SlideShare a Scribd company logo

Tutorial 09 - Security on the Internet and the Web

D
dpd

The document discusses various security threats on the internet and countermeasures to protect against them. It covers topics like secrecy, integrity, necessity, hackers/crackers, denial of service attacks, viruses/trojans, and identity theft. The key aspects of security are preventing unauthorized access, use, alteration or destruction of digital assets. Common threats include hacking, malware, and theft of personal information stored online.

1 of 73
Security on the Internet and the Web Security Threats and Countermeasures Tutorial 9
Objectives Understand the basics of security: secrecy, integrity, and necessity. Understand what hackers and crackers can do and why they do it. Learn about the dangers of online crime, warfare, and terrorism. Investigate how to protect copyrighted materials that are published on the Internet.
Objectives Understand Web client threats and countermeasures. Learn about online communication channel threats and countermeasures. Find out how to get more information and current updates about online security.
Understanding Security Basics: Secrecy, Integrity, and Necessity Security is broadly defined as the protection of assets from unauthorized access, use, alteration, or destruction. Physical security includes tangible protection devices, such as locks, alarms, fireproof doors, security fences, safes or vaults, and bombproof buildings. Protection of assets using non-physical means is called logical security . Logical security may also be broadly called computer security .
Understanding Security Basics: Secrecy, Integrity, and Necessity Any act or object that endangers an asset is known as a threat . Countermeasure is the general name for a procedure, either physical or logical, that recognizes, reduces, or eliminates a threat. Countermeasures can recognize and manage threats or they can eliminate them. An individual or organization can ignore threats that are deemed low risk and less likely to occur when the cost to protect against the threat exceeds the value of the protected asset.
Risk Management Model New Perspectives on The Internet, Sixth Edition—Comprehensive Tutorial 9
Understanding Security Basics: Secrecy, Integrity, and Necessity To implement a good security scheme, you identify the risk, determine how you will protect the affected asset, and calculate the cost of the resources you can allocate to protect the asset. Computer security can be classified into several categories: Secrecy Integrity Necessity
Understanding Security Basics: Secrecy, Integrity, and Necessity Secrecy prevents unauthorized data disclosure and ensures the authenticity of the data’s source. Integrity prevents unauthorized data modification. Necessity prevents data delays (slowing down the transmission of data) or denials (preventing data from getting to its destinations. Internet users and businesses with Web sites need to take appropriate countermeasures in each of these three categories to protect themselves and the computers they use to connect to the Internet.
Secrecy and Encryption Encryption : the process of coding information using a mathematical-based program and a secret key to produce a string of characters that is unreadable. Decryption : the process of reversing encrypted text is called. Cipher text : encrypted information. Plain text : unencrypted information. Cryptography : the study of ways to secure information.
Secrecy and Encryption Private-key encryption ( symmetric encryption ): uses a single key that is known by the sender and receiver the key might be a password or a number generated by a special device works well in a highly controlled environment.
Private-key (Symmetric) Encryption New Perspectives on The Internet, Sixth Edition—Comprehensive Tutorial 9
Secrecy and Encryption Public-key encryption ( asymmetric encryption ): uses a public key and a private or secret key the public key is known to everyone the private or secret key is known only to the person who owns both keys each person has a private key that is secret and a public key that is shared with other users messages encrypted with a private key must be decrypted with the public key, and vice versa
Public-key (Asymmetric) Encryption New Perspectives on The Internet, Sixth Edition—Comprehensive Tutorial 9
Secrecy and Encryption Encryption is considered to be weak or strong based on its algorithm and the number of characters in the encryption key. Algorithm : a formula or set of steps to solve a particular problem. Strong keys : keys that are 128 bits long are called. Most browsers use 128-bit encryption when they are in secure mode, which is also called strong encryption .
Integrity An integrity threat occurs when an unauthorized party has the chance to alter data while it is being transferred over the Internet or while it is stored on a computer. Man-in-the-middle exploit : when an e-mail message is intercepted and its contents are changed before it is forwarded to its original destination. The most visible integrity threats have been from Trojan horses, viruses, and worms that attack computers and the programs they run.
Integrity Trojan horse : a small program hidden inside another program claims to be a legitimate program that accomplishes some task when, in fact, it causes harm when the user accesses or downloads the program in which it is hidden when you execute the program you thought you downloaded (or received via e-mail as an attachment), it secretly launches a separate Trojan horse program, which quietly does its damage. Antivirus software programs and firewalls cannot guarantee that your computer is protected from this type of attack. Be careful not to execute a file that you did not request and download software only from trusted sources.
Integrity Worm : a self-replicating program usually hidden within another file and then sent as an e-mail attachment can replicate itself on a computer or server, but it cannot infect other files Viruses can spoof the From line of an e-mail message using the name of someone you know. The default filename view setting in Windows hides the filename extension. Many computer security experts recommend that users change this default setting in Windows when it is possible so you can tell if a file is an executable program.
Integrity Antivirus software can prevent the spread of viruses, worms, and Trojan horses by blocking them from being downloaded from the server. Two vendors that provide a full range of antivirus products are Symantec and McAfee.
Integrity The best defenses against Trojan horses, viruses, and worms are the following: display Windows filename extensions computers so that you can determine the type of each file you download. avoid opening attachments that you did not expect (even if they are from senders that are known and trusted) install antivirus programs keep those antivirus programs updated regularly
Necessity Necessity occurs when a cracker uses a program to disrupt normal computer processing or, possibly, to deny processing entirely. Packet flooding attack ( denial of service (DoS) attack ): occurs when a cracker bombards a server or other computer with messages in an attempt to consume the network’s bandwidth resources works by sending such a large number of messages to a Web server that it cannot answer properly
Necessity Distributed denial of service (DDoS) attack : the perpetrator uses a large number of computers that each launch a DoS attack on one Web server at the same time most DDoS attacks are launched after the attacking computers are infected with Trojan horse programs. Each Trojan horse is coded to open and launch a DoS attack at exactly the same date and time zombies : computers “hijacked” by a Trojan horse used to help a DDoS attack A company can defend its Web server from DoS and DDoS attacks by adding a filter to its Internet connection between the Web server and the router that connects it to the Internet.
Online Crime, Warfare, and Terrorism Most people who use the Internet are honest, hard-working people who use the technology for legitimate purposes. Unfortunately, some people use the Internet for all manner of illegal and unethical purposes. It is important to know about these uses because that knowledge can help prevent such use or limit the damage caused.
Hackers, Crackers, and Script Kiddies Cracker : a technologically skilled person who uses his or her skills to obtain unauthorized entry into computers or networks of computers. damage the system’s software, or even do harm to the system’s hardware. Computer forensics experts ( ethical hackers ): computer professionals hired to break into client computers and probe the computers to locate information that can be used in legal proceedings.
Hackers, Crackers, and Script Kiddies Hacker : a dedicated programmer who enjoyed writing complex code that tested the limits of technology computer professionals consider being called a hacker a compliment; the media and the general public often use the term to describe those who use their skills for ill purposes the terms white hat hacker and black hat hacker make the distinction between those who use their skills for good and those who use their talents to commit illegal acts.
Hackers, Crackers, and Script Kiddies Virus tool kits : script-writing programs that allow novices to create their own viruses, worms, and Trojan horses menu-driven tools that give almost anyone the ability to generate troublesome programs without the need to write a single line of code Script kiddies : a derisive term coined by crackers who have programming skills to describe people who use virus tool kits.
Online Theft, Identity Theft and the Ethics of Privacy An increasing amount of personal information is stored on the Web by other parties, such as banks, credit card issuers, credit reporting agencies, physician’s offices, hospitals, and government agencies. As more companies store valuable information on computers that are connected to the Internet, opportunities for theft of that information increase. This is especially true when companies lose control of the data they collect on their customers (and other people).
Online Theft, Identity Theft and the Ethics of Privacy Social Security number Driver’s license number Credit card numbers CW2 numbers (the three- or four-digit security code printed on a credit card) Passwords (or PINs) Credit reports Date of birth ATM (or debit) card numbers Telephone calling card numbers Mortgage (or other loan) information Telephone numbers Home address Employer address The kinds of personal information that criminals most want to obtain include:
Online Theft, Identity Theft and the Ethics of Privacy Identity theft : a type of crime in which a thief steals a person’s entire credit record and then uses the victim’s personal information to open bank accounts, new credit cards, and buy expensive goods on credit. By the time the victim finds out that his or her identity has been stolen, the thief is long gone with the cash and the goods. If you are the victim of identity theft, you must act quickly to contact the credit reporting agencies, every financial institution at which you have an account, and the issuer of every credit card you hold.
Online Extortion Some perpetrators threaten to launch DoS attacks against a company unless a “fee” is paid; many smaller companies simply pay the extortionists and do not even report the crime. Other perpetrators break into a company’s systems, steal confidential information, and then threaten to release the information unless they are paid. Smaller companies are easier targets because they generally do not have strong security in place, but larger organizations are not immune to these attacks.
Other Online Crimes Enforcing laws against distribution of pornographic material online in the United States has been difficult. a difficult question arises regarding which community standards might apply to the sale international transactions raise even more difficult questions about which laws should determine the legality of the sale The U.S. Supreme Court has ruled that state and local courts can draw the line based on local community standards
Other Online Crimes A similar issue arises in the case of online gambling. If people in California use their computers to connect to an offshore gambling site, it is unclear where the gambling activity occurs. Several states have passed laws that specifically outlaw Internet gambling, but the ability of those states to enforce laws that limit Internet activities is not yet clear. The U.S. Federal government has outlawed all online gambling activities by its citizens, but enforcement is difficult and the constitutionality of such laws has not been tested.
Organized Crime Online Organized crime ( racketeering ): unlawful activities conducted by a highly organized, disciplined association for profit. The Internet has opened new opportunities for organized crime. Large criminal organizations can be efficient perpetrators of identity theft because they can exploit large amounts of personal information (obtained, for example, from a cracker who broke into a company’s Web server) quickly and efficiently. These criminal organizations often sell or trade information that they cannot use immediately to other organized crime entities around the world.
Online Espionage, Warfare, and Terrorism Industrial espionage : a type of spying in which countries attempt to gain information from private businesses to capture intellectual property that can be taken home and used in industries there when this information is stored in computers that are connected to the Internet or when it is transmitted via the Internet, it can become the target of online espionage efforts Many Internet security experts believe that we are at the dawn of a new age of terrorism and warfare that could be carried out or coordinated through the Internet.
Copyright & Intellectual Property Threats and Countermeasures Safeguarding copyright and intellectual property rights are also security issues. Intellectual property threats are a large problem due to the Internet and the relative ease with which one can use existing material without the owner’s permission. It is very simple to reproduce an exact copy of anything you find on the Internet. Many people are naïve or unaware of copyright restrictions that protect intellectual property.
