|
1
|
- Internet Security and Browser Extensions
|
|
2
|
- Investigate the different kinds of computer threats.
- Identify countermeasures for protecting yourself and your computer while
using the Internet.
- Learn how to protect copyrighted materials that are published on the
Internet.
|
|
3
|
- Learn how to enhance your Web browser with browser extensions.
- Use popular plug-ins to view animated Web site content.
- Locate and use browser extensions.
|
|
4
|
- Security is broadly defined as the protection of assets from
unauthorized access, use, alteration, or destruction.
- Physical security includes tangible protection devices, such as locks,
alarms, fireproof doors, security fences, safes or vaults, and bombproof
buildings.
- Protection of assets using non-physical means is called logical security.
|
|
5
|
- Logical security may also be broadly called computer security.
- Any act or object that endangers an asset is known as a threat.
- Countermeasure is the general name for a procedure, either physical or
logical, that recognizes, reduces, or eliminates a threat.
- Countermeasures can recognize and manage threats or they can eliminate
them.
|
|
6
|
|
|
7
|
- To implement a good security scheme, you identify the risk, determine
how you will protect the affected asset, and calculate the cost of the
resources you can allocate to protect the asset.
- Computer security can be classified into several categories:
- Secrecy
- Integrity
- Necessity
|
|
8
|
- Secrecy prevents unauthorized data disclosure.
- Integrity prevents unauthorized data modification.
- Necessity prevents data delays (slowing down the transmission of data)
or denials (preventing data from getting to its destinations.
- Internet users and businesses with Web sites need to take appropriate
countermeasures in each of these three categories to protect themselves
and the computers they use to connect to the Internet.
|
|
9
|
- Encryption is the process of coding information using a
mathematical-based program and a secret key to produce a string of
characters that is unreadable.
- The process of reversing encrypted text is called decryption. In order
to decrypt text, you need a key to “unlock” it.
- Encrypted information is called cipher text.
- Unencrypted information is called plain text.
- The process of transforming data from a readable format (plain text) to
an unreadable format (cipher text) is called cryptography.
|
|
10
|
- Private-key encryption (symmetric encryption) uses a single key that is
known by the sender and receiver.
- The key might be a password or a number generated by a special device.
- Private-key encryption works well in a highly controlled environment.
|
|
11
|
|
|
12
|
- Public-key encryption (asymmetric encryption) uses two different keys—a public
key and a private or secret key.
- The public key is known to everyone.
- The private or secret key is known only to the person who owns both
keys.
- With public-key encryption, each person has a private key that is secret
and a public key that is shared with other users.
- Messages encrypted with a private key must be decrypted with the public key,
and vice versa.
|
|
13
|
- Encryption is considered to be weak or strong based on its algorithm and
the number of characters in the encryption key.
- An algorithm is a formula or set of steps to solve a particular problem.
- A cracker is a person who uses his knowledge of computers and
programming to gain unauthorized access to a computer for the purpose of
stealing or altering data.
- Keys that are 128 bits long are called strong keys.
|
|
14
|
- Phishing is an attack involving phony e-mail messages that include links
to spoofed Web sites that “fish” for information.
- Authentication is a general term for the process of correctly verifying
the identify of a person or a Web site.
- The primary countermeasure for authentication is a digital certificate.
- A digital certificate is an encrypted and password-protected file that
contains sufficient information to authenticate and prove a person’s or
organization’s identity.
|
|
15
|
- A digital certificate is an electronic equivalent of an identification
card.
- A certificate authority (CA) is a trusted third party which verifies the
certificate holder’s identity and issues the digital certificate.
- A digital ID (personal certificate) is used to identify a person to
other people and to Web sites that are set up to accept digital
certificates.
- A digital ID is an electronic file that you purchase from a certificate
authority and install into a program that uses it, such as an e-mail
program or a Web browser.
|
|
16
|
- The digital ID authenticates the user and protects data being
transferred online from being altered or stolen.
- A server certificate (SSL Web server certificate) authenticates a Web
site for its users so the user can be confident that the Web site is
genuine and not an imposter.
- A server certificate also ensures that the transfer of data between a
user’s computer and the server with the certificate is encrypted so that
it is both tamperproof and free from being intercepted.
|
|
17
|
|
|
18
|
- User identification is the process of identifying yourself to a
computer.
- Most computer systems implement user identification with user names and
passwords; the combination of a user name and password is sometimes
called a login.
- To help keep track of their login information for different computers
and Web sites, some people use a program called a password manager,
which stores login information in an encrypted form on their computer.
|
|
19
|
- Crackers can run programs that create and enter passwords from a
dictionary or a list of commonly used passwords.
- A brute force attack occurs when a cracker uses a program to enter
character combinations until the system accepts a user name and
password, thereby gaining access to the system.
- User authentication is the process of associating a person and his
identification with a very high level of assurance.
|
|
20
|
- Secure Sockets Layer (SSL) is a widely used protocol that acts as a
separate layer or “secure channel” on top of the TCP/IP Internet
protocol.
- SSL provides a security handshake when a browser and the Web page to
which it is connected want to participate in a secure connection.
- Web pages secured by SSL have URLs that begin with https:// instead of
http://.
|
|
21
|
|
|
22
|
- SSL creates a public-key pair so that it can safely transmit data using
a private key.
- The private key is encrypted using public-key encryption and is sent to
the browser. Using the private
key protects the remainder of the information transfer between the
browser and the Web site.
- When the user leaves the secure Web site, the browser discards these
temporary keys, or session keys.
- Session keys exist only during a single, active session between a
browser and server.
|
|
23
|
- A cookie is a small text file that a Web server creates and stores on
your computer’s hard drive.
- A cookie might store data about the links you click while visiting the
Web site (called a clickstream), information about the products you
purchase, or personal information that you provide to the site.
- Some cookies are removed automatically when you leave a Web site (a session-only
cookie).
|
|
24
|
- Many Web sites use cookies to make their sites easier to navigate.
- A cookie is not a program and it can only store information that you
provide to the Web site that creates it.
- Sometimes you provide the data openly, and at other times, the cookie
might silently record your behavior at a Web site.
- Only the Web site that stored the cookie on your hard drive can read it,
and it cannot read other cookies on your hard drive or any other file on
your computer.
|
|
25
|
- Cookies can represent a security threat for some users, especially those
who access the site from a public computer.
- Internet users can control the storage of cookies on their computer’s
hard drive by changing their browser’s settings.
- The best way to prevent another user from gaining access to information
is to make sure that you do not leave an electronic trail to its path.
- Internet Explorer stores cookies in C:\Windows\Cookies folder.
- Navigator stores cookies in a file named cookies.txt on the user’s hard
drive.
|
|
26
|
|
|
27
|
- A Web bug is a small, hidden graphic on a Web page or in an e-mail
message that is designed to work in conjunction with a cookie to obtain
information about the person viewing the page or e-mail message and to
send the information to a third party.
- When the user loads the Web page that contains this code, the browser
downloads the hidden graphic.
This process can identify your IP address, the Web site you last
visited, and other information about your use of the site in which the
clear GIF file has been embedded and record it in the cookie file.
|
|
28
|
- Adware is a general category of software that includes advertisements to
help pay for the product in which they appear.
- In many freeware and shareware programs, adware provides opportunities
for developers to offer software at little or no cost to the user.
- Adware usually does not cause any security threats because the user is
aware of the ads and the parties responsible for including them are
clearly identified in the programs.
|
|
29
|
- Spyware is a category of adware in which the user has little control
over or knowledge of the ads and other monitoring features it contains.
- Spyware occurs in situations where a developer has sold ads to a third
party or embedded other features in the program.
- A Web bug is an example of spyware because the clear GIF and its actions
are hidden from the user.
|
|
30
|
- One way to protect computers from the potential privacy violations
created by cookies, Web bugs, and spyware is to set Web browsers to
block third-party cookie files.
- There are many good shareware programs that erase spyware from your
computer.
- These programs, sometimes called ad blockers, search for files written
by known spyware.
|
|
31
|
- The computer version of a firewall is a software program or hardware
device that controls access between two networks, such as a local area
network and the Internet or the Internet and a computer.
- A port on a computer is like a door; it permits traffic to leave and
enter a computer. When the port
is closed, traffic can’t leave or enter the computer.
- A port scan occurs when one computer tests all or some of the ports of
another computer to determine whether its ports are open, or closed.
|
|
32
|
|
|
33
|
- Until the recent increase in the number of users with broadband
connections to the Internet, corporations used hardware firewalls almost
exclusively.
- Some firewall software programs are available for free or at a very low
cost so they are become popular with other types of users.
- Some antivirus programs and Internet suites include basic firewall
protection.
|
|
34
|
- An integrity threat occurs when an unauthorized party has the chance to
alter data while it is being transferred over the Internet or while it
is stored on a computer.
- The most visible integrity threats have been from Trojan horses,
viruses, and worms that attack computers and the programs they run.
- A Trojan horse is a small program hidden inside another program that
causes harm when the user accesses or downloads the program in which it
is hidden.
|
|
35
|
- A worm is a variation of a virus, and is a self-replicating program that
is usually hidden within another file and then sent as an e-mail
attachment.
- A worm can replicate itself on a computer or server, but it cannot
infect other files.
- The best defense against a worm is to install an antivirus program,
update your virus patterns regularly, display Windows filename
extensions so you can determine the type of file you have downloaded,
and avoid opening attachments that you are not expecting.
- A firewall can prevent the spread of Internet worms by preventing the
worm from sending information from your computer without your
permission. (so it’s both in
and out)
|
|
36
|
- Necessity occurs when a cracker uses a program to disrupt normal
computer processing or, possibly, to deny processing entirely.
- A packet flooding attack or denial of service (DoS) attack occurs when a
cracker bombards a server or other computer with messages in an attempt
to consume the network’s bandwidth resources.
- Delaying processing can render a service unusable or unattractive.
|
|
37
|
- One of the most dangerous entry points for delay and denial threats come
from coded programs that travel with applications to a browser and
execute on the user’s computer.
- A Java applet, which is a program written in the Java programming
language, could execute and consume a computer’s resources.
- A JavaScript program can pose a problem because its programs can run
without being compiled before running on a computer.
- ActiveX components are Microsoft’s technology for writing small
applications that perform some action in Web pages—these components have
full access to a computer’s file system.
|
|
38
|
- Copyright and safeguarding intellectual property rights are also
security issues.
- Intellectual property threats are a large problem due to the Internet
and the relative ease with which one can use existing material without
the owner’s permission.
- It is very simple to reproduce an exact copy of anything you find on
the Internet.
- Many people are naïve or unaware of copyright restrictions that protect
intellectual property.
|
|
39
|
- A digital watermark is a process that inserts a digital pattern
containing copyright information into a digital image, animation, or
audio or video file.
- Steganography is a process that hides an encrypted message within
different types of files. It can
be used to add copyright information to different types of files.
|
|
40
|
- Browser extensions allow a Web browser to perform tasks it was not
originally designed to perform.
- Plug-in: integrated browser
software that the browser uses to display or play a specific file that
you request.
- Helper applications: programs installed on the user’s computer that the
browser starts and uses to “help” display or play a file.
- Add-ons: include tools that
enhance your browsing experience, such as toolbars or programs that
block pop-up ads from opening.
|
|
41
|
- Helper applications are independent programs that are stored on your
computer and are activated automatically when needed.
- Plug-ins do their work inside the browser. When you install a Web
browser, many popular plug-ins are often installed with it.
|
|
42
|
- Browser extensions are often grouped into categories based on the type
of content they deliver. These categories are:
- Document and productivity
- Image viewer
- Multimedia
- Sound player
- Video player
- Three-dimensional (3-D) graphics
|
|
43
|
- Document and productivity browser extensions let you use a browser to
read documents, such as files saved in PDF format and viewed using Adobe
Acrobat Reader.
- If you have Acrobat Reader, a browser can use it to display and print
files with .pdf extensions.
- If you have installed Microsoft Office, a browser can start Word, Excel,
and other Office programs to display files with extensions, such as .doc
and .xls.
|
|
44
|
- Browser extensions from this category let the browser display graphics,
such as interactive road maps or alternative file formats and viewers
for GIF and JPEG files.
- Image viewer plug-ins also display different picture file formats.
- If a Web site indicates you need a specific image viewer plug-in to view
something on its site, you can usually download it at that time,
directly from that site.
|
|
45
|
- Multimedia contains browser extensions that appeal to most of the
senses.
- The Flash Player lets your Web browser display simple animations, user
interfaces, static graphics, movies, sound, and text.
- The Shockwave Player is a more fully featured browser plug-in that you
must download and install.
|
|
46
|
- Sound player browser extensions
let your Web browser play sounds.
- Real Player is a free plug-in that plays streaming audio and video files
over the Internet.
|
|
47
|
- Video player browser extensions deliver movies to Web browsers over the
Internet.
- QuickTime was one of the first movie players developed. It plays video, sound, music, 3-D, and
virtual reality for both Macintoshes and PCs.
- Other widely used movie players include RealPlayer and Windows Media Player.
- Some of these players download a complete movie before playing it, while
others use streaming technology to play a movie before it has been
completely downloaded.
|
|
48
|
- Virtual Reality Modeling Language or VRML is an Internet programming
language that creates three-dimensional environments that can mimic
known worlds or define fictional ones.
- With VRML you can navigate and interact with a three-dimensional scene.
- VRML sites are used for gaming and product and location tours.
- Extensible 3D (X3D) is the next generation open standard for 3D on the
Web.
|
|
49
|
- A good way to locate browser extensions is to visit a download site such
as Tucows.
- Many download sites group plug-ins by the functions they perform, which
makes it easy to view the available plug-ins for the type of files you
want to use.
|
|
50
|
|
|
51
|
- There are different types of computer security threats and some
countermeasures that you can take to prevent them.
- There are copyright issues related to the information you locate and use
on the Internet.
- There are different categories of browser extensions that you might need
as you use the Web.
- You should use the security information presented in this tutorial to
create a safe environment in which to enjoy the Web’s many resources and
games on your own computer.
|
Notes
