V1 1 internet security assignment olive brennan herbst

V.1.1 (22/01/2014)

Author: Olive Brennan HersbtModule: C201682013/2014

2013/2014

Internet Security & Confidentially

T h i s i s t h e w o r k o f O l i v e B r e n n a n H e r b s t O M B H | P a g e | 1


ContentPage No.

1.....................................Introduction 3

2...........................Security Awareness 3-5

3...........................................Firewall 5

4...........................................Viruses 6-7

5.......................................Encryption 7-

10

6...........................................Cookies 10-

12

7..................................Cyber Bullying 12-

14

This is all my own work.


Biblography7. Cyber Bullying Page 12-https://www.youtube.com/watch?v=lN2fuKPDzHA&feature=player_embedded

https://www.youtube.com/watch?v=lN2fuKPDzHA&feature=player_embedded


1. IntroductionIn today’s world the extent and value of electronic data is constantly growing. Dealing across the internet depends on how secure consumers believe their personal data are. And therefore, information security becomes essential to any business with any form of web strategy, from simple business-to-consumer, or business-to-business to the use of extranets, e-mail and instants messaging. It matters too any organization that depends on computers for its daily existence.

The objective of this document is to explain the importance of internet Security and Confidentiality, not only in the workplace but in general. All users of the internet should be aware of the dangers of not using the internet securely.

2. Security AwarenessMany businesses simply do not include Internet security as part of their day-to-day operations. It is important, though, to develop a 'culture of security’. No matter how good your business procedures are people will make mistakes.

Too many times we forget to log off, do not change passwords, or neglect to download and install the latest software patches. Raising awareness about online security is an important part of protecting your business.

2.1 Security Tips Recommendations

Here are some best practices to remember when online.

Keep your Operating System patches up to date. Be sure to install all updates,

Be sure to install all updates to all computer protection tools as well. Install, maintain, and frequently perform scans with your antivirus software, firewalls and email filters.

Ensure your company’s security or IT department runs regular Virus and Malware scans.

Never install any programs from the Internet if you do not fully trust the source or company providing the software.

Also, if enabled, use Ctrl-Alt-Delete on your keyboard when leaving your desk to lock your computer. This ensures that only you will access your systems using your secure password.

2.2 Password Security

Ultimately, you are responsible for securing data and the applications you access on the computer you use.

The use of strong passwords acts as a deterrent against password guessing. The security of each individual user is closely related to the security of the whole system. Creating effective passwords can provide additional means of protecting the information on your computer.

2.3 Strong Password Tips


Here are some tips for selecting a strong password.

Never use any easy-to-guess phrases, such as “LetMeIn” or “MyPassword” as your password.

Avoid using your birth date, your child’s name, your pets’ name, and your spouse’s name.

Don’t select a password that a hacker could guess simply by looking around your cubicle or office.

Dictionary-proof it: Hackers run “dictionary hacks” in which they check passwords against every word in the dictionary.

Defeat this attack by using a number or a special character in your password. Be sure to memorize it and never write it down.

One trick to remembering your strong password is to create a phrase that sticks in your head but is virtually impossible to guess.

Change your password often especially if you feel someone has seen you type your password or you have mistakenly given it to someone. And lastly, never give out a password over the phone or email it along with the associated Login ID. You may be thinking, “But what are the chances that I would give out my password anyway?” Unfortunately, the chances may be greater than you think.

2.4 Phishing

Phishing is a growing Internet scam that uses phony emails to fool people into revealing important personal information such as login IDs, passwords, social security numbers, even credit card numbers.

For example, an email alleging to be from a legitimate source such as your bank or your power company claims that your account needs to be verified. The email may ask that you go to a website by clicking on a link within the email. When you go to the site, you are asked to "update" or "confirm" personal information such as your login ID and passwords. The website may look just like a legitimate page but is in fact bogus and designed to steal your information.

Tips on How to Avoid Getting Phished

With this in mind, let’s discuss some important practices which will help you avoid becoming the victim of a phisher.

If you are even remotely suspicious of an email, delete it.

Pay close attention to the URL of a website. Malicious websites may look identical to the legitimate site - graphics and layout are identical - but the URL may use a variation in spelling or a different domain, like .biz vs. .com

When accessing the website, verify the correct URL as http://www.xxxxx.com. When you click the “Account Login” button or area of interest, ensure you are being redirected to the correct website by checking the URL.

Never login by going directly to this page. Always begin the login process by going to the website main URL and go through their pages to get to your login area.


Never reveal personal or financial information in an email and do not respond to email solicitations for this information. This includes following links sent within an email.

