Internet Threats & Opportunities Sushil Upreti M.Sc. IT, MCSA SOS NTC Panaute, Kavre 30 th June...

Internet Threats & OpportunitiesSushil UpretiM.Sc. IT, MCSA

SOS NTC Panaute, KavreSOS NTC Panaute, Kavre3030thth June 2009 June 2009

AgendasAgendas

Birth of The Internet

Internet Threats

Internet Opportunities

The InternetThe Internet

The Internet, simply "the Net“- is a worldwide system of computer networks

- a network of networks

Birth of the InternetBirth of the Internet1858-66 Transatlantic cable

1958 In response to the launch of Sputnik, the US Department of Defense established the Advanced Research Projects Agency (ARPA).

1962 Formation of ARPANET.

1969 ARPANET were interconnected between UCLA and SRI (later SRI International) in Menlo Park, California.

1971 E-mail invented (a program to send messages across a distributed network)

1972 First public demonstration of ARPANET between 40 machines.

1973 First international connections to the ARPANET: University College of London (England) and Royal Radar Establishment (Norway).

1979 ARPA establishes the Internet Configuration Control Board (ICCB).

1983 All hosts on the ARPANET adapted the first TCP/IP-based wide-area network. Internet Activities Board (IAB) established, replacing ICCB.

1984 DNS (Domain Name Server) introduced.

Birth of the Internet Birth of the Internet (contd.)(contd.)

1985 In 1985, the United States' National Science Foundation (NSF) constructed NSFNET.

1989 NSFNET connected the commercial MCI Mail system, OnTyme, Telemail and Compuserve. IETF & IRTF came into existence under the IAB.

1990 ARPANET was transferred to the NSFNET. The NSFNET was connected to the CSNET, which linked Universities around North America, and then to the EUnet, which connected research facilities in Europe.

1991 World Wide Web (WWW) released by CERN. Developer: Tim Berners-Lee.

1992 ISOC (Internet Society) was chartered.

1994 Commercialization began. Number of hosts: 3 Million. 10,000 WWW sites. 10,000 Newsgroups. ARPANET/Internet celebrates 25th anniversary.

1995 Registration of domain names is no longer free. US Government decided to transfer Internet management to independent organizations.

1996 Microsoft entered. The WWW browser war begins .1997 1 Million WWW sites.2009 April 231,510,169 sites (netcraft.com).

Nepal in Internet MapNepal in Internet Map1992 Mr. Satish Kharel, a renowned Lawyer connected to an email server in

Japan using packet radio.

1993 Some INGOs dialed to email servers in Europe for email services.

1994 Mercantile Office Systems, the first ISP (Internet Service Provider) of Nepal started commercial email services for the public from June 1994.

1995 Mercantile started full online access to Internet from July 1995.

2009 Total ISPs in Nepal: 35

Internet ManagementInternet ManagementThe Internet

ISOC(Internet Society)

ICANN (Internet Corporation For Assigned

Names & Numbers)

IAB(Internet Architecture

Board)

IETF(Internet Engineering

Task Force)

IRTF (Internet Research Task

Force)

IANA (Internet Assigned

Numbers Authority)ASO

(Address Support Organization)

CCNSO (Country Code Names Supporting

Organization)GNSO (Generic Names

Supporting Organization)

Network Solutions:- Central Domain Database

- Root ServersAccredited Registrars

Basic Internet Terms:Basic Internet Terms:Browser Simply Browser or Web Browser is a software program that allows users

to view content on the Internet and World Wide Web. (e.g. Internet Explorer, Mozilla Firefox, Opera, Safari , Google Chrome etc.)

Web Page A single page of a website; it will commonly include text, graphics, and links to other web pages.

Web Site A Website is a collection of Web files on a particular subject that includes a beginning file called a home page.

Web Server A computer that stores and transmits requested Web pages and associated files over the Internet.

http Short for Hypertext Transfer Protocol, HTTP is the protocol that a web browser uses to request a web page from a web server, and which the server uses to send the requested page back.

