Oh What A Tangled Web We Weave - PowerPoint PPT Presentation

1 / 29
About This Presentation
Title:

Oh What A Tangled Web We Weave

Description:

WebMail servers (Hotmail, etc.) allow users to access their correspondence from ... often take advantage of freely available hacking tools even though they may not ... – PowerPoint PPT presentation

Number of Views:197
Avg rating:3.0/5.0
Slides: 30
Provided by: US521
Category:
Tags: hack | hotmail | tangled | weave | web

less

Transcript and Presenter's Notes

Title: Oh What A Tangled Web We Weave


1
Oh What A Tangled Web We Weave
  • Some Basics on the Most Widely Used Facility of
    Computers Today.
  • T. Rankin, B. Caplin, M. Korich

2
Network Types
  • Any group of computers that communicate with each
    other is called a network.
  • Computers can talk to each other using various
    protocols (a language or specified form of
    information interchange).
  • A group of computers or networks connected
    together using the Internet Protocol is called an
    internet.
  • The Internet is the world's largest network of
    computers.

3
Network Connections
  • Computers can be connected to the Internet via
    analog (modem), digital, wireless, or dedicated
    connections.
  • A group of computers connected together in a
    private network using internet technologies is
    called an intranet.
  • Connecting different intranets together for
    business purposes is called an extranet.
  • A Virtual Private Network (VPN) is created when
    two end-point machines tunnel through the
    Internet using an encrypted connection.

4
IP Addressing
  • The Internet is based on a method of
    communication called the Internet Protocol (IP).
  • Every 'host' or 'server' on the Internet has a
    unique IP address.
  • This address consists of four three digit numbers
    separated by dots, such as 172.16.21.5.
  • Host applications and services are identified by
    the port number which they can be accessed
    with. This number is appended to the IP address
    after a colon (ex. 172.16.21.580 for HTTP).
  • There are 65535 ports for applications to use.

5
IP Address Space
  • The number of IP addresses available is limited.
  • Only one account can use a particular IP address
    at any given time
  • However, some IP addresses are pooled to only be
    used when a machine is actually connected to the
    net (for instance at a dial-up ISP).
  • Addresses do not need to be universally unique if
    they are only used on an intranet.
  • Network Address Translation (NAT) hides intranet
    addresses from the Internet.

6
ISPs
  • Most connections to the Internet are made via
    Internet Service Providers (ISPs).
  • ISPs have their own connections to the Internet
    which they allow their users to share.
  • Each ISP has an assigned block of IP addresses.
  • ISPs log or record the IP address used by a user
    account at any given time.

7
Human Friendly Names (URLs, URIs, and the like)
  • IP addresses can be difficult to remember.
  • Is it easier to remember 216.32.74.52,
  • or www.yahoo.com?
  • The yahoo.com in www.yahoo.com is called the
    domain name.
  • The entire name is called a Universal Resource
    Locator (URL) or Universal Resource Identifier
    (URI).
  • The Domain Name System, or Service, (DNS)
    associates names (URLs) with numbers (IP
    Addresses).

8
The InterNIC/ICANN
  • IP domain names were originally managed from a
    central authority on the Internet, called the
    Internet Network Information Center (InterNIC).
  • These activities have been assumed by the
    Internet Corporation for Assigned Names and
    Numbers (ICANN).
  • There are various accredited name registrars
    located throughout the world.
  • Any organization or person can register a domain
    name.

9
The Internet, A Product of Its Beginnings.
  • The Internet was originally designed to be
    collaborative.
  • Security was not built into the architecture.
  • IP is a chatty protocol.
  • Beyond the required To and From addresses, IP
    connections carry additional data about the
    participants.
  • This data can include things like your operating
    system type and version, browser type and
    version, last IP site visited, and more.
  • IP addresses are spoofable and cannot always be
    trusted.
  • Information sent via the Internet has no
    designated path. It may be visible anywhere in
    the world.

10
Internet Implications
  • Internet accessibility is nearly universal.
  • The Internet is often viewed as the ultimate, low
    cost, common carrier.
  • The Internet has many uses.
  • IP can be used for terminal access, mail,
    collaboration, messaging, file transfer, sales,
    support, marketing, etc.
  • More and more businesses are embracing the Net.
  • New applications are being written, old ones
    converted.
  • New uses are being discovered or defined all
    the time.

11
Beauty or the Beast?
12
Looking Deeper
13
Deeper
sprintlink.net
14
And Deeper
sprintlink.net
15
World Wide Web (WWW)
  • The World Wide Web allows information to be
    organized and distributed across the Internet
    using HyperText Transfer Protocol (HTTP).
  • Using HTTP, the Web can deliver a variety of
    different content (graphical, textual, pictorial,
    etc.)
  • Documents are created using Hypertext Markup
    Language (HTML) and navigation from one document
    to another is provided via Hyperlinks.
  • A web document or page in one site can easily
    link to another on a different computer in a
    different country.

16
Surfing the Net
  • Web based documents were originally accessed via
    text-based Gopher clients.
  • The current generation of web clients are
    graphics oriented.
  • Netscape Navigator, Microsofts Internet
    Explorer, etc.
  • These now support multimedia, animation, scripts,
    executables, and other modes of interactivity.
  • Accessing the Web is also referred to as browsing.

17
Usenet/News
  • The Usenet consists of a collection of message
    boards or newsgroups where people with
    similar interests may leave messages for all to
    see.
  • Newsgroups use a group.subgroup.subgroup naming
    convention (ex. comp.security.pgp.discuss).
  • Newsgroup servers may be accessed by many
    browsers and some search engines (i.e. Google).
  • The Usenet has over 35,000 newsgroups, and has
    handled over 700 million messages over the past
    twenty years.
  • All of this activity has been archived!