Never send sensitive information over the Internet before checking a website's security. If you are unsure whether an email request is legitimate, verify the request by contacting the company directly.

However, you don’t want to use the contact information provided in the email or on the website connected to the request. Instead, look up contact information from a more reliable source like a previous statement.

You can also verify a website by clicking on the padlock icon at the end of the address bar within your browser window.

3. Firewall3.1 What is a firewall?

A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.

If you use a computer at home, the most effective and important first step you can take to help protect your computer is to turn on a firewall.

Windows 8, Windows 7, Windows Vista, and Windows XP SP2 or higher have a firewall built-in and turned on by default. (Note: Support for Windows XP ends in April 2014.)

If you have more than one computer connected in the home, or if you have a small-office network, it is important to protect every computer. You should have a hardware firewall (such as a router) to protect your network, but you should also use a software firewall on each computer to help prevent the spread of a virus in your network if one of the computers becomes infected.

If your computer is part of a business, school, or other organizational network, you should follow the policy established by the network administrator.


4. Viruses

4.1 What Is a Virus? & why we need protection…..

A computer virus attaches itself to a program or file enabling it to spread from one computer to another, leaving infections as it travels. Like a human virus, a computer virus can range in severity: some may cause only mildly annoying effects while others can damage your hardware, software or files. Almost all viruses are attached to an executable file, which means the virus may exist on your computer but it actually cannot infect your computer unless you run or open the malicious program. It is important to note that a virus cannot be spread without a human action, (such as running an infected program) to keep it going. Because a virus is spread by human action

people will unknowingly continue the spread of a computer virus by sharing infecting files or sending emails with viruses as attachments in the email.

4.2 What Is a Worm?

A worm is similar to a virus by design and is considered to be a sub-class of a virus. Worms spread from computer to computer, but unlike a virus, it has the capability to travel without any human action. A worm takes advantage of file or information transport features on your system, which is what allows it to travel unaided.

The biggest danger with a worm is its capability to replicate itself on your system, so rather than your computer sending out a single worm, it could send out hundreds or thousands of copies of itself, creating a huge devastating effect. One example would be for a worm to send a copy of itself to everyone listed in your e-mail address book. Then, the worm replicates and sends itself out to everyone listed in each of the receiver's address book, and the manifest continues on down the line.

Due to the copying nature of a worm and its capability to travel across networks the end result in most cases is that the worm consumes too much system memory (or network bandwidth), causing Web servers, network servers and individual computers to stop responding. In recent worm attacks such as the much-talked-about Blaster Worm, the worm has been designed to tunnel into your system and allow malicious users to control your computer remotely.

4.3 What Is a Trojan horse?

A Trojan horse is full of as much trickery as the mythological Trojan horse it was named after. The Trojan Horse, at first glance will appear to be useful software but will actually do damage once installed or run on your computer. Those on the receiving end of a Trojan Horse are usually tricked into opening them because they appear to be receiving legitimate software or files from a legitimate source. When a Trojan is activated on your computer, the results


can vary. Some Trojans are designed to be more annoying than malicious (like changing your desktop, adding silly active desktop icons) or they can cause serious damage by deleting files and destroying information on your system. Trojans are also known to create a backdoor on your computer that gives malicious users access to your system, possibly allowing confidential or personal information to be compromised. Unlike viruses and worms, Trojans do not reproduce by infecting other files nor do they self-replicate.

4.4 What Are Blended Threats?

Added into the mix, we also have what is called a blended threat. A blended threat is a more sophisticated attack that bundles some of the worst aspects of viruses, worms, Trojan horses and malicious code into one single threat. Blended threats can use server and Internet vulnerabilities to initiate, then transmit and also spread an attack. Characteristics of blended threats are that they cause harm to the infected system or network, they propagates using multiple methods, the attack can come from multiple points, and blended threats also exploit vulnerabilities.

To be considered a blended thread, the attack would normally serve to transport multiple attacks in one payload. For example it wouldn't just launch a DoS attack — it would also, for example, install a backdoor and maybe even damage a local system in one shot. Additionally, blended threats are designed to use multiple modes of transport. So, while a worm may travel and spread through e-mail, a single blended threat could use multiple routes including e-mail, IRC and file-sharing sharing networks.

Lastly, rather than a specific attack on predetermined .exe files, a blended thread could do multiple malicious acts, like modify your exe files, HTML

files and registry keys at the same time — basically it can cause damage within several areas of your network at one time.

Blended threats are considered to be the worst risk to security since the inception of viruses, as most blended threats also require no human intervention to propagate.

