chapter 3 ensuring internet security
TRANSCRIPT
Chapter 3Chapter 3Ensuring Internet SecurityEnsuring Internet Security
Learning ObjectivesLearning Objectives
Differentiate between the different types of malware.Differentiate between the different types of malware.
Explain how antivirus programs work.Explain how antivirus programs work.
Examine how a firewall works.Examine how a firewall works.
Explain the role service patches and updates play in Explain the role service patches and updates play in maintaining computer security.maintaining computer security.
Explain phishing and 419 scams.Explain phishing and 419 scams.
Compare and contrast DoS, DDoS, and brute force Compare and contrast DoS, DDoS, and brute force attacks.attacks.
Learning ObjectivesLearning Objectives
Change Internet Explorer security settings.Change Internet Explorer security settings.
Summarize how encryption works.Summarize how encryption works.
Explain the difference between adware and spyware Explain the difference between adware and spyware and discuss the implications of each.and discuss the implications of each.
Describe how cookies work.Describe how cookies work.
Describe methods that can be used to block spam.Describe methods that can be used to block spam.
Explain the procedures designed to avoid adware Explain the procedures designed to avoid adware and spyware.and spyware.
Chapter FocusChapter Focus
MalwareMalware
Malware CountermeasuresMalware Countermeasures
Cyber CrimeCyber Crime
Cyber Crime CountermeasuresCyber Crime Countermeasures
Threats to PrivacyThreats to Privacy
Privacy CountermeasuresPrivacy Countermeasures
MalwareMalware
Any program or Any program or computer codecomputer codedeliberately deliberately designed to harm designed to harm any portion of a any portion of a computer systemcomputer system
Microsoft Decision Tree
MalwareMalware
VirusesViruses
A self-replicating form of malwareA self-replicating form of malware
Spread from computer to computer using another Spread from computer to computer using another file or program as a hostfile or program as a host
When virus is executed, its When virus is executed, its payloadpayload is released — is released — the malicious action is performedthe malicious action is performed
Data corruption or deletionData corruption or deletion
Information theftInformation theft
Consumed system resourcesConsumed system resources
MalwareMalware
WormsWorms
Spreads through network connections without the Spreads through network connections without the need for a host programneed for a host program
Computer Emergency Response Team (CERT Computer Emergency Response Team (CERT Coordination Center)Coordination Center)
Coordinates efforts to deal with threats to Coordinates efforts to deal with threats to computer security and to build security issue computer security and to build security issue awareness among Internet usersawareness among Internet users
www.cert.orgwww.cert.org is a valuable source of is a valuable source of information on the latest computer security information on the latest computer security threatsthreats
MalwareMalware
CERT/CC Home Page
MalwareMalware
Trojan HorsesTrojan Horses
Disguises itself as a harmless or legitimate Disguises itself as a harmless or legitimate program to persuade people to download and program to persuade people to download and run itrun it
Does not need to self-replicate like a virus or Does not need to self-replicate like a virus or wormworm
When executed, the file is able to unleash its When executed, the file is able to unleash its payloadpayload
MalwareMalwareReviewReview
What are the key distinguishing characteristics of What are the key distinguishing characteristics of viruses, worms, and Trojan horses?viruses, worms, and Trojan horses?
What is a backdoor payload?What is a backdoor payload?
What is a malware payload?What is a malware payload?
