Sie sind auf Seite 1von 79

Internet Security

Module 6

Simplifying Security.

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

May18,20111:15AMCDT

Our View: BolsteringInternet Security Is Imperative


OnMonday,theObamaadministrationproposedamuchneededinternationalefforttobolsterthesecurityoftheInternet.Its
neededbecausecyberspacehascometoserveasbothacommunicationsmiracleand,potentially,oneofthegreatestthreatsto
oursecurityinthe21stcentury.
Thatdescriptionmayseemlikehyperboleasitpullsintwocompletelydifferentdirections.Buttherearejustificationsforboth
descriptions.
TheInternetisarguablythegreatesttechnologicalbreakthroughintroducedtooursocietysincethetelevision.Perhapsthatsmore
hyperbole,unlessyouconsiderjusthowmuchofourworldnowistiedtoonlineaccessandinterconnectivity.
The2010censusnotedthat68.7percentofallU.S.householdshaveInternetconnections;avastmajorityofbusinessesalsouse
theWebformarketingorforinventorypurposes,amongothertools.
Cyberspacehasbecomeastapleinourlives,evenifyoudonthaveanInternetconnectioninyourhomeoroffice.Ourbanking,our
medicalrecords,ourcreditandourbusinessesarealllinkedinsomeformtotheWeb.So,too,ismuchofourinfrastructure,our
communicationandournationalsecurity.Oddsare,thereissomethingyouwant,relyonorneedeachdaythatisdependenton
Internetconnectivityforyoutohaveit.Thatmaynotbeagamechangerintermsofhowyouliveyourlife,butitsdefinitely a
soberingimpact.

http://www.yankton.net

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Module Objectives
InternetSecurity

OnlineGamingRisks

InternetExplorerSecuritySettings

SecurityPracticesSpecifictoGaming
ChildOnlineSafety

MozillaFirefoxSecuritySettings

RoleofInternetinChildPornography

GoogleChromeSecuritySettings
AppleSafariSecuritySettings

ProtectingChildrenfromOnline
Threats

InstantMessaging(IMing)

HowtoReportaCrime?

SearchingontheWeb

InternetSecurityLaws

OnlineGamingandMMORPG

InternetSecurityChecklists

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Module Flow

Browser
Security

SearchEngineand
IMSecurity

InternetSecurity
Laws

Online
Games

ChildOnline
Safety

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Internet Security
Internetsecurityinvolves
protectinguserdatafrom
unauthorizedaccess anddamage
whenconnectedtotheInternet
Aproperbrowserconfiguration
helpsinpreventingmalware
infection,protectingpersonal
information,andpreventingor
limitingthedamage fromancyber
attack

Top 10 Malware Hosting Countries


39%

UnitedStates

France

10%

Russia

8.72%

Germany

Onlineattackpaths:

5.87%

China

Emails

Instantmessaging

Chatrooms

Poland

Filesharinganddownloads

Canada

5.04%

UnitedKingdom

2.68%
2.43%
2.03%

Ukraine

1.97%

Hungary

1.84%

http://www.findmysoft.com

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Internet Explorer Security Settings


LaunchInternetExplorer,clicktheTools button,andselectInternetoptions
SelecttheSecurity tab,whichdisplayswebsitesclassifiedintofourzones:
1.Internet2.LocalIntranet3.Trustedsites4.Restrictedsites

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Internet Explorer Security


Settings: Internet Zone
TheInternetzoneisforalltheInternet
websitesexceptforthoselistedinthe
Trusted orRestrictedzones
ClickCustomlevel tosettheInternet
zonesecuritysettings
Disableorenabletherequiredoptions
Movetheslidertochangethesecurity
level
SetthesecuritylevelforthezoneHigh
toensurehighersecurity
Maintainingthehighersecuritylevel
maydegradetheperformanceofthe
browser
ClickOK toapplythesettings

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Internet Explorer Security


Settings: ActiveX Controls
ActiveXcontrolsaresmallprogramsthatwork
overtheInternetthroughthebrowser
Theyincludecustomizedapplicationsthatare
requiredtogatherdata,viewselectfiles,andrun
animationswhentheuservisitswebsites
Malwareisdownloadedontotheusersystem
throughActiveXcontrolswhenhe/shevisits
maliciouswebsites
DisabletheActiveXcontrolsandpluginsoptions
intheSecuritySettings window
EnabletheAutomaticpromptingforActiveX
controls option sothatthebrowserprompts
whenthereisarequirementofActiveXcontrols
andpluginstobeenabled
ClickOK toapplythesettings

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Internet Explorer Security


Settings: Local Intranet Zone
Localintranetzonecoversthe
sitesonintranet
StepstoaddwebsitestoLocal
intranet zone:
SelectSecurity LocalIntranet
ClickSites
ClicktheAdvancedbutton
EntertheURLintoAddthis
websitetothezone columnand
clickAdd
ClickOK toapplythesettings

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Internet Explorer Security


Settings: Trusted Sites Zone
The Trustedsiteszone
containsthosewebsitesthat
theusersbelievewillnot
damagetheircomputersor
data

