![Page 1: COSC1078 Introduction to Information Technology Lecture 22 Internet Security](https://reader036.vdocuments.us/reader036/viewer/2022081520/5681685d550346895dde9ba2/html5/thumbnails/1.jpg)
Lecture 22: Internet Security Intro to IT
COSC1078 Introduction to Information Technology
Lecture 22
Internet SecurityJames Harland
![Page 2: COSC1078 Introduction to Information Technology Lecture 22 Internet Security](https://reader036.vdocuments.us/reader036/viewer/2022081520/5681685d550346895dde9ba2/html5/thumbnails/2.jpg)
Lecture 20: Internet Intro to IT
Introduction to IT1 Introduction 2 Images3 Audio4 Video WebLearnTest 1 5 Binary Representation Assignment 16 Data Storage7 Machine Processing8 Operating Systems WebLearn Test 29 Processes Assignment 210 Internet11 Internet Security WebLearn Test 312 Future of IT Assignment 3, Peer and Self Assessment
![Page 3: COSC1078 Introduction to Information Technology Lecture 22 Internet Security](https://reader036.vdocuments.us/reader036/viewer/2022081520/5681685d550346895dde9ba2/html5/thumbnails/3.jpg)
Lecture 21: Internet Security Intro to IT
Overview Questions?
Exam
Assignment 3
Peer and Self Assessment
Internet Security
Questions?
![Page 4: COSC1078 Introduction to Information Technology Lecture 22 Internet Security](https://reader036.vdocuments.us/reader036/viewer/2022081520/5681685d550346895dde9ba2/html5/thumbnails/4.jpg)
Lecture 21: Internet Security Intro to IT
Assignment 3 Reflect
Answer reflection questions from tutorialsSee last lecture for ideas
ResearchWrite about a particular IT topic of your choice (5-6 paragraphs)electronic voting, information security, 3D user interfaces, digital music, digital video, electronic commerce, natural language processing, DNA computing, quantum computing, cryptography, malware detection and removal, Moore's Law, green computing, …
![Page 5: COSC1078 Introduction to Information Technology Lecture 22 Internet Security](https://reader036.vdocuments.us/reader036/viewer/2022081520/5681685d550346895dde9ba2/html5/thumbnails/5.jpg)
Lecture 21: Internet Security Intro to IT
Exam 2010 exam is available now
2010 exam answers will be available on May 29th
2011 exam will be available on June 5th
2011 exam answers will be available on June 12th
2012 exam available on June 19th
![Page 6: COSC1078 Introduction to Information Technology Lecture 22 Internet Security](https://reader036.vdocuments.us/reader036/viewer/2022081520/5681685d550346895dde9ba2/html5/thumbnails/6.jpg)
Lecture 21: Internet Security SE Fundamentals
Self and Peer Assessment How well has each person contributed to the
group? Evaluated over the entire semester Assessed on process, not product Work out a grade for each person (CR, DI etc) Then convert this to a mark out of 20 Submit list of marks to tutor with justifications Repeat previous step until the tutor is satisfied See guidelines in Blackboard material
![Page 7: COSC1078 Introduction to Information Technology Lecture 22 Internet Security](https://reader036.vdocuments.us/reader036/viewer/2022081520/5681685d550346895dde9ba2/html5/thumbnails/7.jpg)
Lecture 21: Internet Security Intro to IT
Assignment 3Review
(re-) answer What is IT? questions from Tutorial 1Identify difficult parts of the courseSuggest new questionsInclude favourites from Assignments 1 and 2
ReflectAnswer reflection questions from tutorials
ResearchWrite about a particular IT topic of your choice (5-6 paragraphs)
![Page 8: COSC1078 Introduction to Information Technology Lecture 22 Internet Security](https://reader036.vdocuments.us/reader036/viewer/2022081520/5681685d550346895dde9ba2/html5/thumbnails/8.jpg)
Lecture 22: Internet Security Intro to IT
Internet Security
pass word patch spam
fire wall
virus war drivingkey logge
r
proxy worm
phishing
Trojan horse
![Page 9: COSC1078 Introduction to Information Technology Lecture 22 Internet Security](https://reader036.vdocuments.us/reader036/viewer/2022081520/5681685d550346895dde9ba2/html5/thumbnails/9.jpg)
Security vs access It is always a trade-off (a balance between two
competing forces) More security means less access More access means less security Redundancy can be either fatal or vital Nothing is perfect!
