Contenu connexe
Similaire à Cscu module 06 internet security
Similaire à Cscu module 06 internet security (20)
Cscu module 06 internet security
- 1. Internet Security
Module 6
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
1
Simplifying Security.
- 2. May 18, 2011 1:15 AM CDT
Our View: Bolstering Internet Security Is Imperative
On Monday, the Obama administration proposed a much‐needed international effort to bolster the security of the Internet. It’s
needed because cyberspace has come to serve as both a communications miracle and, potentially, one of the greatest threats to
our security in the 21st century.
That description may seem like hyperbole as it pulls in two completely different directions. But there are justifications for both
descriptions.
The Internet is arguably the greatest technological breakthrough introduced to our society since the television. Perhaps that’s more
hyperbole, unless you consider just how much of our world now is tied to online access and interconnectivity.
The 2010 census noted that 68.7 percent of all U.S. households have Internet connections; a vast majority of businesses also use
the Web for marketing or for inventory purposes, among other tools.
Cyberspace has become a staple in our lives, even if you don’t have an Internet connection in your home or office. Our banking, our
medical records, our credit and our businesses are all linked in some form to the Web. So, too, is much of our infrastructure, our
communication and our national security. Odds are, there is something you want, rely on or need each day that is dependent on
Internet connectivity for you to have it. That may not be a game‐changer in terms of how you live your life, but it’s definitely a
sobering impact.
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
2
http://www.yankton.net
- 3. Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Module Objectives
3
Internet Security
Internet Explorer Security Settings
Mozilla Firefox Security Settings
Google Chrome Security Settings
Apple Safari Security Settings
Instant Messaging (IMing)
Searching on the Web
Online Gaming and MMORPG
Online Gaming Risks
Security Practices Specific to Gaming
Child Online Safety
Role of Internet in Child Pornography
Protecting Children from Online
Threats
How to Report a Crime?
Internet Security Laws
Internet Security Checklists
- 4. Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
4
Module Flow
Browser
Security
Search Engine and
IM Security
Online
Games
Child Online
Safety
Internet Security
Laws
- 5. Top 10 Malware Hosting Countries
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
5
39%
10%
8.72%
5.87%
United States
France
Russia
Germany
China
United Kingdom
Poland
Canada
Ukraine
2.68%
2.03%
1.97%
Hungary 1.84%
2.43%
5.04%
http://www.findmysoft.com
Internet Security
Internet security involves
protecting user data from
unauthorized access and damage
when connected to the Internet
A proper browser configuration
helps in preventing malware
infection, protecting personal
information, and preventing or
limiting the damage from an cyber
attack
Online attack paths:
Emails
Instant messaging
Chat rooms
File sharing and downloads
- 6. Internet Explorer Security Settings
Copyright © by EC-Council
Launch Internet Explorer, click the Tools button, and select Internet options
Select the Security tab, which displays websites classified into four zones:
1. Internet 2. Local Intranet 3. Trusted sites 4. Restricted sites
All Rights Reserved. Reproduction is Strictly Prohibited.
6
- 7. Copyright © by EC-Council
Internet Explorer Security
Settings: Internet Zone
All Rights Reserved. Reproduction is Strictly Prohibited.
7
The Internet zone is for all the Internet
websites except for those listed in the
Trusted or Restricted zones
Click Custom level to set the Internet
zone security settings
Disable or enable the required options
Move the slider to change the security
level
Set the security level for the zone High
to ensure higher security
Maintaining the higher security level
may degrade the performance of the
browser
Click OK to apply the settings
- 8. Copyright © by EC-Council
Internet Explorer Security
Settings: ActiveX Controls
All Rights Reserved. Reproduction is Strictly Prohibited.
ActiveX controls are small programs that work
over the Internet through the browser
They include customized applications that are
required to gather data, view select files, and run
animations when the user visits websites
Malware is downloaded onto the user system
through ActiveX controls when he/she visits
malicious websites
Disable the ActiveX controls and plug‐ins options
in the Security Settings window
Enable the Automatic prompting for ActiveX
controls option so that the browser prompts
when there is a requirement of ActiveX controls
and plug‐ins to be enabled
Click OK to apply the settings
8
- 9. Copyright © by EC-Council
Internet Explorer Security
Settings: Local Intranet Zone
All Rights Reserved. Reproduction is Strictly Prohibited.