SelectSecurity Trustedsites
ClicktheSites button
EntertheURLintoAddthis
websitetothezonecolumnand
clickAdd
ClickOK toapplythesettings

10

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Internet Explorer Security


Settings: Restricted Zone
TheRestrictedsiteszonerestricts
theaccesstothewebsitesthat
mightcausedamagetoacomputer
Toaddrestrictedwebsitesto
Restrictedsiteszone:
SelecttheSecurity tabandchoose
Restrictedsites
ClicktheSites button
EnterthesiteURLintotheAddthis
websitetothezone columnto
restricttheaccess
ClickAdd andthenclickOK toapply
thesettings

11

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Understanding Cookies
Acookieisinformationthatisprovidedbyawebservertowebbrowserandthensentback
unchangedbythebrowsereachtimeitaccessesthatserver
Whenthewebsiteisrevisited,thebrowsersendstheinformationbacktoittohelp
recognizetheuser
Thisactivityisinvisibletotheuserandisgenerallyintendedtoimprovethewebsurfing
experience (forexample,atanonlinestore)

12

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Internet Explorer Privacy Settings


Theusercanlimittheinformation
thatisstoredinacookie
Acookieisonlyatextfileandcannot
searchadriveforinformationor
carryavirus
Toconfigurecookiesettings:
ChooseInternetoptionsfromtheTools
menuonthebrowser
SelectthePrivacy tabandusetheslider
tosetthelevelatlow,medium,
mediumhigh,orhigh
Blockalloracceptallcookies
dependingupontherequirement
ChecktheTurnonPopupBlocker
optiontoblockthepopupsthatappear
whilevisitingsomewebsites

13

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Deleting Browsing History


1. ChooseInternetoptions
fromtheTools menuon
thebrowser
2. GototheBrowsinghistory
section
3. Checkthedesiredoptions
intheDeleteBrowsing
Historydialogbox
4. ClickDelete todeletethe
browsinghistory

14

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Do Not Allow the Browser to


Remember any Password
InternetExplorerAutocompletePassword
prompt

FirefoxRememberPasswordprompt

15

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Securing File Downloads


Toconfigurethedownloadsettings
forInternetExplorer,navigateto
Tools Internetoptions goto
Securitytab
ClicktheCustomLevelbuttoninthe
SecuritySettingswindow
IntheDownloads menuEnable the
AutomaticpromptingtoFile
downloads andFiledownload
options
ClickOK tosavethesettings

SettingDownloadoptionsinInternetExplorer
16

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Mozilla Firefox: Security Settings


LaunchtheMozillaFirefox browser
ClicktheTools menuitemandselectOptions

17

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Mozilla Firefox: Security Settings


SelectSecurity fromtheOptions window

ChecktheoptionWarnmewhensitestryto
installaddons sothatthebrowserprompts
beforeinstallingaddonstothebrowser
ClicktheExceptions buttonandentertheURLinto
AddressofWebsite boxandclickAllow tospecify
whichwebsitesareallowedtoinstalladdons
ChecktheBlockreportedattacksites optionto
avoidvisitingmaliciouswebsites
ChecktheoptionBlockreportedwebforgeries
toactivelycheckwhetherthesitebeingvisited
isanattempttostealpersonalinformation
UnchecktheRememberpasswordsforsites
optiontopreventthebrowserfromremembering
thepasswordsfortheloginpagesvisited

18

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Mozilla Firefox: Privacy Settings


SelectPrivacy intheOptions
window

TheusercanchooseifFirefox
remembersthebrowsinghistory

Clickclearyourrecent
history

SelecttheTimerangetoclear
thehistory
Checktheoptionsrequiredto
clearthehistoryandclick
ClearNow

19

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Securing File Downloads


Donotacceptfiledownloadsfromunknown
membersontheInternet
Thesedownloadsmaycontainmalwarethatwill
degradecomputerperformance

FilearedownloadedbydefaulttoMy
Documents Downloads
Theusermayconfigurethebrowsersettings
sothathe/sheispromptedtospecifythe
locationtosavethefile

20

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Securing File Downloads

Toconfigurethedownload
settingsforMozillaFirefox,
navigatetoTool Options
General
ChecktheoptionAlwaysaskme
wheretosavethefile toallow
thebrowsertoaskbefore
downloadingafileandto
specifythelocationtowhichit
willbedownloaded
SettingDownloadoptionsinMozillaFirefox

21

Thebrowserdirectlydownloads
thefiletothedefaultlocation
withoutanyintimation ifthis
optionisunchecked

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Installing Plugins
1

The InstallMissingPlugins messageappearswhileopening


somewebsites

Pluginsarerequiredtodisplayfiles,graphics orplayavideo
onawebpage

Checkifthesourceofmissingpluginsistrustworthy or
not

Scanthedownloadedpluginusinganantivirus software
beforeinstalling it

22

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Google Chrome Privacy and


Security Settings

LaunchGoogleChrome

Clicktheicon,then
selectOptions

23

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Google Chrome:
Privacy Settings

