threats - Russian Culture Nepal

Download Report

Transcript threats - Russian Culture Nepal

Internet Threats & Opportunities
Sushil Upreti
M.Sc. IT, MCSA
SOS NTC Panaute, Kavre
30th June 2009
Agendas

Birth of The Internet

Internet Threats

Internet Opportunities
The Internet
The Internet, simply "the Net“
- is a
worldwide system of computer networks
- a network of networks
Birth of the Internet
1858-66
Transatlantic cable
1958
In response to the launch of Sputnik, the US Department of Defense
established the Advanced Research Projects Agency (ARPA).
1962
Formation of ARPANET.
1969
ARPANET were interconnected between UCLA and SRI (later SRI
International) in Menlo Park, California.
1971
E-mail invented (a program to send messages across a distributed
network)
1972
First public demonstration of ARPANET between 40 machines.
1973
First international connections to the ARPANET: University College of
London (England) and Royal Radar Establishment (Norway).
1979
ARPA establishes the Internet Configuration Control Board (ICCB).
1983
All hosts on the ARPANET adapted the first TCP/IP-based wide-area
network. Internet Activities Board (IAB) established, replacing ICCB.
1984
DNS (Domain Name Server) introduced.
Birth of the Internet
(contd.)
1985
In 1985, the United States' National Science Foundation (NSF)
constructed NSFNET.
1989
NSFNET connected the commercial MCI Mail system, OnTyme, Telemail
and Compuserve. IETF & IRTF came into existence under the IAB.
1990
ARPANET was transferred to the NSFNET. The NSFNET was connected to
the CSNET, which linked Universities around North America, and then to
the EUnet, which connected research facilities in Europe.
1991
World Wide Web (WWW) released by CERN. Developer: Tim Berners-Lee.
1992
ISOC (Internet Society) was chartered.
1994
Commercialization began. Number of hosts: 3 Million. 10,000 WWW
sites. 10,000 Newsgroups. ARPANET/Internet celebrates 25th anniversary.
1995
Registration of domain names is no longer free. US Government decided
to transfer Internet management to independent organizations.
1996
1997
2009 April
Microsoft entered. The WWW browser war begins .
1 Million WWW sites.
231,510,169 sites (netcraft.com).
Nepal in Internet Map
1992
Mr. Satish Kharel, a renowned Lawyer connected to an email server in
Japan using packet radio.
1993
Some INGOs dialed to email servers in Europe for email services.
1994
Mercantile Office Systems, the first ISP (Internet Service Provider) of
Nepal started commercial email services for the public from June 1994.
1995
Mercantile started full online access to Internet from July 1995.
2009
Total ISPs in Nepal: 35
Internet Management
The Internet
ISOC
(Internet Society)
IAB
(Internet Architecture
Board)
IETF
(Internet Engineering
Task Force)
IRTF
(Internet Research Task
Force)
ICANN
(Internet Corporation For Assigned
Names & Numbers)
IANA
(Internet Assigned
Numbers Authority)
ASO
(Address Support
Organization)
CCNSO (Country Code
Names Supporting
Organization)
GNSO (Generic Names
Supporting
Organization)
Network Solutions:
- Central Domain Database
- Root Servers
Accredited Registrars
Basic Internet Terms:
Browser
Simply Browser or Web Browser is a software program that allows users to
view content on the Internet and World Wide Web.
(e.g. Internet Explorer, Mozilla Firefox, Opera, Safari , Google Chrome etc.)
Web Page
A single page of a website; it will commonly include text, graphics, and
links to other web pages.
Web Site
A Website is a collection of Web files on a particular subject that includes a
beginning file called a home page.
Web Server A computer that stores and transmits requested Web pages and associated
files over the Internet.
http
Short for Hypertext Transfer Protocol, HTTP is the protocol that a web
browser uses to request a web page from a web server, and which the
server uses to send the requested page back.
WWW
World Wide Web or the Web, this usually refers to information/services
available on the Internet that can be easily accessed with software usually
called a "browser.“
Fig. Web Server
How Internet Works?
World Wide Web
http://www.sushilupreti.com.np/images/image1.jpg
http://www.sushilupreti.com.np
Internet Protocol
Hyper Text Transfer Protocol
URL
(Uniform Resource Locator) Domain Name
Country Domain
How Internet Works?
How Internet Works…?
A real scenario…?
E-mail
–
–
Short for ‘Electronic Mail’.
Exchange of electronic messages and computer files
through the internet.
How E-mail Works…?
Internet Threats
Cyber-bullying
Cyber-bullying is "when the Internet, cell phones or other devices are used to
send or post text or images intended to hurt or embarrass another person.“
- National Crime Prevention Council, US
What Cyber-bullies do …….?
• Disclose victim's personal data
• Send threatening and harasing emails
• Post false statements, bad rumors
Internet Threats
Output of Cyber-bullying …
Internet Threats
Cyberstalking
It has been defined as the use of information and communications technology,
particularly the Internet, by an individual or group of individuals, to harass another
individual, group of individuals, or organization.
What Cyberstalkers do …….?