Copyright & Intellectual Property Threats and Countermeasures Digital watermark : a process that inserts a digital pattern containing copyright information into a digital image, animation, or audio or video file. Steganography : a process that hides an encrypted message within different types of files can be used to add copyright information to different types of files
Web Client Security A good place to start applying security principles in on PCs connected to the Internet ( Web clients ). There are specific security threats and countermeasures for Web clients, the communication channel that connects Web clients to Web servers, and the Web servers themselves.
Active Content: Java, JavaScript, and ActiveX Active content : programs that travel with applications to a browser and execute on the user’s computer. Java applet : a program written in the Java programming language that could execute and consume a computer’s resources. JavaScript program : a program that could execute on the user’s computer and can run without being compiled.
Active Content: Java, JavaScript, and ActiveX ActiveX components : Microsoft’s technology for writing small applications that perform some action in Web pages; these components have full access to a computer’s file system. only work in Internet Explorer and other browsers that use the Internet Explorer code base in some way. Firefox, which does not use any part of the Internet Explorer code base, will not run a beneficial ActiveX component, nor can it be attacked by a malicious ActiveX component
Managing Cookies A cookie is a small text file that a Web server creates and stores on your computer’s hard drive. Clickstream : the links you click while visiting the Web site A cookie might store information about your clickstream, the products you purchase, or personal information that you provide to the site. Some cookies are removed automatically when you leave a Web site ( a session-only cookie ) .
Managing Cookies Many Web sites use cookies to make their sites easier to navigate. A cookie is not a program and it can only store information that you provide to the Web site that creates it. Sometimes you provide the data openly, and at other times, the cookie might silently record your behavior at a Web site. Only the Web site that stored the cookie on your hard drive can read it, and it cannot read other cookies on your hard drive or any other file on your computer.
Managing Cookies Cookies can represent a security threat for some users, especially those who access the site from a public computer. Internet users can control the storage of cookies on their computer’s hard drive by changing their browser’s settings. The best way to prevent another user from gaining access to information is to make sure that you do not leave an electronic trail to its path. Internet Explorer stores cookies in the C:\Windows\Cookies folder. Firefox stores cookies in a file named cookies.txt on the user’s hard drive.
Managing Cookies in Internet Explorer New Perspectives on The Internet, Sixth Edition—Comprehensive Tutorial 9
Managing Cookies in Firefox New Perspectives on The Internet, Sixth Edition—Comprehensive Tutorial 9
Web Bugs Web bug ( clear GIF or transparent GIF ): a small (one pixel), hidden graphic on a Web page or in an e-mail message that is designed to work in conjunction with a cookie to obtain information about the person viewing the page or e-mail message and to send the information to a third party. When the user loads the Web page that contains this code, the browser downloads the hidden graphic. This process can identify your IP address, the Web site you last visited, and other information about your use of the site in which the clear GIF file has been embedded and record it in the cookie file.
Web Bugs New Perspectives on The Internet, Sixth Edition—Comprehensive Tutorial 9 HTML document containing a Web bug Web page containing a Web bug
Adware and Spyware: Ethical Issues Adware : a general category of software that includes advertisements to help pay for the product in which they appear. In many freeware and shareware programs, adware provides opportunities for developers to offer software at little or no cost to the user. Adware usually does not cause any security threats because the user is aware of the ads and the parties responsible for including them are clearly identified in the programs.
Adware and Spyware: Ethical Issues Spyware : a category of adware in which the user has little control over or knowledge of the ads and other monitoring features it contains. Spyware occurs in situations where a developer has sold ads to a third party or embedded other features in the program. A Web bug is an example of spyware because the clear GIF and its actions are hidden from the user.
Adware and Spyware: Ethical Issues One way to protect computers from the potential privacy violations created by cookies, Web bugs, and spyware is to set Web browsers to block third-party cookie files. There are many good shareware programs that erase spyware from your computer. These programs, sometimes called ad blockers , search for files written by known spyware.
Firewalls Firewall : a software program or hardware device that controls access between two networks, such as a local area network and the Internet or the Internet and a computer. Port : like a door on a computer, it permits traffic to leave and enter a computer. When the port is closed, traffic can’t leave or enter the computer. Port scan : occurs when one computer tests all or some of the ports of another computer to determine whether its ports are open, closed, or stealth.
Basic Web Client Firewall Architecture New Perspectives on The Internet, Sixth Edition—Comprehensive Tutorial 9
Firewalls Most firewalls prevent traffic from entering the network, but firewalls can also prevent data from leaving the network. This is useful for controlling the activities of hidden programs that are designed to compromise the security of a computer. When you install a new program on your computer, a firewall that provides outgoing protection will notify you if and when the new program tries to access the Internet.
Firewalls Until the recent increase in the number of users with broadband connections to the Internet, corporations used hardware firewalls almost exclusively. Some firewall software programs are available for free or at a very low cost so they are become popular with other types of users. Some antivirus programs and Internet suites include basic firewall protection.
Communication Channel Security Encryption is an important part of maintaining security over information that is sent via the Internet. Practical uses of encryption require authentication and identification.
Authentication and Digital Certificates Authentication : a general term for the process of correctly verifying the identify of a person or a Web site. Digital certificate : an encrypted and password-protected file that contains sufficient information to authenticate and prove a person’s or organization’s identity. Certificate authority : a trusted third party that verifies the digital certificate holder’s identity and issues the certificate.
Authentication and Digital Certificates A digital certificate contains the following: the certificate holder’s name, address, and e-mail address a special key that “unlocks” the digital certificate, thereby verifying the certificate’s authenticity the certificate’s expiration date or validity period the certificate authority
Authentication and Digital Certificates A digital certificate is an electronic equivalent of an identification card. Digital ID ( personal certificate ): used to identify a person to other people and to Web sites that are set up to accept digital certificates. Digital ID : an electronic file that you purchase from a certificate authority and install into a program that uses it, such as an e-mail program or a Web browser.
Protecting E-Mail Messages To help maintain the integrity of an e-mail message, you can send the message through a message digest function program ( hash code function program ) to produce a number called a message authentication code ( MAC ). After it receives the MAC, the e-mail program sends the message and matching MAC together to the recipient. The recipient’s e-mail program recomputes the message’s MAC and compares the computed MAC to the received MAC. If they match, the content of the message is unaltered. If they do not match, then the message cannot be trusted.
Producing a MAC for a Message New Perspectives on The Internet, Sixth Edition—Comprehensive Tutorial 9
Protecting E-Mail Messages To be useful, the message digest function must exhibit the following characteristics: It must be impossible or costly to reverse the MAC and produce the original message. The MAC should be random The MAC must be unique to the message You can also protect outgoing e-mail messages with the Secure/Multipurpose Internet Mail Extensions (S/MIME) specification, which when combined with a person’s digital ID provides authentication and encryption to e-mail messages.
Phishing Attacks Phishing : an attack in which thieves “fish” for information. Thieves send e-mail messages to people telling them that their account data at a bank, credit card company, or other company has been compromised. The e-mail message asks the recipients to click a link to go to a Web site and verify the account information. The link is to a spoofed Web site (a Web site that only looks like it belongs to the correct business). If the recipient enters personal information in a form on the Web site, the thieves can steal that information.
Phishing Attacks The links in phishing e-mails are usually disguised. One common way to disguise the real URL is to use the “@” sign, which causes the Web server to ignore all characters that precede the “@” and use only the characters that follow E-mail links can include JavaScript code that is invisible in most e-mail clients; the link looks like it is going one place, but in fact it directs the mail somewhere else.
Web Server Security Just as digital certificates help protect data sent from one individual to another, they can help protect data sent from and received by a Web server as it performs its task of delivering Web pages to site visitors. Web sites account for the largest percentage of digital certificates in use.
Digital Certificates for Web Servers Server certificate ( SSL Web server certificate ): authenticates a Web site for its users so the user can be confident that the Web site is genuine and not an imposter. Server certificate also ensures that the transfer of data between a user’s computer and the server with the certificate is encrypted so that it is both tamperproof and free from being intercepted.
Processing a Web Server Digital Certificate New Perspectives on The Internet, Sixth Edition—Comprehensive Tutorial 9
Digital Certificates for Web Servers User identification : the process of identifying yourself to a computer. Most computer systems implement user identification with user names and passwords; the combination of a user name and password is sometimes called a login . To help keep track of their login information for different computers and Web sites, some people use a program called a password manager , which stores login information in an encrypted form on their computer.
Digital Certificates for Web Servers Crackers can run programs that create and enter passwords from a dictionary or a list of commonly used passwords. Brute force attack : occurs when a cracker uses a program to enter character combinations until the system accepts a user name and password, thereby gaining access to the system. User authentication : the process of associating a person and his identification with a very high level of assurance.
Secure Sockets Layer (SSL) Secure Sockets Layer ( SSL ): a widely used protocol that acts as a separate layer or “secure channel” on top of the TCP/IP Internet protocol. SSL provides a security handshake when a browser and the Web page to which it is connected want to participate in a secure connection. Web pages secured by SSL have URLs that begin with https:// instead of http://.
Secure State Indicators Internet Explorer Firefox New Perspectives on The Internet, Sixth Edition—Comprehensive Tutorial 9
Secure Sockets Layer (SSL) SSL creates a public-key pair so that it can safely transmit data using a private key. The private key is encrypted using public-key encryption and is sent to the browser. Using the private key protects the remainder of the information transfer between the browser and the Web site. Session keys : a public-key pair created by SSL during a browser session. when the user leaves the secure Web site, the browser discards the session keys. session keys exist only during a single, active session between a browser and server.
Staying Current with Internet and Web Security CERT Coordination Center : a federally funded research center operated by the Software Engineering Institute at Carnegie Mellon University originally known as the Computer Emergency Response Team primary goal is to publish alerts, advisories, and vulnerability reports about current and future Internet security problems it detects and to coordinate communication between software experts also works to increase awareness of security problems and issues and to help individuals and organizations improve the security of their computer systems.
Staying Current with Internet and Web Security SANS Institute : many companies belong to the SANS Institute it sponsors computer security training and research programs its Web site includes the Internet Storm Center and other resources that contain current information on emerging online security issues
Summary There are different types of computer security threats and some countermeasures that you can take to prevent them. There are copyright issues related to the information you locate and use on the Internet.
Summary Specific security threats arise on the Internet when it is used as a communication channel. Other threats on computers arise when they are used as Web clients or as Web servers. You should use the security information presented in this tutorial to create a safe environment in which to enjoy the Web’s many resources.
Ad

