Lecture 22: Internet Security

Lecture 22: Internet Security - Description

Intro to IT. . COSC1078 Introduction to Information Technology. . Lecture 22. Internet Security. James Harland. james.harland@rmit.edu.au. Lecture 20: Internet. Intro to IT. . Introduction to IT. ID: 129593 Download Presentation

72K - views

Lecture 22: Internet Security

Intro to IT. . COSC1078 Introduction to Information Technology. . Lecture 22. Internet Security. James Harland. james.harland@rmit.edu.au. Lecture 20: Internet. Intro to IT. . Introduction to IT.

Similar presentations


Download Presentation

Lecture 22: Internet Security




Download Presentation - The PPT/PDF document "Lecture 22: Internet Security" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.



Presentation on theme: "Lecture 22: Internet Security"— Presentation transcript:

Slide1

Lecture 22: Internet Security

Intro to IT

COSC1078 Introduction to Information Technology Lecture 22Internet Security

James Harlandjames.harland@rmit.edu.au

Slide2

Lecture 20: Internet

Intro to IT

Introduction to IT

1

Introduction

2

Images

3

Audio

4

Video

WebLearnTest

1

5

Binary Representation

Assignment 1

6

Data Storage

7

Machine Processing

8

Operating Systems

WebLearn

Test 2

9

Processes

Assignment 2

10

Internet

11

Internet Security

 

WebLearn

Test 3

12

Future of IT

Assignment 3, Peer and Self Assessment

Slide3

Lecture 21: Internet Security

Intro to IT

Overview

Questions?ExamAssignment 3Peer and Self AssessmentInternet SecurityQuestions?

Slide4

Lecture 21: Internet Security

Intro to IT

Assignment 3

ReflectAnswer reflection questions from tutorialsSee last lecture for ideasResearchWrite about a particular IT topic of your choice (5-6 paragraphs)electronic voting, information security, 3D user interfaces, digital music, digital video, electronic commerce, natural language processing, DNA computing, quantum computing, cryptography, malware detection and removal, Moore's Law, green computing, …

Slide5

Lecture 21: Internet Security

Intro to IT

Exam

2010 exam is available now2010 exam answers will be available on May 29th2011 exam will be available on June 5th2011 exam answers will be available on June 12th2012 exam available on June 19th 

Slide6

Lecture 21: Internet Security

SE Fundamentals

Self and Peer Assessment

How well has each person contributed to the group?Evaluated over the entire semesterAssessed on process, not productWork out a grade for each person (CR, DI etc)Then convert this to a mark out of 20Submit list of marks to tutor with justificationsRepeat previous step until the tutor is satisfiedSee guidelines in Blackboard material

Slide7

Lecture 21: Internet Security

Intro to IT

Assignment 3

Review(re-) answer What is IT? questions from Tutorial 1Identify difficult parts of the courseSuggest new questionsInclude favourites from Assignments 1 and 2ReflectAnswer reflection questions from tutorialsResearchWrite about a particular IT topic of your choice (5-6 paragraphs)

Slide8

Lecture 22: Internet Security

Intro to IT

Internet Security

pass

word

patch

spam

fire

wall

virus

war

driving

key

logger

proxy

worm

phishing

Trojan horse

Slide9

Security vs access

It is always a trade-off (a balance between two competing forces) More security means less access More access means less security Redundancy can be either fatal or vital Nothing is perfect!

Lecture 22: Internet Security

Intro to IT

Slide10

Freedom vs security

`Everything which is not forbidden is allowed’ -- Principle of English Law`Everything which is not allowed is forbidden’ -- Common security principle`Anything not mandatory is forbidden’ -- “military policy”`Anything not forbidden is compulsory’ (??) — T.H. White (The Once and Future King)

Lecture 22: Internet Security

Intro to IT

Slide11

Lecture 22: Internet Security

Intro to IT

Passwords

Should be: Long (8 characters or more) Not obvious or from a dictionary Contain capitals, numerals and non-alphanumeric characters (!&^*$@.,’[]{}? …) Recorded securely somewhere Transmitted in encrypted form onlyOlder programs such as FTP, Telnet transmit this in plaintext …

Slide12

Lecture 22: Internet Security

Intro to IT

Firewalls

Device which limits internet connections Limit network uses to only approved ones Prevent malicious software reporting information Prevent outside attacks May need to have ports opened to allow applications to workOnly work on applications, not on content

Slide13

Lecture 22: Internet Security

Intro to IT

Proxy servers

All internet traffic routed via proxy serverActs as an internet gatewayOnce proxy is secure, so is networkCan filter contentCan cache contentOften used with a firewall in a corporate environment

Slide14

Lecture 22: Internet Security

Intro to IT

Wardriving

Driving around to find a vulnerable wireless signal Find a wireless connection that doesn’t require a password (so add one to yours if you haven’t!) Attack systems that use a default admin login name and password (change yours!) Snoop on transmissions which are not encrypted (encrypt yours!)Using a MAC address whitelist means only specified devices can connect to your router

Slide15

Lecture 22: Internet Security

Intro to IT

Viruses,Worms,Trojans

Virus: self-replicating program that attaches itself to files and is spread when they are transferredWorm: self-replicating program that pro-actively spreads itselfTrojan horse: a program that appears legitimate but is in fact malicious

Slide16

Lecture 22: Internet Security

Intro to IT

Malware and Spyware

Malicious software: Hidden mail server Key logging (to capture passwords) Enable machine takeover Direct traffic to particular web sites Analyse behaviour Act as a proxy…

Slide17

Lecture 22: Internet Security

Intro to IT

Denial of service

Prevent network from working normally

Flood a server with ‘invalid’ inputs

Use a network of compromised machines to generate an overwhelming number of requests (

Conficker

?)

Such

zombie machines

can form a botnet, which then attack a particular server

Slide18

Lecture 22: Internet Security

Intro to IT

Tricking the user

Users are often the weakest link in securityEmail attachments containing trojan horses‘Phishing’Malicious web pagesMalicious documents (macros in spreadsheets)Account stealing (via key logging)Scams (‘I have $10 million to import’, ‘You have just won the lottery’, …)

Slide19

Lecture 22: Internet Security

Intro to IT

Protecting your system

Keep up to date with patches (Windows update, Software update)Use a firewallUse anti-virus software and keep it up to dateUse anti-spyware toolsFilter email for spam and suspicious messagesBe aware of ‘fake alerts’

Slide20

Lecture 22: Internet Security

Intro to IT

Stuxnet?

Windows-based wormDiscovered in July, 2010Designed to attack a very specific industrial plantAssumes plant operator would use a Windows laptop to reprogram plant machineryNot clear who was behind it …Look at the video

Slide21

Lecture 22: Internet Security

Intro to IT

Stuxnet?

Designed for Siemens equipmentSiemens have said none of their customers were effected! Iran has ‘embargoed’ Siemens equipment … “The attackers took great care to make sure that only their designated targets were hit...It was a marksman’s job.""we're glad they [the Iranians] are having trouble with their centrifuge machine and that we – the US and its allies – are doing everything we can to make sure that we complicate matters for them"

Slide22

Lecture 22: Internet Security

Intro to IT

Privacy and encryption

Cryptography has been a major political headache for governmentsPublic-key cryptography makes Amazon possible …Terrorist groups can use the same technology to keep things private…Should governments be able to keep encryption keys?See PGP and Phil Zimmermann…

Slide23

Lecture 21: Internet Security

Intro to IT

Conclusion

Work on Assignment 3Check your software defenses!