Malware CountermeasuresMalware Countermeasures
Antivirus ProgramsAntivirus Programs
Scans computers or computer systems to detect Scans computers or computer systems to detect any malware that may be presentany malware that may be present
Most offer proactive software for prevention of Most offer proactive software for prevention of malwaremalware
Very popular antivirus programsVery popular antivirus programs
Norton AntivirusNorton Antivirus
PC-CillinPC-Cillin
McAfee VirusScanMcAfee VirusScan
Antivirus Program Download PageAntivirus Program Download Page
Malware CountermeasuresMalware Countermeasures
Antivirus ProgramsAntivirus Programs
3 options when an infected file is found3 options when an infected file is foundClean the file, delete the file, quarantine the fileClean the file, delete the file, quarantine the file
Online Antivirus Scanning
Malware CountermeasuresMalware Countermeasures
Windows Vista includes a System Restore Windows Vista includes a System Restore functionfunction
Allows user to revert the computer settings Allows user to revert the computer settings from a previous point in timefrom a previous point in time
Can allow viruses to remain in backup files Can allow viruses to remain in backup files where they cannot be cleaned or deleted by where they cannot be cleaned or deleted by antivirus programsantivirus programs
Malware CountermeasuresMalware Countermeasures
Disabling Windows Disabling Windows Vista System Vista System Restore FunctionRestore Function
Malware CountermeasuresMalware Countermeasures
Signature ScanningSignature Scanning
Virus SignatureVirus Signature
A string of binary code unique to a particular virusA string of binary code unique to a particular virus
Drawbacks to signature scanningDrawbacks to signature scanning
Polymorphic viruses change with each replicationPolymorphic viruses change with each replication
Ineffective against new viruses for which Ineffective against new viruses for which signature updates do not yet existsignature updates do not yet exist
Signature scanning is reactive rather than Signature scanning is reactive rather than preventivepreventive
Malware CountermeasuresMalware Countermeasures
Heuristic ScanningHeuristic Scanning
Looks for general malware characteristics Looks for general malware characteristics
Relies on previous experience or knowledgeRelies on previous experience or knowledge
Can produce false positives and negativesCan produce false positives and negatives
Requires periodic updates to ensure that the Requires periodic updates to ensure that the catalog of suspicious characteristics is up-to-datecatalog of suspicious characteristics is up-to-date
Malware CountermeasuresMalware Countermeasures
Behavior BlockingBehavior Blocking
Looks for typical malware behaviorsLooks for typical malware behaviors
Attempts to change computer settingsAttempts to change computer settings
Opening and/or alteration of filesOpening and/or alteration of files
Network communications initiationNetwork communications initiation
Attempts to open computer portsAttempts to open computer ports
Malware CountermeasuresMalware Countermeasures
FirewallsFirewalls
Hardware or software barrier located between the Hardware or software barrier located between the Internet and a computer or computer networkInternet and a computer or computer network
Filters data arriving through the InternetFilters data arriving through the Internet
Use a proxy server to handle page and data Use a proxy server to handle page and data requests to add another level of threat protectionrequests to add another level of threat protection
Malware CountermeasuresMalware Countermeasures
FirewallsFirewalls
Microsoft VistaMicrosoft Vistafeatures a softwarefeatures a softwarefirewall that can befirewall that can beenabled by usersenabled by users
Malware CountermeasuresMalware Countermeasures
Service Patches and UpdatesService Patches and Updates
Released by Released by Microsoft for Microsoft for Windows operating Windows operating system versionssystem versions
To repair system To repair system vulnerabilities when vulnerabilities when discovereddiscovered
The default Windows VistaThe default Windows Vistaconfiguration periodicallyconfiguration periodicallychecks for new security patches or updates, then checks for new security patches or updates, then automatically downloads and installs themautomatically downloads and installs them
Malware CountermeasuresMalware Countermeasures
Password ProtectionPassword Protection
To ensure that To ensure that unauthorized parties unauthorized parties do not obtain access do not obtain access to your confidential to your confidential datadata
Especially important Especially important if you share your if you share your computer with others computer with others or if you are on a or if you are on a networknetwork
Malware CountermeasuresMalware CountermeasuresReviewReview
What can be done to protect your computer against What can be done to protect your computer against malware?malware?
What are the different methods that antivirus What are the different methods that antivirus programs use to detect malware?programs use to detect malware?
What does a firewall do?What does a firewall do?
