Intro to IT. . COSC1078 Introduction to Information Technology. . Lecture 22. Internet Security. James Harland. james.harland@rmit.edu.au. Lecture 20: Internet. Intro to IT. . Introduction to IT. ID: 129593 Download Presentation
Intro to IT. . COSC1078 Introduction to Information Technology. . Lecture 22. Internet Security. James Harland. james.harland@rmit.edu.au. Lecture 20: Internet. Intro to IT. . Introduction to IT.
Download Presentation - The PPT/PDF document "Lecture 22: Internet Security" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Presentation on theme: "Lecture 22: Internet Security"— Presentation transcript:
Slide1
Lecture 22: Internet Security
Intro to IT
COSC1078 Introduction to Information Technology Lecture 22Internet Security
James Harlandjames.harland@rmit.edu.au
Slide2
Lecture 20: Internet
Intro to IT
Introduction to IT
1
Introduction
2
Images
3
Audio
4
Video
WebLearnTest
1
5
Binary Representation
Assignment 1
6
Data Storage
7
Machine Processing
8
Operating Systems
WebLearn
Test 2
9
Processes
Assignment 2
10
Internet
11
Internet Security
WebLearn
Test 3
12
Future of IT
Assignment 3, Peer and Self Assessment
Slide3
Lecture 21: Internet Security
Intro to IT
Overview
Questions?ExamAssignment 3Peer and Self AssessmentInternet SecurityQuestions?
Slide4
Lecture 21: Internet Security
Intro to IT
Assignment 3
ReflectAnswer reflection questions from tutorialsSee last lecture for ideasResearchWrite about a particular IT topic of your choice (5-6 paragraphs)electronic voting, information security, 3D user interfaces, digital music, digital video, electronic commerce, natural language processing, DNA computing, quantum computing, cryptography, malware detection and removal, Moore's Law, green computing, …
Slide5
Lecture 21: Internet Security
Intro to IT
Exam
2010 exam is available now2010 exam answers will be available on May 29th2011 exam will be available on June 5th2011 exam answers will be available on June 12th2012 exam available on June 19th
Slide6
Lecture 21: Internet Security
SE Fundamentals
Self and Peer Assessment
How well has each person contributed to the group?Evaluated over the entire semesterAssessed on process, not productWork out a grade for each person (CR, DI etc)Then convert this to a mark out of 20Submit list of marks to tutor with justificationsRepeat previous step until the tutor is satisfiedSee guidelines in Blackboard material
Slide7
Lecture 21: Internet Security
Intro to IT
Assignment 3
Review(re-) answer What is IT? questions from Tutorial 1Identify difficult parts of the courseSuggest new questionsInclude favourites from Assignments 1 and 2ReflectAnswer reflection questions from tutorialsResearchWrite about a particular IT topic of your choice (5-6 paragraphs)
Slide8
Lecture 22: Internet Security
Intro to IT
Internet Security
pass
word
patch
spam
fire
wall
virus
war
driving
key
logger
proxy
worm
phishing
Trojan horse
Slide9
Security vs access
It is always a trade-off (a balance between two competing forces) More security means less access More access means less security Redundancy can be either fatal or vital Nothing is perfect!
Lecture 22: Internet Security
Intro to IT
Slide10
Freedom vs security
`Everything which is not forbidden is allowed’ -- Principle of English Law`Everything which is not allowed is forbidden’ -- Common security principle`Anything not mandatory is forbidden’ -- “military policy”`Anything not forbidden is compulsory’ (??) — T.H. White (The Once and Future King)
Lecture 22: Internet Security
Intro to IT
Slide11
Lecture 22: Internet Security
Intro to IT
Passwords
Should be: Long (8 characters or more) Not obvious or from a dictionary Contain capitals, numerals and non-alphanumeric characters (!&^*$@.,’[]{}? …) Recorded securely somewhere Transmitted in encrypted form onlyOlder programs such as FTP, Telnet transmit this in plaintext …
Slide12
Lecture 22: Internet Security
Intro to IT
Firewalls
Device which limits internet connections Limit network uses to only approved ones Prevent malicious software reporting information Prevent outside attacks May need to have ports opened to allow applications to workOnly work on applications, not on content
Slide13
Lecture 22: Internet Security
Intro to IT
Proxy servers
All internet traffic routed via proxy serverActs as an internet gatewayOnce proxy is secure, so is networkCan filter contentCan cache contentOften used with a firewall in a corporate environment
Slide14
Lecture 22: Internet Security
Intro to IT
Wardriving
Driving around to find a vulnerable wireless signal Find a wireless connection that doesn’t require a password (so add one to yours if you haven’t!) Attack systems that use a default admin login name and password (change yours!) Snoop on transmissions which are not encrypted (encrypt yours!)Using a MAC address whitelist means only specified devices can connect to your router
Slide15
Lecture 22: Internet Security
Intro to IT
Viruses,Worms,Trojans
Virus: self-replicating program that attaches itself to files and is spread when they are transferredWorm: self-replicating program that pro-actively spreads itselfTrojan horse: a program that appears legitimate but is in fact malicious
Slide16
Lecture 22: Internet Security
Intro to IT
Malware and Spyware
Malicious software: Hidden mail server Key logging (to capture passwords) Enable machine takeover Direct traffic to particular web sites Analyse behaviour Act as a proxy…
Slide17
Lecture 22: Internet Security
Intro to IT
Denial of service
Prevent network from working normally
Flood a server with ‘invalid’ inputs
Use a network of compromised machines to generate an overwhelming number of requests (
Conficker
?)
Such
zombie machines
can form a botnet, which then attack a particular server
Slide18
Lecture 22: Internet Security
Intro to IT
Tricking the user
Users are often the weakest link in securityEmail attachments containing trojan horses‘Phishing’Malicious web pagesMalicious documents (macros in spreadsheets)Account stealing (via key logging)Scams (‘I have $10 million to import’, ‘You have just won the lottery’, …)
Slide19
Lecture 22: Internet Security
Intro to IT
Protecting your system
Keep up to date with patches (Windows update, Software update)Use a firewallUse anti-virus software and keep it up to dateUse anti-spyware toolsFilter email for spam and suspicious messagesBe aware of ‘fake alerts’
Slide20
Lecture 22: Internet Security
Intro to IT
Stuxnet?
Windows-based wormDiscovered in July, 2010Designed to attack a very specific industrial plantAssumes plant operator would use a Windows laptop to reprogram plant machineryNot clear who was behind it …Look at the video
Slide21
Lecture 22: Internet Security
Intro to IT
Stuxnet?
Designed for Siemens equipmentSiemens have said none of their customers were effected! Iran has ‘embargoed’ Siemens equipment … “The attackers took great care to make sure that only their designated targets were hit...It was a marksman’s job.""we're glad they [the Iranians] are having trouble with their centrifuge machine and that we – the US and its allies – are doing everything we can to make sure that we complicate matters for them"
Slide22
Lecture 22: Internet Security
Intro to IT
Privacy and encryption
Cryptography has been a major political headache for governmentsPublic-key cryptography makes Amazon possible …Terrorist groups can use the same technology to keep things private…Should governments be able to keep encryption keys?See PGP and Phil Zimmermann…