9
Local intranet zone covers the
sites on intranet
Steps to add websites to Local
intranet zone:
Select Security Local Intranet
Click Sites
Click the Advanced button
Enter the URL into Add this
website to the zone column and
click Add
Click OK to apply the settings
- 10. Copyright © by EC-Council
Internet Explorer Security
Settings: Trusted Sites Zone
All Rights Reserved. Reproduction is Strictly Prohibited.
10
The Trusted sites zone
contains those websites that
the users believe will not
damage their computers or
data
Select Security Trusted sites
Click the Sites button
Enter the URL into Add this
website to the zone column and
click Add
Click OK to apply the settings
- 11. Copyright © by EC-Council
Internet Explorer Security
Settings: Restricted Zone
All Rights Reserved. Reproduction is Strictly Prohibited.
11
The Restricted sites zone restricts
the access to the websites that
might cause damage to a computer
To add restricted websites to
Restricted sites zone:
Select the Security tab and choose
Restricted sites
Click the Sites button
Enter the site URL into the Add this
website to the zone column to
restrict the access
Click Add and then click OK to apply
the settings
- 12. A cookie is information that is provided by a web server to web browser and then sent back
unchanged by the browser each time it accesses that server
When the website is revisited, the browser sends the information back to it to help
recognize the user
This activity is invisible to the user and is generally intended to improve the web surfing
experience (for example, at an online store)
Copyright © by EC-Council
Understanding Cookies
All Rights Reserved. Reproduction is Strictly Prohibited.
12
- 13. Internet Explorer Privacy Settings
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
13
The user can limit the information
that is stored in a cookie
A cookie is only a text file and cannot
search a drive for information or
carry a virus
To configure cookie settings:
Choose Internet options from the Tools
menu on the browser
Select the Privacy tab and use the slider
to set the level at low, medium,
medium‐high, or high
Block all or accept all cookies
depending upon the requirement
Check the Turn on Pop‐up Blocker
option to block the pop‐ups that appear
while visiting some websites
- 14. Copyright © by EC-Council
Deleting Browsing History
All Rights Reserved. Reproduction is Strictly Prohibited.
14
1. Choose Internet options
from the Tools menu on
the browser
2. Go to the Browsing history
section
3. Check the desired options
in the Delete Browsing
History dialog box
4. Click Delete to delete the
browsing history
- 15. Copyright © by EC-Council
Do Not Allow the Browser to
Remember any Password
All Rights Reserved. Reproduction is Strictly Prohibited.
15
Internet Explorer Autocomplete Password
prompt
Firefox Remember Password prompt
- 16. Copyright © by EC-Council
Securing File Downloads
All Rights Reserved. Reproduction is Strictly Prohibited.
16
Setting Download options in Internet Explorer
To configure the download settings
for Internet Explorer, navigate to
Tools Internet options go to
Security tab
Click the Custom Level button in the
Security Settings window
In the Downloads menu Enable the
Automatic prompting to File
downloads and File download
options
Click OK to save the settings
- 17. Mozilla Firefox: Security Settings
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Launch the Mozilla Firefox browser
Click the Tools menu item and select Options
17
- 18. Mozilla Firefox: Security Settings
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
18
Select Security from the Options window
Check the option Warn me when sites try to
install add‐ons so that the browser prompts
before installing add‐ons to the browser
Click the Exceptions button and enter the URL into
Address of Website box and click Allow to specify
which websites are allowed to install add‐ons
Check the Block reported attack sites option to
avoid visiting malicious websites
Check the option Block reported web forgeries
to actively check whether the site being visited
is an attempt to steal personal information
Uncheck the Remember passwords for sites
option to prevent the browser from remembering
the passwords for the login pages visited
- 19. Mozilla Firefox: Privacy Settings
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
19
Select Privacy in the Options
window
The user can choose if Firefox
remembers the browsing history
Click clear your recent
history
Select the Time range to clear
the history
Check the options required to
clear the history and click
Clear Now
- 20. Copyright © by EC-Council
Securing File Downloads
All Rights Reserved. Reproduction is Strictly Prohibited.
20
Do not accept file downloads from unknown
members on the Internet
These downloads may contain malware that will
degrade computer performance
File are downloaded by default to My
Documents Downloads
The user may configure the browser settings
so that he/she is prompted to specify the
location to save the file
- 21. Copyright © by EC-Council
Securing File Downloads
All Rights Reserved. Reproduction is Strictly Prohibited.