Cyber CrimeCyber Crime
Refers to crimes committed using the InternetRefers to crimes committed using the Internet
Several techniques of cyber crime:Several techniques of cyber crime:
PhishingPhishing
419 Scams419 Scams
Denial-of-Service (DoS) AttacksDenial-of-Service (DoS) Attacks
Brute Force AttacksBrute Force Attacks
Cyber CrimeCyber Crime
PhishingPhishing
Online scammer sends a user an e-mail that Online scammer sends a user an e-mail that appears to be from a legitimate and well-known appears to be from a legitimate and well-known company to try to trick the user into sending company to try to trick the user into sending confidential informationconfidential information
Current phishing attacks are estimated to have a Current phishing attacks are estimated to have a 3% success rate3% success rate
Cyber CrimeCyber Crime
Spoofed eBay E-mailSpoofed eBay E-mail
Cyber CrimeCyber Crime
419 Scams419 Scams
Advanced fee fraudAdvanced fee fraud
Majority of crime originates in NigeriaMajority of crime originates in Nigeria
Victim receives an e-mail asking to front some Victim receives an e-mail asking to front some money to help smuggle a large amount of money money to help smuggle a large amount of money out of the country in exchange for a percentage out of the country in exchange for a percentage of the smuggled moneyof the smuggled money
Cyber CrimeCyber Crime
419 Scam E-mail419 Scam E-mail
Cyber CrimeCyber Crime
Denial-of-Service (DoS) AttacksDenial-of-Service (DoS) Attacks
Paralyze computer networks by bombarding them Paralyze computer networks by bombarding them with traffic in the form of packets of useless with traffic in the form of packets of useless informationinformation
Goal is to deny services to opposition based on Goal is to deny services to opposition based on economic or political reasons, or just for funeconomic or political reasons, or just for fun
Past victimsPast victims
Microsoft, U.S. Government, Yahoo, Amazon, Microsoft, U.S. Government, Yahoo, Amazon, CNN.comCNN.com
Cyber CrimeCyber Crime
Brute force attacksBrute force attacks
Aims to overcome a password-protected Aims to overcome a password-protected computer or network by systematically trying computer or network by systematically trying different combinations of letters and numbersdifferent combinations of letters and numbers
Users should use effective passwordsUsers should use effective passwords
Not simple or easily deduced words or number Not simple or easily deduced words or number combinationscombinations
Cyber CrimeCyber CrimeReviewReview
How would you define cyber crime?How would you define cyber crime?
What are some of the different types of cyber crime?What are some of the different types of cyber crime?
What is spoofing, and what role does it play in cyber What is spoofing, and what role does it play in cyber crime?crime?
Cyber Crime CountermeasuresCyber Crime Countermeasures
Additional tools are needed to protect against cyber Additional tools are needed to protect against cyber crimecrime
Tailored security settings in Internet ExplorerTailored security settings in Internet Explorer
Encryption to authenticate and protect Encryption to authenticate and protect communications including confidential communications including confidential transactionstransactions
Cyber Crime CountermeasuresCyber Crime Countermeasures
Internet Explorer Security SettingsInternet Explorer Security Settings
Enables users to assign Web sites to different Enables users to assign Web sites to different Web content security zones depending on how Web content security zones depending on how trusted the sites aretrusted the sites are
LowLow
Medium-LowMedium-Low
Medium (recommended)Medium (recommended)
HighHigh
The higher the security level, the moreThe higher the security level, the morerestrictive it isrestrictive it is
Cyber Crime CountermeasuresCyber Crime Countermeasures
Internet Internet Explorer Explorer Security Security SettingsSettings
level slider
Cyber Crime CountermeasuresCyber Crime Countermeasures
File Download Warning MessageFile Download Warning Message
Cyber Crime CountermeasuresCyber Crime Countermeasures