False accusations
Attempts to gather information about the victim
Transmission of Threats
Encouraging others to harass the victim, False victimization
The solicitation of minors for sexual purposes
Attacks on data and equipment
Ordering goods and services
Identity Theft
Cyberstalkers find their victims from …….?
Search engines, online forums, blogs, bulletin and discussion boards, chat rooms, and
more recently, through online communities such as MySpace, Facebook, Hi5 etc.
Internet Threats
Phishing
Phishing is the criminally fraudulent process of attempting to acquire sensitive
information such as usernames, passwords and credit card details by pretending
as a trustworthy entity through an electronic communication, especially e-mails.
Phishers’ Major Techniques:
 Man-in-the-middle Attacks
 URL Attacks
 Cross-site Scripting Attacks
 Observing Customer Data
 Client-side Vulnerability Exploitation
Internet Threats
Phishers’ Major Techniques:
 Man-in-the-middle Attacks
Internet Threats
Phishers’ Major Techniques:
 URL Attacks
Bad Domain Names
Using URL obfuscation techniques, the attacker tricks the customer into
connecting to their proxy server instead of the real server.
For example, the customer may follow a link to
http://www.my-bank.com instead of http://www.mybank.com
Internet Threats
Phishers’ Major Techniques:
 Cross-site Scripting Attacks
Cross-site scripting attacks make use of custom URL or code
injection into a valid web-based application URL or imbedded
data field. These techniques are the result of poor webapplication development processes.
Typical formats for CSS injection into valid URL’s include:
Full HTML substitution:
http://mybank.com/ebanking?URL=http://evilsite.com/phishing/fakepage.htm
Inline embedding of scripting content:
http://mybank.com/ebanking?page=1&client=<SCRIPT>evilcode...
Forcing the page to load external scripting code:
http://mybank.com/ebanking?page=1&response=evilsite.com%21evilcode.js&go=2
Internet Threats
Phishers’ Major Techniques:
 Observing Customer Data
Key-loggers and Screen-grabbers can be used to observe confidential
customer data as it is entered into a web-based application.
 Client-side Vulnerability Exploitation
Many opportunities for attackers provided by software updates,
pactches and add-ons.
Internet Threats
A real-life Phishing Example:
Subject: Westpac official notice
Westpac
AustraIia's First Bank
Dear cIient of the Westpac Bank,
The recent cases of fraudulent use of clients accounts forced the Technical
services of the bank to update the software. We regret to acknowledge, that
some data on users accounts could be lost. The administration kindly asks you
to follow the reference given below and to sign in to your online banking
account:
https://oIb.westpac.com.au/ib/defauIt.asp
We are gratefuI for your cooperation.
Please do not answer this message and follow the above mentioned instructions.
Copyright © 2004 - Westpac Banking Corporation ABN 33 007 457 141.
The above email was sent to many thousands of Westpac banking customers in May 2004. While the
language sophistication is poor (probably due to the writer not being a native English speaker), many
recipients were still fooled.
Internet Threats
A real-life Phishing Example:
A small attempt………………?
Internet Threats
Webspam
Webspam is the term for webpages that are designed by webmasters to
trick search engines and draw users to their websites.
Why do Spammers Create Spam Pages ?