Recommended

internet security
internet securityinternet security
internet security
Cheryl Tanicala-Roldan
 
Internet security
Internet securityInternet security
Internet security
at1211
 
Internet Security
Internet SecurityInternet Security
Internet Security
mjelson
 
New internet security
New internet securityNew internet security
New internet security
university of mumbai
 
Internet security powerpoint
Internet security powerpointInternet security powerpoint
Internet security powerpoint
Arifa Ali
 
Tutorial 9 - Security on the Internet
Tutorial 9 - Security on the InternetTutorial 9 - Security on the Internet
Tutorial 9 - Security on the Internet
dpd
 
Internet Security
Internet SecurityInternet Security
Internet Security
Chris Rodgers
 
NewIinternet security
NewIinternet securityNewIinternet security
NewIinternet security
university of mumbai
 
Tools and methods used in cybercrime
Tools and methods used in cybercrimeTools and methods used in cybercrime
Tools and methods used in cybercrime
patelripal99
 
091005 Internet Security
091005 Internet Security091005 Internet Security
091005 Internet Security
dkp205
 
Internet Security
Internet SecurityInternet Security
Internet Security
Mitesh Gupta
 
Basic Internet Security
Basic Internet SecurityBasic Internet Security
Basic Internet Security
mfaheemakhtar
 
Computer security
Computer securityComputer security
Computer security
fiza1975
 
Ethical hacking & Information Security
Ethical hacking & Information SecurityEthical hacking & Information Security
Ethical hacking & Information Security
Ajay Dhamija
 
Internet security
Internet securityInternet security
Internet security
Pokanati SatyaPraveen
 
Computer security
Computer securityComputer security
Computer security
Univ of Salamanca
 
It
ItIt
It
Volkswagen Thane
 
Ethical hacking and cyber security intro
Ethical hacking and cyber security introEthical hacking and cyber security intro
Ethical hacking and cyber security intro
Abhilash Ak
 
Computer & internet Security
Computer & internet SecurityComputer & internet Security
Computer & internet Security
Gerard Lamusse
 
Internet Security
Internet SecurityInternet Security
Internet Security
Peter R. Egli
 
Internet security
Internet securityInternet security
Internet security
Tapan Khilar
 
Computer Security
Computer SecurityComputer Security
Computer Security
William Mann
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
Innocent Korie
 
Internet security
Internet securityInternet security
Internet security
rfukunaga
 
Computer security and privacy
Computer security and privacyComputer security and privacy
Computer security and privacy
eiramespi07
 
Ppt on cyber security
Ppt on cyber securityPpt on cyber security
Ppt on cyber security
Avani Patel
 
Web security: OWASP project, CSRF threat and solutions
Web security: OWASP project, CSRF threat and solutionsWeb security: OWASP project, CSRF threat and solutions
Web security: OWASP project, CSRF threat and solutions
Fabio Lombardi
 
LAMP security practices
LAMP security practicesLAMP security practices
LAMP security practices
Amit Kejriwal
 
Web application Security
Web application SecurityWeb application Security
Web application Security
Lee C
 
2008: Web Application Security Tutorial
2008: Web Application Security Tutorial2008: Web Application Security Tutorial
2008: Web Application Security Tutorial
Neil Matatall
 
Ad

More Related Content

What's hot (18)

Tools and methods used in cybercrime
Tools and methods used in cybercrimeTools and methods used in cybercrime
Tools and methods used in cybercrime
patelripal99
 
091005 Internet Security
091005 Internet Security091005 Internet Security
091005 Internet Security
dkp205
 
Internet Security
Internet SecurityInternet Security
Internet Security
Mitesh Gupta
 
Basic Internet Security
Basic Internet SecurityBasic Internet Security
Basic Internet Security
mfaheemakhtar
 
Computer security
Computer securityComputer security
Computer security
fiza1975
 
Ethical hacking & Information Security
Ethical hacking & Information SecurityEthical hacking & Information Security
Ethical hacking & Information Security
Ajay Dhamija
 
Internet security
Internet securityInternet security
Internet security
Pokanati SatyaPraveen
 
Computer security
Computer securityComputer security
Computer security
Univ of Salamanca
 
It
ItIt
It
Volkswagen Thane
 
Ethical hacking and cyber security intro
Ethical hacking and cyber security introEthical hacking and cyber security intro
Ethical hacking and cyber security intro
Abhilash Ak
 
Computer & internet Security
Computer & internet SecurityComputer & internet Security
Computer & internet Security
Gerard Lamusse
 
Internet Security
Internet SecurityInternet Security
Internet Security
Peter R. Egli
 
Internet security
Internet securityInternet security
Internet security
Tapan Khilar
 
Computer Security
Computer SecurityComputer Security
Computer Security
William Mann
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
Innocent Korie
 
Internet security
Internet securityInternet security
Internet security
rfukunaga
 
Computer security and privacy
Computer security and privacyComputer security and privacy
Computer security and privacy
eiramespi07
 
Ppt on cyber security
Ppt on cyber securityPpt on cyber security
Ppt on cyber security
Avani Patel
 
Tools and methods used in cybercrime
Tools and methods used in cybercrimeTools and methods used in cybercrime
Tools and methods used in cybercrime
patelripal99
 
091005 Internet Security
091005 Internet Security091005 Internet Security
091005 Internet Security
dkp205
 
Internet Security
Internet SecurityInternet Security
Internet Security
Mitesh Gupta
 
Basic Internet Security
Basic Internet SecurityBasic Internet Security
Basic Internet Security
mfaheemakhtar
 
Computer security
Computer securityComputer security
Computer security
fiza1975
 
Ethical hacking & Information Security
Ethical hacking & Information SecurityEthical hacking & Information Security
Ethical hacking & Information Security
Ajay Dhamija
 
Internet security
Internet securityInternet security
Internet security
Pokanati SatyaPraveen
 
Computer security
Computer securityComputer security
Computer security
Univ of Salamanca
 
It
ItIt
It
Volkswagen Thane
 
Ethical hacking and cyber security intro
Ethical hacking and cyber security introEthical hacking and cyber security intro
Ethical hacking and cyber security intro
Abhilash Ak
 
Computer & internet Security
Computer & internet SecurityComputer & internet Security
Computer & internet Security
Gerard Lamusse
 
Internet Security
Internet SecurityInternet Security
Internet Security
Peter R. Egli
 
Internet security
Internet securityInternet security
Internet security
Tapan Khilar
 
Computer Security
Computer SecurityComputer Security
Computer Security
William Mann
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
Innocent Korie
 
Internet security
Internet securityInternet security
Internet security
rfukunaga
 
Computer security and privacy
Computer security and privacyComputer security and privacy
Computer security and privacy
eiramespi07
 
Ppt on cyber security
Ppt on cyber securityPpt on cyber security
Ppt on cyber security
Avani Patel
 

Viewers also liked (11)

Web security: OWASP project, CSRF threat and solutions
Web security: OWASP project, CSRF threat and solutionsWeb security: OWASP project, CSRF threat and solutions
Web security: OWASP project, CSRF threat and solutions
Fabio Lombardi
 
LAMP security practices
LAMP security practicesLAMP security practices
LAMP security practices
Amit Kejriwal
 
Web application Security
Web application SecurityWeb application Security
Web application Security
Lee C
 
2008: Web Application Security Tutorial
2008: Web Application Security Tutorial2008: Web Application Security Tutorial
2008: Web Application Security Tutorial
Neil Matatall
 
SQL Injection: complete walkthrough (not only) for PHP developers
SQL Injection: complete walkthrough (not only) for PHP developersSQL Injection: complete walkthrough (not only) for PHP developers
SQL Injection: complete walkthrough (not only) for PHP developers
Krzysztof Kotowicz
 
Application Security around OWASP Top 10
Application Security around OWASP Top 10Application Security around OWASP Top 10
Application Security around OWASP Top 10
Sastry Tumuluri
 
End to end web security
End to end web securityEnd to end web security
End to end web security
George Boobyer
 
DemoDay Berlin Partners
DemoDay Berlin PartnersDemoDay Berlin Partners
DemoDay Berlin Partners
Fabio Lombardi
 
Dependency injection in PHP 5.3/5.4
Dependency injection in PHP 5.3/5.4Dependency injection in PHP 5.3/5.4
Dependency injection in PHP 5.3/5.4
Fabien Potencier
 
Cisco Web and Email Security Overview
Cisco Web and Email Security OverviewCisco Web and Email Security Overview
Cisco Web and Email Security Overview
Cisco Security
 