Encryption and AuthenticationEncryption and Authentication
EncryptionEncryption
Refers to the process of using an algorithm to Refers to the process of using an algorithm to scramble text or data into an unreadable scramble text or data into an unreadable format that cannot be unscrambled without the format that cannot be unscrambled without the use of a keyuse of a key
AuthenticationAuthentication
Refers to the process of verificationRefers to the process of verification
Cyber Crime CountermeasuresCyber Crime Countermeasures
Symmetric Encryption/Asymmetric EncryptionSymmetric Encryption/Asymmetric Encryption
Symmetric encryptionSymmetric encryption
Message sender and recipient both use the Message sender and recipient both use the same private key to encrypt and decrypt same private key to encrypt and decrypt communicationcommunication
Asymmetric encryptionAsymmetric encryption
Uses paired private and public keys to encrypt Uses paired private and public keys to encrypt and decrypt dataand decrypt data
Cyber Crime CountermeasuresCyber Crime Countermeasures
Cyber Crime CountermeasuresCyber Crime Countermeasures
Digital CertificatesDigital Certificates
Provides a means of verifying that a public key Provides a means of verifying that a public key belongs to the person who claims to own itbelongs to the person who claims to own it
Personal Certificate contains at least:Personal Certificate contains at least:
Public key owner’s namePublic key owner’s name
Expiration dateExpiration date
Name of the Certification Authority (CA) that Name of the Certification Authority (CA) that issued the certificateissued the certificate
Serial numberSerial number
Digital signature for the CADigital signature for the CA
Cyber Crime CountermeasuresCyber Crime Countermeasures
Digital Digital CertificateCertificate
public keyowner’s name
CA that issuedthe certificate
expiration date
Cyber Crime CountermeasuresCyber Crime Countermeasures
Digital Certification Digital Certification Online ApplicationOnline Application
Cyber Crime CountermeasuresCyber Crime Countermeasures
Digital SignaturesDigital Signatures
Uses encryption to help a message recipient Uses encryption to help a message recipient confirm that:confirm that:
A digitally signed message originates from the A digitally signed message originates from the person claiming to have sent it person claiming to have sent it
The message contents have not been alteredThe message contents have not been altered
HashingHashing
Contents of a message are reduced to a Contents of a message are reduced to a message digestmessage digest
Cyber Crime CountermeasuresCyber Crime Countermeasures
Cyber Crime CountermeasuresCyber Crime Countermeasures
Secure Sockets Layer (SSL) ProtocolSecure Sockets Layer (SSL) Protocol
Ensures the security of confidential information Ensures the security of confidential information such as that for financial transactions conducted such as that for financial transactions conducted over the Internetover the Internet
URL will begin with URL will begin with httpshttps during a secure during a secure connectionconnection
Internet Explorer displays a closed padlock icon Internet Explorer displays a closed padlock icon at right end of the browser window status barat right end of the browser window status bar
Cyber Crime CountermeasuresCyber Crime Countermeasures
httpsprotocol
padlock icon
Cyber Crime CountermeasuresCyber Crime Countermeasures
Biometric AuthenticationBiometric Authentication
Uses biological features to verify identityUses biological features to verify identity
FingerprintsFingerprints
SpeechSpeech
Iris patternsIris patterns
Current fingerprint scanners are not foolproofCurrent fingerprint scanners are not foolproof
Cyber Crime CountermeasuresCyber Crime CountermeasuresReviewReview
How can using Internet Explorer security zones How can using Internet Explorer security zones protect a computer or network?protect a computer or network?
How does asymmetric encryption work?How does asymmetric encryption work?
What is the process of creating a digital signature?What is the process of creating a digital signature?
