Pop-up - Cabrillo College
Download
Report
Transcript Pop-up - Cabrillo College
Computer Networking Part 2
and
Internet Safe Suring
CS 1
Rick Graziani
Cabrillo College
Spring 2006
Review
• Network
• LANs
• IP Configuration
• Internet
• TCP/IP
• DSL/Cable Modem with a Router
Rick Graziani [email protected]
2
What is a network?
• A computer network is a series of computers and other devices
•
interconnected by communication paths.
Computer networks include: LANs and WANs
http://www.albany.edu
Rick Graziani [email protected]
3
LAN – Local Area Network
• A LAN:
– Operates within a limited geographical area
– Controlled by local administration
– Allows local users to:
• Share printers
• Access local file servers with software and data
• Access the Internet
Rick Graziani [email protected]
4
Creating an Ethernet Network
•
•
•
•
•
To start, your computer must have an Ethernet Network Interface Card (NIC).
Ethernet NICs have an RJ-45 interface or port.
Hubs and Switches are used to connect computers, printers and other devices
in the Ethernet LAN.
Ethernet cables, i.e. Cat-5 or Cat-6 cables (Category 5, Category 6) are used
to connect computers to the hubs and switches.
Cat-5 cable connects computer NIC to hub or switch.
Rick Graziani [email protected]
5
IP Configuration
• To communicate with other computers
•
•
on your network you need to properly
configure:
– IP Address (of your computer)
– Subnet Mask (of your computer)
To communicate with computers
outside your network you need to
properly configure:
– Default Gateway IP Address
To be able to use domain names, like
www.cabrillo.edu, instead of IP
addresses you need to properly
configure:
– DNS (Domain Name System)
Server IP Address
Rick Graziani [email protected]
6
IP Configuration: Default Gateway
• Any information that needs to be sent to IP Addresses outside your
network is sent to the Default Gateway or Router.
To the Internet
192.168.1.10
192.168.1.1
Rick Graziani [email protected]
7
IP Configuration: DNS
Hey, 207.62.87.54, what is the IP
Address for www.yahoo.com?
It is 66.94.230.47
Hey, 66.94.230.47,
please send me your
web page.
Yahoo
Web
Server
Rick Graziani [email protected]
Here, 192.168.1.10,
here is my web page.
8
Setting the IP Configuration Information
•
IP information can be configured:
– Statically
– Dynamically
• Using a DHCP (Dynamic Host Configuration
Protocol) Server
Rick Graziani [email protected]
9
IP Configuration: Dynamic Configuration
I’m booting up, if there is a DHCP
Server out there, I need my IP
Configuration Information!
DHCP
Server
Here is your IP
Address, Subnet
Mask, IP Address for
the Default Gateway
(router), and IP
Address for the DNS
Server!
Rick Graziani [email protected]
10
What is the
Internet?
•
•
•
The Internet was originally designed by DARPA (Defense
Advanced Research Projects Agency) in response to the
U.S.S.R. launching Sputnik, the first satellite.
Out of this came the Internet, a way for computers to
communicate from different parts of the world.
These computers can be any type of computer using any
type of operating system, as long as they are using the
protocol TCP/IP.
Rick Graziani [email protected]
11
What is TCP/IP? What is a protocol?
The actual letter
(data) is inside
(encapsulated)
the envelope.
• A protocol is nothing more than an agreement or rules to
•
govern a way of communicating.
The sender and receiver, and everyone in between, must
agree on the rules, the protocol.
Rick Graziani [email protected]
12
What is TCP/IP? What is a protocol?
•
Protocol: An agreed form of communications.
Rick Graziani [email protected]
13
Source IP Address:
192.168.1.10
192.168.1.10
Inside envelope:
Request for web
page
Destination IP Address:
66.94.230.47
66.94.230.47
Yahoo
Web
Server
Source IP Address:
66.94.230.47
Inside envelope:
Web page
Destination IP Address:
192.168.1.10
Rick Graziani [email protected]
14
DSL or Cable Modem: No Router
•
Routers can help protect your DSL or Cable Modem
Network.
