1 / 44

Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World. Chapter 4: Internet Security. Objectives. List the risks associated with using the World Wide Web, and describe the preventive measures that can be used to minimize Web attacks.

bferree
Download Presentation

Security Awareness: Applying Practical Security in Your World

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Awareness: Applying Practical Security in Your World Chapter 4: Internet Security

  2. Objectives • List the risks associated with using the World Wide Web, and describe the preventive measures that can be used to minimize Web attacks. • List the vulnerabilities associated with using e-mail, and explain procedures and technologies that can be used to protect e-mail. Security Awareness: Applying Practical Security in Your World

  3. Internet Security • The Internet has changed the way we live and work in a very short amount of time. • There is a dark side to the Internet; it has opened the door to attacks on any computer connected to it. • There are methods to minimize the risks of using the Internet and e-mail. Security Awareness: Applying Practical Security in Your World

  4. The World Wide Web • Internet  Worldwide interconnection of computers • World Wide Web (WWW)  Internet server computers that provide online information in a specified format • Hypertext Markup Language (HTML)  Specifies how a browser should display elements on a user’s screen (See Figure 4-1) • Hypertext Transport Protocol (HTTP)  Set of standards that Web servers use to distribute HTML documents (See Figure 4-2) Security Awareness: Applying Practical Security in Your World

  5. The World Wide Web (continued) Security Awareness: Applying Practical Security in Your World

  6. The World Wide Web (continued) Security Awareness: Applying Practical Security in Your World

  7. Repurposed Programming • Repurposed programming  Using programming tools in harmful ways other than what they were originally intended to do • Static content  Information that does not change • Dynamic content  Content that can change • Tools that can be used for repurposed programming:JavaScriptJava AppletsActiveX Controls Security Awareness: Applying Practical Security in Your World

  8. Web Attacks • Web attack  An attack launched against a computer through the Web • Broadband connections  A type of Internet connection that allows users to connect at much faster speeds than older dial-up technologies • Result: More attacks against home computers • Three categories of attacks:Repurposed programmingSnoopingRedirected Web traffic Security Awareness: Applying Practical Security in Your World

  9. JavaScript • JavaScript  Special program code embedded in an HTML document Web site using JavaScript accessed  HTML document downloaded  JavaScript code executed by the browser (See Figure 4-3) • Some browsers have security weaknesses Security Awareness: Applying Practical Security in Your World

  10. JavaScript (continued) Security Awareness: Applying Practical Security in Your World

  11. Java Applet • Java applet  A program downloaded from the Web server separately from the HTML document • Stored on the Web server and downloaded along with the HTML code when the page is accessed (See Figure 4-4) • Processes user’s requests on the local computer rather than transmitting back to the Web server Security Awareness: Applying Practical Security in Your World

  12. Java Applet (continued) • “Security sandbox” Unsigned Java applets  Untrusted source (See Figure 4-5) Signed Java applets  Digital signature proving trusted source Security Awareness: Applying Practical Security in Your World

  13. Java Applet (continued) Security Awareness: Applying Practical Security in Your World

  14. Java Applet (continued) Security Awareness: Applying Practical Security in Your World

  15. ActiveX Controls • ActiveX controls  An advanced technology that allows software components to interact with different applications • Two risks: • Macros • ActiveX security relies on human judgment • Digital signatures • Users may routinely grant permission for any ActiveX program to run Security Awareness: Applying Practical Security in Your World

  16. Snooping • One of dynamic contents strengths is its ability to receive input from the user and perform actions based on it (See Figure 4-6) • Providing information to a Web site carries risk • Internet transmissions are not normally encrypted • Information entered can be viewed by unauthorized users • Types of snooping:SpywareMisusing Cookies Security Awareness: Applying Practical Security in Your World

  17. Snooping (continued) Security Awareness: Applying Practical Security in Your World

  18. Snooping (Continued) • Cookies  A computer file that contains user-specific information • Stores information given to a Web site and reuses it • Can pose a security risk • Hackers target cookies to retrieve sensitive information • Cookies can be used to determine what Web pages you are viewing • Some personal information is left on Web sites by the browser • Makes tracking Internet usage easier Security Awareness: Applying Practical Security in Your World

  19. Redirecting Web Traffic • Mistakes can be made when typing an address into a browser • Usually mistakes result in error messages (See Figure 4-7) • Hackers can exploit misaddressed Web names to steal information using social engineering • Two approaches:Phishing Registering similar-sounding domain names Security Awareness: Applying Practical Security in Your World

  20. Redirecting Web Traffic (continued) Security Awareness: Applying Practical Security in Your World

  21. Web Security Through Browser Settings • Web browser security and privacy settings can be customized • Internet Options General Security Privacy Content Advanced Tab Security Awareness: Applying Practical Security in Your World

  22. Web Security Through Browser Settings (continued) Figure 4-9 Security Settings on the Advanced Tab Security Awareness: Applying Practical Security in Your World

  23. Web Security Through Browser Settings (continued) • Alert the User to the Type of Transaction • Warn if changing between secure and not secure mode Security Awareness: Applying Practical Security in Your World

