Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Awareness Chapter 3 Internet Security. O BJECTIVES After completing this chapter, you should be able to do the following:  Explain how the World.

Published byPierce Craig Modified over 9 years ago

Similar presentations

Presentation on theme: "Security Awareness Chapter 3 Internet Security. O BJECTIVES After completing this chapter, you should be able to do the following:  Explain how the World."— Presentation transcript:

1 Security Awareness Chapter 3 Internet Security

2 O BJECTIVES After completing this chapter, you should be able to do the following:  Explain how the World Wide Web and e-mail work  List the different types of Internet attacks  Explain the defenses used to repel Internet attacks S ECURITY A WARENESS, 3 RD E DITION 2

3 H OW THE I NTERNET W ORKS  Internet  Worldwide set of interconnected computers, servers, and networks  Not owned or regulated by any organization or government entity  Computers loosely cooperate to make the Internet a global information resource S ECURITY A WARENESS, 3 RD E DITION 3

4 T HE W ORLD W IDE W EB  World Wide Web (WWW)  Better known as the Web  Internet server computers that provide online information in a specific format  Hypertext Markup Language (HTML)  Allows Web authors to combine text, graphic images, audio, video, and hyperlinks  Web browser  Displays the words, pictures, and other elements on a user’s screen S ECURITY A WARENESS, 3 RD E DITION 4

5 T HE W ORLD W IDE W EB ( CONT ’ D.) Figure 3-1 How a browser displays HTML code S ECURITY A WARENESS, 3 RD E DITION 5 Course Technology/Cengage Learning

6 T HE W ORLD W IDE W EB ( CONT ’ D.)  Hypertext Transport Protocol (HTTP)  Standards or protocols used by Web servers to distribute HTML documents  Transmission Control Protocol/Internet Protocol (TCP/IP)  Port number  Identifies the program or service that is being requested  Port 80 Standard port for HTTP transmissions S ECURITY A WARENESS, 3 RD E DITION 6

7 T HE W ORLD W IDE W EB ( CONT ’ D.)  Transfer-and-store process  Entire document is transferred and then stored on the local computer before the browser displays it  Creates opportunities for sending different types of malicious code to the user’s computer S ECURITY A WARENESS, 3 RD E DITION 7

8 T HE W ORLD W IDE W EB ( CONT ’ D.) Figure 3-2 HTML document sent to browser S ECURITY A WARENESS, 3 RD E DITION 8 Course Technology/Cengage Learning

9 E-M AIL  Number of e-mail messages sent each day to be over 210 billion  More than 2 million every second  Simple Mail Transfer Protocol (SMTP)  Handles outgoing mail  Post Office Protocol (POP or POP3)  Responsible for incoming mail  Example of how e-mail works S ECURITY A WARENESS, 3 RD E DITION 9

10 E-M AIL ( CONT ’ D.) Figure 3-3 E-mail transport S ECURITY A WARENESS, 3 RD E DITION 10 Course Technology/Cengage Learning

11 E-M AIL ( CONT ’ D.)  IMAP (Internet Mail Access Protocol, or IMAP4)  More advanced mail protocol  E-mail attachments  Documents that are connected to an e-mail message  Encoded in a special format  Sent as a single transmission along with the e- mail message itself S ECURITY A WARENESS, 3 RD E DITION 11

12 I NTERNET A TTACKS  Variety of different attacks  Downloaded browser code  Privacy attacks  Attacks initiated while surfing to Web sites  Attacks through e-mail S ECURITY A WARENESS, 3 RD E DITION 12

13 D OWNLOADED B ROWSER C ODE  JavaScript  Scripting language Similar to a computer programming language that is typically ‘‘interpreted’’ into a language the computer can understand  Embedded in HTML document  Executed by browser  Defense mechanisms are intended to prevent JavaScript programs from causing serious harm  Can capture and send user information without the user’s knowledge or authorization S ECURITY A WARENESS, 3 RD E DITION 13