204.180.205.1
Public Address
Hacker can only get to public
address and not private address
DSL or Cable
Modem
Rick Graziani [email protected]
15
DSL or Cable Modem: With a Router
When using NAT (Network
Address Translation, the
Router helps hide your
network from attackers.
204.180.205.1
Public Address
192.168.1.10
Private Address
Internet
Hackers can only get to public
addresses and not private addresses
Rick Graziani [email protected]
16
Bandwidth
• Bandwidth - The amount of information that can flow through a
•
network connection in a given period of time.
Usually measured in bits per second (bps)
– bps: bits per second
– Kbps: thousands of bits per second
– Mbps: millions of bits per second
Rick Graziani [email protected]
17
Networking – Part 2
•
•
•
Circuit Switching versus Packet Switching
Wireless
Careers in Information Technology
Rick Graziani [email protected]
18
WAN Link Options
Rick Graziani [email protected]
19
Circuit Switched
• Circuit Switching: A form of data communication which establishes a
•
•
single connection or circuit between source and destination to carry the
data stream.
Like a conventional telephone system.
When a subscriber makes a telephone call the dialed number is used
to set switches in the exchanges along the route of the call so that
there is a continuous circuit from the originating caller to that of the
called party.
Rick Graziani [email protected]
20
Packet Switching
• Packet Switching: A form of data communications which breaks
•
a data stream into small sections, sends them separately by the
best available channels and reassembles the original data
stream at its destination.
An alternative is to allocate the capacity to the traffic only when it
is needed, and share the available capacity between many
users.
Frame Relay,
X.25, ATM
Rick Graziani [email protected]
21
Wireless Access Point
•
A wireless access point is a device that connects
wireless devices (laptops, etc.) to a wired network, usually
an Ethernet LAN.
Rick Graziani [email protected]
22
Wireless Access Point
•
In our example the wireless access point (AP) will include a
Router.
Rick Graziani [email protected]
23
Putting it together
•
Exactly the same as connecting a router without an AP.
Rick Graziani [email protected]
24
Configuring the AP and Router
Wireless Settings:
• SSID (Service Set Identifier) – Name of your network
• Security: WPA, WEP, or none
Router settings
include: IP Address,
Subnet Mask,
Default Gateway,
and DNS Server
information
Rick Graziani [email protected]
25
SSID
•
The SSID is what will be displayed when people with
wireless computers are looking for a wireless LAN.
Rick Graziani [email protected]
26
Linksys WRT54G
Router Information
• IP Address from ISP
• Connects to your DSL/Cable Modem
• NAT (Network Address Translation)
Local Network
• Switch or Hub
• Connect “wired” computers
• DHCP Server (optional)
MAC address for
AP’s IP address
Wireless
• SSID: MyHomeNetwork
• DHCP Server: (optional)
• Channel: 11
• Encryption Function: WPA
Rick Graziani [email protected]
27
You choose…
•
•
•
•
There are many resources to discuss the possible health
risks or wireless LANs.
As a networking and WLAN user and instructor I have my
own thoughts which I will share.
If you are concerned, then research the information and
come to your own conclusions.
The following information is from my own research and
experience.
Rick Graziani [email protected]
28
Wireless Frequency
• Wireless APs operate at:
•
•
– 2.4 GHz
– 5 GHz
2 GHZ! That’s the same as my microwave oven, isn’t that dangerous?
Answer: No.
– Electromagnetic waves happen naturally.
• Light is an electromagnetic wave
– It is not the frequency, but the wattage, the power.
• Any electromagnetic wave can be dangerous with too much
power.
• A 25 watt light bulb is safe, but it wouldn’t be safe at 250,000
watts
– Wireless access points generate signals at 1/10th of a watt.
• Like all electromagnetic waves, the signal does not fade in a
linear manner, but inversely as the square of the distance.
Rick Graziani [email protected]
29
Rick Graziani [email protected]
www.britishlibrary.net
30
Inverse square law
10
Point A
20
30
40
3 times the distance
1/9 the power of Point A
2 times the distance
¼ the power of Point A
50
100
10 times the distance
1/100 the power of A
5 times the distance
1/25 the power of Point A
• Double the distance of the wireless link, we receive only ¼ of the
•
•
original power.
