Cscu module 06 internet security

3. OurView: Bolstering Internet Security Is Imperative On Monday, the Obama administration proposed a much‐needed international effort to bolster the security of the Internet. It’s needed because cyberspace has come to serve as both a communications miracle and, potentially, one of the greatest threats to our security in the 21st century. That description may seem like hyperbole as it pulls in two completely different directions. But there are justifications for both descriptions. The Internet is arguably the greatest technological breakthrough introduced to our society since the television. Perhaps that’s more hyperbole, unless you consider just how much of our world now is tied to online access and interconnectivity. The 2010 census noted that 68.7 percent of all U.S. households have Internet connections; a vast majority of businesses also use the Web for marketing or for inventory purposes, among other tools. Cyberspace has become a staple in our lives, even if you don’t have an Internet connection in your home or office. Our banking, our medical records, our credit and our businesses are all linked in some form to the Web. So, too, is much of our infrastructure, our communication and our national security. Odds are, there is something you want, rely on or need each day that is dependent on Internet connectivity for you to have it. That may not be a game‐changer in terms of how you live your life, but it’s definitely a sobering impact. 3 C O P Y R I G H T © B Y EC-COUNCIL A L L R I G H T S RESERVED. R E P R O D U C T IO N IS STRICTLY P R O H I B I T E D . http://www.yankton.net May 18, 2011 1:15 AM CDT

4. 4 C O P Y R I G H T © B Y EC-COUNCIL A L L R I G H T S RESERVED. R E P R O D U C T IO N IS STRICTLY P R O H I B I T E D . MODULE OBJECTIVES Internet Security Internet Explorer Security Settings Mozilla Firefox Security Settings Google Chrome Security Settings Apple Safari Security Settings Instant Messaging (IMing) Searching on the Web Online Gaming and MMORPG Online Gaming Risks Security Practices Specific to Gaming Child Online Safety Role of Internet in Child Pornography Protecting Children from Online Threats How to Report a Crime? Internet Security Laws Internet Security Checklists

5. MODULE FLOW 5 C O P Y R I G H T © B Y EC-COUNCIL A L L R I G H T S RESERVED. R E P R O D U C T IO N IS STRICTLY P R O H I B I T E D . Browser Security Search Engine and IM Security Online Games Child Online Safety Internet Security Laws

6. Canada Ukraine Hungary 1.84% 1.97% 2.03% Top 10 Malware Hosting Countries http://www.findmysoft.com 6 C O P Y R I G H T © B Y EC-COUNCIL A L L R I G H T S RESERVED. R E P R O D U C T IO N IS STRICTLY P R O H I B I T E D . INTERNET SECURITYInternet security involves protecting user data from unauthorized access and damage when connected to the Internet A proper browser configuration helps in preventing malware infection, protecting personal information, and preventing or limiting the damage from an cyber attack Online attack paths:  Emails  Instant messaging  Chat rooms  File sharing and downloads United States France 10% 39% Russia 8.72% Germany 5.87% China United Kingdom 2.68% 5.04% Poland 2.43%

7. INTERNET EXPLORER SECURITY SETTINGS 7 C O P Y R I G H T © B Y EC-COUNCIL A L L R I G H T S RESERVED. R E P R O D U C T IO N IS STRICTLY P R O H I B I T E D . Launch Internet Explorer, click the Tools button, and select Internet options Select the Security tab, which displays websites classified into four zones: 1. Internet 2. Local Intranet 3. Trusted sites 4. Restricted sites

8. Internet Explorer Security Settings: Internet Zone The Internet zone is for all the Internet websites except for those listed in the Trusted or Restricted zones Click Custom level to set the Internet zone security settings Disable or enable the required options Move the slider to change the security level Set the security level for the zone High to ensure higher security Maintaining the higher security level may degrade the performance of the browser Click OK to apply the settings 8 C O P Y R I G H T © B Y EC-COUNCIL A L L R I G H T S RESERVED. R E P R O D U C T IO N IS STRICTLY P R O H I B I T E D .

9. Internet Explorer Security Settings: ActiveX ControlsActiveX controls are small programs that work over the Internet through the browser They include customized applications that are required to gather data, view select files, and run animations when the user visits websites Malware is downloaded onto the user system through ActiveX controls when he/she visits malicious websites Disable the ActiveX controls and plug‐ins options in the Security Settings window Enable the Automatic prompting for ActiveX controls option so that the browser prompts when there is a requirement of ActiveX controls and plug‐ins to be enabled Click OK to apply the settings 9 C O P Y R I G H T © B Y EC-COUNCIL A L L R I G H T S RESERVED. R E P R O D U C T IO N IS STRICTLY P R O H I B I T E D .

