Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Awareness: Applying Practical Security in Your World Chapter 4: Chapter 4: Internet Security.

Published byMiranda Gregory Modified over 9 years ago

Similar presentations

Presentation on theme: "Security Awareness: Applying Practical Security in Your World Chapter 4: Chapter 4: Internet Security."— Presentation transcript:

1 Security Awareness: Applying Practical Security in Your World Chapter 4: Chapter 4: Internet Security

2 Security Awareness: Applying Practical Security in Your World 2 Objectives List the risks associated with using the World Wide Web, and describe the preventive measures that can be used to minimize Web attacks. List the vulnerabilities associated with using e- mail, and explain procedures and technologies that can be used to protect e-mail.

3 Security Awareness: Applying Practical Security in Your World 3 Internet Security The Internet has changed the way we live and work in a very short amount of time. There is a dark side to the Internet; it has opened the door to attacks on any computer connected to it. There are methods to minimize the risks of using the Internet and e-mail.

4 Security Awareness: Applying Practical Security in Your World 4 The World Wide Web Internet  Worldwide interconnection of computers World Wide Web (WWW)  Internet server computers that provide online information in a specified format Hypertext Markup Language (HTML)  Specifies how a browser should display elements on a user’s screen (See Figure 4-1) Hypertext Transport Protocol (HTTP)  Set of standards that Web servers use to distribute HTML documents (See Figure 4-2)

5 Security Awareness: Applying Practical Security in Your World 5 The World Wide Web (continued)

6 Security Awareness: Applying Practical Security in Your World 6 The World Wide Web (continued)

7 Security Awareness: Applying Practical Security in Your World 7 Repurposed Programming Repurposed programming  Using programming tools in harmful ways other than what they were originally intended to do Static content  Information that does not change Dynamic content  Content that can change Tools that can be used for repurposed programming: JavaScript Java Applets ActiveX Controls

8 Security Awareness: Applying Practical Security in Your World 8 Web Attacks Web attack  An attack launched against a computer through the Web Broadband connections  A type of Internet connection that allows users to connect at much faster speeds than older dial-up technologies Result: More attacks against home computers Three categories of attacks: Repurposed programming Snooping Redirected Web traffic

9 Security Awareness: Applying Practical Security in Your World 9 JavaScript JavaScript  Special program code embedded in an HTML document Web site using JavaScript accessed  HTML document downloaded  JavaScript code executed by the browser (See Figure 4-3) Some browsers have security weaknesses

10 Security Awareness: Applying Practical Security in Your World 10 JavaScript (continued)

11 Security Awareness: Applying Practical Security in Your World 11 Java Applet Java applet  A program downloaded from the Web server separately from the HTML document Stored on the Web server and downloaded along with the HTML code when the page is accessed (See Figure 4-4) Processes user’s requests on the local computer rather than transmitting back to the Web server

12 Security Awareness: Applying Practical Security in Your World 12 Java Applet (continued) “Security sandbox” Unsigned Java applets  Untrusted source (See Figure 4-5) Signed Java applets  Digital signature proving trusted source

13 Security Awareness: Applying Practical Security in Your World 13 Java Applet (continued)

14 Security Awareness: Applying Practical Security in Your World 14 Java Applet (continued)

15 Security Awareness: Applying Practical Security in Your World 15 ActiveX Controls ActiveX controls  An advanced technology that allows software components to interact with different applications Two risks: Macros ActiveX security relies on human judgment Digital signatures Users may routinely grant permission for any ActiveX program to run

16 Security Awareness: Applying Practical Security in Your World 16 Snooping One of dynamic contents strengths is its ability to receive input from the user and perform actions based on it (See Figure 4-6) Providing information to a Web site carries risk Internet transmissions are not normally encrypted Information entered can be viewed by unauthorized users Types of snooping: Spyware Misusing Cookies

17 Security Awareness: Applying Practical Security in Your World 17 Snooping (continued)

18 Security Awareness: Applying Practical Security in Your World 18 Snooping (Continued) Cookies  A computer file that contains user- specific information Stores information given to a Web site and reuses it Can pose a security risk Hackers target cookies to retrieve sensitive information Cookies can be used to determine what Web pages you are viewing Some personal information is left on Web sites by the browser Makes tracking Internet usage easier

19 Security Awareness: Applying Practical Security in Your World 19 Redirecting Web Traffic Mistakes can be made when typing an address into a browser Usually mistakes result in error messages (See Figure 4-7) Hackers can exploit misaddressed Web names to steal information using social engineering Two approaches: Phishing Registering similar-sounding domain names

