Weitere ähnliche Inhalte
Ähnlich wie Cscu module 06 internet security (20)
Mehr von Alireza Ghahrood (20)
Kürzlich hochgeladen (20)
Cscu module 06 internet security
- 1. 1 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Internet
Security
Simplifying Security.
Module 6
- 3. OurView: Bolstering Internet Security Is Imperative
On Monday, the Obama administration proposed a much‐needed international effort to bolster the security of the Internet. It’s
needed because cyberspace has come to serve as both a communications miracle and, potentially, one of the greatest threats to
our security in the 21st century.
That description may seem like hyperbole as it pulls in two completely different directions. But there are justifications for both
descriptions.
The Internet is arguably the greatest technological breakthrough introduced to our society since the television. Perhaps that’s more
hyperbole, unless you consider just how much of our world now is tied to online access and interconnectivity.
The 2010 census noted that 68.7 percent of all U.S. households have Internet connections; a vast majority of businesses also use
the Web for marketing or for inventory purposes, among other tools.
Cyberspace has become a staple in our lives, even if you don’t have an Internet connection in your home or office. Our banking, our
medical records, our credit and our businesses are all linked in some form to the Web. So, too, is much of our infrastructure, our
communication and our national security. Odds are, there is something you want, rely on or need each day that is dependent on
Internet connectivity for you to have it. That may not be a game‐changer in terms of how you live your life, but it’s definitely a
sobering impact.
3
C O P Y R I G H T © B Y EC-COUNCIL
A L L R I G H T S RESERVED. R E P R O D U C T IO N IS STRICTLY P R O H I B I T E D .
http://www.yankton.net
May 18, 2011 1:15 AM CDT
- 4. 4
C O P Y R I G H T © B Y EC-COUNCIL
A L L R I G H T S RESERVED. R E P R O D U C T IO N IS STRICTLY P R O H I B I T E D .
MODULE OBJECTIVES
Internet Security
Internet Explorer Security Settings
Mozilla Firefox Security Settings
Google Chrome Security Settings
Apple Safari Security Settings
Instant Messaging (IMing)
Searching on the Web
Online Gaming and MMORPG
Online Gaming Risks
Security Practices Specific to Gaming
Child Online Safety
Role of Internet in Child Pornography
Protecting Children from Online
Threats
How to Report a Crime?
Internet Security Laws
Internet Security Checklists
- 5. MODULE FLOW
5
C O P Y R I G H T © B Y EC-COUNCIL
A L L R I G H T S RESERVED. R E P R O D U C T IO N IS STRICTLY P R O H I B I T E D .
Browser
Security
Search Engine and
IM Security
Online
Games
Child Online
Safety
Internet Security
Laws
- 6. Canada
Ukraine
Hungary 1.84%
1.97%
2.03%
Top 10 Malware Hosting Countries
http://www.findmysoft.com
6
C O P Y R I G H T © B Y EC-COUNCIL
A L L R I G H T S RESERVED. R E P R O D U C T IO N IS STRICTLY P R O H I B I T E D .
INTERNET SECURITYInternet security involves
protecting user data from
unauthorized access and damage
when connected to the Internet
A proper browser configuration
helps in preventing malware
infection, protecting personal
information, and preventing or
limiting the damage from an cyber
attack
Online attack paths:
Emails
Instant messaging
Chat rooms
File sharing and downloads
United States
France
10% 39%
Russia 8.72%
Germany 5.87%
China
United Kingdom
2.68% 5.04%
Poland 2.43%
- 7. INTERNET
EXPLORER
SECURITY
SETTINGS
7
C O P Y R I G H T © B Y EC-COUNCIL
A L L R I G H T S RESERVED. R E P R O D U C T IO N IS STRICTLY P R O H I B I T E D .
Launch Internet Explorer, click the Tools button, and select Internet options
Select the Security tab, which displays websites classified into four zones:
1. Internet 2. Local Intranet 3. Trusted sites 4. Restricted sites
- 8. Internet Explorer
Security Settings: Internet
Zone
The Internet zone is for all the Internet
websites except for those listed in the
Trusted or Restricted zones
Click Custom level to set the Internet
zone security settings
Disable or enable the required options
Move the slider to change the security
level
Set the security level for the zone High
to ensure higher security
Maintaining the higher security level
may degrade the performance of the
browser
Click OK to apply the settings
8
C O P Y R I G H T © B Y EC-COUNCIL
A L L R I G H T S RESERVED. R E P R O D U C T IO N IS STRICTLY P R O H I B I T E D .