10. 9 Copyright © by EC-Coun All Rights Reserved. Reproduction is Strictly Prohibite Internet Explorer Security Settings: Local Intranet Zone Local intranet zone covers the sites on intranet Steps to add websites to Local intranet zone:  Select Security  Local Intranet  Click Sites  Click the Advanced button  Enter the URL into Add this website to the zone column and click Add  Click OK to apply the settings cil d.

11. Copyright © by EC-Counci eserved. Reproduction is Strictly Prohibited.All Right 10 Internet Explorer Security Settings:Trusted Sites Zone The Trusted sites zone contains those websites that the users believe will not damage their computers or data  Select Security  Trusted sites  Click the Sites button  Enter the URL into Add this website to the zone column and click Add  Click OK to apply the settings l s R

12. 11 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Internet Explorer Security Settings: Restricted ZoneThe Restricted sites zone restricts the access to the websites that might cause damage to a computer To add restricted websites to Restricted sites zone:  Select the Security tab and choose Restricted sites  Click the Sites button  Enter the site URL into the Add this website to the zone column to restrict the access  Click Add and then click OK to apply the settings

13. UNDERSTANDING COOKIES 13 C O P Y R I G H T © B Y EC-COUNCIL A L L R I G H T S RESERVED. R E P R O D U C T IO N IS STRICTLY P R O H I B I T E D . A cookie is information that is provided by a web server to web browser and then sent back unchanged by the browser each time it accesses that server When the website is revisited, the browser sends the information back to it to help recognize the user This activity is invisible to the user and is generally intended to improve the web surfing experience (for example, at an online store)

14. The user can limit the information that is stored in a cookie A cookie is only a text file and cannot search a drive for information or carry a virus To configure cookie settings:  Choose Internet options from the Tools menu on the browser  Select the Privacy tab and use the slider to set the level at low, medium, medium‐high, or high  Block all or accept all cookies depending upon the requirement  Check the Turn on Pop‐up Blocker option to block the pop‐ups that appear while visiting some websites INTERNET EXPLORER PRIVACY SETTINGS 14 C O P Y R I G H T © B Y EC-COUNCIL A L L R I G H T S RESERVED. R E P R O D U C T IO N IS STRICTLY P R O H I B I T E D .

15. Copyright © by EC-Coun All Rights Reserved. Reproduction is Strictly Prohibite 14 DELETING BROWSING HISTORY 1. Choose Internet options from the Tools menu on the browser 2. Go to the Browsing history section 3. Check the desired options in the Delete Browsing History dialog box 4. Click Delete to delete the browsing history cil d.

16. Do Not Allow the Browser to Remember any Password Internet Explorer Autocomplete Password prompt Firefox Remember Password prompt 16 C O P Y R I G H T © B Y EC-COUNCIL A L L R I G H T S RESERVED. R E P R O D U C T IO N IS STRICTLY P R O H I B I T E D .

17. Setting Download options in Internet Explorer SECURING FILE DOWNLOADS 17 C O P Y R I G H T © B Y EC-COUNCIL A L L R I G H T S RESERVED. R E P R O D U C T IO N IS STRICTLY P R O H I B I T E D . To configure the download settings for Internet Explorer, navigate to Tools  Internet options  go to Security tab Click the Custom Level button in the Security Settings window In the Downloads menu Enable the Automatic prompting to File downloads and File download options Click OK to save the settings

18. MOZILLA FIREFOX: SECURITY SETTINGS 18 C O P Y R I G H T © B Y EC-COUNCIL A L L R I G H T S RESERVED. R E P R O D U C T IO N IS STRICTLY P R O H I B I T E D . Launch the Mozilla Firefox browser Click the Tools menu item and select Options

19. MOZILLA FIREFOX: SECURITY SETTINGS 19 C O P Y R I G H T © B Y EC-COUNCIL A L L R I G H T S RESERVED. R E P R O D U C T IO N IS STRICTLY P R O H I B I T E D . Select Security from the Options window Check the option Warn me when sites try to install add‐ons so that the browser prompts before installing add‐ons to the browser Click the Exceptions button and enter the URL into Address of Website box and click Allow to specify which websites are allowed to install add‐ons Check the Block reported attack sites option to avoid visiting malicious websites Check the option Block reported web forgeries to actively check whether the site being visited is an attempt to steal personal information Uncheck the Remember passwords for sites option to prevent the browser from remembering the passwords for the login pages visited

20. 19 Copyright © by EC-Counc All Rights Reserved. Reproduction is Strictly Prohibite MOZILLA FIREFOX: PRIVACY SETTINGS Select Privacy in the Options window The user can choose if Firefox remembers the browsing history Click clear your recent history Select the Time range to clear the history Check the options required to clear the history and click Clear Now il d.

