Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

Internet Security

advertisement 
COSC1078 Introduction to
Information Technology
Lecture 22
Internet Security
James Harland
james.harland@rmit.edu.au
Lecture 22: Internet Security
Intro to IT
Introduction to IT
1 Introduction
2 Images
3 Audio
4 Video
WebLearnTest 1
5 Binary Representation
Assignment 1
6 Data Storage
7 Machine Processing
8 Operating Systems
WebLearn Test 2
9 Processes
Assignment 2
10 Internet
11 Internet Security
WebLearn Test 3
12 Future of IT
Assignment 3, Peer and Self Assessment
Lecture 20: Internet
Intro to IT
Overview
 Questions?
 Exam
 Assignment 3
 Peer and Self Assessment
 Internet Security
 Questions?
Lecture 21: Internet Security
Intro to IT
Assignment 3
 Reflect
Answer reflection questions from tutorials
See last lecture for ideas
 Research
Write about a particular IT topic of your choice (56 paragraphs)
electronic voting, information security, 3D user interfaces,
digital music, digital video, electronic commerce, natural
language processing, DNA computing, quantum computing,
cryptography, malware detection and removal, Moore's Law,
green computing, …
Lecture 21: Internet Security
Intro to IT
Exam
 2010 exam is available now
 2010 exam answers will be available on May 29th
 2011 exam will be available on June 5th
 2011 exam answers will be available on June 12th
 2012 exam available on June 19th 
Lecture 21: Internet Security
Intro to IT
Self and Peer Assessment
 How well has each person contributed to the group?
 Evaluated over the entire semester
 Assessed on process, not product
 Work out a grade for each person (CR, DI etc)
 Then convert this to a mark out of 20
 Submit list of marks to tutor with justifications
 Repeat previous step until the tutor is satisfied
 See guidelines in Blackboard material
Lecture 21: Internet Security
SE Fundamentals
Assignment 3
Review
(re-) answer What is IT? questions from Tutorial 1
Identify difficult parts of the course
Suggest new questions
Include favourites from Assignments 1 and 2
Reflect
Answer reflection questions from tutorials
Research
Write about a particular IT topic of your choice
(5-6 paragraphs)
Lecture 21: Internet Security
Intro to IT
Internet Security
pass
virus
proxy
word
patch
war
worm
Lecture 22: Internet Security
spam
fire
wall
key
logger
driving
phishing
Intro to IT
Trojan
horse
Security vs access
 It is always a trade-off (a balance between two
competing forces)
 More security means less access

More access means less security

Redundancy can be either fatal or vital

Nothing is perfect!
Lecture 22: Internet Security
Intro to IT
Freedom vs security
 `Everything which is not forbidden is allowed’
-- Principle of English Law
 `Everything which is not allowed is forbidden’
-- Common security principle
 `Anything not mandatory is forbidden’
-- “military policy”
 `Anything not forbidden is compulsory’ (??)
— T.H. White (The Once and Future King)
Lecture 22: Internet Security
Intro to IT
Passwords
Should be:
Long (8 characters or more)
Not obvious or from a dictionary
Contain capitals, numerals and nonalphanumeric characters (!&^*$@.,’[]{}? …)
 Recorded securely somewhere
 Transmitted in encrypted form only
 Older programs such as FTP, Telnet transmit
this in plaintext …




Lecture 22: Internet Security
Intro to IT
Firewalls
Device which limits internet connections
Limit network uses to only approved ones
Prevent malicious software reporting information
Prevent outside attacks
May need to have ports opened to allow
applications to work
 Only work on applications, not on content





Lecture 22: Internet Security
Intro to IT
Proxy servers






All internet traffic routed via proxy server
Acts as an internet gateway
Once proxy is secure, so is network
Can filter content
Can cache content
Often used with a firewall in a corporate
environment
Lecture 22: Internet Security
Intro to IT
Wardriving
 Driving around to find a vulnerable wireless signal

Find a wireless connection that doesn’t require a
password (so add one to yours if you haven’t!)

Attack systems that use a default admin login name
and password (change yours!)

Snoop on transmissions which are not encrypted
(encrypt yours!)
 Using a MAC address whitelist means only specified
devices can connect to your router
Lecture 22: Internet Security
Intro to IT
Viruses,Worms,Trojans
 Virus: self-replicating program that attaches
itself to files and is spread when they are
transferred
 Worm: self-replicating program that proactively spreads itself
 Trojan horse: a program that appears
legitimate but is in fact malicious
Lecture 22: Internet Security
Intro to IT
Malware and Spyware








Malicious software:
Hidden mail server
Key logging (to capture passwords)
Enable machine takeover
Direct traffic to particular web sites
Analyse behaviour
Act as a proxy
…
Lecture 22: Internet Security
Intro to IT
Denial of service
 Prevent network from working normally
 Flood a server with ‘invalid’ inputs
 Use a network of compromised machines to
generate an overwhelming number of requests
(Conficker?)
 Such zombie machines can form a botnet,
which then attack a particular server
Lecture 22: Internet Security
Intro to IT
Tricking the user







Users are often the weakest link in security
Email attachments containing trojan horses
‘Phishing’
Malicious web pages
Malicious documents (macros in spreadsheets)
Account stealing (via key logging)
Scams (‘I have $10 million to import’, ‘You have
just won the lottery’, …)
Lecture 22: Internet Security
Intro to IT
Protecting your system
 Keep up to date with patches (Windows
update, Software update)
 Use a firewall
 Use anti-virus software and keep it up to date
 Use anti-spyware tools
 Filter email for spam and suspicious messages
 Be aware of ‘fake alerts’
Lecture 22: Internet Security
Intro to IT
Stuxnet?
 Windows-based worm
 Discovered in July, 2010
 Designed to attack a very specific industrial
plant
 Assumes plant operator would use a Windows
laptop to reprogram plant machinery
 Not clear who was behind it …
 Look at the video
Lecture 22: Internet Security
Intro to IT
Stuxnet?
 Designed for Siemens equipment
 Siemens have said none of their customers
were effected! 
 Iran has ‘embargoed’ Siemens equipment …
 “The attackers took great care to make sure that only their
designated targets were hit...It was a marksman’s job."
 "we're glad they [the Iranians] are having trouble with their
centrifuge machine and that we – the US and its allies – are doing
everything we can to make sure that we complicate matters for
them"
Lecture 22: Internet Security
Intro to IT
Privacy and encryption
 Cryptography has been a major political
headache for governments
 Public-key cryptography makes Amazon
possible …
 Terrorist groups can use the same technology
to keep things private…
 Should governments be able to keep
encryption keys?
 See PGP and Phil Zimmermann…
Lecture 22: Internet Security
Intro to IT
Conclusion
 Work on Assignment 3
 Check your software defenses!
Lecture 21: Internet Security
Intro to IT
Related documents
AGENDA 4 3 15 ATTACH AA with Child Dvlp. Concentration
AGENDA 4 3 15 ATTACH AA with Child Dvlp. Concentration
OG-Science - Notesheet on Ch 13 RNA
OG-Science - Notesheet on Ch 13 RNA
Subject: Environmental Monitoring – Water
Subject: Environmental Monitoring – Water
PowerPoint - Academia Sinica
PowerPoint - Academia Sinica
Seminar 1 group 6 chris
Seminar 1 group 6 chris
SYLLABUS 2012-2013 August
SYLLABUS 2012-2013 August
Download
advertisement