CEA 217

Download Report

Transcript CEA 217 

Chapter 11: Internet Security
i-Net+ Guide to the Internet
Third Edition
Objectives
• Learn how computers and networks can be attacked
• Study solutions used to protect computers and
networks
• Investigate network protection strategies
• Learn how virtual private networks ensure a secure
data transmission over the Internet
iNet+ Guide to the Internet, Third Edition
2
Types of Attack
• The reasons hackers attack a Web site, server, or computer can
vary.
• Hackers might want to:
– Seek a challenge or revenge against a business
– Gain bragging rights among peers
– Steal information, such as credit card numbers, that they can
sell
– Hijack storage space on a computer or use Internet bandwith
provided by a network
– Gain remote control of a computer to use in an attack
against other servers.
iNet+ Guide to the Internet, Third Edition
3
Flooding
• A denial of service (DoS) attack is an attack
designed to overload the resources of a Web server
or other Internet device so that it can no longer
operate and provide Internet resources.
• A new form of DoS attack has appeared called
distributed denial of service (DDoS).
iNet+ Guide to the Internet, Third Edition
4
Flooding (Continued)
• In a DDoS attack, a hacker has remote control of
hundreds of computers over a large geographical
area and commands them to send false requests to a
Web server or other Internet device.
• Computers that are remotely controlled by hackers
and used in a DDoS attack are called bots.
iNet+ Guide to the Internet, Third Edition
5
SYN Flooding
• SYN flooding is a type of attack that takes
advantage of the synchronization feature of TCP.
• When the first computer sends the initial SYN packet
to begin the TCP connection process, instead of
sending its own IP address as the source IP address
in the data packet, it supplies an invalid IP address
that cannot be accessed.
• When the server responds with the SYNACK packet,
it responds to an IP address that seems valid, but is
not available.
iNet+ Guide to the Internet, Third Edition
6
SYN Flooding (Continued)
iNet+ Guide to the Internet, Third Edition
7
Teardrop
• Teardrop attack sends a series of fragmented
packets containing false reassembly instructions.
• As a result, the device is unable to reassemble the
packet because the packet is invalid or incomplete.
• However, the device, often a computer or server,
continues to allocate operating system resources to
handle the invalid packets.
• Eventually, system resources are exhausted, causing
the device to crash, hang, or reboot.
iNet+ Guide to the Internet, Third Edition
8
Ping Flooding
• The Ping program is very helpful for debugging
network problems, but it also can be dangerous when
used by hackers to implement a Ping flood.
• Ping flooding (also known as ICMP flooding) is
when a host is flooded with Ping requests.
• As the host tries to respond to the requests, it get
bogged down and cannot function, causing DoS.
iNet+ Guide to the Internet, Third Edition
9
Ping Flooding (Continued)
• This type of flooding is fairly common because it does
not require a lot of special knowledge.
• A variation of Ping flooding is the Ping of Death
attack, which occurs when a hacker uses the Ping
protocol to send a packet that is larger than the
65,536 bytes allowed by the IP protocol.
iNet+ Guide to the Internet, Third Edition
10
Mail Flooding
• Mail flooding is when hackers send numerous huge
e-mail messages to an e-mail server.
• Spam is a form of mail flooding.
• Spam is unsolicited e-mail messages that usually are
trying to sell a product, and are sent in bulk.
iNet+ Guide to the Internet, Third Edition
11
Data Theft
• A type of intrusion involves the theft of network data.
• If hackers find a working user ID and password, they
can sign onto the network and appear as a legitimate
user.
• Hackers also try to intercept data as it is transmitted
across the LAN, an attack known as man in the
middle.
iNet+ Guide to the Internet, Third Edition
12
Data Theft (Continued)
• The man in the middle attacks can include the
interception of e-mail, files, chat dialogs, and data
packets that are transmitted over the LAN.
• A man in the middle attack is most often perpetrated
by hackers who have direct access to a LAN.
• Key-stroke logging is accomplished by installing
software that records and transmits every character a
user types on a keyboard.
iNet+ Guide to the Internet, Third Edition
13
Data Theft (Continued)
• Phishing occurs when an individual pretending to be
a legitimate business sends fraudulent e-mail
messages in hopes of enticing users to reveal
sensitive information, such as bank account
information, Social Security numbers, or credit card
numbers.
• Phishing uses social engineering (it exploits social
weaknesses in people, not software flaws) to steal
personal data and sometimes commit identity theft.
iNet+ Guide to the Internet, Third Edition
14
Computer Infestations
•
A virus is a program that spreads by attaching to
other programs.