WWW World Wide Web or the Web, this usually refers to information/services available on the Internet that can be easily accessed with software usually called a "browser.“

Fig. Web Server

How Internet Works?How Internet Works?

http://www.sushilupreti.com.np

Internet ProtocolHyper Text Transfer

Protocol

World Wide Web

Domain NameCountry Domain

http://www.sushilupreti.com.np/images/image1.jpg

URL(Uniform Resource Locator)

http://www.sushilupreti.com.np/images/image1.jpg

How Internet Works?How Internet Works?

How Internet Works…?

A real scenario…?

E-mailE-mail– Short for ‘Electronic Mail’.– Exchange of electronic messages and computer files

through the internet.

How E-mail Works…?

Internet ThreatsInternet Threats

Cyber-bullying is "when the Internet, cell phones or other devices are used to send or post text or images intended to hurt or embarrass another person.“

- National Crime Prevention Council, US

Cyber-bullying

What Cyber-bullies do …….?• Disclose victim's personal data• Send threatening and harasing emails• Post false statements, bad rumors


Output of Cyber-bullying …


It has been defined as the use of information and communications technology, particularly the Internet, by an individual or group of individuals, to harass another individual, group of individuals, or organization.

Cyberstalking

What Cyberstalkers do …….? False accusations Attempts to gather information about the victim Transmission of Threats Encouraging others to harass the victim, False victimization The solicitation of minors for sexual purposes Attacks on data and equipment Ordering goods and services Identity Theft

Cyberstalkers find their victims from …….?Search engines, online forums, blogs, bulletin and discussion boards, chat rooms, and more recently, through online communities such as MySpace, Facebook, Hi5 etc.


Phishing

Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by pretending as a trustworthy entity through an electronic communication, especially e-mails.

Phishers’ Major Techniques: Man-in-the-middle Attacks URL Attacks Cross-site Scripting Attacks Observing Customer Data Client-side Vulnerability Exploitation

Internet ThreatsInternet ThreatsPhishers’ Major Techniques: Man-in-the-middle Attacks

Internet ThreatsInternet ThreatsPhishers’ Major Techniques: URL Attacks

Bad Domain Names

Using URL obfuscation techniques, the attacker tricks the customer into connecting to their proxy server instead of the real server.

For example, the customer may follow a link tohttp://www.my-bank.com instead of http://www.mybank.com

Internet ThreatsInternet ThreatsPhishers’ Major Techniques: Cross-site Scripting Attacks

Cross-site scripting attacks make use of custom URL or code injection into a valid web-based application URL or imbedded data field. These techniques are the result of poor web-application development processes.

Typical formats for CSS injection into valid URL’s include:

Full HTML substitution:http://mybank.com/ebanking?URL=http://evilsite.com/phishing/fakepage.htmInline embedding of scripting content:http://mybank.com/ebanking?page=1&client=<SCRIPT>evilcode...Forcing the page to load external scripting code:http://mybank.com/ebanking?page=1&response=evilsite.com%21evilcode.js&go=2

Internet ThreatsInternet ThreatsPhishers’ Major Techniques: Observing Customer Data

Key-loggers and Screen-grabbers can be used to observe confidential customer data as it is entered into a web-based application.

Client-side Vulnerability Exploitation

Many opportunities for attackers provided by software updates, pactches and add-ons.

Internet ThreatsInternet ThreatsA real-life Phishing Example:

Subject: Westpac official noticeWestpacAustraIia's First Bank

Dear cIient of the Westpac Bank,

The recent cases of fraudulent use of clients accounts forced the Technical services of the bank to update the software. We regret to acknowledge, that some data on users accounts could be lost. The administration kindly asks you to follow the reference given below and to sign in to your online banking account:https://oIb.westpac.com.au/ib/defauIt.asp

We are gratefuI for your cooperation.

Please do not answer this message and follow the above mentioned instructions.Copyright © 2004 - Westpac Banking Corporation ABN 33 007 457 141.

The above email was sent to many thousands of Westpac banking customers in May 2004. While the language sophistication is poor (probably due to the writer not being a native English speaker), many recipients were still fooled.

https://oib.westpac.com.au/ib/defauIt.asp

Internet ThreatsInternet ThreatsA real-life Phishing Example:

A small attempt………………?