21
To configure the download
settings for Mozilla Firefox,
navigate to Tool Options
General
Check the option Always ask me
where to save the file to allow
the browser to ask before
downloading a file and to
specify the location to which it
will be downloaded
The browser directly downloads
the file to the default location
without any intimation if this
option is unchecked
Setting Download options in Mozilla Firefox
- 22. Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Installing Plugins
22
1
2
3
4
The Install Missing Plugins message appears while opening
some websites
Plug‐ins are required to display files, graphics or play a video
on a webpage
Check if the source of missing plug‐ins is trustworthy or
not
Scan the downloaded plug‐in using an antivirus software
before installing it
- 23. Copyright © by EC-Council
Google Chrome Privacy and
Security Settings
All Rights Reserved. Reproduction is Strictly Prohibited.
23
Launch Google Chrome
Click the icon, then
select Options
- 24. Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
24
Google Chrome:
Privacy Settings
Click the Under the Hood tab in Google
Chrome Options window
Under Privacy, check the desired web
services
Check the Use DNS pre‐fetching to
improve page load performance option
DNS pre‐fetching stands for Domain Name
System pre‐fetching
When the user visits a webpage, Google
Chrome can look up or pre‐fetch the IP
addresses of all links on the webpage
Check the option Enable phishing and
malware protection to prevent the
browser from opening any malicious
websites
- 25. Google Chrome: Security Settings
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
25
Secure Sockets Layer (SSL) is an Internet
protocol used by many websites to
ensure safe data encryption and
transmission
The SSL setting in web browsers is
turned on by default
Some websites require older version of
SSL 2.0; check the Use SSL 2.0 option in
such conditions
Check the check for server certificate
revocation option to turn on real‐time
verification for the validity of a
website's certificate
- 26. Copyright © by EC-Council
Apple Safari: Security Settings
Launch the Safari browser
To change the settings, select the icon and then select Preferences
All Rights Reserved. Reproduction is Strictly Prohibited.
26
- 27. Copyright © by EC-Council
Apple Safari: Security Settings
All Rights Reserved. Reproduction is Strictly Prohibited.
27
Select the Security tab in the
preferences window
The Web Content section
permits the user to enable
or disable various forms of
scripting and active content
It is recommended to accept
cookies only from the sites
visited
Checking this option allows
the browser to warn the
user before opening any
website that is not secure
- 28. Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
28
Testing the Browser
for Privacy
Launch the Internet browser and
navigate to http://privacy.net/
analyze/ to test the privacy
Click Click here to take the browser
test and analyze the privacy of your
Internet connection
- 29. Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
29
Module Flow
Browser
Security
Search Engine and
IM Security
Online
Games
Child Online
Safety
Internet Security
Laws
- 30. Copyright © by EC-Council
Instant Messaging (IMing)
Instant Messaging (IMing) allows the user to interact with other people on
the Internet using a software application
All Rights Reserved. Reproduction is Strictly Prohibited.
30
- 31. Instant Messaging Security Issues
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
31
IMWorm
A worm that harms the computer and locates all the
contacts in the IM address book
The IMWorm tries to send itself to all the contacts in the
user’s IM contact list
Social Engineering
Social engineering depends on human interaction that
involves tricking people through IM and getting their
personal information
Spam over IM( SPIM)
SPIM is spam delivered through IM instead of delivering
it through email
IM systems such as Yahoo! Messenger, AIM, Windows
Live Messenger, and chat rooms in social networking
sites are popular targets for spammers
- 32. Instant Messaging Security Measures
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
32
Do not reveal personal information
on IMs
Do not accept links received from
unknown people on IM
Block the users who send unsolicited
web‐links
Always use strong passwords
Sign out of the IM application after
using it
Do not check the Remember
password option
- 33. Searching on the Web
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
33
Search engines display
hundreds of results for a
search query
Not all the web page results
obtained by the search
engine are secure
To filter the malicious search
results, use an antivirus
application as an add‐on to
the browser and Enable it
To add Add‐ons in the
Mozilla Firefox browser,
navigate to Tools Add‐ons
Get Add‐ons
- 34. Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
34
Module Flow
Browser
Security
Search Engine and
IM Security
Online
Games
Child Online
Safety
Internet Security
Laws
- 35. Online Gaming and MMORPG
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
35
It has also become the target
for attackers for the large
amounts of money involved
Online gaming has become a
popular pastime, especially due
to high‐speed Internet and
emerging technology
In the world of MMORPGs, also known
as online games, players can meet other
players, become friends, engage in a
battle, fight against evil, and play
MMORPGs are popular
worldwide and the revenues
for these games are well
over a billion dollars
Massively Multiplayer Online Role‐
Playing Game (MMORPG) is a type
of computer role‐playing games in
which a large number
of players interact with one another
within a virtual game world