•
Viruses usually spread through infected e-mail
messages that arrive with a virus in an attachment.
•
A virus is called a virus because:
1. It has an incubation period (it does not do damage
immediately).
2. It is contagious
3. It can be destructive
iNet+ Guide to the Internet, Third Edition
15
Computer Infestations (Continued)
• A virus is different from a worm, which is a program
that spreads copies of itself throughout the Internet or
LAN without needing a host program such as a
Microsoft Word file or other application.
• A Trojan horse is a third type of computer infestation
that, like a worm, does not need a host program to
work but instead substitutes itself for a legitimate
program.
• A Trojan horse is an infestation that masquerades as
a legitimate program.
iNet+ Guide to the Internet, Third Edition
16
Computer Infestations (Continued)
• Programs such as Kazaa Media Desktop can be
used to unknowingly download Trojan horses from
peer-to-peer file-sharing networks that masquerade
as music files or software programs.
• Spyware is software used to collect and relay
information about a user or the Web sites a user
visits to advertisers.
• Spyware is often installed in addition to normal
software that a user installs from the Web.
iNet+ Guide to the Internet, Third Edition
17
Cookies
• Cookies are considered by many people to be
another form of spyware.
• A cookie is data that is stored on the client’s system
by a Web site for later retrieval.
• When a user accesses a Web page that uses
cookies, the cookie is placed on the user’s hard drive.
iNet+ Guide to the Internet, Third Edition
18
Protection Solutions
• Security experts agree that the best approach to
protecting computers and other network resources is
to apply security measures in layers.
• For example, a home computer should run more than
just antivirus software.
• You should also install the latest security patches for
the operating system and applications on your
computer.
iNet+ Guide to the Internet, Third Edition
19
Firewalls
• A firewall is hardware or software that can reside on
the network’s gateway.
• Different types of firewalls can function in several
ways. See the list on page 640.
iNet+ Guide to the Internet, Third Edition
20
Hardware Firewall
• A good firewall solution is a hardware firewall that
stands between a LAN and the Internet.
• A hardware firewall is ideal for a home network
consisting of two or more computers because it
protects the entire network.
• For most home and small-office LANs that connect to
the Internet through a single cable modem or DSL
converter, a broadband router is used as a hardware
firewall.
iNet+ Guide to the Internet, Third Edition
21
Software Firewall
• Use when the connection to the Internet is always on,
such as a cable modem or DSL
• Layered security is the key to system protection.
• Requests permission from a user prior to accessing
programs on the network.
iNet+ Guide to the Internet, Third Edition
22
A Proxy Server Used as a Firewall
• When a proxy server is acting as a firewall, it can
filter traffic in both directions.
• It can filter traffic that is coming into the network from
outside computers, and it can filter traffic that is
leaving the network.
iNet+ Guide to the Internet, Third Edition
23
Firewalls that Filter Ports and Packets
• When a firewall filters ports, it prevents software on
the outside from using certain ports on the network,
even though those ports have services listening at
them.
• Sometimes, a problem arises when you want to allow
certain ports to be accessed but others to be filtered,
or allow packets that are not a part of a current TCP
session, such as when there is a videoconference.
iNet+ Guide to the Internet, Third Edition
24
DMZ Configurations
• DMZ is an abbreviation for “Demilitarized Zone.”
• Refers to an area that is between the private network
and the Internet, but is not a direct part of either
network.
• It is often an additional network that is placed
between the two networks to offer additional security,
and is sometimes called a perimeter network.
iNet+ Guide to the Internet, Third Edition
25
Screened Host
• With a screened host, a router is used to filter all traffic to the
private intranet but allow full access to the computer in the DMZ.
• The router is responsible for protecting the private network.
iNet+ Guide to the Internet, Third Edition
26
Bastion Host
• Another DMZ configuration is the bastion host.
• The word bastion means a protruding part of a
fortified wall or rampart.
• Bastion hosts are computers that stand outside the
protected network and are exposed to an attack by
using two network cards, one for the DMZ and one
for the intranet, as shown in Figure 11-22 on page
652.
• Bastion hosts also are known as dual-homed hosts
or dual-homed firewalls.
iNet+ Guide to the Internet, Third Edition
27
Three-Homed Firewall
• Suppose there are several computers in the DMZ, a
Web server, a DNS server, and an FTP server.
• With a large DMZ, a three-homed firewall can be
used.
