chapter 3 ensuring internet security

Chapter 3Chapter 3Ensuring Internet SecurityEnsuring Internet Security

Learning ObjectivesLearning Objectives

Differentiate between the different types of malware.Differentiate between the different types of malware.

Explain how antivirus programs work.Explain how antivirus programs work.

Examine how a firewall works.Examine how a firewall works.

Explain the role service patches and updates play in Explain the role service patches and updates play in maintaining computer security.maintaining computer security.

Explain phishing and 419 scams.Explain phishing and 419 scams.

Compare and contrast DoS, DDoS, and brute force Compare and contrast DoS, DDoS, and brute force attacks.attacks.

Learning ObjectivesLearning Objectives

Change Internet Explorer security settings.Change Internet Explorer security settings.

Summarize how encryption works.Summarize how encryption works.

Explain the difference between adware and spyware Explain the difference between adware and spyware and discuss the implications of each.and discuss the implications of each.

Describe how cookies work.Describe how cookies work.

Describe methods that can be used to block spam.Describe methods that can be used to block spam.

Explain the procedures designed to avoid adware Explain the procedures designed to avoid adware and spyware.and spyware.

Chapter FocusChapter Focus

MalwareMalware

Malware CountermeasuresMalware Countermeasures

Cyber CrimeCyber Crime

Cyber Crime CountermeasuresCyber Crime Countermeasures

Threats to PrivacyThreats to Privacy

Privacy CountermeasuresPrivacy Countermeasures

MalwareMalware

Any program or Any program or computer codecomputer codedeliberately deliberately designed to harm designed to harm any portion of a any portion of a computer systemcomputer system

Microsoft Decision Tree

MalwareMalware

VirusesViruses

A self-replicating form of malwareA self-replicating form of malware

Spread from computer to computer using another Spread from computer to computer using another file or program as a hostfile or program as a host

When virus is executed, its When virus is executed, its payloadpayload is released — is released — the malicious action is performedthe malicious action is performed

Data corruption or deletionData corruption or deletion

Information theftInformation theft

Consumed system resourcesConsumed system resources

MalwareMalware

WormsWorms

Spreads through network connections without the Spreads through network connections without the need for a host programneed for a host program

Computer Emergency Response Team (CERT Computer Emergency Response Team (CERT Coordination Center)Coordination Center)

Coordinates efforts to deal with threats to Coordinates efforts to deal with threats to computer security and to build security issue computer security and to build security issue awareness among Internet usersawareness among Internet users

www.cert.orgwww.cert.org is a valuable source of is a valuable source of information on the latest computer security information on the latest computer security threatsthreats

http://www.cert.org/

MalwareMalware

CERT/CC Home Page

MalwareMalware

Trojan HorsesTrojan Horses

Disguises itself as a harmless or legitimate Disguises itself as a harmless or legitimate program to persuade people to download and program to persuade people to download and run itrun it

Does not need to self-replicate like a virus or Does not need to self-replicate like a virus or wormworm

When executed, the file is able to unleash its When executed, the file is able to unleash its payloadpayload

MalwareMalwareReviewReview

What are the key distinguishing characteristics of What are the key distinguishing characteristics of viruses, worms, and Trojan horses?viruses, worms, and Trojan horses?

What is a backdoor payload?What is a backdoor payload?

What is a malware payload?What is a malware payload?


Antivirus ProgramsAntivirus Programs

Scans computers or computer systems to detect Scans computers or computer systems to detect any malware that may be presentany malware that may be present

Most offer proactive software for prevention of Most offer proactive software for prevention of malwaremalware

Very popular antivirus programsVery popular antivirus programs

Norton AntivirusNorton Antivirus

PC-CillinPC-Cillin

McAfee VirusScanMcAfee VirusScan

Antivirus Program Download PageAntivirus Program Download Page


Antivirus ProgramsAntivirus Programs

3 options when an infected file is found3 options when an infected file is foundClean the file, delete the file, quarantine the fileClean the file, delete the file, quarantine the file

Online Antivirus Scanning


Windows Vista includes a System Restore Windows Vista includes a System Restore functionfunction

