1 / 29

The Internet and Security

The Internet and Security. Chapter 4. Top ten things I do with a computer. 1. 2. 3. 4. 5. 6. 7 8 9 10 11. Key Terms. Telecommunications

lavi
Télécharger la présentation

The Internet and Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Internet and Security Chapter 4

  2. Top ten things I do with a computer • 1. • 2. • 3. • 4. • 5. • 6. • 7 • 8 • 9 • 10 • 11

  3. Key Terms Telecommunications Transmission of all forms of communication including digital data, voice, fax, sound, and video from one location to another over some type of network Networks A group of computers and peripheral devices connected by a communication channel capable of sharing information and other resources among users Bandwidth Is the carrying capacity of a telecommunications network. (i.e. the size of the telecommunications channel or pipeline)

  4. Email with teeth Sample of Interpersonal Use of Telecommunications

  5. Sample of Interpersonal Use of Telecommunications

  6. telecommute Sample of Business Use of Telecommunications

  7. Sample of Business Use of Telecommunications

  8. History of the Internet • ARPANET 1960 (Advanced Research Project Agency Network) • NSFNET1986(National Science Foundation Network) • Connected to ARPANET and many others (BITNET, CSNET, etc) to become a major component of the Internet • Internet Support • Ongoing support comes from many universities, federal and state governments, and national international research institutions and industry

  9. Warriors How the Internet Works – Packet Switching • Packet Switching • Allows millions of users to send large and small chucksof data across the Internet concurrently • Based on the concept of turn taking, packets from each user are alternated in the shared network (below) • Networks connected to the Internet use this concept

  10. How the Internet Works – TCP/IP & Routers TCP/IP Approach TCP – Transmission Control Protocol IP – Internet Protocol • Routers • Connect one network to another • Identify each device on a network as unique using IP protocol • Serve as the “Traffic Cop” directing packets to their destination

  11. How the Internet Works – Connecting Networks Example: Sending a message from Computer A to D 2 (Router) Reads IP Address of packet, routes message to Network 2 and Computer D 3 1 (Computer A) TCP - Breaks message into data packets IP - Adds address of destination Computer D (Computer D) TCP - Checks for missing packets, reassembles message, discards duplicate packets

  12. How the Internet Works – Web Addresses & Domains • Domain • Identifies the Website (host) • Comes in many suffixes such as: • .edu (educational institutions) • .org (organizations; non-profit) • .mil (military) • .net (network organizations) • Example: microsoft.com • IP Address • Each domain is associated with one or more IP addresses • Format: a 32-bit address written as 4 numbers (from 0-255) separated by periods • Example: 1.160.10.240 • (URL) Uniform Resource Locator • Identifies particular Web pages within a domain • Example: http://www.microsoft.com/security/default.mspx

  13. How the Internet Works – Connecting to the Internet Modem (stands for Modulate/Demodulate) Internet Service Provider (ISP) Network Access Points (NAPs) Internet Backbone

  14. Network Connection Types POTS (Plain Old Telephone Service) ISDN (Integrated Services Digital Network) DSL (Digital Subscriber Line) Cable Modem IoS (Internet over Satellite) • Wireless • Fixedwireless • Mobilewireless

  15. World Wide Web • HTTP (Hypertext Transfer Protocol) • A protocol used to process user requests for displaying Web pages from a Web server • Web Servers • A special computer that is specifically designed to store and “serve up” Web pages • This machine contains special hardware and software to perform its many specialized functions

  16. Information System Security IS Security Precautions taken to keep all aspects of information systems safe from unauthorized access • Managerial Methods • Several techniques are commonly used to manage information systems security: • Risk Assessment • Controlling Access • Organizational Policies and Procedures • Backups and Recovery

  17. Information System Security – Managerial Techniques • Assessing Risk • Security Audit • Risk Analysis • Alternatives based on Risk Analysis: • Risk Reduction • Risk Acceptance • Risk Transference – • Controlling Access • Keeping information safe by only allowing access to those that require it to do their jobs • Authentication – • Access Control –

  18. Information System Security – Managerial Techniques • Organizational Policies and Procedures • Acceptable Use Policies – formally document how systems should be used, for what, and penalties for non-compliance • Backups and Disaster Recovery • Backups – taking periodic snapshots of critical systems data and storing in a safe place or system (e.g. backup tape) • Disaster Recovery Plans – spell out detailed procedures to be used by the organization to restore access to critical business systems (e.g. viruses or fire) • Disaster Recovery – executing Disaster Recovery procedures using backups to restore the system to the last backup if it was totally lost

  19. Identity theft State of IS Security - Security Threats & Technologies • Security Threats • Identity Theft – • Denial of Service – • Others: Spyware, Spam, Wireless Access, Viruses • Security Technologies • Companies and research organizations continue to develop and refine technologies to prevent security breaches. Some Include: • Firewalls • Biometrics • VPN and Encryption

  20. IS Security: Technology Firewalls A system of software, hardware or both designed to detect intrusion and prevent unauthorized access to or from a private network • Firewall Techniques • Packet Filter – examine each packet entering and leaving network and accept/reject based on rules • Application Level Control – Performs certain security measures based on a specific application (e.g. file transfer) • Circuit Level Control – detects certain types of connections or circuits on either side of the firewall • Proxy Server – acts as, or appears as, an alternative server that hides the true network addresses

  21. Firewall Capability Firewall can • Focus for security decisions • Enforce security policy • Log internet activity • Limit exposure • keeps one section of intranet separate from another Firewall can not • Protect against malicious insiders • Protect against connections that do not go through it • Protect against new threats • Protect against viruses

  22. Security Threat: Spyware, Spam, and Cookies Spyware Any software that covertly gathers information about a user through an Internet connection without the user’s knowledge Spam Electronic junk mail or junk newsgroup postings usually for purpose of advertising some product and/or service Cookies A message passed to a browser from a Web server. Used by legitimate programs to store state and userinformation

  23. Biometrics Security Technology: Biometrics • Biometrics • A sophisticated authentication technique used to restrict access to systems, data and/or facilities • Uses biological characteristics to identify individuals such as fingerprints, retinal patterns in the eye, etc. that are not easily counterfeited

  24. Security Threat: Access to Wireless • Unauthorized Access to Wireless Networks • With the prevalence in use of wireless networks this threat is increasing • Problems - Drive-by hacking - an attacker accesses the network, intercepts data from it, and can use network services and/or send attack instructions without entering the building • Prevention - Encryption between network and user devices

  25. On 8 February, 1587 Elizabeth I of England signed  Mary's death warrant, and she was executed at Fotheringay Castle. The execution did not go well for Mary as the executioner was unable to sever her neck with one blow, and was forced to use a grinding motion on her to complete the task. All because of weak encryption.

  26. Security Technology: VPN and Encryption • Encryption • The process of encoding messages before they enter the network or airwaves, and then decoding at the receiving end • Public Key - known and used to scramble messages (SSL) • Private Key - not known and used by receiver to descramble • Certificate Authority – a third party that issues keys

  27. How Encryption Works

  28. Virtual private network • Virtual private network (VPN): a secure connection between two points across the Internet • Tunneling: the process by which VPNs transfer information • by encapsulating traffic in IP packets over the Internet

  29. Security Threat: Viruses Viruses Programs that can attack a computer and/or a network and delete information, disable software, use up system resources, etc. Prevention Steps: AntiVirussoftware: No Disk Sharing – Delete Suspicious Email Messages – Report Viruses –

More Related