internet security
26
NETWORK SECURITY NETWORK SECURITY MALIT 216: Information Networks and Resource MALIT 216: Information Networks and Resource Sharing Sharing May 17, 2010 May 17, 2010
-
Upload
cheryl-tanicala-roldan -
Category
Education
-
view
2.924 -
download
0
Transcript of internet security
NETWORK SECURITYNETWORK SECURITY
MALIT 216: Information Networks and Resource SharingMALIT 216: Information Networks and Resource Sharing
May 17, 2010May 17, 2010
I. Goals of SecurityI. Goals of Security
1. To protect confidentiality by ensuring private 1. To protect confidentiality by ensuring private information is kept private.information is kept private.
2. To ensure data integrity by preventing data 2. To ensure data integrity by preventing data from being inappropriately changed or deleted.from being inappropriately changed or deleted.
3. To ensure data availability by making sure 3. To ensure data availability by making sure services are available and uninterrupted, that services are available and uninterrupted, that data can be accessed whenever it is needed data can be accessed whenever it is needed and that data can be restored quickly.and that data can be restored quickly.
Therefore, public access computer security must at Therefore, public access computer security must at least ensure:least ensure:
AvailabilityAvailability IntegrityIntegrity PrivacyPrivacy AccessAccess
II. Planning for SecurityII. Planning for Security
1.1. Create or modify policies and Create or modify policies and proceduresprocedures
Perform a Perform a Risk AssessmentRisk Assessment, which should , which should include include threats and vulnerabilitiesthreats and vulnerabilities facing facing the library’s computers and networks.the library’s computers and networks.
Create a Create a Security PolicySecurity Policy which includes which includes specific specific protectionprotection strategiesstrategies..
II. Planning for Security... II. Planning for Security... Con’t 1/3Con’t 1/3
2. Revisit disaster recovery plans2. Revisit disaster recovery plans A disaster recovery plan should also be A disaster recovery plan should also be
created that covers:created that covers: Procedures to be followed in the event of a network Procedures to be followed in the event of a network
attack or failure.attack or failure. The location of offsite storage of installation media and The location of offsite storage of installation media and
backup mediabackup media Backup documentation and installation procedures Backup documentation and installation procedures
documentationdocumentation A technology asset inventoryA technology asset inventory A list of personnel authorized and capable of system A list of personnel authorized and capable of system
restorationrestoration
II. Planning for Security... II. Planning for Security... Con’t 1/3Con’t 1/3
3. Ensure adequate funding3. Ensure adequate funding
-train and educate staff-train and educate staff
4. Incorporate security lifecycle4. Incorporate security lifecycle
- using strong passwords- using strong passwords
I. Goals of SecurityI. Goals of Security
Internet SecurityInternet Security involves the protection involves the protection of a computer’s Internet account and files of a computer’s Internet account and files from intrusion of an unknown user. Basic from intrusion of an unknown user. Basic security measures involve protection by security measures involve protection by well selected passwords, change of file well selected passwords, change of file permissions and back up of computer’s permissions and back up of computer’s data.data.
Anti-virusAnti-virus programs and Internet security programs and Internet security programs are useful in protecting a programs are useful in protecting a computer or programmable computer or programmable device/system from malwaredevice/system from malware
MalwareMalware is the most general name for any is the most general name for any malicious software designed for example to malicious software designed for example to infiltrate, spy on or damage a computer or infiltrate, spy on or damage a computer or other programmable device or system of other programmable device or system of sufficient complexity.sufficient complexity.
VirusesViruses are programs which are able to are programs which are able to replicate their structure or effect by integrating replicate their structure or effect by integrating themselves or references to themselves, etc themselves or references to themselves, etc into existing files or structures on a penetrated into existing files or structures on a penetrated computer. For example by deleting, corrupting computer. For example by deleting, corrupting or otherwise hiding information from its owner.or otherwise hiding information from its owner.
TrojansTrojans (Trojan Horses) are programs which (Trojan Horses) are programs which may pretend to do one thing, but in reality may pretend to do one thing, but in reality steal information, alter it or cause other steal information, alter it or cause other problems on a computer or programmable problems on a computer or programmable device/system.device/system.
Spyware Spyware includes programs that includes programs that surreptitiously monitor keystrokes, or other surreptitiously monitor keystrokes, or other activity on a computer system and report that activity on a computer system and report that information to others without consent.information to others without consent.
