*InternetSecurityPresented by:

*Contents :Social Network SitesVirus, MalwarePhishingCyber CrimeProtection Measures PasswordCyber Laws-IT ActInternet SecurityFirewalls

*Outlines1 Network Layer Security

Internet SecurityServices Provided by IPSec 3 Virtual Private Network (VPN)

* NETWORK LAYER SECURITYNetwork layer knows the address of the neighboring nodes in the network, packages output with the correct network address information, selects routes and quality of service, and recognizes and forwards to the Transport layer incoming messages for local host domains. IP Security (IPSec) is a collection of protocols designed by the Internet Engineering Task Force (IETF) to provide security for a packet at the network level. IPSec helps create authenticated and confidential packets for the IP layer.

*IPSec in transport mode does not protect the IP header;it only protects the information coming from the transport layer.IP Security

What is VPN?Virtual Private Network is a type of private network that uses public telecommunication, such as the Internet, instead of leased lines to communicate. Became popular as more employees worked in remote locations. Terminologies to understand how VPNs work.

6

*Figure 4 Virtual private network

Social Networking Sites Facebook*TwitterGoogle+OrkutLinked In

What is Social Networks ?

A social network is a description of the social structure between actors, mostly individuals or organizations. It indicates the ways in which they are connected through various social familiarities ranging from casual acquaintance to close familiar bonds. 9

TCP/IP Protocol Suite

Technology Various technologies that help in creating Social Networks are:EmailBlogsSocial Networking Software like Orkut, LinkedIn etc.10

Types of ProtectionSecurityPrevention of malicious action to systems, infoSafetyPrevention from physical or mental harm PrivacyPrevention of exposing sensitive or private info11

Default Privacy ModesMostly openThe default sharing mode is publicYou must choose to keep content privateMostly closedThe default sharing mode is privateYou must choose to share content

12

Passwords and Password ToolsWeak/short passwords can be discoveredBrute password breaking is cheaper todayStrong passwords are needed, everywhereYou have too many passwords to remember!Use a password tool to manage passwords1Password, LastPass, PasswordSafe, RoboFormBrowser integration, mobile platformsUse one-time password systemsPassword should be alpha-numeric13

System SecurityStay up to date with softwareEspecially Flash Player, Java, web browsersUpgrade your OS!XP is now 11 years old; support ended in 2009Remove internet software you do not useInstall anti-malware softwareIf its a Purdue system, this is software is free!Make sure its updatingYour regular account should not be an admin14

* FIREWALLSAll previous security measures cannot prevent Eve from sending a harmful message to a system. To control access to a system we need firewalls. A firewall is a device (usually a router or a computer) installed between the internal network of an organization and the rest of the Internet. It is designed to forward some packets and filter (not forward) others.

*Figure 9 Firewall

General misconception among peopleMalware = malicious softwareMalware is any kind of unwanted software that is installed without your consent on your computer.Viruses, worms, Trojan horses, bombs, spyware, adware are subgroups of malware.Malware17

A virus tries to infect a carrier, which in turn relies on the carrier to spread the virus around.A computer virus is a program that can replicate itself and spread from one computer to another.Viruses18

Direct infection: virus can infect files every time a user opens that specific infected program, document or file.Fast Infection: is when a virus infects any file that is accessed by the program that is infected.Slow infection: is when the virus infects any new or modified program, file or document.Great way to trick a antivirus program!Viruses cont.19

Sparse Infection: is the process of randomly infecting files, etc. on the computer.RAM-resident infection: is when the infection buries itself in your computers random access memory. Video: Hippi Virus + Cascade VirusViruses cont.20

Cyber Crime* Cybercrime is any illegal act committed using a computer network (especially the Internet).

* Cybercrime is a subset of computer crime*

*Who are the cybercriminals?Its not just about hackersUsing the Net as a tool of the crimeWhite collar crimeComputer con artistsHackers, crackers and network attackersIncidental cybercriminalsAccidental cybercriminalsSituational cybercriminals

*Who are the cybervictims?CompaniesSecurity? Whats that?Bottom linersIndividualsNaive/NewbiesIn the wrong place at the wrong timeSociety

*Who are the cyberinvestigators?IT professionalsCorporate security personnelPrivate investigatorsLaw enforcementUltimate destination

This is where the authority lies

*Trends in Cyber AttacksThe current threat environment is characterized by compound attacks simultaneously from different locationsConvergence of malware authors, phishers, spammers and Bot-herdersSpamthru Trojan use botnets for spamming and DDoSStrom worm spread through spam to increase botnet and launch DDoSRock Phish phishing sites of multiple brands hosted on single serverFast Flux DNS based hosting of Phishing sites

*Summing it upCybercrime is a major problem and growingCybercrime is about much more than hackersThere is a natural adversarial relationship between IT and policeSuccessful prosecution of cybercrime must be a team effortIT personnel must learn investigation and police must learn technology

Phishing Phishing is a type of deception designed to steal your valuable personal data, such as credit card numbers, passwords, account data, or other information. Con artists might send millions of fraudulent e-mail messages that appear to come from Web sites you trust, like your bank or credit card

company, and request that you provide personal information.27

Phreaking + Fishing = PhishingPhreaking = making phone calls for free back in 70s

-Fishing = Use bait to lure the target

Phishing in 1995Target: AOL usersPurpose: getting account passwords for free timeThreat level: lowTechniques: Similar names ( www.ao1.com for www.aol.com ), social engineeringHistory of Phishing28

*History of Phishing Cont.Phishing in 2001Target: Ebayers and major banksPurpose: getting credit card numbers, accountsThreat level: mediumTechniques: Same in 1995, keylogger

Phishing in 2007Target: Paypal, banks, ebayPurpose: bank accountsThreat level: highTechniques: browser vulnerabilities, link obfuscation

*Cyber Laws-IT Act* LAWS RELATING TO COMPUTER, INTERNET AND E-COMMERCE.

* GROWTH OF CYBER SPACE

* ONSET OF INTERNET

* IT-ACT PASSED IN 2000

IT ACT PROVISIONSemail would now be a valid and legal form of communication in our country that can be duly produced and approved in a court of law. Companies shall now be able to carry out electronic commerce using the legal infrastructure provided by the Act.

Digital signatures have been given legal validity and sanction in the Act. 31

IT ACT PROVISIONS Cont.The Act now allows Government to issue notification on the web thus heralding e-governance

statutory remedy in case if anyone breaks into companies computer systems or network and causes damages or copies data 32

OFFENCES AND LAWS IN CYBER SPACETAMPERING WITH COMPUTER DOCUMENTSHACKING WITH COMPUTER SYSTEMPUBLISHING OBSCENE MATERIAL ON INTERNETBREACHING OF CONFIDENTIALITY AND PRIVACY 33

TCP/IP Protocol Suite

CYBER LAWS AMENDMENTS INDIAN PENAL CODE,1860

INDIAN EVIDENCE ACT,1872

BANKERS BOOK EVIDENCE ACT,1891

GENERAL CLAUSES ACT,189734

CONCLUSIONCYBER LAWS_ ESSENTIAL FEATURE IN TODAYS WORLD OF INTERNET

ACHIEVING GLOBAL PEACE AND HARMONY35

Questions36

*

*****Security: CIA*Examples of Mostly OpenFacebookTwitterLinkedinPinterestExamples of mostly closedDropboxChat sessions in most services

******