To make money
To change search engine rankings
To do harm to users’ computers with sneaky downloads
How do Spammers Create Spam Pages ?




Hidden text and hidden links
Keyword stuffing
Sneaky redirects
Cloaking with JavaScript redirects and 100% frame
Internet Threats
E-mail spoofing
E-mail spoofing is a term used to describe fraudulent e-mail activity in
which the sender address and other parts of the e-mail header are
altered to appear as though the e-mail originated from a different
source.
E-mail spoofing is a technique commonly used for spam e-mail and
phishing to hide the origin of an e-mail message.
What is spam?
The term spam refers to unsolicited, often unwanted, email
messages. Spam does not necessarily contain viruses, valid
messages from legitimate sources could fall into this category.
Internet Threats
Denial-of-Service (DoS) attack
A denial-of-service attack (DoS attack) or distributed denial-of-service
attack (DDoS attack) is an attempt to make a computer resource unavailable
to its intended users.
How to block a "denial of service" attack?
By setting up a filter, or "sniffer," on a network before a stream of
information reaches a site's Web servers.
Internet Threats
Chain letters – a problem
 Mask viruses or other malicious activity
Although they seem harmless, may have negative impact if you forward
them:
 Consume bandwidth/space within the recipient's inbox.
 Force people to waste time sifting through the messages and
possibly taking time to verify the information.
 You are spreading hype and, often, unnecessary fear and paranoia.
Some types of chain letters
Hoaxes: Attempt to trick or defraud users, could be malicious, instructing users to
delete an important file by claiming it is a virus. It could also be a scam that
convinces users to send money or personal information.
Designed to be redistributed and usually warn users of a threat or claim to
Urban
legends: be notifying them of important or urgent information, also promise users
monetary rewards for forwarding the message. Urban legends usually have
no negative effect aside from wasted bandwidth and time.
Internet Threats
Internet Enemies
Computer Virus
A virus is a self-replicating and self-executable malicious software. It spreads
being attached to other files (documents with the ability to contain macros,
images, movies, music, almost anything which could be executed or run by a
user or another software).
Worms
Computer worms are similar to viruses (they are also self-replicating), but
while viruses are attached to another software, worms can function
separately. Worms can delete files on your computer, send files via e-mails,
even to spread across the Internet.
Trojan horse (Trojan)
A program that appears desirable but actually contains something harmful;
"the contents of a trojan can be a virus or a worm"
Internet Threats
Internet Enemies
(contd.)
Rootkit
This is a special kind of software, which once installed, is totally hidden on
your computer. One of its most dangerous activity is that it leaves a 'backdoor'
on the target system, and can gain control over it without the needed
privileges. It can also hide keyloggers which can send data about what you
type in on your computer.
Spyware
They collect personal data from your computer and send it to a company
who analyses it to gain precious information for their business.
Internet Threats
Defense Mechanisms
Understanding Firewalls
A firewall helps protect your computer by preventing unauthorized users from
gaining access to it through a network or the Internet.
What type of firewall is best?
 Hardware: Router
 Software: ISA Server
Internet Threats
Defense Mechanisms
Use Anti-Virus Software
Anti-virus software is designed to protect you and your computer
against known viruses. But with new viruses emerging daily, anti-virus
programs need to be updated regularly.
A firewall is different from antivirus software, but the two of
them work together to help protect your computer. You might
say that a firewall guards the windows and doors against
strangers or unwanted programs trying to get in, while an
antivirus program protects against viruses or other security
threats that can try to sneak in through the front door.
Internet Threats
Defense Mechanisms
Attacker
E-mail
Victim [Shortest & Easiest Route]
 Don't give your email address out arbitrarily.
 Don't follow links in spam messages.
 Do not open email from unknown sources.
 Consider opening an additional email account.
 Use caution when opening/downloading attachments.
 Password………?
 Don't spam other people.
 Benefits of BCC (Blind Carbon Copy).
Internet Threats
Defense Mechanisms
Secure Your Web Browser

