, graphic images, audio, video, and hyperlinks
4
Security Awareness: Applying Practical Security in Your World, 2e 4
5
5 How the Internet Works (continued) Hypertext Transport Protocol (HTTP) –Subset of Transmission Control Protocol/Internet Protocol (TCP/IP) Port numbers –Identify what program or service on the receiving computer is being requested
6
Security Awareness: Applying Practical Security in Your World, 2e 6
7
7 E-Mail Simple Mail Transfer Protocol (SMTP) –Handles outgoing mail –Server “listens” for requests on port 25 Post Office Protocol (POP3) –Responsible for incoming mail –POP3 “listens” on port 110
8
Security Awareness: Applying Practical Security in Your World, 2e 8
9
9 E-Mail (continued) IMAP (Internet Mail Access Protocol, or IMAP4) –More advanced mail protocol –E-mail remains on e-mail server and is not sent to user’s local computer –Mail can be organized into folders on the mail server and read from any computer E-mail attachments –Documents in a binary (nontext) format
10
Security Awareness: Applying Practical Security in Your World, 2e 10
11
Security Awareness: Applying Practical Security in Your World, 2e 11 Internet Attacks Repurposed Programming –Using programming tools in ways more harmful than originally intended JavaScript –Used to make dynamic content –Based on the Java programming language –Special program code embedded into HTML document –Virtual Machine Java interpreter that is used within the Web browser to execute code
12
Security Awareness: Applying Practical Security in Your World, 2e 12
13
Security Awareness: Applying Practical Security in Your World, 2e 13 Repurposed Programming JavaScript programs –Can capture and send user information without user’s knowledge or authorization Java applet –Stored on Web server –Downloaded onto user’s computer along with HTML code –Can perform interactive animations or immediate calculations
14
Security Awareness: Applying Practical Security in Your World, 2e 14
15
Security Awareness: Applying Practical Security in Your World, 2e 15 Java Applet Sandbox –Defense against hostile Java applet Unsigned Java applet –Program that does not come from a trusted source Signed Java applet –Has digital signature that proves program is from a trusted source and has not been altered
16
Security Awareness: Applying Practical Security in Your World, 2e 16 Active X Set of technologies developed by Microsoft Set of rules for how programs should share information Security concerns –User’s decision to allow installation of an ActiveX control is based on the source of the ActiveX control –A control is registered only once per computer –Nearly all ActiveX control security mechanisms are set in Internet Explorer
17
Security Awareness: Applying Practical Security in Your World, 2e 17 Cookies Small text files stored on user’s hard disk by a Web server Contain user-specific information Rules of HTTP –Make it impossible for Web site to track whether a user has previously visited that site
18
Security Awareness: Applying Practical Security in Your World, 2e 18 Cookies (continued) Cannot contain viruses or steal personal information Only contains information that can be used by a Web server Can pose a security risk First-party cookie –Created from the Web site that a user is currently viewing
19
Security Awareness: Applying Practical Security in Your World, 2e 19 Trojan Horse Malicious program disguised as a legitimate program Executable programs that perform an action when file is opened May disguise itself by using a valid filename and extension
20
Security Awareness: Applying Practical Security in Your World, 2e 20 Redirecting Web Traffic Typical mistakes users make when typing Web address –Misspelling address –Omitting the dot –Omitting a word –Using inappropriate punctuation Hackers can –Exploit a misaddressed Web name –Steal information from unsuspecting users through social engineering
21
Security Awareness: Applying Practical Security in Your World, 2e 21 Search Engine Scanning Search engines –Important tools for locating information on the Internet Attackers –Use same search tools to assess security of Web servers before launching an attack
22
Security Awareness: Applying Practical Security in Your World, 2e 22
23
Security Awareness: Applying Practical Security in Your World, 2e 23 E-mail Attacks E-mail attachments –Preferred method of distributing viruses and worms E-mail-distributed viruses –Use social engineering to trick recipients into opening document If file attached to e-mail message contains a virus –It is often launched when file attachment is opened
24
Security Awareness: Applying Practical Security in Your World, 2e 24 Spam Unsolicited e-mail Reduces work productivity Spammers –Can overwhelm users with offers to buy merchandise or trick them into giving money away U.S. Congress passed an anti-spam law in late 2003 –Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM)
25
Security Awareness: Applying Practical Security in Your World, 2e 25
26
Security Awareness: Applying Practical Security in Your World, 2e 26
27
Security Awareness: Applying Practical Security in Your World, 2e 27
28
Security Awareness: Applying Practical Security in Your World, 2e 28 Web Defenses through Browser Settings IE settings that should be turned on –Do not save encrypted pages to disk –Empty Temporary Internet Files folder when browser is closed –Warn if changing between secure and not secure mode
29
Security Awareness: Applying Practical Security in Your World, 2e 29
30
Security Awareness: Applying Practical Security in Your World, 2e 30
31
Security Awareness: Applying Practical Security in Your World, 2e 31
32
Security Awareness: Applying Practical Security in Your World, 2e 32 Security Zones Internet –Contains Web sites that have not been placed in any other zone Local Intranet –Web pages from an organization’s internal Web site can be added to this zone
33
Security Awareness: Applying Practical Security in Your World, 2e 33 Security Zones (continued) Trusted Sites –Web sites that are trusted not to pose any harm to a computer can be placed here Restricted Sites –Web site considered to be potentially harmful can be placed here
34
Security Awareness: Applying Practical Security in Your World, 2e 34
35
Security Awareness: Applying Practical Security in Your World, 2e 35 Restricting Cookies Privacy levels –Block All Cookies –High –Medium High –Medium –Low –Accept All Cookies
36
Security Awareness: Applying Practical Security in Your World, 2e 36
37
Security Awareness: Applying Practical Security in Your World, 2e 37 E-Mail Defenses Technology-based defenses –Level of junk e-mail protection –Blocked senders –Blocked top level domain list
38
Security Awareness: Applying Practical Security in Your World, 2e 38
39
Security Awareness: Applying Practical Security in Your World, 2e 39
40
Security Awareness: Applying Practical Security in Your World, 2e 40 Technology-Based Defenses Whitelist –Names/addresses of those individuals from whom an e-mail message will be accepted Bayesian filtering –Used by sophisticated e-mail filters
41
Security Awareness: Applying Practical Security in Your World, 2e 41
42
Security Awareness: Applying Practical Security in Your World, 2e 42 Procedures Questions you should ask when you receive an e- mail with an attachment –Is the e-mail from someone that you know? –Have you received e-mail from this sender before? –Were you expecting an attachment from this sender?
43
Security Awareness: Applying Practical Security in Your World, 2e 43 Summary World Wide Web (WWW) –Composed of Internet server computers that provide online information in a specific format E-mail systems –Can use two TCP/IP protocols to send and receive messages Repurposed programming –Using programming tools in ways more harmful than for what they were intended
44
Security Awareness: Applying Practical Security in Your World, 2e 44 Summary (continued) Cookie –Computer file that contains user-specific information Spam, or unsolicited e-mail –Has negative effect on work productivity –May be potentially dangerous Properly configuring security settings on Web browser –First line of defense against an Internet attack
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.