Abstract image of a woman sitting on books and studying on a laptop

Internet Security

Download as PPT, PDF
M
Mitesh Gupta

This document discusses various internet security threats such as hijacked web servers, denial-of-service attacks, cross-site scripting, email spoofing, and trap doors. It provides details on how these threats are carried out and potential defensive measures. The key threats are hijacking web servers to plant hostile code, denial-of-service attacks which try to interrupt services, cross-site scripting which injects scripts to steal cookies or phish users, email spoofing which forges sender addresses in spam/phishing, and trap doors which bypass authentication. Internet security aims to establish rules against such attacks over the insecure internet.

Internet
Related topics:
Internet Security
1 of 24
Downloaded 191 times
1
2
Most read
3
Most read
4
5
6
7
8
9
10
11
12
13
14
15
16
17
Most read
18
19
20
21
22
23
24
Internet Security
Introduction… • The Internet represents an insecure channel for exchanging information leading to a high risk of intrusion or fraud, such as phishing. • Internet security is a branch of computer security specifically involving browser security but also network security on a more general level. • Its objective is to establish rules and measures to use against attacks over the Internet.
Need for Internet Security… • Today, internet is stuffed with different types of sensitive data • The internet is packed with threats from hackers. They can • crash your system, • Acquire access to your personal information and can result in monetary losses. So, • You need internet security to keep information and systems safe from malicious software and individuals.
What are the main security-related threats on the Internet Today? • Hijacked web servers • Denial-of-Service Attacks • Cross Site Scripting • Trap Doors • Email Spoofing
Hijacked web servers
Web Server Hijacking… • Attacker gains access and changes contents of web server. • Can be very bad: • Attacker can plant hostile applets. • Attacker can plant data sniffers • Attacker can use compromised machine to take over internal system. • Usually outsiders. • Nearly impossible to trace.
How do they do it? • Administrative passwords captured by a password sniffer. • Utilize known vulnerability: • Buffer overflow. • Use web server CGI script to steal /etc/passwd file, then crack passwords. • Mount the web server’s filesystem.
Defensive Measures… • Patch known bugs. • Don’t run unnecessary services on the web server. • Monitor system for signs of penetration • Intrusion detection systems • Make frequent backups. • Have a hot spare ready.
Denial-of-Service Attacks
What is Denial-of-Service attack? • A denial-of-service (DoS) attack is an attempt to make a machine or network resource unavailable to its intended users. • Although the means to carry out and targets of a DoS attack may vary, it generally consists of efforts to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet. • Costs money and reputation • Lost Sales • Damage to reputation
How it is done? • Send a lot of requests (HTTP, or SMTP requests) • Easy to trace. • Relatively easy to defend against with TCP/IP blocking at router. • Attack routers • Attack DNS
Cross Site Scripting
Cross-Site Scripting… • Cross-site scripting (XSS) is a type of computer security vulnerability which enables attackers to inject client-side script into Web pages viewed by other users. • Cross-site scripting carried out on websites accounted for roughly 84% of all security threats documented by Symantec as of 2007. • Their effect may vary depending on the sensitivity of the data handled by the vulnerable site.
XSS Attacks - Stealing Cookie • What is cookie? • Used by the web applications for authenticating, tracking, and maintaining specific information about users • Once a cookie is saved on your computer, only the website that created the cookie can read it • How it is done? • Attacker injects script that reads the site’s cookie • Scripts sends the cookie to attacker • Attacker can now log into the site as the victim
Some other XSS Attacks… • Defacement • Attacker injects script that automatically redirects victims to attacker’s site <script> document.location = “http://evil.com”; </script> • Phishing • Fake page asks for user’s credentials or other sensitive information( e.g. fake paypal page) • The data is sent to the attacker’s site
Email Spoofing
Email Spoofing… • Email spoofing is the creation of email messages with a forged sender address - something which is simple to do because the core protocols do no authentication. • Spam and phishing emails typically use such spoofing to mislead the recipient about the origin of the message.
Prevention measures… • A number of measures to address spoofing are available, but it is likely that almost half of all domains still do not have such measures in place. • However, as of 2013, 60% of consumer mailboxes worldwide used measures to protect themselves against this. • Although email spoofing is often effective in forging the sender's real email address, the IP address source computer sending the mail can generally be identified from the "Received:" lines in the email header.
Trap Doors
Trap doors… • Method of bypassing normal authentication methods • Remains hidden to casual inspection • Can be a new program to be installed • Can modify an existing program • Also known as Back Doors
Trap Door Examples… • 2003, an attempt was made to create a backdoor in the Linux Kernel • Early versions of the Sobig Virus in 2003 installed backdoors to send its spam. • MyDoom virus in early 2004 created a backdoor on port 3127 to send spam
Conclusions
Conclusions… • Keep server and third-party applications and library up-to-date • Do not trust user input • Review code & design and identify possible weaknesses • Monitor run-time activity to detect ongoing attacks/probes
THANK YOU