ClicktheUndertheHood tabinGoogle
ChromeOptions window
UnderPrivacy, checkthedesiredweb
services
ChecktheUseDNSprefetchingto
improvepageloadperformance option
DNSprefetchingstandsforDomainName
Systemprefetching
Whentheuservisitsawebpage,Google
ChromecanlookuporprefetchtheIP
addressesofalllinksonthewebpage

ChecktheoptionEnablephishingand
malwareprotection topreventthe
browserfromopeninganymalicious
websites

24

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Google Chrome: Security Settings


SecureSocketsLayer (SSL)isanInternet
protocolusedbymanywebsitesto
ensuresafedataencryptionand
transmission
TheSSLsettinginwebbrowsersis
turnedon bydefault
Somewebsitesrequireolderversionof
SSL2.0;checktheUseSSL2.0optionin
suchconditions
Checkthecheckforservercertificate
revocation optiontoturnonrealtime
verificationforthevalidityofa
website'scertificate

25

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Apple Safari: Security Settings


LaunchtheSafaribrowser
Tochangethesettings,selecttheiconandthenselectPreferences

26

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Apple Safari: Security Settings


SelecttheSecurity tabinthe
preferenceswindow
TheWebContentsection
permitstheusertoenable
ordisablevariousformsof
scriptingandactivecontent
Itisrecommendedtoaccept
cookiesonlyfromthesites
visited
Checkingthisoptionallows
thebrowsertowarnthe
userbeforeopeningany
websitethatisnotsecure

27

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Testing the Browser


for Privacy
LaunchtheInternetbrowserand
navigatetohttp://privacy.net/
analyze/ totesttheprivacy
ClickClickheretotakethebrowser
testand analyzetheprivacyofyour
Internetconnection

28

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Module Flow

Browser
Security

SearchEngineand
IMSecurity

InternetSecurity
Laws

Online
Games

ChildOnline
Safety

29

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Instant Messaging (IMing)


InstantMessaging(IMing)allowstheusertointeractwithotherpeople on
theInternetusingasoftwareapplication

30

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Instant Messaging Security Issues


IMWorm

Awormthatharmsthecomputerandlocatesallthe
contactsintheIMaddressbook

TheIMWormtriestosenditselftoallthecontactsinthe
usersIMcontactlist

SocialEngineering

Socialengineeringdependsonhumaninteraction that
involvestrickingpeoplethroughIMandgettingtheir
personalinformation

SpamoverIM(SPIM)

SPIMisspamdeliveredthroughIM insteadofdelivering
itthroughemail

IMsystemssuchasYahoo!Messenger,AIM,Windows
LiveMessenger,andchatroomsinsocialnetworking
sitesarepopulartargetsforspammers

31

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Instant Messaging Security Measures


Donotrevealpersonalinformation
onIMs

Donotacceptlinksreceivedfrom
unknownpeopleonIM

Blocktheuserswhosendunsolicited
weblinks

Alwaysusestrongpasswords

SignoutoftheIMapplicationafter
usingit

DonotchecktheRemember
password option

32

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Searching on the Web


Searchenginesdisplay
hundredsofresultsfora
searchquery

Notallthewebpageresults
obtainedbythesearch
enginearesecure

Tofilterthemalicioussearch
results,useanantivirus
applicationasanaddonto
thebrowserandEnable it

ToaddAddons inthe
MozillaFirefoxbrowser,
navigatetoTools Addons
GetAddons

33

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Module Flow

Browser
Security

SearchEngineand
IMSecurity

InternetSecurity
Laws

Online
Games

ChildOnline
Safety

34

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Online Gaming and MMORPG


Onlinegaminghasbecomea
popularpastime,especiallydue
tohighspeedInternet and
emergingtechnology
MMORPGsarepopular
worldwideandtherevenues
forthesegamesarewell
overabilliondollars

MassivelyMultiplayerOnlineRole
PlayingGame (MMORPG)isatype
of computerroleplayinggames in
whichalargenumber
of players interactwithoneanother
withina virtualgameworld

Ithasalsobecomethetarget
forattackersforthelarge
amountsofmoneyinvolved

IntheworldofMMORPGs,alsoknown
asonlinegames,playerscanmeetother
players,becomefriends,engageina
battle,fightagainstevil,andplay

35

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Online Gaming Risks


Interactionswith
potentialfraudsterswho
maytrickthegamerto
revealpersonal/financial
information

Computerintruders
exploitingsecurity
vulnerabilities

Malware suchasviruses,
Trojanhorses(Trojans),
computerworms,and
spyware

Online andrealworld
predators

36

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Insecure or Compromised Game Servers


and Game Coding
Ifthesoftwareatthegameserveriscompromised,
thecomputersthatareconnectedtotheservercan
alsobecompromised
Anygamewithanetworkconnection hasarisk
involved
Theattackermayevenusethevulnerabilitiesto
crashthegamingserver
Thevulnerabilitiesinthegameservercanbeusedbythe
attackersto:
Stealgamepasswords
Stealinformationfromthegamerscomputers
Controlthegamerscomputersremotely
Launchattacksonothercomputers
InstallprogramssuchasTrojans,adware,spyware

