of 79 /79
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. 1 Internet Security Simplifying Security. Module 6

Cscu module 06 internet security

Embed Size (px)

Text of Cscu module 06 internet security

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    1

    Internet Security

    Simplifying Security.

    Module 6

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    2

    OnMonday,theObamaadministrationproposedamuchneededinternationalefforttobolsterthesecurityoftheInternet.Itsneededbecausecyberspacehascometoserveasbothacommunicationsmiracleand,potentially,oneofthegreatestthreatstooursecurityinthe21stcentury.

    Thatdescriptionmayseemlikehyperboleasitpullsintwocompletelydifferentdirections.Buttherearejustificationsforbothdescriptions.

    TheInternetisarguablythegreatesttechnologicalbreakthroughintroducedtooursocietysincethetelevision.Perhapsthatsmorehyperbole,unlessyouconsiderjusthowmuchofourworldnowistiedtoonlineaccessandinterconnectivity.The2010censusnotedthat68.7percentofallU.S.householdshaveInternetconnections;avastmajorityofbusinessesalsousetheWebformarketingorforinventorypurposes,amongothertools.

    Cyberspacehasbecomeastapleinourlives,evenifyoudonthaveanInternetconnectioninyourhomeoroffice.Ourbanking,ourmedicalrecords,ourcreditandourbusinessesarealllinkedinsomeformtotheWeb.So,too,ismuchofourinfrastructure,ourcommunicationandournationalsecurity.Oddsare,thereissomethingyouwant,relyonorneedeachdaythatisdependentonInternetconnectivityforyoutohaveit.Thatmaynotbeagamechangerintermsofhowyouliveyourlife,butitsdefinitely asoberingimpact.

    Our View: BolsteringInternet Security Is Imperative

    http://www.yankton.net

    May18,20111:15AMCDT

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    3

    Module ObjectivesInternetSecurity

    InternetExplorerSecuritySettings

    MozillaFirefoxSecuritySettings

    GoogleChromeSecuritySettings

    AppleSafariSecuritySettings

    InstantMessaging(IMing)

    SearchingontheWeb

    OnlineGamingandMMORPG

    OnlineGamingRisks

    SecurityPracticesSpecifictoGaming

    ChildOnlineSafety

    RoleofInternetinChildPornography

    ProtectingChildrenfromOnlineThreats

    HowtoReportaCrime?

    InternetSecurityLaws

    InternetSecurityChecklists

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    4

    Module Flow

    BrowserSecurity

    SearchEngineandIMSecurity

    OnlineGames

    ChildOnlineSafety

    InternetSecurityLaws

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    5

    39%

    10%

    8.72%

    5.87%

    UnitedStates

    France

    Russia

    Germany

    China

    UnitedKingdom

    Poland

    Canada

    Ukraine

    Hungary 1.84%

    1.97%

    2.03%

    2.43%

    2.68%

    5.04%

    Top 10 Malware Hosting Countries

    http://www.findmysoft.com

    Internet SecurityInternetsecurityinvolvesprotectinguserdatafromunauthorizedaccess anddamagewhenconnectedtotheInternet

    Aproperbrowserconfigurationhelpsinpreventingmalwareinfection,protectingpersonalinformation,andpreventingorlimitingthedamage fromancyberattack

    Onlineattackpaths: Emails Instantmessaging Chatrooms Filesharinganddownloads

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    6

    Internet Explorer Security SettingsLaunchInternetExplorer,clicktheTools button,andselectInternetoptionsSelecttheSecurity tab,whichdisplayswebsitesclassifiedintofourzones:1.Internet2.LocalIntranet3.Trustedsites4.Restrictedsites

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    7

    Internet Explorer Security Settings: Internet Zone

    TheInternetzoneisforalltheInternetwebsitesexceptforthoselistedintheTrusted orRestrictedzones

    ClickCustomlevel tosettheInternetzonesecuritysettings

    Disableorenabletherequiredoptions

    Movetheslidertochangethesecuritylevel

    SetthesecuritylevelforthezoneHightoensurehighersecurity

    Maintainingthehighersecuritylevelmaydegradetheperformanceofthebrowser

    ClickOK toapplythesettings

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    8

    Internet Explorer Security Settings: ActiveX Controls

    ActiveXcontrolsaresmallprogramsthatworkovertheInternetthroughthebrowser

    Theyincludecustomizedapplicationsthatarerequiredtogatherdata,viewselectfiles,andrunanimationswhentheuservisitswebsites

    MalwareisdownloadedontotheusersystemthroughActiveXcontrolswhenhe/shevisitsmaliciouswebsites

    DisabletheActiveXcontrolsandpluginsoptionsintheSecuritySettings window

    EnabletheAutomaticpromptingforActiveXcontrols option sothatthebrowserpromptswhenthereisarequirementofActiveXcontrolsandpluginstobeenabled

    ClickOK toapplythesettings

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    9

    Internet Explorer Security Settings: Local Intranet Zone

    LocalintranetzonecoversthesitesonintranetStepstoaddwebsitestoLocalintranet zone: SelectSecurity LocalIntranet ClickSites ClicktheAdvancedbutton EntertheURLintoAddthis

    websitetothezone columnandclickAdd

    ClickOK toapplythesettings

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    10

    Internet Explorer Security Settings: Trusted Sites Zone

    The Trustedsiteszonecontainsthosewebsitesthattheusersbelievewillnotdamagetheircomputersordata