• The entry point to the DMZ requires three network
cards.
• One network card is connected to the Internet, one to
the DMZ network, and the final network card is
connected to the intranet.
iNet+ Guide to the Internet, Third Edition
28
Three-Homed Firewall (Continued)
iNet+ Guide to the Internet, Third Edition
29
Back-to-Back Firewall
• The back-to-back firewall configuration offers some of the best
protection for networks.
• In this design, the DMZ network is located between two
firewalls, as shown in Figure 11-24.
iNet+ Guide to the Internet, Third Edition
30
Dead Zone
• A dead zone is a network between two routers that
uses another network protocol other than TCP/IP.
• If the DMZ is using some other protocol, such as
IPX/SPX, this network between the two routers is a
dead zone.
iNet+ Guide to the Internet, Third Edition
31
Intrusion Detection Software
• Intrusion detection software lets you know when
someone has tried to break into your network.
• Because the Internet makes it so easy for people to
try to gain access to your resources, it is necessary
to have software installed to let you know when an
attack has been attempted.
• Intrusion detection software, sometimes called
intrusion prevention software, provides alarms that go
off when suspicious activity is spotted.
iNet+ Guide to the Internet, Third Edition
32
Secure Sockets Layer
• SSL (Secure Sockets Layer) protocol was developed by
Netscape to provide security between application
protocols (such as FTP, HTTP, or Telnet) and TCP/IP.
• SSL provides data encryption and server authentication,
and can provide client authentication for a TCP/IP
connection.
• SSL uses public and private keys and is similar to the
public key encryption method.
• Figure 11-25 on page 656 shows one of several ways that
SSL can work.
iNet+ Guide to the Internet, Third Edition
33
Secure Electronics Transactions
• SET (Secure Electronics Transactions) is a
protocol that is designed to offer a secure medium for
credit card transactions.
• It uses digital signatures to verify that both parties
involved in the transaction are who they say they are.
• SET also protects the information in the transaction
from being stolen or altered during the transaction,
which protects all parties, including the consumer.
iNet+ Guide to the Internet, Third Edition
34
Infection Methods
• Like any program, a virus is a program cannot
function until it is executed.
• Unlike a virus, a worm creates copies of itself, which
then spread throughout the Internet or LAN.
• In 2004, the Beagle worm arrived as a password
protected compressed file that appeared to be sent
by a network administrator on the user’s network.
iNet+ Guide to the Internet, Third Edition
35
Infection Methods (Continued)
• A e-mail used spoofing to replace the true sender’s
e-mail address with a fake e-mail address.
• Spoofing is the act of replacing the source of a data
transmission with fake information so the true identity
of the sender remains hidden.
iNet+ Guide to the Internet, Third Edition
36
Managing Antivirus Software
• A real-time antivirus scanner is software that is
designed to scan every file accessed on a computer
so that it can catch viruses and worms before they
can infect a computer.
• This software runs each time a computer is turned
on.
• Using a real-time scanner helps antivirus software
stop infections from different sources, including a
Web browser, e-mail attachment, storage media, or
local area network.
iNet+ Guide to the Internet, Third Edition
37
Managing Antivirus Software (Continued)
• The process of calculating and recording checksums
to protect against viruses and worms is called
inoculation.
• Antivirus software must be updated to stay ahead of
new viruses and worms.
iNet+ Guide to the Internet, Third Edition
38
Eliminating Spam
• To protect your privacy limit how much information
you volunteer to people.
• Another option is to create a separate e-mail account
just for junk mail.
• Many ISPs offer spam rejection services.
• Some spam rejection services allow a user to
indicate that he does not want to receive any more
messages from the sender by sending a message to
their ISP e-mail system.
iNet+ Guide to the Internet, Third Edition
39
Stopping Pop-up Ads
• Follow the steps on page 664 to stop pop-up ads.
• Internet Explorer Pop-up Blocker offers three levels
of protection.
• The pop-up blocker is set to ON by default.
iNet+ Guide to the Internet, Third Edition
40
Removing Spyware
• Spyware is often secretly installed in addition to
normal software that a user installs from the Web.
• Spyware consumes system resources and can cause
your computer to become unresponsive, crash, or
reboot.
• The best recommendation is to minimize or refrain
from installing free software from the Web or from
peer-to-peer, file-sharing networks.
iNet+ Guide to the Internet, Third Edition
41
Controlling Cookies
• One of the first steps in protecting your privacy is to limit
cookies.
