Why be concerned about Internet security?

1
Why be concerned about Internet security?
Chapter 6 Network and Internet Security and
Privacy
2

• The Computer Fraud and Abuse Act of 1986 is the
  main law protecting against
• computer crimes. The USA PATRIOT Act increased
• the scope and penalties of computer fraud
• raising the maximum penalty for violations
• to 10 years (from 5) for a first offense and
• 20 years (from 10) for a second offense
• ensuring that violators only need to intend to
• cause damage generally, not intend to cause
• damage or other specified harm over the 5,000
  statutory damage threshold
• allowing aggregation of damages to different
  computers over a year to reach the 5,000
  threshold
• enhancing punishment for violations involving any
  (not just 5,000) damage to a government computer
  involved in criminal justice or the military
• including damage to foreign computers involved in
  US interstate commerce
• including state law offenses as priors for
  sentencing and
• expanding the definition of loss to expressly
  include time spent investigating and responding
  for damage assessment and for restoration.

3
Unauthorized Access (hacking) Gaining access to a
computer, network, or system without
authorization. Businesses, schools, and
organizations have codes of conduct
outlining acceptable computer use. Theft of
Data Data theft or information theft is the theft
of data or information located on or being sent
from a computer. Interception of
Communications Instead of accessing data stored
on a computer via hacking, some criminals
gain unauthorized access to data, files, email
messages, VoIP calls, and other content as it is
being sent over the Internet. A new trend is
criminals intercepting credit and debit card
information during the card verification process
that is, intercepting the data from a card in
real time as a purchase is being authorized.
4

• Botnets and Zombie Computers
• A computer that is controlled by a hacker or
  other computer criminal is referred to as a bot
  or zombie computer.
• A group of bots that are controlled by one
  individual and can work together in a coordinated
  fashion is called a botnet.
• According to the FBI, an estimated one million
  U.S. computers are currently part of a botnet.
• WiFi Piggybacking
• Many home users have wireless (WiFi) networks.
• Many people do not have security implemented
• and neighbors or someone driving down the street
• could access their network and use their Internet
  
• access.

5
Computer/Data Sabotage Malicious destruction to a
computer or data. This could be
performed physically or electronically. A
disgruntled employee could destroy a network
server or backup tapes. Data or programs could
be altered. Web sites could be defaced. Denial
of Service A denial of service (DoS) attack is an
act of sabotage that attempts to flood a network
server or Web server with so many requests for
action that it shuts down or simply cannot handle
legitimate requests any longer, causing
legitimate users to be denied service.
6
Identity Theft This occurs when someone obtains
enough information about a person (e.g. name,
birth date, SS, address, credit card, mothers
maiden name) to be able to masquerade as that
person. The thief could get a drivers license
and credit cards under your name. Salami
Shaving/Slicing Writing a computer program that
transfers small amounts of money (e.g. a few
cents) from each transaction to a secret account.
This is usually performed by someone within a
company. e.g. the movie Office Space Online
Auction Fraud Purchase items on eBay and never
receive them. Craigslist also has many scams.
7
PhishingThe use of a spoofed e-mail to gain
credit card numbers, usernames and passwords, or
other personal info. The user is often
redirected to a fraudulent (spoofed) web site.
8
Spoofed or FraudulentWeb Sites (dot cons)Many
phishing scams use spoofedweb sites. The user
will type in hisusername/password which is
storedon the server.

• In addition to disclosing personal information
  only when it is necessary and only via secure Web
  pages, you should use security software and keep
  it up to date.
• To avoid phishing schemes, never click a link in
  an email message to go to a secure Web
  sitealways type the URL for that site in your
  browser.

9

• Malware Malicious programs installed without
  your knowledge. This includes adware, spyware,
  and viruses. The best defense is anti-virus
  software and good practices.
• Adware
• Software that delivers advertisements to
• your desktop. It could be installed without
• your knowledge, or built in to legitimate apps.
• Spyware
• Software that secretly gathers information
• about the user and transmits it on the
• Internet. It could be marketing information
  transmitted to advertisers or it could be more
  malicious and transmit your keystrokes (e.g.
  usernames and passwords) to someone on the
  internet.
• Viruses
• A program that is installed without the
  permission or knowledge of the user. It will
  affect the computers operation in some manner.
  Viruses are attached to legitimate executable
  files and can replicate themselves to other files
  when you execute them. It is common to get a
  virus from executable files downloaded from the
  Internet, or from executable files attached to
  e-mails and instant messages.

10
A couple types of viruses Trojan Horse is a
virus that is disguised as a legitimate program.
They are downloaded from the Internet and
executed by the user. For example a game. A
regular virus attaches itself to a legitimate
program and executes when you run the
program. Worm is a type of virus that replicates
itself over the network or Internet without user
intervention, as opposed to being attached to a
file that is downloaded. Without a firewall,
your computer could get a worm when you connect
to the Internet.
11
E-mail Hoaxes/Chain LettersE-mails chain letters
are usually an unreliable source of news. You
can go to snopes.com to verify the content of an
e-mail, as well as other rumors.