Allows user to revert the computer settings Allows user to revert the computer settings from a previous point in timefrom a previous point in time

Can allow viruses to remain in backup files Can allow viruses to remain in backup files where they cannot be cleaned or deleted by where they cannot be cleaned or deleted by antivirus programsantivirus programs


Disabling Windows Disabling Windows Vista System Vista System Restore FunctionRestore Function


Signature ScanningSignature Scanning

Virus SignatureVirus Signature

A string of binary code unique to a particular virusA string of binary code unique to a particular virus

Drawbacks to signature scanningDrawbacks to signature scanning

Polymorphic viruses change with each replicationPolymorphic viruses change with each replication

Ineffective against new viruses for which Ineffective against new viruses for which signature updates do not yet existsignature updates do not yet exist

Signature scanning is reactive rather than Signature scanning is reactive rather than preventivepreventive


Heuristic ScanningHeuristic Scanning

Looks for general malware characteristics Looks for general malware characteristics

Relies on previous experience or knowledgeRelies on previous experience or knowledge

Can produce false positives and negativesCan produce false positives and negatives

Requires periodic updates to ensure that the Requires periodic updates to ensure that the catalog of suspicious characteristics is up-to-datecatalog of suspicious characteristics is up-to-date


Behavior BlockingBehavior Blocking

Looks for typical malware behaviorsLooks for typical malware behaviors

Attempts to change computer settingsAttempts to change computer settings

Opening and/or alteration of filesOpening and/or alteration of files

Network communications initiationNetwork communications initiation

Attempts to open computer portsAttempts to open computer ports


FirewallsFirewalls

Hardware or software barrier located between the Hardware or software barrier located between the Internet and a computer or computer networkInternet and a computer or computer network

Filters data arriving through the InternetFilters data arriving through the Internet

Use a proxy server to handle page and data Use a proxy server to handle page and data requests to add another level of threat protectionrequests to add another level of threat protection


FirewallsFirewalls

Microsoft VistaMicrosoft Vistafeatures a softwarefeatures a softwarefirewall that can befirewall that can beenabled by usersenabled by users


Service Patches and UpdatesService Patches and Updates

Released by Released by Microsoft for Microsoft for Windows operating Windows operating system versionssystem versions

To repair system To repair system vulnerabilities when vulnerabilities when discovereddiscovered

The default Windows VistaThe default Windows Vistaconfiguration periodicallyconfiguration periodicallychecks for new security patches or updates, then checks for new security patches or updates, then automatically downloads and installs themautomatically downloads and installs them


Password ProtectionPassword Protection

To ensure that To ensure that unauthorized parties unauthorized parties do not obtain access do not obtain access to your confidential to your confidential datadata

Especially important Especially important if you share your if you share your computer with others computer with others or if you are on a or if you are on a networknetwork

Malware CountermeasuresMalware CountermeasuresReviewReview

What can be done to protect your computer against What can be done to protect your computer against malware?malware?

What are the different methods that antivirus What are the different methods that antivirus programs use to detect malware?programs use to detect malware?

What does a firewall do?What does a firewall do?


Refers to crimes committed using the InternetRefers to crimes committed using the Internet

Several techniques of cyber crime:Several techniques of cyber crime:

PhishingPhishing

419 Scams419 Scams

Denial-of-Service (DoS) AttacksDenial-of-Service (DoS) Attacks

Brute Force AttacksBrute Force Attacks


PhishingPhishing

Online scammer sends a user an e-mail that Online scammer sends a user an e-mail that appears to be from a legitimate and well-known appears to be from a legitimate and well-known company to try to trick the user into sending company to try to trick the user into sending confidential informationconfidential information

Current phishing attacks are estimated to have a Current phishing attacks are estimated to have a 3% success rate3% success rate


Spoofed eBay E-mailSpoofed eBay E-mail


419 Scams419 Scams

Advanced fee fraudAdvanced fee fraud

Majority of crime originates in NigeriaMajority of crime originates in Nigeria

Victim receives an e-mail asking to front some Victim receives an e-mail asking to front some money to help smuggle a large amount of money money to help smuggle a large amount of money out of the country in exchange for a percentage out of the country in exchange for a percentage of the smuggled moneyof the smuggled money