- 9. Internet Explorer
Security Settings: ActiveX
ControlsActiveX controls are small programs that work
over the Internet through the browser
They include customized applications that are
required to gather data, view select files, and run
animations when the user visits websites
Malware is downloaded onto the user system
through ActiveX controls when he/she visits
malicious websites
Disable the ActiveX controls and plug‐ins options
in the Security Settings window
Enable the Automatic prompting for ActiveX
controls option so that the browser prompts
when there is a requirement of ActiveX controls
and plug‐ins to be enabled
Click OK to apply the settings
9
C O P Y R I G H T © B Y EC-COUNCIL
A L L R I G H T S RESERVED. R E P R O D U C T IO N IS STRICTLY P R O H I B I T E D .
- 10. 9 Copyright © by EC-Coun
All Rights Reserved. Reproduction is Strictly Prohibite
Internet Explorer Security
Settings: Local Intranet Zone
Local intranet zone covers the
sites on intranet
Steps to add websites to Local
intranet zone:
Select Security Local Intranet
Click Sites
Click the Advanced button
Enter the URL into Add this
website to the zone column and
click Add
Click OK to apply the settings
cil
d.
- 11. Copyright © by EC-Counci
eserved. Reproduction is Strictly Prohibited.All Right
10
Internet Explorer Security
Settings:Trusted Sites
Zone
The Trusted sites zone
contains those websites that
the users believe will not
damage their computers or
data
Select Security Trusted sites
Click the Sites button
Enter the URL into Add this
website to the zone column and
click Add
Click OK to apply the settings
l
s R
- 12. 11 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Internet Explorer
Security Settings:
Restricted ZoneThe Restricted sites zone restricts
the access to the websites that
might cause damage to a computer
To add restricted websites to
Restricted sites zone:
Select the Security tab and choose
Restricted sites
Click the Sites button
Enter the site URL into the Add this
website to the zone column to
restrict the access
Click Add and then click OK to apply
the settings
- 13. UNDERSTANDING COOKIES
13
C O P Y R I G H T © B Y EC-COUNCIL
A L L R I G H T S RESERVED. R E P R O D U C T IO N IS STRICTLY P R O H I B I T E D .
A cookie is information that is provided by a web server to web browser and then sent back
unchanged by the browser each time it accesses that server
When the website is revisited, the browser sends the information back to it to help
recognize the user
This activity is invisible to the user and is generally intended to improve the web surfing
experience (for example, at an online store)
- 14. The user can limit the information
that is stored in a cookie
A cookie is only a text file and cannot
search a drive for information or
carry a virus
To configure cookie settings:
Choose Internet options from the Tools
menu on the browser
Select the Privacy tab and use the slider
to set the level at low, medium,
medium‐high, or high
Block all or accept all cookies
depending upon the requirement
Check the Turn on Pop‐up Blocker
option to block the pop‐ups that appear
while visiting some websites
INTERNET
EXPLORER
PRIVACY SETTINGS
14
C O P Y R I G H T © B Y EC-COUNCIL
A L L R I G H T S RESERVED. R E P R O D U C T IO N IS STRICTLY P R O H I B I T E D .
- 15. Copyright © by EC-Coun
All Rights Reserved. Reproduction is Strictly Prohibite
14
DELETING BROWSING HISTORY
1. Choose Internet options
from the Tools menu on
the browser
2. Go to the Browsing history
section
3. Check the desired options
in the Delete Browsing
History dialog box
4. Click Delete to delete the
browsing history
cil
d.
- 16. Do Not Allow the Browser to
Remember any Password
Internet Explorer Autocomplete Password
prompt
Firefox Remember Password prompt
16
C O P Y R I G H T © B Y EC-COUNCIL
A L L R I G H T S RESERVED. R E P R O D U C T IO N IS STRICTLY P R O H I B I T E D .
- 17. Setting Download options in Internet Explorer
SECURING FILE DOWNLOADS
17
C O P Y R I G H T © B Y EC-COUNCIL
A L L R I G H T S RESERVED. R E P R O D U C T IO N IS STRICTLY P R O H I B I T E D .
