SlideShare a Scribd company logo

Internet Security

Download as PPT, PDF
M
Mitesh Gupta

This document discusses various internet security threats such as hijacked web servers, denial-of-service attacks, cross-site scripting, email spoofing, and trap doors. It provides details on how these threats are carried out and potential defensive measures. The key threats are hijacking web servers to plant hostile code, denial-of-service attacks which try to interrupt services, cross-site scripting which injects scripts to steal cookies or phish users, email spoofing which forges sender addresses in spam/phishing, and trap doors which bypass authentication. Internet security aims to establish rules against such attacks over the insecure internet.

1 of 24
Downloaded 191 times
Internet Security
Introduction… • The Internet represents an insecure channel for exchanging information leading to a high risk of intrusion or fraud, such as phishing. • Internet security is a branch of computer security specifically involving browser security but also network security on a more general level. • Its objective is to establish rules and measures to use against attacks over the Internet.
Need for Internet Security… • Today, internet is stuffed with different types of sensitive data • The internet is packed with threats from hackers. They can • crash your system, • Acquire access to your personal information and can result in monetary losses. So, • You need internet security to keep information and systems safe from malicious software and individuals.
What are the main security-related threats on the Internet Today? • Hijacked web servers • Denial-of-Service Attacks • Cross Site Scripting • Trap Doors • Email Spoofing
Hijacked web servers
Web Server Hijacking… • Attacker gains access and changes contents of web server. • Can be very bad: • Attacker can plant hostile applets. • Attacker can plant data sniffers • Attacker can use compromised machine to take over internal system. • Usually outsiders. • Nearly impossible to trace.
How do they do it? • Administrative passwords captured by a password sniffer. • Utilize known vulnerability: • Buffer overflow. • Use web server CGI script to steal /etc/passwd file, then crack passwords. • Mount the web server’s filesystem.
Defensive Measures… • Patch known bugs. • Don’t run unnecessary services on the web server. • Monitor system for signs of penetration • Intrusion detection systems • Make frequent backups. • Have a hot spare ready.
Denial-of-Service Attacks
What is Denial-of-Service attack? • A denial-of-service (DoS) attack is an attempt to make a machine or network resource unavailable to its intended users. • Although the means to carry out and targets of a DoS attack may vary, it generally consists of efforts to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet. • Costs money and reputation • Lost Sales • Damage to reputation
How it is done? • Send a lot of requests (HTTP, or SMTP requests) • Easy to trace. • Relatively easy to defend against with TCP/IP blocking at router. • Attack routers • Attack DNS
Cross Site Scripting
Cross-Site Scripting… • Cross-site scripting (XSS) is a type of computer security vulnerability which enables attackers to inject client-side script into Web pages viewed by other users. • Cross-site scripting carried out on websites accounted for roughly 84% of all security threats documented by Symantec as of 2007. • Their effect may vary depending on the sensitivity of the data handled by the vulnerable site.
XSS Attacks - Stealing Cookie • What is cookie? • Used by the web applications for authenticating, tracking, and maintaining specific information about users • Once a cookie is saved on your computer, only the website that created the cookie can read it • How it is done? • Attacker injects script that reads the site’s cookie • Scripts sends the cookie to attacker • Attacker can now log into the site as the victim
Some other XSS Attacks… • Defacement • Attacker injects script that automatically redirects victims to attacker’s site <script> document.location = “http://evil.com”; </script> • Phishing • Fake page asks for user’s credentials or other sensitive information( e.g. fake paypal page) • The data is sent to the attacker’s site
Email Spoofing
Email Spoofing… • Email spoofing is the creation of email messages with a forged sender address - something which is simple to do because the core protocols do no authentication. • Spam and phishing emails typically use such spoofing to mislead the recipient about the origin of the message.
Prevention measures… • A number of measures to address spoofing are available, but it is likely that almost half of all domains still do not have such measures in place. • However, as of 2013, 60% of consumer mailboxes worldwide used measures to protect themselves against this. • Although email spoofing is often effective in forging the sender's real email address, the IP address source computer sending the mail can generally be identified from the "Received:" lines in the email header.
Trap Doors
Trap doors… • Method of bypassing normal authentication methods • Remains hidden to casual inspection • Can be a new program to be installed • Can modify an existing program • Also known as Back Doors
Trap Door Examples… • 2003, an attempt was made to create a backdoor in the Linux Kernel • Early versions of the Sobig Virus in 2003 installed backdoors to send its spam. • MyDoom virus in early 2004 created a backdoor on port 3127 to send spam
Conclusions
Conclusions… • Keep server and third-party applications and library up-to-date • Do not trust user input • Review code & design and identify possible weaknesses • Monitor run-time activity to detect ongoing attacks/probes
THANK YOU
Ad

