Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 3 Internet Security.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 3 Internet Security."— Presentation transcript:

1 Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 3 Internet Security

2 Security Awareness: Applying Practical Security in Your World, 2e 2 Objectives Explain how the World Wide Web and e-mail work List the types of Web and e-mail attacks Describe how to set Web defenses using a browser Identify the type of defenses that can be implemented in order to protect e-mail

3 Security Awareness: Applying Practical Security in Your World, 2e 3 How the Internet Works World Wide Web (WWW) –Composed of Internet server computers that provide online information HTML –Allows Web authors to combine the following into a single document Text, graphic images, audio, video, and hyperlinks

4 Security Awareness: Applying Practical Security in Your World, 2e 4

5 5 How the Internet Works (continued) Hypertext Transport Protocol (HTTP) –Subset of Transmission Control Protocol/Internet Protocol (TCP/IP) Port numbers –Identify what program or service on the receiving computer is being requested

6 Security Awareness: Applying Practical Security in Your World, 2e 6

7 7 E-Mail Simple Mail Transfer Protocol (SMTP) –Handles outgoing mail –Server “listens” for requests on port 25 Post Office Protocol (POP3) –Responsible for incoming mail –POP3 “listens” on port 110

8 Security Awareness: Applying Practical Security in Your World, 2e 8

9 9 E-Mail (continued) IMAP (Internet Mail Access Protocol, or IMAP4) –More advanced mail protocol –E-mail remains on e-mail server and is not sent to user’s local computer –Mail can be organized into folders on the mail server and read from any computer E-mail attachments –Documents in a binary (nontext) format

10 Security Awareness: Applying Practical Security in Your World, 2e 10

11 Security Awareness: Applying Practical Security in Your World, 2e 11 Internet Attacks Repurposed Programming –Using programming tools in ways more harmful than originally intended JavaScript –Used to make dynamic content –Based on the Java programming language –Special program code embedded into HTML document –Virtual Machine Java interpreter that is used within the Web browser to execute code

12 Security Awareness: Applying Practical Security in Your World, 2e 12

13 Security Awareness: Applying Practical Security in Your World, 2e 13 Repurposed Programming JavaScript programs –Can capture and send user information without user’s knowledge or authorization Java applet –Stored on Web server –Downloaded onto user’s computer along with HTML code –Can perform interactive animations or immediate calculations

14 Security Awareness: Applying Practical Security in Your World, 2e 14

15 Security Awareness: Applying Practical Security in Your World, 2e 15 Java Applet Sandbox –Defense against hostile Java applet Unsigned Java applet –Program that does not come from a trusted source Signed Java applet –Has digital signature that proves program is from a trusted source and has not been altered

16 Security Awareness: Applying Practical Security in Your World, 2e 16 Active X Set of technologies developed by Microsoft Set of rules for how programs should share information Security concerns –User’s decision to allow installation of an ActiveX control is based on the source of the ActiveX control –A control is registered only once per computer –Nearly all ActiveX control security mechanisms are set in Internet Explorer

17 Security Awareness: Applying Practical Security in Your World, 2e 17 Cookies Small text files stored on user’s hard disk by a Web server Contain user-specific information Rules of HTTP –Make it impossible for Web site to track whether a user has previously visited that site

18 Security Awareness: Applying Practical Security in Your World, 2e 18 Cookies (continued) Cannot contain viruses or steal personal information Only contains information that can be used by a Web server Can pose a security risk First-party cookie –Created from the Web site that a user is currently viewing

19 Security Awareness: Applying Practical Security in Your World, 2e 19 Trojan Horse Malicious program disguised as a legitimate program Executable programs that perform an action when file is opened May disguise itself by using a valid filename and extension

20 Security Awareness: Applying Practical Security in Your World, 2e 20 Redirecting Web Traffic Typical mistakes users make when typing Web address –Misspelling address –Omitting the dot –Omitting a word –Using inappropriate punctuation Hackers can –Exploit a misaddressed Web name –Steal information from unsuspecting users through social engineering

21 Security Awareness: Applying Practical Security in Your World, 2e 21 Search Engine Scanning Search engines –Important tools for locating information on the Internet Attackers –Use same search tools to assess security of Web servers before launching an attack

22 Security Awareness: Applying Practical Security in Your World, 2e 22

23 Security Awareness: Applying Practical Security in Your World, 2e 23 E-mail Attacks E-mail attachments –Preferred method of distributing viruses and worms E-mail-distributed viruses –Use social engineering to trick recipients into opening document If file attached to e-mail message contains a virus –It is often launched when file attachment is opened

24 Security Awareness: Applying Practical Security in Your World, 2e 24 Spam Unsolicited e-mail Reduces work productivity Spammers –Can overwhelm users with offers to buy merchandise or trick them into giving money away U.S. Congress passed an anti-spam law in late 2003 –Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM)

25 Security Awareness: Applying Practical Security in Your World, 2e 25

26 Security Awareness: Applying Practical Security in Your World, 2e 26

27 Security Awareness: Applying Practical Security in Your World, 2e 27

28 Security Awareness: Applying Practical Security in Your World, 2e 28 Web Defenses through Browser Settings IE settings that should be turned on –Do not save encrypted pages to disk –Empty Temporary Internet Files folder when browser is closed –Warn if changing between secure and not secure mode