14 D OWNLOADED B ROWSER C ODE ( CONT ’ D.) Figure 3-4 JavaScript S ECURITY A WARENESS, 3 RD E DITION 14 Course Technology/Cengage Learning

15 D OWNLOADED B ROWSER C ODE ( CONT ’ D.)  Java  complete programming language  Java applet  Can perform interactive animations, immediate calculations, or other simple tasks very quickly  Sandbox  Unsigned or signed S ECURITY A WARENESS, 3 RD E DITION 15

16 D OWNLOADED B ROWSER C ODE ( CONT ’ D.) Figure 3-5 Java applet S ECURITY A WARENESS, 3 RD E DITION 16 Course Technology/Cengage Learning

17 D OWNLOADED B ROWSER C ODE ( CONT ’ D.)  ActiveX  Set of rules for how applications under the Windows operating system should share information  Do not run in a sandbox  Microsoft developed a registration system poses a number of security concerns  Not all ActiveX programs run in browser S ECURITY A WARENESS, 3 RD E DITION 17

18 P RIVACY A TTACKS  Cookies  User-specific information file created by server  Stored on local computer  First-party cookie  Third-party cookie  Cannot contain a virus or steal personal information stored on a hard drive  Can pose a privacy risk S ECURITY A WARENESS, 3 RD E DITION 18

19 P RIVACY A TTACKS ( CONT ’ D.)  Adware  Software that delivers advertising content  Unexpected and unwanted by the user  Can be a privacy risk Tracking function  Popup  Small Web browser window  Appears over the Web site that is being viewed S ECURITY A WARENESS, 3 RD E DITION 19

20 A TTACKS WHILE S URFING  Attacks on users can occur while pointing the browser to a site or just viewing a site  Redirecting Web traffic  Mistake when typing Web address  Attackers can exploit a misaddressed Web name by registering the names of similar-sounding Web sites S ECURITY A WARENESS, 3 RD E DITION 20

21 A TTACKS WHILE S URFING ( CONT ’ D.) Table 3-1 Typical errors in entering Web addresses S ECURITY A WARENESS, 3 RD E DITION 21 Course Technology/Cengage Learning

22 A TTACKS WHILE S URFING ( CONT ’ D.)  Drive-by downloads  Can be initiated by simply visiting a Web site  Spreading at an alarming pace  Attackers identify well-known Web site  Inject malicious content  Zero-pixel IFrame Virtually invisible to the naked eye S ECURITY A WARENESS, 3 RD E DITION 22

23 E-M AIL A TTACKS  Spam  Unsolicited e-mail  90 percent of all e-mails sent can be defined as spam  Lucrative business  Spam filters  Look for specific words and block the e-mail  Image spam  Uses graphical images of text in order to circumvent text- based filters S ECURITY A WARENESS, 3 RD E DITION 23

24 E-M AIL A TTACKS ( CONT ’ D.)  Other techniques to circumvent spam filters  GIF layering  Word splitting  Geometric variance  Malicious attachments  E-mail-distributed viruses  Replicate by sending themselves in an e-mail message to all of the contacts in an e-mail address book S ECURITY A WARENESS, 3 RD E DITION 24

25 E-M AIL A TTACKS ( CONT ’ D.)  Embedded hyperlinks  Clicking on the link will open the Web browser and take the user to a specific Web site  Trick users to be directed to the attacker’s “look alike” Web site S ECURITY A WARENESS, 3 RD E DITION 25

26 Figure 3-12 Embedded hyperlink S ECURITY A WARENESS, 3 RD E DITION 26 Course Technology/Cengage Learning

27 I NTERNET D EFENSES  Several types  Security application programs  Configuring browser settings  Using general good practices S ECURITY A WARENESS, 3 RD E DITION 27

28 D EFENSES T HROUGH A PPLICATIONS  Popup blocker  Separate program or a feature incorporated within a browser  Users can select the level of blocking  Spam filter  Can be implemented on the user’s local computer and at corporate or Internet Service Provider level S ECURITY A WARENESS, 3 RD E DITION 28