Recommended

Internet security
Internet securityInternet security
Internet security
Mohamed El-malki
 
Computer virus
Computer virusComputer virus
Computer virus
Priti Singh
 
Climate Change and Food Security
Climate Change and Food SecurityClimate Change and Food Security
Climate Change and Food Security
International Food Policy Research Institute (IFPRI)
 
Cyber security
Cyber securityCyber security
Cyber security
Siblu28
 
Networking devices
Networking devicesNetworking devices
Networking devices
Mubassir Ambekar
 
Social engineering
Social engineering Social engineering
Social engineering
Abdelhamid Limami
 
Human Computer Interaction (HCI)
Human Computer Interaction (HCI) Human Computer Interaction (HCI)
Human Computer Interaction (HCI)
Sachith Perera
 
Active directory
Active directory Active directory
Active directory
deshvikas
 
Anti virus
Anti virusAnti virus
Anti virus
Muhammad Sohaib Afzaal
 
Virus and malware presentation
Virus and malware presentationVirus and malware presentation
Virus and malware presentation
Amjad Bhutto
 
Network security
Network security Network security
Network security
Madhumithah Ilango
 
Network security
Network securityNetwork security
Network security
Nkosinathi Lungu
 
Email security presentation
Email security presentationEmail security presentation
Email security presentation
SubhradeepMaji
 
Malicious software
Malicious softwareMalicious software
Malicious software
Dr.Florence Dayana
 
Email security
Email securityEmail security
Email security
Indrajit Sreemany
 
Network Security ppt
Network Security pptNetwork Security ppt
Network Security ppt
SAIKAT BISWAS
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attacks
krishh sivakrishna
 
Mobile security
Mobile securityMobile security
Mobile security
dilipdubey5
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
Rahmat Suhatman
 
Computer Security Presentation
Computer Security PresentationComputer Security Presentation
Computer Security Presentation
PraphullaShrestha1
 
MALWARE AND ITS TYPES
MALWARE AND ITS TYPES MALWARE AND ITS TYPES
MALWARE AND ITS TYPES
Sagilasagi1
 
Basic concepts in computer security
Basic concepts in computer securityBasic concepts in computer security
Basic concepts in computer security
Arzath Areeff
 
Ransomware
RansomwareRansomware
Ransomware
Chaitali Sharma
 
User authentication
User authenticationUser authentication
User authentication
CAS
 
Cyber security
Cyber securityCyber security
Cyber security
Manjushree Mashal
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
gaurav96raj
 
Computer Worms
Computer WormsComputer Worms
Computer Worms
sadique_ghitm
 
Malware ppt
Malware pptMalware ppt
Malware ppt
Faiz Khan
 
Internet Security
Internet SecurityInternet Security
Internet Security
Peter R. Egli
 
Internet security powerpoint
Internet security powerpointInternet security powerpoint
Internet security powerpoint
Arifa Ali
 
Ad

More Related Content

What's hot (20)

Anti virus
Anti virusAnti virus
Anti virus
Muhammad Sohaib Afzaal
 
Virus and malware presentation
Virus and malware presentationVirus and malware presentation
Virus and malware presentation
Amjad Bhutto
 
Network security
Network security Network security
Network security
Madhumithah Ilango
 
Network security
Network securityNetwork security
Network security
Nkosinathi Lungu
 
Email security presentation
Email security presentationEmail security presentation
Email security presentation
SubhradeepMaji
 
Malicious software
Malicious softwareMalicious software
Malicious software
Dr.Florence Dayana
 
Email security
Email securityEmail security
Email security
Indrajit Sreemany
 
Network Security ppt
Network Security pptNetwork Security ppt
Network Security ppt
SAIKAT BISWAS
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attacks
krishh sivakrishna
 
Mobile security
Mobile securityMobile security
Mobile security
dilipdubey5
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
Rahmat Suhatman
 
Computer Security Presentation
Computer Security PresentationComputer Security Presentation
Computer Security Presentation
PraphullaShrestha1
 
MALWARE AND ITS TYPES
MALWARE AND ITS TYPES MALWARE AND ITS TYPES
MALWARE AND ITS TYPES
Sagilasagi1
 
Basic concepts in computer security
Basic concepts in computer securityBasic concepts in computer security
Basic concepts in computer security
Arzath Areeff
 
Ransomware
RansomwareRansomware
Ransomware
Chaitali Sharma
 
User authentication
User authenticationUser authentication
User authentication
CAS
 
Cyber security
Cyber securityCyber security
Cyber security
Manjushree Mashal
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
gaurav96raj
 