• gtgtgt TO MASSAOL_at_aol.com gtgtgt FROM
  GatesBeta_at_microsoft.com gtgtgt ATTACH
  Tracklog_at_microsoft.com/Track883432/TraceActive/On
  .html gtgtgt Hello Everyone, gtgtgt And thank you for
  signing up for my Beta Email Tracking gtgtgt
  Application or (BETA) for short. My name is Bill
  Gates. gtgtgt Here at Microsoft we have just
  compiled an gtgtgt e-mail tracing program that
  tracks everyone to whom this message gtgtgt is
  forwarded to. It does this through an unique IP
  (Internet Protocol) gtgtgt address log book
  database. We are experimenting with gtgtgt this and
  need your help. Forward this to everyone you know
  gtgtgt and if it reaches 1000 people everyone on the
  list will gtgtgt receive 1000 and a copy of
  Windows98 at my expense. gtgtgt Enjoy. gtgtgt Note
  Duplicate entries will not be counted. You will
  be gtgtgt notified by email with further
  instructions once this email gtgtgt has reached 1000
  people. Windows98 will not be shipped gtgtgt unitl
  it has been released to the generalpublic. gtgtgt
  Your friend, gtgtgt Bill Gates The Microsoft
  Development Team.

Subject Make A Wish Foundation (fwd) A plea from
a sick little girl Little Kimberly Anne is dying
of a horrible tropical disease. Her goal, before
she passes into the Great Beyond, is to collect
as many free America Online disks as she can, to
make the Guiness Book of Records. Her project is
being sponsored by the Wish-Upon-a-Star
Foundation, which specializes in fulfilling the
final wishes of such sick little girls. So, next
time you get an unwanted AOL disk in the mail,
don't throw it away! Think of the sparkle it will
bring to the eye of a dying child. Write on the
package Address deleted to prevent this hoax
from continuing. Please copy this message and
circulate it to your friends, neighbors, and

co-workers. Only you can
child's wish reality! God bless you from the
Wish-Upon-a-Star Foundation!lt/h3gt
12
Email EncryptionE-mail is currently the popular
form of business communication. E-mail (SMTP)
messages are not encrypted when being sent over
the Internet. Some companies will have
encryption for internal e-mails. Some devices
such as Blackberries offer encryption for
messages to other Blackberry users.Web Site
EncryptionWeb sites which are encrypteduse
public/private key encryption.These web sites
use the https//The web browser will also
displaya lock. If you click on the area tothe
left of the https, you can seethe security
certificate. The website is also verified as
authenticby a 3rd party such as VeriSign.
13
Who would you trust to give you drugs?
Protecting Against Hardware Loss, Hardware
Damage, and System Failure
14
Since a program can affect your computer the same
way a drug can affect your body, who do you trust
to install a program on your computer?
Which one of these software programs is from a
well-known company?
15
Be careful installing web browser plug-ins this
is a popular way to trick you into installing
malware. The safest way to install a plug-in
is to go to the site that makes the software
rather than the site that tries to install it for
you. Here are some popular browser plug-ins.
Be careful when you install legitimate software
because the installation program often tries to
install extra unneeded software.
Java from www.sun.com Flash from
www.adobe.com Acrobat Reader from
www.adobe.com Shockwave from www.adobe.com Quick
time from www.apple.com RealPlayer from
www.realaudio.com Windows Media Player from
www.microsoft.com
16
Most add-on toolbars contain adware and/or spyware
My recommendation DONT install them. If you
REALLY want it, research it first.
17

• To protect hardware from damage due to power
  fluctuations, everyone should use a surge
  suppressor with a computer whenever it is plugged
  into a power outlet.
• Users who want their desktop computers to remain
  powered up when the electricity goes off should
  use an uninterruptible power supply (UPS).

18
Anti-Virus Software
19
WiFi Security - prevents unauthorized access
and piggybacking - provides encryption WEP
(least secure) Wired Equivalent Privacy WPA
(more secure) WiFi Protected Access
20
Firewalls

• Firewalls block unrequested Internet traffic to
  your computer.
• Windows includes the Windows Firewall (software
  firewall)
• Many home DSL/Cable routers include a firewall
  (hardware firewall)

21
What is your primary defense against hardware
loss, damage, or system failure?
Backups!!!!!!!!!!!

• Securing Backup MediaThe media used to store
  backups (tapes, CD-R, DVD-R) needs to be secure.
  Fireproof safes provide some protection.
  Off-site storage of backups adds considerable
  protection of media. Data storage companies
  store backup media at secure remote locations.
  Disaster Recovery PlanSpells out what an
  organization will do to prepare for and recover
  from a disruptive event.Q What data do YOU
  have that should be backed up?Q How do YOU
  backup your data?