18
Chat
  • A chat server is a computer which hosts real-time
    conversations about specific topics in 'chat
    rooms'.
  • Users connect to a server to participate in one
    of these rooms, typing messages to each other.
  • Chats can be private or held in groups.
  • Chat rooms can be accessed using an Internet
    Relay Chat (IRC) client or via some search
    engines (ex. Yahoo).

19
Messaging
  • Instant messaging systems (IM, AIM, ICQ,
    Sametime, etc.) are similar to chat systems, but
    are proprietary in nature and therefore limited
    to the community of users with the same client
    logged on to that system.
  • Messaging system users can create lists of
    personal friends and the system will identify
    those that are currently connected.
  • Instant messaging systems may also be organized
    around subject areas (like chat rooms).

20
E-Mail
  • E-mail allows people to write letters or notes to
    specific recipients or lists of recipients.
  • E-mail addresses are created in the form of
    user.name_at_domain.name. DNS resolves the domain
    names in e-mail addresses to mail server IP
    addresses.
  • E-mail is usually sent across the Internet via
    the Simple Mail Transfer Protocol (SMTP). Users
    must use an e-mail client and connect to a mail
    server to retrieve their mail.
  • Most browsers offer e-mail client functionality.
  • WebMail servers (Hotmail, etc.) allow users to
    access their correspondence from any browser
    connected to the Internet. Use of an e-mail
    client is not required.

21
FTP and Telnet
  • File Transfer Protocol is a early internet
    application.
  • As the name suggests, FTP is used to place files
    on or retrieve files from computers running FTP
    servers.
  • Users must use the command line interface or have
    an FTP client.
  • FTP sites can be accessed via the Web and most
    web browsers include FTP client functionality.
  • FTP can be anonymous or require users to logon to
    the host system.
  • Telnet is another early internet application that
    allows users to connect to a host in terminal
    mode.

22
Internet Security Exposures
  • Web sites you visit may collect information about
    you and store it in cookies that are often left
    on your machine permanently. Other web sites can
    access these cookies.
  • Web servers may encourage you to download
    programs that seem innocuous but actually contain
    spyware.
  • Your computer can be used to do work for others
    (ex. setiathome, distributed.org, oncology
    database, Juno, etc.).
  • Dual homed computers (i.e. having connections
    to multiple networks) compromise security.
  • The Internet Protocol transmits everything in
    the clear. Its like conducting business on the
    back of a postcard.

23
Easy Delivery
  • The Internet has become the primary conduit for
    delivery of viruses, worms, trojan horses, etc.
  • Of all internet applications, e-mail is the
    preferred attack tool.
  • Do not open unexpected or questionable messages
    and attachments.
  • Although technically not malicious code, junk or
    other un-wanted mail (SPAM) has become a
    significant problem.
  • Responding to Spammers and requesting to be
    taken off their mailing lists is no longer
    recommended.

24
Who Are The Players?
  • Crackers, sometimes called Hackers, are
    organized, maintain web sites, trade information,
    tools, and tips, and may even defend their
    activities publicly.
  • Script Kiddies, usually young netizens, often
    take advantage of freely available hacking tools
    even though they may not understand them or truly
    intend to cause harm.
  • Social Engineers are the con-artists of the
    Internet. It is not uncommon for someone to
    claim or imply they are an official of some sort
    and request sensitive information.

25
Corporate Concerns
  • Corporations cannot ignore the Internet anymore.
    Having a presence on the net is a price of
    doing business today.
  • A business web site is often its most important
    point of visibility (public image/relations, web
    based sales/support).
  • This makes corporations much more sensitive to
    Denial of Service attacks.
  • Cost and availability incentives promote ever
    greater dependence on the transfer of critical
    and sensitive data over the Internet.
  • Opening internal networks to outside
    organizations increases the potential for
    exposure and compromise.

26
Risk Mitigation
  • Technological solutions to reduce security risks
    include the use of routers, firewalls,
    application proxies, etc.
  • In addition, De-Militarized Zones (DMZs) are
    often deployed.
  • This is the practice of placing outwardly
    facing servers between sets of external and
    internal firewalls.
  • Encryption, particularly Public Key cryptography,
    is used to protect the privacy, integrity, and
    non-repudiation of sensitive data transferred
    over the Internet.
  • Security awareness programs ensure users
    recognize and accept responsibility for security
    in their daily activities.

27
Promote Safe Computing
  • Create strong passwords. Do not write them down
    or leave them exposed.
  • Do not give out your e-mail address unless truly
    necessary and dont use work email addresses in
    non-work situations.
  • Do not give out personal or confidential
    information.
  • If you must send sensitive data, make sure it is
    encrypted.
  • Do not customize web browsers with personal
    information.
  • Do not open questionable e-mail or attachments
    before verifying them with the sender and
    scanning them for viruses.

28
Children on the Net
  • Children are particularly vulnerable when they
    are on the net and should be taught to follow
    some basic rules.
  • They should never give out or send personal
    information (photos, addresses, telephone numbers
    or location of school) without their parent's
    permission.
  • If they come across or are sent information on
    the Internet that makes them feel uncomfortable,
    they should tell their parents or teachers and
    not respond to the message.
  • They should never agree to get together with
    someone they meet online without their parent's
    prior knowledge or consent.

29
The End??
  • Not reallyJust go out to Google or any other
    search engine on the web, enter your name and see
    what comes back!
  • Security,
  • its everybodys job!
Write a Comment
User Comments (0)
About PowerShow.com