- 36. Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Online Gaming Risks
36
Interactions with
potential fraudsters who
may trick the gamer to
reveal personal/financial
information
Computer intruders
exploiting security
vulnerabilities
Online and real‐world
predators
Malware such as viruses,
Trojan horses (Trojans),
computer worms, and
spyware
- 37. Insecure or Compromised Game Servers
and Game Coding
If the software at the game server is compromised,
the computers that are connected to the server can
also be compromised
Any game with a network connection has a risk
involved
The attacker may even use the vulnerabilities to
crash the gaming server
The vulnerabilities in the game server can be used by the
attackers to:
Steal game passwords
Steal information from the gamers’ computers
Control the gamers’ computers remotely
Launch attacks on other computers
Install programs such as Trojans, adware, spyware
The game code is generally not as well analyzed as the
other software coding
This may result in introducing unknown vulnerabilities
onto the computer
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
37
- 38. Virtual Mugging
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
38
Social Engineering
Identity Theft
Protection Schemes
Cyber Prostitution
Social Risks
The attackers may use the social interaction in the online game environment to
attack the unprotected computers or to exploit security vulnerabilities
- 39. Note: Game Masters (GMs) of a game will never ask a gamer for his/her username and/or password
Copyright © by EC-Council
Social Engineering
Attackers may trick the gamers into installing malicious
software on their computers by social engineering
They offer a bonus or help in the game in exchange for
other players’ passwords or other information in the
game forums on a game server
The gamers who are looking for ways to make the play
easier respond to such offers
Attackers send phishing emails supposedly from
the game server administrators, which will invite the
player to authenticate his/her account via a website
linked in the message
All Rights Reserved. Reproduction is Strictly Prohibited.
39
- 40. Message from a Gamer About a Password
Stolen by a Malicious Program
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
40
http://www.securelist.com
- 41. Protection Schemes, Cyber Prostitution,
andVirtual Mugging
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
41
Organized crime has
emerged in South Korean
gaming community
The criminal organizations
force the gamers into
protection schemes,
where the gamers have to
pay money (virtual or
real) to avoid killing of the
gamers’ characters and
theft of the passwords
Online games are being
used for cyber prostitution
where the
customers/gamers pay
money for cybersex
In The Sims online, a
Massively Multiplayer
Online (MMO) game, a 17‐
year‐old developed a cyber
“brothel”, where the
gamers paid Sim‐money
(Simoleans) for cybersex
per minute
The gamers’ accounts were
eventually cancelled
Virtual mugging was
coined when some
players of Lineage II
used bots to defeat
other gamers and take
their items; these items
were later put on sale in
online auctions
Protection
Schemes
Cyber
Prostitution
Virtual
Mugging
- 42. How the Malicious Users Make Money
Stolen items such as passwords or virtual items are put on sale on websites, such as eBay, or on forums
These are sold to other gamers for real or virtual money
The cyber criminal may ask the gamer for ransom in return for this information
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
42
http://www.securelist.com
- 43. Copyright © by EC-Council
Security Practices Specific
All Rights Reserved. Reproduction is Strictly Prohibited.
to Gaming
43
- 44. Recognize Administrator Mode Risks
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
1 2
44
Some games require the
game to be run in
Administrator mode
If that is the case, ensure
that the game has been
downloaded from a
trusted website/vendor
Free downloads of games may
contain malicious software,
including plugins to run the
game
This software may be used
to gain administrator level
control of the computer
Instead of using the
administrator account, the
gamer is advised to browse the
Internet or play the games
using a User Account, which
may deny the attacker access
to administrator rights
3
- 45. Copyright © by EC-Council
Recognize Risks due to ActiveX
and JavaScript
All Rights Reserved. Reproduction is Strictly Prohibited.
45
Some of the games played
over the web require
ActiveX or JavaScript to be
enabled
- 46. Copyright © by EC-Council
Play the Game, Only at the
Game Site
All Rights Reserved. Reproduction is Strictly Prohibited.
46
Play the games at the
game site and save
the Internet
browsing for later
Once done with
playing the game,
switch to the user
account to browse
the Internet
This reduces the risk
of visiting a malicious
website when playing
a game
- 47. Pay Attention to Firewall
Management
Playing certain multiplayer games may require the
firewall settings to be changed to allow information
from the game to get through to the gamers’ computers
Every time the permissive settings are changed
on the firewall, the risk of computer security
concerns increases
In the firewalls, the gamer can designate the fellow
gamers’ IP addresses as trusted to avoid any interactions
with the attacker
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
47
- 48. Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
48
Module Flow
Browser
Security
Search Engine and
IM Security
Online
Games
Child Online
Safety
Internet Security
Laws
- 49. Copyright © by EC-Council
Risks Involved Online
All Rights Reserved. Reproduction is Strictly Prohibited.