Web Security
Web SecurityWeb Security
Web Security
Bharath Manoharan
 
Web security: OWASP project, CSRF threat and solutions
Web security: OWASP project, CSRF threat and solutionsWeb security: OWASP project, CSRF threat and solutions
Web security: OWASP project, CSRF threat and solutions
Fabio Lombardi
 
LAMP security practices
LAMP security practicesLAMP security practices
LAMP security practices
Amit Kejriwal
 
Web application Security
Web application SecurityWeb application Security
Web application Security
Lee C
 
2008: Web Application Security Tutorial
2008: Web Application Security Tutorial2008: Web Application Security Tutorial
2008: Web Application Security Tutorial
Neil Matatall
 
SQL Injection: complete walkthrough (not only) for PHP developers
SQL Injection: complete walkthrough (not only) for PHP developersSQL Injection: complete walkthrough (not only) for PHP developers
SQL Injection: complete walkthrough (not only) for PHP developers
Krzysztof Kotowicz
 
Application Security around OWASP Top 10
Application Security around OWASP Top 10Application Security around OWASP Top 10
Application Security around OWASP Top 10
Sastry Tumuluri
 
End to end web security
End to end web securityEnd to end web security
End to end web security
George Boobyer
 
DemoDay Berlin Partners
DemoDay Berlin PartnersDemoDay Berlin Partners
DemoDay Berlin Partners
Fabio Lombardi
 
Dependency injection in PHP 5.3/5.4
Dependency injection in PHP 5.3/5.4Dependency injection in PHP 5.3/5.4
Dependency injection in PHP 5.3/5.4
Fabien Potencier
 
Cisco Web and Email Security Overview
Cisco Web and Email Security OverviewCisco Web and Email Security Overview
Cisco Web and Email Security Overview
Cisco Security
 
Web Security
Web SecurityWeb Security
Web Security
Bharath Manoharan
 
Ad

Similar to Tutorial 09 - Security on the Internet and the Web (20)

Computing safety ryr
Computing safety ryrComputing safety ryr
Computing safety ryr
ryrsyd
 
Ch # 10 computer security risks and safe guards
Ch # 10 computer security risks and safe guardsCh # 10 computer security risks and safe guards
Ch # 10 computer security risks and safe guards
MuhammadRobeel3
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
Salma Zafar
 
Cyber security and detailed informat.ppt
Cyber security and detailed informat.pptCyber security and detailed informat.ppt
Cyber security and detailed informat.ppt
raga04269
 
Computer-Security.pptx
Computer-Security.pptxComputer-Security.pptx
Computer-Security.pptx
JoselitoJMebolos
 
Ethical hacking ppt
Ethical hacking pptEthical hacking ppt
Ethical hacking ppt
Nitesh Dubey
 
Network security and viruses
Network security and virusesNetwork security and viruses
Network security and viruses
Aamlan Saswat Mishra
 
7 Types of Cyber Security Threats | The Lifesciences Magazine
7 Types of Cyber Security Threats | The Lifesciences Magazine7 Types of Cyber Security Threats | The Lifesciences Magazine
7 Types of Cyber Security Threats | The Lifesciences Magazine
The Lifesciences Magazine
 
Security and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxSecurity and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docx
edgar6wallace88877
 
Security and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxSecurity and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docx
fathwaitewalter
 
Security & threats Presentation => (Presenter: Komal Mehfooz)
Security & threats Presentation => (Presenter: Komal Mehfooz) Security & threats Presentation => (Presenter: Komal Mehfooz)
Security & threats Presentation => (Presenter: Komal Mehfooz)
Komal Mehfooz
 
Computer security and_privacy_2010-2011
Computer security and_privacy_2010-2011Computer security and_privacy_2010-2011
Computer security and_privacy_2010-2011
lbcollins18
 
Common Types of Cyber Attacks & How to Prevent Them.pptx
Common Types of Cyber Attacks & How to Prevent Them.pptxCommon Types of Cyber Attacks & How to Prevent Them.pptx
Common Types of Cyber Attacks & How to Prevent Them.pptx
KalponikPrem
 
Mim Attack Essay
Mim Attack EssayMim Attack Essay
Mim Attack Essay
Haley Johnson
 
Lecture2-InforSec-Computer and Internet security.pptx
Lecture2-InforSec-Computer and Internet security.pptxLecture2-InforSec-Computer and Internet security.pptx
Lecture2-InforSec-Computer and Internet security.pptx
markhorid1
 
Computer security ethics_and_privacy
Computer security ethics_and_privacyComputer security ethics_and_privacy
Computer security ethics_and_privacy
Ardit Meti
 
Chapter 5.pptx
Chapter 5.pptxChapter 5.pptx
Chapter 5.pptx
Wollo UNiversity
 
Computer security threats & prevention
Computer security threats & preventionComputer security threats & prevention
Computer security threats & prevention
PriSim
 
Cyber security
Cyber securityCyber security
Cyber security
Sajid Hasan
 
Cyber security
Cyber securityCyber security
Cyber security
Sajid Hasan
 
Computing safety ryr
Computing safety ryrComputing safety ryr
Computing safety ryr
ryrsyd
 
Ch # 10 computer security risks and safe guards
Ch # 10 computer security risks and safe guardsCh # 10 computer security risks and safe guards
Ch # 10 computer security risks and safe guards
MuhammadRobeel3
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
Salma Zafar
 
Cyber security and detailed informat.ppt
Cyber security and detailed informat.pptCyber security and detailed informat.ppt
Cyber security and detailed informat.ppt
raga04269
 
Computer-Security.pptx
Computer-Security.pptxComputer-Security.pptx
Computer-Security.pptx
JoselitoJMebolos
 
Ethical hacking ppt
Ethical hacking pptEthical hacking ppt
Ethical hacking ppt
Nitesh Dubey
 
Network security and viruses
Network security and virusesNetwork security and viruses
Network security and viruses
Aamlan Saswat Mishra
 
7 Types of Cyber Security Threats | The Lifesciences Magazine
7 Types of Cyber Security Threats | The Lifesciences Magazine7 Types of Cyber Security Threats | The Lifesciences Magazine
7 Types of Cyber Security Threats | The Lifesciences Magazine
The Lifesciences Magazine
 
Security and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxSecurity and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docx
edgar6wallace88877
 
Security and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxSecurity and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docx
fathwaitewalter
 
Security & threats Presentation => (Presenter: Komal Mehfooz)
Security & threats Presentation => (Presenter: Komal Mehfooz) Security & threats Presentation => (Presenter: Komal Mehfooz)
Security & threats Presentation => (Presenter: Komal Mehfooz)
Komal Mehfooz
 
Computer security and_privacy_2010-2011
Computer security and_privacy_2010-2011Computer security and_privacy_2010-2011
Computer security and_privacy_2010-2011
lbcollins18
 
Common Types of Cyber Attacks & How to Prevent Them.pptx
Common Types of Cyber Attacks & How to Prevent Them.pptxCommon Types of Cyber Attacks & How to Prevent Them.pptx
Common Types of Cyber Attacks & How to Prevent Them.pptx
KalponikPrem
 
Mim Attack Essay
Mim Attack EssayMim Attack Essay
Mim Attack Essay
Haley Johnson
 
Lecture2-InforSec-Computer and Internet security.pptx
Lecture2-InforSec-Computer and Internet security.pptxLecture2-InforSec-Computer and Internet security.pptx
Lecture2-InforSec-Computer and Internet security.pptx
markhorid1
 
Computer security ethics_and_privacy
Computer security ethics_and_privacyComputer security ethics_and_privacy
Computer security ethics_and_privacy
Ardit Meti
 
Chapter 5.pptx
Chapter 5.pptxChapter 5.pptx
Chapter 5.pptx
Wollo UNiversity
 
Computer security threats & prevention
Computer security threats & preventionComputer security threats & prevention
Computer security threats & prevention
PriSim
 
Cyber security
Cyber securityCyber security
Cyber security
Sajid Hasan
 
Cyber security
Cyber securityCyber security
Cyber security
Sajid Hasan
 
Ad

More from dpd (20)

CCC PT Faculty Unemployment Benefits
CCC PT Faculty Unemployment BenefitsCCC PT Faculty Unemployment Benefits
CCC PT Faculty Unemployment Benefits
dpd
 
CSCI 16 ~ Tutorial 01
CSCI 16 ~ Tutorial 01CSCI 16 ~ Tutorial 01
CSCI 16 ~ Tutorial 01
dpd
 
BA 65 Hour 6 ~ Business Operations and Practice
BA 65 Hour 6 ~ Business Operations and PracticeBA 65 Hour 6 ~ Business Operations and Practice
BA 65 Hour 6 ~ Business Operations and Practice
dpd
 
BA 65 Hour 5 ~ Creating an Ecommerce Site
BA 65 Hour 5 ~ Creating an Ecommerce SiteBA 65 Hour 5 ~ Creating an Ecommerce Site
BA 65 Hour 5 ~ Creating an Ecommerce Site
dpd
 
BA 65 Hour 4 ~ Promoting Your Site
BA 65 Hour 4 ~ Promoting Your SiteBA 65 Hour 4 ~ Promoting Your Site
BA 65 Hour 4 ~ Promoting Your Site
dpd
 
test
testtest
test
dpd
 
Chapter 14 - Operations, Quality, and Productivity
Chapter 14 - Operations, Quality, and ProductivityChapter 14 - Operations, Quality, and Productivity
Chapter 14 - Operations, Quality, and Productivity
dpd
 
Tutorial 10 - Electronic Commerce
Tutorial 10 - Electronic CommerceTutorial 10 - Electronic Commerce
Tutorial 10 - Electronic Commerce
dpd
 
Tutorial 8 - Creating Effective Web Pages
Tutorial 8 - Creating Effective Web PagesTutorial 8 - Creating Effective Web Pages
Tutorial 8 - Creating Effective Web Pages
dpd
 