Thegamecodeisgenerallynotaswellanalyzed asthe
othersoftwarecoding
Thismayresultinintroducingunknownvulnerabilities
ontothecomputer
37

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Social Risks
Theattackersmayusethesocialinteractionintheonlinegameenvironmentto
attacktheunprotectedcomputers ortoexploitsecurityvulnerabilities

SocialEngineering

VirtualMugging

IdentityTheft

CyberProstitution
ProtectionSchemes

38

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Social Engineering
Attackersmaytrickthegamersintoinstallingmalicious
softwareontheircomputersbysocialengineering
Theyofferabonusorhelpinthegameinexchangefor
otherplayerspasswordsorotherinformationinthe
gameforumsonagameserver

Thegamerswhoarelookingforwaystomaketheplay
easierrespondtosuchoffers
Attackerssendphishingemailssupposedlyfrom
thegameserveradministrators,whichwillinvitethe
playertoauthenticatehis/heraccountviaawebsite
linkedinthemessage

Note:GameMasters(GMs)ofagamewillneveraskagamerforhis/herusernameand/orpassword

39

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Message from a Gamer About a Password


Stolen by a Malicious Program

http://www.securelist.com

40

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Protection Schemes, Cyber Prostitution,


and Virtual Mugging
Protection
Schemes

Organizedcrimehas
emergedinSouthKorean
gamingcommunity
Thecriminalorganizations
forcethegamersinto
protectionschemes,
wherethegamershaveto
paymoney(virtualor
real)toavoidkillingofthe
gamerscharactersand
theftofthepasswords

Cyber
Prostitution

Onlinegamesarebeing
usedforcyberprostitution
wherethe
customers/gamerspay
moneyforcybersex
InTheSimsonline,a
MassivelyMultiplayer
Online(MMO)game,a17
yearolddevelopedacyber
brothel,wherethe
gamerspaidSimmoney
(Simoleans)forcybersex
perminute

Virtual
Mugging

Virtualmuggingwas
coinedwhensome
playersofLineageII
usedbotstodefeat
othergamersandtake
theiritems;theseitems
werelaterputonsalein
onlineauctions

Thegamersaccountswere
eventuallycancelled

41

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

How the Malicious Users Make Money


Stolenitemssuchaspasswordsorvirtualitemsareputonsaleonwebsites,suchaseBay,oronforums
Thesearesoldtoothergamersforrealorvirtualmoney
Thecybercriminalmayaskthegamerforransom inreturnforthisinformation

http://www.securelist.com
42

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Security Practices Specific


to Gaming

43

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Recognize Administrator Mode Risks

Somegamesrequirethe
gametoberunin
Administratormode
Ifthatisthecase,ensure
thatthegamehasbeen
downloadedfroma
trustedwebsite/vendor

Freedownloadsofgamesmay
containmalicioussoftware,
includingpluginstorunthe
game
Thissoftwaremaybeused
togainadministratorlevel
control ofthecomputer

Insteadofusingthe
administratoraccount,the
gamerisadvisedtobrowsethe
Internetorplaythegames
usingaUserAccount,which
maydenytheattackeraccess
toadministratorrights

44

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Recognize Risks due to ActiveX


and JavaScript

Someofthegamesplayed
overthewebrequire
ActiveX orJavaScript tobe
enabled

45

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Play the Game, Only at the


Game Site

Playthegamesatthe
gamesiteandsave
theInternet
browsing forlater

Oncedonewith
playingthegame,
switchtotheuser
account tobrowse
theInternet

46

Thisreducestherisk
ofvisitingamalicious
website whenplaying
agame

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Pay Attention to Firewall


Management
Playingcertainmultiplayergamesmayrequirethe
firewallsettings tobechangedtoallowinformation
fromthegametogetthroughtothegamerscomputers

Everytimethepermissivesettingsarechanged
onthefirewall,theriskofcomputersecurity
concernsincreases

Inthefirewalls,thegamercandesignatethefellow
gamersIPaddressesastrustedtoavoidanyinteractions
withtheattacker

47

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Module Flow

Browser
Security

SearchEngineand
IMSecurity

InternetSecurity
Laws

Online
Games

ChildOnline
Safety

48

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Risks Involved Online


Therisksinvolvedwhenachildworks
onlineinclude:
Misdirectedsearches
StealthsitesandmisleadingURLs
Onlinesexualharassment
Childpornography
Grooming
Cyberbullying

49

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Misdirected Searches
1

Parentsmaytakealltheprecautionstoprotectthechildonline,butallthatcould
benegatedwhenthechildisunconsciouslyledtovisitharmfulsites

Searchenginesusetermsknownasmetavariablestoindexawebsite

Whenausersearchesforwebsites,thesearchenginesdisplaytheresultsusing
themetavariables
Example:asportswebsitemaybeindexedbythemetatermssoccer,
football,scores,etc.