More Related Content

PPTX
AAA Implementation
Ahmad El Tawil
 
PPTX
Internet security
Tapan Khilar
 
PPTX
Email Spoofing.pptx
Mumara
 
PPTX
Brute Force Attack and Its Prevention.pptx
hamzajawad10
 
PPTX
Security threats
Qamar Farooq
 
PPTX
Introduction to cyber security
AliyuMuhammadButu
 
PPTX
Secure communication
Tushar Swami
 
PPT
Computer security: hackers and Viruses
Wasif Ali Syed
 
AAA Implementation
Ahmad El Tawil
 
Internet security
Tapan Khilar
 
Email Spoofing.pptx
Mumara
 
Brute Force Attack and Its Prevention.pptx
hamzajawad10
 
Security threats
Qamar Farooq
 
Introduction to cyber security
AliyuMuhammadButu
 
Secure communication
Tushar Swami
 
Computer security: hackers and Viruses
Wasif Ali Syed
 

What's hot (20)

PPTX
Cyber Crime and Security
Chitra Mudunuru
 
PPTX
Network security (vulnerabilities, threats, and attacks)
Fabiha Shahzad
 
PPTX
Cyber Security Introduction.pptx
ANIKETKUMARSHARMA3
 
PPTX
Phishing ppt
Sanjay Kumar
 
PPTX
cyber security
NiharikaVoleti
 
PPTX
How To Prevent Cyber Attacks | Types of Cyber Attack | What is Cyber Attack |...
Intellipaat
 
PPTX
Cyber security
Manjushree Mashal
 
PPTX
Cyber attack
Manjushree Mashal
 
PPTX
Spyware powerpoint
galaxy201
 
PPTX
Types of cyber attacks
krishh sivakrishna
 
PDF
Malicious software
Dr.Florence Dayana
 
PPT
Cyber security standards
Vaughan Olufemi ACIB, AICEN, ANIM
 
PPTX
Basics of Denial of Service Attacks
Hansa Nidushan
 
PPTX
Cybersecurity Attack Vectors: How to Protect Your Organization
TriCorps Technologies
 
PPTX
Cyber security
manoj duli
 
PPTX
Virus
Protik Roy
 
PPT
Network Security Threats and Solutions
Colin058
 
PPTX
Phishing attack seminar presentation
AniketPandit18
 
PPT
Computer Worms
sadique_ghitm
 
PPTX
Spyware
Kardan university, kabul , Afghanistan
 
Cyber Crime and Security
Chitra Mudunuru
 
Network security (vulnerabilities, threats, and attacks)
Fabiha Shahzad
 
Cyber Security Introduction.pptx
ANIKETKUMARSHARMA3
 
Phishing ppt
Sanjay Kumar
 
cyber security
NiharikaVoleti
 
How To Prevent Cyber Attacks | Types of Cyber Attack | What is Cyber Attack |...
Intellipaat
 
Cyber security
Manjushree Mashal
 
Cyber attack
Manjushree Mashal
 
Spyware powerpoint
galaxy201
 
Types of cyber attacks
krishh sivakrishna
 
Malicious software
Dr.Florence Dayana
 
Cyber security standards
Vaughan Olufemi ACIB, AICEN, ANIM
 
Basics of Denial of Service Attacks
Hansa Nidushan
 
Cybersecurity Attack Vectors: How to Protect Your Organization
TriCorps Technologies
 
Cyber security
manoj duli
 
Virus
Protik Roy
 
Network Security Threats and Solutions
Colin058
 
Phishing attack seminar presentation
AniketPandit18
 
Computer Worms
sadique_ghitm
 
Spyware
Kardan university, kabul , Afghanistan
 
Ad

Viewers also liked (19)

