1

9

ADVANCED WEB TOPICSBrowser Extensions and

Internet Security

New Perspectives onTHE INTERNET

2

9

Objectives

• Learn how to enhance your Web browser capabilities with browser extensions

• Discover where to locate popular browser extensions for Microsoft Internet Explorer

• Visit a Web site where you can test a plug-in

3

9

Objectives

• Investigate Internet security and learn about secrecy, integrity, necessity, and privacy

• Identify several ways to defend against security risks

• Learn about copyright and intellectual property rights on the Internet

4

9

Browser Extensions

• Allow a Web browser to perform tasks it was not originally designed to perform.

• Plug-ins – programs that a browser starts to display or play a specific file.

• Helper applications or helper apps – “help” a browser to display or play a file.

5

9What Are Plug-Ins

and Helper Applications?

• Plug-ins differ slightly from helper applications in the way they run.

• Helper applications are independent programs that are stored on your computer and are activated automatically when needed.

• Plug-ins do their work inside the browser and do not activate standalone programs.

6

9What Are Plug-Ins

and Helper Applications?

7

9What Are Plug-Ins

and Helper Applications?

8

9What Are Plug-Insand Helper Applications?

Figure 9-3

9

9

Browser Extension Categories

• Document and productivity• Image viewer• Multimedia• Sound player• Video player• VRML and 3-D

10

9Document and

Productivity Browser Extensions

• Let you use a browser to read documents.

• Files saved in PDF format require Adobe Acrobat Reader.

• Microsoft Office lets the browser start Word, Excel and other Office files.

11

9

Image Viewer Browser Extensions

• Image viewer displays graphics.

• Display different picture file formats. More than one graphic viewer will be needed to view the different kinds of pictures on the Web.

• AutoDesk displays line drawings in the proprietary Drawing Web format.

• Real estate agents use iPix.

12

9

Multimedia Browser Extensions

• Largest category of browser extensions.

• Shockwave provides animated interfaces, interactive advertisements and product demonstrations, multi-user games, and streaming CD-quality audio.

• Flash displays high-impact user interfaces, interactive online advertising, and animation. Automatically installed with Internet Explorer and Navigator.

13

9

Multimedia Browser Extensions

Figure 9-4

14

9

Sound Player Browser Extensions

• Let your Web browser play sounds.

• Beatnik and Crescendo deliver high-quality interactive music and sound on the Web.

• RealPlayer delivers MIDI music in very small file sizes. RealPlayer plays streaming audio and video and uses buffered play.

15

9

Video Player Browser Extensions

• Deliver movies to Web browsers.

• QuickTime technology plays video, sound, and music. QuickTime movie format is computer-platform neutral.

• QuickTime’s format was adopted by the ISO as the starting point for developing an improved and unified digital media storage format.

16

9

Video Player Browser Extensions

17

9

VRML and 3-D Browser Extensions

• Virtual Reality Modeling Language is a programming language that creates three-dimensional environments that can mimic known worlds or define fictional ones.

• Cosmo Player is a VRML player that lets you experience three-dimensional Web worlds without having special three-dimensional graphics acceleration hardware installed.

18

9

VRML and 3-D Browser Extensions

19

9

Finding Browser Extensions

20

9

Finding Browser Extensions

21

9

Finding Browser Extensions

22

9

Finding Browser Extensions

23

9Installing and Testing Browser Extensions

24

9

Security Overview

• Protection of assets from unauthorized access, use, alteration, or destruction.

• Physical Security – tangible protection devices

• Logical Security – uses non-physical protections

• Countermeasure – procedure that recognizes, reduces, or eliminates a threat

25

9

Security Overview

Figure 9-13

26

9

Security Overview

• Secrecy prevents unauthorized data disclosure and ensures the authenticity of the data’s source.

• Integrity prevents unauthorized data modification

• Necessity prevents data delays or denials.

27

9

Security Overview• Copyright is the protection of expression.

28

9Security Overview

29

9

Security Threats

• Integrity Threat – also know as active wiretapping

• Delay and Denial Threats – disrupts normal computer processing or deny processing entirely

• Intellectual Property Threats – use material without the owner’s permission

30

9

Security Threats

• Threat Delivery Mechanisms –

– A hacker uses Trojan horses, viruses, and worms to attack computers.

• Computer Emergency Response Team has teams around the world to recognize and respond to computer attacks.

31

9Security Threats

32

9

Security Countermeasures The security countermeasures necessary for

Internet transactions should ensure that the transaction or message being sent:

– Cannot be read by anyone except the intended recipient.

– Is tamperproof, ensuring that no one was able to modify its contents or delete it entirely.

– Is authored by the person who claims to be the sender.

33

9

Security Countermeasures

A digital certificate contains:

• The certificate holder’s name, address, and e-mail address

• A special key that “unlocks” the digital certificate, thereby verifying the certificate’s authenticity

• The certificate's expiration date or validity period• A trusted third party, called a certificate authority,

which verifies the person’s identity and issues the digital certificate

34

9Security Countermeasures

Figure 9-17

35

9

Security Countermeasures

36

9

Secrecy and Privacy

• Encryption – process of coding information using a mathematical-based program and a secret key to produce a string of characters that is unreadable

• Decryption – the reverse of encryption

• Two-types of encryption used today:– Symmetric (private-key) encryption– Asymmetric (public-key) encryption

37

9

Secrecy and Privacy

Figure 9-19

38

9

Secrecy and Privacy

Figure 9-20

39

9

Protecting Web Commerce Transactions

• Sockets Layer (SSL) – widely used, nonproprietary protocol that travels as a separate layer on top of the TCP/IP protocol

• SSL uses both symmetric and asymmetric encryption and keys to ensure privacy.

• Session keys exist only during a single, active session between the browser and server.

40

9

Protecting Web Commerce Transactions

Internet Explorer’s Secure State Indicator

Navigator’s Secure State Indicator

41

9

Protecting Web Commerce Transactions

42

9

Protecting Web Commerce Transactions

Figure 9-24

43

9

Integrity• A message digest function program is used to

maintain the integrity of an e-mail message.

• This program produces a number called a message authentication code or MAC.

– It must be impossible or costly to reverse the MAC and produce the original message.

– The MAC should be random to prevent creating the original message form the MAC.

– The MAC must be unique to the message so there is an extremely small chance that two messages could ever produce the same MAC.

44

9

Integrity

Figure 9-25

45

9

Necessity

• A necessity attack can slow down processing, completely remove an item, or deny its use.

• Programs that travel with applications to your browser can execute on your PC can be dangerous. May have the following components:– Java– JavaScript– ActiveX

46

9

Necessity

47

9

Security Countermeasures• Whenever possible, avoid completing Web page

registration forms.

• Omit your resume and other personal information from your Web page.

• Set your Web browser to limit or disable cookies.

• Purchase and use a virus detection program.

• Download software and files from known and trustworthy sources.