21. Copyright © by EC-Council served. Reproduction is Strictly Prohibited.All Rights 20 SECURING FILE DOWNLOADS Do not accept file downloads from unknown members on the Internet  These downloads may contain malware that will degrade computer performance File are downloaded by default to My Documents  Downloads  The user may configure the browser settings so that he/she is prompted to specify the location to save the file Re

22. Copyright © by EC-Council served. Reproduction is Strictly Prohibited.All Rights 21 To configure the download settings for Mozilla Firefox, navigate to Tool  Options  General Check the option Always ask me where to save the file to allow the browser to ask before downloading a file and to specify the location to which it will be downloaded The browser directly downloads the file to the default location without any intimation if this option is unchecked Setting Download options in Mozilla Firefox SECURING FILE DOWNLOADS Re

23. INSTALLING PLUGINS 23 C O P Y R I G H T © B Y EC-COUNCIL A L L R I G H T S RESERVED. R E P R O D U C T IO N IS STRICTLY P R O H I B I T E D . 1 2 3 4 The Install Missing Plugins message appears while opening some websites Plug‐ins are required to display files, graphics or play a video on a webpage Check if the source of missing plug‐ins is trustworthy or not Scan the downloaded plug‐in using an antivirus software before installing it

24. Google Chrome Privacy and Security Settings Launch Google Chrome Click the icon, then select Options 24 C O P Y R I G H T © B Y EC-COUNCIL A L L R I G H T S RESERVED. R E P R O D U C T IO N IS STRICTLY P R O H I B I T E D .

25. GOOGLE CHROME: PRIVACY SETTINGS 25 C O P Y R I G H T © B Y EC-COUNCIL A L L R I G H T S RESERVED. R E P R O D U C T IO N IS STRICTLY P R O H I B I T E D . Click the Under the Hood tab in Google Chrome Options window Under Privacy, check the desired web services Check the Use DNS pre‐fetching to improve page load performance option DNS pre‐fetching stands for Domain Name System pre‐fetching  When the user visits a webpage, Google Chrome can look up or pre‐fetch the IP addresses of all links on the webpage Check the option Enable phishing and malware protection to prevent the browser from opening any malicious websites

26. 25 Secure Sockets Layer (SSL) is an Internet protocol used by many websites to ensure safe data encryption and transmission The SSL setting in web browsers is turned on by default Some websites require older version of SSL 2.0; check the Use SSL 2.0 option in such conditions Check the check for server certificate revocation option to turn on real‐time verification for the validity of a website's certificate GOOGLE CHROME: SECURITY SETTINGS C O P Y R I G H T © B Y EC-COUNCIL A L L R I G H T S RESERVED. R E P R O D U C T IO N IS STRICTLY P R O H I B I T E D .

27. Launch the Safari browser To change the settings, select the icon and then select Preferences APPLE SAFARI: SECURITY SETTINGS C O P Y R I G H T © B Y EC-COUNCIL A L L R I G H T S RESERVED. R E P R O D U C T IO N IS STRICTLY P R O H I B I T E D . 26

28. 27 Copyright © by EC-Coun All Rights Reserved. Reproduction is Strictly Prohibit APPLE SAFARI: SECURITY SETTINGS  Select the Security tab in the preferences window  The Web Content section permits the user to enable or disable various forms of scripting and active content  It is recommended to accept cookies only from the sites visited  Checking this option allows the browser to warn the user before opening any website that is not secure cil ed.

29. Testing the Browser for Privacy Launch the Internet browser and navigate to http://privacy.net/ analyze/ to test the privacy Click Click here to take the browser test and analyze the privacy of your Internet connection 29 C O P Y R I G H T © B Y EC-COUNCIL A L L R I G H T S RESERVED. R E P R O D U C T IO N IS STRICTLY P R O H I B I T E D .