5. EncryptionJust hearing the word "encryption" can bring shudders to technology professionals, many of whom find themselves intimidated by this seemingly incomprehensible technology. Perhaps the term conjures up scenes from the movie A Beautiful Mind, in which the brilliant Princeton mathematician John Forbes Nash filled chalkboards with unintelligible mathematics in an attempt to break cryptographic ciphers. Fortunately, you don't need a Ph.D. to understand applied cryptography. With a little basic background knowledge, you can use this powerful technology to protect confidential information.

There are three common ways that businesses use cryptography to protect sensitive information: encrypting web traffic, encrypting files and documents, and encrypting entire computers. We'll take a look at each of these after a brief overview of encryption technology.


5.1 What Is Encryption? & why we need protection…..

Encryption is a fairly simple concept: the transformation of information (otherwise known as the plaintext) into a form (called the cipher text) that is unintelligible to anyone who does not possess the correct key. Decryption is the reverse process and uses a key to transform the cipher text back into the readable plaintext. Presumably, only the intended recipient has the correct key, ensuring the confidentiality of the message.

When using encryption, the sender and recipient must use the same mathematical technique (known as an algorithm) to perform the encryption and decryption. Encryption algorithms can be divided into two groups: symmetric and asymmetric, which differ in the way the encryption keys is used.

In symmetric algorithms, the sender uses a shared secret key to encrypt the message. The recipient must then use the same shared secret key to decrypt the message. Symmetric cryptography is very fast, but requires every possible pair of users to have a unique key. In a large system, the number of keys required can very quickly become unmanageable.

In asymmetric algorithms (also known as public-key cryptography), the sender and recipient use related but different keys to encrypt and decrypt the message. Each participant has a pair of keys (one public and one private), and everyone has access to everyone else's public key. When a sender wants to encrypt a message, he or she does so using the recipient's public key. The recipient can then decrypt that message using his or her private key. Asymmetric cryptography is slower than symmetric cryptography, but key management is greatly simplified.

That's the nickel tour of encryption, and honestly, it's all you need to know to understand basic cryptographic applications. Of course, if you're interested there's a tremendous amount of mathematical detail behind these algorithms, and many books on the subject.

5.2 Encryption and the World Wide Web (www)

Every Internet user encounters encryption on a daily basis — through the Hypertext Transfer Protocol Secure (HTTPS). As you probably know, standard web traffic uses plain old HTTP to transit the Internet. This protocol leaves an individual's web browsing open to interception as the data crosses the open Internet "in the clear" without the confidentiality benefits of encryption. If you run a web server and plan to engage in activities that deal with sensitive information, such as online banking or electronic commerce, you should definitely make sure that your site offers users the option (if not the requirement) of using encrypted HTTPS connections.

To enable HTTPS encryption on your site, you'll need to purchase an SSL certificate from a Certificate Authority (CA) and install it on your web server. There are many vendors offering these certificates, including VeriSign, Thawte and Go Daddy. The digital certificate contains a copy of your website's public encryption key along with a statement from the CA vouching for the key's authenticity to protect both you and your users from imposter websites (*see below example)


*The above is an example of the digital certificate used by Google's encrypted site

Users who wish to access your website securely simply type the URL into their browser with the familiar https:// prefix. Following a standard process, the browser then:

1. Contacts the web server and requests a copy of the digital certificate.2. Verifies the authenticity of the certificate using information provided by the CA.3. Creates a shared secret key for symmetric encryption and encrypts it with the server's public key.4. Transmits the encrypted secret key to the web server.

When the web server receives the encrypted secret key, it decrypts it using the web server's private key, and then both systems use the shared secret key for all future communication.

At this point, you might ask yourself why the browser and server don't simply use asymmetric encryption for the entire communication. This would, after all, be much less complicated than the arrangement HTTPS uses, which involves the use of asymmetric encryption to exchange a symmetric encryption key. The underlying reason for this is that symmetric encryption runs at a much faster rate than asymmetric encryption, so this complex approach is actually more efficient for both the client and server.

5.3 Encrypting Files and Documents

You can also use encryption to protect individual files and documents, both while they are stored on a hard drive or removable media; and while they are in transit via e-mail, the web or other means. Fortunately, this process is much simpler than the complex mechanism used by HTTPS for encrypting web traffic. Typically, users select symmetric encryption for this type of encryption and use passwords to facilitate access to the encrypted file. There are many ways that you can encrypt individual files, such as:

Using the built-in encryption functionality of many office productivity applications (for example, Microsoft Office 2010 offers the strong AES-256 algorithm for the encryption of password-protected files).


Using a compression utility that offers encryption (the popular WinZip application for Windows offers strong encryption capabilities, as does the BetterZip application for the Mac).