Pornsitepromotersaddpopularsearchtermstotheirmetavariablelist,toredirect
thewebtraffictowardstheirsite

Pornsitesmayusethewordssports,school,movies,etc.,tolurechildren
totheirwebsites

Unlessafilteringsoftwareisused,thesearchenginescannotdistinguishbetween
thesearchrequestsofanadultandachild

50

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Stealth Sites and Misleading


URLs
Pornographicwebsites
thriveonincreasedweb
traffic

Pornographicsitesuse
commontypoerrorsto
lurevisitorstotheir
websites

Childrenmayendupata
pornographicwebsitejustby
typing
www.whitehouse.com
insteadof
www.whitehouse.gov

Pornsitepromotersbuy
domainnamessuchasthe
.comequivalentofa.gov
ora.orgwebsite,being
awarethatwebsurferswould
endupattheirwebsiteif
thereisatypographicalerror

51

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Child Pornography, Grooming, and


Cyberbullying
Child Pornography
Underfederallaw(18U.S.C.
2256),childpornographyis
definedasanyvisualdepiction,
includinganyphotograph,film,
video,picture,orcomputeror
computergeneratedimageor
picture,whethermadeor
producedbyelectronic,
mechanical,orothermeans,of
sexuallyexplicitconduct,where
theproductionofthevisual
depictioninvolvestheuseofa
minorengaginginsexually
explicitconduct

Grooming
Groomingisanactof
befriending andestablishing
emotionalconnectionwith
children
Childgroomingisusedfor
lesseningthechilds
inhibitions andpreparing
themforchildabuse
Theoffenderstargetchildren
throughattention,affection,
kindnessandsympathy,and
offergiftsand/ormoney

Cyberbullying
Cyberbullyingoccurswhena
child,preteenorteen,is
threatened,harassed,and/or
embarrassed usingthe
Internetormobilephonesor
othercommunicationmedia
Cyberbullyingsigns:
Upsetafterusingthe
computer
Refusetostepoutofthe
houseortogotoschool
Drawsawayfromfriends
andfamily

http://www.missingkids.com

52

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Role of the Internet in Child Pornography


TheInternetprovideseasyaccesstohugequantitiesofpornographicmaterials

Itensurescompleteanonymity andprivacy
Variouswebservicessuchasemails,newsgroups,andchatroomsfacilitatethe
sharing ofpornographicmaterials
Itprovidesacosteffective mediumforthetransferofpornographic
materials
ItenablespeoplewithanInternetconnectiontoaccesspornographic
materialsatanytimeandanywhere
Itsupportstransferofpornographicmaterialsinvariousformatsthatcanbe
storedondifferentdigitalstoragedevices

53

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Effects of Pornography on Children

Theyexperiencemental
weaknesssuchas:

Childvictimssuffer
fromdepression,anger,
withdrawal,andother
psychologicalproblems

Guiltandfeeling
responsibleforthe
abuseandbetrayal

Physicalinjuriesdueto
molestation,suchas
genitalbruisingor
exposuretosexually
transmitteddiseases

Asenseof
powerlessnessand
worthlessness
Lowselfesteem

54

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Risks Involved in Social Networking


Websites
Peopleonthesocialnetworkingwebsitescanviewtheprofiles,
photos,andvideosofotherpeopleonthatwebsite

Thechildmayprovidetoomuchinformationonasocial
networkingwebsite
OnlinepredatorsmaygetinformationsuchasemailIDs,
telephonenumbers,residentialaddress,hobbies,interests
andmorefromtheirprofile
Onlinepredatorsmayusethisinformationforcyberbullying,
identitytheft,orcyberexploitation

55

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Unsolicited Emails
Onlinepredatorsmay
useemailtechniques
tostealinformation
fromchildren

Theymaysendspamemails
thatcontainpornographic
materials orlinksto
pornographicwebsites

Thechildmayevenbe
askedtoregisteronthat
websitebyproviding
personalinformation

56

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Chat Rooms
Onlinepredatorsmayusechat
roomstobuildcontactswith
childrenandthenleadtheminto
cyberprostitution
Onlinepredatorsmayuse
socialengineeringtechniques
togetpersonalinformation
fromchildreninachatroom

Theymayalsousechatrooms
tosendslinkstowebsiteswith
inappropriatecontent,suchas
pornography
Theymayalsosendmalicious
linkstochildren,whichmay
resultinthecomputergetting
infectedwithmalware

57

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Finding if Children are at Risk Online


Theparentcanfindiftheirchildrenarefacinganyonlinethreatsfromthefollowingsymptoms:

Thechildspendsmoretimesittingatthecomputer

Pornographicmaterialispresentonthechildscomputer

Thechildreceivesphonecallsand/orgiftsfromunknown
persons

Thechildturnsoffthemonitororquicklychangesthe
screenwhentheparententerstheirroom

Thechildlooksdepressedanddoesnotshowanyinterestin
talkingwithfamilyorfriends

58

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Protecting Children from Online


Threats
Ensurethatthechildknowsaboutdangers
ofcomputersexoffenders

Checkcreditcardstatements each
monthforanyunusualchargesthatmay
indicateunauthorizedpurchasesbya
strangeroryourchild

Monitor whatthechilddoesonthe
computer

Notifythepoliceifsomeonethechild
metonlinestartscallingthem,sends
gifts,ortryingtolurethemforrevealing
sensitiveinformation

UsecallerIDonphonestodeterminewhois
callingthechild,andblocknumbersthat
aresuspicious
Monitorthechild'saccesstoalltypesoflive
electroniccommunicationssuchaschat
rooms,instantmessages,InternetRelay
Chat,etc.