    SelectSecurity Trustedsites ClicktheSites button EntertheURLintoAddthis

    websitetothezonecolumnandclickAdd

    ClickOK toapplythesettings

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    11

    Internet Explorer Security Settings: Restricted Zone

    TheRestrictedsiteszonerestrictstheaccesstothewebsitesthatmightcausedamagetoacomputer

    ToaddrestrictedwebsitestoRestrictedsiteszone: SelecttheSecurity tabandchoose

    Restrictedsites

    ClicktheSites button EnterthesiteURLintotheAddthis

    websitetothezone columntorestricttheaccess

    ClickAdd andthenclickOK toapplythesettings

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    12

    Understanding CookiesAcookieisinformationthatisprovidedbyawebservertowebbrowserandthensentbackunchangedbythebrowsereachtimeitaccessesthatserver

    Whenthewebsiteisrevisited,thebrowsersendstheinformationbacktoittohelprecognizetheuser

    Thisactivityisinvisibletotheuserandisgenerallyintendedtoimprovethewebsurfingexperience (forexample,atanonlinestore)

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    13

    Theusercanlimittheinformationthatisstoredinacookie

    Acookieisonlyatextfileandcannotsearchadriveforinformationorcarryavirus

    Toconfigurecookiesettings:

    ChooseInternetoptionsfromtheToolsmenuonthebrowser

    SelectthePrivacy tabandusetheslidertosetthelevelatlow,medium,mediumhigh,orhigh

    Blockalloracceptallcookiesdependingupontherequirement

    ChecktheTurnonPopupBlockeroptiontoblockthepopupsthatappearwhilevisitingsomewebsites

    Internet Explorer Privacy Settings

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    14

    Deleting Browsing History

    1. ChooseInternetoptionsfromtheToolsmenuonthebrowser

    2. GototheBrowsinghistorysection

    3. CheckthedesiredoptionsintheDeleteBrowsingHistorydialogbox

    4. ClickDelete todeletethebrowsinghistory

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    15

    Do Not Allow the Browser to Remember any Password

    InternetExplorerAutocompletePasswordprompt

    FirefoxRememberPasswordprompt

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    16

    SettingDownloadoptionsinInternetExplorer

    Securing File Downloads

    ToconfigurethedownloadsettingsforInternetExplorer,navigatetoTools Internetoptions gotoSecuritytab

    ClicktheCustomLevelbuttonintheSecuritySettingswindow

    IntheDownloadsmenuEnable theAutomaticpromptingtoFiledownloads andFiledownloadoptions

    ClickOK tosavethesettings

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    17

    Mozilla Firefox: Security SettingsLaunchtheMozillaFirefox browser

    ClicktheToolsmenuitemandselectOptions

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    18

    Mozilla Firefox: Security Settings

    SelectSecurity fromtheOptions window

    ChecktheoptionWarnmewhensitestrytoinstalladdons sothatthebrowserpromptsbeforeinstallingaddonstothebrowser

    ClicktheExceptions buttonandentertheURLintoAddressofWebsite boxandclickAllow tospecifywhichwebsitesareallowedtoinstalladdons

    ChecktheBlockreportedattacksites optiontoavoidvisitingmaliciouswebsites

    ChecktheoptionBlockreportedwebforgeriestoactivelycheckwhetherthesitebeingvisitedisanattempttostealpersonalinformation

    UnchecktheRememberpasswordsforsitesoptiontopreventthebrowserfromrememberingthepasswordsfortheloginpagesvisited

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    19

    Mozilla Firefox: Privacy Settings

    SelectPrivacy intheOptionswindow

    TheusercanchooseifFirefoxremembersthebrowsinghistory

    Clickclearyourrecenthistory

    SelecttheTimerangetoclearthehistory

    ChecktheoptionsrequiredtoclearthehistoryandclickClearNow

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    20

    Securing File Downloads

    DonotacceptfiledownloadsfromunknownmembersontheInternet Thesedownloadsmaycontainmalwarethatwill

    degradecomputerperformance

    FilearedownloadedbydefaulttoMyDocuments Downloads Theusermayconfigurethebrowsersettings

    sothathe/sheispromptedtospecifythelocationtosavethefile

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    21

    ToconfigurethedownloadsettingsforMozillaFirefox,navigatetoTool OptionsGeneral

    ChecktheoptionAlwaysaskmewheretosavethefile toallowthebrowsertoaskbeforedownloadingafileandtospecifythelocationtowhichitwillbedownloaded

    Thebrowserdirectlydownloadsthefiletothedefaultlocationwithoutanyintimation ifthisoptionisunchecked

