Download pdf - Cscu module 06 internet security

Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.

1

Internet Security

Simplifying Security.

Module 6


2

On Monday, the Obama administration proposed a much‐needed international effort to bolster the security of the Internet. It’s needed because cyberspace has come to serve as both a communications miracle and, potentially, one of the greatest threats toour security in the 21st century.

That description may seem like hyperbole as it pulls in two completely different directions. But there are justifications for bothdescriptions.

The Internet is arguably the greatest technological breakthrough introduced to our society since the television. Perhaps that’s morehyperbole, unless you consider just how much of our world now is tied to online access and interconnectivity.The 2010 census noted that 68.7 percent of all U.S. households have Internet connections; a vast majority of businesses also use the Web for marketing or for inventory purposes, among other tools.

Cyberspace has become a staple in our lives, even if you don’t have an Internet connection in your home or office. Our banking, our medical records, our credit and our businesses are all linked in some form to the Web. So, too, is much of our infrastructure, our communication and our national security. Odds are, there is something you want, rely on or need each day that is dependent onInternet connectivity for you to have it. That may not be a game‐changer in terms of how you live your life, but it’s definitely a sobering impact.

Our View: Bolstering Internet Security Is Imperative

http://www.yankton.net

May 18, 2011 1:15 AM CDT


3

Module ObjectivesInternet Security

Internet Explorer Security Settings

Mozilla Firefox Security Settings

Google Chrome Security Settings

Apple Safari Security Settings

Instant Messaging (IMing)

Searching on the Web

Online Gaming and MMORPG

Online Gaming Risks

Security Practices Specific to Gaming

Child Online Safety

Role of Internet in Child Pornography

Protecting Children from Online Threats

How to Report a Crime?

Internet Security Laws

Internet Security Checklists


4

Module Flow

Browser Security

Search Engine and IM Security

Online Games

Child Online Safety



5

39%

10%

8.72%

5.87%

United States

France

Russia

Germany

China

United Kingdom

Poland

Canada

Ukraine

Hungary 1.84%

1.97%

2.03%

2.43%

2.68%

5.04%

Top 10 Malware Hosting Countries

http://www.findmysoft.com

Internet SecurityInternet security involves protecting user data from unauthorized access and damage when connected to the Internet

A proper browser configuration helps in preventing malware infection, protecting personal information, and preventing or limiting the damage from an cyber attack

Online attack paths:

Emails

Instant messaging

Chat rooms

File sharing and downloads


6

Internet Explorer Security SettingsLaunch Internet Explorer, click the Tools button, and select Internet options

Select the Security tab, which displays websites classified into four zones:

1. Internet 2. Local Intranet 3. Trusted sites 4. Restricted sites


7

Internet Explorer Security Settings: Internet Zone

The Internet zone is for all the Internet websites except for those listed in the Trusted or Restricted zones

Click Custom level to set the Internet zone security settings

Disable or enable the required options

Move the slider to change the security level

Set the security level for the zone Highto ensure higher security

Maintaining the higher security level may degrade the performance of the browser

Click OK to apply the settings


8

Internet Explorer Security Settings: ActiveX Controls

ActiveX controls are small programs that work over the Internet through the browser

They include customized applications that are required to gather data, view select files, and run animations when the user visits websites

Malware is downloaded onto the user system through ActiveX controls when he/she visits malicious websites

Disable the ActiveX controls and plug‐ins options in the Security Settings window

Enable the Automatic prompting for ActiveX controls option so that the browser prompts when there is a requirement of ActiveX controls and plug‐ins to be enabled



9

Internet Explorer Security Settings: Local Intranet Zone

Local intranet zone covers the sites on intranet

Steps to add websites to Local intranet zone: Select Security Local Intranet

Click Sites

Click the Advanced button

Enter the URL into Add this website to the zone column and click Add



10

Internet Explorer Security Settings: Trusted Sites Zone

The Trusted sites zone contains those websites that the users believe will not damage their computers or data

Select Security Trusted sites

Click the Sites button

Enter the URL into Add this website to the zone column and click Add



11

Internet Explorer Security Settings: Restricted Zone

The Restricted sites zone restricts the access to the websites that might cause damage to a computer

To add restricted websites to Restricted sites zone: Select the Security tab and choose

Restricted sites

Click the Sites button

Enter the site URL into the Add this website to the zone column to restrict the access

Click Add and then click OK to apply the settings


12

Understanding CookiesA cookie is information that is provided by a web server to web browser and then sent back unchanged by the browser each time it accesses that server