Internet ThreatsInternet ThreatsWebspam

Webspam is the term for webpages that are designed by webmasters to trick search engines and draw users to their websites.

Why do Spammers Create Spam Pages ? To make money To change search engine rankings To do harm to users’ computers with sneaky downloads

How do Spammers Create Spam Pages ? Hidden text and hidden links Keyword stuffing Sneaky redirects Cloaking with JavaScript redirects and 100% frame

Internet ThreatsInternet ThreatsE-mail spoofing

E-mail spoofing is a term used to describe fraudulent e-mail activity in which the sender address and other parts of the e-mail header are altered to appear as though the e-mail originated from a different source.

E-mail spoofing is a technique commonly used for spam e-mail and phishing to hide the origin of an e-mail message.

The term spam refers to unsolicited, often unwanted, email messages. Spam does not necessarily contain viruses, valid messages from legitimate sources could fall into this category.

What is spam?

Internet ThreatsInternet ThreatsDenial-of-Service (DoS) attack

A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users.

How to block a "denial of service" attack?By setting up a filter, or "sniffer," on a network before a stream of information reaches a site's Web servers.

Internet ThreatsInternet ThreatsChain letters – a problem

Mask viruses or other malicious activity

Although they seem harmless, may have negative impact if you forward them:

Consume bandwidth/space within the recipient's inbox.Force people to waste time sifting through the messages and possibly taking time to verify the information.You are spreading hype and, often, unnecessary fear and paranoia.

Some types of chain lettersHoaxes: Attempt to trick or defraud users, could be malicious, instructing users to

delete an important file by claiming it is a virus. It could also be a scam that convinces users to send money or personal information.

Designed to be redistributed and usually warn users of a threat or claim to be notifying them of important or urgent information, also promise users monetary rewards for forwarding the message. Urban legends usually have no negative effect aside from wasted bandwidth and time.

Urban legends:

Hoa

x M

ail

Internet ThreatsInternet ThreatsInternet Enemies

A virus is a self-replicating and self-executable malicious software. It spreads being attached to other files (documents with the ability to contain macros, images, movies, music, almost anything which could be executed or run by a user or another software).

Computer Virus

WormsComputer worms are similar to viruses (they are also self-replicating), but while viruses are attached to another software, worms can function separately. Worms can delete files on your computer, send files via e-mails, even to spread across the Internet.

Trojan horse (Trojan)A program that appears desirable but actually contains something harmful; "the contents of a trojan can be a virus or a worm"

Internet ThreatsInternet ThreatsInternet Enemies (contd.)

This is a special kind of software, which once installed, is totally hidden on your computer. One of its most dangerous activity is that it leaves a 'backdoor' on the target system, and can gain control over it without the needed privileges. It can also hide keyloggers which can send data about what you type in on your computer.

Rootkit

They collect personal data from your computer and send it to a company who analyses it to gain precious information for their business.

Spyware

Spyware

Spyware

Internet ThreatsInternet ThreatsDefense Mechanisms

A firewall helps protect your computer by preventing unauthorized users from gaining access to it through a network or the Internet.

What type of firewall is best?

Hardware: Router

Software: ISA Server


Use Anti-Virus SoftwareAnti-virus software is designed to protect you and your computer against known viruses. But with new viruses emerging daily, anti-virus programs need to be updated regularly.

A firewall is different from antivirus software, but the two of them work together to help protect your computer. You might say that a firewall guards the windows and doors against strangers or unwanted programs trying to get in, while an antivirus program protects against viruses or other security threats that can try to sneak in through the front door.


Attacker E-mail Victim [Shortest & Easiest Route]

Don't give your email address out arbitrarily.

Don't follow links in spam messages.

Do not open email from unknown sources.

Consider opening an additional email account.

Use caution when opening/downloading attachments.

Password………?

Don't spam other people.

Benefits of BCC (Blind Carbon Copy).