49
The risks involved when a child works
online include:
Misdirected searches
Stealth sites and misleading URLs
Online sexual harassment
Child pornography
Grooming
Cyberbullying
- 50. Copyright © by EC-Council
Misdirected Searches
Parents may take all the precautions to protect the child online, but all that could
be negated when the child is unconsciously led to visit harmful sites
Search engines use terms known as “meta variables” to index a website
When a user searches for websites, the search engines display the results using
the meta variables
Porn site promoters add popular search terms to their meta variable list, to redirect
the web traffic towards their site
Porn sites may use the words “sports”, “school”, “movies”, etc., to lure children
to their websites
Unless a filtering software is used, the search engines cannot distinguish between
the search requests of an adult and a child
All Rights Reserved. Reproduction is Strictly Prohibited.
50
1
2
3
4
5
6
Example: a sports website may be indexed by the meta terms “soccer”,
“football”, “scores”, etc.
- 51. Stealth Sites and Misleading
URLs
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
51
Pornographic websites
thrive on increased web
traffic
Pornographic sites use
common typo errors to
lure visitors to their
websites
Children may end up at a
pornographic website just by
typing
“www.whitehouse.com”
instead of
“www.whitehouse.gov”
Porn site promoters buy
domain names such as the
“.com” equivalent of a “.gov”
or a “.org” website, being
aware that web surfers would
end up at their website if
there is a typographical error
- 52. Child Pornography, Grooming, and
Cyberbullying
Child Pornography Grooming Cyberbullying
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
52
“Under federal law (18 U.S.C.
§2256), child pornography is
defined as any visual depiction,
including any photograph, film,
video, picture, or computer or
computer‐generated image or
picture, whether made or
produced by electronic,
mechanical, or other means, of
sexually explicit conduct, where
the production of the visual
depiction involves the use of a
minor engaging in sexually
explicit conduct”
“Grooming” is an act of
befriending and establishing
emotional connection with
children
Child grooming is used for
lessening the child’s
inhibitions and preparing
them for child abuse
The offenders target children
through attention, affection,
kindness and sympathy, and
offer gifts and/or money
Cyberbullying occurs when a
child, preteen or teen, is
threatened, harassed, and/or
embarrassed using the
Internet or mobile phones or
other communication media
Cyberbullying signs:
Upset after using the
computer
Refuse to step out of the
house or to go to school
Draws away from friends
and family
‐http://www.missingkids.com
- 53. Role of the Internet in Child Pornography
The Internet provides easy access to huge quantities of pornographic materials
Various web services such as emails, newsgroups, and chat rooms facilitate the
sharing of pornographic materials
It supports transfer of pornographic materials in various formats that can be
stored on different digital storage devices
Copyright © by EC-Council
It provides a cost‐effective medium for the transfer of pornographic
materials
It enables people with an Internet connection to access pornographic
materials at any time and anywhere
All Rights Reserved. Reproduction is Strictly Prohibited.
It ensures complete anonymity and privacy
53
- 54. Effects of Pornography on Children
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
54
Child victims suffer
from depression, anger,
withdrawal, and other
psychological problems
Physical injuries due to
molestation, such as
genital bruising or
exposure to sexually
transmitted diseases
They experience mental
weakness such as:
Guilt and feeling
responsible for the
abuse and betrayal
A sense of
powerlessness and
worthlessness
Low self‐esteem
- 55. Risks Involved in Social Networking
Websites
Copyright © by EC-Council
People on the social networking websites can view the profiles,
photos, and videos of other people on that website
The child may provide too much information on a social
networking website
Online predators may get information such as email IDs,
telephone numbers, residential address, hobbies, interests
and more from their profile
Online predators may use this information for cyberbullying,
identity theft, or cyber exploitation
All Rights Reserved. Reproduction is Strictly Prohibited.