    SettingDownloadoptionsinMozillaFirefox

    Securing File Downloads

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    22

    Installing Plugins

    1

    2

    3

    4

    The InstallMissingPluginsmessageappearswhileopeningsomewebsites

    Pluginsarerequiredtodisplayfiles,graphics orplayavideoonawebpage

    Checkifthesourceofmissingpluginsistrustworthy ornot

    Scanthedownloadedpluginusinganantivirus softwarebeforeinstalling it

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    23

    Google Chrome Privacy andSecurity Settings

    LaunchGoogleChrome

    Clicktheicon,thenselectOptions

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    24

    Google Chrome: Privacy Settings

    ClicktheUndertheHood tabinGoogleChromeOptions window

    UnderPrivacy, checkthedesiredwebservices

    ChecktheUseDNSprefetchingtoimprovepageloadperformance option

    DNSprefetchingstandsforDomainNameSystemprefetching Whentheuservisitsawebpage,Google

    ChromecanlookuporprefetchtheIPaddressesofalllinksonthewebpage

    ChecktheoptionEnablephishingandmalwareprotection topreventthebrowserfromopeninganymaliciouswebsites

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    25

    SecureSocketsLayer (SSL)isanInternetprotocolusedbymanywebsitestoensuresafedataencryptionandtransmission

    TheSSLsettinginwebbrowsersisturnedon bydefault

    SomewebsitesrequireolderversionofSSL2.0;checktheUseSSL2.0optioninsuchconditions

    Checkthecheckforservercertificaterevocation optiontoturnonrealtimeverificationforthevalidityofawebsite'scertificate

    Google Chrome: Security Settings

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    26

    LaunchtheSafaribrowser

    Tochangethesettings,selecttheiconandthenselectPreferences

    Apple Safari: Security Settings

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    27

    Apple Safari: Security Settings

    TheWebContentsectionpermitstheusertoenableordisablevariousformsofscriptingandactivecontent

    Itisrecommendedtoacceptcookiesonlyfromthesitesvisited

    Checkingthisoptionallowsthebrowsertowarntheuserbeforeopeninganywebsitethatisnotsecure

    SelecttheSecurity tabinthepreferenceswindow

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    28

    Testing the Browser for Privacy

    LaunchtheInternetbrowserandnavigatetohttp://privacy.net/analyze/ totesttheprivacy

    ClickClickheretotakethebrowsertestand analyzetheprivacyofyourInternetconnection

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    29

    Module Flow

    BrowserSecurity

    SearchEngineandIMSecurity

    OnlineGames

    ChildOnlineSafety

    InternetSecurityLaws

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    30

    Instant Messaging (IMing)InstantMessaging(IMing)allowstheusertointeractwithotherpeople ontheInternetusingasoftwareapplication

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    31

    Instant Messaging Security Issues

    IMWorm Awormthatharmsthecomputerandlocatesallthe

    contactsintheIMaddressbook

    TheIMWormtriestosenditselftoallthecontactsintheusersIMcontactlist

    SocialEngineering

    Socialengineeringdependsonhumaninteraction thatinvolvestrickingpeoplethroughIMandgettingtheirpersonalinformation

    SpamoverIM(SPIM)

    SPIMisspamdeliveredthroughIM insteadofdeliveringitthroughemail

    IMsystemssuchasYahoo!Messenger,AIM,WindowsLiveMessenger,andchatroomsinsocialnetworkingsitesarepopulartargetsforspammers

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    32

    Instant Messaging Security Measures

    DonotrevealpersonalinformationonIMs

    DonotacceptlinksreceivedfromunknownpeopleonIM

    SignoutoftheIMapplicationafterusingit

    Alwaysusestrongpasswords

    Blocktheuserswhosendunsolicitedweblinks

    DonotchecktheRememberpassword option

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    33

    Searching on the WebSearchenginesdisplayhundredsofresultsforasearchquery

    Notallthewebpageresultsobtainedbythesearchenginearesecure

    Tofilterthemalicioussearchresults,useanantivirusapplicationasanaddontothebrowserandEnable it

    ToaddAddons intheMozillaFirefoxbrowser,navigatetoTools Addons GetAddons

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    34

    Module Flow

    BrowserSecurity

    SearchEngineandIMSecurity

    OnlineGames

    ChildOnlineSafety

    InternetSecurityLaws

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    35

    Ithasalsobecomethetargetforattackersforthelargeamountsofmoneyinvolved

    Onlinegaminghasbecomeapopularpastime,especiallydue

    tohighspeedInternet andemergingtechnology

    IntheworldofMMORPGs,alsoknownasonlinegames,playerscanmeetotherplayers,becomefriends,engageinabattle,fightagainstevil,andplay

    MMORPGsarepopularworldwideandtherevenues

    forthesegamesarewelloverabilliondollars

    MassivelyMultiplayerOnlineRolePlayingGame (MMORPG)isatypeof computerroleplayinggames in

    whichalargenumberof players interactwithoneanother

    withina virtualgameworld

    Online Gaming and MMORPG

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    36

    Interactionswithpotentialfraudsterswhomaytrickthegamertorevealpersonal/financialinformation

    Computerintrudersexploitingsecurityvulnerabilities

    Online andrealworldpredators

    Malware suchasviruses,Trojanhorses(Trojans),computerworms,andspyware

    Online Gaming Risks

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    37

    Insecure or Compromised Game Servers and Game Coding

    Ifthesoftwareatthegameserveriscompromised,thecomputersthatareconnectedtotheservercanalsobecompromised