Lecture 22: Internet Security Intro to IT
![Page 10: COSC1078 Introduction to Information Technology Lecture 22 Internet Security](https://reader036.vdocuments.us/reader036/viewer/2022081520/5681685d550346895dde9ba2/html5/thumbnails/10.jpg)
Freedom vs security `Everything which is not forbidden is allowed’ -- Principle of English Law `Everything which is not allowed is forbidden’ -- Common security principle
`Anything not mandatory is forbidden’ -- “military policy” `Anything not forbidden is compulsory’ (??) — T.H. White (The Once and Future King)
Lecture 22: Internet Security Intro to IT
![Page 11: COSC1078 Introduction to Information Technology Lecture 22 Internet Security](https://reader036.vdocuments.us/reader036/viewer/2022081520/5681685d550346895dde9ba2/html5/thumbnails/11.jpg)
Lecture 22: Internet Security Intro to IT
Passwords Should be: Long (8 characters or more) Not obvious or from a dictionary Contain capitals, numerals and non-
alphanumeric characters (!&^*$@.,’[]{}? …)
Recorded securely somewhere Transmitted in encrypted form only Older programs such as FTP, Telnet
transmit this in plaintext …
![Page 12: COSC1078 Introduction to Information Technology Lecture 22 Internet Security](https://reader036.vdocuments.us/reader036/viewer/2022081520/5681685d550346895dde9ba2/html5/thumbnails/12.jpg)
Lecture 22: Internet Security Intro to IT
Firewalls Device which limits internet connections Limit network uses to only approved ones Prevent malicious software reporting
information Prevent outside attacks May need to have ports opened to allow
applications to work Only work on applications, not on content
![Page 13: COSC1078 Introduction to Information Technology Lecture 22 Internet Security](https://reader036.vdocuments.us/reader036/viewer/2022081520/5681685d550346895dde9ba2/html5/thumbnails/13.jpg)
Lecture 22: Internet Security Intro to IT
Proxy servers All internet traffic routed via proxy server Acts as an internet gateway Once proxy is secure, so is network Can filter content Can cache content Often used with a firewall in a corporate
environment
![Page 14: COSC1078 Introduction to Information Technology Lecture 22 Internet Security](https://reader036.vdocuments.us/reader036/viewer/2022081520/5681685d550346895dde9ba2/html5/thumbnails/14.jpg)
Lecture 22: Internet Security Intro to IT
Wardriving Driving around to find a vulnerable wireless signal Find a wireless connection that doesn’t
require a password (so add one to yours if you haven’t!)
Attack systems that use a default admin login name and password (change yours!)
Snoop on transmissions which are not encrypted (encrypt yours!)