Triple the distance of the wireless link, we receive only 1/9 the original
power.
Move 5 times the distance, signal decreases by 1/25.
Rick Graziani [email protected]
31
Putting it in some perspective
• Measurements from an antenna transmitting 100mW at 1 inch
• Remember a milliwatt is 1/1,000th of a Watt
• Microwave oven typically operates at 1,000 watts in a confined space.
•
•
1”
100 mW
1/10th watt
2”
25 mW
1/40th watt
4”
6.25 mW
1/166th watt
8”
1.56 mW
1/1000th watt
16”
0.39 mW
4/10,000th watt
32”
0.097 mW
1/10,000th watt
64” (5.3 ft)
0.024 mW
2/100,000th watt
128” (10.6 ft)
0.006 mW
6/1,000,000th watt
256” (21.3 ft)
0.0015 mW
15/10,000,000th watt
Light bulbs would also be dangerous the were 10,000 to
1,000,000,000,000 stronger.
A 250,000 watt up to a 250,000,000,000,000 watt light bulb would also
be dangerous.
Rick Graziani [email protected]
32
Rick Graziani [email protected]
33
Wireless Security – Everyone can hear
•
•
Others can “hear” or capture your information.
Wireless signals are propagated, sent, similar to our voice
sound waves.
Rick Graziani [email protected]
34
Wireless Security – Everyone can hear
• If we don’t want them to understand what they hear, we can encrypt or
•
code the information.
As long a our wireless computer and access point are using the same
encryption algorithm, such as WEP or WPA.
Rick Graziani [email protected]
35
Wireless Security - WPA
• WPA (WiFi Protected Access) is currently the best option.
• The password is configured on both the wireless access point and the
computer.
Rick Graziani [email protected]
36
Wireless Security
•
Without any security, anyone can:
– Use your wireless access point to access your network
and the Internet.
– Capture your information from your wireless computer.
Rick Graziani [email protected]
37
Wireless Security
CommView
Rick Graziani [email protected]
DriftNet
38
Wireless Security
• Your web browsing or email access should already be secured.
• Look for the lock
Rick Graziani [email protected]
39
Rick Graziani [email protected]
40
Careers in Information Technology
Rick Graziani [email protected]
41
Computer Support Specialist
•
•
•
Installing computer hardware
and software.
Troubleshooting
Maintenance and upgrades
Rick Graziani [email protected]
42
Networking: System Administrator
• Installing, configuring, and maintaining network servers
• UNIX, LINUX, Microsoft
• Web, DNS, DHCP, Mail Servers
• Backup and recovery, user administration
• Security
Rick Graziani [email protected]
43
Networking: Network Technician/Analyst
• Install, manage, troubleshoot network infrastructure:
•
– Routers, Switches, Cables, Wireless Access Points
Issues: Security, Quality of Service, Video On Demand,
Voice over IP
Rick Graziani [email protected]
44
Keeping up on technology
• Wireless
• Security
Rick Graziani [email protected]
45
Internet: Safe Surfing
Safe Surfing
• Adware
•
•
•
•
•
– Pop-ups
– Spyware
– Blocking Pop-ups
Java Traps or Pop-Up Hell
Spyware
– Blocking Spyware
Cookies
Virus Protection
Spam
– Blocking Spam
Rick Graziani [email protected]
47
Adware
• Adware or advertising-supported software is any software application
•
•
in which advertisements are displayed while the program is running.
Displays the ads in pop-up windows or through a bar that appears on a
computer screen.
Adware helps recover programming development costs, and helps to
hold down the price of the application for the user (even making it free
of charge)—and, of course, it can give programmers a profit, which
helps to motivate them to write, maintain, and upgrade valuable
software.
Rick Graziani [email protected]
48
What are Pop-ups? (Wikipedia.org)
• Pop-up ads are a form of online advertising on the Web where certain
•
•
websites open a new web browser window to display advertisements.
Usually generated by JavaScript
A less intrusive variation on the pop-up window is the pop-under
advertisement.
– This opens a new browser window, but in the background, so as
not to interrupt the user's page-view.