    Anygamewithanetworkconnection hasariskinvolved

    Theattackermayevenusethevulnerabilitiestocrashthegamingserver

    Thevulnerabilitiesinthegameservercanbeusedbytheattackersto: Stealgamepasswords Stealinformationfromthegamerscomputers Controlthegamerscomputersremotely Launchattacksonothercomputers InstallprogramssuchasTrojans,adware,spyware

    Thegamecodeisgenerallynotaswellanalyzed astheothersoftwarecoding

    Thismayresultinintroducingunknownvulnerabilitiesontothecomputer

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    38

    SocialEngineering

    IdentityTheft

    ProtectionSchemes

    CyberProstitution

    VirtualMugging

    Social Risks

    Theattackersmayusethesocialinteractionintheonlinegameenvironmenttoattacktheunprotectedcomputers ortoexploitsecurityvulnerabilities

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    39

    Attackersmaytrickthegamersintoinstallingmalicioussoftwareontheircomputersbysocialengineering

    Theyofferabonusorhelpinthegameinexchangeforotherplayerspasswordsorotherinformationinthegameforumsonagameserver

    Thegamerswhoarelookingforwaystomaketheplayeasierrespondtosuchoffers

    Attackerssendphishingemailssupposedlyfromthegameserveradministrators,whichwillinvitetheplayertoauthenticatehis/heraccountviaawebsite

    linkedinthemessage

    Social Engineering

    Note:GameMasters(GMs)ofagamewillneveraskagamerforhis/herusernameand/orpassword

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    40

    Message from a Gamer About a Password Stolen by a Malicious Program

    http://www.securelist.com

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    41

    OrganizedcrimehasemergedinSouthKoreangamingcommunity

    Thecriminalorganizationsforcethegamersintoprotectionschemes,wherethegamershavetopaymoney(virtualorreal)toavoidkillingofthegamerscharactersandtheftofthepasswords

    Onlinegamesarebeingusedforcyberprostitutionwherethecustomers/gamerspaymoneyforcybersex

    InTheSimsonline,aMassivelyMultiplayerOnline(MMO)game,a17yearolddevelopedacyberbrothel,wherethegamerspaidSimmoney(Simoleans)forcybersexperminute

    Thegamersaccountswereeventuallycancelled

    VirtualmuggingwascoinedwhensomeplayersofLineageIIusedbotstodefeatothergamersandtaketheiritems;theseitemswerelaterputonsaleinonlineauctions

    Protection Schemes

    Cyber Prostitution

    Virtual Mugging

    Protection Schemes, Cyber Prostitution,and Virtual Mugging

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    42

    http://www.securelist.com

    Stolenitemssuchaspasswordsorvirtualitemsareputonsaleonwebsites,suchaseBay,oronforums

    Thesearesoldtoothergamersforrealorvirtualmoney

    Thecybercriminalmayaskthegamerforransom inreturnforthisinformation

    How the Malicious Users Make Money

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    43

    Security Practices Specific to Gaming

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    44

    21

    SomegamesrequirethegametoberuninAdministratormode

    Ifthatisthecase,ensurethatthegamehasbeendownloadedfromatrustedwebsite/vendor

    Freedownloadsofgamesmaycontainmalicioussoftware,includingpluginstorunthegame

    Thissoftwaremaybeusedtogainadministratorlevelcontrol ofthecomputer

    Insteadofusingtheadministratoraccount,thegamerisadvisedtobrowsetheInternetorplaythegamesusingaUserAccount,whichmaydenytheattackeraccesstoadministratorrights

    3

    Recognize Administrator Mode Risks

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    45

    SomeofthegamesplayedoverthewebrequireActiveX orJavaScript tobeenabled

    Recognize Risks due to ActiveXand JavaScript

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    46

    Play the Game, Only at the Game Site

    PlaythegamesatthegamesiteandsavetheInternetbrowsing forlater

    Oncedonewithplayingthegame,switchtotheuseraccount tobrowsetheInternet

    Thisreducestheriskofvisitingamaliciouswebsitewhenplayingagame

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    47

    Playingcertainmultiplayergamesmayrequirethefirewallsettings tobechangedtoallowinformationfromthegametogetthroughtothegamerscomputers

    Everytimethepermissivesettingsarechangedonthefirewall,theriskofcomputersecurityconcernsincreases

    Pay Attention to Firewall Management

    Inthefirewalls,thegamercandesignatethefellowgamersIPaddressesastrustedtoavoidanyinteractions

    withtheattacker

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    48

    Module Flow

    BrowserSecurity

    SearchEngineandIMSecurity

    OnlineGames

    ChildOnlineSafety

    InternetSecurityLaws

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    49

    Therisksinvolvedwhenachildworksonlineinclude:

    Misdirectedsearches

    StealthsitesandmisleadingURLs

    Onlinesexualharassment

    Childpornography Grooming Cyberbullying

    Risks Involved Online

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    50

    Parentsmaytakealltheprecautionstoprotectthechildonline,butallthatcouldbenegatedwhenthechildisunconsciouslyledtovisitharmfulsites

    Whenausersearchesforwebsites,thesearchenginesdisplaytheresultsusingthemetavariables

    Searchenginesusetermsknownasmetavariablestoindexawebsite

    Pornsitepromotersaddpopularsearchtermstotheirmetavariablelist,toredirectthewebtraffictowardstheirsite

    Pornsitesmayusethewordssports,school,movies,etc.,tolurechildrentotheirwebsites

    Unlessafilteringsoftwareisused,thesearchenginescannotdistinguishbetweenthesearchrequestsofanadultandachild

    Misdirected Searches1

    2

    3

    4

    5

    6

    Example:asportswebsitemaybeindexedbythemetatermssoccer,football,scores,etc.

