Web Security Overview Slides

Download Report

Transcript Web Security Overview Slides 

Web Security Tips
Li-Chiou Chen & Mary Long
Pace University
September 1st, 2010
Acknowledgement

The authors acknowledge the support of the
Verizon Foundation in partnership with Pace
University through its Thinkfinity Initiative.
© Li-Chiou Chen & Mary Long, Pace University
2
What do you do online?









Browsing sites
Blogging
Social networking
Email
Online shopping
Online banking
Managing photos
Managing calendars
…….
© Li-Chiou Chen & Mary Long, Pace University
3
Common Threats

Intrusion


Malware


Accessing a computer without permission
Programs that are designed to harm your computer
Spyware

Software that sends information from your computer to
a third party without your consent
© Li-Chiou Chen & Mary Long, Pace University
4
Common Threats (2)

Site Hijacking


Misrepresenting a web site by stealing and
manipulating its content
Phishing

Using fake Web sites to trick you into giving away
personal information
© Li-Chiou Chen & Mary Long, Pace University
5
DoD video on Phishing

http://iase.disa.mil/eta/phishing/Phishing/launchP
age.htm
© Li-Chiou Chen & Mary Long, Pace University
6
How to determine if a web site is legitimate

Make sure that the web address is correct





Use HTTPS encryption for sensitive information
Verify the site using the security padlock
Use browser security features


Google it or type it yourself
Do not click on links in emails
Firefox has more default security settings than IE
Pay attention to browser warnings
© Li-Chiou Chen & Mary Long, Pace University
7
Look at web address to determine if it is a legitimate site
“https” refers to the content is encrypted
www.citicards.com is the domain name (or site name)
© Li-Chiou Chen & Mary Long, Pace University
8
Examples of fake web addresses

http://www.citicards.com.chilli.net

http://129.20.1.2/www.citicards.com/

http://paybill.center.net/citicards/
© Li-Chiou Chen & Mary Long, Pace University
9
Examine the security padlock to verify the site
Alternative ways of
showing the
security Padlock
© Li-Chiou Chen & Mary Long, Pace University
10
You need to double click the padlock to verify it
This verifies that
www.citicards.com
is owned by
Citigroup Inc.
VeriSign, Inc.
verifies this
information
This
indicates that
the content is
encrypted
© Li-Chiou Chen & Mary Long, Pace University
11
User login only authenticate users
It cannot tell users if the site is legitimate or not
© Li-Chiou Chen & Mary Long, Pace University
12
References

My Secure Cyber Space

https://www.mysecurecyberspace.com/
© Li-Chiou Chen & Mary Long, Pace University
13