29 D EFENSES T HROUGH A PPLICATIONS ( CONT ’ D.)  Spam filter (cont’d.)  E-mail client spam blocking features Level of spam e-mail protection Blocked senders (blacklist) Allowed senders (whitelist) Blocked top level domain list  Bayesian filtering User divides e-mail messages into spam or not-spam Assigns each word a probability of being spam  Corporate spam filter Works with the receiving e-mail server S ECURITY A WARENESS, 3 RD E DITION 29

30 D EFENSES T HROUGH A PPLICATIONS ( CONT ’ D.) Figure 3-16 Spam filter on SMTP server S ECURITY A WARENESS, 3 RD E DITION 30 Course Technology/Cengage Learning

31 D EFENSES T HROUGH A PPLICATIONS ( CONT ’ D.)  E-mail security settings  Configured through the e-mail client application Read messages using a reading pane Block external content Preview attachments Use an e-mail postmark S ECURITY A WARENESS, 3 RD E DITION 31

32 D EFENSES T HROUGH B ROWSER S ETTINGS  Browsers allow the user to customize security and privacy settings  IE Web browser defense categories:  Advanced security settings Do not save encrypted pages to disk Empty Temporary Internet Files folder when browser is closed Warn if changing between secure and not secure mode S ECURITY A WARENESS, 3 RD E DITION 32

33 D EFENSES T HROUGH B ROWSER S ETTINGS ( CONT ’ D.)  IE Web browser defense categories (cont’d.):  Security zones Set customized security for these zones Assign specific Web sites to a zone  Restricting cookies Use privacy levels in IE S ECURITY A WARENESS, 3 RD E DITION 33

34 D EFENSES T HROUGH B ROWSER S ETTINGS ( CONT ’ D.) Table 3-3 IE Web security zones S ECURITY A WARENESS, 3 RD E DITION 34 Course Technology/Cengage Learning

35 E- MAIL D EFENSES T HROUGH G OOD P RACTICES  Use common-sense procedures to protect against harmful e-mail  Never click an embedded hyperlink in an e-mail  Be aware that e-mail is a common method for infecting computers  Never automatically open an unexpected attachment  Use reading panes and preview attachments  Never answer an e-mail request for personal information S ECURITY A WARENESS, 3 RD E DITION 35

36 I NTERNET D EFENSE S UMMARY Table 3-4 Internet defense summary S ECURITY A WARENESS, 3 RD E DITION 36 Course Technology/Cengage Learning

37 S UMMARY  Internet composition  Web servers  Web browsers  Internet technologies  HTML  JavaScript  Java  ActiveX S ECURITY A WARENESS, 3 RD E DITION 37

38 S UMMARY ( CONT ’ D.)  Privacy risk  Cookies  Adware  Security risk  Mistyped Web address  Drive-by downloads  Email security  Spam  Attachments  Security applications S ECURITY A WARENESS, 3 RD E DITION 38

Download ppt "Security Awareness Chapter 3 Internet Security. O BJECTIVES After completing this chapter, you should be able to do the following:  Explain how the World."

Similar presentations

WEB DESIGN TABLES, PAGE LAYOUT AND FORMS. Page Layout Page Layout is an important part of web design Why do you think your page layout is important?

WEB DESIGN TABLES, PAGE LAYOUT AND FORMS. Page Layout Page Layout is an important part of web design Why do you think your page layout is important?
4.01 How Web Pages Work.

4.01 How Web Pages Work.
COMPUTER BASICS METC 106. The Internet Global group of interconnected networks Originated in 1969 – Department of Defense ARPANet Only text, no graphics.

COMPUTER BASICS METC 106. The Internet Global group of interconnected networks Originated in 1969 – Department of Defense ARPANet Only text, no graphics.
1 Chapter 12 Working With Access 2000 on the Internet.