20 Security Awareness: Applying Practical Security in Your World 20 Redirecting Web Traffic (continued)

21 Security Awareness: Applying Practical Security in Your World 21 Web Security Through Browser Settings Web browser security and privacy settings can be customized Internet Options General Security Privacy Content Advanced Tab

22 Security Awareness: Applying Practical Security in Your World 22 Web Security Through Browser Settings (continued) Figure 4-9 Security Settings on the Advanced Tab

23 Security Awareness: Applying Practical Security in Your World 23 Web Security Through Browser Settings (continued) Alert the User to the Type of Transaction Warn if changing between secure and not secure mode

24 Security Awareness: Applying Practical Security in Your World 24 Web Security Through Browser Settings (continued) Hypertext Transfer Protocol over Secure Sockets Layer (HTTPS)  Encrypts and decrypts the data sent

25 Security Awareness: Applying Practical Security in Your World 25 Web Security Through Browser Settings (continued) Know What’s Happening with the Cache Do not save encrypted pages to disk Empty Temporary Internet Files when browser is closed Cache  Temporary storage area on the hard disk

26 Security Awareness: Applying Practical Security in Your World 26 Web Security Through Browser Settings (continued) Know the Options on the General Tab Temporary Internet files Delete Cookies Delete Files History

27 Security Awareness: Applying Practical Security in Your World 27 Web Security Through Browser Settings (continued) Security Zones and the Security Tab Predefined security zones: Internet Local Intranet Trusted sites Restricted sites

28 Security Awareness: Applying Practical Security in Your World 28 Web Security Through Browser Settings (continued) Security Zones and the Security Tab Security levels can be customized by clicking the Custom Level button to display the Security Settings page

29 Security Awareness: Applying Practical Security in Your World 29 Web Security Through Browser Settings (continued) Using the Privacy tab Divided into two parts: Privacy level settings Cookie handling: First-party Third-party

30 Security Awareness: Applying Practical Security in Your World 30 Web Security Through Browser Settings (continued) Placing Restrictions on the Content Page Control type of content the browser will display Content Advisor Certificates Publishers

31 Security Awareness: Applying Practical Security in Your World 31 Web Security Through Appropriate Procedures Do not accept any unsigned Java applets unless you are sure of the source Disable or restrict macros from opening or running automatically Disable ActiveX and JavaScript. Install anti-spyware and antivirus software and keep it updated

32 Security Awareness: Applying Practical Security in Your World 32 Web Security Procedures (continued) Regularly install any critical operating system updates. Block all cookies Never respond to an e-mail that asks you to click on a link to verify your personal information. Check spelling to be sure you are viewing the real site.

33 Security Awareness: Applying Practical Security in Your World 33 Web Security Procedures (continued) Turn on all security settings under the Advanced tab. Keep your cache clear of temporary files and cookies. Use the security zones feature.

34 Security Awareness: Applying Practical Security in Your World 34 E-Mail E-mail is a double-edged sword Essential for business and personal communications Primary vehicle for malicious code

35 Security Awareness: Applying Practical Security in Your World 35 Vulnerabilities of E-Mail Three major areas: Attachments Spam Spoofing

36 Security Awareness: Applying Practical Security in Your World 36 Vulnerabilities of E-Mail (continued) Attachments  Documents, spreadsheets, photographs and anything else added to an e-mail message Can open the door for viruses and worms to infect a system Malicious code can execute when the attachment is opened Code can then forward itself and continue to spread

37 Security Awareness: Applying Practical Security in Your World 37 Vulnerabilities of E-Mail (continued) Spam  Unsolicited e-mail messages Usually regarded as just a nuisance, but can contain malicious code To cut down on spam: Never reply to spam that says “Click here to unsubscribe” Set up an e-mail account to use when filling out Web forms Do not purchase items advertised through spam Ask your ISP or network manager to install spam- filtering hardware or software

38 Security Awareness: Applying Practical Security in Your World 38 Vulnerabilities of E-Mail (continued) E-mail Spoofing  A message falsely identifying the sender as someone else Sender’s address appears to be legitimate, so the recipient trusts the source and does what is asked

39 Security Awareness: Applying Practical Security in Your World 39 Solutions Technology-based solutions Antivirus software installed and regularly updated E-mail filters File extension filters Junk e-mail option Figure 4-17  Separate filtering software working in conjunction with the e-mail software