Chapter 13 - Control Systems: Financial and Human
Chapter 13 - Control Systems: Financial and HumanChapter 13 - Control Systems: Financial and Human
Chapter 13 - Control Systems: Financial and Human
dpd
 
Chapter 12 - Team Leadership
Chapter 12 - Team LeadershipChapter 12 - Team Leadership
Chapter 12 - Team Leadership
dpd
 
Chapter 11 - Motivating for High Performance
Chapter 11 - Motivating for High PerformanceChapter 11 - Motivating for High Performance
Chapter 11 - Motivating for High Performance
dpd
 
Chapter 10 - Communicating and Informatiion Technology
Chapter 10 - Communicating and Informatiion TechnologyChapter 10 - Communicating and Informatiion Technology
Chapter 10 - Communicating and Informatiion Technology
dpd
 
Chapter 9 - Leading with Influence
Chapter 9 - Leading with InfluenceChapter 9 - Leading with Influence
Chapter 9 - Leading with Influence
dpd
 
Chapter 8 - Organizational Behavior: Power, Politics, Conflict, and Stress
Chapter 8 - Organizational Behavior: Power, Politics, Conflict, and StressChapter 8 - Organizational Behavior: Power, Politics, Conflict, and Stress
Chapter 8 - Organizational Behavior: Power, Politics, Conflict, and Stress
dpd
 
Chapter 7 - Human Resource Management
Chapter 7 - Human Resource ManagementChapter 7 - Human Resource Management
Chapter 7 - Human Resource Management
dpd
 
Tutorial 7 - Wireless Networking and Security
Tutorial 7 - Wireless Networking and SecurityTutorial 7 - Wireless Networking and Security
Tutorial 7 - Wireless Networking and Security
dpd
 
Tutorial 6 - User-Generated Content on the Internet
Tutorial 6 - User-Generated Content on the InternetTutorial 6 - User-Generated Content on the Internet
Tutorial 6 - User-Generated Content on the Internet
dpd
 
Hour 7
Hour 7Hour 7
Hour 7
dpd
 
Hour 6
Hour 6Hour 6
Hour 6
dpd
 
CCC PT Faculty Unemployment Benefits
CCC PT Faculty Unemployment BenefitsCCC PT Faculty Unemployment Benefits
CCC PT Faculty Unemployment Benefits
dpd
 
CSCI 16 ~ Tutorial 01
CSCI 16 ~ Tutorial 01CSCI 16 ~ Tutorial 01
CSCI 16 ~ Tutorial 01
dpd
 
BA 65 Hour 6 ~ Business Operations and Practice
BA 65 Hour 6 ~ Business Operations and PracticeBA 65 Hour 6 ~ Business Operations and Practice
BA 65 Hour 6 ~ Business Operations and Practice
dpd
 
BA 65 Hour 5 ~ Creating an Ecommerce Site
BA 65 Hour 5 ~ Creating an Ecommerce SiteBA 65 Hour 5 ~ Creating an Ecommerce Site
BA 65 Hour 5 ~ Creating an Ecommerce Site
dpd
 
BA 65 Hour 4 ~ Promoting Your Site
BA 65 Hour 4 ~ Promoting Your SiteBA 65 Hour 4 ~ Promoting Your Site
BA 65 Hour 4 ~ Promoting Your Site
dpd
 
test
testtest
test
dpd
 
Chapter 14 - Operations, Quality, and Productivity
Chapter 14 - Operations, Quality, and ProductivityChapter 14 - Operations, Quality, and Productivity
Chapter 14 - Operations, Quality, and Productivity
dpd
 
Tutorial 10 - Electronic Commerce
Tutorial 10 - Electronic CommerceTutorial 10 - Electronic Commerce
Tutorial 10 - Electronic Commerce
dpd
 
Tutorial 8 - Creating Effective Web Pages
Tutorial 8 - Creating Effective Web PagesTutorial 8 - Creating Effective Web Pages
Tutorial 8 - Creating Effective Web Pages
dpd
 
Chapter 13 - Control Systems: Financial and Human
Chapter 13 - Control Systems: Financial and HumanChapter 13 - Control Systems: Financial and Human
Chapter 13 - Control Systems: Financial and Human
dpd
 
Chapter 12 - Team Leadership
Chapter 12 - Team LeadershipChapter 12 - Team Leadership
Chapter 12 - Team Leadership
dpd
 
Chapter 11 - Motivating for High Performance
Chapter 11 - Motivating for High PerformanceChapter 11 - Motivating for High Performance
Chapter 11 - Motivating for High Performance
dpd
 
Chapter 10 - Communicating and Informatiion Technology
Chapter 10 - Communicating and Informatiion TechnologyChapter 10 - Communicating and Informatiion Technology
Chapter 10 - Communicating and Informatiion Technology
dpd
 
Chapter 9 - Leading with Influence
Chapter 9 - Leading with InfluenceChapter 9 - Leading with Influence
Chapter 9 - Leading with Influence
dpd
 
Chapter 8 - Organizational Behavior: Power, Politics, Conflict, and Stress
Chapter 8 - Organizational Behavior: Power, Politics, Conflict, and StressChapter 8 - Organizational Behavior: Power, Politics, Conflict, and Stress
Chapter 8 - Organizational Behavior: Power, Politics, Conflict, and Stress
dpd
 
Chapter 7 - Human Resource Management
Chapter 7 - Human Resource ManagementChapter 7 - Human Resource Management
Chapter 7 - Human Resource Management
dpd
 
Tutorial 7 - Wireless Networking and Security
Tutorial 7 - Wireless Networking and SecurityTutorial 7 - Wireless Networking and Security
Tutorial 7 - Wireless Networking and Security
dpd
 
Tutorial 6 - User-Generated Content on the Internet
Tutorial 6 - User-Generated Content on the InternetTutorial 6 - User-Generated Content on the Internet
Tutorial 6 - User-Generated Content on the Internet
dpd
 
Hour 7
Hour 7Hour 7
Hour 7
dpd
 
Hour 6
Hour 6Hour 6
Hour 6
dpd
 

Recently uploaded (20)

machines-for-woodworking-shops-en-compressed.pdf
machines-for-woodworking-shops-en-compressed.pdfmachines-for-woodworking-shops-en-compressed.pdf
machines-for-woodworking-shops-en-compressed.pdf
AmirStern2
 
IT488 Wireless Sensor Networks_Information Technology
IT488 Wireless Sensor Networks_Information TechnologyIT488 Wireless Sensor Networks_Information Technology
IT488 Wireless Sensor Networks_Information Technology
SHEHABALYAMANI
 
Unlocking Generative AI in your Web Apps
Unlocking Generative AI in your Web AppsUnlocking Generative AI in your Web Apps
Unlocking Generative AI in your Web Apps
Maximiliano Firtman
 
How to Install & Activate ListGrabber - eGrabber
How to Install & Activate ListGrabber - eGrabberHow to Install & Activate ListGrabber - eGrabber
How to Install & Activate ListGrabber - eGrabber
eGrabber
 
Enterprise Integration Is Dead! Long Live AI-Driven Integration with Apache C...
Enterprise Integration Is Dead! Long Live AI-Driven Integration with Apache C...Enterprise Integration Is Dead! Long Live AI-Driven Integration with Apache C...
Enterprise Integration Is Dead! Long Live AI-Driven Integration with Apache C...
Markus Eisele
 
RTP Over QUIC: An Interesting Opportunity Or Wasted Time?
RTP Over QUIC: An Interesting Opportunity Or Wasted Time?RTP Over QUIC: An Interesting Opportunity Or Wasted Time?
RTP Over QUIC: An Interesting Opportunity Or Wasted Time?
Lorenzo Miniero
 
Could Virtual Threads cast away the usage of Kotlin Coroutines - DevoxxUK2025
Could Virtual Threads cast away the usage of Kotlin Coroutines - DevoxxUK2025Could Virtual Threads cast away the usage of Kotlin Coroutines - DevoxxUK2025
Could Virtual Threads cast away the usage of Kotlin Coroutines - DevoxxUK2025
João Esperancinha
 
Shoehorning dependency injection into a FP language, what does it take?
Shoehorning dependency injection into a FP language, what does it take?Shoehorning dependency injection into a FP language, what does it take?
Shoehorning dependency injection into a FP language, what does it take?
Eric Torreborre
 
Config 2025 presentation recap covering both days
Config 2025 presentation recap covering both daysConfig 2025 presentation recap covering both days
Config 2025 presentation recap covering both days
TrishAntoni1
 
On-Device or Remote? On the Energy Efficiency of Fetching LLM-Generated Conte...
On-Device or Remote? On the Energy Efficiency of Fetching LLM-Generated Conte...On-Device or Remote? On the Energy Efficiency of Fetching LLM-Generated Conte...
On-Device or Remote? On the Energy Efficiency of Fetching LLM-Generated Conte...
Ivano Malavolta
 
Everything You Need to Know About Agentforce? (Put AI Agents to Work)
Everything You Need to Know About Agentforce? (Put AI Agents to Work)Everything You Need to Know About Agentforce? (Put AI Agents to Work)
Everything You Need to Know About Agentforce? (Put AI Agents to Work)
Cyntexa
 
GDG Cloud Southlake #42: Suresh Mathew: Autonomous Resource Optimization: How...
GDG Cloud Southlake #42: Suresh Mathew: Autonomous Resource Optimization: How...GDG Cloud Southlake #42: Suresh Mathew: Autonomous Resource Optimization: How...
GDG Cloud Southlake #42: Suresh Mathew: Autonomous Resource Optimization: How...
James Anderson
 
Integrating FME with Python: Tips, Demos, and Best Practices for Powerful Aut...
Integrating FME with Python: Tips, Demos, and Best Practices for Powerful Aut...Integrating FME with Python: Tips, Demos, and Best Practices for Powerful Aut...
Integrating FME with Python: Tips, Demos, and Best Practices for Powerful Aut...
Safe Software
 
