Security Awareness: - PowerPoint PPT Presentation

About This Presentation
Title:

Security Awareness:

Description:

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 3 Internet Security Objectives Explain how the World Wide Web and e-mail work ... – PowerPoint PPT presentation

Number of Views:87
Avg rating:3.0/5.0
Slides: 45
Provided by: csisPace3
Learn more at: http://csis.pace.edu
Category:

less

Transcript and Presenter's Notes

Title: Security Awareness:


1
Security Awareness  Applying Practical Security
in Your World, Second Edition
  • Chapter 3
  • Internet Security

2
Objectives
  • Explain how the World Wide Web and e-mail work
  • List the types of Web and e-mail attacks
  • Describe how to set Web defenses using a browser
  • Identify the type of defenses that can be
    implemented in order to protect e-mail

3
How the Internet Works
  • World Wide Web (WWW)
  • Composed of Internet server computers that
    provide online information
  • HTML
  • Allows Web authors to combine the following into
    a single document
  • Text, graphic images, audio, video, and hyperlinks

4
(No Transcript)
5
How the Internet Works (continued)
  • Hypertext Transport Protocol (HTTP)
  • Subset of Transmission Control Protocol/Internet
    Protocol (TCP/IP)
  • Port numbers
  • Identify what program or service on the receiving
    computer is being requested

6
(No Transcript)
7
E-Mail
  • Simple Mail Transfer Protocol (SMTP)
  • Handles outgoing mail
  • Server listens for requests on port 25
  • Post Office Protocol (POP3)
  • Responsible for incoming mail
  • POP3 listens on port 110

8
(No Transcript)
9
E-Mail (continued)
  • IMAP (Internet Mail Access Protocol, or IMAP4)
  • More advanced mail protocol
  • E-mail remains on e-mail server and is not sent
    to users local computer
  • Mail can be organized into folders on the mail
    server and read from any computer
  • E-mail attachments
  • Documents in a binary (nontext) format

10
(No Transcript)
11
Internet Attacks
  • Repurposed Programming
  • Using programming tools in ways more harmful than
    originally intended
  • JavaScript
  • Used to make dynamic content
  • Based on the Java programming language
  • Special program code embedded into HTML document
  • Virtual Machine
  • Java interpreter that is used within the Web
    browser to execute code

12
(No Transcript)
13
Repurposed Programming
  • JavaScript programs
  • Can capture and send user information without
    users knowledge or authorization
  • Java applet
  • Stored on Web server
  • Downloaded onto users computer along with HTML
    code
  • Can perform interactive animations or immediate
    calculations

14
(No Transcript)
15
Java Applet
  • Sandbox
  • Defense against hostile Java applet
  • Unsigned Java applet
  • Program that does not come from a trusted source
  • Signed Java applet
  • Has digital signature that proves program is from
    a trusted source and has not been altered

16
Active X
  • Set of technologies developed by Microsoft
  • Set of rules for how programs should share
    information
  • Security concerns
  • Users decision to allow installation of an
    ActiveX control is based on the source of the
    ActiveX control
  • A control is registered only once per computer
  • Nearly all ActiveX control security mechanisms
    are set in Internet Explorer

17
Cookies
  • Small text files stored on users hard disk by a
    Web server
  • Contain user-specific information
  • Rules of HTTP
  • Make it impossible for Web site to track whether
    a user has previously visited that site

18
Cookies (continued)
  • Cannot contain viruses or steal personal
    information
  • Only contains information that can be used by a
    Web server
  • Can pose a security risk
  • First-party cookie
  • Created from the Web site that a user is
    currently viewing

19
Trojan Horse
  • Malicious program disguised as a legitimate
    program
  • Executable programs that perform an action when
    file is opened
  • May disguise itself by using a valid filename and
    extension

20
Redirecting Web Traffic
  • Typical mistakes users make when typing Web
    address
  • Misspelling address
  • Omitting the dot
  • Omitting a word
  • Using inappropriate punctuation
  • Hackers can
  • Exploit a misaddressed Web name
  • Steal information from unsuspecting users through
    social engineering

21
Search Engine Scanning
  • Search engines
  • Important tools for locating information on the
    Internet
  • Attackers
  • Use same search tools to assess security of Web
    servers before launching an attack

22
(No Transcript)
23
E-mail Attacks
  • E-mail attachments
  • Preferred method of distributing viruses and
    worms
  • E-mail-distributed viruses
  • Use social engineering to trick recipients into
    opening document
  • If file attached to e-mail message contains a
    virus
  • It is often launched when file attachment is
    opened

24
Spam
  • Unsolicited e-mail
  • Reduces work productivity
  • Spammers
  • Can overwhelm users with offers to buy
    merchandise or trick them into giving money away
  • U.S. Congress passed an anti-spam law in late
    2003
  • Controlling the Assault of Non-Solicited
    Pornography and Marketing Act of 2003 (CAN-SPAM)

25
(No Transcript)
26
(No Transcript)
27
(No Transcript)
28
Web Defenses through Browser Settings
  • IE settings that should be turned on
  • Do not save encrypted pages to disk
  • Empty Temporary Internet Files folder when
    browser is closed
  • Warn if changing between secure and not secure
    mode

29
(No Transcript)
30
(No Transcript)
31
(No Transcript)
32
Security Zones
  • Internet
  • Contains Web sites that have not been placed in
    any other zone
  • Local Intranet
  • Web pages from an organizations internal Web
    site can be added to this zone

33
Security Zones (continued)
  • Trusted Sites
  • Web sites that are trusted not to pose any harm
    to a computer can be placed here
  • Restricted Sites
  • Web site considered to be potentially harmful can
    be placed here

34
(No Transcript)
35
Restricting Cookies
  • Privacy levels
  • Block All Cookies
  • High
  • Medium High
  • Medium
  • Low
  • Accept All Cookies

36
(No Transcript)
37
E-Mail Defenses
  • Technology-based defenses
  • Level of junk e-mail protection
  • Blocked senders
  • Blocked top level domain list

38
(No Transcript)
39
(No Transcript)
40
Technology-Based Defenses
  • Whitelist
  • Names/addresses of those individuals from whom an
    e-mail message will be accepted
  • Bayesian filtering
  • Used by sophisticated e-mail filters

41
(No Transcript)
42
Procedures
  • Questions you should ask when you receive an
    e-mail with an attachment
  • Is the e-mail from someone that you know?
  • Have you received e-mail from this sender before?
  • Were you expecting an attachment from this sender?

43
Summary
  • World Wide Web (WWW)
  • Composed of Internet server computers that
    provide online information in a specific format
  • E-mail systems
  • Can use two TCP/IP protocols to send and receive
    messages
  • Repurposed programming
  • Using programming tools in ways more harmful than
    for what they were intended

44
Summary (continued)
  • Cookie
  • Computer file that contains user-specific
    information
  • Spam, or unsolicited e-mail
  • Has negative effect on work productivity
  • May be potentially dangerous
  • Properly configuring security settings on Web
    browser
  • First line of defense against an Internet attack
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Security Awareness:" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!