To configure the download settings
for Internet Explorer, navigate to
Tools Internet options go to
Security tab
Click the Custom Level button in the
Security Settings window
In the Downloads menu Enable the
Automatic prompting to File
downloads and File download
options
Click OK to save the settings
- 18. MOZILLA
FIREFOX:
SECURITY
SETTINGS
18
C O P Y R I G H T © B Y EC-COUNCIL
A L L R I G H T S RESERVED. R E P R O D U C T IO N IS STRICTLY P R O H I B I T E D .
Launch the Mozilla Firefox browser
Click the Tools menu item and select Options
- 19. MOZILLA
FIREFOX:
SECURITY
SETTINGS
19
C O P Y R I G H T © B Y EC-COUNCIL
A L L R I G H T S RESERVED. R E P R O D U C T IO N IS STRICTLY P R O H I B I T E D .
Select Security from the Options window
Check the option Warn me when sites try to
install add‐ons so that the browser prompts
before installing add‐ons to the browser
Click the Exceptions button and enter the URL into
Address of Website box and click Allow to specify
which websites are allowed to install add‐ons
Check the Block reported attack sites option to
avoid visiting malicious websites
Check the option Block reported web forgeries
to actively check whether the site being visited
is an attempt to steal personal information
Uncheck the Remember passwords for sites
option to prevent the browser from remembering
the passwords for the login pages visited
- 20. 19 Copyright © by EC-Counc
All Rights Reserved. Reproduction is Strictly Prohibite
MOZILLA
FIREFOX: PRIVACY
SETTINGS
Select Privacy in the Options
window
The user can choose if Firefox
remembers the browsing history
Click clear your recent
history
Select the Time range to clear
the history
Check the options required to
clear the history and click
Clear Now
il
d.
- 21. Copyright © by EC-Council
served. Reproduction is Strictly Prohibited.All Rights
20
SECURING FILE DOWNLOADS
Do not accept file downloads from unknown
members on the Internet
These downloads may contain malware that will
degrade computer performance
File are downloaded by default to My
Documents Downloads
The user may configure the browser settings
so that he/she is prompted to specify the
location to save the file
Re
- 22. Copyright © by EC-Council
served. Reproduction is Strictly Prohibited.All Rights
21
To configure the download
settings for Mozilla Firefox,
navigate to Tool Options
General
Check the option Always ask me
where to save the file to allow
the browser to ask before
downloading a file and to
specify the location to which it
will be downloaded
The browser directly downloads
the file to the default location
without any intimation if this
option is unchecked
Setting Download options in Mozilla Firefox
SECURING FILE DOWNLOADS
Re
- 23. INSTALLING PLUGINS
23
C O P Y R I G H T © B Y EC-COUNCIL
A L L R I G H T S RESERVED. R E P R O D U C T IO N IS STRICTLY P R O H I B I T E D .
1
2
3
4
The Install Missing Plugins message appears while opening
some websites
Plug‐ins are required to display files, graphics or play a video
on a webpage
Check if the source of missing plug‐ins is trustworthy or
not
Scan the downloaded plug‐in using an antivirus software
before installing it
- 24. Google Chrome Privacy and
Security Settings
Launch Google Chrome
Click the icon, then
select Options
24
C O P Y R I G H T © B Y EC-COUNCIL
A L L R I G H T S RESERVED. R E P R O D U C T IO N IS STRICTLY P R O H I B I T E D .
- 25. GOOGLE CHROME:
PRIVACY SETTINGS
25
C O P Y R I G H T © B Y EC-COUNCIL
A L L R I G H T S RESERVED. R E P R O D U C T IO N IS STRICTLY P R O H I B I T E D .