Threats to PrivacyThreats to Privacy
SpamSpam
Adware/SpywareAdware/Spyware
CookiesCookies
Inappropriate ContentInappropriate Content
Threats to PrivacyThreats to Privacy
SpamSpam
Online equivalent of the junk mail delivered by Online equivalent of the junk mail delivered by the U.S. Postal Servicethe U.S. Postal Service
Spammers find e-mail addresses by:Spammers find e-mail addresses by:
Combining through newsgroups and chat Combining through newsgroups and chat roomsrooms
Checking Web sitesChecking Web sites
Using software that gathers name lists from Using software that gathers name lists from ISP directoriesISP directories
Using pop-up Using pop-up ads that say ads that say user has won a prizeuser has won a prize
Threats to PrivacyThreats to Privacy
Adware/SpywareAdware/Spyware
Adware – Advertising Supported SoftwareAdware – Advertising Supported Software
Often included in shareware and freeware Often included in shareware and freeware softwaresoftware
Fee paid by adware advertisers helps pay for Fee paid by adware advertisers helps pay for shareware and freeware costsshareware and freeware costs
SpywareSpyware
Used to gather user information without their Used to gather user information without their knowledgeknowledge
Usually promise not to identify usersUsually promise not to identify users
Impossible to verifyImpossible to verify
Threats to PrivacyThreats to Privacy
CookiesCookies
Very small text files placed on a computer so Very small text files placed on a computer so Web site servers can recognize previous visitors Web site servers can recognize previous visitors to customize viewing experienceto customize viewing experience
Not a programNot a program
Temporary or session cookiesTemporary or session cookies
Deleted when browser is closedDeleted when browser is closed
Persistent cookiesPersistent cookies
Remain even after browser is closedRemain even after browser is closed
Threats to PrivacyThreats to Privacy
CNN Weather CNN Weather Information Information Preference Preference
CookieCookie
cookie text
Threats to PrivacyThreats to PrivacyReviewReview
What is spam, and how do spammers find e-mail What is spam, and how do spammers find e-mail addresses to send spam to?addresses to send spam to?
What is the difference between adware and What is the difference between adware and spyware?spyware?
How do cookies work?How do cookies work?
Privacy CountermeasuresPrivacy Countermeasures
Spam Blocking MethodsSpam Blocking Methods
A lot of spam can be avoided by being carefulA lot of spam can be avoided by being careful
Never buying a product advertised in a spam Never buying a product advertised in a spam messagemessage
Never reply to a spam messageNever reply to a spam message
Do not forward chain letters or mass mailingsDo not forward chain letters or mass mailings
Be careful when subscribing to anything, and Be careful when subscribing to anything, and check for a privacy statementcheck for a privacy statement
Avoid Web sites without privacy policies, and look Avoid Web sites without privacy policies, and look for check boxes placing you on mailing lists or for check boxes placing you on mailing lists or making your e-mail addresses available to making your e-mail addresses available to advertisersadvertisers
Privacy CountermeasuresPrivacy Countermeasures
Privacy CountermeasuresPrivacy Countermeasures
Do not post your e-mail address in InternetDo not post your e-mail address in Internete-mail directoriese-mail directories
Set up a free mail service e-mail address, Set up a free mail service e-mail address, such as Hotmail or Yahoo, and use it for such as Hotmail or Yahoo, and use it for Internet transactions to protect your normalInternet transactions to protect your normale-mail addresse-mail address
Disable automatic image downloading in Disable automatic image downloading in HTML e-mailHTML e-mail
Install spam filtering softwareInstall spam filtering software
Must be updated periodically to maintain Must be updated periodically to maintain effectivenesseffectiveness
Privacy CountermeasuresPrivacy Countermeasures
Spyware/Adware AvoidanceSpyware/Adware Avoidance
Modify online behavior such as:Modify online behavior such as:
Being wary when downloading and installing Being wary when downloading and installing freeware or sharewarefreeware or shareware
Closing any unexpected or unfamiliar dialog Closing any unexpected or unfamiliar dialog boxes using the close button (X)boxes using the close button (X)
Change your browser security settings to Change your browser security settings to prevent the unauthorized download and prevent the unauthorized download and installation of ActiveX controlsinstallation of ActiveX controls