Top-AI-Based-Tools-for-Game-Developers (1).pptx
Top-AI-Based-Tools-for-Game-Developers (1).pptxTop-AI-Based-Tools-for-Game-Developers (1).pptx
Top-AI-Based-Tools-for-Game-Developers (1).pptx
BR Softech
 
UiPath Automation Suite – Cas d'usage d'une NGO internationale basée à Genève
UiPath Automation Suite – Cas d'usage d'une NGO internationale basée à GenèveUiPath Automation Suite – Cas d'usage d'une NGO internationale basée à Genève
UiPath Automation Suite – Cas d'usage d'une NGO internationale basée à Genève
UiPathCommunity
 
Cybersecurity Threat Vectors and Mitigation
Cybersecurity Threat Vectors and MitigationCybersecurity Threat Vectors and Mitigation
Cybersecurity Threat Vectors and Mitigation
VICTOR MAESTRE RAMIREZ
 
Mastering Testing in the Modern F&B Landscape
Mastering Testing in the Modern F&B LandscapeMastering Testing in the Modern F&B Landscape
Mastering Testing in the Modern F&B Landscape
marketing943205
 
Q1 2025 Dropbox Earnings and Investor Presentation
Q1 2025 Dropbox Earnings and Investor PresentationQ1 2025 Dropbox Earnings and Investor Presentation
Q1 2025 Dropbox Earnings and Investor Presentation
Dropbox
 
An Overview of Salesforce Health Cloud & How is it Transforming Patient Care
An Overview of Salesforce Health Cloud & How is it Transforming Patient CareAn Overview of Salesforce Health Cloud & How is it Transforming Patient Care
An Overview of Salesforce Health Cloud & How is it Transforming Patient Care
Cyntexa
 
Kit-Works Team Study_아직도 Dockefile.pdf_김성호
Kit-Works Team Study_아직도 Dockefile.pdf_김성호Kit-Works Team Study_아직도 Dockefile.pdf_김성호
Kit-Works Team Study_아직도 Dockefile.pdf_김성호
Wonjun Hwang
 
machines-for-woodworking-shops-en-compressed.pdf
machines-for-woodworking-shops-en-compressed.pdfmachines-for-woodworking-shops-en-compressed.pdf
machines-for-woodworking-shops-en-compressed.pdf
AmirStern2
 
IT488 Wireless Sensor Networks_Information Technology
IT488 Wireless Sensor Networks_Information TechnologyIT488 Wireless Sensor Networks_Information Technology
IT488 Wireless Sensor Networks_Information Technology
SHEHABALYAMANI
 
Unlocking Generative AI in your Web Apps
Unlocking Generative AI in your Web AppsUnlocking Generative AI in your Web Apps
Unlocking Generative AI in your Web Apps
Maximiliano Firtman
 
How to Install & Activate ListGrabber - eGrabber
How to Install & Activate ListGrabber - eGrabberHow to Install & Activate ListGrabber - eGrabber
How to Install & Activate ListGrabber - eGrabber
eGrabber
 
Enterprise Integration Is Dead! Long Live AI-Driven Integration with Apache C...
Enterprise Integration Is Dead! Long Live AI-Driven Integration with Apache C...Enterprise Integration Is Dead! Long Live AI-Driven Integration with Apache C...
Enterprise Integration Is Dead! Long Live AI-Driven Integration with Apache C...
Markus Eisele
 
RTP Over QUIC: An Interesting Opportunity Or Wasted Time?
RTP Over QUIC: An Interesting Opportunity Or Wasted Time?RTP Over QUIC: An Interesting Opportunity Or Wasted Time?
RTP Over QUIC: An Interesting Opportunity Or Wasted Time?
Lorenzo Miniero
 
Could Virtual Threads cast away the usage of Kotlin Coroutines - DevoxxUK2025
Could Virtual Threads cast away the usage of Kotlin Coroutines - DevoxxUK2025Could Virtual Threads cast away the usage of Kotlin Coroutines - DevoxxUK2025
Could Virtual Threads cast away the usage of Kotlin Coroutines - DevoxxUK2025
João Esperancinha
 
Shoehorning dependency injection into a FP language, what does it take?
Shoehorning dependency injection into a FP language, what does it take?Shoehorning dependency injection into a FP language, what does it take?
Shoehorning dependency injection into a FP language, what does it take?
Eric Torreborre
 
Config 2025 presentation recap covering both days
Config 2025 presentation recap covering both daysConfig 2025 presentation recap covering both days
Config 2025 presentation recap covering both days
TrishAntoni1
 
On-Device or Remote? On the Energy Efficiency of Fetching LLM-Generated Conte...
On-Device or Remote? On the Energy Efficiency of Fetching LLM-Generated Conte...On-Device or Remote? On the Energy Efficiency of Fetching LLM-Generated Conte...
On-Device or Remote? On the Energy Efficiency of Fetching LLM-Generated Conte...
Ivano Malavolta
 
Everything You Need to Know About Agentforce? (Put AI Agents to Work)
Everything You Need to Know About Agentforce? (Put AI Agents to Work)Everything You Need to Know About Agentforce? (Put AI Agents to Work)
Everything You Need to Know About Agentforce? (Put AI Agents to Work)
Cyntexa
 
GDG Cloud Southlake #42: Suresh Mathew: Autonomous Resource Optimization: How...
GDG Cloud Southlake #42: Suresh Mathew: Autonomous Resource Optimization: How...GDG Cloud Southlake #42: Suresh Mathew: Autonomous Resource Optimization: How...
GDG Cloud Southlake #42: Suresh Mathew: Autonomous Resource Optimization: How...
James Anderson
 
Integrating FME with Python: Tips, Demos, and Best Practices for Powerful Aut...
Integrating FME with Python: Tips, Demos, and Best Practices for Powerful Aut...Integrating FME with Python: Tips, Demos, and Best Practices for Powerful Aut...
Integrating FME with Python: Tips, Demos, and Best Practices for Powerful Aut...
Safe Software
 
Top-AI-Based-Tools-for-Game-Developers (1).pptx
Top-AI-Based-Tools-for-Game-Developers (1).pptxTop-AI-Based-Tools-for-Game-Developers (1).pptx
Top-AI-Based-Tools-for-Game-Developers (1).pptx
BR Softech
 
UiPath Automation Suite – Cas d'usage d'une NGO internationale basée à Genève
UiPath Automation Suite – Cas d'usage d'une NGO internationale basée à GenèveUiPath Automation Suite – Cas d'usage d'une NGO internationale basée à Genève
UiPath Automation Suite – Cas d'usage d'une NGO internationale basée à Genève
UiPathCommunity
 
Cybersecurity Threat Vectors and Mitigation
Cybersecurity Threat Vectors and MitigationCybersecurity Threat Vectors and Mitigation
Cybersecurity Threat Vectors and Mitigation
VICTOR MAESTRE RAMIREZ
 
Mastering Testing in the Modern F&B Landscape
Mastering Testing in the Modern F&B LandscapeMastering Testing in the Modern F&B Landscape
Mastering Testing in the Modern F&B Landscape
marketing943205
 
Q1 2025 Dropbox Earnings and Investor Presentation
Q1 2025 Dropbox Earnings and Investor PresentationQ1 2025 Dropbox Earnings and Investor Presentation
Q1 2025 Dropbox Earnings and Investor Presentation
Dropbox
 
An Overview of Salesforce Health Cloud & How is it Transforming Patient Care
An Overview of Salesforce Health Cloud & How is it Transforming Patient CareAn Overview of Salesforce Health Cloud & How is it Transforming Patient Care
An Overview of Salesforce Health Cloud & How is it Transforming Patient Care
Cyntexa
 
Kit-Works Team Study_아직도 Dockefile.pdf_김성호
Kit-Works Team Study_아직도 Dockefile.pdf_김성호Kit-Works Team Study_아직도 Dockefile.pdf_김성호
Kit-Works Team Study_아직도 Dockefile.pdf_김성호
Wonjun Hwang
 

