Unit C Computer Software by zhangyun

VIEWS: 7 PAGES: 36

									   The Internet–Illustrated
Introductory, Fourth Edition
            Unit I
   Increasing Web Security




          The Internet, Fourth Edition--   1
                   Illustrated
     Unit Objectives

Understand security threats on the
Internet
Minimize security risks on the Internet
Strengthen security in Internet
Explorer
Strengthen security in Firefox
Check security features on a Web
Site
        The Internet—Illustrated Introductory, Fourth Edition   2
   Unit Objectives

Understand cookies
Manage cookies in Internet
Explorer
Manage cookies in Firefox
Protect e-mail from viruses and
interception



      The Internet—Illustrated Introductory, Fourth Edition   3
Understand Security Threats
      on the Internet
Data Confidentiality
 Web sites that include forms in which users supply
  personal information need security features in place
 otherwise, submitting this personal information over the
  Web is as secure as sending the same information on a
  postcard

Sniffer Programs
 a packet sniffer (sniffer program) can monitor and
  analyze data packets
 used illegally, a packet sniffer can capture user names,
  passwords, and other personal information



           The Internet—Illustrated Introductory, Fourth Edition   4
Understand Security Threats
      on the Internet
Spoofing
 Web sites that look like they belong to one
  organization but actually belong to someone
  else are spoofed
 The URL in the Address or Location bar often
  starts with the name of the company (such as
  www.ebay.com)
 The underlying IP address, however, does not
  match the real one that belongs to the
  company being spoofed


        The Internet—Illustrated Introductory, Fourth Edition   5
Understand Security Threats
      on the Internet
Phishing
 occurs when an individual pretends to be a familiar
  organization or institution
 the phisher sends e-mail messages to people asking
  them to click a link to update or “confirm” personal
  information
 this information is stolen by the phisher
 phishers use spoofed sites to make their victims believe
  that they are visiting the organization’s real Web site

Pharming
 a form of phishing
 users are redirected to a spoofed site without their
  knowledge or consent and without clicking a link in an
  e-mail message

           The Internet—Illustrated Introductory, Fourth Edition   6
Understand Security Threats
      on the Internet
Port scan
 occurs when a computer tests all or some of the ports on
  another computer to determine whether its ports are open,
  closed, or stealth

Viruses, worms, and Trojan horses
 programs that run on your computer without your permission
  and perform undesired tasks, such as deleting the contents of
  your hard disk

Scripts, ActiveX controls, and Java applets
 programs that Web pages can download to your computer
  and run
 used by Web page designers to enrich and personalize a
  user’s interaction with a Web page
 can also be written with malicious intent to destabilize other
  programs and risking data loss

            The Internet—Illustrated Introductory, Fourth Edition   7
                   Clues to Use
Brute force attack
 occurs when someone uses a program to enter character
  combinations until a system accepts them
 one example is the correct combination of a user name and
  password to a site that requires a log in
 another example is combinations of numbers to a Web site
  that accepts credit card payments until the site accepts a valid
  credit card number
Some systems send a warning to the computer’s
operator or lock out a user name when someone
attempts to log in to a system a predetermined
number of times without succeeding
How to avoid?
 create and use passwords with a combination of upper and
  lower case letters and numbers
 avoid using the same password for multiple logins
            The Internet—Illustrated Introductory, Fourth Edition   8
   Minimize Security Risks
       on the Internet

Countermeasures
procedures, programs, and
 hardware that detect and prevent
 each type of computer security
 threat




      The Internet—Illustrated Introductory, Fourth Edition   9
   Minimize Security Risks
       on the Internet
Encryption
process of scrambling and
 encoding data transmissions using
 a mathematically-based program
data is unreadable except by the
 person with the key



      The Internet—Illustrated Introductory, Fourth Edition   10
       Minimize Security Risks
           on the Internet
Digital certificate
 an encrypted and password-protected file that
  contains information to authenticate and prove
  a person’s or organization’s identity
 usually, a digital certificate contains:
   •   the certificate holder’s name
   •   the certificate holder’s address
   •   the certificate holder’s e-mail address
   •   a key
   •   the certificate’s expiration date or validity period
   •   a certificate authority (CA)

            The Internet—Illustrated Introductory, Fourth Edition   11
       Minimize Security Risks
           on the Internet



Processing
     a
certificate




              The Internet—Illustrated Introductory, Fourth Edition   12
      Minimize Security Risks
          on the Internet
Secure Sockets Layer (SSL) protocol
 used by many Web sites that process financial
  transactions to protect sensitive information as it travels
  over the Internet