  24. Web Security Through Browser Settings (continued) • Hypertext Transfer Protocol over Secure Sockets Layer (HTTPS)  Encrypts and decrypts the data sent Security Awareness: Applying Practical Security in Your World

  25. Web Security Through Browser Settings (continued) • Know What’s Happening with the Cache • Do not save encrypted pages to disk • Empty Temporary Internet Files when browser is closed • Cache  Temporary storage area on the hard disk Security Awareness: Applying Practical Security in Your World

  26. Web Security Through Browser Settings (continued) • Know the Options on the General Tab • Temporary Internet files Delete Cookies Delete Files • History Security Awareness: Applying Practical Security in Your World

  27. Web Security Through Browser Settings (continued) • Security Zones and the Security Tab • Predefined security zones:Internet Local IntranetTrusted sites Restricted sites Security Awareness: Applying Practical Security in Your World

  28. Web Security Through Browser Settings (continued) • Security Zones and the Security Tab • Security levels canbe customized by clicking the Custom Level button to display the Security Settings page Security Awareness: Applying Practical Security in Your World

  29. Web Security Through Browser Settings (continued) • Using the Privacy tab • Divided into two parts: • Privacy level settings • Cookie handling:First-party Third-party Security Awareness: Applying Practical Security in Your World

  30. Web Security Through Browser Settings (continued) • Placing Restrictions on the Content Page • Control type of content the browser will display • Content Advisor • Certificates • Publishers Security Awareness: Applying Practical Security in Your World

  31. Web Security Through Appropriate Procedures • Do not accept any unsigned Java applets unless you are sure of the source • Disable or restrict macros from opening or running automatically • Disable ActiveX and JavaScript. • Install anti-spyware and antivirus software and keep it updated Security Awareness: Applying Practical Security in Your World

  32. Web Security Procedures (continued) • Regularly install any critical operating system updates. • Block all cookies • Never respond to an e-mail that asks you to click on a link to verify your personal information. • Check spelling to be sure you are viewing the real site. Security Awareness: Applying Practical Security in Your World

  33. Web Security Procedures (continued) • Turn on all security settings under the Advanced tab. • Keep your cache clear of temporary files and cookies. • Use the security zones feature. Security Awareness: Applying Practical Security in Your World

  34. E-Mail • E-mail is a double-edged sword Essential for business and personal communications Primary vehicle for malicious code Security Awareness: Applying Practical Security in Your World

  35. Vulnerabilities of E-Mail • Three major areas:AttachmentsSpamSpoofing Security Awareness: Applying Practical Security in Your World

  36. Vulnerabilities of E-Mail (continued) • Attachments  Documents, spreadsheets, photographs and anything else added to an e-mail message • Can open the door for viruses and worms to infect a system • Malicious code can execute when the attachment is opened • Code can then forward itself and continue to spread Security Awareness: Applying Practical Security in Your World

  37. Vulnerabilities of E-Mail (continued) • Spam  Unsolicited e-mail messages • Usually regarded as just a nuisance, but can contain malicious code • To cut down on spam: • Never reply to spam that says “Click here to unsubscribe” • Set up an e-mail account to use when filling out Web forms • Do not purchase items advertised through spam • Ask your ISP or network manager to install spam-filtering hardware or software Security Awareness: Applying Practical Security in Your World

  38. Vulnerabilities of E-Mail (continued) • E-mail Spoofing  A message falsely identifying the sender as someone else • Sender’s address appears to be legitimate, so the recipient trusts the source and does what is asked Security Awareness: Applying Practical Security in Your World

  39. Solutions • Technology-based solutions • Antivirus software installed and regularly updated • E-mail filters • File extension filters • Junk e-mail option Figure 4-17  • Separate filtering software working in conjunction with the e-mail software Security Awareness: Applying Practical Security in Your World

  40. Solutions (continued) • Procedure-Based Solutions • Remember that e-mail is the number one method for infecting computers and treat it cautiously • Approach e-mail messages from unknown senders with caution • Never automatically open an attachment • Do not use preview mode in your e-mail software • Never answer e-mail requests for personal information Security Awareness: Applying Practical Security in Your World

  41. Summary • Computers connected to the Internet are vulnerable to a long list of attacks, in addition to viruses, worms and other malicious code. • Categories of attack are: • Repurposed programming • JavaScript • Java applets • ActiveX controls • Snooping • Redirected Web traffic Security Awareness: Applying Practical Security in Your World

  42. Summary (continued) • Defending against Web attacks is a two-fold process: • Configuration of browser softwareCustomized privacy and security settings • Proper procedures to minimize riskMany attacks are based on social engineering Security Awareness: Applying Practical Security in Your World

  43. Summary (continued) • E-mail is a crucial business and personal tool, but is also a primary means of infection by viruses, worms, and other malicious code. • Attachments • Spam • Spoofing Security Awareness: Applying Practical Security in Your World

  44. Summary (continued) • E-mail security solutions can be broken into two categories: • Technology-based • Antivirus software • Filters for attachments and spam • Procedure-based • Remember the risks and consistently follow “safe” procedures Security Awareness: Applying Practical Security in Your World

More Related