PDF
Internet Security
Peter R. Egli
 
PPTX
Internet security powerpoint
Arifa Ali
 
PPTX
Internet Security
mjelson
 
PPT
Tutorial 9 - Security on the Internet
dpd
 
PPTX
Library On Internet Security
momac
 
PDF
Evolution of Internet and Online Marketing (M1L2P1: Professional eMarketer)
Susantha Herath
 
PPT
Internet security
Suneel Dogra
 
PDF
Internet of Things: Challenges and Issues
rjain51
 
PPT
Internet Security
Chris Rodgers
 
PDF
Computer Security
Frederik Questier
 
PDF
TOP 6 Security Challenges of Internet of Things
ChromeInfo Technologies
 
DOCX
Financial analysis final project
Deepanti Arora
 
PPT
Data Flow Diagram
Puneet Arora
 
PPTX
Different types of attacks in internet
Rohan Bharadwaj
 
PPTX
Dfd examples
Mohit
 
PPTX
Library management system
ashu6
 
PPTX
Data Flow Diagrams
Sinhaa Yash
 
PDF
Social Media for Business
Presentation Advisors
 
PDF
Mobile-First SEO - The Marketers Edition #3XEDigital
Aleyda Solís
 
Internet Security
Peter R. Egli
 
Internet security powerpoint
Arifa Ali
 
Internet Security
mjelson
 
Tutorial 9 - Security on the Internet
dpd
 
Library On Internet Security
momac
 
Evolution of Internet and Online Marketing (M1L2P1: Professional eMarketer)
Susantha Herath
 
Internet security
Suneel Dogra
 
Internet of Things: Challenges and Issues
rjain51
 
Internet Security
Chris Rodgers
 
Computer Security
Frederik Questier
 
TOP 6 Security Challenges of Internet of Things
ChromeInfo Technologies
 
Financial analysis final project
Deepanti Arora
 
Data Flow Diagram
Puneet Arora
 
Different types of attacks in internet
Rohan Bharadwaj
 
Dfd examples
Mohit
 
Library management system
ashu6
 
Data Flow Diagrams
Sinhaa Yash
 
Social Media for Business
Presentation Advisors
 
Mobile-First SEO - The Marketers Edition #3XEDigital
Aleyda Solís
 
Ad

Similar to Internet Security (20)

PDF
Ethical Hacking and Cyber Security
Neeraj Negi
 
PDF
Sip 140208055023-phpapp02
mark scott
 
PPT
Web security
Jin Castor
 
PPTX
Cyber Security By Preetish Panda
Preetish Panda
 
PDF
Invited Talk - Cyber Security and Open Source
hack33
 
PPTX
Computer security and privacy
Haider Ali Malik
 
PPTX
Web Application Vulnerabilities
Preetish Panda
 
PPT
hacking lecture 3c.ppt
peter722626
 
PPTX
Cyber crime &amp; security
Avani Patel
 
PPTX
APpresebtstuobvghgftytfhyrfyttrfgPT.pptx
sarojrk0710
 
PPT
Hacking
Anil Shrivastav
 
PPT
Hacking
LutfulM
 
PPT
Hacking
Muhammad Ruhul Mowla
 
PPTX
Network security and firewalls
Murali Mohan
 
PPT
2hacking.ppt
LatinaLatina1
 
PPTX
bhumi verma dentition in mammals -aman.pptxhhdbshdbsbdhsdbhdbhs
sarasdivyansh1608
 
PDF
Secure Coding BSSN Semarang Material.pdf
nanangAris1
 
PPTX
Security vulnerabilities - 2018
Marius Vorster
 
PPT
3 Most Common Threats Of Information Security
Ana Meskovska
 
PPTX
Cyber.pptx
MahalakshmiShetty3
 
Ethical Hacking and Cyber Security
Neeraj Negi
 
Sip 140208055023-phpapp02
mark scott
 
Web security
Jin Castor
 
Cyber Security By Preetish Panda
Preetish Panda
 
Invited Talk - Cyber Security and Open Source
hack33
 
Computer security and privacy
Haider Ali Malik
 
Web Application Vulnerabilities
Preetish Panda
 
hacking lecture 3c.ppt
peter722626
 
Cyber crime &amp; security
Avani Patel
 
APpresebtstuobvghgftytfhyrfyttrfgPT.pptx
sarojrk0710
 
Hacking
Anil Shrivastav
 
Hacking
LutfulM
 
Hacking
Muhammad Ruhul Mowla
 
Network security and firewalls
Murali Mohan
 
2hacking.ppt
LatinaLatina1
 
bhumi verma dentition in mammals -aman.pptxhhdbshdbsbdhsdbhdbhs
sarasdivyansh1608
 