Tutorial 09 - Security on the Internet and the Web

  • 1. Security on the Internet and the Web Security Threats and Countermeasures Tutorial 9
  • 2. Objectives Understand the basics of security: secrecy, integrity, and necessity. Understand what hackers and crackers can do and why they do it. Learn about the dangers of online crime, warfare, and terrorism. Investigate how to protect copyrighted materials that are published on the Internet.
  • 3. Objectives Understand Web client threats and countermeasures. Learn about online communication channel threats and countermeasures. Find out how to get more information and current updates about online security.
  • 4. Understanding Security Basics: Secrecy, Integrity, and Necessity Security is broadly defined as the protection of assets from unauthorized access, use, alteration, or destruction. Physical security includes tangible protection devices, such as locks, alarms, fireproof doors, security fences, safes or vaults, and bombproof buildings. Protection of assets using non-physical means is called logical security . Logical security may also be broadly called computer security .
  • 5. Understanding Security Basics: Secrecy, Integrity, and Necessity Any act or object that endangers an asset is known as a threat . Countermeasure is the general name for a procedure, either physical or logical, that recognizes, reduces, or eliminates a threat. Countermeasures can recognize and manage threats or they can eliminate them. An individual or organization can ignore threats that are deemed low risk and less likely to occur when the cost to protect against the threat exceeds the value of the protected asset.
  • 6. Risk Management Model New Perspectives on The Internet, Sixth Edition—Comprehensive Tutorial 9
  • 7. Understanding Security Basics: Secrecy, Integrity, and Necessity To implement a good security scheme, you identify the risk, determine how you will protect the affected asset, and calculate the cost of the resources you can allocate to protect the asset. Computer security can be classified into several categories: Secrecy Integrity Necessity
  • 8. Understanding Security Basics: Secrecy, Integrity, and Necessity Secrecy prevents unauthorized data disclosure and ensures the authenticity of the data’s source. Integrity prevents unauthorized data modification. Necessity prevents data delays (slowing down the transmission of data) or denials (preventing data from getting to its destinations. Internet users and businesses with Web sites need to take appropriate countermeasures in each of these three categories to protect themselves and the computers they use to connect to the Internet.
  • 9. Secrecy and Encryption Encryption : the process of coding information using a mathematical-based program and a secret key to produce a string of characters that is unreadable. Decryption : the process of reversing encrypted text is called. Cipher text : encrypted information. Plain text : unencrypted information. Cryptography : the study of ways to secure information.
  • 10. Secrecy and Encryption Private-key encryption ( symmetric encryption ): uses a single key that is known by the sender and receiver the key might be a password or a number generated by a special device works well in a highly controlled environment.
  • 11. Private-key (Symmetric) Encryption New Perspectives on The Internet, Sixth Edition—Comprehensive Tutorial 9
  • 12. Secrecy and Encryption Public-key encryption ( asymmetric encryption ): uses a public key and a private or secret key the public key is known to everyone the private or secret key is known only to the person who owns both keys each person has a private key that is secret and a public key that is shared with other users messages encrypted with a private key must be decrypted with the public key, and vice versa
  • 13. Public-key (Asymmetric) Encryption New Perspectives on The Internet, Sixth Edition—Comprehensive Tutorial 9
  • 14. Secrecy and Encryption Encryption is considered to be weak or strong based on its algorithm and the number of characters in the encryption key. Algorithm : a formula or set of steps to solve a particular problem. Strong keys : keys that are 128 bits long are called. Most browsers use 128-bit encryption when they are in secure mode, which is also called strong encryption .
  • 15. Integrity An integrity threat occurs when an unauthorized party has the chance to alter data while it is being transferred over the Internet or while it is stored on a computer. Man-in-the-middle exploit : when an e-mail message is intercepted and its contents are changed before it is forwarded to its original destination. The most visible integrity threats have been from Trojan horses, viruses, and worms that attack computers and the programs they run.
  • 16. Integrity Trojan horse : a small program hidden inside another program claims to be a legitimate program that accomplishes some task when, in fact, it causes harm when the user accesses or downloads the program in which it is hidden when you execute the program you thought you downloaded (or received via e-mail as an attachment), it secretly launches a separate Trojan horse program, which quietly does its damage. Antivirus software programs and firewalls cannot guarantee that your computer is protected from this type of attack. Be careful not to execute a file that you did not request and download software only from trusted sources.
  • 17. Integrity Worm : a self-replicating program usually hidden within another file and then sent as an e-mail attachment can replicate itself on a computer or server, but it cannot infect other files Viruses can spoof the From line of an e-mail message using the name of someone you know. The default filename view setting in Windows hides the filename extension. Many computer security experts recommend that users change this default setting in Windows when it is possible so you can tell if a file is an executable program.
  • 18. Integrity Antivirus software can prevent the spread of viruses, worms, and Trojan horses by blocking them from being downloaded from the server. Two vendors that provide a full range of antivirus products are Symantec and McAfee.
  • 19. Integrity The best defenses against Trojan horses, viruses, and worms are the following: display Windows filename extensions computers so that you can determine the type of each file you download. avoid opening attachments that you did not expect (even if they are from senders that are known and trusted) install antivirus programs keep those antivirus programs updated regularly
  • 20. Necessity Necessity occurs when a cracker uses a program to disrupt normal computer processing or, possibly, to deny processing entirely. Packet flooding attack ( denial of service (DoS) attack ): occurs when a cracker bombards a server or other computer with messages in an attempt to consume the network’s bandwidth resources works by sending such a large number of messages to a Web server that it cannot answer properly
  • 21. Necessity Distributed denial of service (DDoS) attack : the perpetrator uses a large number of computers that each launch a DoS attack on one Web server at the same time most DDoS attacks are launched after the attacking computers are infected with Trojan horse programs. Each Trojan horse is coded to open and launch a DoS attack at exactly the same date and time zombies : computers “hijacked” by a Trojan horse used to help a DDoS attack A company can defend its Web server from DoS and DDoS attacks by adding a filter to its Internet connection between the Web server and the router that connects it to the Internet.
  • 22. Online Crime, Warfare, and Terrorism Most people who use the Internet are honest, hard-working people who use the technology for legitimate purposes. Unfortunately, some people use the Internet for all manner of illegal and unethical purposes. It is important to know about these uses because that knowledge can help prevent such use or limit the damage caused.
  • 23. Hackers, Crackers, and Script Kiddies Cracker : a technologically skilled person who uses his or her skills to obtain unauthorized entry into computers or networks of computers. damage the system’s software, or even do harm to the system’s hardware. Computer forensics experts ( ethical hackers ): computer professionals hired to break into client computers and probe the computers to locate information that can be used in legal proceedings.
  • 24. Hackers, Crackers, and Script Kiddies Hacker : a dedicated programmer who enjoyed writing complex code that tested the limits of technology computer professionals consider being called a hacker a compliment; the media and the general public often use the term to describe those who use their skills for ill purposes the terms white hat hacker and black hat hacker make the distinction between those who use their skills for good and those who use their talents to commit illegal acts.
  • 25. Hackers, Crackers, and Script Kiddies Virus tool kits : script-writing programs that allow novices to create their own viruses, worms, and Trojan horses menu-driven tools that give almost anyone the ability to generate troublesome programs without the need to write a single line of code Script kiddies : a derisive term coined by crackers who have programming skills to describe people who use virus tool kits.
  • 26. Online Theft, Identity Theft and the Ethics of Privacy An increasing amount of personal information is stored on the Web by other parties, such as banks, credit card issuers, credit reporting agencies, physician’s offices, hospitals, and government agencies. As more companies store valuable information on computers that are connected to the Internet, opportunities for theft of that information increase. This is especially true when companies lose control of the data they collect on their customers (and other people).
  • 27. Online Theft, Identity Theft and the Ethics of Privacy Social Security number Driver’s license number Credit card numbers CW2 numbers (the three- or four-digit security code printed on a credit card) Passwords (or PINs) Credit reports Date of birth ATM (or debit) card numbers Telephone calling card numbers Mortgage (or other loan) information Telephone numbers Home address Employer address The kinds of personal information that criminals most want to obtain include:
  • 28. Online Theft, Identity Theft and the Ethics of Privacy Identity theft : a type of crime in which a thief steals a person’s entire credit record and then uses the victim’s personal information to open bank accounts, new credit cards, and buy expensive goods on credit. By the time the victim finds out that his or her identity has been stolen, the thief is long gone with the cash and the goods. If you are the victim of identity theft, you must act quickly to contact the credit reporting agencies, every financial institution at which you have an account, and the issuer of every credit card you hold.
  • 29. Online Extortion Some perpetrators threaten to launch DoS attacks against a company unless a “fee” is paid; many smaller companies simply pay the extortionists and do not even report the crime. Other perpetrators break into a company’s systems, steal confidential information, and then threaten to release the information unless they are paid. Smaller companies are easier targets because they generally do not have strong security in place, but larger organizations are not immune to these attacks.
  • 30. Other Online Crimes Enforcing laws against distribution of pornographic material online in the United States has been difficult. a difficult question arises regarding which community standards might apply to the sale international transactions raise even more difficult questions about which laws should determine the legality of the sale The U.S. Supreme Court has ruled that state and local courts can draw the line based on local community standards
  • 31. Other Online Crimes A similar issue arises in the case of online gambling. If people in California use their computers to connect to an offshore gambling site, it is unclear where the gambling activity occurs. Several states have passed laws that specifically outlaw Internet gambling, but the ability of those states to enforce laws that limit Internet activities is not yet clear. The U.S. Federal government has outlawed all online gambling activities by its citizens, but enforcement is difficult and the constitutionality of such laws has not been tested.
  • 32. Organized Crime Online Organized crime ( racketeering ): unlawful activities conducted by a highly organized, disciplined association for profit. The Internet has opened new opportunities for organized crime. Large criminal organizations can be efficient perpetrators of identity theft because they can exploit large amounts of personal information (obtained, for example, from a cracker who broke into a company’s Web server) quickly and efficiently. These criminal organizations often sell or trade information that they cannot use immediately to other organized crime entities around the world.
  • 33. Online Espionage, Warfare, and Terrorism Industrial espionage : a type of spying in which countries attempt to gain information from private businesses to capture intellectual property that can be taken home and used in industries there when this information is stored in computers that are connected to the Internet or when it is transmitted via the Internet, it can become the target of online espionage efforts Many Internet security experts believe that we are at the dawn of a new age of terrorism and warfare that could be carried out or coordinated through the Internet.
  • 34. Copyright & Intellectual Property Threats and Countermeasures Safeguarding copyright and intellectual property rights are also security issues. Intellectual property threats are a large problem due to the Internet and the relative ease with which one can use existing material without the owner’s permission. It is very simple to reproduce an exact copy of anything you find on the Internet. Many people are naïve or unaware of copyright restrictions that protect intellectual property.
  • 35. Copyright & Intellectual Property Threats and Countermeasures Digital watermark : a process that inserts a digital pattern containing copyright information into a digital image, animation, or audio or video file. Steganography : a process that hides an encrypted message within different types of files can be used to add copyright information to different types of files