Delete spam without opening itDelete spam without opening it
Privacy CountermeasuresPrivacy Countermeasures
Never click on links inside pop-up windows, Never click on links inside pop-up windows, even if the link says even if the link says Close. Close. Use the Close Use the Close button on the title bar to close the windowbutton on the title bar to close the window
Activate or install browser anti-pop-up window Activate or install browser anti-pop-up window featuresfeatures
Install software developed to detect, remove, and Install software developed to detect, remove, and block adware and spywareblock adware and spyware
Microsoft offers a free beta (trial) version of its Microsoft offers a free beta (trial) version of its AntiSpyware program, Windows DefenderAntiSpyware program, Windows Defender
Internet Explorer 7 includes a built-in pop-up Internet Explorer 7 includes a built-in pop-up window blocker that is activated by defaultwindow blocker that is activated by default
Privacy CountermeasuresPrivacy Countermeasures
Proposed legislation would criminalize the Proposed legislation would criminalize the installation of spyware without the express installation of spyware without the express approval of computer ownersapproval of computer owners
Privacy CountermeasuresPrivacy Countermeasures
Spyware Doctor Adware and Spyware Spyware Doctor Adware and Spyware Removal ProgramRemoval Program
Privacy CountermeasuresPrivacy Countermeasures
Cookie BlockingCookie Blocking
Internet Explorer 7 browser’s custom privacy Internet Explorer 7 browser’s custom privacy settings allow users to enable different levels of settings allow users to enable different levels of cookie managementcookie management
Can range from accepting all cookies to Can range from accepting all cookies to blocking all cookiesblocking all cookies
Blocking all cookies can disable some Blocking all cookies can disable some functionality and user may not be able to have functionality and user may not be able to have a customized experiencea customized experience
Privacy CountermeasuresPrivacy Countermeasures
Can create custom settings for a particular siteCan create custom settings for a particular site
Changing privacy settings does not affect cookies Changing privacy settings does not affect cookies that are already stored on the system; user should that are already stored on the system; user should delete existing cookies to ensure new settings delete existing cookies to ensure new settings affect all cookiesaffect all cookies
Privacy CountermeasuresPrivacy Countermeasures
Internet Explorer Internet Explorer Custom Privacy Custom Privacy SettingsSettings
Privacy CountermeasuresPrivacy Countermeasures
Inappropriate ContentInappropriate Content
No single standardNo single standard
Nature of Internet makes it difficult for people to Nature of Internet makes it difficult for people to avoid seeing material that they feel is avoid seeing material that they feel is inappropriateinappropriate
Impossible for Web site and chat room operators Impossible for Web site and chat room operators to verify the age of people viewing their materialto verify the age of people viewing their material
Privacy CountermeasuresPrivacy Countermeasures
Parental Control SoftwareParental Control Software
Enables parents to control the Internet content Enables parents to control the Internet content their children can accesstheir children can access
Parents can also control activitiesParents can also control activities
File downloading or sharingFile downloading or sharing
Instant messagingInstant messaging
GamesGames
Parents can set time limits and access an Parents can set time limits and access an Internet logInternet log
Privacy CountermeasuresPrivacy Countermeasures
Windows Vista comes with built-in parental controls
Allow access to only specified Web sites
Block file downloads
Control times when specific accounts can log on to Windows
Disallow the account access to Web sites except for specific sites
Privacy CountermeasuresPrivacy Countermeasures
Privacy CountermeasuresPrivacy CountermeasuresReviewReview
What are the different ways that Internet Explorer What are the different ways that Internet Explorer can be configured to block cookies?can be configured to block cookies?
What measures can Internet users undertake to What measures can Internet users undertake to reduce the amount of spam they receive?reduce the amount of spam they receive?
What can Internet users do to avoid unwanted What can Internet users do to avoid unwanted adware and spyware programs?adware and spyware programs?