Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Awareness Chapter 3 Internet Security. Security Awareness, 3 rd Edition2 Objectives After completing this chapter, you should be able to do the.

Published byEaster Preston Modified over 9 years ago

Similar presentations

Presentation on theme: "Security Awareness Chapter 3 Internet Security. Security Awareness, 3 rd Edition2 Objectives After completing this chapter, you should be able to do the."— Presentation transcript:

1 Security Awareness Chapter 3 Internet Security

2 Security Awareness, 3 rd Edition2 Objectives After completing this chapter, you should be able to do the following: Explain how the World Wide Web and e-mail work List the different types of Internet attacks Explain the defenses used to repel Internet attacks

3 How the Internet Works Internet –Worldwide set of interconnected computers, servers, and networks –Not owned or regulated by any organization or government entity –Computers loosely cooperate to make the Internet a global information resource Security Awareness, 3 rd Edition3

4 The World Wide Web World Wide Web (WWW) –Better known as the Web –Internet server computers that provide online information in a specific format Hypertext Markup Language (HTML) –Allows Web authors to combine text, graphic images, audio, video, and hyperlinks Web browser –Displays the words, pictures, and other elements on a user’s screen Security Awareness, 3 rd Edition4

5 The World Wide Web (cont’d.) Figure 3-1 How a browser displays HTML code Security Awareness, 3 rd Edition5 Course Technology/Cengage Learning

6 The World Wide Web (cont’d.) Hypertext Transport Protocol (HTTP) –Standards or protocols used by Web servers to distribute HTML documents –Transmission Control Protocol/Internet Protocol (TCP/IP) Port number –Identifies the program or service that is being requested –Port 80 Standard port for HTTP transmissions Security Awareness, 3 rd Edition6

7 The World Wide Web (cont’d.) Transfer-and-store process –Entire document is transferred and then stored on the local computer before the browser displays it –Creates opportunities for sending different types of malicious code to the user’s computer Security Awareness, 3 rd Edition7

8 The World Wide Web (cont’d.) Figure 3-2 HTML document sent to browser Security Awareness, 3 rd Edition8 Course Technology/Cengage Learning

9 E-Mail Number of e-mail messages sent each day to be over 210 billion –More than 2 million every second Simple Mail Transfer Protocol (SMTP) –Handles outgoing mail Post Office Protocol (POP or POP3) –Responsible for incoming mail Example of how e-mail works Security Awareness, 3 rd Edition9

10 E-Mail (cont’d.) Figure 3-3 E-mail transport Security Awareness, 3 rd Edition10 Course Technology/Cengage Learning

11 E-Mail (cont’d.) IMAP (Internet Mail Access Protocol, or IMAP4) –More advanced mail protocol E-mail attachments –Documents that are connected to an e-mail message –Encoded in a special format –Sent as a single transmission along with the e-mail message itself Security Awareness, 3 rd Edition11

12 Internet Attacks Variety of different attacks –Downloaded browser code –Privacy attacks –Attacks initiated while surfing to Web sites –Attacks through e-mail Security Awareness, 3 rd Edition12

13 Downloaded Browser Code JavaScript –Scripting language Similar to a computer programming language that is typically ‘‘interpreted’’ into a language the computer can understand –Embedded in HTML document –Executed by browser –Defense mechanisms are intended to prevent JavaScript programs from causing serious harm –Can capture and send user information without the user’s knowledge or authorization Security Awareness, 3 rd Edition13

14 Downloaded Browser Code (cont’d.) Figure 3-4 JavaScript Security Awareness, 3 rd Edition14 Course Technology/Cengage Learning

15 Downloaded Browser Code (cont’d.) Java –complete programming language Java applet –Can perform interactive animations, immediate calculations, or other simple tasks very quickly –Sandbox –Unsigned or signed Security Awareness, 3 rd Edition15

16 Downloaded Browser Code (cont’d.) Figure 3-5 Java applet Security Awareness, 3 rd Edition16 Course Technology/Cengage Learning

17 Downloaded Browser Code (cont’d.) ActiveX –Set of rules for how applications under the Windows operating system should share information –Do not run in a sandbox –Microsoft developed a registration system poses a number of security concerns –Not all ActiveX programs run in browser Security Awareness, 3 rd Edition17

18 Privacy Attacks Cookies –User-specific information file created by server –Stored on local computer –First-party cookie –Third-party cookie –Cannot contain a virus or steal personal information stored on a hard drive –Can pose a privacy risk Security Awareness, 3 rd Edition18