40 Security Awareness: Applying Practical Security in Your World 40 Solutions (continued) Procedure-Based Solutions Remember that e-mail is the number one method for infecting computers and treat it cautiously Approach e-mail messages from unknown senders with caution Never automatically open an attachment Do not use preview mode in your e-mail software Never answer e-mail requests for personal information

41 Security Awareness: Applying Practical Security in Your World 41 Summary Computers connected to the Internet are vulnerable to a long list of attacks, in addition to viruses, worms and other malicious code. Categories of attack are: Repurposed programming JavaScript Java applets ActiveX controls Snooping Redirected Web traffic

42 Security Awareness: Applying Practical Security in Your World 42 Summary (continued) Defending against Web attacks is a two-fold process: Configuration of browser software Customized privacy and security settings Proper procedures to minimize risk Many attacks are based on social engineering

43 Security Awareness: Applying Practical Security in Your World 43 Summary (continued) E-mail is a crucial business and personal tool, but is also a primary means of infection by viruses, worms, and other malicious code. Attachments Spam Spoofing

44 Security Awareness: Applying Practical Security in Your World 44 Summary (continued) E-mail security solutions can be broken into two categories: Technology-based Antivirus software Filters for attachments and spam Procedure-based Remember the risks and consistently follow “safe” procedures

Download ppt "Security Awareness: Applying Practical Security in Your World Chapter 4: Chapter 4: Internet Security."

Similar presentations

Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.

Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.
Basic Communication on the Internet:

Basic Communication on the Internet:
Let’s Talk About Cyber Security

Let’s Talk About Cyber Security
How the Internet Works Course Objectives Introduce the various web browsers Introduce some new terms Explain the basic Internet to PC hookup  ISP  Wired.

How the Internet Works Course Objectives Introduce the various web browsers Introduce some new terms Explain the basic Internet to PC hookup  ISP  Wired.
COMPUTER BASICS METC 106. The Internet Global group of interconnected networks Originated in 1969 – Department of Defense ARPANet Only text, no graphics.

COMPUTER BASICS METC 106. The Internet Global group of interconnected networks Originated in 1969 – Department of Defense ARPANet Only text, no graphics.
XP Browser and E-mail Basics1. XP Browser and E-mail Basics2 Learn about Web browser software and Web pages The Web is a collection of files that reside.

XP Browser and Basics1. XP Browser and Basics2 Learn about Web browser software and Web pages The Web is a collection of files that reside.
Introduction to Web Database Processing

Introduction to Web Database Processing
Internet…issues Managing the Internet

Internet…issues Managing the Internet
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 3 Internet Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 3 Internet Security.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 15: Internet Explorer and Remote Connectivity Tools.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 15: Internet Explorer and Remote Connectivity Tools.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
FIRST COURSE Computer Concepts Internet and Email Microsoft Office Get to Know Your Computer.

FIRST COURSE Computer Concepts Internet and Microsoft Office Get to Know Your Computer.
COMPUTER TERMS PART 1. COOKIE A cookie is a small amount of data generated by a website and saved by your web browser. Its purpose is to remember information.

COMPUTER TERMS PART 1. COOKIE A cookie is a small amount of data generated by a website and saved by your web browser. Its purpose is to remember information.
Title: The Internet LO: Security risks. Security risks Types of risks: 1.Phishing 2.Pharming 3.Spamming 4.Spyware 5.Cookies 6.Virus.

Title: The Internet LO: Security risks. Security risks Types of risks: 1.Phishing 2.Pharming 3.Spamming 4.Spyware 5.Cookies 6.Virus.
Lesson 46: Using Information From the Web copy and paste information from a Web site print a Web page download information from a Web site customize Web.

Lesson 46: Using Information From the Web copy and paste information from a Web site print a Web page download information from a Web site customize Web.
Lesson 46: Using Information From the Web copy and paste information from a Web site print a Web page download information from a Web site customize Web.

Lesson 46: Using Information From the Web copy and paste information from a Web site print a Web page download information from a Web site customize Web.
Chapter Nine Maintaining a Computer Part III: Malware.

Chapter Nine Maintaining a Computer Part III: Malware.
11 SUPPORTING INTERNET EXPLORER IN WINDOWS XP Chapter 11.

11 SUPPORTING INTERNET EXPLORER IN WINDOWS XP Chapter 11.
Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.

Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.

Similar presentations

Ads by Google