Cs Web Browser
Transcript of Cs Web Browser
-
8/14/2019 Cs Web Browser
1/16
Techn ic
alS
eminarP
res
entation
Ravi Krishna .Y cs200117193
Web Browsers Threat and Menace?
1
A Technical paper
NATIONAL INSTITUTE OF SCIENCE AND TECHNOLOGY
Palur Hills, Berhampur
Presented by:
Ravi Krishna .Y
Roll:cs200117193
Under Guidanceof:
DutiKrushna
panda
Web Browsers Threat and Menace?
-
8/14/2019 Cs Web Browser
2/16
Techn ic
alS
eminarP
res
entation
Ravi Krishna .Y cs200117193
Web Browsers Threat and Menace?
2
Introduction Java, ActiveX contribute valuable functionality to Web
Browsers by allowing users to automatically (and often
invisibly) download code over the Internet.
Once downloaded, this code automatically executes
locally.
Imbedded security tools of these technologies provides
restrictions on code execution. A discussion of security models for Java, Java Script and
ActiveX and their impact on computer viruses.
-
8/14/2019 Cs Web Browser
3/16
Techn ic
alS
eminarP
res
entation
Ravi Krishna .Y cs200117193
Web Browsers Threat and Menace?
3
Why run code from the Web? Todays servers download code and data to clients. Clients
execute the code and perhaps return processed data.
Automatically downloading program upgrades or browser
extensions helps increase the seamless nature of the
computing experience, and potentially saves much timeand hassle for the user.
-
8/14/2019 Cs Web Browser
4/16
Techn ic
alS
eminarP
res
entation
Ravi Krishna .Y cs200117193
Web Browsers Threat and Menace?
4
Possible consequences of downloading code
and running it locally? Modify your local information
Access other computers as if it were you
Send e-mail signed by you Execute a virus or Trojan horse
Purchase goods or transfer funds as if it were you
Change security settings
And good stuff too
-
8/14/2019 Cs Web Browser
5/16
Techn ic
alS
eminarP
res
entation
Ravi Krishna .Y cs200117193
Web Browsers Threat and Menace?
5
Safetyapproaches:1. Fortification:
Limit what the program can try to do
Limit what the program can actually do
Search the code for viruses or before letting
it run (virus scanners) Manually limit the codes behavior by
asking the operator for permission
-
8/14/2019 Cs Web Browser
6/16
Techn ic
alS
eminarP
res
entation
Ravi Krishna .Y cs200117193
Web Browsers Threat and Menace?
6
2.Mortification:
Tools to obtain redress for the actions of a program whose
author can be proven through a digital signature. Digital signatures
Public key management
Digital certificate authorities
-
8/14/2019 Cs Web Browser
7/16
Techn ic
alS
eminarP
res
entation
Ravi Krishna .Y cs200117193
Web Browsers Threat and Menace?
7
Programs browsers execute :
Programs that are functionally in the browser:
1. Interpreters for HTML, DHTML, XML,
2. JavaScript, Java applets, etc.
Programs installed to extend the browser1. Navigator plug-ins such as the RealAudio plug-in
2. Internet Explorer ActiveX controls
Programs started by the browser but executed by the OS
1. Programs already installed e.g. download a doc file and startMicrosoft Word to process
2. Arbitrary downloaded programs
-
8/14/2019 Cs Web Browser
8/16
Techn ic
alS
eminarP
res
entation
Ravi Krishna .Y cs200117193
Web Browsers Threat and Menace?
8
Working with programs that are functionally contained within the browser
Internet Options Security CustomSettings
-
8/14/2019 Cs Web Browser
9/16
Techn ic
alS
eminarP
res
entation
Ravi Krishna .Y cs200117193
Web Browsers Threat and Menace?
9
Working with programs that extend the browser
Figure 3. To reach this dialog box enter View Internet Options Settings View Objects.
This figure shows the effect of right clicking on MSNBC.
-
8/14/2019 Cs Web Browser
10/16
Techn ic
alS
eminarP
res
entation
Ravi Krishna .Y cs200117193
Web Browsers Threat and Menace?
10
Safe for Scripting
A challenge in complex environments:to understand how pieces work
together.
In Dynamic browser environment(ex: The way JavaScript or VBScript
programs interact with ActiveX controls) In order for the ActiveX control to interact with its JavaScript or
VBScript companion it must contain an internal parameter set by the
ActiveX controls author that indicates the ActiveX control is safe for
scripting.
-
8/14/2019 Cs Web Browser
11/16
Techn ic
alS
eminarP
res
entation
Ravi Krishna .Y cs200117193
Web Browsers Threat and Menace?
11
Programs started by the browser but executed by the OS
View Folder Options File Types
-
8/14/2019 Cs Web Browser
12/16
Techn ic
alS
eminarP
res
entation
Ravi Krishna .Y cs200117193
Web Browsers Threat and Menace?
12
Working with digital signatures
View Internet Options
Content
-
8/14/2019 Cs Web Browser
13/16
Techn i
calS
eminarP
res
entation
Ravi Krishna .Y cs200117193
Web Browsers Threat and Menace?
13
NETSCAPE NAVIGATOR
CommunicatorSecurityInfoJava/JavaScript
-
8/14/2019 Cs Web Browser
14/16
Techn i
calS
eminarP
res
entation
Ravi Krishna .Y cs200117193
Web Browsers Threat and Menace?
14
CONCLUSION The ability to executing programs in Web browsers pays big dividends
There are many avenues for executing code from the web
Safety is a concern, proper configuration is important
Take the best of both trust and fortification
Browser configuration is complicated
There is less public scrutiny of browser extensions (individual
ActiveX controls, Netscape Plug-ins, etc) than of the browsers
themselves. Your browser is no safer than its weakest add-on
The system is working. Abuses are not overwhelming.
-
8/14/2019 Cs Web Browser
15/16
Techn i
calS
eminarP
res
entation
Ravi Krishna .Y cs200117193
Web Browsers Threat and Menace?
15
REFERENCES
WWW.IBM.COM
WWW.MSNBC.COM
www.snort.org
www.lucidic.net/whitepapers
-
8/14/2019 Cs Web Browser
16/16
Techn i
calS
eminarP
res
entation
Ravi Krishna .Y cs200117193
Web Browsers Threat and Menace?
16
THANKYOU!!!