Installing a dedicated encryption utility that specializes in encrypting any type of file (the GnuPG package is a free implementation of the PGP encryption algorithm for Windows, Mac and Unix/Linux).

Using a file encryption solution will protect the file from unauthorized viewing or modification as long as the encryption key is kept in the hands of authorized users.

5.4 Encrypting Computers

The downside to using encryption on a per-file basis is that users need to remember to encrypt every confidential file that they create. While this is possible, it's also burdensome if users regularly work with confidential information. Many organizations supplement per-file encryption solutions with whole-disk encryption products that automatically encrypt all of the data stored on a hard drive. Full-disk encryption solutions operate in a manner that is completely transparent to the end user. Once a user logs into a computer with an authorized account and password, the disk-encryption drivers automatically decrypt data as it is requested.

Many operating systems come with some form of volume or full-disk encryption built-in, such as Microsoft Windows' BitLocker and the Mac OS X FileVault. Users may also select from a large number of commercial or open source encryption packages, including the popular free package TrueCrypt, available for Windows, Mac and Linux systems.

One very important fact to remember when dealing with disk-based encryption is that it only protects data while it is stored on the disk without an authorized user logged into the system. This is great protection against theft of a mobile computer, but it provides no protection for files that are copied off of the computer or accessed while an authorized user is on the system.

Encryption is a powerful technology — and, once you know how it works, an approachable technology — that provides tremendous benefits to any organization handling confidential information.

6. Cookies6.1 What are Cookies? What is a Cookie?

Cookies are small files which are stored on a user's computer. They are designed to hold a modest amount of data specific to a particular client and website, and can be accessed either by the web server or the client computer. This allows the server to deliver a page tailored to a particular user, or the page itself can contain some script which is aware of the data in the cookie and so is able to carry information from one visit to the website (or related site) to the next.

6.2


1.2.3.4.5.

5.16.3 Can I see/view the cookies I have on my computer?

Most browsers have a configuration screen which allows the user to see what cookies have been stored on the computer, and optionally to delete them

Note that it is not possible for a webpage to view cookies set by other sites, as this would represent a privacy and security problem.

6.4 What’s in a Cookie?

Each cookie is effectively a small lookup table containing pairs of (key, data) values - for example (first name, John) (last name, Smith). Once the cookie has been read by the code on the server or client computer, the data can be retrieved and used to customize the web page appropriately.

6.5 When are Cookies Created?

Writing data to a cookie is usually done when a new webpage is loaded - for example after a 'submit' button is pressed the data handling page would be responsible for storing the values in a cookie. If the user has elected to disable cookies then the write operation will fail, and subsequent sites which rely on the cookie will either have to take a default action, or prompt the user to re-enter the information that would have been stored in the cookie.

6.6 Why are Cookies Used?

Cookies are a convenient way to carry information from one session on a website to another, or between sessions on related websites, without having to burden a server machine with massive amounts of data

storage. Storing the data on the server without using cookies would also be problematic because it would be difficult to retrieve a particular user's information without requiring a login on each visit to the website.

If there is a large amount of information to store, then a cookie can simply be used as a means to identify a given user so that further related information can be looked up on a server-side database. For example the first time a user visits a site they may choose a username which is stored in the cookie, and then provide data such as password, name, address, preferred font size, page layout, etc. - this information would all be stored on the database using the username as a key. Subsequently when the site is revisited the server will read the cookie to find the

username, and then retrieve the entire user's information from the database without it having to be re-entered.

6.7 How Long Does a Cookie Last?

The time of expiry of a cookie can be set when the cookie is created. By default the cookie is destroyed when the current browser window is closed, but it can be made to persist for an arbitrary length of time after that.


6.8 Who Can Access Cookies?

When a cookie is created it is possible to control its visibility by setting its 'root domain'. It will then be accessible to any URL belonging to that root. This might be used to allow related pages to 'communicate' with each other. It is not possible to set the root domain to 'top level' domains such as '.com' or '.i.e.’ since this would allow widespread access to the cookie.

By default cookies are visible to all paths in their domains, but at the time of creation they can be restricted to a given subpath.

6.9 How Secure are Cookies?

There is a lot of concern about privacy and security on the internet. Cookies do not in themselves present a threat to privacy, since they can only be used to store information that the user has volunteered or that the web server already has. Whilst it is possible that this information could be made available to specific third party websites, this is no worse than storing it in a central database. If you are concerned that the information you provide to a webserver will not be treated as confidential then you should question whether you actually need to provide that information at all.