Web pages that use SSL:
   are encrypted
   have URLs that begin with https://
   the “s” indicates a secure connection
   indicate that the page is secure by an icon on the
    browser status bar (usually a closed padlock)

Web sites that use SSL have a server
certificate that users can access to
authenticate its validity
            The Internet—Illustrated Introductory, Fourth Edition   13
     Minimize Security Risks
         on the Internet
User identification
 the process of identifying a user to a computer
 used by Web sites that let returning customers log on to
  an account that they have created on the server
 most systems implement use a combination of a user
  name and password, called a login

User authentication
 the process of associating a person and his
  identification with a very high level of assurance
 one method is to ask one or more questions to which
  only the authentic user could know the correct answers


           The Internet—Illustrated Introductory, Fourth Edition   14
   Minimize Security Risks
       on the Internet
Firewall
 a software program or hardware device
  that controls access between two
  networks, such as a local area network
  and the Internet or the Internet and a
  computer
 controls port scans and other incoming
  traffic by rejecting it unless it is
  configured to accept the traffic

       The Internet—Illustrated Introductory, Fourth Edition   15
      Strengthen Security
  in Internet Explorer/Firefox
Java applet
 a program written in the Java programming language
  that can execute and consume a computer’s resources

JavaScript program
 instructions written in the JavaScript programming
  language that can send information to another computer
  over the Internet

ActiveX controls
 Microsoft’s technology for writing small applications that
  perform some action in Web pages, and have full
  access to a computer’s file system


           The Internet—Illustrated Introductory, Fourth Edition   16
       Strengthen Security
       in Internet Explorer
Most Java applets, JavaScript programs,
and ActiveX controls are beneficial, but
you should protect your computer from
potential attacks.
The simplest strategy is to prevent these
programs from running
Click Tools, Internet Options, Security to
change security settings


        The Internet—Illustrated Introductory, Fourth Edition   17
       Strengthen Security
            in Firefox
Most Java applets, JavaScript programs,
and ActiveX controls are beneficial, but
you should protect your computer from
potential attacks.
The simplest strategy is to prevent these
programs from running
Click Tools, Options, Web Features to
change security settings


        The Internet—Illustrated Introductory, Fourth Edition   18
     Check Security Features
         on a Web Site
Double-click closed padlock on browser status
bar
Dialog box that opens indicates:
   indicates the certificate’s owner
   indicates whether the Web site is verified
   might indicate whether the page is encrypted
   might indicate the certificate’s valid dates
   might indicate the purpose of the certificate

To see information about the Web site’s digital
certificate:
 In Internet Explorer, click the Details tab
 In Firefox, click View

             The Internet—Illustrated Introductory, Fourth Edition   19
       Understand Cookies

Cookie
 a small text file that a Web site stores on your
  computer
 stores information about your clickstream
 can only store information that you provide to
  the Web site that creates it
 some silently record behavior without your
  consent

Only the Web site that stored the
cookie on your hard drive can read it
         The Internet—Illustrated Introductory, Fourth Edition   20
         Understand Cookies

Web bug (clear GIF or transparent GIF)
 a small (one pixel), hidden graphic on a Web page or in an e-
  mail message
 designed to work in conjunction with a cookie to obtain
  information about the person viewing the page or e-mail
  message
 sends the collected information to a third party

Simply downloading the clear GIF file can identify:
 your IP address
 the Web site you last visited
 other information about your use of the site in which the clear
  GIF has been embedded
 record all of this information in a cookie


            The Internet—Illustrated Introductory, Fourth Edition   21
Understand Cookies




                Web bug




 The Internet—Illustrated Introductory, Fourth Edition   22
         Understand Cookies

Adware
 software that includes advertisements to help pay for the
  product in which they appear
 usually does not cause any security threats because:
    • the user is aware of the ads
    • the parties responsible for including them are clearly identified in
      the programs

Spyware
 adware in which the user has little control over or knowledge
  of the ads and other monitoring features it contains
 some programs include spyware to track your use of the
  program and the Internet or to collect data about you
 some companies provide information to users about spyware,
  but many do not

             The Internet—Illustrated Introductory, Fourth Edition    23
        Manage Cookies
  in Internet Explorer/Firefox
You can prevent cookies from being saved
on your computer
 this eliminates problems with cookie misuse
 this also blocks access to some Web sites that rely on
  cookies for basic information about your preferences

You can change the settings in your
browser to distinguish between types of
cookies by
 blocking more intrusive cookies, and
 allowing harmless cookies
 having your browser to warn you when a Web site
  attempts to create a cookie file

