Internet Security - PowerPoint PPT Presentation

1 / 42
About This Presentation
Title:

Internet Security

Description:

Caused MySpace.com to shut down all services for several hours to stop the worm, ... http://namb.la/popular/tech.html. Prevention. Web Application Programmers: ... – PowerPoint PPT presentation

Number of Views:66
Avg rating:3.0/5.0
Slides: 43
Provided by: marks62
Category:

less

Transcript and Presenter's Notes

Title: Internet Security


1
Internet Security
  • Tanvi Bhadbhade
  • Kevin Burdett
  • Watson Martin
  • Michael Pieper
  • Mark Shalda
  • William Wells

2
Internet Security
  • Spam
  • Internet Viruses
  • Cross-site Scripting
  • SQL Injection
  • Identity Theft
  • Botnets

3
Spam
  • Kevin Burdett

4
History of Spam
  • Origin of the Term
  • Monty Pythons Flying Circus
  • Equates spam with something repeated to great
    annoyance
  • Originates from MUDs in the 1980s
  • The first recorded spam instance ARMM
  • March 31, 1993
  • Joel Furr first to call spam for what it was
  • Depew apologized, acknowledging the spam

5
Spam Today
  • Spam Constitutes between 65-75 of all email

6
Spam Today
7
Effects of Spam
  • Estimated costs of spam
  • 20.5 billion annually worldwide
  • Corporations spend 120 million annually
    combating spam
  • Estimated costs do not include
  • Wasted time
  • ISP incurred costs
  • Losses from scams, frauds, and phishing

8
Preventing Spam
  • Aim at minimizing transmission, processing and
    storage costs
  • Sender techniques are mostly best practices
  • Background checks, rate limiting, and port
    blocking
  • Receiver techniques
  • Heuristic or blacklist based blocking or
    filtration
  • End-user are also mostly best practices
  • Techniques we are all familiar with
  • Also includes commercial anti-spam software

9
Internet Viruses
  • Watson Martin

10
History of Internet Viruses
  • Always been around
  • Spread Slowly
  • Floppy Disk
  • Computer LANs
  • Growth of Internet and Technology
  • Spread more quickly
  • Harder to detect

11
Current Status of Internet Viruses
  • Not only can they now spread more quickly
  • Viruses are better constructed
  • Take advantage of internet
  • Dynamic Updates
  • New deadly code
  • Take advantage of popular software
  • Microsoft

12
Effects of Internet Viruses
  • Benign Viruses
  • Just plain annoying
  • Change display, random sounds, etc..
  • Disrupt work
  • Destructive Viruses
  • Major damage
  • Hog disk space, use processing time, raise
    conflicts
  • Very costly

13
Effects of Internet Viruses
Source Computer Economics, January 2002
14
Preventing Internet Viruses
  • Training and education is important
  • Actions have risks
  • Dont download random software
  • Dont open odd email attachments
  • Antivirus software comes next
  • Can detect a broad range of viruses
  • Should be updated regularly

15
Cross-site Scripting
  • William Wells

16
Web Server Vulnerabilities
  • Cross-site scripting (XSS) and SQL injections
    have greatly increased in recent years, more than
    any other listed vulnerability.

17
What is Cross-Site Scripting?
Exploiting flaws by embedding scripting
elements within the returned content of dynamic
web pages without the knowledge of the sites
visitors or administrators (Ollmann).
Session Hijacking Browser vulnerabilities Upload
malware
18
A Little Bit of History
  • JS.Spacehero worm
  • or Samy worm
  • - October 4, 2005
  • - Used JavaScript and AJAX (Asynchronous
    JavaScript and XML)
  • Over 1,000,000 friends in less than 20 hours
  • Caused MySpace.com to shut down all services for
    several hours to stop the worm, but still left
    many users with Samy as their hero.

19
http//namb.la/popular/tech.html
20
Prevention
  • Web Application Programmers
  • Proper filtration on user-supplied data All
    non-alphanumeric client-supplied data should be
    converted to HTML character entities before being
    redisplayed to a client. For example, the less
    than character ( lt ) would be converted to lt
    (Spett).
  • For Users
  • Disable scripting languages. (not very
    reasonable)
  • Disallow executing any script from domains other
    than the one it is visiting (Spett).
  • Be prudent with the links you clicks.

21
SQL Injection
  • Michael Pieper

22
The Vulnerability
  • Embedded language
  • Application forming queries
  • Unverified inputs
  • Assumptions
  • Correct type
  • Correct format

23
The Threat
  • Application manipulated
  • Malicious user gains control
  • Breaking authentication schemes
  • Extracting unauthorized information
  • Manipulating database structure

24
Examples
statement "SELECT FROM users WHERE name '"
userName "'" setting the "userName"
variable as a' or 't''t renders this SQL
statement by the parent language SELECT FROM
users WHERE name 'a' or 't''t'
25
Prevention
  • Input Validation
  • Database security features
  • Stored procedures
  • Limited permissions
  • Careful error messages
  • Automated injection applications

26
Identity Theft
  • Tanvi Bhadbhade

27
Definition
  • Identity theft is the assumption of another
    person's financial identity through the use of
    the victim's identifying information.
  • The information can include
  • social security number
  • credit card numbers
  • checking account information.

28
History
  • Initially considered a tool to a commit a crime.
  • But telecommunication and computing technologies
    became very powerfulled to a large number of
    identity thefts in the 1990s.
  • Identity Theft and Assumption Deterrance Act.
  • Makes unlawful posession of identification
    documents a federal crime.

29
  • Crime ware spreading websites detected in
    February shattered the previous record in June
    2006 by 6.

30
Crime ware Hosting By Different Countries
  • China recently overtook the US becoming the
    country with the largest number of crime ware
    spreading websites.

31
Drop In The Number Of Phishing Reports In
February By 6000.
32
Phishing
  • Phishing attacks use social engineering and
    technical subterfuge to steal identities.
  • Social Engineering
  • Malware Based Phishing
  • Keyloggers, Screenloggers.
  • Session hijacking, Host file poisoning.
  • Pharming
  • Content Injection Phishing (cross site scripting)

33
Effects
  • Impacts both consumers and the corporate brands-
    direct monetary loss for consumers for
    corporations rising cost of prevention and
    remediation, soft costs of brand erosion and
    undermined consumer trust.
  • According to the Federal Trade Commissions
    Survey 27.3 million Americans have been victims
    of identity theft in the past 5 years.
  • For businesses and financial institutions, last
    years losses totaled about 48 billion.
  • The Phishing Market

34
Prevention
  • User Education.
  • Organizations.
  • Browser enhancements.

35
Botnets
  • Mark Shalda

36
Botnet History
  • Non-malicious intent
  • Offering services through IRC Channels
  • IRC Wars of 1993
  • DDoS (Distributed Denial-of-service) attacks

37
Botnet Status
  • Always-on connections
  • New OS versions and patches
  • Rising awareness

38
Botnet Workings
39
Botnet Status
2006-07 Botnet Stats
40
Botnet Effects
  • Attacks DDoS, Spamming, Pirating, Information
    Collecting
  • Computing delays
  • Government Misidentification

41
Botnet Prevention
  • General education
  • Regular OS patching
  • Using and updating anti-virus
  • Computer activity monitoring
  • Reactive plan

42
Questions?
  • Spam
  • Internet Viruses
  • Cross-site Scripting
  • SQL Injection
  • Identity Theft
  • Botnets
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Internet Security" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!