Computer Worms
Computer WormsComputer Worms
Computer Worms
sadique_ghitm
 
Malware ppt
Malware pptMalware ppt
Malware ppt
Faiz Khan
 
Anti virus
Anti virusAnti virus
Anti virus
Muhammad Sohaib Afzaal
 
Virus and malware presentation
Virus and malware presentationVirus and malware presentation
Virus and malware presentation
Amjad Bhutto
 
Network security
Network security Network security
Network security
Madhumithah Ilango
 
Network security
Network securityNetwork security
Network security
Nkosinathi Lungu
 
Email security presentation
Email security presentationEmail security presentation
Email security presentation
SubhradeepMaji
 
Malicious software
Malicious softwareMalicious software
Malicious software
Dr.Florence Dayana
 
Email security
Email securityEmail security
Email security
Indrajit Sreemany
 
Network Security ppt
Network Security pptNetwork Security ppt
Network Security ppt
SAIKAT BISWAS
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attacks
krishh sivakrishna
 
Mobile security
Mobile securityMobile security
Mobile security
dilipdubey5
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
Rahmat Suhatman
 
Computer Security Presentation
Computer Security PresentationComputer Security Presentation
Computer Security Presentation
PraphullaShrestha1
 
MALWARE AND ITS TYPES
MALWARE AND ITS TYPES MALWARE AND ITS TYPES
MALWARE AND ITS TYPES
Sagilasagi1
 
Basic concepts in computer security
Basic concepts in computer securityBasic concepts in computer security
Basic concepts in computer security
Arzath Areeff
 
Ransomware
RansomwareRansomware
Ransomware
Chaitali Sharma
 
User authentication
User authenticationUser authentication
User authentication
CAS
 
Cyber security
Cyber securityCyber security
Cyber security
Manjushree Mashal
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
gaurav96raj
 
Computer Worms
Computer WormsComputer Worms
Computer Worms
sadique_ghitm
 
Malware ppt
Malware pptMalware ppt
Malware ppt
Faiz Khan
 

Viewers also liked (19)

Internet Security
Internet SecurityInternet Security
Internet Security
Peter R. Egli
 
Internet security powerpoint
Internet security powerpointInternet security powerpoint
Internet security powerpoint
Arifa Ali
 
Internet Security
Internet SecurityInternet Security
Internet Security
mjelson
 
Tutorial 9 - Security on the Internet
Tutorial 9 - Security on the InternetTutorial 9 - Security on the Internet
Tutorial 9 - Security on the Internet
dpd
 
Library On Internet Security
Library On Internet SecurityLibrary On Internet Security
Library On Internet Security
momac
 
Evolution of Internet and Online Marketing (M1L2P1: Professional eMarketer)
Evolution of Internet and Online Marketing (M1L2P1: Professional eMarketer)Evolution of Internet and Online Marketing (M1L2P1: Professional eMarketer)
Evolution of Internet and Online Marketing (M1L2P1: Professional eMarketer)
Susantha Herath
 
Internet security
Internet securityInternet security
Internet security
Suneel Dogra
 
Internet of Things: Challenges and Issues
Internet of Things: Challenges and IssuesInternet of Things: Challenges and Issues
Internet of Things: Challenges and Issues
rjain51
 
Internet Security
Internet SecurityInternet Security
Internet Security
Chris Rodgers
 
Computer Security
Computer SecurityComputer Security
Computer Security
Frederik Questier
 
TOP 6 Security Challenges of Internet of Things
TOP 6 Security Challenges of Internet of ThingsTOP 6 Security Challenges of Internet of Things
TOP 6 Security Challenges of Internet of Things
ChromeInfo Technologies
 
Financial analysis final project
Financial analysis final projectFinancial analysis final project
Financial analysis final project
Deepanti Arora
 
Data Flow Diagram
Data Flow DiagramData Flow Diagram
Data Flow Diagram
Puneet Arora
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internet
Rohan Bharadwaj
 
Dfd examples
Dfd examplesDfd examples
Dfd examples
Mohit
 
Library management system
Library management systemLibrary management system
Library management system
ashu6
 
Data Flow Diagrams
Data Flow DiagramsData Flow Diagrams
Data Flow Diagrams
Sinhaa Yash
 
Social Media for Business
Social Media for BusinessSocial Media for Business
Social Media for Business
Presentation Advisors
 
Mobile-First SEO - The Marketers Edition #3XEDigital
Mobile-First SEO - The Marketers Edition #3XEDigitalMobile-First SEO - The Marketers Edition #3XEDigital
Mobile-First SEO - The Marketers Edition #3XEDigital
Aleyda Solís
 