6.10 What are Tracking Cookies?

Some commercial websites include embedded advertising material which is served from a third-party site, and it is possible for such adverts to store a cookie for that third-party site, containing information fed to it from the containing site - such information might include the name of the site, particular products being viewed, pages visited, etc. When the user later visits another site containing a similar embedded advert from the same third-party site, the advertiser will be able to read the cookie and use it to determine some information about the user's browsing history. This enables publishers to serve adverts targeted at a user's interests, so in theory having a greater chance of being relevant to the user. However, many people see such 'tracking cookies' as an invasion of privacy since they allow an advertiser to build up profiles of users without their consent or knowledge.

7. Cyber BullyingBullying is not new but thanks to the Internet teens and adults are now being bullied at home. Online harassment, more often called cyber bullying, is a serious problem. When bullying comes home via the Internet it can leave victims feeling helpless and overwhelmed.

The below you tube link is called ‘Stand Up to CyberBullying’https://www.youtube.com/watch?v=lN2fuKPDzHA&feature=player_embedded

https://www.youtube.com/watch?v=lN2fuKPDzHA&feature=player_embedded


7.1 What is Cyber Bullying?

Cyber Bullying is any harassment that occurs via the Internet. Vicious forum posts, name calling in chat rooms, posting fake profiles on web sites, and mean or cruel email messages are all ways of Cyber Bullying.

Examples of Cyber Bullying

A student is bombarded by anonymous threatening and taunting emails at home, even though there is no direct harassment at school. The victim has no idea who is sending the messages and starts to feel like everybody is against them. That student is being Cyber Bullied.

A school bulletin board is spammed with name-calling posts that spread vicious rumours about a specific student. The rumours aren’t true but kids at school see the posts and believe them. The student is then ostracized by peers. This student is the victim of Cyber Bullying.

A nasty fake profile is posted at a social networking site using a student’s real name, photo, and contact information. That student starts getting weird email messages from strangers who think the profile is real. Some of the messages are crude. Some of the messages are mean. This is another example of Cyber Bullying.

This is just a few examples of Cyber Bullying.

7.2 Why Do People Cyber Bully?

Bullying has been around forever but Cyber Bullying is different because it lets a bully remain anonymous. It is easier to bully in cyberspace than it is to bully face to face. With Cyber Bullying a bully can pick on people with much less risk of being caught.

Bullies are natural instigators and in cyberspace bullies can enlist the participation of other students who may be unwilling to bully in the real world. Kids who stand around doing nothing in a real life bullying incident often become active participants in online harassment.

The detachment afforded by cyberspace makes bullies out of people who would never become involved in a real life incident. The Internet makes

bullying more convenient and since the victim’s reaction remains unseen people who wouldn’t normally bully don’t take it as seriously.

7.3 What Can Be Done About Cyber Bullying?

There are many things that can be done to combat Cyber Bullying. The most important thing a victim of Cyber Bullying can do is not respond to the bully. Do not play in to the bully's games. Do not answer emails, do not respond to posts, do not engage in a chat room exchange, and do not copy what the bully is doing. Ignore the bullying and get help from parents and teachers.


While ignoring the bully be sure to save the evidence so that school officials, Internet providers and even the police can properly deal with the bully. Cyber Bullying may give bullies anonymity but it always leaves evidence.

7.4 Can Cyber Bullying Be Stopped?

Schools take all types of bullying seriously. As soon as the Cyber Bullying starts the student should go to school officials for help. Cyber Bullying is often an extension or escalation of bullying that is already happening at school. Parents should also be told what is happening.

The Gardaí are unlikely to become involved if the bullying is limited to a few isolated incidents or a couple of mean emails or instant messages. However, if you get even one communication that includes a threat of bodily harm or a death threat the Gardaí should be alerted. Be aware that urging suicide is considered a death threat and the Gardaí will treat it accordingly.

7.5 When Should the Gardaí / Authorities Become Involved?

Repeated or excessive harassment via email, SMS, MMS, social media, forums, blogs or chat rooms is harassment and should involve the Gardaí. Threats of violence should also be reported to the Gardaí. Try to save all messages as evidence. The Gardaí / authorities will know what to do from there.

You do not need to put up with Cyber Bullying. You can get help. Cyber Bullying leaves a clear trail of evidence and this can work to the advantage of the victim. Cyber Bullies are just bullies with a new weapon in their arsenal of harassment; treat them like you would any bully and they lose their power.

I confirm this work is all my own work : _____________________________ ______________Olive Brennan Herbst Date

V1 1 internet security assignment olive brennan herbst

Documents

Transcript of V1 1 internet security assignment olive brennan herbst