Security%20Awareness:%20Applying%20Practical%20Security%20in%20Your%20World - PowerPoint PPT Presentation

About This Presentation
Title:

Security%20Awareness:%20Applying%20Practical%20Security%20in%20Your%20World

Description:

Primary vehicle for malicious code ... Malicious code can execute when the attachment is opened ... nuisance, but can contain malicious code. To cut down on ... – PowerPoint PPT presentation

Number of Views:274
Avg rating:3.0/5.0
Slides: 45
Provided by: Wea67
Learn more at: http://csis.pace.edu
Category:

less

Transcript and Presenter's Notes

Title: Security%20Awareness:%20Applying%20Practical%20Security%20in%20Your%20World


1
Security Awareness Applying Practical Security
in Your World
  • Chapter 4 Internet Security

2
Objectives
  • List the risks associated with using the World
    Wide Web, and describe the preventive measures
    that can be used to minimize Web attacks.
  • List the vulnerabilities associated with using
    e-mail, and explain procedures and technologies
    that can be used to protect e-mail.

3
Internet Security
  • The Internet has changed the way we live and work
    in a very short amount of time.
  • There is a dark side to the Internet it has
    opened the door to attacks on any computer
    connected to it.
  • There are methods to minimize the risks of using
    the Internet and e-mail.

4
The World Wide Web
  • Internet ? Worldwide interconnection of computers
  • World Wide Web (WWW) ? Internet server computers
    that provide online information in a specified
    format
  • Hypertext Markup Language (HTML) ? Specifies how
    a browser should display elements on a users
    screen (See Figure 4-1)
  • Hypertext Transport Protocol (HTTP) ? Set of
    standards that Web servers use to distribute HTML
    documents (See Figure 4-2)

5
The World Wide Web (continued)
6
The World Wide Web (continued)
7
Repurposed Programming
  • Repurposed programming ? Using programming tools
    in harmful ways other than what they were
    originally intended to do
  • Static content ? Information that does not change
  • Dynamic content ? Content that can change
  • Tools that can be used for repurposed
    programming JavaScript Java Applets
    ActiveX Controls

8
Web Attacks
  • Web attack ? An attack launched against a
    computer through the Web
  • Broadband connections ? A type of Internet
    connection that allows users to connect at much
    faster speeds than older dial-up technologies
  • Result More attacks against home computers
  • Three categories of attacks Repurposed
    programming Snooping Redirected Web traffic

9
JavaScript
  • JavaScript ? Special program code embedded in an
    HTML document
  • Web site using JavaScript accessed ? HTML
    document downloaded ? JavaScript code executed
    by the browser (See Figure 4-3)
  • Some browsers have security weaknesses

10
JavaScript (continued)
11
Java Applet
  • Java applet ? A program downloaded from the Web
    server separately from the HTML document
  • Stored on the Web server and downloaded along
    with the HTML code when the page is accessed
    (See Figure 4-4)
  • Processes users requests on the local computer
    rather than transmitting back to the Web server

12
Java Applet (continued)
  • Security sandbox
  • Unsigned Java applets ? Untrusted source (See
    Figure 4-5)
  • Signed Java applets ? Digital signature proving
    trusted source

13
Java Applet (continued)
14
Java Applet (continued)
15
ActiveX Controls
  • ActiveX controls ? An advanced technology that
    allows software components to interact with
    different applications
  • Two risks
  • Macros
  • ActiveX security relies on human judgment
  • Digital signatures
  • Users may routinely grant permission for any
    ActiveX program to run

16
Snooping
  • One of dynamic contents strengths is its ability
    to receive input from the user and perform
    actions based on it (See Figure 4-6)
  • Providing information to a Web site carries risk
  • Internet transmissions are not normally encrypted
  • Information entered can be viewed by unauthorized
    users
  • Types of snooping Spyware Misusing Cookies

17
Snooping (continued)
18
Snooping (Continued)
  • Cookies ? A computer file that contains
    user-specific information
  • Stores information given to a Web site and reuses
    it
  • Can pose a security risk
  • Hackers target cookies to retrieve sensitive
    information
  • Cookies can be used to determine what Web pages
    you are viewing
  • Some personal information is left on Web sites by
    the browser
  • Makes tracking Internet usage easier

19
Redirecting Web Traffic
  • Mistakes can be made when typing an address into
    a browser
  • Usually mistakes result in error messages (See
    Figure 4-7)
  • Hackers can exploit misaddressed Web names to
    steal information using social engineering
  • Two approachesPhishing Registering
    similar-sounding domain names

20
Redirecting Web Traffic (continued)
21
Web Security Through Browser Settings
  • Web browser security and privacy settings can
    be customized
  • Internet Options
  • General Security
  • Privacy Content
  • Advanced Tab

22
Web Security Through Browser Settings (continued)
Figure 4-9 Security Settings on the Advanced Tab
23
Web Security Through Browser Settings (continued)
  • Alert the User to the Type of Transaction
  • Warn if changing between secure and not secure
    mode