Click the Under the Hood tab in Google
Chrome Options window
Under Privacy, check the desired web
services
Check the Use DNS pre‐fetching to
improve page load performance option
DNS pre‐fetching stands for Domain Name
System pre‐fetching
When the user visits a webpage, Google
Chrome can look up or pre‐fetch the IP
addresses of all links on the webpage
Check the option Enable phishing and
malware protection to prevent the
browser from opening any malicious
websites
- 26. 25
Secure Sockets Layer (SSL) is an Internet
protocol used by many websites to
ensure safe data encryption and
transmission
The SSL setting in web browsers is
turned on by default
Some websites require older version of
SSL 2.0; check the Use SSL 2.0 option in
such conditions
Check the check for server certificate
revocation option to turn on real‐time
verification for the validity of a
website's certificate
GOOGLE CHROME:
SECURITY
SETTINGS
C O P Y R I G H T © B Y EC-COUNCIL
A L L R I G H T S RESERVED. R E P R O D U C T IO N IS STRICTLY P R O H I B I T E D .
- 27. Launch the Safari browser
To change the settings, select the icon and then select Preferences
APPLE SAFARI:
SECURITY
SETTINGS
C O P Y R I G H T © B Y EC-COUNCIL
A L L R I G H T S RESERVED. R E P R O D U C T IO N IS STRICTLY P R O H I B I T E D .
26
- 28. 27 Copyright © by EC-Coun
All Rights Reserved. Reproduction is Strictly Prohibit
APPLE SAFARI:
SECURITY
SETTINGS
Select the Security tab in the
preferences window
The Web Content section
permits the user to enable
or disable various forms of
scripting and active content
It is recommended to accept
cookies only from the sites
visited
Checking this option allows
the browser to warn the
user before opening any
website that is not secure
cil
ed.
- 29. Testing the Browser
for Privacy
Launch the Internet browser and
navigate to http://privacy.net/
analyze/ to test the privacy
Click Click here to take the browser
test and analyze the privacy of your
Internet connection
29
C O P Y R I G H T © B Y EC-COUNCIL
A L L R I G H T S RESERVED. R E P R O D U C T IO N IS STRICTLY P R O H I B I T E D .
- 30. MODULE FLOW
30
C O P Y R I G H T © B Y EC-COUNCIL
A L L R I G H T S RESERVED. R E P R O D U C T IO N IS STRICTLY P R O H I B I T E D .
Browser
Security
Search Engine and
IM Security
Online
Games
Child Online
Safety
Internet Security
Laws
- 31. INSTANT
MESSAGING
(IMING)
31
C O P Y R I G H T © B Y EC-COUNCIL
A L L R I G H T S RESERVED. R E P R O D U C T IO N IS STRICTLY P R O H I B I T E D .
Instant Messaging (IMing) allows the user to interact with other people on
the Internet using a software application
- 32. INSTANT
MESSAGING
SECURITY ISSUES
32
C O P Y R I G H T © B Y EC-COUNCIL
A L L R I G H T S RESERVED. R E P R O D U C T IO N IS STRICTLY P R O H I B I T E D .
IMWorm
A worm that harms the computer and locates all the
contacts in the IM address book
The IMWorm tries to send itself to all the contacts in the
user’s IM contact list
Social Engineering
Social engineering depends on human interaction that
involves tricking people through IM and getting their
personal information
Spam over IM( SPIM)
SPIM is spam delivered through IM instead of delivering
it through email
IM systems such as Yahoo! Messenger, AIM, Windows
Live Messenger, and chat rooms in social networking
sites are popular targets for spammers
- 33. INSTANT MESSAGING
SECURITY MEASURES
33
C O P Y R I G H T © B Y EC-COUNCIL
A L L R I G H T S RESERVED. R E P R O D U C T IO N IS STRICTLY P R O H I B I T E D .
Do not reveal personal information
on IMs
Do not accept links received from
unknown people on IM
Sign out of the IM application after
using it
Block the users who send unsolicited
web‐links
Always use strong passwords
Do not check the Remember
password option
- 34. Searching on theWeb
Search engines display
hundreds of results for a
search query
Not all the web page results
obtained by the search
engine are secure
To add Add‐ons in the
Mozilla Firefox browser,
navigate to Tools Add‐ons
Get Add‐ons
To filter the malicious search
results, use an antivirus
application as an add‐on to
the browser and Enable it
34
C O P Y R I G H T © B Y EC-COUNCIL
A L L R I G H T S RESERVED. R E P R O D U C T IO N IS STRICTLY P R O H I B I T E D .
- 35. MODULE FLOW
35
C O P Y R I G H T © B Y EC-COUNCIL
A L L R I G H T S RESERVED. R E P R O D U C T IO N IS STRICTLY P R O H I B I T E D .