55
- 56. Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Unsolicited Emails
56
Online predators may
use email techniques
to steal information
from children
They may send spam emails
that contain pornographic
materials or links to
pornographic websites
The child may even be
asked to register on that
website by providing
personal information
- 57. Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
57
Chat Rooms
Online predators may use
social engineering techniques
to get personal information
from children in a chat room
Online predators may use chat
rooms to build contacts with
children and then lead them into
cyber prostitution
They may also use chat rooms
to sends links to websites with
inappropriate content, such as
pornography
They may also send malicious
links to children, which may
result in the computer getting
infected with malware
- 58. Finding if Children are at Risk Online
The parent can find if their children are facing any online threats from the following symptoms:
Copyright © by EC-Council
The child spends more time sitting at the computer
Pornographic material is present on the child’s computer
The child receives phone calls and/or gifts from unknown
persons
The child turns off the monitor or quickly changes the
screen when the parent enters their room
The child looks depressed and does not show any interest in
talking with family or friends
All Rights Reserved. Reproduction is Strictly Prohibited.
58
- 59. Protecting Children from Online
Threats
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
59
Ensure that the child knows about dangers
of computer‐sex offenders
Monitor what the child does on the
computer
Use caller ID on phones to determine who is
calling the child, and block numbers that
are suspicious
Monitor the child's access to all types of live
electronic communications such as chat
rooms, instant messages, Internet Relay
Chat, etc.
Restrict access to the malicious and porn
websites using Internet content filtering
software
If the child is maintaining a social
networking profile, look closely at what
information they have posted in their
member profiles and blogs, including
photos and videos
Check credit card statements each
month for any unusual charges that may
indicate unauthorized purchases by a
stranger or your child
Notify the police if someone the child
met online starts calling them, sends
gifts, or trying to lure them for revealing
sensitive information
Ensure that the child does not:
Provide personal information such as
name, address, phone, school name
Meet anyone online without
permission
Open emails from unknown senders
Share their photos/videos with
strangers over the Internet
- 60. The parents should encourage their children to
report any inappropriate behavior they may face
online
The parents can encourage the child to come to
them if they are being bullied or are facing online
predators
The children may also be encouraged to speak to a
trusted individual such as an aunt, uncle, or older
sibling, if they are uncomfortable talking to the
parents
Copyright © by EC-Council
Encourage Children to Report
All Rights Reserved. Reproduction is Strictly Prohibited.
60
- 61. Copyright © by EC-Council
How to Report a Crime
All Rights Reserved. Reproduction is Strictly Prohibited.
61
http://www.ic3.gov
Internet crimes can be
reported at
http://www.ic3.gov/comp
laint/default.aspx by
clicking Report Internet
Crime
- 62. Security Software for Protecting Children from Online
Threats
Children can be protected from online threats by installing appropriate security software on
the child’s computer
The features that a parent should look for in the software include:
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
62
Web blocking
To help prevent the child from viewing
inappropriate content
Program blocking
To help block games, peer‐peer file
sharing, etc.
Email blocking
To help block unknown email addresses and
prevent children from communicating with
people they met online, through email
Time limits
To help control the amount of time the child
spends on the computer
IM features
To help in recording and monitoring the IM chats of the child,
thus help the parent in determining if the child is engaged in
an inappropriate dialogue with unknown persons
Usage reports
To provide a timely report on the child’s Internet usage and IM
history to monitor the child’s online interactions
Video filtering
To ensure that the child does not view inappropriate videos on
sites such as YouTube, but at the same time allow the child to
view useful/fun videos
Social networking features
To help in recording and monitoring the content that the child
posts online, and to determine if the child is being bullied
online
- 63. Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
63
KidZui
http://www.kidzui.com
KidZui is a free web
browser, search engine,
and online playground for
kids
It has a large number of
games, websites, videos,
and photos reviewed by
parents and teachers
It eliminates the need for
parents when kids are
online
- 64. Copyright © by EC-Council
Actions To Take When the Child
Becomes an Online Victim
All Rights Reserved. Reproduction is Strictly Prohibited.
64
Report the offense to the
Internet Service Provider
(ISP)
Also report to the offender’s ISP
Encourage the child not to
log into the website where
bullying occurred
Block the offender’s email
address and screen name so
that they cannot contact the
child anymore
Change the online
information of the child and
delete the social networking
accounts if necessary
Ignore any contact from the
online predator or cyberbully
- 65. Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
65
Module Flow
Browser
Security
Search Engine and
IM Security
Online
Games
Child Online
Safety
Internet Security
Laws
- 66. The web space is a vast terrain and with plethora of e‐commerce sites, analytical sites, sports sites,
information sites, business sites, etc.
Such a large domain requires supervision to protect the netizens from Internet criminals, attackers, etc.