Rick Graziani [email protected]
49
From Gain Publishing:
www.gainpublishing.com/ about/
Rick Graziani [email protected]
50
What are Pop-ups? (Wikipedia.org)
• For early advertising-supported websites, banner ads were sufficient
•
•
•
revenue generators.
But in the wake of the dot com crash, prices paid for banner
advertising clickthroughs decreased and many vendors began to
investigate more effective advertising methods.
Pop-up ads by their nature are difficult to ignore or overlook, and are
claimed to be more effective than static banner ads.
Pop-ups have a much higher click rate than web banner ads do.
Rick Graziani [email protected]
51
What are Pop-ups? (Wikipedia.org)
Ultimate
irony!
• Most users regard pop-ups as a nuisance.
• In the early 2000s, all major web browsers except Internet Explorer
•
•
•
•
allowed the user to block pop-ups almost completely.
In 2004, Microsoft released Windows XP SP2, which added pop-up
blocking to Internet Explorer.
Some users install non-Microsoft ad-blocking software instead.
Advertisers continually seek ways to circumvent such restrictions.
Many of the latest pop-ups are created using Flash and have extensive
animation and trickery.
Rick Graziani [email protected]
52
Rick Graziani [email protected]
53
From Microsoft
• With Windows XP Service Pack 2 (SP2) Internet Explorer allows you
•
to prevent most pop-up windows from appearing over pages you want
to view while you're using the Internet.
When you install SP2, Pop-up Blocker is turned on in Internet Explorer
and set to the medium setting, which means it will block most
automatic pop-ups.
Rick Graziani [email protected]
54
Block Pop-up Windows with Internet
Explorer
http://www.microsoft.com/windowsxp/using/web/sp2_popupblocker.mspx
Rick Graziani [email protected]
55
C/NET – Pop-ups mean more $$$
• Publishers willingly allow pop-ups or pop-unders because they
•
•
•
command higher prices, and they're in high demand by
advertisers.
Ad executives say they can cost advertisers about $10 per
thousand sent for top-rated sites.
That compares with between $2 and $3 per thousand for a
static banner ad that appears on the same popular site.
The Web sites that sold or disseminated the most pop-up ads
in the month of April 2005 include CNN.com, ESPN.com,
Excite.com, Weather.com, and The New York Times.
Rick Graziani [email protected]
56
“Java Trap” or
“Pop-up Hell”
• Pornographic websites are among the most common users of pop-up
•
•
•
•
ads.
Some particularly vicious types of pop-up ads have been specifically
designed to "hijack" a user's Internet session.
As each window is closed by the user it activates another window -sometimes indefinitely.
Usually the only way to stop this is to close the browser.
Mouse Trapping: Another variation of pop-up fills an entire screen with
an ad or Web page, removing any menu bars or other on-screen icons
by which the user can close the window.
Rick Graziani [email protected]
57
What are Pop-ups? (Wikipedia.org)
• Pop-up ads can also be spawned as a separate process (that is to say,
•
apart from the browser) on the user's local computer.
This is typically because of a spyware infestation, or because the user
has voluntarily (or involuntarily) installed adware.
Rick Graziani [email protected]
58
Spyware (Wikipedia.org)
• Spyware is computer software that gathers and reports information
•
•
•
about a computer user without the user's knowledge or consent.
May perform many different functions, including:
– the delivery of unrequested advertising (pop-up ads in particular),
– harvesting private information
– re-routing page requests to illegally claim commercial site referal fees
Spyware as a category overlaps with adware
Spyware or Malware in a broader sense can include: adware, remote
access trojans (RATs), keystroke loggers, denial-of-service (DoS) attack
agents, probe tools, and other backdoor network threats (including most
popular remote access tools).
Rick Graziani [email protected]
59
Fighting Spyware
• Spybot (www.safer-networking.org)
• PestPatrol (www.pestpatrol.com)
Rick Graziani [email protected]
60
Cookies
• A cookie is information sent by a
•
•
•
•
server to a browser and then sent
back to the server each time it
accesses that server.
They were invented by Lou
Montulli, a former employee of
Netscape Communications.
Amongst other uses, cookies
enable websites to be customized
for individual users once
browsing patterns have been
established.