Internet Threats
Defense Mechanisms
Digital Signature
A digital signature is basically a way to ensure that an electronic document
(e-mail, spreadsheet, text file, etc.) is authentic.
Authentication
Authentication is the process of verifying that information is coming from
a trusted source. Methods: Passwords, Checksum, CRC etc.
Encryption
Encryption is the process of taking all the data that one computer is
sending to another and encoding it into a form that only the other
computer will be able to decode.
Internet Threats
Defensce Mechanisms
Digital Certificate
A digital certificate is essentially a bit of information that says the Web server
is trusted by an independent source known as a Certificate Authority. The
Certificate Authority acts as the middleman that both computers trust.
Certificate Authority (CA)
A certificate authority or certification authority (CA) is an entity that
issues digital certificates for use by other parties. It is an example of
a trusted third party..Some CAs include :
VeriSign, Inc.,
Mountain View, California
Comodo Group, Inc.
Washington, USA
WebTrust
Toronto, Canada
CA
Internet Threats
Defense Mechanisms
Debunking Some Common Myths
 Anti-virus software and firewalls are 100% effective.
 Software is installed on your computer, you do not have to worry about it
anymore.
 There is nothing important on your machine, so you do not need to protect it.
 Attackers only target people with money.
 When computers slow down, it means that they are old and should be replaced.
Internet Threats
Defense Mechanisms
Internet Surfing in Cybercafé:
 You never know what kind of malicious program or person is
lurking in the next public computer you are going to use.
So ………….. WHAT TO DO????
 Lets not leave any
computer/cybercafé.
HOW????????
evidence
of
your
work
in
public
Internet Threats
Defense Mechanisms
 Use Process Explorer to see attackers attempt.
 Use portable version of web browser.
 Bypass key loggers
 Securely erase your data.
 Use portable anti-virus.
 Put your password in a safe place.
Internet Opportunities
Internet 2008 in numbers
186,727,854 – The number of websites on the Internet in December 2008.
31.5 million – The number of websites added during 2008.
1.3 billion – The number of email users worldwide.
210 billion – The number of emails sent per day in 2008.
70% – The percentage of emails that are spam.
1,463,632,361 – The number of Internet users worldwide (June 2008).
Source: Internet World Stats
Internet Opportunities
Services of Internet

Sharing Information & Resources

Electronic Mail (E-mail)

E-Governance, E-Commerce, E-Medicine, E-Banking

Online Study

Business Communication

Business Promotion

Discussion Forum & Chat

Entertainment

Plus many more …….
Internet Opportunities
Version of Web
Web 1.0
 Static Page
 One-way flow of infomormation
Web 2.0
 Dynamic , and decentralized web contents
 Bottom-up approach
 Web 2.0 was coined in 2003 by Dale Dougherty, became popular in
2004
Web 3.0
 Still takes few years to come into existence
 Based on “intelligent” web applications
 More dynamic, totally controlled by multimedia
Internet Opportunities
Features of Web 2.0
Internet Forum
An Internet forum is a web application for holding discussions and posting usergenerated content.
Internet forums are also commonly referred to as Web forums, message boards,
discussion boards, (electronic) discussion groups, discussion forums, bulletin
boards, fora (the Latin plural) or simply forums.
Example
Internet Opportunities
Features of Web 2.0
Social Networking