Internet laws protect the users from immoral/indecent acts, privacy breach, etc., on the Internet
Why you need to
know Internet laws: Internet laws cover: Important laws:
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Internet Laws
Defamation
Intellectual property
Patents
Copyrights
Privacy infringement
Child protection, etc.
66
USA PATRIOT Act
Children’s Online Privacy
Protection Act (COPPA)
The Digital Millennium
Copyright Act
CAN‐SPAM Act
Computer Misuse Act 1990
European Union Data
Protection Directive
Data Protection Act 1998
Internet users should know the
Internet laws to leverage the
disputes against e‐commerce
vendors, fraudsters/Internet
criminals, etc.,
Knowing the Internet laws helps
the users to understand what
they can and cannot post on the
Internet
Also, users need to know the
Internet laws to be able to legally
use the immense content
present on the Internet
- 67. Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
USA PATRIOT Act
67
USA PATRIOT (Uniting and Strengthening
America by Providing Appropriate Tools
Required to Intercept and Obstruct Terrorism,
USAPA),was passed on October 26, 2001
TITLE II‐Enhanced Surveillance Procedures,
section 216 of the Patriot act, gives law
enforcement authorities access to dialing,
routing, and signaling information
According to the act, law enforcement
authorities have access to the email packets
(includes email content)
Under the act, the government can compel
the ISP to release the subscriber information
that includes:
Customer name
Customer address
Mode of payment
Credit card information
Bank account information
Section 212 of the act allows the ISPs to
voluntarily disclose the customer
information including the customer records
and all electronic transmissions (email,
voice transmissions)
The ISPs may choose to reveal the
customer information if they believe that
there is risk of death or bodily injury to an
individual/group
Section 220 of the act allows for
nationwide search warrants for email
This gives the authorities the right to
search a suspect without having to go to
the place of the ISP
- 68. Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Children’s Online Privacy
Protection Act (COPPA)
68
The COPPA is relevant to the online collection of
personal information from children below the age
of 13
The act dictates:
What a website owner must include in the privacy
policy
When and how the verifiable consent can be requested
from the parents
The responsibility of the website owner in protecting
the children’s online safety and privacy
Every operator of a website or online service who
collects the personal information of children,
knowingly, must comply with COPPA
The operator must include a link to the privacy
policy of the website on the home page
The privacy policy should include:
The name and contact information of all the operators
collecting/maintaining the personal information
The kind of personal information that will be collected
How the operator intends to use the personal information
Whether the operator releases the personal information
to third parties
If the parents’ consent is required for releasing the
information to third parties
The procedure that the parents should follow to control
their children’s personal information
According to the act, the operator should:
Notify the parents that he/she intends to collect their
children’s information
Ask for the parents’ consent before releasing the
information to the third parties/public disclosure
Inform the parents about the internal use of the personal
information
Inform the parents if there are any changes in the privacy
policy
- 69. The Digital Millennium Copyright
Act
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
69
The Digital Millennium
Copyright Act (DMCA)
1998 was signed into
law by President
Clinton
The European Union
Copyright Directive
(EUCD) addresses some of
the same copyright
infringement issues as the
DMCA
According to the act, any
infringement of the copyrighted
material is a criminal offense
- 70. Circumventing any anti‐piracy measures built into commercial software is a crime
Bans the production, sale, or distribution of code cracking tools to illegally copy software
Permits the cracking of copyright‐protected software to perform encryption research and test
computer security systems
Nonprofit libraries, educational institutions, etc., are exempted from the act under certain
circumstances
ISPs are, however, required to remove the copyright‐infringing materials from user websites
Copyright © by EC-Council
ISPs are exempt for simply transmitting information over the Internet
Webcasters are required to pay licensing fee to the recording companies
All Rights Reserved. Reproduction is Strictly Prohibited.
Highlights of DMCA
70
- 71. Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
71
The CAN‐SPAM act was signed into
law by the U.S. President George W.
Bush on December 16, 2003
The act establishes the standards for
sending commercial email
The CAN‐SPAM act:
Defines the rules for commercial email
Establishes the requirements for
commercial messages
Gives recipients the right to have the
sender stop emailing them
Each email that violates CAN‐SPAM act
is subject to penalties of up to
$16,000
Do not use false or misleading email
header information
If the message is an advertisement,
you are required to disclose it
clearly
You should tell the recipients how
they can opt out of receiving further
emails from you
You should honor the recipients opt‐out
request within 10 business days
If a third party is sending emails on
your behalf, monitor what they are
sending to the recipients
CAN-SPAM Act
Requirements
- 72. Copyright © by EC-Council
Computer Misuse Act 1990
All Rights Reserved. Reproduction is Strictly Prohibited.