Cookies can however cause
potential security problems as
information such as credit card
details might be collected via a
cookie.
Cookies can however, only store
information that you provide.
Rick Graziani [email protected]
61
Cookies - Purpose
• Typically this is used to authenticate or identify a registered user of a
•
web site as part of their first login process or initial site registration
without requiring them to sign in again every time they access that site.
Other uses are maintaining a "shopping basket" of goods selected for
purchase during a session at a site, site personalization (presenting
different pages to different users), and tracking a particular user's
access to a site.
Rick Graziani [email protected]
62
Cookies - Permissions
• A browser may or may not allow the use of cookies.
• The user can usually choose a setting.
• Microsoft Internet Explorer
– Tools > Internet Options > Privacy Tab
– Use slider to set options, or use advanced options
Rick Graziani [email protected]
63
Virus Protection
•
In computer security technology, a virus is a selfreplicating program that spreads by inserting copies of
itself into other executable code or documents
Rick Graziani [email protected]
64
Spam (Wikipedia)
• Spamming is the act of sending unsolicited electronic messages in
•
•
•
bulk.
The most common form of spam is that delivered in e-mail as a form of
commercial advertising.
Spamming has been considered by various commercial, government,
and independent entities to be one of the foremost social problems
facing electronic media today.
Many attempts have been made to curb this problem including e-mail
filtering, contractual measures such as Internet Service Providers'
acceptable-use policies, laws such as the Can Spam Act of 2003 and
market pressures such as boycotts of those who use or support spam.
Rick Graziani [email protected]
65
CAN-SPAM Act of 2003 (Wikipedia)
• The CAN-SPAM Act of 2003, signed into law by President Bush on
December 16, 2003, establishes the first national standards for the
sending of commercial e-mail and requires the Federal Trade
Commission (FTC) to enforce its provisions.
• The bill's full name is an acronym: Controlling the Assault of NonSolicited Pornography and Marketing Act of 2003.
• It also requires the FTC to promulgate rules to shield consumers from
unwanted mobile service commercial messages.
• The bill permits e-mail marketers to send unsolicited commercial e-mail
as long as it contains all of the following:
– an opt-out mechanism;
– a functioning return e-mail address;
– a valid subject line indicating it is an advertisement; and
– the legitimate physical address of the mailer.
– The legislation also prohibits the sale or other transfer of an e-mail
address obtained through an opt-out request. It criminalizes the use
of automated means to register for multiple e-mail accounts from
which to send spam. It prohibits sending sexually-oriented spam
Rick Graziani
[email protected]
66
without
clear markings.
Anti-Spam
• Spammers obtain e-mail addresses by a number of means:
•
•
•
– Web pages
– guessing common names at known domains
– "e-pending"
– searching for e-mail addresses corresponding to specific persons
Many e-mail spammers go to great lengths to conceal the origin of their
messages.
Spoofing e-mail addresses - spammer modifies the e-mail message
so it looks like it is coming from another e-mail address.
Among the tricks used by spammers to try to circumvent the filters is to
intentionally misspell common spam filter trigger words, ie. "viagra"
might become "vaigra", or by inserting other symbols within the word,
i.e. "v/i/a/g./r/a".
Rick Graziani [email protected]
67
Spam
Rick Graziani [email protected]
68
Phishing
• From Wikipedia, the free encyclopedia
• This phishing attempt, disguised as an official email from a (fictional)
bank, attempts to trick the bank's members into giving away their
account information by "confirming" it at the phisher's linked website.
• In computing, phishing is a criminal activity using social engineering
•
•
•
techniques.
Phishers attempt to fraudulently acquire sensitive information, such as
passwords and credit card details, by masquerading as a trustworthy
person or business in an electronic communication.
Phishing is typically carried out using email or an instant message,
although phone contact has been used as well.
Attempts to deal with the growing number of reported phishing
incidents include legislation, user training, and technical measures.
Rick Graziani [email protected]
69
PayPal
Scam
Rick Graziani [email protected]
70
Rick Graziani [email protected]
71
From: [email protected]
Sent: Thursday, February 09, 2006 9:52 PM
To: [email protected]
Subject: {spam?} Account Security Measures.