• Internet Explorer users can control cookies through the Privacy
tab of the Internet Options dialog box.
iNet+ Guide to the Internet, Third Edition
42
Controlling Cookies (Continued)
iNet+ Guide to the Internet, Third Edition
43
Protection Strategies
• A security system should:
– Provide privacy
– Provide authentication
– Protect data integrity
– Provide nonrepudiation
– Be easy to use
iNet+ Guide to the Internet, Third Edition
44
Authentication
• Different levels of authentication on a network exist:
– None
– Connect
– Call
– Packet
– Packet integrity
– Packet privacy
iNet+ Guide to the Internet, Third Edition
45
Users IDs and Passwords
• User IDs and passwords can be set at many levels,
including:
– Individual computes can have a setup password installed in
CMOS that is needed to access the hardware and is
required when you first turn on the computer.
– The operating system on the computer can require a user ID
and password to use the system.
– A network operating system can require a user ID and
password to access the network.
– The remainder of this list appears on pages 672 and 673.
iNet+ Guide to the Internet, Third Edition
46
Choosing a Password
• A good, effective password has a mixture of letters,
numbers, and symbols, both uppercase and
lowercase, and does not have any logical meaning.
• To further secure passwords, system administrators
often put an expiration date on passwords meaning
that the user periodically must change her password.
iNet+ Guide to the Internet, Third Edition
47
Passwords on the Computer
• Passwords on a computer can be setup passwords,
operating system passwords, and passwords on files,
folders, and applications.
• Every computer has a microchip on the motherboard
inside the computer that can hold some basic
information about the setup of the system.
• To set or change the startup password, you must
access the setup information when the computer first
starts up.
iNet+ Guide to the Internet, Third Edition
48
User IDs and Passwords Required
by the Network Operating System
• The network operating system allows the system administrator
to define what files or folders the user has access to and what
type of access the user has, which is called the user
permissions.
• A user can have read, write, or no access permissions.
• Read access means that the user is allowed to read the file, but
cannot make changes to it.
• Write access allows the user to read the file, make changes,
save changes, and delete the file.
• No access, of course, denies the user any access to the file.
iNet+ Guide to the Internet, Third Edition
49
Securing User IDs and Passwords
• Several encryption services, called authentication protocols,
transmit, store, and handle passwords safely.
• These include TACACS+ (Terminal Access Controller Access
System), RADIUS (Remote Access Dial-In User Service),
Kerberos, PAP (Password Authentication Protocol), SPAP
(Shiva Password Authentication Protocol), CHAP (Challenge
Handshake Authentication Protocol), and MS-CHAP (Microsoft
CHAP),
• Of these, CHAP and Kerberos are the more popular protocols
or methods.
iNet+ Guide to the Internet, Third Edition
50
Passing a User ID and
Password in a URL
• Subscription Web sites usually require users to enter
a user ID and password to access the Web site
content.
• The user ID and password required to access a Web
site can be passed to the Web site in the URL.
• Doing this saves the time of having to manually enter
the user ID and password every time you visit a
subscript Web site.
iNet+ Guide to the Internet, Third Edition
51
Smart Cards
• Smart cards are about the size of a credit card and
contain an embedded microchip.
• The chip enables the card to hold data or
programming that can authenticate a user who is
accessing a network.
iNet+ Guide to the Internet, Third Edition
52
Digital Certificates
• A digital certificate, sometimes called a digital ID, is a
digital signature that verifies the sender’s identity.
• It is a binary file that is stored on your hard drive, usually
as part of your Windows registry information.
• Another feature of digital certificates is to assist in
nonrepudiation—a guarantee that provides proof of
delivery to the data sender and assurance of the sender’s
identity to the recipient.
• Nonrepudiation of origin prevents the person who sent
the message from claiming not to be that person.
iNet+ Guide to the Internet, Third Edition
53
Digital Certificates (Continued)
• Non repudiation of delivery is used so that the receiver
of the message cannot deny getting the message.
• The only way to obtain a digital certificate is through a
certification authority (CA), and it is the CA’s job to
verify that you are who you way you are.
• The two largest certification authorities are VeriSign
(www.verisign.com) and Thawte (www.thawte.com).
• Digital certificates are sometimes used to help create a
virtual private network (VPN), whereby hosts on the
Internet can communicate with as much privacy as if they
were on a private network.
iNet+ Guide to the Internet, Third Edition
54
Types of Digital Certificates
• A client SSL certificate
• A server SSL certificate
• An S/MIME certificate
• An object-signing certificate
• A CA certificate
iNet+ Guide to the Internet, Third Edition
55
What Is in a Digital Certificate?