19 Privacy Attacks (cont’d.) Adware –Software that delivers advertising content –Unexpected and unwanted by the user –Can be a privacy risk Tracking function Popup –Small Web browser window –Appears over the Web site that is being viewed Security Awareness, 3 rd Edition19

20 Attacks while Surfing Attacks on users can occur while pointing the browser to a site or just viewing a site Redirecting Web traffic –Mistake when typing Web address –Attackers can exploit a misaddressed Web name by registering the names of similar-sounding Web sites Security Awareness, 3 rd Edition20

21 Attacks while Surfing (cont’d.) Table 3-1 Typical errors in entering Web addresses Security Awareness, 3 rd Edition21 Course Technology/Cengage Learning

22 Attacks while Surfing (cont’d.) Drive-by downloads –Can be initiated by simply visiting a Web site –Spreading at an alarming pace –Attackers identify well-known Web site –Inject malicious content –Zero-pixel IFrame Virtually invisible to the naked eye Security Awareness, 3 rd Edition22

23 E-Mail Attacks Spam –Unsolicited e-mail –90 percent of all e-mails sent can be defined as spam –Lucrative business Spam filters –Look for specific words and block the e-mail Image spam –Uses graphical images of text in order to circumvent text-based filters Security Awareness, 3 rd Edition23

24 E-Mail Attacks (cont’d.) Other techniques to circumvent spam filters –GIF layering –Word splitting –Geometric variance Malicious attachments –E-mail-distributed viruses –Replicate by sending themselves in an e-mail message to all of the contacts in an e-mail address book Security Awareness, 3 rd Edition24

25 E-Mail Attacks (cont’d.) Embedded hyperlinks –Clicking on the link will open the Web browser and take the user to a specific Web site –Trick users to be directed to the attacker’s “look alike” Web site Security Awareness, 3 rd Edition25

26 Figure 3-12 Embedded hyperlink Security Awareness, 3 rd Edition26 Course Technology/Cengage Learning

27 Internet Defenses Several types –Security application programs –Configuring browser settings –Using general good practices Security Awareness, 3 rd Edition27

28 Defenses Through Applications Popup blocker –Separate program or a feature incorporated within a browser –Users can select the level of blocking Spam filter –Can be implemented on the user’s local computer and at corporate or Internet Service Provider level Security Awareness, 3 rd Edition28

29 Defenses Through Applications (cont’d.) Spam filter (cont’d.) –E-mail client spam blocking features Level of spam e-mail protection Blocked senders (blacklist) Allowed senders (whitelist) Blocked top level domain list –Bayesian filtering User divides e-mail messages into spam or not-spam Assigns each word a probability of being spam –Corporate spam filter Works with the receiving e-mail server Security Awareness, 3 rd Edition29

30 Defenses Through Applications (cont’d.) Figure 3-16 Spam filter on SMTP server Security Awareness, 3 rd Edition30 Course Technology/Cengage Learning

31 Defenses Through Applications (cont’d.) E-mail security settings –Configured through the e-mail client application Read messages using a reading pane Block external content Preview attachments Use an e-mail postmark Security Awareness, 3 rd Edition31

32 Defenses Through Browser Settings Browsers allow the user to customize security and privacy settings IE Web browser defense categories: –Advanced security settings Do not save encrypted pages to disk Empty Temporary Internet Files folder when browser is closed Warn if changing between secure and not secure mode Security Awareness, 3 rd Edition32

33 Defenses Through Browser Settings (cont’d.) IE Web browser defense categories (cont’d.): –Security zones Set customized security for these zones Assign specific Web sites to a zone –Restricting cookies Use privacy levels in IE Security Awareness, 3 rd Edition33

34 Defenses Through Browser Settings (cont’d.) Table 3-3 IE Web security zones Security Awareness, 3 rd Edition34 Course Technology/Cengage Learning

35 E-mail Defenses Through Good Practices Use common-sense procedures to protect against harmful e-mail Never click an embedded hyperlink in an e-mail Be aware that e-mail is a common method for infecting computers Never automatically open an unexpected attachment Use reading panes and preview attachments Never answer an e-mail request for personal information Security Awareness, 3 rd Edition35

36 Internet Defense Summary Table 3-4 Internet defense summary Security Awareness, 3 rd Edition36 Course Technology/Cengage Learning

37 Summary Internet composition –Web servers –Web browsers Internet technologies –HTML –JavaScript –Java –ActiveX Security Awareness, 3 rd Edition37

38 Summary (cont’d.) Privacy risk –Cookies –Adware Security risk –Mistyped Web address –Drive-by downloads Email security –Spam –Attachments Security applications Security Awareness, 3 rd Edition38

Download ppt "Security Awareness Chapter 3 Internet Security. Security Awareness, 3 rd Edition2 Objectives After completing this chapter, you should be able to do the."