1 Chapter 12 Working With Access 2000 on the Internet.
XP Browser and E-mail Basics1. XP Browser and E-mail Basics2 Learn about Web browser software and Web pages The Web is a collection of files that reside.

XP Browser and Basics1. XP Browser and Basics2 Learn about Web browser software and Web pages The Web is a collection of files that reside.
CIS101 Introduction to Computing Week 05. Agenda Your questions Exam next week - Excel Introduction to the Internet & HTML Online HTML Resources Using.

CIS101 Introduction to Computing Week 05. Agenda Your questions Exam next week - Excel Introduction to the Internet & HTML Online HTML Resources Using.
The Internet Useful Definitions and Concepts About the Internet.

The Internet Useful Definitions and Concepts About the Internet.
INTERNET DATABASE Chapter 9. u Basics of Internet, Web, HTTP, HTML, URLs. u Advantages and disadvantages of Web as a database platform. u Approaches for.

INTERNET DATABASE Chapter 9. u Basics of Internet, Web, HTTP, HTML, URLs. u Advantages and disadvantages of Web as a database platform. u Approaches for.
CIS101 Introduction to Computing Week 05. Agenda Your questions CIS101 Survey Introduction to the Internet & HTML Online HTML Resources Using the HTML.

CIS101 Introduction to Computing Week 05. Agenda Your questions CIS101 Survey Introduction to the Internet & HTML Online HTML Resources Using the HTML.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 3 Internet Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 3 Internet Security.
Introduction to HTML 2006 CIS101. What is the Internet? Global network of computers that are connected and communicate via a series of Protocols Protocols.

Introduction to HTML 2006 CIS101. What is the Internet? Global network of computers that are connected and communicate via a series of Protocols Protocols.
Introduction to HTML 2006 INT197B. What is the Internet? Global network of computers that are connected and communicate via a series of Protocols Protocols.

Introduction to HTML 2006 INT197B. What is the Internet? Global network of computers that are connected and communicate via a series of Protocols Protocols.
Introduction to HTML 2004 CIS101. What is the Internet? Global network of computers that are connected and communicate via a series of Protocols Protocols.

Introduction to HTML 2004 CIS101. What is the Internet? Global network of computers that are connected and communicate via a series of Protocols Protocols.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
COMPUTER TERMS PART 1. COOKIE A cookie is a small amount of data generated by a website and saved by your web browser. Its purpose is to remember information.

COMPUTER TERMS PART 1. COOKIE A cookie is a small amount of data generated by a website and saved by your web browser. Its purpose is to remember information.
CIS101 Introduction to Computing Week 06. Agenda Your questions Excel Exam during second hour Our status after the snow day Introduction to the Internet.

CIS101 Introduction to Computing Week 06. Agenda Your questions Excel Exam during second hour Our status after the snow day Introduction to the Internet.
WEB DESIGNING Prof. Jesse A. Role Ph. D TM UEAB 2010.

WEB DESIGNING Prof. Jesse A. Role Ph. D TM UEAB 2010.
Web Design Terms and Concepts Ms. Scales. Q. What is a Server? A. A server is a computer that stores information many people can access. It runs special.

Web Design Terms and Concepts Ms. Scales. Q. What is a Server? A. A server is a computer that stores information many people can access. It runs special.
11 SECURING INTERNET MESSAGING Chapter 9. Chapter 9: SECURING INTERNET MESSAGING2 CHAPTER OBJECTIVES  Explain basic concepts of Internet messaging. 

11 SECURING INTERNET MESSAGING Chapter 9. Chapter 9: SECURING INTERNET MESSAGING2 CHAPTER OBJECTIVES  Explain basic concepts of Internet messaging. 
Internet Services -World Wide Web -E-mail -Conferencing and Newsgroups -File Transfer & Updating -Chat/Instant Messaging.

Internet Services -World Wide Web - -Conferencing and Newsgroups -File Transfer & Updating -Chat/Instant Messaging.

Similar presentations

Ads by Google