Ensurethatthechilddoesnot:

Providepersonalinformationsuchas
name,address,phone,schoolname

Restrictaccesstothemalicious andporn
websites usingInternetcontentfiltering
software

Meetanyoneonlinewithout
permission

Openemailsfromunknownsenders

Ifthechildismaintainingasocial
networkingprofile,lookcloselyatwhat
informationtheyhavepostedintheir
memberprofiles andblogs,including
photosandvideos

Sharetheirphotos/videos with
strangersovertheInternet

59

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Encourage Children to Report


Theparentsshouldencouragetheirchildrento
reportanyinappropriatebehavior theymayface
online

Theparentscanencouragethechildtocometo
themiftheyarebeingbulliedorarefacingonline
predators
Thechildrenmayalsobeencouragedtospeaktoa
trustedindividualsuchasanaunt,uncle,orolder
sibling,iftheyareuncomfortabletalking tothe
parents

60

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

How to Report a Crime

Internetcrimescanbe
reportedat
http://www.ic3.gov/comp
laint/default.aspxby
clickingReportInternet
Crime

http://www.ic3.gov
61

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Security Software for Protecting Children from Online


Threats
Childrencanbeprotectedfromonlinethreatsbyinstallingappropriatesecuritysoftwareon
thechildscomputer
Thefeaturesthataparentshouldlookforinthesoftwareinclude:
IMfeatures

Webblocking
Tohelppreventthechildfromviewing
inappropriatecontent

TohelpinrecordingandmonitoringtheIMchatsofthechild,
thushelptheparentindeterminingifthechildisengagedin
aninappropriatedialoguewithunknownpersons

Programblocking

Usagereports

Tohelpblockgames,peerpeerfile
sharing,etc.

ToprovideatimelyreportonthechildsInternetusageandIM
historytomonitorthechildsonlineinteractions

Emailblocking

Videofiltering

Tohelpblockunknownemailaddressesand
preventchildrenfromcommunicatingwith
peopletheymetonline,throughemail

Toensurethatthechilddoesnotviewinappropriatevideoson
sitessuchasYouTube,butatthesametimeallowthechildto
viewuseful/funvideos

Socialnetworkingfeatures

Timelimits

Tohelpinrecordingandmonitoringthecontentthatthechild
postsonline,andtodetermineifthechildisbeingbullied
online

Tohelpcontroltheamountoftimethechild
spendsonthecomputer

62

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

KidZui
KidZuiisafreeweb
browser,searchengine,
andonlineplayground for
kids
Ithasalargenumberof
games,websites,videos,
andphotosreviewedby
parents andteachers
Iteliminatestheneedfor
parentswhenkidsare
online

http://www.kidzui.com

63

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Actions To Take When the Child


Becomes an Online Victim
Ignore anycontactfromthe
onlinepredatororcyberbully

Reporttheoffensetothe
InternetServiceProvider
(ISP)

Encouragethechildnotto
logintothewebsitewhere
bullyingoccurred

AlsoreporttotheoffendersISP

Changetheonline
information ofthechildand
deletethesocialnetworking
accountsifnecessary

Blocktheoffendersemail
addressandscreennameso
thattheycannotcontactthe
childanymore

64

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Module Flow

Browser
Security

SearchEngineand
IMSecurity

InternetSecurity
Laws

Online
Games

ChildOnline
Safety

65

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Internet Laws
Thewebspaceisavastterrainandwithplethoraofecommercesites,analyticalsites,sportssites,
informationsites,businesssites,etc.
SuchalargedomainrequiressupervisiontoprotectthenetizensfromInternetcriminals,attackers,etc.
Internetlawsprotecttheusersfromimmoral/indecentacts,privacybreach,etc.,ontheInternet
Why you need to
know Internet laws:
Internetusersshouldknowthe
Internetlawstoleveragethe
disputesagainstecommerce
vendors,fraudsters/Internet
criminals,etc.,
KnowingtheInternetlawshelps
theuserstounderstandwhat
theycanandcannotpostonthe
Internet

Internet laws cover:

Important laws:

Defamation

USAPATRIOTAct

Intellectualproperty

ChildrensOnlinePrivacy
ProtectionAct(COPPA)

Patents
Copyrights
Privacyinfringement
Childprotection,etc.

