Why be concerned about Internet security? - PowerPoint PPT Presentation

1 / 21
About This Presentation
Title:

Why be concerned about Internet security?

Description:

Title: Slide 1 Author: dgk4412 Last modified by: dgk4412 Created Date: 3/7/2006 2:39:35 PM Document presentation format: On-screen Show (4:3) Company – PowerPoint PPT presentation

Number of Views:171
Avg rating:3.0/5.0
Slides: 22
Provided by: dgk5
Category:

less

Transcript and Presenter's Notes

Title: Why be concerned about Internet security?


1
Why be concerned about Internet security?
Chapter 6 Network and Internet Security and
Privacy
2
  • The Computer Fraud and Abuse Act of 1986 is the
    main law protecting against
  • computer crimes. The USA PATRIOT Act increased
  • the scope and penalties of computer fraud
  • raising the maximum penalty for violations
  • to 10 years (from 5) for a first offense and
  • 20 years (from 10) for a second offense
  • ensuring that violators only need to intend to
  • cause damage generally, not intend to cause
  • damage or other specified harm over the 5,000
    statutory damage threshold
  • allowing aggregation of damages to different
    computers over a year to reach the 5,000
    threshold
  • enhancing punishment for violations involving any
    (not just 5,000) damage to a government computer
    involved in criminal justice or the military
  • including damage to foreign computers involved in
    US interstate commerce
  • including state law offenses as priors for
    sentencing and
  • expanding the definition of loss to expressly
    include time spent investigating and responding
    for damage assessment and for restoration.

3
Unauthorized Access (hacking) Gaining access to a
computer, network, or system without
authorization. Businesses, schools, and
organizations have codes of conduct
outlining acceptable computer use. Theft of
Data Data theft or information theft is the theft
of data or information located on or being sent
from a computer. Interception of
Communications Instead of accessing data stored
on a computer via hacking, some criminals
gain unauthorized access to data, files, email
messages, VoIP calls, and other content as it is
being sent over the Internet. A new trend is
criminals intercepting credit and debit card
information during the card verification process
that is, intercepting the data from a card in
real time as a purchase is being authorized.
4
  • Botnets and Zombie Computers
  • A computer that is controlled by a hacker or
    other computer criminal is referred to as a bot
    or zombie computer.
  • A group of bots that are controlled by one
    individual and can work together in a coordinated
    fashion is called a botnet.
  • According to the FBI, an estimated one million
    U.S. computers are currently part of a botnet.
  • WiFi Piggybacking
  • Many home users have wireless (WiFi) networks.
  • Many people do not have security implemented
  • and neighbors or someone driving down the street
  • could access their network and use their Internet
  • access.

5
Computer/Data Sabotage Malicious destruction to a
computer or data. This could be
performed physically or electronically. A
disgruntled employee could destroy a network
server or backup tapes. Data or programs could
be altered. Web sites could be defaced. Denial
of Service A denial of service (DoS) attack is an
act of sabotage that attempts to flood a network
server or Web server with so many requests for
action that it shuts down or simply cannot handle
legitimate requests any longer, causing
legitimate users to be denied service.
6
Identity Theft This occurs when someone obtains
enough information about a person (e.g. name,
birth date, SS, address, credit card, mothers
maiden name) to be able to masquerade as that
person. The thief could get a drivers license
and credit cards under your name. Salami
Shaving/Slicing Writing a computer program that
transfers small amounts of money (e.g. a few
cents) from each transaction to a secret account.
This is usually performed by someone within a
company. e.g. the movie Office Space Online
Auction Fraud Purchase items on eBay and never
receive them. Craigslist also has many scams.
7
PhishingThe use of a spoofed e-mail to gain
credit card numbers, usernames and passwords, or
other personal info. The user is often
redirected to a fraudulent (spoofed) web site.
8
Spoofed or FraudulentWeb Sites (dot cons)Many
phishing scams use spoofedweb sites. The user
will type in hisusername/password which is
storedon the server.
  • In addition to disclosing personal information
    only when it is necessary and only via secure Web
    pages, you should use security software and keep
    it up to date.
  • To avoid phishing schemes, never click a link in
    an email message to go to a secure Web
    sitealways type the URL for that site in your
    browser.

9
  • Malware Malicious programs installed without
    your knowledge. This includes adware, spyware,
    and viruses. The best defense is anti-virus
    software and good practices.
  • Adware
  • Software that delivers advertisements to
  • your desktop. It could be installed without
  • your knowledge, or built in to legitimate apps.
  • Spyware
  • Software that secretly gathers information
  • about the user and transmits it on the
  • Internet. It could be marketing information
    transmitted to advertisers or it could be more
    malicious and transmit your keystrokes (e.g.
    usernames and passwords) to someone on the
    internet.
  • Viruses
  • A program that is installed without the
    permission or knowledge of the user. It will
    affect the computers operation in some manner.
    Viruses are attached to legitimate executable
    files and can replicate themselves to other files
    when you execute them. It is common to get a
    virus from executable files downloaded from the
    Internet, or from executable files attached to
    e-mails and instant messages.