31. INSTANT MESSAGING (IMING) 31 C O P Y R I G H T © B Y EC-COUNCIL A L L R I G H T S RESERVED. R E P R O D U C T IO N IS STRICTLY P R O H I B I T E D . Instant Messaging (IMing) allows the user to interact with other people on the Internet using a software application

32. INSTANT MESSAGING SECURITY ISSUES 32 C O P Y R I G H T © B Y EC-COUNCIL A L L R I G H T S RESERVED. R E P R O D U C T IO N IS STRICTLY P R O H I B I T E D . IMWorm  A worm that harms the computer and locates all the contacts in the IM address book  The IMWorm tries to send itself to all the contacts in the user’s IM contact list Social Engineering  Social engineering depends on human interaction that involves tricking people through IM and getting their personal information Spam over IM( SPIM)  SPIM is spam delivered through IM instead of delivering it through email  IM systems such as Yahoo! Messenger, AIM, Windows Live Messenger, and chat rooms in social networking sites are popular targets for spammers

33. INSTANT MESSAGING SECURITY MEASURES 33 C O P Y R I G H T © B Y EC-COUNCIL A L L R I G H T S RESERVED. R E P R O D U C T IO N IS STRICTLY P R O H I B I T E D . Do not reveal personal information on IMs Do not accept links received from unknown people on IM Sign out of the IM application after using it Block the users who send unsolicited web‐links Always use strong passwords Do not check the Remember password option

34. Searching on theWeb Search engines display hundreds of results for a search query Not all the web page results obtained by the search engine are secure To add Add‐ons in the Mozilla Firefox browser, navigate to Tools Add‐ons  Get Add‐ons To filter the malicious search results, use an antivirus application as an add‐on to the browser and Enable it 34 C O P Y R I G H T © B Y EC-COUNCIL A L L R I G H T S RESERVED. R E P R O D U C T IO N IS STRICTLY P R O H I B I T E D .

36. It has also become the target for attackers for the large amounts of money involved Online gaming has become a popular pastime, especially due to high‐speed Internet and MMORPGs are popular worldwide and the revenues for these games are well over a billion dollars emerging technology In the world of MMORPGs, also known as online games, players can meet other players, become friends, engage in a battle, fight against evil, and play Massively Multiplayer Online Role‐ Playing Game (MMORPG) is a type of computer role‐playing games in which a large number of players interact with one another within a virtual game world 36 C O P Y R I G H T © B Y EC-COUNCIL A L L R I G H T S RESERVED. R E P R O D U C T IO N IS STRICTLY P R O H I B I T E D . ONLINE GAMING AND MMORPG

37. Copyright © by EC-Counci eserved. Reproduction is Strictly Prohibited. l s RAll Right 36 Interactions with potential fraudsters who may trick the gamer to reveal personal/financial information Computer intruders exploiting security vulnerabilities Online and real‐world predators Malware such as viruses, Trojan horses (Trojans), computer worms, and spyware ONLINE GAMING RISKS

38. Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. 37 INSECURE OR COMPROMISED GAME SERVERS AND GAME CODING If the software at the game server is compromised, the computers that are connected to the server can also be compromised Any game with a network connection has a risk involved The attacker may even use the vulnerabilities to crash the gaming server The vulnerabilities in the game server can be used by the attackers to:  Steal game passwords  Steal information from the gamers’ computers  Control the gamers’ computers remotely  Launch attacks on other computers  Install programs such as Trojans, adware, spyware The game code is generally not as well analyzed as the other software coding This may result in introducing unknown vulnerabilities onto the computer

39. Copyright © by EC-Counci eserved. Reproduction is Strictly Prohibited. l s RAll Right 38 Social Engineering Identity Theft Protection Schemes Cyber Prostitution Virtual Mugging SOCIAL RISKS The attackers may use the social interaction in the online game environment to attack the unprotected computers or to exploit security vulnerabilities

40. Attackers may trick the gamers into installing malicious software on their computers by social engineering They offer a bonus or help in the game in exchange for other players’ passwords or other information in the game forums on a game server The gamers who are looking for ways to make the play easier respond to such offers Attackers send phishing emails supposedly from the game server administrators, which will invite the player to authenticate his/her account via a website linked in the message SOCIAL ENGINEERING 40 C O P Y R I G H T © B Y EC-COUNCIL A L L R I G H T S RESERVED. R E P R O D U C T IO N IS STRICTLY P R O H I B I T E D . Note: Game Masters (GMs) of a game will never ask a gamer for his/her username and/or password

41. MESSAGE FROM A GAMER ABOUT A PASSWORD STOLEN BY A MALICIOUS PROGRAM 41 C O P Y R I G H T © B Y EC-COUNCIL A L L R I G H T S RESERVED. R E P R O D U C T IO N IS STRICTLY P R O H I B I T E D . http://www.securelist.com