Similar presentations

WEB DESIGN TABLES, PAGE LAYOUT AND FORMS. Page Layout Page Layout is an important part of web design Why do you think your page layout is important?

WEB DESIGN TABLES, PAGE LAYOUT AND FORMS. Page Layout Page Layout is an important part of web design Why do you think your page layout is important?
4.01 How Web Pages Work.

4.01 How Web Pages Work.
COMPUTER BASICS METC 106. The Internet Global group of interconnected networks Originated in 1969 – Department of Defense ARPANet Only text, no graphics.

COMPUTER BASICS METC 106. The Internet Global group of interconnected networks Originated in 1969 – Department of Defense ARPANet Only text, no graphics.
1 Chapter 12 Working With Access 2000 on the Internet.

1 Chapter 12 Working With Access 2000 on the Internet.
XP Browser and E-mail Basics1. XP Browser and E-mail Basics2 Learn about Web browser software and Web pages The Web is a collection of files that reside.

XP Browser and Basics1. XP Browser and Basics2 Learn about Web browser software and Web pages The Web is a collection of files that reside.
CIS101 Introduction to Computing Week 05. Agenda Your questions Exam next week - Excel Introduction to the Internet & HTML Online HTML Resources Using.

CIS101 Introduction to Computing Week 05. Agenda Your questions Exam next week - Excel Introduction to the Internet & HTML Online HTML Resources Using.
The Internet Useful Definitions and Concepts About the Internet.

The Internet Useful Definitions and Concepts About the Internet.
INTERNET DATABASE Chapter 9. u Basics of Internet, Web, HTTP, HTML, URLs. u Advantages and disadvantages of Web as a database platform. u Approaches for.

INTERNET DATABASE Chapter 9. u Basics of Internet, Web, HTTP, HTML, URLs. u Advantages and disadvantages of Web as a database platform. u Approaches for.
CIS101 Introduction to Computing Week 05. Agenda Your questions CIS101 Survey Introduction to the Internet & HTML Online HTML Resources Using the HTML.

CIS101 Introduction to Computing Week 05. Agenda Your questions CIS101 Survey Introduction to the Internet & HTML Online HTML Resources Using the HTML.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 3 Internet Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 3 Internet Security.
Introduction to HTML 2004 CIS101. What is the Internet? Global network of computers that are connected and communicate via a series of Protocols Protocols.

Introduction to HTML 2004 CIS101. What is the Internet? Global network of computers that are connected and communicate via a series of Protocols Protocols.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
COMPUTER TERMS PART 1. COOKIE A cookie is a small amount of data generated by a website and saved by your web browser. Its purpose is to remember information.

COMPUTER TERMS PART 1. COOKIE A cookie is a small amount of data generated by a website and saved by your web browser. Its purpose is to remember information.
CIS101 Introduction to Computing Week 06. Agenda Your questions Excel Exam during second hour Our status after the snow day Introduction to the Internet.

CIS101 Introduction to Computing Week 06. Agenda Your questions Excel Exam during second hour Our status after the snow day Introduction to the Internet.
WEB DESIGNING Prof. Jesse A. Role Ph. D TM UEAB 2010.

WEB DESIGNING Prof. Jesse A. Role Ph. D TM UEAB 2010.
11 SECURING INTERNET MESSAGING Chapter 9. Chapter 9: SECURING INTERNET MESSAGING2 CHAPTER OBJECTIVES  Explain basic concepts of Internet messaging. 

11 SECURING INTERNET MESSAGING Chapter 9. Chapter 9: SECURING INTERNET MESSAGING2 CHAPTER OBJECTIVES  Explain basic concepts of Internet messaging. 
Internet Services -World Wide Web -E-mail -Conferencing and Newsgroups -File Transfer & Updating -Chat/Instant Messaging.

Internet Services -World Wide Web - -Conferencing and Newsgroups -File Transfer & Updating -Chat/Instant Messaging.
INTRODUCTION TO WEB DATABASE PROGRAMMING

INTRODUCTION TO WEB DATABASE PROGRAMMING
Computer Concepts 2014 Chapter 7 The Web and E-mail.

Computer Concepts 2014 Chapter 7 The Web and .
Computer Networking From LANs to WANs: Hardware, Software, and Security Chapter 12 Electronic Mail.

Computer Networking From LANs to WANs: Hardware, Software, and Security Chapter 12 Electronic Mail.

Similar presentations

Ads by Google