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    51

    Stealth Sites and Misleading URLs

    Pornographicwebsitesthriveonincreasedwebtraffic

    Pornographicsitesusecommontypoerrorstolurevisitorstotheirwebsites

    Childrenmayendupatapornographicwebsitejustbytypingwww.whitehouse.cominsteadofwww.whitehouse.gov

    Pornsitepromotersbuydomainnamessuchasthe.comequivalentofa.govora.orgwebsite,beingawarethatwebsurferswouldendupattheirwebsiteifthereisatypographicalerror

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    52

    Child Pornography, Grooming, and CyberbullyingChild Pornography Grooming Cyberbullying

    Underfederallaw(18U.S.C.2256),childpornographyisdefinedasanyvisualdepiction,includinganyphotograph,film,video,picture,orcomputerorcomputergeneratedimageorpicture,whethermadeorproducedbyelectronic,mechanical,orothermeans,ofsexuallyexplicitconduct,wheretheproductionofthevisualdepictioninvolvestheuseofaminorengaginginsexuallyexplicitconduct

    Groomingisanactofbefriending andestablishingemotionalconnectionwithchildren

    Childgroomingisusedforlesseningthechildsinhibitions andpreparingthemforchildabuse

    Theoffenderstargetchildrenthroughattention,affection,kindnessandsympathy,andoffergiftsand/ormoney

    Cyberbullyingoccurswhenachild,preteenorteen,isthreatened,harassed,and/orembarrassed usingtheInternetormobilephonesorothercommunicationmedia

    Cyberbullyingsigns: Upsetafterusingthe

    computer

    Refusetostepoutofthehouseortogotoschool

    Drawsawayfromfriendsandfamily

    http://www.missingkids.com

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    53

    Role of the Internet in Child Pornography

    TheInternetprovideseasyaccesstohugequantitiesofpornographicmaterials

    Itensurescompleteanonymity andprivacy

    Variouswebservicessuchasemails,newsgroups,andchatroomsfacilitatethesharing ofpornographicmaterials

    Itprovidesacosteffectivemediumforthetransferofpornographicmaterials

    ItenablespeoplewithanInternetconnectiontoaccesspornographicmaterialsatanytimeandanywhere

    Itsupportstransferofpornographicmaterialsinvariousformatsthatcanbestoredondifferentdigitalstoragedevices

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    54

    Effects of Pornography on Children

    Childvictimssufferfromdepression,anger,withdrawal,andotherpsychologicalproblems

    Physicalinjuriesduetomolestation,suchasgenitalbruisingorexposuretosexuallytransmitteddiseases

    Theyexperiencementalweaknesssuchas:

    Guiltandfeelingresponsiblefortheabuseandbetrayal

    Asenseofpowerlessnessandworthlessness

    Lowselfesteem

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    55

    Risks Involved in Social Networking Websites

    Peopleonthesocialnetworkingwebsitescanviewtheprofiles,photos,andvideosofotherpeopleonthatwebsite

    Thechildmayprovidetoomuchinformationonasocialnetworkingwebsite

    Onlinepredatorsmayusethisinformationforcyberbullying,identitytheft,orcyberexploitation

    OnlinepredatorsmaygetinformationsuchasemailIDs,telephonenumbers,residentialaddress,hobbies,interestsandmorefromtheirprofile

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    56

    Onlinepredatorsmayuseemailtechniquestostealinformationfromchildren

    Theymaysendspamemailsthatcontainpornographicmaterials orlinkstopornographicwebsites

    Thechildmayevenbeaskedtoregisteronthatwebsitebyprovidingpersonalinformation

    Unsolicited Emails

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    57

    Chat Rooms

    Onlinepredatorsmayusesocialengineeringtechniquestogetpersonalinformationfromchildreninachatroom

    Onlinepredatorsmayusechatroomstobuildcontactswithchildrenandthenleadthemintocyberprostitution

    Theymayalsousechatroomstosendslinkstowebsiteswithinappropriatecontent,suchaspornography

    Theymayalsosendmaliciouslinkstochildren,whichmayresultinthecomputergettinginfectedwithmalware

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    58

    Finding if Children are at Risk OnlineTheparentcanfindiftheirchildrenarefacinganyonlinethreatsfromthefollowingsymptoms:

    Pornographicmaterialispresentonthechildscomputer

    Thechildspendsmoretimesittingatthecomputer

    Thechildreceivesphonecallsand/orgiftsfromunknownpersons

    Thechildturnsoffthemonitororquicklychangesthescreenwhentheparententerstheirroom

    Thechildlooksdepressedanddoesnotshowanyinterestintalkingwithfamilyorfriends

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    59

    Ensurethatthechildknowsaboutdangersofcomputersexoffenders

    Monitor whatthechilddoesonthecomputer

    UsecallerIDonphonestodeterminewhoiscallingthechild,andblocknumbersthataresuspicious

    Monitorthechild'saccesstoalltypesofliveelectroniccommunicationssuchaschatrooms,instantmessages,InternetRelayChat,etc.