When the website is revisited, the browser sends the information back to it to help recognize the user

This activity is invisible to the user and is generally intended to improve the web surfing experience (for example, at an online store)


13

The user can limit the information that is stored in a cookie

A cookie is only a text file and cannot search a drive for information or carry a virus

To configure cookie settings:

Choose Internet options from the Toolsmenu on the browser

Select the Privacy tab and use the slider to set the level at low, medium, medium‐high, or high

Block all or accept all cookies depending upon the requirement

Check the Turn on Pop‐up Blocker option to block the pop‐ups that appear while visiting some websites

Internet Explorer Privacy Settings


14

Deleting Browsing History

1. Choose Internet optionsfrom the Toolsmenu on the browser

2. Go to the Browsing historysection

3. Check the desired options in the Delete Browsing History dialog box

4. Click Delete to delete the browsing history


15

Do Not Allow the Browser to Remember any Password

Internet Explorer Autocomplete Password prompt

Firefox Remember Password prompt


16

Setting Download options in Internet Explorer

Securing File Downloads

To configure the download settings for Internet Explorer, navigate to Tools Internet options go toSecurity tab

Click the Custom Level button in the Security Settings window

In the Downloadsmenu Enable the Automatic prompting to File downloads and File downloadoptions

Click OK to save the settings


17

Mozilla Firefox: Security SettingsLaunch the Mozilla Firefox browser

Click the Toolsmenu item and select Options


18

Mozilla Firefox: Security Settings

Select Security from the Options window

Check the option Warn me when sites try to install add‐ons so that the browser prompts before installing add‐ons to the browser

Click the Exceptions button and enter the URL into Address of Website box and click Allow to specify which websites are allowed to install add‐ons

Check the Block reported attack sites option to avoid visiting malicious websites

Check the option Block reported web forgeriesto actively check whether the site being visited is an attempt to steal personal information

Uncheck the Remember passwords for sitesoption to prevent the browser from remembering the passwords for the login pages visited


19

Mozilla Firefox: Privacy Settings

Select Privacy in the Optionswindow

The user can choose if Firefox remembers the browsing history

Click clear your recent history

Select the Time range to clearthe history

Check the options required to clear the history and click Clear Now


20


Do not accept file downloads from unknown members on the Internet These downloads may contain malware that will

degrade computer performance

File are downloaded by default to My Documents Downloads The user may configure the browser settings

so that he/she is prompted to specify the location to save the file


21

To configure the download settings for Mozilla Firefox, navigate to Tool Options General

Check the option Always ask me where to save the file to allow the browser to ask before downloading a file and to specify the location to which it will be downloaded

The browser directly downloads the file to the default locationwithout any intimation if this option is unchecked

Setting Download options in Mozilla Firefox



22

Installing Plugins

1

2

3

4

The Install Missing Pluginsmessage appears while opening some websites

Plug‐ins are required to display files, graphics or play a videoon a webpage

Check if the source of missing plug‐ins is trustworthy or not

Scan the downloaded plug‐in using an antivirus software before installing it


23

Google Chrome Privacy andSecurity Settings

Launch Google Chrome

Click the icon, then select Options


24

Google Chrome: Privacy Settings

Click the Under the Hood tab in Google Chrome Options window

Under Privacy, check the desired web services

Check the Use DNS pre‐fetching to improve page load performance option

DNS pre‐fetching stands for Domain Name System pre‐fetching

When the user visits a webpage, Google Chrome can look up or pre‐fetch the IP addresses of all links on the webpage

Check the option Enable phishing and malware protection to prevent the browser from opening any malicious websites


25

Secure Sockets Layer (SSL) is an Internet protocol used by many websites to ensure safe data encryption and transmission

The SSL setting in web browsers is turned on by default

Some websites require older version of SSL 2.0; check the Use SSL 2.0 option in such conditions

Check the check for server certificate revocation option to turn on real‐time verification for the validity of a website's certificate

Google Chrome: Security Settings


26

Launch the Safari browser

To change the settings, select the icon and then select Preferences

Apple Safari: Security Settings


27

Apple Safari: Security Settings

The Web Content section permits the user to enable or disable various forms of scripting and active content

It is recommended to accept cookies only from the sites visited

Checking this option allows the browser to warn the user before opening any website that is not secure

Select the Security tab in the preferences window


28

Testing the Browser for Privacy

Launch the Internet browser and navigate to http://privacy.net/ analyze/ to test the privacy

Click Click here to take the browser test and analyze the privacy of your Internet connection


