Internet Security - PowerPoint PPT Presentation

1 / 20
About This Presentation
Title:

Internet Security

Description:

The consumer logs into a fake site, providing login, password, and other info ... Through hacking of DNS servers (match domain names with numerical IP address) ... – PowerPoint PPT presentation

Number of Views:49
Avg rating:3.0/5.0
Slides: 21
Provided by: larsp7
Category:

less

Transcript and Presenter's Notes

Title: Internet Security


1
Internet Security
  • Servers
  • Hacking
  • Publicly available information
  • Information storage
  • Intrusion methods
  • Phishing
  • Pharming
  • Spyware
  • Viruses
  • Spam
  • Identity theft

2
Concerns Shared by Firms and Consumers
  • Identity theft
  • Fraudulent use of credit cards or bank accounts
  • Loss of privacy
  • Consumer reluctance to shop online due to fears
    of fraud
  • Costs of authentication

3
Consumer Privacy Concerns
  • Large amounts of consumer information can be
    bought online
  • Some information is available to the public
    through government officese.g.,
  • Real estate ownership
  • Vehicle registrations
  • Licenses (drivers /professional)
  • Personal recordse.g.,
  • Marriage divorce
  • Certain tax liens
  • Certain criminal records
  • Bankruptcies
  • Information inadvertently posted online
  • Information posted without consent of customer
  • E.g., employment records
  • E.g., membership directories

4
Consumer Privacy Concerns, Part II
  • Online services combining information
  • Information sold by vendors (e.g., unlisted phone
    numbers of customers purchase histories)
  • Aggregation of databases (e.g., combining
    multiple phone directories and real-estate
    recordings)
  • Information that is only supposed to be available
    when authorized
  • Credit records
  • Medical
  • Some information may be available only to certain
    kinds of users

5
Online Data Storage
  • Types of information stored on customers
  • Login, passwords
  • Credit card information
  • Purchase histories
  • Home addresses
  • Other personal info
  • May or may not have resulted from online
    transactionsdatabases are often networked for
    internal firm use

6
Vulnerable Information
  • Social security numbers
  • Place and date of birth mothers maiden name
  • Home address
  • Login and passwords
  • Financial information

7
Data Interception
  • By employees or others with direct access to
    information
  • Cyber thieves may attempt to access information
    through
  • Phishing/pharming
  • Host computer
  • Log-in through insecure passwords
  • Hacking
  • Internet traffic
  • Local networksespecially wireless with limited
    or no security

8
Password Vulnerabilities
  • Disclosure to strangers
  • Theft of databases
  • Phishing
  • Use of obvious passwords
  • Common words
  • Personal informatione.g., phone number, address,
    birthday
  • Passwords not frequently changed
  • Password sniffers

9
Some Security Measures
  • Encryption
  • Tracking of IP address of entry into the computer
  • Secondary passwords
  • Consumer chosen icon
  • In e-mails
  • At site, once origin IP address is recognized

10
Servers
  • Denial of service
  • Numerous requests to identify are sent to
    targeted server
  • The server may slow down or become entirely in
    accessible
  • Computers and servers infected through viruses
    are often targeted
  • Mostly intended as vandalism
  • Hacking
  • Hackers break into computer systems
  • Purposes
  • Taking on challenge/political expression
  • Vandalism
  • Stealing information

11
Hacking
  • Established software has holes that are
    gradually discovered
  • May be able to crash sites and access core
    dump files intended for use by programmers to
    identify problems
  • Exploitation of back doors left by programmers

12
Phishing
  • Consumer receives an e-mail asking that he or she
    log in to take care of account issues
  • This e-mail contains a legitimate-looking
    hyperlink title but the actual link is to a take
    site
  • 1 of consumers are estimated to fall for the
    hoax
  • The consumer logs into a fake site, providing
    login, password, and other info

13
Phishing--Remedies
  • Consumer education
  • Software safeguards
  • Warning if the internal link does not match the
    title
  • Feasible only when the title features an actual
    address
  • E-mail filters
  • E-mail programs
  • Server
  • Anti-virus software
  • Quick identification of phishing sites
  • Cooperation with host
  • Denial-of-service attacks if needed
  • Massive entry of fake data
  • Tracing of logins based from origin of phishing
    e-mail or site

14
Pharming
  • The user attempts to go to a legitimate web site
    address but is redirected
  • Through hacking of DNS servers (match domain
    names with numerical IP address)
  • Through false report of changed server to DNS
    registrar
  • Malicious code in trojan horse or virus to
    redirect traffic

15
Viruses
  • Malicious code that attacks a computer to
  • Cause damage (vandalism)
  • Serve as spam or denial of service attack server
  • Transmit data
  • Spread through
  • Software (as trojan horse or through infection of
    legitimate software)
  • E-mail attachments
  • Online activity

16
Trojan Horses
  • Legitimate-looking software intended to spread
    malicious code
  • User downloads software and once run, malicious
    code is run with results similar to those of
    viruses

17
Spyware
  • Software that sends back user information through
    Internet connection
  • Legal vs. illegal
  • Legitimate and authorized by user
  • Non-malicious intent but not authorized
  • Malicious
  • May be spread through program, trojan, or virus

18
E-mail Spam
  • Unsolicited e-mail messages
  • Unsolicited contacts have always happened but
    telemarketing and bulk mail are more expensive
    than e-mail
  • Very low response rate but very low cost of
    distribution
  • Usually sent by
  • Unauthorized vendors
  • Fraudulent persons/vendors

19
Determining When E-mail Is Likely to Be Welcome
  • Individual vs. mall mailing
  • Established relationship with receiver
  • Logistical communication
  • Offering of new services
  • Promoting services by others
  • Opt-in policies

20
Spam Remedies
  • Termination by host
  • E-mail generally sent through SMTP servers
    located at the Internet Service Provider (ISP)
    site
  • Problems
  • Foreign governments may not cooperate
  • Spammer may move on to other addresses quickly
  • Anti-spam programs
  • Locations
  • In e-mail servers
  • On the users computer
  • At local server
  • Problems
  • Distinguishing legitimate messages from
    non-legitimate
  • Imperfect algorithms
  • Regulatory
  • Legal limits
  • Litigation of offenders in reachable jurisdictions
Write a Comment
User Comments (0)
About PowerShow.com