24
Web Security Through Browser Settings (continued)
  • Hypertext Transfer Protocol over Secure Sockets
    Layer (HTTPS) ? Encrypts and decrypts the data
    sent

25
Web Security Through Browser Settings (continued)
  • Know Whats Happening with the Cache
  • Do not save encrypted pages to disk
  • Empty Temporary Internet Files when browser is
    closed
  • Cache ? Temporary storage area on the hard disk

26
Web Security Through Browser Settings (continued)
  • Know the Options on the General Tab
  • Temporary Internet files
  • Delete Cookies
  • Delete Files
  • History

27
Web Security Through Browser Settings (continued)
  • Security Zones and the Security Tab
  • Predefined security zonesInternet Local
    IntranetTrusted sites Restricted sites

28
Web Security Through Browser Settings (continued)
  • Security Zones and the Security Tab
  • Security levels canbe customized by clicking
    the Custom Level button to display the Security
    Settings page

29
Web Security Through Browser Settings (continued)
  • Using the Privacy tab
  • Divided into two parts
  • Privacy level settings
  • Cookie handlingFirst-party Third-party

30
Web Security Through Browser Settings (continued)
  • Placing Restrictions on the Content Page
  • Control type of content the browser will
    display
  • Content Advisor
  • Certificates
  • Publishers

31
Web Security Through Appropriate Procedures
  • Do not accept any unsigned Java applets unless
    you are sure of the source
  • Disable or restrict macros from opening or
    running automatically
  • Disable ActiveX and JavaScript.
  • Install anti-spyware and antivirus software and
    keep it updated

32
Web Security Procedures (continued)
  • Regularly install any critical operating system
    updates.
  • Block all cookies
  • Never respond to an e-mail that asks you to click
    on a link to verify your personal information.
  • Check spelling to be sure you are viewing the
    real site.

33
Web Security Procedures (continued)
  • Turn on all security settings under the Advanced
    tab.
  • Keep your cache clear of temporary files and
    cookies.
  • Use the security zones feature.

34
E-Mail
  • E-mail is a double-edged sword
  • Essential for business and personal
    communications
  • Primary vehicle for malicious code

35
Vulnerabilities of E-Mail
  • Three major areasAttachments Spam
    Spoofing

36
Vulnerabilities of E-Mail (continued)
  • Attachments ? Documents, spreadsheets,
    photographs and anything else added to an e-mail
    message
  • Can open the door for viruses and worms to infect
    a system
  • Malicious code can execute when the attachment is
    opened
  • Code can then forward itself and continue to
    spread

37
Vulnerabilities of E-Mail (continued)
  • Spam ? Unsolicited e-mail messages
  • Usually regarded as just a nuisance, but can
    contain malicious code
  • To cut down on spam
  • Never reply to spam that says Click here to
    unsubscribe
  • Set up an e-mail account to use when filling out
    Web forms
  • Do not purchase items advertised through spam
  • Ask your ISP or network manager to install
    spam-filtering hardware or software

38
Vulnerabilities of E-Mail (continued)
  • E-mail Spoofing ? A message falsely identifying
    the sender as someone else
  • Senders address appears to be legitimate, so the
    recipient trusts the source and does what is asked

39
Solutions
  • Technology-based solutions
  • Antivirus software installed and regularly
    updated
  • E-mail filters
  • File extension filters
  • Junk e-mail option Figure 4-17 ?
  • Separate filtering software working in
    conjunction with the e-mail software

40
Solutions (continued)
  • Procedure-Based Solutions
  • Remember that e-mail is the number one method for
    infecting computers and treat it cautiously
  • Approach e-mail messages from unknown senders
    with caution
  • Never automatically open an attachment
  • Do not use preview mode in your e-mail software
  • Never answer e-mail requests for personal
    information

41
Summary
  • Computers connected to the Internet are
    vulnerable to a long list of attacks, in addition
    to viruses, worms and other malicious code.
  • Categories of attack are
  • Repurposed programming
  • JavaScript
  • Java applets
  • ActiveX controls
  • Snooping
  • Redirected Web traffic

42
Summary (continued)
  • Defending against Web attacks is a two-fold
    process
  • Configuration of browser software Customized
    privacy and security settings
  • Proper procedures to minimize risk Many attacks
    are based on social engineering

43
Summary (continued)
  • E-mail is a crucial business and personal tool,
    but is also a primary means of infection by
    viruses, worms, and other malicious code.
  • Attachments
  • Spam
  • Spoofing

44
Summary (continued)
  • E-mail security solutions can be broken into two
    categories
  • Technology-based
  • Antivirus software
  • Filters for attachments and spam
  • Procedure-based
  • Remember the risks and consistently follow safe
    procedures
Write a Comment
User Comments (0)
About PowerShow.com