Secure Your Web Browser


Digital Signature

Authentication

Authentication is the process of verifying that information is coming from a trusted source. Methods: Passwords, Checksum, CRC etc.

Encryption

Encryption is the process of taking all the data that one computer is sending to another and encoding it into a form that only the other computer will be able to decode.

A digital signature is basically a way to ensure that an electronic document (e-mail, spreadsheet, text file, etc.) is authentic.

Internet ThreatsInternet ThreatsDefensce Mechanisms

Digital Certificate

Certificate Authority (CA)

A certificate authority or certification authority (CA) is an entity that issues digital certificates for use by other parties. It is an example of a trusted third party..Some CAs include :

A digital certificate is essentially a bit of information that says the Web server is trusted by an independent source known as a Certificate Authority. The Certificate Authority acts as the middleman that both computers trust.

VeriSign, Inc., Mountain View, California

Comodo Group, Inc.

Washington, USA WebTrust Toronto, Canada


Debunking Some Common Myths

Anti-virus software and firewalls are 100% effective.

Software is installed on your computer, you do not have to worry about it anymore.

There is nothing important on your machine, so you do not need to protect it.

Attackers only target people with money.

When computers slow down, it means that they are old and should be replaced.


Internet Surfing in Cybercafé:

You never know what kind of malicious program or person is lurking in the next public computer you are going to use.

So ………….. WHAT TO DO????

Lets not leave any evidence of your work in public computer/cybercafé.

HOW????????


Use Process Explorer to see attackers attempt.

Use portable version of web browser.

Bypass key loggers

Securely erase your data.

Use portable anti-virus.

Put your password in a safe place.

Internet OpportunitiesInternet OpportunitiesInternet 2008 in numbers

186,727,854 – The number of websites on the Internet in December 2008.

31.5 million – The number of websites added during 2008.

1.3 billion – The number of email users worldwide.

210 billion – The number of emails sent per day in 2008.

70% – The percentage of emails that are spam.

1,463,632,361 – The number of Internet users worldwide (June 2008).

Source: Internet World Stats

Internet OpportunitiesInternet Opportunities

Services of Internet Sharing Information & Resources

Electronic Mail (E-mail)

E-Governance, E-Commerce, E-Medicine, E-Banking

Online Study

Business Communication

Business Promotion

Discussion Forum & Chat

Entertainment

Plus many more …….

Internet OpportunitiesInternet OpportunitiesVersion of Web

Web 1.0 Static Page One-way flow of infomormation

Web 2.0 Dynamic , and decentralized web contents Bottom-up approach Web 2.0 was coined in 2003 by Dale Dougherty, became popular in

2004

Web 3.0 Still takes few years to come into existence Based on “intelligent” web applications More dynamic, totally controlled by multimedia

Internet OpportunitiesInternet OpportunitiesFeatures of Web 2.0

Internet Forum

An Internet forum is a web application for holding discussions and posting user-generated content. Internet forums are also commonly referred to as Web forums, message boards, discussion boards, (electronic) discussion groups, discussion forums, bulletin boards, fora (the Latin plural) or simply forums.

Example


Social Networking

www.myspace.com www.orkut.com www.facebook.com www.spaces.live.com www.hi5.com www.batchmates.com www.yaari.com www.minglebox.com www.ning.com www.meetup.com www.bebo.com www.fropper.com www.bigadda.com


Blog

A blog/weblog is a type of website, usually maintained by an individual with regular entries of commentary, descriptions of events, or other material such as graphics or video. Entries are commonly displayed in reverse-chronological order.

http://www.bloggers.com.np/index.php http://surathgiri.blogspot.com/ http://thenepalesedebate.forumotion.com/ http://www.rednepal.com/ http://sushilupreti.blogspot.com/

http://www.bloggers.com.np


Wiki

Wiki is a piece of server software that allows users to freely create and edit Web page content using any Web browser.