Internet Security
Internet SecurityInternet Security
Internet Security
Peter R. Egli
 
Internet security powerpoint
Internet security powerpointInternet security powerpoint
Internet security powerpoint
Arifa Ali
 
Internet Security
Internet SecurityInternet Security
Internet Security
mjelson
 
Tutorial 9 - Security on the Internet
Tutorial 9 - Security on the InternetTutorial 9 - Security on the Internet
Tutorial 9 - Security on the Internet
dpd
 
Library On Internet Security
Library On Internet SecurityLibrary On Internet Security
Library On Internet Security
momac
 
Evolution of Internet and Online Marketing (M1L2P1: Professional eMarketer)
Evolution of Internet and Online Marketing (M1L2P1: Professional eMarketer)Evolution of Internet and Online Marketing (M1L2P1: Professional eMarketer)
Evolution of Internet and Online Marketing (M1L2P1: Professional eMarketer)
Susantha Herath
 
Internet security
Internet securityInternet security
Internet security
Suneel Dogra
 
Internet of Things: Challenges and Issues
Internet of Things: Challenges and IssuesInternet of Things: Challenges and Issues
Internet of Things: Challenges and Issues
rjain51
 
Internet Security
Internet SecurityInternet Security
Internet Security
Chris Rodgers
 
Computer Security
Computer SecurityComputer Security
Computer Security
Frederik Questier
 
TOP 6 Security Challenges of Internet of Things
TOP 6 Security Challenges of Internet of ThingsTOP 6 Security Challenges of Internet of Things
TOP 6 Security Challenges of Internet of Things
ChromeInfo Technologies
 
Financial analysis final project
Financial analysis final projectFinancial analysis final project
Financial analysis final project
Deepanti Arora
 
Data Flow Diagram
Data Flow DiagramData Flow Diagram
Data Flow Diagram
Puneet Arora
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internet
Rohan Bharadwaj
 
Dfd examples
Dfd examplesDfd examples
Dfd examples
Mohit
 
Library management system
Library management systemLibrary management system
Library management system
ashu6
 
Data Flow Diagrams
Data Flow DiagramsData Flow Diagrams
Data Flow Diagrams
Sinhaa Yash
 
Social Media for Business
Social Media for BusinessSocial Media for Business
Social Media for Business
Presentation Advisors
 
Mobile-First SEO - The Marketers Edition #3XEDigital
Mobile-First SEO - The Marketers Edition #3XEDigitalMobile-First SEO - The Marketers Edition #3XEDigital
Mobile-First SEO - The Marketers Edition #3XEDigital
Aleyda Solís
 
Ad

Similar to Internet Security (20)

WEB APPLICATION SECURITY
WEB APPLICATION SECURITYWEB APPLICATION SECURITY
WEB APPLICATION SECURITY
yashwanthlavu
 
3-types of attacks_Types of attacks.pptx
3-types of attacks_Types of attacks.pptx3-types of attacks_Types of attacks.pptx
3-types of attacks_Types of attacks.pptx
AmandeepSohal4
 
Entrepreneurship & Commerce in IT - 11 - Security & Encryption
Entrepreneurship & Commerce in IT - 11 - Security & EncryptionEntrepreneurship & Commerce in IT - 11 - Security & Encryption
Entrepreneurship & Commerce in IT - 11 - Security & Encryption
Sachintha Gunasena
 
Cyber attack
Cyber attackCyber attack
Cyber attack
Manjushree Mashal
 
Protection from hacking attacks
Protection from hacking attacksProtection from hacking attacks
Protection from hacking attacks
Sugirtha Jasmine M
 
module 3 of cybersecurity of first year students
module 3 of cybersecurity of first year studentsmodule 3 of cybersecurity of first year students
module 3 of cybersecurity of first year students
MayuraD1
 
Cyber security
Cyber security Cyber security
Cyber security
ZwebaButt
 
Computer Network Case Study - bajju.pptx
Computer Network Case Study - bajju.pptxComputer Network Case Study - bajju.pptx
Computer Network Case Study - bajju.pptx
ShivamBajaj36
 
Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...
Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...
Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...
GIRISHKUMARBC1
 
Cyber Security # Lec 2
Cyber Security # Lec 2Cyber Security # Lec 2
Cyber Security # Lec 2
Kabul Education University
 
Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity Training
WindstoneHealth
 
WEB APPLICATION SECURITY
WEB APPLICATION SECURITYWEB APPLICATION SECURITY
WEB APPLICATION SECURITY
yashwanthlavu
 
What are various types of cyber attacks
What are various types of cyber attacksWhat are various types of cyber attacks
What are various types of cyber attacks
kanika sharma
 