10
A couple types of viruses Trojan Horse is a
virus that is disguised as a legitimate program.
They are downloaded from the Internet and
executed by the user. For example a game. A
regular virus attaches itself to a legitimate
program and executes when you run the
program. Worm is a type of virus that replicates
itself over the network or Internet without user
intervention, as opposed to being attached to a
file that is downloaded. Without a firewall,
your computer could get a worm when you connect
to the Internet.
11
E-mail Hoaxes/Chain LettersE-mails chain letters
are usually an unreliable source of news. You
can go to snopes.com to verify the content of an
e-mail, as well as other rumors.
  • gtgtgt TO MASSAOL_at_aol.com gtgtgt FROM
    GatesBeta_at_microsoft.com gtgtgt ATTACH
    Tracklog_at_microsoft.com/Track883432/TraceActive/On
    .html gtgtgt Hello Everyone, gtgtgt And thank you for
    signing up for my Beta Email Tracking gtgtgt
    Application or (BETA) for short. My name is Bill
    Gates. gtgtgt Here at Microsoft we have just
    compiled an gtgtgt e-mail tracing program that
    tracks everyone to whom this message gtgtgt is
    forwarded to. It does this through an unique IP
    (Internet Protocol) gtgtgt address log book
    database. We are experimenting with gtgtgt this and
    need your help. Forward this to everyone you know
    gtgtgt and if it reaches 1000 people everyone on the
    list will gtgtgt receive 1000 and a copy of
    Windows98 at my expense. gtgtgt Enjoy. gtgtgt Note
    Duplicate entries will not be counted. You will
    be gtgtgt notified by email with further
    instructions once this email gtgtgt has reached 1000
    people. Windows98 will not be shipped gtgtgt unitl
    it has been released to the generalpublic. gtgtgt
    Your friend, gtgtgt Bill Gates The Microsoft
    Development Team.

Subject Make A Wish Foundation (fwd) A plea from
a sick little girl Little Kimberly Anne is dying
of a horrible tropical disease. Her goal, before
she passes into the Great Beyond, is to collect
as many free America Online disks as she can, to
make the Guiness Book of Records. Her project is
being sponsored by the Wish-Upon-a-Star
Foundation, which specializes in fulfilling the
final wishes of such sick little girls. So, next
time you get an unwanted AOL disk in the mail,
don't throw it away! Think of the sparkle it will
bring to the eye of a dying child. Write on the
package Address deleted to prevent this hoax
from continuing. Please copy this message and
circulate it to your friends, neighbors, and

co-workers. Only you can
child's wish reality! God bless you from the
Wish-Upon-a-Star Foundation!lt/h3gt
12
Email EncryptionE-mail is currently the popular
form of business communication. E-mail (SMTP)
messages are not encrypted when being sent over
the Internet. Some companies will have
encryption for internal e-mails. Some devices
such as Blackberries offer encryption for
messages to other Blackberry users.Web Site
EncryptionWeb sites which are encrypteduse
public/private key encryption.These web sites
use the https//The web browser will also
displaya lock. If you click on the area tothe
left of the https, you can seethe security
certificate. The website is also verified as
authenticby a 3rd party such as VeriSign.
13
Who would you trust to give you drugs?
Protecting Against Hardware Loss, Hardware
Damage, and System Failure
14
Since a program can affect your computer the same
way a drug can affect your body, who do you trust
to install a program on your computer?
Which one of these software programs is from a
well-known company?
15
Be careful installing web browser plug-ins this
is a popular way to trick you into installing
malware. The safest way to install a plug-in
is to go to the site that makes the software
rather than the site that tries to install it for
you. Here are some popular browser plug-ins.
Be careful when you install legitimate software
because the installation program often tries to
install extra unneeded software.
Java from www.sun.com Flash from
www.adobe.com Acrobat Reader from
www.adobe.com Shockwave from www.adobe.com Quick
time from www.apple.com RealPlayer from
www.realaudio.com Windows Media Player from
www.microsoft.com
16
Most add-on toolbars contain adware and/or spyware
My recommendation DONT install them. If you
REALLY want it, research it first.
17
  • To protect hardware from damage due to power
    fluctuations, everyone should use a surge
    suppressor with a computer whenever it is plugged
    into a power outlet.
  • Users who want their desktop computers to remain
    powered up when the electricity goes off should
    use an uninterruptible power supply (UPS).

18
Anti-Virus Software
19
WiFi Security - prevents unauthorized access
and piggybacking - provides encryption WEP
(least secure) Wired Equivalent Privacy WPA
(more secure) WiFi Protected Access
20
Firewalls
  • Firewalls block unrequested Internet traffic to
    your computer.
  • Windows includes the Windows Firewall (software
    firewall)
  • Many home DSL/Cable routers include a firewall
    (hardware firewall)

21
What is your primary defense against hardware
loss, damage, or system failure?
Backups!!!!!!!!!!!
  • Securing Backup MediaThe media used to store
    backups (tapes, CD-R, DVD-R) needs to be secure.
    Fireproof safes provide some protection.
    Off-site storage of backups adds considerable
    protection of media. Data storage companies
    store backup media at secure remote locations.
    Disaster Recovery PlanSpells out what an
    organization will do to prepare for and recover
    from a disruptive event.Q What data do YOU
    have that should be backed up?Q How do YOU
    backup your data?
Write a Comment
User Comments (0)
About PowerShow.com