Browser
Security
Search Engine and
IM Security
Online
Games
Child Online
Safety
Internet Security
Laws
- 36. It has also become the target
for attackers for the large
amounts of money involved
Online gaming has become a
popular pastime, especially due
to high‐speed Internet and
MMORPGs are popular
worldwide and the revenues
for these games are well
over a billion dollars
emerging technology
In the world of MMORPGs, also known
as online games, players can meet other
players, become friends, engage in a
battle, fight against evil, and play
Massively Multiplayer Online Role‐
Playing Game (MMORPG) is a type
of computer role‐playing games in
which a large number
of players interact with one another
within a virtual game world
36
C O P Y R I G H T © B Y EC-COUNCIL
A L L R I G H T S RESERVED. R E P R O D U C T IO N IS STRICTLY P R O H I B I T E D .
ONLINE GAMING
AND MMORPG
- 37. Copyright © by EC-Counci
eserved. Reproduction is Strictly Prohibited.
l
s RAll Right
36
Interactions with
potential fraudsters who
may trick the gamer to
reveal personal/financial
information
Computer intruders
exploiting security
vulnerabilities
Online and real‐world
predators
Malware such as viruses,
Trojan horses (Trojans),
computer worms, and
spyware
ONLINE GAMING RISKS
- 38. Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
37
INSECURE OR
COMPROMISED GAME
SERVERS AND GAME
CODING
If the software at the game server is compromised,
the computers that are connected to the server can
also be compromised
Any game with a network connection has a risk
involved
The attacker may even use the vulnerabilities to
crash the gaming server
The vulnerabilities in the game server can be used by the
attackers to:
Steal game passwords
Steal information from the gamers’ computers
Control the gamers’ computers remotely
Launch attacks on other computers
Install programs such as Trojans, adware, spyware
The game code is generally not as well analyzed as the
other software coding
This may result in introducing unknown vulnerabilities
onto the computer
- 39. Copyright © by EC-Counci
eserved. Reproduction is Strictly Prohibited.
l
s RAll Right
38
Social Engineering
Identity Theft
Protection Schemes
Cyber Prostitution
Virtual Mugging
SOCIAL RISKS
The attackers may use the social interaction in the online game environment to
attack the unprotected computers or to exploit security vulnerabilities
- 40. Attackers may trick the gamers into installing malicious
software on their computers by social engineering
They offer a bonus or help in the game in exchange for
other players’ passwords or other information in the
game forums on a game server
The gamers who are looking for ways to make the play
easier respond to such offers
Attackers send phishing emails supposedly from
the game server administrators, which will invite the
player to authenticate his/her account via a website
linked in the message
SOCIAL ENGINEERING
40
C O P Y R I G H T © B Y EC-COUNCIL
A L L R I G H T S RESERVED. R E P R O D U C T IO N IS STRICTLY P R O H I B I T E D .
Note: Game Masters (GMs) of a game will never ask a gamer for his/her username and/or password
- 41. MESSAGE FROM A
GAMER ABOUT A
PASSWORD STOLEN BY
A MALICIOUS
PROGRAM
41
C O P Y R I G H T © B Y EC-COUNCIL
A L L R I G H T S RESERVED. R E P R O D U C T IO N IS STRICTLY P R O H I B I T E D .
http://www.securelist.com
- 42. Organized crime has
emerged in South Korean
gaming community
The criminal organizations
force the gamers into
protection schemes,
where the gamers have to
pay money (virtual or
real) to avoid killing of the
gamers’ characters and
theft of the passwords
Online games are being
used for cyber prostitution
where the
customers/gamers pay
money for cybersex
In The Sims online, a
Massively Multiplayer
Online (MMO) game, a 17‐
year‐old developed a cyber
“brothel”, where the
gamers paid Sim‐money
(Simoleans) for cybersex
per minute
The gamers’ accounts were
eventually cancelled
Virtual mugging was
coined when some
players of Lineage II
used bots to defeat
other gamers and take
their items; these items
were later put on sale in
online auctions
Protection
Schemes
PROTECTION
SCHEMES, CYBER
PROSTITUTION, AND
VIRTUAL MUGGING
42
C O P Y R I G H T © B Y EC-COUNCIL
A L L R I G H T S RESERVED. R E P R O D U C T IO N IS STRICTLY P R O H I B I T E D .