419 Scam E-mail419 Scam E-mail


Denial-of-Service (DoS) AttacksDenial-of-Service (DoS) Attacks

Paralyze computer networks by bombarding them Paralyze computer networks by bombarding them with traffic in the form of packets of useless with traffic in the form of packets of useless informationinformation

Goal is to deny services to opposition based on Goal is to deny services to opposition based on economic or political reasons, or just for funeconomic or political reasons, or just for fun

Past victimsPast victims

Microsoft, U.S. Government, Yahoo, Amazon, Microsoft, U.S. Government, Yahoo, Amazon, CNN.comCNN.com


Brute force attacksBrute force attacks

Aims to overcome a password-protected Aims to overcome a password-protected computer or network by systematically trying computer or network by systematically trying different combinations of letters and numbersdifferent combinations of letters and numbers

Users should use effective passwordsUsers should use effective passwords

Not simple or easily deduced words or number Not simple or easily deduced words or number combinationscombinations

Cyber CrimeCyber CrimeReviewReview

How would you define cyber crime?How would you define cyber crime?

What are some of the different types of cyber crime?What are some of the different types of cyber crime?

What is spoofing, and what role does it play in cyber What is spoofing, and what role does it play in cyber crime?crime?


Additional tools are needed to protect against cyber Additional tools are needed to protect against cyber crimecrime

Tailored security settings in Internet ExplorerTailored security settings in Internet Explorer

Encryption to authenticate and protect Encryption to authenticate and protect communications including confidential communications including confidential transactionstransactions


Internet Explorer Security SettingsInternet Explorer Security Settings

Enables users to assign Web sites to different Enables users to assign Web sites to different Web content security zones depending on how Web content security zones depending on how trusted the sites aretrusted the sites are

LowLow

Medium-LowMedium-Low

Medium (recommended)Medium (recommended)

HighHigh

The higher the security level, the moreThe higher the security level, the morerestrictive it isrestrictive it is


Internet Internet Explorer Explorer Security Security SettingsSettings

level slider


File Download Warning MessageFile Download Warning Message


Encryption and AuthenticationEncryption and Authentication

EncryptionEncryption

Refers to the process of using an algorithm to Refers to the process of using an algorithm to scramble text or data into an unreadable scramble text or data into an unreadable format that cannot be unscrambled without the format that cannot be unscrambled without the use of a keyuse of a key

AuthenticationAuthentication

Refers to the process of verificationRefers to the process of verification


Symmetric Encryption/Asymmetric EncryptionSymmetric Encryption/Asymmetric Encryption

Symmetric encryptionSymmetric encryption

Message sender and recipient both use the Message sender and recipient both use the same private key to encrypt and decrypt same private key to encrypt and decrypt communicationcommunication

Asymmetric encryptionAsymmetric encryption

Uses paired private and public keys to encrypt Uses paired private and public keys to encrypt and decrypt dataand decrypt data


Digital CertificatesDigital Certificates

Provides a means of verifying that a public key Provides a means of verifying that a public key belongs to the person who claims to own itbelongs to the person who claims to own it

Personal Certificate contains at least:Personal Certificate contains at least:

Public key owner’s namePublic key owner’s name

Expiration dateExpiration date

Name of the Certification Authority (CA) that Name of the Certification Authority (CA) that issued the certificateissued the certificate

Serial numberSerial number

Digital signature for the CADigital signature for the CA


Digital Digital CertificateCertificate

public keyowner’s name

CA that issuedthe certificate

expiration date


Digital Certification Digital Certification Online ApplicationOnline Application


Digital SignaturesDigital Signatures

Uses encryption to help a message recipient Uses encryption to help a message recipient confirm that:confirm that:

A digitally signed message originates from the A digitally signed message originates from the person claiming to have sent it person claiming to have sent it

The message contents have not been alteredThe message contents have not been altered

HashingHashing

Contents of a message are reduced to a Contents of a message are reduced to a message digestmessage digest