  • 36. Web Client Security A good place to start applying security principles in on PCs connected to the Internet ( Web clients ). There are specific security threats and countermeasures for Web clients, the communication channel that connects Web clients to Web servers, and the Web servers themselves.
  • 37. Active Content: Java, JavaScript, and ActiveX Active content : programs that travel with applications to a browser and execute on the user’s computer. Java applet : a program written in the Java programming language that could execute and consume a computer’s resources. JavaScript program : a program that could execute on the user’s computer and can run without being compiled.
  • 38. Active Content: Java, JavaScript, and ActiveX ActiveX components : Microsoft’s technology for writing small applications that perform some action in Web pages; these components have full access to a computer’s file system. only work in Internet Explorer and other browsers that use the Internet Explorer code base in some way. Firefox, which does not use any part of the Internet Explorer code base, will not run a beneficial ActiveX component, nor can it be attacked by a malicious ActiveX component
  • 39. Managing Cookies A cookie is a small text file that a Web server creates and stores on your computer’s hard drive. Clickstream : the links you click while visiting the Web site A cookie might store information about your clickstream, the products you purchase, or personal information that you provide to the site. Some cookies are removed automatically when you leave a Web site ( a session-only cookie ) .
  • 40. Managing Cookies Many Web sites use cookies to make their sites easier to navigate. A cookie is not a program and it can only store information that you provide to the Web site that creates it. Sometimes you provide the data openly, and at other times, the cookie might silently record your behavior at a Web site. Only the Web site that stored the cookie on your hard drive can read it, and it cannot read other cookies on your hard drive or any other file on your computer.
  • 41. Managing Cookies Cookies can represent a security threat for some users, especially those who access the site from a public computer. Internet users can control the storage of cookies on their computer’s hard drive by changing their browser’s settings. The best way to prevent another user from gaining access to information is to make sure that you do not leave an electronic trail to its path. Internet Explorer stores cookies in the C:\Windows\Cookies folder. Firefox stores cookies in a file named cookies.txt on the user’s hard drive.
  • 42. Managing Cookies in Internet Explorer New Perspectives on The Internet, Sixth Edition—Comprehensive Tutorial 9
  • 43. Managing Cookies in Firefox New Perspectives on The Internet, Sixth Edition—Comprehensive Tutorial 9
  • 44. Web Bugs Web bug ( clear GIF or transparent GIF ): a small (one pixel), hidden graphic on a Web page or in an e-mail message that is designed to work in conjunction with a cookie to obtain information about the person viewing the page or e-mail message and to send the information to a third party. When the user loads the Web page that contains this code, the browser downloads the hidden graphic. This process can identify your IP address, the Web site you last visited, and other information about your use of the site in which the clear GIF file has been embedded and record it in the cookie file.
  • 45. Web Bugs New Perspectives on The Internet, Sixth Edition—Comprehensive Tutorial 9 HTML document containing a Web bug Web page containing a Web bug
  • 46. Adware and Spyware: Ethical Issues Adware : a general category of software that includes advertisements to help pay for the product in which they appear. In many freeware and shareware programs, adware provides opportunities for developers to offer software at little or no cost to the user. Adware usually does not cause any security threats because the user is aware of the ads and the parties responsible for including them are clearly identified in the programs.
  • 47. Adware and Spyware: Ethical Issues Spyware : a category of adware in which the user has little control over or knowledge of the ads and other monitoring features it contains. Spyware occurs in situations where a developer has sold ads to a third party or embedded other features in the program. A Web bug is an example of spyware because the clear GIF and its actions are hidden from the user.
  • 48. Adware and Spyware: Ethical Issues One way to protect computers from the potential privacy violations created by cookies, Web bugs, and spyware is to set Web browsers to block third-party cookie files. There are many good shareware programs that erase spyware from your computer. These programs, sometimes called ad blockers , search for files written by known spyware.
  • 49. Firewalls Firewall : a software program or hardware device that controls access between two networks, such as a local area network and the Internet or the Internet and a computer. Port : like a door on a computer, it permits traffic to leave and enter a computer. When the port is closed, traffic can’t leave or enter the computer. Port scan : occurs when one computer tests all or some of the ports of another computer to determine whether its ports are open, closed, or stealth.
  • 50. Basic Web Client Firewall Architecture New Perspectives on The Internet, Sixth Edition—Comprehensive Tutorial 9
  • 51. Firewalls Most firewalls prevent traffic from entering the network, but firewalls can also prevent data from leaving the network. This is useful for controlling the activities of hidden programs that are designed to compromise the security of a computer. When you install a new program on your computer, a firewall that provides outgoing protection will notify you if and when the new program tries to access the Internet.
  • 52. Firewalls Until the recent increase in the number of users with broadband connections to the Internet, corporations used hardware firewalls almost exclusively. Some firewall software programs are available for free or at a very low cost so they are become popular with other types of users. Some antivirus programs and Internet suites include basic firewall protection.
  • 53. Communication Channel Security Encryption is an important part of maintaining security over information that is sent via the Internet. Practical uses of encryption require authentication and identification.
  • 54. Authentication and Digital Certificates Authentication : a general term for the process of correctly verifying the identify of a person or a Web site. Digital certificate : an encrypted and password-protected file that contains sufficient information to authenticate and prove a person’s or organization’s identity. Certificate authority : a trusted third party that verifies the digital certificate holder’s identity and issues the certificate.
  • 55. Authentication and Digital Certificates A digital certificate contains the following: the certificate holder’s name, address, and e-mail address a special key that “unlocks” the digital certificate, thereby verifying the certificate’s authenticity the certificate’s expiration date or validity period the certificate authority
  • 56. Authentication and Digital Certificates A digital certificate is an electronic equivalent of an identification card. Digital ID ( personal certificate ): used to identify a person to other people and to Web sites that are set up to accept digital certificates. Digital ID : an electronic file that you purchase from a certificate authority and install into a program that uses it, such as an e-mail program or a Web browser.
  • 57. Protecting E-Mail Messages To help maintain the integrity of an e-mail message, you can send the message through a message digest function program ( hash code function program ) to produce a number called a message authentication code ( MAC ). After it receives the MAC, the e-mail program sends the message and matching MAC together to the recipient. The recipient’s e-mail program recomputes the message’s MAC and compares the computed MAC to the received MAC. If they match, the content of the message is unaltered. If they do not match, then the message cannot be trusted.
  • 58. Producing a MAC for a Message New Perspectives on The Internet, Sixth Edition—Comprehensive Tutorial 9
  • 59. Protecting E-Mail Messages To be useful, the message digest function must exhibit the following characteristics: It must be impossible or costly to reverse the MAC and produce the original message. The MAC should be random The MAC must be unique to the message You can also protect outgoing e-mail messages with the Secure/Multipurpose Internet Mail Extensions (S/MIME) specification, which when combined with a person’s digital ID provides authentication and encryption to e-mail messages.
  • 60. Phishing Attacks Phishing : an attack in which thieves “fish” for information. Thieves send e-mail messages to people telling them that their account data at a bank, credit card company, or other company has been compromised. The e-mail message asks the recipients to click a link to go to a Web site and verify the account information. The link is to a spoofed Web site (a Web site that only looks like it belongs to the correct business). If the recipient enters personal information in a form on the Web site, the thieves can steal that information.
  • 61. Phishing Attacks The links in phishing e-mails are usually disguised. One common way to disguise the real URL is to use the “@” sign, which causes the Web server to ignore all characters that precede the “@” and use only the characters that follow E-mail links can include JavaScript code that is invisible in most e-mail clients; the link looks like it is going one place, but in fact it directs the mail somewhere else.
  • 62. Web Server Security Just as digital certificates help protect data sent from one individual to another, they can help protect data sent from and received by a Web server as it performs its task of delivering Web pages to site visitors. Web sites account for the largest percentage of digital certificates in use.
  • 63. Digital Certificates for Web Servers Server certificate ( SSL Web server certificate ): authenticates a Web site for its users so the user can be confident that the Web site is genuine and not an imposter. Server certificate also ensures that the transfer of data between a user’s computer and the server with the certificate is encrypted so that it is both tamperproof and free from being intercepted.
  • 64. Processing a Web Server Digital Certificate New Perspectives on The Internet, Sixth Edition—Comprehensive Tutorial 9
  • 65. Digital Certificates for Web Servers User identification : the process of identifying yourself to a computer. Most computer systems implement user identification with user names and passwords; the combination of a user name and password is sometimes called a login . To help keep track of their login information for different computers and Web sites, some people use a program called a password manager , which stores login information in an encrypted form on their computer.
  • 66. Digital Certificates for Web Servers Crackers can run programs that create and enter passwords from a dictionary or a list of commonly used passwords. Brute force attack : occurs when a cracker uses a program to enter character combinations until the system accepts a user name and password, thereby gaining access to the system. User authentication : the process of associating a person and his identification with a very high level of assurance.
  • 67. Secure Sockets Layer (SSL) Secure Sockets Layer ( SSL ): a widely used protocol that acts as a separate layer or “secure channel” on top of the TCP/IP Internet protocol. SSL provides a security handshake when a browser and the Web page to which it is connected want to participate in a secure connection. Web pages secured by SSL have URLs that begin with https:// instead of http://.
  • 68. Secure State Indicators Internet Explorer Firefox New Perspectives on The Internet, Sixth Edition—Comprehensive Tutorial 9
  • 69. Secure Sockets Layer (SSL) SSL creates a public-key pair so that it can safely transmit data using a private key. The private key is encrypted using public-key encryption and is sent to the browser. Using the private key protects the remainder of the information transfer between the browser and the Web site. Session keys : a public-key pair created by SSL during a browser session. when the user leaves the secure Web site, the browser discards the session keys. session keys exist only during a single, active session between a browser and server.
  • 70. Staying Current with Internet and Web Security CERT Coordination Center : a federally funded research center operated by the Software Engineering Institute at Carnegie Mellon University originally known as the Computer Emergency Response Team primary goal is to publish alerts, advisories, and vulnerability reports about current and future Internet security problems it detects and to coordinate communication between software experts also works to increase awareness of security problems and issues and to help individuals and organizations improve the security of their computer systems.
  • 71. Staying Current with Internet and Web Security SANS Institute : many companies belong to the SANS Institute it sponsors computer security training and research programs its Web site includes the Internet Storm Center and other resources that contain current information on emerging online security issues
  • 72. Summary There are different types of computer security threats and some countermeasures that you can take to prevent them. There are copyright issues related to the information you locate and use on the Internet.
  • 73. Summary Specific security threats arise on the Internet when it is used as a communication channel. Other threats on computers arise when they are used as Web clients or as Web servers. You should use the security information presented in this tutorial to create a safe environment in which to enjoy the Web’s many resources.
  翻译: