The InternetIllustrated Introductory, Fourth Edition

1
The InternetIllustrated Introductory, Fourth
Edition

• Unit I
• Increasing Web Security

2
U n i t O b j e c t i v e s

• Understand security threats on the Internet
• Minimize security risks on the Internet
• Strengthen security in Internet Explorer
• Strengthen security in Firefox
• Check security features on a Web Site

3
U n i t O b j e c t i v e s

• Understand cookies
• Manage cookies in Internet Explorer
• Manage cookies in Firefox
• Protect e-mail from viruses and interception

4
Understand Security Threats on the Internet

• Data Confidentiality
• Web sites that include forms in which users
  supply personal information need security
  features in place
• otherwise, submitting this personal information
  over the Web is as secure as sending the same
  information on a postcard
• Sniffer Programs
• a packet sniffer (sniffer program) can monitor
  and analyze data packets
• used illegally, a packet sniffer can capture user
  names, passwords, and other personal information

5
Understand Security Threats on the Internet

• Spoofing
• Web sites that look like they belong to one
  organization but actually belong to someone else
  are spoofed
• The URL in the Address or Location bar often
  starts with the name of the company (such as
  www.ebay.com)
• The underlying IP address, however, does not
  match the real one that belongs to the company
  being spoofed

6
Understand Security Threats on the Internet

• Phishing
• occurs when an individual pretends to be a
  familiar organization or institution
• the phisher sends e-mail messages to people
  asking them to click a link to update or
  confirm personal information
• this information is stolen by the phisher
• phishers use spoofed sites to make their victims
  believe that they are visiting the organizations
  real Web site
• Pharming
• a form of phishing
• users are redirected to a spoofed site without
  their knowledge or consent and without clicking a
  link in an e-mail message

7
Understand Security Threats on the Internet

• Port scan
• occurs when a computer tests all or some of the
  ports on another computer to determine whether
  its ports are open, closed, or stealth
• Viruses, worms, and Trojan horses
• programs that run on your computer without your
  permission and perform undesired tasks, such as
  deleting the contents of your hard disk
• Scripts, ActiveX controls, and Java applets
• programs that Web pages can download to your
  computer and run
• used by Web page designers to enrich and
  personalize a users interaction with a Web page
• can also be written with malicious intent to
  destabilize other programs and risking data loss

8
Clues to Use

• Brute force attack
• occurs when someone uses a program to enter
  character combinations until a system accepts
  them
• one example is the correct combination of a user
  name and password to a site that requires a log
  in
• another example is combinations of numbers to a
  Web site that accepts credit card payments until
  the site accepts a valid credit card number
• Some systems send a warning to the computers
  operator or lock out a user name when someone
  attempts to log in to a system a predetermined
  number of times without succeeding
• How to avoid?
• create and use passwords with a combination of
  upper and lower case letters and numbers
• avoid using the same password for multiple logins

9
Minimize Security Risks on the Internet

• Countermeasures
• procedures, programs, and hardware that detect
  and prevent each type of computer security threat

10
Minimize Security Risks on the Internet

• Encryption
• process of scrambling and encoding data
  transmissions using a mathematically-based
  program
• data is unreadable except by the person with the
  key

11
Minimize Security Risks on the Internet

• Digital certificate
• an encrypted and password-protected file that
  contains information to authenticate and prove a
  persons or organizations identity
• usually, a digital certificate contains
• the certificate holders name
• the certificate holders address
• the certificate holders e-mail address
• a key
• the certificates expiration date or validity
  period
• a certificate authority (CA)

12
Minimize Security Risks on the Internet
Processing a certificate
13
Minimize Security Risks on the Internet

• Secure Sockets Layer (SSL) protocol
• used by many Web sites that process financial
  transactions to protect sensitive information as
  it travels over the Internet
• Web pages that use SSL
• are encrypted
• have URLs that begin with https//
• the s indicates a secure connection
• indicate that the page is secure by an icon on
  the browser status bar (usually a closed padlock)
• Web sites that use SSL have a server certificate
  that users can access to authenticate its
  validity

14
Minimize Security Risks on the Internet

• User identification
• the process of identifying a user to a computer
• used by Web sites that let returning customers
  log on to an account that they have created on
  the server
• most systems implement use a combination of a
  user name and password, called a login
• User authentication
• the process of associating a person and his
  identification with a very high level of
  assurance
• one method is to ask one or more questions to
  which only the authentic user could know the
  correct answers

15
Minimize Security Risks on the Internet

• Firewall
• a software program or hardware device that
  controls access between two networks, such as a
  local area network and the Internet or the
  Internet and a computer
• controls port scans and other incoming traffic by
  rejecting it unless it is configured to accept
  the traffic

16
Strengthen Security in Internet Explorer/Firefox

• Java applet
• a program written in the Java programming
  language that can execute and consume a
  computers resources
• JavaScript program
• instructions written in the JavaScript
  programming language that can send information to
  another computer over the Internet
• ActiveX controls
• Microsofts technology for writing small
  applications that perform some action in Web
  pages, and have full access to a computers file
  system

17
Strengthen Security in Internet Explorer

• Most Java applets, JavaScript programs, and
  ActiveX controls are beneficial, but you should
  protect your computer from potential attacks.
• The simplest strategy is to prevent these
  programs from running
• Click Tools, Internet Options, Security to change
  security settings

18
Strengthen Security in Firefox

• Most Java applets, JavaScript programs, and
  ActiveX controls are beneficial, but you should
  protect your computer from potential attacks.
• The simplest strategy is to prevent these
  programs from running
• Click Tools, Options, Web Features to change
  security settings