http://en.wikipedia.org

http://en.wikipedia.org/wiki/Gopher

Internet OpportunitiesInternet OpportunitiesFew Web 2.0 featured web sites

http://twitter.com

http://maps.google.com

http://en.wikipedia.org

http://www.youtube.com

http://www.facebook.com

http://www.blogger.com

SOS Children’s Village from Google mapwww.youtube.com

Internet OpportunitiesInternet OpportunitiesPodcasts

Podcasts are audio broadcasts created and stored digitally on the Internet. Instead of being broadcast over the airwaves once and lost, like with traditional radio, podcasts were created to be stored and played at the user's convenience.

http://www.gazzabko.com/hitsfm.htm

Internet OpportunitiesInternet OpportunitiesLive Video Stream

http://entertainment.nepalnews.com/livetv/sagarmatha.html

The process of providing live video data or content via a web page.

Internet OpportunitiesInternet OpportunitiesRSS (Really Simple Syndication)

RSS solves a problem for people who regularly use the web. It allows you to easily stay informed by retrieving the latest content from the sites you are interested in. You save time by not needing to visit each site individually.

RSS Feed

http://www.reader.google.com

Feed Reader/Aggregator"

RSS document includes full or summarized text, plus metadata such as publishing dates and authorship

Internet OpportunitiesInternet OpportunitiesYou don’t know the answer…..? Hmm… then ask to..

http://www.ask.com/

http://wiki.answers.com

http://www.about.com/

Internet OpportunitiesInternet OpportunitiesOther Educational Sites

www.3form.org (Free Knowledge Exchange) http://in.answers.yahoo.com/ (Yahoo Answers) http://lycos.co.uk/ (Lycos IQ) http://qna.live.com (Live QnA) www.answerbag.com (AnswerBag) www.whyville.net (3D Virtual Education) www.experts-exhange.com (IT Professional Site) http://uclue.com (Site by the researchers of Google Answers)

Internet OpportunitiesInternet OpportunitiesOther Educational Sites (contd.)

http://www.orillas.org/math/projex.html http://www.wisc-online.com http://www.globalschoolnet.org https://media.iearn.org/node/101 http://www.bie.org/index.php/site/PBL/resources/Project_Examples http://www.k12science.org/collabprojs.html http://www.kn.pacbell.com/wired/bluewebn/contentarea.cfm?cid=9 http://www.pbs.org/howartmadetheworld/resources http://www.algebasics.com/3way2.html http://www.mathpower.com/summer2.htm

Internet OpportunitiesInternet OpportunitiesE-newsletter

An e-newsletter (also called e-zine) is a newsletter sent via e-mail to subscribers.

E-newsletter Sample:

Russian Center of Science & Culture

SOS Hermann Gmeiner School Sanothimi

Internet OpportunitiesInternet OpportunitiesOnline Exam

Internet OpportunitiesInternet OpportunitiesUpcoming Web 2.0 Technology

Liquid Design

Cloud Computing

DeepNet technology

Internet OpportunitiesInternet OpportunitiesOnline Job – Anywhere, Anytime

Job Nature

Online Typists Online Marketing Online Journalism Online Translators Search Engine Optimization Data Entry Operators Search Quality Rater Web Design & Development

Internet OpportunitiesInternet OpportunitiesOnline Job – Search Quality Rater

Post: Quality Rater

Payment: 5.56 USD/Hour (Reduced by 10% from April 2009)

Working Hour: Max. 20 Hrs/week – Min. 10 Hrs/week

Job Provider: Lionbridge Technology, USAWhat is the work?

Internet OpportunitiesInternet OpportunitiesOnline Job – Online Marketing

Job Provider: Google AdSense

Internet Threats & OpportunitiesInternet Threats & Opportunities

Conclusion!!

• Online Exam• E-newsletter• School Website• Communication Mechanism• Develop Own Course Book• Professional Training for ICT teachers through

NTC and Schools• Plus

Thank You

For feedback & comments:

[email protected]

Internet Threats & Opportunities Sushil Upreti M.Sc. IT, MCSA SOS NTC Panaute, Kavre 30 th June...

Documents

Transcript of Internet Threats & Opportunities Sushil Upreti M.Sc. IT, MCSA SOS NTC Panaute, Kavre 30 th June...