www.myspace.com
www.orkut.com
www.facebook.com
www.spaces.live.com
www.hi5.com
www.batchmates.com
www.yaari.com
www.minglebox.com
www.ning.com
www.meetup.com
www.bebo.com
www.fropper.com
www.bigadda.com
Internet Opportunities
Features of Web 2.0
Blog
A blog/weblog is a type of website, usually maintained by an individual with regular
entries of commentary, descriptions of events, or other material such as graphics or
video. Entries are commonly displayed in reverse-chronological order.
 http://www.bloggers.com.np/index.php
 http://surathgiri.blogspot.com/
 http://thenepalesedebate.forumotion.com/
 http://www.rednepal.com/
 http://sushilupreti.blogspot.com/
http://www.bloggers.com.np
Internet Opportunities
Features of Web 2.0
Wiki
Wiki is a piece of server software that allows users to freely create and edit Web
page content using any Web browser.
 http://en.wikipedia.org
http://en.wikipedia.org/wiki/Gopher
Internet Opportunities
Few Web 2.0 featured web sites
 http://twitter.com
 http://maps.google.com
 http://en.wikipedia.org
 http://www.youtube.com
 http://www.facebook.com
 http://www.blogger.com
SOS Children’s
Village from Google map
www.youtube.com
Internet Opportunities
Podcasts
Podcasts are audio broadcasts created and stored digitally on the
Internet. Instead of being broadcast over the airwaves once and lost,
like with traditional radio, podcasts were created to be stored and
played at the user's convenience.
http://www.gazzabko.com/hitsfm.htm
Internet Opportunities
Live Video Stream
The process of providing live
video data or content via a
web page.
http://entertainment.nepalnews.com/livetv/sagarmatha.html
Internet Opportunities
RSS (Really Simple Syndication)
RSS solves a problem for people who regularly use the web.
It allows you to easily stay informed by retrieving the latest
content from the sites you are interested in. You save time by
not needing to visit each site individually.
RSS Feed
RSS
document
includes
full
or
summarized
plus metadata such as publishing dates and authorship
Feed Reader/Aggregator"
http://www.reader.google.com
text,
Internet Opportunities
You don’t know the answer…..? Hmm… then ask to..
http://www.ask.com/
http://wiki.answers.com
http://www.about.com/
Internet Opportunities
Other Educational Sites

www.3form.org (Free Knowledge Exchange)

http://in.answers.yahoo.com/ (Yahoo Answers)

http://lycos.co.uk/ (Lycos IQ)

http://qna.live.com (Live QnA)

www.answerbag.com (AnswerBag)

www.whyville.net (3D Virtual Education)

www.experts-exhange.com (IT Professional Site)

http://uclue.com (Site by the researchers of Google Answers)
Internet Opportunities
Other Educational Sites
(contd.)

http://www.orillas.org/math/projex.html

http://www.wisc-online.com

http://www.globalschoolnet.org

https://media.iearn.org/node/101

http://www.bie.org/index.php/site/PBL/resources/Project_Examples

http://www.k12science.org/collabprojs.html

http://www.kn.pacbell.com/wired/bluewebn/contentarea.cfm?cid=9

http://www.pbs.org/howartmadetheworld/resources

http://www.algebasics.com/3way2.html

http://www.mathpower.com/summer2.htm
Internet Opportunities
E-newsletter
An e-newsletter (also called e-zine) is a newsletter sent via email to subscribers.
E-newsletter Sample:
 Russian Center of Science & Culture
 SOS Hermann Gmeiner School Sanothimi
Internet Opportunities
Online Exam
Internet Opportunities
Upcoming Web 2.0 Technology
 Liquid Design
 Cloud Computing
 DeepNet technology
Internet Opportunities
Online Job – Anywhere, Anytime
Job Nature
 Online Typists
 Online Marketing
 Online Journalism
 Online Translators
 Search Engine Optimization
 Data Entry Operators
 Search Quality Rater
 Web Design & Development
Internet Opportunities
Online Job – Search Quality Rater
Post: Quality Rater
Payment: 5.56 USD/Hour (Reduced by 10% from April 2009)
Working Hour: Max. 20 Hrs/week – Min. 10 Hrs/week
Job Provider: Lionbridge Technology, USA
What is the work?
Internet Opportunities
Online Job – Online Marketing
Job Provider: Google AdSense
Internet Threats & Opportunities
Conclusion!!
•
•
•
•
•
•
•
Online Exam
E-newsletter
School Website
Communication Mechanism
Develop Own Course Book
Professional Training for ICT teachers through
NTC and Schools
Plus
Thank You
For feedback & comments:
[email protected]