Also,usersneedtoknowthe
Internetlawstobeabletolegally
usetheimmensecontent
presentontheInternet

TheDigitalMillennium
CopyrightAct
CANSPAMAct
ComputerMisuseAct1990
EuropeanUnionData
ProtectionDirective
DataProtectionAct1998

66

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

USA PATRIOT Act


USAPATRIOT(UnitingandStrengthening
AmericabyProvidingAppropriateTools
RequiredtoInterceptandObstructTerrorism,
USAPA),waspassedonOctober26,2001

Section212oftheactallowstheISPsto
voluntarilydisclosethecustomer
information includingthecustomerrecords
andallelectronictransmissions(email,
voicetransmissions)

TITLEIIEnhancedSurveillanceProcedures,
section216ofthePatriotact,giveslaw
enforcementauthoritiesaccess todialing,
routing,andsignalinginformation

TheISPsmaychoosetorevealthe
customerinformation iftheybelievethat
thereisriskofdeathorbodilyinjurytoan
individual/group

Accordingtotheact,lawenforcement
authoritieshaveaccesstotheemailpackets
(includesemailcontent)

Section220oftheactallowsfor
nationwidesearchwarrantsforemail
Thisgivestheauthoritiestherightto
searchasuspectwithouthavingtogoto
theplaceoftheISP

Undertheact,thegovernmentcancompel
theISPtoreleasethesubscriberinformation
thatincludes:
Customername
Customeraddress
Modeofpayment
Creditcardinformation
Bankaccountinformation

67

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Childrens Online Privacy


Protection Act (COPPA)
TheCOPPAisrelevanttotheonlinecollectionof
personalinformationfromchildrenbelowtheage
of13
Theactdictates:

Theprivacypolicyshouldinclude:
Thenameandcontactinformationofalltheoperators
collecting/maintainingthepersonalinformation
Thekindofpersonalinformationthatwillbecollected

Whatawebsiteownermustincludeintheprivacy
policy

Howtheoperatorintendstousethepersonalinformation
Whethertheoperatorreleasesthepersonalinformation
tothirdparties

Whenandhowtheverifiableconsentcanberequested
fromtheparents

Iftheparentsconsentisrequiredforreleasingthe
informationtothirdparties

Theresponsibilityofthewebsiteownerinprotecting
thechildrensonlinesafetyandprivacy

Theprocedurethattheparentsshouldfollowtocontrol
theirchildrenspersonalinformation

Everyoperatorofawebsiteoronlineservicewho
collectsthepersonalinformationofchildren,
knowingly,mustcomplywithCOPPA
Theoperatormustincludealinktotheprivacy
policyofthewebsiteonthehomepage

Accordingtotheact,theoperatorshould:
Notifytheparentsthathe/sheintendstocollecttheir
childrensinformation
Askfortheparentsconsentbeforereleasingthe
informationtothethirdparties/publicdisclosure
Informtheparentsabouttheinternaluseofthepersonal
information
Informtheparentsifthereareanychangesintheprivacy
policy

68

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

The Digital Millennium Copyright


Act
TheEuropeanUnion
CopyrightDirective
(EUCD)addressessomeof
thesamecopyright
infringementissuesasthe
DMCA

TheDigitalMillennium
CopyrightAct(DMCA)
1998wassignedinto
lawbyPresident
Clinton

Accordingtotheact,any
infringementofthecopyrighted
materialisacriminaloffense

69

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Highlights of DMCA
Circumventinganyantipiracymeasuresbuiltintocommercialsoftwareisacrime

Banstheproduction,sale,ordistributionofcodecrackingtoolstoillegallycopysoftware
Permitsthecrackingofcopyrightprotectedsoftwaretoperformencryptionresearchandtest
computersecuritysystems
Nonprofitlibraries,educationalinstitutions,etc.,areexemptedfromtheactundercertain
circumstances
ISPsareexemptforsimplytransmittinginformationovertheInternet

ISPsare,however,requiredtoremovethecopyrightinfringingmaterialsfromuserwebsites

Webcastersarerequiredtopaylicensingfeetotherecordingcompanies

70

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

CAN-SPAM Act
Requirements

The CANSPAMactwassignedinto
lawby theU.S.President GeorgeW.
Bush onDecember16,2003

Donotusefalse ormisleading email


headerinformation

Theactestablishesthestandardsfor
sendingcommercialemail

Ifthemessageisanadvertisement,
youarerequiredtodiscloseit
clearly

TheCANSPAMact:
Definestherulesforcommercialemail
Establishestherequirementsfor
commercialmessages

Youshouldtelltherecipientshow
theycanoptoutofreceivingfurther
emailsfromyou

Givesrecipientstherighttohavethe
senderstopemailingthem

Youshouldhonortherecipientsopt
outrequestwithin10businessdays

EachemailthatviolatesCANSPAMact
issubjecttopenaltiesofupto
$16,000

Ifathirdpartyissendingemailson
yourbehalf,monitorwhattheyare
sendingtotherecipients

71

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Computer Misuse Act 1990


The ComputerMisuseAct1990 isanactofthe UKParliament

Theactmakescertainactivities
illegalsuchas:

Theactdefinesthreecomputer
misuseoffenses:

Hackingintootheruserscomputers

Unauthorizedaccesstocomputermaterial

Misusingsoftware

Unauthorizedaccesswithintenttocommit
orfacilitatecommissionoffurtheroffenses

Helpinganattackergainaccessto
securedfiles/documentsinanother
userscomputer

Unauthorizedmodificationofcomputer
material

72

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

European Union Data Protection


Directive (95/46/EC)
The95/46/ECdirectiveprovidesguidelinestoEuropeanUnionmemberstatesforindividualsprivacyand
dataprotection

Thedirectiveregulatestheprocessingofpersonaldataregardlessofwhethersuchprocessingis
automatedornot

Section1ofthedirectiveprovidestheprinciplesrelatingtodataquality,section2providescriteriafor
makingdataprocessinglegitimateandsection5definesthedatasubject'srightofaccesstodata
Accordingtosection1ofthedirective,MemberStatesshallprovidethatpersonaldatamustbecollected
forspecified,explicitandlegitimatepurposesandnotfurtherprocessedinawayincompatiblewiththose
purposes
Section2statesthatMemberStatesshallprovidethatpersonaldatamaybeprocessedonlyifthedata
subjecthasunambiguously givenhisconsent

Section5statesthatMemberStatesshallguaranteeeverydatasubjecttherighttoobtainfromthe
controllerwithoutconstraintatreasonableintervalsandwithoutexcessivedelay

73

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Data Protection Act 1998 (UK)


Right To Privacy

Personal Data
DataProtectionAct1998
definesUKlawonthe
processingofdataon
identifiablelivingpeopleandis
themainpieceoflegislation
thatgovernstheprotectionof
personaldata intheUK

Itprotectspeople's
fundamentalrightsand
freedoms andinparticular
theirrighttoprivacywith
respecttotheprocessingof
personaldata

Explicit Consent

Authorization

Datamustnotbedisclosedto
otherpartieswithoutthe
consentoftheindividualwhom
itisabout,unlessthereis
legislationorotheroverriding
legitimatereasontosharethe
information

Itisanoffenceforotherparties
toobtainthispersonaldata
withoutauthorization

74

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Module Summary
Internetsecurityinvolvesprotectinguserdataandinformationfromunauthorizedaccesswhen
connectedtotheInternet
Scanthefiledownloadswithupdatedantivirussoftwaretocheckforthepresenceofmalware
Onlinegaminghasbecomeapopularpasttime,especiallyduetohighspeedInternetandemerging
technology
Ifthesoftwareatthegameserveriscompromised,thecomputersthatareconnectedtotheserver
canalsobecompromised
Parentsmaytakeallprecautionstoprotectthechildonline,butallthatcouldbenegatedwhenthe
childisunconsciouslyledtovisitharmfulsites
Childrencanbeprotectedfromonlinethreatsbyinstallingappropriatesecuritysoftwareonthe
childscomputer
Internetlawsprotectusersfromimmoral/indecentactsandprivacybreachontheInternet
KnowingtheInternetlawshelpstheuserstounderstandwhattheycanandcannotpostonthe
Internet

75

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Internet Security Checklists


Regularlyupdateyouroperatingsystem andotherinstalled
applications
Setupafirewall tocontroltheflowofinformation

Ensurethatyouhavethelatestwebbrowserinstalled on
thesystemandupdateitregularly
Installasafebrowsingtool thatwarnsaboutreportedphishingsites
andblocksaccesstotheaddresses
Ensurethatyouareconnectedtoasecurednetwork whenusinga
wirelessnetwork
Neverrespondtounsolicitedemail offersorrequestsfor
information

76

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Internet Security Checklists


Donotclickthelinkssentbyunknownusers
Donotdownloadfilesfromunknownsources
Donotgiveoutpersonallyidentifiableinformation whenregistering
withwebsites/applications
Donotclickanypopups thatappearwhilebrowsingwebsites
Regularlyscanyoursystem forviruses,worms,Trojans,spyware,key
loggersandothermalwareusingantivirus
Updatetheantivirusapplication onaregularbasis

77

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Internet Security Checklists


Usestrongpasswordsandchangethematregularintervals
DisconnectfromtheInternetifanythingsuspiciousisfoundonthe
computer
AlwayschecktheAddressbarforcorrectURL
Alwayscheckthewebsitecertificate,SSLpadlocksandHTTPs
DonotenableActiveXandJavaScriptfeatures
Regularlybackuptheimportantfiles
RemoveunnecessaryprotocolsfromtheInternetinterface
Checkrouterorfirewalllogs toidentifyabnormalnetwork
connectionstotheInternet

78

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Checklist for Parents to


Protect Their Child from Online Threats
Talktochildrenaboutwhattheydoonthecomputer

Getaprofileonthesocialnetworkingsitethechildison

Reviewthelistofthechildsfriends

Beinformedofthechallengesofsocialnetworking

Checkifanyoneistryingtoimpersonatethechildonline

EncouragethechildtousethechildsafeapplicationssuchasKidZui

79

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.