19
Check Security Features on a Web Site

• Double-click closed padlock on browser status bar
• Dialog box that opens indicates
• indicates the certificates owner
• indicates whether the Web site is verified
• might indicate whether the page is encrypted
• might indicate the certificates valid dates
• might indicate the purpose of the certificate
• To see information about the Web sites digital
  certificate
• In Internet Explorer, click the Details tab
• In Firefox, click View

20
Understand Cookies

• Cookie
• a small text file that a Web site stores on your
  computer
• stores information about your clickstream
• can only store information that you provide to
  the Web site that creates it
• some silently record behavior without your
  consent
• Only the Web site that stored the cookie on your
  hard drive can read it

21
Understand Cookies

• Web bug (clear GIF or transparent GIF)
• a small (one pixel), hidden graphic on a Web page
  or in an e-mail message
• designed to work in conjunction with a cookie to
  obtain information about the person viewing the
  page or e-mail message
• sends the collected information to a third party
• Simply downloading the clear GIF file can
  identify
• your IP address
• the Web site you last visited
• other information about your use of the site in
  which the clear GIF has been embedded
• record all of this information in a cookie

22
Understand Cookies
Web bug
23
Understand Cookies

• Adware
• software that includes advertisements to help pay
  for the product in which they appear
• usually does not cause any security threats
  because
• the user is aware of the ads
• the parties responsible for including them are
  clearly identified in the programs
• Spyware
• adware in which the user has little control over
  or knowledge of the ads and other monitoring
  features it contains
• some programs include spyware to track your use
  of the program and the Internet or to collect
  data about you
• some companies provide information to users about
  spyware, but many do not

24
Manage Cookies in Internet Explorer/Firefox

• You can prevent cookies from being saved on your
  computer
• this eliminates problems with cookie misuse
• this also blocks access to some Web sites that
  rely on cookies for basic information about your
  preferences
• You can change the settings in your browser to
  distinguish between types of cookies by
• blocking more intrusive cookies, and
• allowing harmless cookies
• having your browser to warn you when a Web site
  attempts to create a cookie file

25
Clues to Use

• To customize the Pop-up Blocker in Internet
  Explorer
• Click Tools, Internet Options, Privacy
• Click the Block pop-ups check box in the Pop-up
  Blocker section
• To specify on which sites pop-ups are allowed to
  appear in Internet Explorer
• Click Tools, Internet Options, Settings
• Type the URL in the Address of Web site to allow
  text box
• Click Add

26
Clues to Use

• To customize how Firefox blocks pop-ups
• Click Tools, Options, Web Features
• Click the Block Popup Windows check box
• To specify on which sites pop-ups are allowed to
  appear in Firefox
• Click Tools, Options, Web Features
• Click Allowed Sites
• Type the URL in the Address of web site text box
• Click Allow

27
Protect E-Mail from Viruses and Interception

• Limit your exposure to destructive programs
  carried by e-mail by
• installing anti-virus programs to protect your
  computer
• verifying that your attachments are safe before
  you open them
• encrypt your outgoing e-mail messages

28
Protect E-Mail from Viruses and Interception

• Anti-virus Software
• can block damage from any viruses, worms, or
  Trojan horses that you might receive by e-mail
• can keep these programs from using your e-mail
  program to reproduce
• is often available for free at colleges and
  universities
• After you install anti-virus software, run
  regular updates to keep the anti-virus protection
  up-to-date

29
Protect E-Mail from Viruses and Interception

• Handling E-Mail Attachments
• Dont save or open attachments from anyoneeven
  people you know wellwithout scrutinizing the
  e-mail message first.
• Attachments ending with .exe are program files
• Opening them runs the program on your computer
  with unknown consequences.
• Be sure you know what a program will do and that
  youre certain of the senders identity before
  opening it.
• Make sure the accompanying e-mail message makes
  sense and is specific to you
• If the message is short and general, even if its
  from a friend, it might be a worms trick to get
  you to open the attachment.

30
Protect E-Mail from Viruses and Interception

• Encryption Software
• e-mail encryption scrambles a messages contents
  in a way that can only be decoded by the intended
  recipient
• a packet sniffer can not be used to illegally
  intercept the contents of encrypted e-mail
  messages
• Use encryption software for e-mail if you use
  e-mail to send sensitive information, such as
  sensitive business information or financial data

31
Web Security Includes

• Understanding security threats on the Internet
• Clues to use Brute force attacks
• Minimizing security risks on the Internet
• Strengthening security in Internet Explorer
• Strengthening security in Firefox
• Checking security features on a Web Site

32
Web Security Includes (cont.)

• Understanding cookies
• Managing cookies in Internet Explorer/Firefox
• Clues to use Customize pop-up blocking in
  Internet Explorer
• Clues to use Customizing pop-up blocking in
  Firefox
• Protecting e-mail from viruses and interception

33
Terms to Use

• Port
• like a door on a computer
• permits traffic to enter and leave the computer
• Stealth port
• a port whose state is hidden

34
Terms to Use

• Key
• the mathematical code used to decrypt data
• Decrypt
• reverse the encryption of data
• Certificate authority (CA)
• an organization that verifies the certificate
  holders identity and issues the digital
  certificate
• Server certificate
• a digital certificate that authenticates a Web
  site for its users so the user can be confident
  that the Web site is not spoofed
• ensures that the transfer of data between a
  users computer and the server with the
  certificate is encrypted so that it is both
  tamper-proof and free from being intercepted

35
Terms to Use

• verified
• means that a digital certificate is on file and
  valid
• Clickstream
• the sequence of links you click while visiting a
  Web site

36
Terms to Use

• Pop-ups
• advertisements that appear in small windows in
  front of the current window
• Pop-unders
• advertisements that appear in small windows
  behind the current window