TYPES OF CYBER ATTACKS.pptx
TYPES OF CYBER ATTACKS.pptxTYPES OF CYBER ATTACKS.pptx
TYPES OF CYBER ATTACKS.pptx
RohanMistry15
 
Botnets Attacks.pptx
Botnets Attacks.pptxBotnets Attacks.pptx
Botnets Attacks.pptx
MuhammadRehan856177
 
Network security and firewalls
Network security and firewallsNetwork security and firewalls
Network security and firewalls
Murali Mohan
 
Web application security
Web application securityWeb application security
Web application security
Akhil Raj
 
presentation_security_1510578971_320573.pptx
presentation_security_1510578971_320573.pptxpresentation_security_1510578971_320573.pptx
presentation_security_1510578971_320573.pptx
AadityaRauniyar1
 
ppt pdf ajay.pdf
ppt pdf ajay.pdfppt pdf ajay.pdf
ppt pdf ajay.pdf
AmolKumarPandey2
 
How to stay protected against ransomware
How to stay protected against ransomwareHow to stay protected against ransomware
How to stay protected against ransomware
Sophos Benelux
 
WEB APPLICATION SECURITY
WEB APPLICATION SECURITYWEB APPLICATION SECURITY
WEB APPLICATION SECURITY
yashwanthlavu
 
3-types of attacks_Types of attacks.pptx
3-types of attacks_Types of attacks.pptx3-types of attacks_Types of attacks.pptx
3-types of attacks_Types of attacks.pptx
AmandeepSohal4
 
Entrepreneurship & Commerce in IT - 11 - Security & Encryption
Entrepreneurship & Commerce in IT - 11 - Security & EncryptionEntrepreneurship & Commerce in IT - 11 - Security & Encryption
Entrepreneurship & Commerce in IT - 11 - Security & Encryption
Sachintha Gunasena
 
Cyber attack
Cyber attackCyber attack
Cyber attack
Manjushree Mashal
 
Protection from hacking attacks
Protection from hacking attacksProtection from hacking attacks
Protection from hacking attacks
Sugirtha Jasmine M
 
module 3 of cybersecurity of first year students
module 3 of cybersecurity of first year studentsmodule 3 of cybersecurity of first year students
module 3 of cybersecurity of first year students
MayuraD1
 
Cyber security
Cyber security Cyber security
Cyber security
ZwebaButt
 
Computer Network Case Study - bajju.pptx
Computer Network Case Study - bajju.pptxComputer Network Case Study - bajju.pptx
Computer Network Case Study - bajju.pptx
ShivamBajaj36
 
Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...
Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...
Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...
GIRISHKUMARBC1
 
Cyber Security # Lec 2
Cyber Security # Lec 2Cyber Security # Lec 2
Cyber Security # Lec 2
Kabul Education University
 
Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity Training
WindstoneHealth
 
WEB APPLICATION SECURITY
WEB APPLICATION SECURITYWEB APPLICATION SECURITY
WEB APPLICATION SECURITY
yashwanthlavu
 
What are various types of cyber attacks
What are various types of cyber attacksWhat are various types of cyber attacks
What are various types of cyber attacks
kanika sharma
 
TYPES OF CYBER ATTACKS.pptx
TYPES OF CYBER ATTACKS.pptxTYPES OF CYBER ATTACKS.pptx
TYPES OF CYBER ATTACKS.pptx
RohanMistry15
 
Botnets Attacks.pptx
Botnets Attacks.pptxBotnets Attacks.pptx
Botnets Attacks.pptx
MuhammadRehan856177
 
Network security and firewalls
Network security and firewallsNetwork security and firewalls
Network security and firewalls
Murali Mohan
 
Web application security
Web application securityWeb application security
Web application security
Akhil Raj
 
presentation_security_1510578971_320573.pptx
presentation_security_1510578971_320573.pptxpresentation_security_1510578971_320573.pptx
presentation_security_1510578971_320573.pptx
AadityaRauniyar1
 
ppt pdf ajay.pdf
ppt pdf ajay.pdfppt pdf ajay.pdf
ppt pdf ajay.pdf
AmolKumarPandey2
 
How to stay protected against ransomware
How to stay protected against ransomwareHow to stay protected against ransomware
How to stay protected against ransomware
Sophos Benelux
 
Ad

Recently uploaded (19)

Computers Networks Computers Networks Computers Networks
Computers Networks Computers Networks Computers NetworksComputers Networks Computers Networks Computers Networks
Computers Networks Computers Networks Computers Networks
Tito208863
 
Determining Glass is mechanical textile
Determining Glass is mechanical textileDetermining Glass is mechanical textile
Determining Glass is mechanical textile
Azizul Hakim
 