WormsWorms are programs which are able to are programs which are able to replicate themselves over a computer replicate themselves over a computer network, and also perform malicious acts that network, and also perform malicious acts that may ultimately affect a whole may ultimately affect a whole society/economy.society/economy.
BotsBots are programs that take over and use are programs that take over and use the resources of a computer system over a the resources of a computer system over a network without consent, and communicate network without consent, and communicate those results to others who may control the those results to others who may control the Bots.Bots.
What is SPAM ?
Title : SPAM AND PHISHING SCAMS
WXGB6310 Management of Internet Resources
- Spam is defined as "Unsolicited Commercial E-mail".
- Spam is flooding the Internet with many copies of the same message, in an attempt to force the message on people who would not otherwise choose to receive it.
- Real spam is generally e-mail advertising for some product sent to a mailing list or newsgroup.
- Most spam is commercial advertising, often for dubious products, get-rich- ,quick schemes, or quasi- legal services.
SPAM
PHISHING SCAMS
WEBLIOGRAPHIES
WXGB6310 Management of Internet Resources
There are two main types of spam, and they have different effects on Internet users.
- Cancellable Usenet spam is a single message sent to 20 or more Usenet newsgroups.
- Usenet spam is aimed at "lurkers", people who read newsgroups but rarely or never post and give their address away. - Usenet spam robs users of the utility of the newsgroups by overwhelming them with a barrage of advertising or other irrelevant posts. Furthermore, Usenet spam subverts the ability of system administrators and owners to manage the topics they accept on their systems.
SPAM
PHISHING SCAMS
WEBLIOGRAPHIES
What is SPAM ?
Title : SPAM AND PHISHING SCAMS
WXGB6310 Management of Internet Resources
SPAM
PHISHING SCAMS
WEBLIOGRAPHIES
What is it BAD?
1. The free ride. E-mail spam is unique in that the receiver pays so much more for it than the sender does. For example, AOL has said that they were receiving 1.8 million spams from Cyber Promotions per day until they got a court injunction to stop it.
2. The ``oceans of spam'' problem. Many spam messages say ``please send a REMOVE message to get off our list.'' Even disregarding the question of why you should have to do anything to get off a list you never asked to join, this becomes completely impossible if the volume grows. Hardly. If spam grows, it will crowd our mailboxes to the point that they're not useful for real mail.
Title : SPAM AND PHISHING SCAMS
WXGB6310 Management of Internet Resources
SPAM
PHISHING SCAMS
WEBLIOGRAPHIES
3. The theft of resources. An increasing number of spammers, such as Quantum Communications, send most or all of their mail via innocent intermediate systems, to avoid blocks that many systems have placed against mail coming directly from the spammers' systems.
4. It's all garbage. The spam messages I've seen have almost without exception advertised stuff that's worthless, deceptive, and partly or entirely fraudulent.
What is it BAD?
Title : SPAM AND PHISHING SCAMS
WXGB6310 Management of Internet Resources
SPAM
PHISHING SCAMS
WEBLIOGRAPHIES
How to AVOID?
1. Disguise e-mail addresses posted in a public electronic place.
2. Use multiple e-mail addresses.
3. Use a filter. - Read carefully when filling out online forms requesting your e-mail address, and exercise your choice.
4. Short e-mail addresses are easy to guess, and may receive more spam.
Title : SPAM AND PHISHING SCAMS
WXGB6310 Management of Internet Resources
SPAM
PHISHING SCAMS
WEBLIOGRAPHIES
What is PHISHING SCAMS?
- The term "phishing" – as in fishing for confidential information - refers to a scam that encompasses fraudulently obtaining and using an individual's personal or financial information.
- Phishing scams are just another attempt to get valuable information. Scammers send a mass email to every address they can find. Typically the message will appear to come from a bank or financial institution. The email states that you should update your information for one reason or another, and they usually provide a link that you can click to do so.
Title : SPAM AND PHISHING SCAMS
WXGB6310 Management of Internet Resources
SPAM
PHISHING SCAMS
WEBLIOGRAPHIES
How PHISHING SCAMS works?
1. A consumer receives an e-mail which appears to originate from a financial institution, government agency, or other well-known/reputable entity.
2. The message describes an urgent reason you must "verify" or "re-submit" personal or confidential information by clicking on a link embedded in the message.