The Computer Misuse Act 1990 is an act of the UK Parliament
72
The act makes certain activities
illegal such as:
Hacking into other users’ computers
Misusing software
Helping an attacker gain access to
secured files/documents in another
user’s computer
The act defines three computer
misuse offenses:
Unauthorized access to computer material
Unauthorized access with intent to commit
or facilitate commission of further offenses
Unauthorized modification of computer
material
- 73. European Union Data Protection
Directive (95/46/EC)
The 95/46/EC directive provides guidelines to European Union member states for individuals’ privacy and
data protection
Section 1of the directive provides the principles relating to data quality, section 2 provides criteria for
making data processing legitimate and section 5 defines the data subject's right of access to data
According to section 1 of the directive, Member States shall provide that personal data must be collected
for specified, explicit and legitimate purposes and not further processed in a way incompatible with those
purposes
Section 2 states that Member States shall provide that personal data may be processed only if the data
subject has unambiguously given his consent
Section 5 states that Member States shall guarantee every data subject the right to obtain from the
controller without constraint at reasonable intervals and without excessive delay
Copyright © by EC-Council
The directive regulates the processing of personal data regardless of whether such processing is
automated or not
All Rights Reserved. Reproduction is Strictly Prohibited.
73
- 74. Copyright © by EC-Council
Data Protection Act 1998 (UK)
Right To Privacy
All Rights Reserved. Reproduction is Strictly Prohibited.
74
Data Protection Act 1998
defines UK law on the
processing of data on
identifiable living people and is
the main piece of legislation
that governs the protection of
personal data in the UK
It protects people's
fundamental rights and
freedoms and in particular
their right to privacy with
respect to the processing of
personal data
Personal Data
Authorization
Data must not be disclosed to
other parties without the
consent of the individual whom
it is about, unless there is
legislation or other overriding
legitimate reason to share the
information
It is an offence for other parties
to obtain this personal data
without authorization
Explicit Consent
- 75. Internet security involves protecting user’ data and information from unauthorized access when
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Module Summary
75
connected to the Internet
Scan the file downloads with updated antivirus software to check for the presence of malware
Online gaming has become a popular pasttime, especially due to high‐speed Internet and emerging
technology
If the software at the game server is compromised, the computers that are connected to the server
can also be compromised
Parents may take all precautions to protect the child online, but all that could be negated when the
child is unconsciously led to visit harmful sites
Children can be protected from online threats by installing appropriate security software on the
child’s computer
Internet laws protect users from immoral/indecent acts and privacy breach on the Internet
Knowing the Internet laws helps the users to understand what they can and cannot post on the
Internet
- 76. Copyright © by EC-Council
Internet Security Checklists
Regularly update your operating system and other installed
applications
Ensure that you have the latest web browser installed on
the system and update it regularly
Install a safe browsing tool that warns about reported phishing sites
and blocks access to the addresses
Ensure that you are connected to a secured network when using a
wireless network
Never respond to unsolicited email offers or requests for
information
All Rights Reserved. Reproduction is Strictly Prohibited.
Set up a firewall to control the flow of information
76
- 77. Copyright © by EC-Council
Internet Security Checklists
Do not click the links sent by unknown users
Do not download files from unknown sources
Do not give out personally identifiable information when registering
with websites/applications
Do not click any pop‐ups that appear while browsing websites
Regularly scan your system for viruses, worms, Trojans, spyware, key
loggers and other malware using antivirus
Update the antivirus application on a regular basis
All Rights Reserved. Reproduction is Strictly Prohibited.
77
- 78. Copyright © by EC-Council
Internet Security Checklists
Use strong passwords and change them at regular intervals
Disconnect from the Internet if anything suspicious is found on the
computer
Always check the Address bar for correct URL
Always check the website certificate, SSL padlocks and HTTPs
Remove unnecessary protocols from the Internet interface
Check router or firewall logs to identify abnormal network
connections to the Internet
All Rights Reserved. Reproduction is Strictly Prohibited.
Do not enable ActiveX and JavaScript features
Regularly back up the important files
78
- 79. Copyright © by EC-Council
Protect Their Child from Online Threats
Get a profile on the social networking site the child is on
Check if anyone is trying to impersonate the child online
Encourage the child to use the child safe applications such as KidZui
All Rights Reserved. Reproduction is Strictly Prohibited.
Checklist for Parents to
Talk to children about what they do on the computer
Review the list of the child’s friends
Be informed of the challenges of social networking
79