Internet security

KHALID MEHMOOD
Introduction

 The Internet is a dangerous place, full of profiteers who sell your

personal data to information brokers and cunning criminals who
have nothing better to do than steal your Social Security number,
obtain credit cards in your name, go on spending sprees, and ruin
your credit rating.
 So whether you're shopping at Macys.com or chatting with your
buddies over blogs, you'll need to take certain precautions to keep
your personal info from falling into the wrong hands.
What is Computer and Internet
Security
Computer Security:
Protecting computers, information, and services from unauthorized
access, change or destruction.
Internet security:
extends this concept to systems that are connected to the Internet
1. Browsing the Internet
2. Electronic Commerce
3. Social Networking
4. Emailing
Internet Security Risks

 Unauthorized access
 Spoofing
 Information theft
 Denial of service attack
Unauthorized Access

 Viewing private accounts, messages, files or resources when one

has not been given permission from the owner to do so. Viewing
confidential information without permission or qualifications can
result in legal action.

 Authentication:
is the process of recognizing a user's identity. It is the mechanism of
associating an incoming request with a set of identifying .
Spoofing

 The word "spoof" means to hoax, trick, or deceive. Therefore, in

the IT world, spoofing refers tricking or deceiving computer systems
or other computer users. This is typically done by hiding one's identity
or faking the identity of another user on the Internet.
 Spoofing can take place on the Internet in several different ways.
One common method is through e-mail. E-mail spoofing involves
sending messages from a bogus e-mail address or faking the e-mail
address of another user.
Denial-of-Service Attack

 In computing, a denial-of-service attack (DoS attack) is a cyber-

attack in which the perpetrator seeks to make a machine or
network resource unavailable to its intended users by temporarily or
indefinitely disrupting services of a host connected to the Internet.
 DOS attack can be done in various ways:
1. Flooding the network to prevent legitimate network traffic
2. Disrupting the connections between two machines, thus
preventing access to a service
3. Preventing a particular individual from accessing a service.
4. Disrupting a service to a specific system or individual
Information Theft

 Information about all the sites that you visit is stored on your
computer. Every image that you have ever viewed, sent or received
over the Internet is stored on your hard drive. Be it personal pictures
or confidential business charts, these can be accessed by any
snooper.
 There is a record of every program that you have ever
downloaded or used on your hard drive. What you use on your
computer should be your business and nobody else's.
 The windows "delete" button and the "empty recycle bin" option
does NOT completely delete your files. With the right tools,
anyone can recover removed files.
Preventing from internet security
Risks
1. Firewall
2. encryption
Firewall

 The word firewall originally referred literally to a wall, which was

constructed to halt the spread of a fire.
 In the world of computer firewall protection, a firewall refers to a
network device which blocks certain kinds of network traffic,
forming a barrier between a trusted and an untrusted network. It is
analogous to a physical firewall in the sense that firewall security
attempts to block the spread of computer attacks.
Firewall
Encryption

 is the process of encrypting or encoding data and messages

transmitted or communicated over a computer network.
 It is a broad process that includes various tools, techniques and
standards to ensure that the messages are unreadable when in
transit between two or more network nodes.
 In this process an encryption key is used. Which is generated and
shared automatically between two devices.
 There are two types of keys used in encryption.
1. Secret key
2. Public key
Encryption
Encryption Keys
1. Secret key encryption:
Secret key encryption uses a single key to both encrypt and decrypt messages. As
such it must be present at both the source and destination of transmission to allow
the message to be transmitted securely and recovered upon receipt at the correct
destination.
The key must be kept secret by all parties involved in the communication. If the key
fell into the hands of an attacker, they would then be able to intercept and decrypt
messages, thus thwarting the attempt to attain secure communications by this
method of encryption.
It is also called private key.
Secret key encryption
Encryption Keys
2. Public key encryption:
Public key systems use a pair of keys, each of which can decrypt the
messages encrypted by the other.
Provided one of these keys is kept secret (the private key), any communication
encrypted using the corresponding public key can be considered secure as the only
person able to decrypt it holds the corresponding private key.
Public key encryption:
Security Guidelines - Mobile
Devices
 Enable auto-lock
 Enable password protection
 Keep the phone OS and apps up-to-date
 Enable remote wipe feature where possible
 Avoid connecting to public wireless network when possible.
Security Guidelines - Social
Networks
Security Guidelines Before you post, ask the following:
 Will this post/picture cause a problem for me?
 Would I say this in front of my mother?
 Limit the number of people that see it
 Share public information with the public
 Share inner thoughts and personal feelings with close friends.