Cyber
Prostitution
Virtual
Mugging
- 43. 42
All Rights Reserved. Repro
http://www.securelist.com
Stolen items such as passwords or virtual items are put on sale on websites, such as eBay, or on forums
These are sold to other gamers for real or virtual money
The cyber criminal may ask the gamer for ransom in return for this information
HOW THE MALICIOUS
USERS MAKE MONEY
Copyright © by EC-Council
duction is Strictly Prohibited.
- 44. Security Practices Specific
to Gaming
44
C O P Y R I G H T © B Y EC-COUNCIL
A L L R I G H T S RESERVED. R E P R O D U C T IO N IS STRICTLY P R O H I B I T E D .
- 45. 21
Some games require the
game to be run in
Administrator mode
If that is the case, ensure
that the game has been
downloaded from a
trusted website/vendor
Free downloads of games may
contain malicious software,
including plugins to run the
game
This software may be used
to gain administrator level
control of the computer
Instead of using the
administrator account, the
gamer is advised to browse the
Internet or play the games
using a User Account, which
may deny the attacker access
to administrator rights
3
Recognize Administrator Mode Risks
45
C O P Y R I G H T © B Y EC-COUNCIL
A L L R I G H T S RESERVED. R E P R O D U C T IO N IS STRICTLY P R O H I B I T E D .
- 46. Copyright © by EC-Council
served. Reproduction is Strictly Prohibited.All Rights Re
45
Some of the games played
over the web require
ActiveX or JavaScript to b
enabled
e
Recognize Risks due to ActiveX
and JavaScript
- 47. Play the Game, Only at the
Game Site
Play the games at the
game site and save
the Internet
browsing for later
Once done with
playing the game,
switch to the user
account to browse
the Internet
This reduces the risk
of visiting a malicious
website when playing
a game
47
C O P Y R I G H T © B Y EC-COUNCIL
A L L R I G H T S RESERVED. R E P R O D U C T IO N IS STRICTLY P R O H I B I T E D .
- 48. Play
fire
fr
ing certain multiplayer games may require the
wall settings to be changed to allow information
om the game to get through to the gamers’ computers
Every time the permissive settings are changed
on the firewall, the risk of computer security
concerns increases
In the firewalls, the gamer can designate the fellow
gamers’ IP addresses as trusted to avoid any interactions
with the attacker
Pay Attention to Firewall
Management
48
C O P Y R I G H T © B Y EC-COUNCIL
A L L R I G H T S RESERVED. R E P R O D U C T IO N IS STRICTLY P R O H I B I T E D .
- 49. MODULE FLOW
49
C O P Y R I G H T © B Y EC-COUNCIL
A L L R I G H T S RESERVED. R E P R O D U C T IO N IS STRICTLY P R O H I B I T E D .
Browser
Security
Search Engine and
IM Security
Online
Games
Child Online
Safety
Internet Security
Laws
- 50. The risks involved when a child works
online include:
Misdirected searches
Stealth sites and misleading URLs
Online sexual harassment
Child pornography
Grooming
Cyberbullying
RISKS INVOLVED ONLINE
50
C O P Y R I G H T © B Y EC-COUNCIL
A L L R I G H T S RESERVED. R E P R O D U C T IO N IS STRICTLY P R O H I B I T E D .
- 51. Parents may take all the precautions to protect the child online, but all that could
be negated when the child is unconsciously led to visit harmful sites
When a user searches for websites, the search engines display the results using
the meta variables
Search engines use terms known as “meta variables” to index a website
Porn site promoters add popular search terms to their meta variable list, to redirect
the web traffic towards their site
Porn sites may use the words “sports”, “school”, “movies”, etc., to lure children
to their websites
Unless a filtering software is used, the search engines cannot distinguish between
the search requests of an adult and a child
MISDIRECTED SEARCHES
51
C O P Y R I G H T © B Y EC-COUNCIL
A L L R I G H T S RESERVED. R E P R O D U C T IO N IS STRICTLY P R O H I B I T E D .
1
2
3
4
5
6
Example: a sports website may be indexed by the meta terms “soccer”,
“football”, “scores”, etc.