Secure Coding BSSN Semarang Material.pdf
nanangAris1
 
Security vulnerabilities - 2018
Marius Vorster
 
3 Most Common Threats Of Information Security
Ana Meskovska
 
Cyber.pptx
MahalakshmiShetty3
 

Recently uploaded (20)

PDF
Course Overview and Agenda cloud security
ElsayedKowaydeh
 
PPSX
AI AppSec Threats and Defenses 20250822.ppsx
Robert Grupe, CSSLP CISSP PE PMP
 
PDF
The_Decisive_Battle_of_Yarmuk,battle of yarmuk
aykule97
 
PPTX
Viva Digitally Software-Defined Wide Area Network.pptx
HubraSEO
 
PPTX
Artificial_Intelligence_Basics use in our daily life
ANUBHABPANIGRAHI3
 
PPTX
Introduction: Living in the IT ERA.pptx
joycecueva07
 
PDF
How Technology Shapes Our Information Age
samarthyaarathod
 
PPTX
Introduction to networking local area networking
sagar490070
 
PDF
Top 8 Trusted Sources to Buy Verified Cash App Accounts.pdf
How To Buy Verified Cash App Accounts
 
PPTX
购买林肯大学毕业证|i20Lincoln成绩单GPA修改本科毕业证书购买学历认证
南昆士兰大学毕业证学历文凭如可办理【Q微号:1954 292 140】USQ成绩单
 
PPTX
Networking2-LECTURE2 this is our lessons
MarkAngeloOprido
 
DOCX
Memecoinist Update: Best Meme Coins 2025, Trump Meme Coin Predictions, and th...
memecoinist83
 
PPTX
KSS ON CYBERSECURITY INCIDENT RESPONSE AND PLANNING MANAGEMENT.pptx
Cashmir Pangandaman
 
PPTX
ECO SAFE AI - SUSTAINABLE SAFE AND HOME HUB
km5624
 
PPTX
Basic understanding of cloud computing one need
subhosvims
 
PPTX
Top Website Bugs That Hurt User Experience – And How Expert Web Design Fixes
e-Definers Technology
 
PDF
Buy Cash App Verified Accounts Instantly – Secure Crypto Deal.pdf
pvaonit
 
PDF
Computer Networking, Internet, Casting in Network
wakesandollar
 
PDF
Virtual Guard Technology Provider_ Remote Security Service Solutions.pdf
duggempudi414
 
PPTX
COPD_Management_Exacerbation_Detailed_Placeholders.pptx
4mmkp9d8xv
 
Course Overview and Agenda cloud security
ElsayedKowaydeh
 
AI AppSec Threats and Defenses 20250822.ppsx
Robert Grupe, CSSLP CISSP PE PMP
 
The_Decisive_Battle_of_Yarmuk,battle of yarmuk
aykule97
 
Viva Digitally Software-Defined Wide Area Network.pptx
HubraSEO
 
Artificial_Intelligence_Basics use in our daily life
ANUBHABPANIGRAHI3
 
Introduction: Living in the IT ERA.pptx
joycecueva07
 
How Technology Shapes Our Information Age
samarthyaarathod
 
Introduction to networking local area networking
sagar490070
 
Top 8 Trusted Sources to Buy Verified Cash App Accounts.pdf
How To Buy Verified Cash App Accounts
 
购买林肯大学毕业证|i20Lincoln成绩单GPA修改本科毕业证书购买学历认证
南昆士兰大学毕业证学历文凭如可办理【Q微号:1954 292 140】USQ成绩单
 
Networking2-LECTURE2 this is our lessons
MarkAngeloOprido
 
Memecoinist Update: Best Meme Coins 2025, Trump Meme Coin Predictions, and th...
memecoinist83
 
KSS ON CYBERSECURITY INCIDENT RESPONSE AND PLANNING MANAGEMENT.pptx
Cashmir Pangandaman
 
ECO SAFE AI - SUSTAINABLE SAFE AND HOME HUB
km5624
 
Basic understanding of cloud computing one need
subhosvims
 
Top Website Bugs That Hurt User Experience – And How Expert Web Design Fixes
e-Definers Technology
 