Another
PayPal Scam
Dear PayPal valued member,
In our terms and conditions you have agreed to state that your account must always be under your control or those you
designate at all times.
We have noticed some activity related to your account that indicates that other parties may have tried gaining access or
control of your information in your account.
In order to secure your account we may require some specific information from you. We encourage you to follow
the link below and complete the requested form as soon as possible.
Please follow the link below and renew your account information:
[ "http://www.paypai.com.profile-6433.com"onMouseOver ]https://www.paypal.com/cgi-bin/webscr?cmd=login-run
Failure to update your records will result in further account limitations.
This notification expires on February 12, 2006.
www.paypai.com
*Please be aware that we will have no other liability for your account or any transactions that may have occurred as a
result of your failure to reactivate your account.
We are very sorry for the inconvenience this might cause but please understand that this is a security measure meant to
help protect you and your account.
Sincerely,
C. Douglas
PayPal Account Review Department
[email protected]
=========================================
Please do not delete this section.
(Your case ID is PP-079-070-365.)
=========================================
PayPal, an eBay company
Copyright © 1999-2006 PayPal. All rights reserved.
Rick Graziani [email protected]
72
Third Bank Scam
Dear Customer,
Fifth Third Bank, is committed to maintaining a safe for our
customers. To protect the security of your account, Fifth Third Bank, employs
some of the most advanced security systems in the world and our anti-fraud
teams regularly screen the Fifth Third system for unusual activity.
We are contacting you to remind that on November 5, 2006 our Account Review
Team identified some unusual activity in your account. In accordance with Fifth
Third Bank's User Agreement and to ensure that your account has not been
compromised, access to your account was limited. Your account access will
remain limited until this issue has been resolved. We encourage you to log in and
perform the steps necessary to restore your account access as soon as possible.
Allowing your account access to remain limited for an extended period of time
may result in further limitations on the use of your account and possible account
closure. Visit now Online Banking page and perform verification process.
Login to online banking account
Thank you for your prompt attention to this matter. Please understand that this is
a security meant to help protect you and your account. We apologize for
any inconvenience.
Sincerely,
Fifth Third Bank, Account Review Department
Rick Graziani [email protected]
73
Third Bank Scam
Rick Graziani [email protected]
74
WalMart and other Retails (Fake)
Dear Customer,
Thank you for ordering from our internet shop. If you paid with a credit card, the charge on your statement
will be from name of our shop.
This email is to confirm the receipt of your order. Please do not reply as this email was sent from our
automated confirmation system.
Date : 08 Oct 2006 - 12:40
Order ID : 37679041
Payment by Credit card
Product : Quantity : Price
WJM-PSP - Sony VAIO SZ370 C2D T7200 : 1 : 2,449.99
Subtotal : 2,449.99
Shipping : 32.88
TOTAL : 2,482.87
Your Order Summary located in the attachment file ( self-extracting archive with "37679041.pdf" file ).
PDF (Portable Document Format) files are created by Adobe Acrobat software and can be viewed with
Adobe Acrobat Reader.
If you do not already have this viewer configured on a local drive, you may download it for free from
Adobe's Web site.
We will ship your order from the warehouse nearest to you that has your items in stock (NY, TN, UT & CA).
We strive to ship all orders the same day, but please allow 24hrs for processing.
You will receive another email with tracking information soon.
We hope you enjoy your order! Thank you for shopping with us!
Rick Graziani [email protected]
75
Rick Graziani [email protected]
76
Fake Wells Fargo Page
Rick Graziani [email protected]
77
Real Wells Fargo Page
Rick Graziani [email protected]
78
Difficult to tell the difference
Rick Graziani [email protected]
79
Useful sites
•
http://hoaxbusters.ciac.org/
Rick Graziani [email protected]
80
Useful sites
•
http://www.snopes.com/
Rick Graziani [email protected]
81
Useful sites
•
http://www.symantec.com/enterprise/security_response/thr
eatexplorer/risks/hoaxes.jsp
Rick Graziani [email protected]
82
Internet: Safe Surfing
CS 1
Rick Graziani
Spring 2006