Perguntas dos animais - Slides ilustrados de múltipla escolha
Perguntas dos animais - Slides ilustrados de múltipla escolhaPerguntas dos animais - Slides ilustrados de múltipla escolha
Perguntas dos animais - Slides ilustrados de múltipla escolha
socaslev
 
OSI TCP IP Protocol Layers description f
OSI TCP IP Protocol Layers description fOSI TCP IP Protocol Layers description f
OSI TCP IP Protocol Layers description f
cbr49917
 
APNIC -Policy Development Process, presented at Local APIGA Taiwan 2025
APNIC -Policy Development Process, presented at Local APIGA Taiwan 2025APNIC -Policy Development Process, presented at Local APIGA Taiwan 2025
APNIC -Policy Development Process, presented at Local APIGA Taiwan 2025
APNIC
 
DNS Resolvers and Nameservers (in New Zealand)
DNS Resolvers and Nameservers (in New Zealand)DNS Resolvers and Nameservers (in New Zealand)
DNS Resolvers and Nameservers (in New Zealand)
APNIC
 
White and Red Clean Car Business Pitch Presentation.pptx
White and Red Clean Car Business Pitch Presentation.pptxWhite and Red Clean Car Business Pitch Presentation.pptx
White and Red Clean Car Business Pitch Presentation.pptx
canumatown
 
Best web hosting Vancouver 2025 for you business
Best web hosting Vancouver 2025 for you businessBest web hosting Vancouver 2025 for you business
Best web hosting Vancouver 2025 for you business
steve198109
 
Mobile database for your company telemarketing or sms marketing campaigns. Fr...
Mobile database for your company telemarketing or sms marketing campaigns. Fr...Mobile database for your company telemarketing or sms marketing campaigns. Fr...
Mobile database for your company telemarketing or sms marketing campaigns. Fr...
DataProvider1
 
Reliable Vancouver Web Hosting with Local Servers & 24/7 Support
Reliable Vancouver Web Hosting with Local Servers & 24/7 SupportReliable Vancouver Web Hosting with Local Servers & 24/7 Support
Reliable Vancouver Web Hosting with Local Servers & 24/7 Support
steve198109
 
IT Services Workflow From Request to Resolution
IT Services Workflow From Request to ResolutionIT Services Workflow From Request to Resolution
IT Services Workflow From Request to Resolution
mzmziiskd
 
Top Vancouver Green Business Ideas for 2025 Powered by 4GoodHosting
Top Vancouver Green Business Ideas for 2025 Powered by 4GoodHostingTop Vancouver Green Business Ideas for 2025 Powered by 4GoodHosting
Top Vancouver Green Business Ideas for 2025 Powered by 4GoodHosting
steve198109
 
project_based_laaaaaaaaaaearning,kelompok 10.pptx
project_based_laaaaaaaaaaearning,kelompok 10.pptxproject_based_laaaaaaaaaaearning,kelompok 10.pptx
project_based_laaaaaaaaaaearning,kelompok 10.pptx
redzuriel13
 
Smart Mobile App Pitch Deck丨AI Travel App Presentation Template
Smart Mobile App Pitch Deck丨AI Travel App Presentation TemplateSmart Mobile App Pitch Deck丨AI Travel App Presentation Template
Smart Mobile App Pitch Deck丨AI Travel App Presentation Template
yojeari421237
 
highend-srxseries-services-gateways-customer-presentation.pptx
highend-srxseries-services-gateways-customer-presentation.pptxhighend-srxseries-services-gateways-customer-presentation.pptx
highend-srxseries-services-gateways-customer-presentation.pptx
elhadjcheikhdiop
 
Understanding the Tor Network and Exploring the Deep Web
Understanding the Tor Network and Exploring the Deep WebUnderstanding the Tor Network and Exploring the Deep Web
Understanding the Tor Network and Exploring the Deep Web
nabilajabin35
 
5-Proses-proses Akuisisi Citra Digital.pptx
5-Proses-proses Akuisisi Citra Digital.pptx5-Proses-proses Akuisisi Citra Digital.pptx
5-Proses-proses Akuisisi Citra Digital.pptx
andani26
 
(Hosting PHising Sites) for Cryptography and network security
(Hosting PHising Sites) for Cryptography and network security(Hosting PHising Sites) for Cryptography and network security
(Hosting PHising Sites) for Cryptography and network security
aluacharya169
 
APNIC Update, presented at NZNOG 2025 by Terry Sweetser
APNIC Update, presented at NZNOG 2025 by Terry SweetserAPNIC Update, presented at NZNOG 2025 by Terry Sweetser
APNIC Update, presented at NZNOG 2025 by Terry Sweetser
APNIC
 