Buy Cash App Verified Accounts Instantly – Secure Crypto Deal.pdf
pvaonit
 
Computer Networking, Internet, Casting in Network
wakesandollar
 
Virtual Guard Technology Provider_ Remote Security Service Solutions.pdf
duggempudi414
 
COPD_Management_Exacerbation_Detailed_Placeholders.pptx
4mmkp9d8xv
 

Internet Security

  • 2. Introduction… • The Internet represents an insecure channel for exchanging information leading to a high risk of intrusion or fraud, such as phishing. • Internet security is a branch of computer security specifically involving browser security but also network security on a more general level. • Its objective is to establish rules and measures to use against attacks over the Internet.
  • 3. Need for Internet Security… • Today, internet is stuffed with different types of sensitive data • The internet is packed with threats from hackers. They can • crash your system, • Acquire access to your personal information and can result in monetary losses. So, • You need internet security to keep information and systems safe from malicious software and individuals.
  • 4. What are the main security-related threats on the Internet Today? • Hijacked web servers • Denial-of-Service Attacks • Cross Site Scripting • Trap Doors • Email Spoofing
  • 6. Web Server Hijacking… • Attacker gains access and changes contents of web server. • Can be very bad: • Attacker can plant hostile applets. • Attacker can plant data sniffers • Attacker can use compromised machine to take over internal system. • Usually outsiders. • Nearly impossible to trace.
  • 7. How do they do it? • Administrative passwords captured by a password sniffer. • Utilize known vulnerability: • Buffer overflow. • Use web server CGI script to steal /etc/passwd file, then crack passwords. • Mount the web server’s filesystem.
  • 8. Defensive Measures… • Patch known bugs. • Don’t run unnecessary services on the web server. • Monitor system for signs of penetration • Intrusion detection systems • Make frequent backups. • Have a hot spare ready.
  • 10. What is Denial-of-Service attack? • A denial-of-service (DoS) attack is an attempt to make a machine or network resource unavailable to its intended users. • Although the means to carry out and targets of a DoS attack may vary, it generally consists of efforts to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet. • Costs money and reputation • Lost Sales • Damage to reputation
  • 11. How it is done? • Send a lot of requests (HTTP, or SMTP requests) • Easy to trace. • Relatively easy to defend against with TCP/IP blocking at router. • Attack routers • Attack DNS
  • 13. Cross-Site Scripting… • Cross-site scripting (XSS) is a type of computer security vulnerability which enables attackers to inject client-side script into Web pages viewed by other users. • Cross-site scripting carried out on websites accounted for roughly 84% of all security threats documented by Symantec as of 2007. • Their effect may vary depending on the sensitivity of the data handled by the vulnerable site.
  • 14. XSS Attacks - Stealing Cookie • What is cookie? • Used by the web applications for authenticating, tracking, and maintaining specific information about users • Once a cookie is saved on your computer, only the website that created the cookie can read it • How it is done? • Attacker injects script that reads the site’s cookie • Scripts sends the cookie to attacker • Attacker can now log into the site as the victim
  • 15. Some other XSS Attacks… • Defacement • Attacker injects script that automatically redirects victims to attacker’s site <script> document.location = “http://evil.com”; </script> • Phishing • Fake page asks for user’s credentials or other sensitive information( e.g. fake paypal page) • The data is sent to the attacker’s site
  • 17. Email Spoofing… • Email spoofing is the creation of email messages with a forged sender address - something which is simple to do because the core protocols do no authentication. • Spam and phishing emails typically use such spoofing to mislead the recipient about the origin of the message.
  • 18. Prevention measures… • A number of measures to address spoofing are available, but it is likely that almost half of all domains still do not have such measures in place. • However, as of 2013, 60% of consumer mailboxes worldwide used measures to protect themselves against this. • Although email spoofing is often effective in forging the sender's real email address, the IP address source computer sending the mail can generally be identified from the "Received:" lines in the email header.
  • 20. Trap doors… • Method of bypassing normal authentication methods • Remains hidden to casual inspection • Can be a new program to be installed • Can modify an existing program • Also known as Back Doors
  • 21. Trap Door Examples… • 2003, an attempt was made to create a backdoor in the Linux Kernel • Early versions of the Sobig Virus in 2003 installed backdoors to send its spam. • MyDoom virus in early 2004 created a backdoor on port 3127 to send spam
  • 23. Conclusions… • Keep server and third-party applications and library up-to-date • Do not trust user input • Review code & design and identify possible weaknesses • Monitor run-time activity to detect ongoing attacks/probes