• Most certificates today conform to the X.509
certificate specification.
• This specification is recommended by the
International Telecommunication Union (ITU), and
has been recommended since 1988.
iNet+ Guide to the Internet, Third Edition
56
How Digital Certificates Work
• The process of
getting a digital
certificate and
using the certificate
involves three
parties: the person
needing the
certificate, the
authority issuing
the certificate, and
the company with
whom the person
want to use the
certificate
iNet+ Guide to the Internet, Third Edition
57
How to Protect Your Digital Certificate
• The easiest way to protect the information itself is to
require a password to access it.
• In addition, most software programs that use digital
certificates allow you to require a password before
the certificate is used.
iNet+ Guide to the Internet, Third Edition
58
Using Digital Certificates
• Digital certificates are commonly used on Web sites,
but digital certificates can also be used to secure
e-mail.
• One of the most popular certificate authorities used to
secure Web sites and e-mail is VeriSign
(www.verisign.com).
iNet+ Guide to the Internet, Third Edition
59
Encryption
• To be certain that data cannot be read if intercepted,
data can be coded in a way that allows only the
intended receiver to understand it.
• Encryption is the process of coding data to prevent
unauthorized parties from being able to change or
view it.
iNet+ Guide to the Internet, Third Edition
60
Symmetric or Private Key Encryption
• Symmetric encryption, also called private key
encryption, is a very simple and fast encryption
method that employs encryption software to convert
data into a form that is unreadable, most often
through the use of a mathematical formula.
• This unreadable data is called ciphertext.
• Part of the formula that is used to encode the data is
called a key, session key, or secret key.
iNet+ Guide to the Internet, Third Edition
61
Length of Encryption Keys
• The longer the session key, the more secure the
data, which makes sense because there are more
possible combinations as the key length grows.
• It has been proven that a key that is 40 bits long can
be cracked in about six hours by systematically using
every combination of 40 bits until the correct
combination is discovered.
iNet+ Guide to the Internet, Third Edition
62
Algorithms Used for Encryption
• DES was one of the first algorithms developed that
used symmetric encryption.
• It uses a 64-bit key to encrypt and decrypt data, and
runs the main algorithm 16 times to produce the
encrypted data.
• DES can be used in one of four modes, listed on
page 688 of the text.
• Additional examples of symmetric encryption include
Skipjack and Blowfish.
iNet+ Guide to the Internet, Third Edition
63
Algorithms Used for Encryption
(Continued)
• The U.S. National Security Agency (NSA) developed
Skipjack.
• The Skipjack algorithm uses 80-bit keys and is
repeated 32 times to produce ciphertext, and can run
using all four modes that DES uses.
• Blowfish is an encryption algorithm that can use
either fixed-length keys or variable-length keys, from
32 bits to 448 bits.
iNet+ Guide to the Internet, Third Edition
64
Asymmetric or Public Key Encryption
• RC2 was designed to replace DES, and uses the
same 64-bit block size as DES but it processes data
much faster.
• After the original data is encrypted, another block of
data (40 to 88 bits long), called the salt, is appended
to the encryption key to throw off hackers.
• Because RC2 can be exchanged for DES without a
lot of reprogramming, it is called a drop-in technology.
iNet+ Guide to the Internet, Third Edition
65
Asymmetric or Public Key Encryption
(Continued)
• RC4 is similar to RC2, but uses a variable key size
and variable block sizes.
• RC5 is more advanced, using variable block and key
sizes and varying the number of times the algorithm
is applied.
• When a session key has been encrypted using
asymmetric encryption, the session key said to be
enclosed and called a digital envelope.
iNet+ Guide to the Internet, Third Edition
66
Pretty Good Privacy Encryption
• Pretty Good Privacy (PGP) encryption is another
encryption protocol.
• It is used to:
– Encrypt and decrypt messages that are sent over the
Internet.
– Send digital signatures to ensure the identity of the
sender.
– Verify that the message was not altered during
transmission.
iNet+ Guide to the Internet, Third Edition
67
Secure MIME
• The secure version of MIME is S/MIME
(Secure/Multipurpose Internet Mail Extensions).
• S/MIME works in a similar way as public key
encryption and is a competing technology.
iNet+ Guide to the Internet, Third Edition
68
Hashing
• With hashing, the already encrypted data is used for
a series of calculations that produce a fixed-length
output called a message digest, or hash.