Computers Networks Computers Networks Computers Networks
Computers Networks Computers Networks Computers NetworksComputers Networks Computers Networks Computers Networks
Computers Networks Computers Networks Computers Networks
Tito208863
 
Determining Glass is mechanical textile
Determining Glass is mechanical textileDetermining Glass is mechanical textile
Determining Glass is mechanical textile
Azizul Hakim
 
Perguntas dos animais - Slides ilustrados de múltipla escolha
Perguntas dos animais - Slides ilustrados de múltipla escolhaPerguntas dos animais - Slides ilustrados de múltipla escolha
Perguntas dos animais - Slides ilustrados de múltipla escolha
socaslev
 
OSI TCP IP Protocol Layers description f
OSI TCP IP Protocol Layers description fOSI TCP IP Protocol Layers description f
OSI TCP IP Protocol Layers description f
cbr49917
 
APNIC -Policy Development Process, presented at Local APIGA Taiwan 2025
APNIC -Policy Development Process, presented at Local APIGA Taiwan 2025APNIC -Policy Development Process, presented at Local APIGA Taiwan 2025
APNIC -Policy Development Process, presented at Local APIGA Taiwan 2025
APNIC
 
DNS Resolvers and Nameservers (in New Zealand)
DNS Resolvers and Nameservers (in New Zealand)DNS Resolvers and Nameservers (in New Zealand)
DNS Resolvers and Nameservers (in New Zealand)
APNIC
 
White and Red Clean Car Business Pitch Presentation.pptx
White and Red Clean Car Business Pitch Presentation.pptxWhite and Red Clean Car Business Pitch Presentation.pptx
White and Red Clean Car Business Pitch Presentation.pptx
canumatown
 
Best web hosting Vancouver 2025 for you business
Best web hosting Vancouver 2025 for you businessBest web hosting Vancouver 2025 for you business
Best web hosting Vancouver 2025 for you business
steve198109
 
Mobile database for your company telemarketing or sms marketing campaigns. Fr...
Mobile database for your company telemarketing or sms marketing campaigns. Fr...Mobile database for your company telemarketing or sms marketing campaigns. Fr...
Mobile database for your company telemarketing or sms marketing campaigns. Fr...
DataProvider1
 
Reliable Vancouver Web Hosting with Local Servers & 24/7 Support
Reliable Vancouver Web Hosting with Local Servers & 24/7 SupportReliable Vancouver Web Hosting with Local Servers & 24/7 Support
Reliable Vancouver Web Hosting with Local Servers & 24/7 Support
steve198109
 
IT Services Workflow From Request to Resolution
IT Services Workflow From Request to ResolutionIT Services Workflow From Request to Resolution
IT Services Workflow From Request to Resolution
mzmziiskd
 
Top Vancouver Green Business Ideas for 2025 Powered by 4GoodHosting
Top Vancouver Green Business Ideas for 2025 Powered by 4GoodHostingTop Vancouver Green Business Ideas for 2025 Powered by 4GoodHosting
Top Vancouver Green Business Ideas for 2025 Powered by 4GoodHosting
steve198109
 
project_based_laaaaaaaaaaearning,kelompok 10.pptx
project_based_laaaaaaaaaaearning,kelompok 10.pptxproject_based_laaaaaaaaaaearning,kelompok 10.pptx
project_based_laaaaaaaaaaearning,kelompok 10.pptx
redzuriel13
 
Smart Mobile App Pitch Deck丨AI Travel App Presentation Template
Smart Mobile App Pitch Deck丨AI Travel App Presentation TemplateSmart Mobile App Pitch Deck丨AI Travel App Presentation Template
Smart Mobile App Pitch Deck丨AI Travel App Presentation Template
yojeari421237
 
highend-srxseries-services-gateways-customer-presentation.pptx
highend-srxseries-services-gateways-customer-presentation.pptxhighend-srxseries-services-gateways-customer-presentation.pptx
highend-srxseries-services-gateways-customer-presentation.pptx
elhadjcheikhdiop
 
Understanding the Tor Network and Exploring the Deep Web
Understanding the Tor Network and Exploring the Deep WebUnderstanding the Tor Network and Exploring the Deep Web
Understanding the Tor Network and Exploring the Deep Web
nabilajabin35
 
5-Proses-proses Akuisisi Citra Digital.pptx
5-Proses-proses Akuisisi Citra Digital.pptx5-Proses-proses Akuisisi Citra Digital.pptx
5-Proses-proses Akuisisi Citra Digital.pptx
andani26
 