Secure Sockets Layer (SSL) ProtocolSecure Sockets Layer (SSL) Protocol

Ensures the security of confidential information Ensures the security of confidential information such as that for financial transactions conducted such as that for financial transactions conducted over the Internetover the Internet

URL will begin with URL will begin with httpshttps during a secure during a secure connectionconnection

Internet Explorer displays a closed padlock icon Internet Explorer displays a closed padlock icon at right end of the browser window status barat right end of the browser window status bar


httpsprotocol

padlock icon


Biometric AuthenticationBiometric Authentication

Uses biological features to verify identityUses biological features to verify identity

FingerprintsFingerprints

SpeechSpeech

Iris patternsIris patterns

Current fingerprint scanners are not foolproofCurrent fingerprint scanners are not foolproof

Cyber Crime CountermeasuresCyber Crime CountermeasuresReviewReview

How can using Internet Explorer security zones How can using Internet Explorer security zones protect a computer or network?protect a computer or network?

How does asymmetric encryption work?How does asymmetric encryption work?

What is the process of creating a digital signature?What is the process of creating a digital signature?


SpamSpam

Adware/SpywareAdware/Spyware

CookiesCookies

Inappropriate ContentInappropriate Content


SpamSpam

Online equivalent of the junk mail delivered by Online equivalent of the junk mail delivered by the U.S. Postal Servicethe U.S. Postal Service

Spammers find e-mail addresses by:Spammers find e-mail addresses by:

Combining through newsgroups and chat Combining through newsgroups and chat roomsrooms

Checking Web sitesChecking Web sites

Using software that gathers name lists from Using software that gathers name lists from ISP directoriesISP directories

Using pop-up Using pop-up ads that say ads that say user has won a prizeuser has won a prize


Adware/SpywareAdware/Spyware

Adware – Advertising Supported SoftwareAdware – Advertising Supported Software

Often included in shareware and freeware Often included in shareware and freeware softwaresoftware

Fee paid by adware advertisers helps pay for Fee paid by adware advertisers helps pay for shareware and freeware costsshareware and freeware costs

SpywareSpyware

Used to gather user information without their Used to gather user information without their knowledgeknowledge

Usually promise not to identify usersUsually promise not to identify users

Impossible to verifyImpossible to verify


CookiesCookies

Very small text files placed on a computer so Very small text files placed on a computer so Web site servers can recognize previous visitors Web site servers can recognize previous visitors to customize viewing experienceto customize viewing experience

Not a programNot a program

Temporary or session cookiesTemporary or session cookies

Deleted when browser is closedDeleted when browser is closed

Persistent cookiesPersistent cookies

Remain even after browser is closedRemain even after browser is closed


CNN Weather CNN Weather Information Information Preference Preference

CookieCookie

cookie text

Threats to PrivacyThreats to PrivacyReviewReview

What is spam, and how do spammers find e-mail What is spam, and how do spammers find e-mail addresses to send spam to?addresses to send spam to?

What is the difference between adware and What is the difference between adware and spyware?spyware?

How do cookies work?How do cookies work?


Spam Blocking MethodsSpam Blocking Methods

A lot of spam can be avoided by being carefulA lot of spam can be avoided by being careful

Never buying a product advertised in a spam Never buying a product advertised in a spam messagemessage

Never reply to a spam messageNever reply to a spam message

Do not forward chain letters or mass mailingsDo not forward chain letters or mass mailings

Be careful when subscribing to anything, and Be careful when subscribing to anything, and check for a privacy statementcheck for a privacy statement

Avoid Web sites without privacy policies, and look Avoid Web sites without privacy policies, and look for check boxes placing you on mailing lists or for check boxes placing you on mailing lists or making your e-mail addresses available to making your e-mail addresses available to advertisersadvertisers


Do not post your e-mail address in InternetDo not post your e-mail address in Internete-mail directoriese-mail directories

Set up a free mail service e-mail address, Set up a free mail service e-mail address, such as Hotmail or Yahoo, and use it for such as Hotmail or Yahoo, and use it for Internet transactions to protect your normalInternet transactions to protect your normale-mail addresse-mail address

