Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture 22: Internet Security Intro to IT COSC1078 Introduction to Information Technology Lecture 22 Internet Security James Harland

Similar presentations


Presentation on theme: "Lecture 22: Internet Security Intro to IT COSC1078 Introduction to Information Technology Lecture 22 Internet Security James Harland"— Presentation transcript:

1 Lecture 22: Internet Security Intro to IT COSC1078 Introduction to Information Technology Lecture 22 Internet Security James Harland james.harland@rmit.edu.au

2 Lecture 20: InternetIntro to IT Introduction to IT 1 Introduction 2 Images 3 Audio 4 Video 5 Binary Representation WebTest 1, Assignment 1 6 Data Storage 7 Machine Processing 8 Review WebLearn Test 2 9 Processes Assignment 2 10 Internet 11 Internet Security WebLearn Test 3 12 Future of ITAssignment 3, Peer and Self Assessment

3 Lecture 21: Internet SecurityIntro to IT Overview  Questions?  Mock Exam  Assignment 3  Peer and Self Assessment  Internet Security  Questions?

4 Lecture 6: AudioIntro to IT Mock Exam  Date and time to be confirmed  Bring your own paper, pens, etc.  No calculators allowed  Answers will be available from me when you leave Schedule (times to be confirmed):  (assuming room available 10.00-12.30)  10.00 Access to room  10.15 Reading time commences  10.30 Writing time commences  12.30 Exam concludes

5 Lecture 21: Internet SecurityIntro to IT Assignment 3 Review (re-) answer What is IT? questions from Tutorial 1 Identify difficult parts of the course Suggest new questions Include favourites from Assignments 1 and 2 Reflect Answer reflection questions from tutorials Research Write about a particular IT topic of your choice (5-6 paragraphs)

6 Lecture 21: Internet SecurityIntro to IT Internet Security password patch spam fire wall virus war driving key logger proxy wormphishing Trojan horse

7 Security vs access  It is always a trade-off (a balance between two competing forces)  More security means less access  More access means less security  Redundancy can be either fatal or vital  Nothing is perfect!

8 Freedom vs security  `Everything which is not forbidden is allowed’ -- Principle of English Law  `Everything which is not allowed is forbidden’ -- Common security principle  `Anything not mandatory is forbidden’ -- “military policy”  `Anything not forbidden is compulsory’ (??) — T.H. White (The Once and Future King)

9 Lecture 7: Internet SecurityIntro to IT Passwords  Should be:  Long (8 characters or more)  Not obvious or from a dictionary  Contain capitals, numerals and non- alphanumeric characters (!&^*$@.,’[]{}? …)  Recorded securely somewhere  Transmitted in encrypted form only  Older programs such as FTP, Telnet transmit this in plaintext …

10 Lecture 7: Internet SecurityIntro to IT Firewalls  Device which limits internet connections  Limit network uses to only approved ones  Prevent malicious software reporting information  Prevent outside attacks  May need to have ports opened to allow applications to work  Only work on applications, not on content

11 Lecture 7: Internet SecurityIntro to IT Proxy servers  All internet traffic routed via proxy server  Acts as an internet gateway  Once proxy is secure, so is network  Can filter content  Can cache content  Often used with a firewall in a corporate environment

12 Lecture 7: Internet SecurityIntro to IT Wardriving  Driving around to find a vulnerable wireless signal  Find a wireless connection that doesn’t require a password (so add one to yours if you haven’t!)  Attack systems that use a default admin login name and password (change yours!)  Snoop on transmissions which are not encrypted (encrypt yours!)  Using a MAC address whitelist means only specified devices can connect to your router

13 Lecture 7: Internet SecurityIntro to IT Viruses,Worms,Trojans  Virus: self-replicating program that attaches itself to files and is spread when they are transferred  Worm: self-replicating program that pro- actively spreads itself  Trojan horse: a program that appears legitimate but is in fact malicious

14 Lecture 7: Internet SecurityIntro to IT Malware and Spyware  Malicious software:  Hidden mail server  Key logging (to capture passwords)  Enable machine takeover  Direct traffic to particular web sites  Analyse behaviour  Act as a proxy  …

15 Lecture 7: Internet SecurityIntro to IT Denial of service  Prevent network from working normally  Flood a server with ‘invalid’ inputs  Use a network of compromised machines to generate an overwhelming number of requests (Conficker?)  Such zombie machines can form a botnet, which then attack a particular server

16 Lecture 7: Internet SecurityIntro to IT Tricking the user  Users are often the weakest link in security  Email attachments containing trojan horses  ‘Phishing’  Malicious web pages  Malicious documents (macros in spreadsheets)  Account stealing (via key logging)  Scams (‘I have $10 million to import’, ‘You have just won the lottery’, …)

17 Lecture 7: Internet SecurityIntro to IT Protecting your system  Keep up to date with patches (Windows update, Software update)  Use a firewall  Use anti-virus software and keep it up to date  Use anti-spyware tools  Filter email for spam and suspicious messages  Be aware of ‘fake alerts’

18 Lecture 7: Internet SecurityIntro to IT Stuxnet?  Windows-based worm  Discovered in July, 2010  Designed to attack a very specific industrial plant  Assumes plant operator would use a Windows laptop to reprogram plant machinery  Not clear who was behind it …  Look at the video

19 Lecture 21: Internet SecurityIntro to IT Conclusion  Work on Assignment 3  Check your software defenses!


Download ppt "Lecture 22: Internet Security Intro to IT COSC1078 Introduction to Information Technology Lecture 22 Internet Security James Harland"

Similar presentations


Ads by Google