42. Organized crime has emerged in South Korean gaming community The criminal organizations force the gamers into protection schemes, where the gamers have to pay money (virtual or real) to avoid killing of the gamers’ characters and theft of the passwords Online games are being used for cyber prostitution where the customers/gamers pay money for cybersex In The Sims online, a Massively Multiplayer Online (MMO) game, a 17‐ year‐old developed a cyber “brothel”, where the gamers paid Sim‐money (Simoleans) for cybersex per minute The gamers’ accounts were eventually cancelled Virtual mugging was coined when some players of Lineage II used bots to defeat other gamers and take their items; these items were later put on sale in online auctions Protection Schemes PROTECTION SCHEMES, CYBER PROSTITUTION, AND VIRTUAL MUGGING 42 C O P Y R I G H T © B Y EC-COUNCIL A L L R I G H T S RESERVED. R E P R O D U C T IO N IS STRICTLY P R O H I B I T E D . Cyber Prostitution Virtual Mugging

43. 42 All Rights Reserved. Repro http://www.securelist.com Stolen items such as passwords or virtual items are put on sale on websites, such as eBay, or on forums These are sold to other gamers for real or virtual money The cyber criminal may ask the gamer for ransom in return for this information HOW THE MALICIOUS USERS MAKE MONEY Copyright © by EC-Council duction is Strictly Prohibited.

44. Security Practices Specific to Gaming 44 C O P Y R I G H T © B Y EC-COUNCIL A L L R I G H T S RESERVED. R E P R O D U C T IO N IS STRICTLY P R O H I B I T E D .

45. 21 Some games require the game to be run in Administrator mode  If that is the case, ensure that the game has been downloaded from a trusted website/vendor Free downloads of games may contain malicious software, including plugins to run the game  This software may be used to gain administrator level control of the computer Instead of using the administrator account, the gamer is advised to browse the Internet or play the games using a User Account, which may deny the attacker access to administrator rights 3 Recognize Administrator Mode Risks 45 C O P Y R I G H T © B Y EC-COUNCIL A L L R I G H T S RESERVED. R E P R O D U C T IO N IS STRICTLY P R O H I B I T E D .

46. Copyright © by EC-Council served. Reproduction is Strictly Prohibited.All Rights Re 45 Some of the games played over the web require ActiveX or JavaScript to b enabled e Recognize Risks due to ActiveX and JavaScript

47. Play the Game, Only at the Game Site Play the games at the game site and save the Internet browsing for later Once done with playing the game, switch to the user account to browse the Internet This reduces the risk of visiting a malicious website when playing a game 47 C O P Y R I G H T © B Y EC-COUNCIL A L L R I G H T S RESERVED. R E P R O D U C T IO N IS STRICTLY P R O H I B I T E D .

48. Play fire fr ing certain multiplayer games may require the wall settings to be changed to allow information om the game to get through to the gamers’ computers Every time the permissive settings are changed on the firewall, the risk of computer security concerns increases In the firewalls, the gamer can designate the fellow gamers’ IP addresses as trusted to avoid any interactions with the attacker Pay Attention to Firewall Management 48 C O P Y R I G H T © B Y EC-COUNCIL A L L R I G H T S RESERVED. R E P R O D U C T IO N IS STRICTLY P R O H I B I T E D .

50. The risks involved when a child works online include: Misdirected searches Stealth sites and misleading URLs Online sexual harassment  Child pornography  Grooming  Cyberbullying RISKS INVOLVED ONLINE 50 C O P Y R I G H T © B Y EC-COUNCIL A L L R I G H T S RESERVED. R E P R O D U C T IO N IS STRICTLY P R O H I B I T E D .

51. Parents may take all the precautions to protect the child online, but all that could be negated when the child is unconsciously led to visit harmful sites When a user searches for websites, the search engines display the results using the meta variables Search engines use terms known as “meta variables” to index a website Porn site promoters add popular search terms to their meta variable list, to redirect the web traffic towards their site Porn sites may use the words “sports”, “school”, “movies”, etc., to lure children to their websites Unless a filtering software is used, the search engines cannot distinguish between the search requests of an adult and a child MISDIRECTED SEARCHES 51 C O P Y R I G H T © B Y EC-COUNCIL A L L R I G H T S RESERVED. R E P R O D U C T IO N IS STRICTLY P R O H I B I T E D . 1 2 3 4 5 6 Example: a sports website may be indexed by the meta terms “soccer”, “football”, “scores”, etc.

Cscu module 06 internet security

Vous êtes en train de lire un aperçu.

Consultez-les par la suite

Cscu module 06 internet security

Plus De Contenu Connexe

Similaire à Cscu module 06 internet security (20)

Plus par Alireza Ghahrood (20)

Plus récents (20)