29 Security Awareness: Applying Practical Security in Your World, 2e 29

30 Security Awareness: Applying Practical Security in Your World, 2e 30

31 Security Awareness: Applying Practical Security in Your World, 2e 31

32 Security Awareness: Applying Practical Security in Your World, 2e 32 Security Zones Internet –Contains Web sites that have not been placed in any other zone Local Intranet –Web pages from an organization’s internal Web site can be added to this zone

33 Security Awareness: Applying Practical Security in Your World, 2e 33 Security Zones (continued) Trusted Sites –Web sites that are trusted not to pose any harm to a computer can be placed here Restricted Sites –Web site considered to be potentially harmful can be placed here

34 Security Awareness: Applying Practical Security in Your World, 2e 34

35 Security Awareness: Applying Practical Security in Your World, 2e 35 Restricting Cookies Privacy levels –Block All Cookies –High –Medium High –Medium –Low –Accept All Cookies

36 Security Awareness: Applying Practical Security in Your World, 2e 36

37 Security Awareness: Applying Practical Security in Your World, 2e 37 E-Mail Defenses Technology-based defenses –Level of junk e-mail protection –Blocked senders –Blocked top level domain list

38 Security Awareness: Applying Practical Security in Your World, 2e 38

39 Security Awareness: Applying Practical Security in Your World, 2e 39

40 Security Awareness: Applying Practical Security in Your World, 2e 40 Technology-Based Defenses Whitelist –Names/addresses of those individuals from whom an e-mail message will be accepted Bayesian filtering –Used by sophisticated e-mail filters

41 Security Awareness: Applying Practical Security in Your World, 2e 41

42 Security Awareness: Applying Practical Security in Your World, 2e 42 Procedures Questions you should ask when you receive an e- mail with an attachment –Is the e-mail from someone that you know? –Have you received e-mail from this sender before? –Were you expecting an attachment from this sender?

43 Security Awareness: Applying Practical Security in Your World, 2e 43 Summary World Wide Web (WWW) –Composed of Internet server computers that provide online information in a specific format E-mail systems –Can use two TCP/IP protocols to send and receive messages Repurposed programming –Using programming tools in ways more harmful than for what they were intended

44 Security Awareness: Applying Practical Security in Your World, 2e 44 Summary (continued) Cookie –Computer file that contains user-specific information Spam, or unsolicited e-mail –Has negative effect on work productivity –May be potentially dangerous Properly configuring security settings on Web browser –First line of defense against an Internet attack

Download ppt "Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 3 Internet Security."

Similar presentations

Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.

Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.
Basic Communication on the Internet:

Basic Communication on the Internet:
How the Internet Works Course Objectives Introduce the various web browsers Introduce some new terms Explain the basic Internet to PC hookup  ISP  Wired.

How the Internet Works Course Objectives Introduce the various web browsers Introduce some new terms Explain the basic Internet to PC hookup  ISP  Wired.
COMPUTER BASICS METC 106. The Internet Global group of interconnected networks Originated in 1969 – Department of Defense ARPANet Only text, no graphics.

COMPUTER BASICS METC 106. The Internet Global group of interconnected networks Originated in 1969 – Department of Defense ARPANet Only text, no graphics.
Packet Analyzers, a Threat to Network Security. Agenda Introduction The background of packet analyzers LAN technologies & network protocols Communication.

Packet Analyzers, a Threat to Network Security. Agenda Introduction The background of packet analyzers LAN technologies & network protocols Communication.
The Internet Useful Definitions and Concepts About the Internet.

The Internet Useful Definitions and Concepts About the Internet.
Web Server Administration

Web Server Administration
INTERNET DATABASE Chapter 9. u Basics of Internet, Web, HTTP, HTML, URLs. u Advantages and disadvantages of Web as a database platform. u Approaches for.

INTERNET DATABASE Chapter 9. u Basics of Internet, Web, HTTP, HTML, URLs. u Advantages and disadvantages of Web as a database platform. u Approaches for.
Internet…issues Managing the Internet

Internet…issues Managing the Internet
Security+ Guide to Network Security Fundamentals, Third Edition

Security+ Guide to Network Security Fundamentals, Third Edition
Mobile Code and Worms By Mitun Sinha Pandurang Kamat 04/16/2003.

Mobile Code and Worms By Mitun Sinha Pandurang Kamat 04/16/2003.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Practical PC, 7 th Edition Chapter 9: Sending E-mail and Attachments.

Practical PC, 7 th Edition Chapter 9: Sending and Attachments.
Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.

Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.
11 SECURING INTERNET MESSAGING Chapter 9. Chapter 9: SECURING INTERNET MESSAGING2 CHAPTER OBJECTIVES  Explain basic concepts of Internet messaging. 

11 SECURING INTERNET MESSAGING Chapter 9. Chapter 9: SECURING INTERNET MESSAGING2 CHAPTER OBJECTIVES  Explain basic concepts of Internet messaging. 
INTRODUCTION TO WEB DATABASE PROGRAMMING

INTRODUCTION TO WEB DATABASE PROGRAMMING
Computer Concepts 2014 Chapter 7 The Web and E-mail.

Computer Concepts 2014 Chapter 7 The Web and .
Data Security.

Data Security.
Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.

Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.

Similar presentations

Ads by Google