Disable automatic image downloading in Disable automatic image downloading in HTML e-mailHTML e-mail

Install spam filtering softwareInstall spam filtering software

Must be updated periodically to maintain Must be updated periodically to maintain effectivenesseffectiveness


Spyware/Adware AvoidanceSpyware/Adware Avoidance

Modify online behavior such as:Modify online behavior such as:

Being wary when downloading and installing Being wary when downloading and installing freeware or sharewarefreeware or shareware

Closing any unexpected or unfamiliar dialog Closing any unexpected or unfamiliar dialog boxes using the close button (X)boxes using the close button (X)

Change your browser security settings to Change your browser security settings to prevent the unauthorized download and prevent the unauthorized download and installation of ActiveX controlsinstallation of ActiveX controls

Delete spam without opening itDelete spam without opening it


Never click on links inside pop-up windows, Never click on links inside pop-up windows, even if the link says even if the link says Close. Close. Use the Close Use the Close button on the title bar to close the windowbutton on the title bar to close the window

Activate or install browser anti-pop-up window Activate or install browser anti-pop-up window featuresfeatures

Install software developed to detect, remove, and Install software developed to detect, remove, and block adware and spywareblock adware and spyware

Microsoft offers a free beta (trial) version of its Microsoft offers a free beta (trial) version of its AntiSpyware program, Windows DefenderAntiSpyware program, Windows Defender

Internet Explorer 7 includes a built-in pop-up Internet Explorer 7 includes a built-in pop-up window blocker that is activated by defaultwindow blocker that is activated by default


Proposed legislation would criminalize the Proposed legislation would criminalize the installation of spyware without the express installation of spyware without the express approval of computer ownersapproval of computer owners


Spyware Doctor Adware and Spyware Spyware Doctor Adware and Spyware Removal ProgramRemoval Program


Cookie BlockingCookie Blocking

Internet Explorer 7 browser’s custom privacy Internet Explorer 7 browser’s custom privacy settings allow users to enable different levels of settings allow users to enable different levels of cookie managementcookie management

Can range from accepting all cookies to Can range from accepting all cookies to blocking all cookiesblocking all cookies

Blocking all cookies can disable some Blocking all cookies can disable some functionality and user may not be able to have functionality and user may not be able to have a customized experiencea customized experience


Can create custom settings for a particular siteCan create custom settings for a particular site

Changing privacy settings does not affect cookies Changing privacy settings does not affect cookies that are already stored on the system; user should that are already stored on the system; user should delete existing cookies to ensure new settings delete existing cookies to ensure new settings affect all cookiesaffect all cookies


Internet Explorer Internet Explorer Custom Privacy Custom Privacy SettingsSettings


Inappropriate ContentInappropriate Content

No single standardNo single standard

Nature of Internet makes it difficult for people to Nature of Internet makes it difficult for people to avoid seeing material that they feel is avoid seeing material that they feel is inappropriateinappropriate

Impossible for Web site and chat room operators Impossible for Web site and chat room operators to verify the age of people viewing their materialto verify the age of people viewing their material


Parental Control SoftwareParental Control Software

Enables parents to control the Internet content Enables parents to control the Internet content their children can accesstheir children can access

Parents can also control activitiesParents can also control activities

File downloading or sharingFile downloading or sharing

Instant messagingInstant messaging

GamesGames

Parents can set time limits and access an Parents can set time limits and access an Internet logInternet log


Windows Vista comes with built-in parental controls

Allow access to only specified Web sites

Block file downloads

Control times when specific accounts can log on to Windows

Disallow the account access to Web sites except for specific sites

Privacy CountermeasuresPrivacy CountermeasuresReviewReview

What are the different ways that Internet Explorer What are the different ways that Internet Explorer can be configured to block cookies?can be configured to block cookies?

What measures can Internet users undertake to What measures can Internet users undertake to reduce the amount of spam they receive?reduce the amount of spam they receive?

What can Internet users do to avoid unwanted What can Internet users do to avoid unwanted adware and spyware programs?adware and spyware programs?

chapter 3 ensuring internet security

Technology