(Hosting PHising Sites) for Cryptography and network security
(Hosting PHising Sites) for Cryptography and network security(Hosting PHising Sites) for Cryptography and network security
(Hosting PHising Sites) for Cryptography and network security
aluacharya169
 
APNIC Update, presented at NZNOG 2025 by Terry Sweetser
APNIC Update, presented at NZNOG 2025 by Terry SweetserAPNIC Update, presented at NZNOG 2025 by Terry Sweetser
APNIC Update, presented at NZNOG 2025 by Terry Sweetser
APNIC
 

Internet Security

  • 2. Introduction… • The Internet represents an insecure channel for exchanging information leading to a high risk of intrusion or fraud, such as phishing. • Internet security is a branch of computer security specifically involving browser security but also network security on a more general level. • Its objective is to establish rules and measures to use against attacks over the Internet.
  • 3. Need for Internet Security… • Today, internet is stuffed with different types of sensitive data • The internet is packed with threats from hackers. They can • crash your system, • Acquire access to your personal information and can result in monetary losses. So, • You need internet security to keep information and systems safe from malicious software and individuals.
  • 4. What are the main security-related threats on the Internet Today? • Hijacked web servers • Denial-of-Service Attacks • Cross Site Scripting • Trap Doors • Email Spoofing
  • 6. Web Server Hijacking… • Attacker gains access and changes contents of web server. • Can be very bad: • Attacker can plant hostile applets. • Attacker can plant data sniffers • Attacker can use compromised machine to take over internal system. • Usually outsiders. • Nearly impossible to trace.
  • 7. How do they do it? • Administrative passwords captured by a password sniffer. • Utilize known vulnerability: • Buffer overflow. • Use web server CGI script to steal /etc/passwd file, then crack passwords. • Mount the web server’s filesystem.
  • 8. Defensive Measures… • Patch known bugs. • Don’t run unnecessary services on the web server. • Monitor system for signs of penetration • Intrusion detection systems • Make frequent backups. • Have a hot spare ready.
  • 10. What is Denial-of-Service attack? • A denial-of-service (DoS) attack is an attempt to make a machine or network resource unavailable to its intended users. • Although the means to carry out and targets of a DoS attack may vary, it generally consists of efforts to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet. • Costs money and reputation • Lost Sales • Damage to reputation
  • 11. How it is done? • Send a lot of requests (HTTP, or SMTP requests) • Easy to trace. • Relatively easy to defend against with TCP/IP blocking at router. • Attack routers • Attack DNS
  • 13. Cross-Site Scripting… • Cross-site scripting (XSS) is a type of computer security vulnerability which enables attackers to inject client-side script into Web pages viewed by other users. • Cross-site scripting carried out on websites accounted for roughly 84% of all security threats documented by Symantec as of 2007. • Their effect may vary depending on the sensitivity of the data handled by the vulnerable site.
  • 14. XSS Attacks - Stealing Cookie • What is cookie? • Used by the web applications for authenticating, tracking, and maintaining specific information about users • Once a cookie is saved on your computer, only the website that created the cookie can read it • How it is done? • Attacker injects script that reads the site’s cookie • Scripts sends the cookie to attacker • Attacker can now log into the site as the victim
  • 15. Some other XSS Attacks… • Defacement • Attacker injects script that automatically redirects victims to attacker’s site <script> document.location = “http://evil.com”; </script> • Phishing • Fake page asks for user’s credentials or other sensitive information( e.g. fake paypal page) • The data is sent to the attacker’s site
  • 17. Email Spoofing… • Email spoofing is the creation of email messages with a forged sender address - something which is simple to do because the core protocols do no authentication. • Spam and phishing emails typically use such spoofing to mislead the recipient about the origin of the message.
  • 18. Prevention measures… • A number of measures to address spoofing are available, but it is likely that almost half of all domains still do not have such measures in place. • However, as of 2013, 60% of consumer mailboxes worldwide used measures to protect themselves against this. • Although email spoofing is often effective in forging the sender's real email address, the IP address source computer sending the mail can generally be identified from the "Received:" lines in the email header.
  • 20. Trap doors… • Method of bypassing normal authentication methods • Remains hidden to casual inspection • Can be a new program to be installed • Can modify an existing program • Also known as Back Doors
  • 21. Trap Door Examples… • 2003, an attempt was made to create a backdoor in the Linux Kernel • Early versions of the Sobig Virus in 2003 installed backdoors to send its spam. • MyDoom virus in early 2004 created a backdoor on port 3127 to send spam
  • 23. Conclusions… • Keep server and third-party applications and library up-to-date • Do not trust user input • Review code & design and identify possible weaknesses • Monitor run-time activity to detect ongoing attacks/probes