• Because the hash sent to the receiver is not
decoded, hashing is a one-way operation.
• Therefore, hashing is sometimes called one-way
encryption.
• Some common algorithms used for hashing are SHA1 (Secure Hash Algorithm 1) and MD5 (Message
Digital 5), both invented by RSA Security.
iNet+ Guide to the Internet, Third Edition
69
Virtual Private Networks
• A virtual private network (VPN) uses a public network
to provide a secure connection between two parts of
a private network or between a remote user and the
network.
• VPNs are gaining popularity with businesses
because they offer networking capabilities at reduced
costs.
iNet+ Guide to the Internet, Third Edition
70
Tunneling
• Tunneling is a process by which a packet is
encapsulated in a secure protocol before it is sent
over a public network.
• In VPNs that deal with the Internet, the packets are
encapsulated in one of several competing secure
protocols before they are embedded in the IP
protocol to travel the Internet.
• Figure 11-51 shows an example of tunneling.
iNet+ Guide to the Internet, Third Edition
71
Tunneling (Continued)
iNet+ Guide to the Internet, Third Edition
72
Data Link Layer Protocols
• Three tunneling protocols operate at the Data Link
layer of the OSI model: L2F, PPTP, and L2TP.
• PPTP (Point-to-Point Tunneling Protocol) is the
most common tunneling protocol.
• PPTP is based on Point-to-Point Protocol (PPP), a
remote-access standard that was created by
Microsoft that is used by both the Windows and
Macintosh operating systems for dial-up connections.
iNet+ Guide to the Internet, Third Edition
73
Data Link Layer Protocols (Continued)
• L2F (Layer 2 Forwarding) is a tunneling protocol
that was developed by Cisco and which works in a
way that is very similar to PPTP.
• It requires that the ISPs on both ends support the
L2F protocol.
• L2TP (Layer 2 Tunneling Protocol) is a combination
of PPTP and L2F that enables ISPs to operate VPNs.
• All of the Data Link layer protocols encode data so
that it can be transmitted in private across the
Internet.
iNet+ Guide to the Internet, Third Edition
74
IPsec
• IPsec (Internet Protocol Security) was developed
by the Internet Engineering Task Force (IETF) to be
used as a standard platform for creating secure
networks and electronic tunnels.
• IPsec is a suite of protocols that is used for secure
private communications over the Internet.
• IPsec uses three keys: a public key, a private key,
and a session key. See Figure 11-53 on page 696.
iNet+ Guide to the Internet, Third Edition
75
VPN Hardware and Software
• A VPN needs three components for optimum
performance, though not all parts are necessary if the
network doesn’t need a high degree of security:
– A security gateway that controls access to the private
network.
– A certificate authority (either internal or external to the
company) to issue and revoke public keys, private
keys, and digital certificates.
– A security policy server to authenticate users trying to
access the network.
iNet+ Guide to the Internet, Third Edition
76
VPN Hardware and Software (Continued)
• A security gateway is a firewall that stands between
the Internet and private network.
• The security policy server is responsible for
authenticating those users who have access to the
private network.
• It can be as simple as a Windows NT server that is
managing user IDs and passwords, or it can be more
sophisticated.
iNet+ Guide to the Internet, Third Edition
77
Summary
• In a DDoS attack, a hacker has remote control of
hundreds of computers over a large geographical
area and commands them to send false requests to a
Web server or other Internet device.
• Most systems cannot handle Ping requests with
packets over 64 bytes.
• Another form of mail flooding occurs when mailboxes
are inundated with spam, or unsolicited e-mail
messages.
iNet+ Guide to the Internet, Third Edition
78
Summary (Continued)
• Phishing occurs when an individual sends fraudulent
e-mail messages pretending to be a legitimate
business in hopes of enticing users to reveal
sensitive information, such as bank account
information, Social Security numbers, or credit card
numbers.
• Worms are self-replicating and can infect computers
attached to the Internet or a local area network.
iNet+ Guide to the Internet, Third Edition
79
Summary (Continued)
• A DMZ can be created using a screened host, a
bastion host, a three-homed firewall, or a back-toback firewall.
• Digital certificates provide digital signatures that
verify that the sender is actually who he says he is.
• Four tunneling protocols are currently used for virtual
private networks: L2F (Layer 2 Forwarding), PPTP
(Point-to-Point Tunneling Protocol), L2TP (Layer 2
Tunneling Protocol), and IPsec (Internet Protocol
Security)
iNet+ Guide to the Internet, Third Edition
80