          The Internet—Illustrated Introductory, Fourth Edition   24
                 Clues to Use

To customize the Pop-up Blocker in
Internet Explorer:
 Click Tools, Internet Options, Privacy
 Click the Block pop-ups check box in the Pop-up
  Blocker section

To specify on which sites pop-ups are
allowed to appear in Internet Explorer:
 Click Tools, Internet Options, Settings
 Type the URL in the Address of Web site to allow text
  box
 Click Add

          The Internet—Illustrated Introductory, Fourth Edition   25
                  Clues to Use

To customize how Firefox blocks pop-ups:
 Click Tools, Options, Web Features
 Click the Block Popup Windows check box

To specify on which sites pop-ups are
allowed to appear in Firefox:
   Click Tools, Options, Web Features
   Click Allowed Sites
   Type the URL in the Address of web site text box
   Click Allow




           The Internet—Illustrated Introductory, Fourth Edition   26
        Protect E-Mail
from Viruses and Interception
Limit your exposure to destructive
programs carried by e-mail by:
 installing anti-virus programs to protect your
  computer
 verifying that your attachments are safe before
  you open them
 encrypt your outgoing e-mail messages




         The Internet—Illustrated Introductory, Fourth Edition   27
        Protect E-Mail
from Viruses and Interception
Anti-virus Software
 can block damage from any viruses, worms, or Trojan
  horses that you might receive by e-mail
 can keep these programs from using your e-mail
  program to reproduce
 is often available for free at colleges and universities

After you install anti-virus software, run
regular updates to keep the anti-virus
protection up-to-date



           The Internet—Illustrated Introductory, Fourth Edition   28
        Protect E-Mail
from Viruses and Interception
Handling E-Mail Attachments
 Don’t save or open attachments from anyone—even
  people you know well—without scrutinizing the e-mail
  message first.
 Attachments ending with .exe are program files
   • Opening them runs the program on your computer with
     unknown consequences.
   • Be sure you know what a program will do and that you’re
     certain of the sender’s identity before opening it.
 Make sure the accompanying e-mail message makes
  sense and is specific to you
   • If the message is short and general, even if it’s from a
     friend, it might be a worm’s trick to get you to open the
     attachment.

           The Internet—Illustrated Introductory, Fourth Edition   29
        Protect E-Mail
from Viruses and Interception
Encryption Software
 e-mail encryption scrambles a message’s contents in a
  way that can only be decoded by the intended recipient
 a packet sniffer can not be used to illegally intercept the
  contents of encrypted e-mail messages

Use encryption software for e-mail if you
use e-mail to send sensitive information,
such as sensitive business information or
financial data



           The Internet—Illustrated Introductory, Fourth Edition   30
       Web Security Includes:

Understanding security threats on the
Internet
 Clues to use: Brute force attacks

Minimizing security risks on the Internet
Strengthening security in Internet Explorer
Strengthening security in Firefox
Checking security features on a Web Site


            The Internet—Illustrated Introductory, Fourth Edition   31
Web Security Includes (cont.):

Understanding cookies
Managing cookies in Internet
Explorer/Firefox
 Clues to use: Customize pop-up blocking in
  Internet Explorer
 Clues to use: Customizing pop-up blocking in
  Firefox
Protecting e-mail from viruses and
interception

        The Internet—Illustrated Introductory, Fourth Edition   32
             Terms to Use

Port
like a door on a computer
permits traffic to enter and leave
 the computer

Stealth port
a port whose state is hidden


       The Internet—Illustrated Introductory, Fourth Edition   33
                  Terms to Use

Key
 the mathematical code used to decrypt data

Decrypt
 reverse the encryption of data

Certificate authority (CA)
 an organization that verifies the certificate holder’s identity and
  issues the digital certificate

Server certificate
 a digital certificate that authenticates a Web site for its users
  so the user can be confident that the Web site is not spoofed
 ensures that the transfer of data between a user’s computer
  and the server with the certificate is encrypted so that it is both
  tamper-proof and free from being intercepted


            The Internet—Illustrated Introductory, Fourth Edition   34
             Terms to Use

verified
means that a digital certificate is
 on file and valid

Clickstream
the sequence of links you click
 while visiting a Web site


       The Internet—Illustrated Introductory, Fourth Edition   35
            Terms to Use

Pop-ups
advertisements that appear in
 small windows in front of the
 current window
Pop-unders
advertisements that appear in
 small windows behind the current
 window

      The Internet—Illustrated Introductory, Fourth Edition   36

								
To top