    Restrictaccesstothemalicious andpornwebsites usingInternetcontentfilteringsoftware

    Ifthechildismaintainingasocialnetworkingprofile,lookcloselyatwhatinformationtheyhavepostedintheirmemberprofiles andblogs,includingphotosandvideos

    Protecting Children from Online Threats

    Checkcreditcardstatements eachmonthforanyunusualchargesthatmayindicateunauthorizedpurchasesbyastrangeroryourchild

    Notifythepoliceifsomeonethechildmetonlinestartscallingthem,sendsgifts,ortryingtolurethemforrevealingsensitiveinformation

    Ensurethatthechilddoesnot: Providepersonalinformationsuchas

    name,address,phone,schoolname

    Meetanyoneonlinewithoutpermission

    Openemailsfromunknownsenders Sharetheirphotos/videos with

    strangersovertheInternet

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    60

    Encourage Children to Report

    Theparentsshouldencouragetheirchildrentoreportanyinappropriatebehavior theymayfaceonline

    Theparentscanencouragethechildtocometothemiftheyarebeingbulliedorarefacingonlinepredators

    Thechildrenmayalsobeencouragedtospeaktoatrustedindividualsuchasanaunt,uncle,oroldersibling,iftheyareuncomfortabletalking totheparents

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    61

    How to Report a Crime

    http://www.ic3.gov

    Internetcrimescanbereportedathttp://www.ic3.gov/complaint/default.aspxbyclickingReportInternetCrime

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    62

    WebblockingTohelppreventthechildfromviewinginappropriatecontent

    ProgramblockingTohelpblockgames,peerpeerfilesharing,etc.

    EmailblockingTohelpblockunknownemailaddressesandpreventchildrenfromcommunicatingwithpeopletheymetonline,throughemail

    TimelimitsTohelpcontroltheamountoftimethechildspendsonthecomputer

    IMfeaturesTohelpinrecordingandmonitoringtheIMchatsofthechild,thushelptheparentindeterminingifthechildisengagedinaninappropriatedialoguewithunknownpersons

    UsagereportsToprovideatimelyreportonthechildsInternetusageandIMhistorytomonitorthechildsonlineinteractions

    VideofilteringToensurethatthechilddoesnotviewinappropriatevideosonsitessuchasYouTube,butatthesametimeallowthechildtoviewuseful/funvideos

    SocialnetworkingfeaturesTohelpinrecordingandmonitoringthecontentthatthechildpostsonline,andtodetermineifthechildisbeingbulliedonline

    ChildrencanbeprotectedfromonlinethreatsbyinstallingappropriatesecuritysoftwareonthechildscomputerThefeaturesthataparentshouldlookforinthesoftwareinclude:

    Security Software for Protecting Children from Online Threats

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    63

    KidZui

    http://www.kidzui.com

    KidZuiisafreewebbrowser,searchengine,andonlineplayground forkids

    Ithasalargenumberofgames,websites,videos,andphotosreviewedbyparents andteachers

    Iteliminatestheneedforparentswhenkidsareonline

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    64

    Actions To Take When the Child Becomes an Online Victim

    ReporttheoffensetotheInternetServiceProvider

    (ISP)AlsoreporttotheoffendersISP

    Encouragethechildnottologintothewebsitewherebullyingoccurred

    Blocktheoffendersemailaddressandscreennamesothattheycannotcontactthechildanymore

    Changetheonlineinformation ofthechildanddeletethesocialnetworking

    accountsifnecessary

    Ignore anycontactfromtheonlinepredatororcyberbully

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    65

    Module Flow

    BrowserSecurity

    SearchEngineandIMSecurity

    OnlineGames

    ChildOnlineSafety

    InternetSecurityLaws

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    66

    Internet Laws

    Why you need to know Internet laws: Internet laws cover: Important laws:

    Defamation

    Intellectualproperty

    Patents

    Copyrights

    Privacyinfringement

    Childprotection,etc.