Using a MAC address whitelist means only specified devices can connect to your router
![Page 15: COSC1078 Introduction to Information Technology Lecture 22 Internet Security](https://reader036.vdocuments.us/reader036/viewer/2022081520/5681685d550346895dde9ba2/html5/thumbnails/15.jpg)
Lecture 22: Internet Security Intro to IT
Viruses,Worms,Trojans
Virus: self-replicating program that attaches itself to files and is spread when they are transferred
Worm: self-replicating program that pro-actively spreads itself
Trojan horse: a program that appears legitimate but is in fact malicious
![Page 16: COSC1078 Introduction to Information Technology Lecture 22 Internet Security](https://reader036.vdocuments.us/reader036/viewer/2022081520/5681685d550346895dde9ba2/html5/thumbnails/16.jpg)
Lecture 22: Internet Security Intro to IT
Malware and Spyware Malicious software: Hidden mail server Key logging (to capture passwords) Enable machine takeover Direct traffic to particular web sites Analyse behaviour Act as a proxy …
![Page 17: COSC1078 Introduction to Information Technology Lecture 22 Internet Security](https://reader036.vdocuments.us/reader036/viewer/2022081520/5681685d550346895dde9ba2/html5/thumbnails/17.jpg)
Lecture 22: Internet Security Intro to IT
Denial of service Prevent network from working normally Flood a server with ‘invalid’ inputs Use a network of compromised machines
to generate an overwhelming number of requests (Conficker?)
Such zombie machines can form a botnet, which then attack a particular server
![Page 18: COSC1078 Introduction to Information Technology Lecture 22 Internet Security](https://reader036.vdocuments.us/reader036/viewer/2022081520/5681685d550346895dde9ba2/html5/thumbnails/18.jpg)
Lecture 22: Internet Security Intro to IT
Tricking the user Users are often the weakest link in security Email attachments containing trojan horses ‘Phishing’ Malicious web pages Malicious documents (macros in
spreadsheets) Account stealing (via key logging) Scams (‘I have $10 million to import’, ‘You
have just won the lottery’, …)
![Page 19: COSC1078 Introduction to Information Technology Lecture 22 Internet Security](https://reader036.vdocuments.us/reader036/viewer/2022081520/5681685d550346895dde9ba2/html5/thumbnails/19.jpg)
Lecture 22: Internet Security Intro to IT
Protecting your system
Keep up to date with patches (Windows update, Software update)
Use a firewall Use anti-virus software and keep it up to
date Use anti-spyware tools Filter email for spam and suspicious
messages Be aware of ‘fake alerts’
![Page 20: COSC1078 Introduction to Information Technology Lecture 22 Internet Security](https://reader036.vdocuments.us/reader036/viewer/2022081520/5681685d550346895dde9ba2/html5/thumbnails/20.jpg)
Lecture 22: Internet Security Intro to IT
Stuxnet? Windows-based worm Discovered in July, 2010 Designed to attack a very specific
industrial plant Assumes plant operator would use a
Windows laptop to reprogram plant machinery
Not clear who was behind it … Look at the video
![Page 21: COSC1078 Introduction to Information Technology Lecture 22 Internet Security](https://reader036.vdocuments.us/reader036/viewer/2022081520/5681685d550346895dde9ba2/html5/thumbnails/21.jpg)
Lecture 22: Internet Security Intro to IT
Stuxnet? Designed for Siemens equipment Siemens have said none of their customers
were effected! Iran has ‘embargoed’ Siemens equipment
… “The attackers took great care to make sure that only their
designated targets were hit...It was a marksman’s job." "we're glad they [the Iranians] are having trouble with their
centrifuge machine and that we – the US and its allies – are doing everything we can to make sure that we complicate matters for them"
![Page 22: COSC1078 Introduction to Information Technology Lecture 22 Internet Security](https://reader036.vdocuments.us/reader036/viewer/2022081520/5681685d550346895dde9ba2/html5/thumbnails/22.jpg)
Lecture 22: Internet Security Intro to IT
Privacy and encryption Cryptography has been a major political
headache for governments Public-key cryptography makes Amazon
possible … Terrorist groups can use the same
technology to keep things private… Should governments be able to keep
encryption keys? See PGP and Phil Zimmermann…
![Page 23: COSC1078 Introduction to Information Technology Lecture 22 Internet Security](https://reader036.vdocuments.us/reader036/viewer/2022081520/5681685d550346895dde9ba2/html5/thumbnails/23.jpg)
Lecture 21: Internet Security Intro to IT
Conclusion
Work on Assignment 3
Check your software defenses!