3. The provided link appears to be the Web site of the financial institution, government agency or other well-known/reputable entity, but in "phishing" scams, the Web site belongs to the fraudster/scammer.
Title : SPAM AND PHISHING SCAMS
WXGB6310 Management of Internet Resources
SPAM
PHISHING SCAMS
WEBLIOGRAPHIES
4. Once inside the fraudulent Web site, the consumer may be asked to provide Social Security numbers,
account numbers, passwords or other information used to identify the consumer, such as the maiden name of the consumer's mother or the consumer's place of birth. When the consumer provides the information, those perpetrating the fraud can begin to access consumer accounts or assume the person's identity.
How PHISHING SCAMS works?
Title : SPAM AND PHISHING SCAMS
WXGB6310 Management of Internet Resources
SPAM
PHISHING SCAMS
WEBLIOGRAPHIES
Example Of Phishing Scams
Title : SPAM AND PHISHING SCAMS
WXGB6310 Management of Internet Resources
SPAM
PHISHING SCAMS
WEBLIOGRAPHIES
Example Of Phishing Scams
Title : SPAM AND PHISHING SCAMS
WXGB6310 Management of Internet Resources
SPAM
PHISHING SCAMS
WEBLIOGRAPHIES
Example Of Phishing Scams
Title : SPAM AND PHISHING SCAMS
WXGB6310 Management of Internet Resources
SPAM
PHISHING SCAMS
WEBLIOGRAPHIES
1. Educating yourself to the dangers of phishing is critical to preventing theft of your personal and
financial information.
2. Never respond directly to email requesting personal information.
3. If you doubt a message's authenticity, verify it by contacting the institution itself.
4. Be cautious about opening any attachment or downloading any files from emails you receive, regardless of who they're from.
Things You Do to protect Yourself from Phishing Attacts?
Title : SPAM AND PHISHING SCAMS
WXGB6310 Management of Internet Resources
SPAM
PHISHING SCAMS
WEBLIOGRAPHIES
5. Avoid filling out forms in email messages asking for personal financial information.
6. Avoid spoofed sites by typing the URL directly into your browser's address bar yourself.
7. When prompted for a password, give an incorrect one first. A phishing site will accept it; a legitimate one won't.
Things You Do to protect Yourself from Phishing Attacts?
Title : SPAM AND PHISHING SCAMS
WXGB6310 Management of Internet Resources
SPAM
PHISHING SCAMS
WEBLIOGRAPHIES
Differences Between PHISHING and SPAM Messages
Given phishing email is unsolicited, it is a form of spam. However, the differences between old-style spam and phishing email are critical.
Old-style spammed email is often authentic, albeit a nuisance, promoting a real product or service, while phishing email messages are based on fraud and deceit.
While spammers often seek attention through the use of their messages, phishers avoid attention, masquerading as a trusted source in order to get you to divulge information they can use for their own malicious purposes.
Title : SPAM AND PHISHING SCAMS
WXGB6310 Management of Internet Resources
SPAM
PHISHING SCAMS
WEBLIOGRAPHIES
Phishing Scams1. http://www.microsoft.com/athome/security/email/phishing.mspx?ifs=02. http://banking.about.com/od/securityandsafety/a/phishingscams.htm3. http://www.uh.edu/infotech/news/story.php?story_id=8024. http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?ID=383285. http://www.fdic.gov/consumers/consumer/alerts/phishing.html6. http://www.onguardonline.gov/topics/phishing.aspx7. http://www.ehow.com/how_2003261_phishing-web-page.html8. http://www.hoax-slayer.com/phisher-scams.html9. http://banking.about.com/od/securityandsafety/a/phishingscams.htm10. http://spamlinks.net/scams-phish.htm
1. http://spam.abuse.net/overview/whatisspam.shtml2. http://en.wikipedia.org/wiki/Spam_(electronic)3. http://www.cdt.org/speech/spam/030319spamreport.shtml4. http://www.spamprimer.com/5. http://www.webopedia.com/TERM/s/spam.html6. http://computer.howstuffworks.com/spam.htm7. http://www.spamhaus.org/definition.html8. http://www.paulgraham.com/antispam.html9. http://www.accc.gov.au/content/index.phtml/itemId/5407310. http://www.stopspamhere.ca/
Spam
Title : SPAM AND PHISHING SCAMS