    USAPATRIOTAct

    ChildrensOnlinePrivacyProtectionAct(COPPA)

    TheDigitalMillenniumCopyrightAct

    CANSPAMAct

    ComputerMisuseAct1990

    EuropeanUnionDataProtectionDirective

    DataProtectionAct1998

    InternetusersshouldknowtheInternetlawstoleveragethedisputesagainstecommercevendors,fraudsters/Internetcriminals,etc.,

    KnowingtheInternetlawshelpstheuserstounderstandwhattheycanandcannotpostontheInternet

    Also,usersneedtoknowtheInternetlawstobeabletolegallyusetheimmensecontentpresentontheInternet

    Thewebspaceisavastterrainandwithplethoraofecommercesites,analyticalsites,sportssites,informationsites,businesssites,etc.SuchalargedomainrequiressupervisiontoprotectthenetizensfromInternetcriminals,attackers,etc.Internetlawsprotecttheusersfromimmoral/indecentacts,privacybreach,etc.,ontheInternet

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    67

    USA PATRIOT Act USAPATRIOT(UnitingandStrengtheningAmericabyProvidingAppropriateToolsRequiredtoInterceptandObstructTerrorism,USAPA),waspassedonOctober26,2001

    TITLEIIEnhancedSurveillanceProcedures,section216ofthePatriotact,giveslawenforcementauthoritiesaccess todialing,routing,andsignalinginformation

    Accordingtotheact,lawenforcementauthoritieshaveaccesstotheemailpackets(includesemailcontent)

    Undertheact,thegovernmentcancompeltheISPtoreleasethesubscriberinformationthatincludes:

    Customername Customeraddress Modeofpayment Creditcardinformation Bankaccountinformation

    Section212oftheactallowstheISPstovoluntarilydisclosethecustomerinformation includingthecustomerrecordsandallelectronictransmissions(email,voicetransmissions)

    TheISPsmaychoosetorevealthecustomerinformation iftheybelievethatthereisriskofdeathorbodilyinjurytoanindividual/group

    Section220oftheactallowsfornationwidesearchwarrantsforemail

    ThisgivestheauthoritiestherighttosearchasuspectwithouthavingtogototheplaceoftheISP

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    68

    Childrens Online Privacy Protection Act (COPPA)

    TheCOPPAisrelevanttotheonlinecollectionofpersonalinformationfromchildrenbelowtheageof13Theactdictates:

    WhatawebsiteownermustincludeintheprivacypolicyWhenandhowtheverifiableconsentcanberequestedfromtheparentsTheresponsibilityofthewebsiteownerinprotectingthechildrensonlinesafetyandprivacy

    Everyoperatorofawebsiteoronlineservicewhocollectsthepersonalinformationofchildren,knowingly,mustcomplywithCOPPATheoperatormustincludealinktotheprivacypolicyofthewebsiteonthehomepage

    Theprivacypolicyshouldinclude:Thenameandcontactinformationofalltheoperatorscollecting/maintainingthepersonalinformation

    Thekindofpersonalinformationthatwillbecollected

    Howtheoperatorintendstousethepersonalinformation

    Whethertheoperatorreleasesthepersonalinformationtothirdparties

    Iftheparentsconsentisrequiredforreleasingtheinformationtothirdparties

    Theprocedurethattheparentsshouldfollowtocontroltheirchildrenspersonalinformation

    Accordingtotheact,theoperatorshould:Notifytheparentsthathe/sheintendstocollecttheirchildrensinformation

    Askfortheparentsconsentbeforereleasingtheinformationtothethirdparties/publicdisclosure

    Informtheparentsabouttheinternaluseofthepersonalinformation

    Informtheparentsifthereareanychangesintheprivacypolicy

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    69

    TheDigitalMillenniumCopyrightAct(DMCA)1998wassignedintolawbyPresidentClinton

    TheEuropeanUnionCopyrightDirective(EUCD)addressessomeofthesamecopyrightinfringementissuesastheDMCA

    Accordingtotheact,anyinfringementofthecopyrightedmaterialisacriminaloffense

    The Digital Millennium CopyrightAct

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    70

    Highlights of DMCA

    Banstheproduction,sale,ordistributionofcodecrackingtoolstoillegallycopysoftware

    Permitsthecrackingofcopyrightprotectedsoftwaretoperformencryptionresearchandtestcomputersecuritysystems

    Nonprofitlibraries,educationalinstitutions,etc.,areexemptedfromtheactundercertaincircumstances

    ISPsareexemptforsimplytransmittinginformationovertheInternet

    ISPsare,however,requiredtoremovethecopyrightinfringingmaterialsfromuserwebsites

    Webcastersarerequiredtopaylicensingfeetotherecordingcompanies

    Circumventinganyantipiracymeasuresbuiltintocommercialsoftwareisacrime

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    71

    The CANSPAMactwassignedintolawby theU.S.President GeorgeW.Bush onDecember16,2003

    Theactestablishesthestandardsforsendingcommercialemail

    TheCANSPAMact:Definestherulesforcommercialemail

    Establishestherequirementsforcommercialmessages

    Givesrecipientstherighttohavethesenderstopemailingthem

    EachemailthatviolatesCANSPAMactissubjecttopenaltiesofupto$16,000

    Donotusefalse ormisleading emailheaderinformationIfthemessageisanadvertisement,youarerequiredtodiscloseitclearlyYoushouldtelltherecipientshowtheycanoptoutofreceivingfurtheremailsfromyouYoushouldhonortherecipientsoptoutrequestwithin10businessdaysIfathirdpartyissendingemailsonyourbehalf,monitorwhattheyaresendingtotherecipients

    CAN-SPAM Act

    Requirements

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    72

    Computer Misuse Act 1990

    Theactmakescertainactivitiesillegalsuchas:

    Hackingintootheruserscomputers

    Misusingsoftware

    Helpinganattackergainaccesstosecuredfiles/documentsinanotheruserscomputer

    The ComputerMisuseAct1990 isanactofthe UKParliament

    Theactdefinesthreecomputermisuseoffenses:

    Unauthorizedaccesstocomputermaterial

    Unauthorizedaccesswithintenttocommitorfacilitatecommissionoffurtheroffenses

    Unauthorizedmodificationofcomputermaterial

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    73

    The95/46/ECdirectiveprovidesguidelinestoEuropeanUnionmemberstatesforindividualsprivacyanddataprotection

    Thedirectiveregulatestheprocessingofpersonaldataregardlessofwhethersuchprocessingisautomatedornot

    Section1ofthedirectiveprovidestheprinciplesrelatingtodataquality,section2providescriteriaformakingdataprocessinglegitimateandsection5definesthedatasubject'srightofaccesstodata

    Accordingtosection1ofthedirective,MemberStatesshallprovidethatpersonaldatamustbecollectedforspecified,explicitandlegitimatepurposesandnotfurtherprocessedinawayincompatiblewiththosepurposes

    Section2statesthatMemberStatesshallprovidethatpersonaldatamaybeprocessedonlyifthedatasubjecthasunambiguously givenhisconsent

    Section5statesthatMemberStatesshallguaranteeeverydatasubjecttherighttoobtainfromthecontrollerwithoutconstraintatreasonableintervalsandwithoutexcessivedelay

    European Union Data Protection Directive (95/46/EC)

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    74

    DataProtectionAct1998definesUKlawontheprocessingofdataonidentifiablelivingpeopleandisthemainpieceoflegislationthatgovernstheprotectionofpersonaldata intheUK

    Itprotectspeople'sfundamentalrightsandfreedoms andinparticulartheirrighttoprivacywithrespecttotheprocessingofpersonaldata

    Personal Data

    Authorization

    Right To Privacy

    Datamustnotbedisclosedtootherpartieswithouttheconsentoftheindividualwhomitisabout,unlessthereislegislationorotheroverridinglegitimatereasontosharetheinformation

    Itisanoffenceforotherpartiestoobtainthispersonaldatawithoutauthorization

    Explicit Consent

    Data Protection Act 1998 (UK)

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    75

    Module Summary

    InternetsecurityinvolvesprotectinguserdataandinformationfromunauthorizedaccesswhenconnectedtotheInternet

    Scanthefiledownloadswithupdatedantivirussoftwaretocheckforthepresenceofmalware Onlinegaminghasbecomeapopularpasttime,especiallyduetohighspeedInternetandemerging

    technology

    Ifthesoftwareatthegameserveriscompromised,thecomputersthatareconnectedtotheservercanalsobecompromised

    Parentsmaytakeallprecautionstoprotectthechildonline,butallthatcouldbenegatedwhenthechildisunconsciouslyledtovisitharmfulsites

    Childrencanbeprotectedfromonlinethreatsbyinstallingappropriatesecuritysoftwareonthechildscomputer

    Internetlawsprotectusersfromimmoral/indecentactsandprivacybreachontheInternet KnowingtheInternetlawshelpstheuserstounderstandwhattheycanandcannotpostonthe

    Internet

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    76

    Internet Security Checklists

    Regularlyupdateyouroperatingsystem andotherinstalledapplications

    Setupafirewall tocontroltheflowofinformation

    Ensurethatyouhavethelatestwebbrowserinstalled onthesystemandupdateitregularly

    Installasafebrowsingtool thatwarnsaboutreportedphishingsitesandblocksaccesstotheaddresses

    Ensurethatyouareconnectedtoasecurednetwork whenusingawirelessnetwork

    Neverrespondtounsolicitedemail offersorrequestsforinformation

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    77

    Internet Security Checklists

    Donotdownloadfilesfromunknownsources

    Donotgiveoutpersonallyidentifiableinformation whenregisteringwithwebsites/applications

    Donotclickanypopups thatappearwhilebrowsingwebsites

    Donotclickthelinkssentbyunknownusers

    Regularlyscanyoursystem forviruses,worms,Trojans,spyware,keyloggersandothermalwareusingantivirus

    Updatetheantivirusapplication onaregularbasis

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    78

    Internet Security Checklists

    DisconnectfromtheInternetifanythingsuspiciousisfoundonthecomputer

    AlwayschecktheAddressbarforcorrectURL

    Alwayscheckthewebsitecertificate,SSLpadlocksandHTTPs

    Usestrongpasswordsandchangethematregularintervals

    DonotenableActiveXandJavaScriptfeatures

    Regularlybackuptheimportantfiles

    RemoveunnecessaryprotocolsfromtheInternetinterface

    Checkrouterorfirewalllogs toidentifyabnormalnetworkconnectionstotheInternet

  • CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    79

    Checklist for Parents to Protect Their Child from Online Threats

    Talktochildrenaboutwhattheydoonthecomputer

    Getaprofileonthesocialnetworkingsitethechildison

    Reviewthelistofthechildsfriends

    Beinformedofthechallengesofsocialnetworking

    Checkifanyoneistryingtoimpersonatethechildonline

    EncouragethechildtousethechildsafeapplicationssuchasKidZui