29

Module Flow

Browser Security


Online Games

Child Online Safety



30

Instant Messaging (IMing)Instant Messaging (IMing) allows the user to interact with other people on the Internet using a software application


31

Instant Messaging Security Issues

IMWorm

A worm that harms the computer and locates all the contacts in the IM address book

The IMWorm tries to send itself to all the contacts in the user’s IM contact list

Social Engineering

Social engineering depends on human interaction that involves tricking people through IM and getting their personal information

Spam over IM( SPIM)

SPIM is spam delivered through IM instead of delivering it through email

IM systems such as Yahoo! Messenger, AIM, Windows Live Messenger, and chat rooms in social networking sites are popular targets for spammers


32

Instant Messaging Security Measures

Do not reveal personal information on IMs

Do not accept links received from unknown people on IM

Sign out of the IM application after using it

Always use strong passwords

Block the users who send unsolicited web‐links

Do not check the Remember password option


33

Searching on the WebSearch engines display hundreds of results for a search query

Not all the web page results obtained by the search engine are secure

To filter the malicious search results, use an antivirus application as an add‐on to the browser and Enable it

To add Add‐ons in the Mozilla Firefox browser, navigate to Tools Add‐ons Get Add‐ons


34

Module Flow

Browser Security


Online Games

Child Online Safety



35

It has also become the target for attackers for the large amounts of money involved

Online gaming has become a popular pastime, especially due

to high‐speed Internet and emerging technology

In the world of MMORPGs, also known as online games, players can meet other players, become friends, engage in a battle, fight against evil, and play

MMORPGs are popular worldwide and the revenues

for these games are well over a billion dollars

Massively Multiplayer Online Role‐Playing Game (MMORPG) is a type of computer role‐playing games in

which a large number of players interact with one another

within a virtual game world

Online Gaming and MMORPG


36

Interactions with potential fraudsters who may trick the gamer to reveal personal/financial information

Computer intruders exploiting security vulnerabilities

Online and real‐world predators

Malware such as viruses, Trojan horses (Trojans), computer worms, and spyware

Online Gaming Risks


37

Insecure or Compromised Game Servers and Game Coding

If the software at the game server is compromised, the computers that are connected to the server can also be compromised

Any game with a network connection has a risk involved

The attacker may even use the vulnerabilities to crash the gaming server

The vulnerabilities in the game server can be used by the attackers to: Steal game passwords Steal information from the gamers’ computers Control the gamers’ computers remotely Launch attacks on other computers Install programs such as Trojans, adware, spyware

The game code is generally not as well analyzed as the other software coding

This may result in introducing unknown vulnerabilitiesonto the computer


38

Social Engineering

Identity Theft

Protection Schemes

Cyber Prostitution

Virtual Mugging

Social Risks

The attackers may use the social interaction in the online game environment to attack the unprotected computers or to exploit security vulnerabilities


39

Attackers may trick the gamers into installing malicious software on their computers by social engineering

They offer a bonus or help in the game in exchange for other players’ passwords or other information in the game forums on a game server

The gamers who are looking for ways to make the play easier respond to such offers

Attackers send phishing emails supposedly from the game server administrators, which will invite the player to authenticate his/her account via a website

linked in the message

Social Engineering

Note: Game Masters (GMs) of a game will never ask a gamer for his/her username and/or password


40

Message from a Gamer About a Password Stolen by a Malicious Program

http://www.securelist.com


41

Organized crime has emerged in South Korean gaming community

The criminal organizations force the gamers into protection schemes, where the gamers have to pay money (virtual or real) to avoid killing of the gamers’ characters and theft of the passwords

Online games are being used for cyber prostitution where the customers/gamers pay money for cybersex

In The Sims online, a Massively Multiplayer Online (MMO) game, a 17‐year‐old developed a cyber “brothel”, where the gamers paid Sim‐money (Simoleans) for cybersex per minute

The gamers’ accounts were eventually cancelled

Virtual mugging was coined when some players of Lineage IIused bots to defeat other gamers and take their items; these items were later put on sale in online auctions

Protection Schemes

Cyber Prostitution

Virtual Mugging

Protection Schemes, Cyber Prostitution,and Virtual Mugging


42

http://www.securelist.com

Stolen items such as passwords or virtual items are put on sale on websites, such as eBay, or on forums

These are sold to other gamers for real or virtual money

The cyber criminal may ask the gamer for ransom in return for this information

How the Malicious Users Make Money


43

Security Practices Specific to Gaming


44

21

Some games require the game to be run in Administrator mode

If that is the case, ensure that the game has been downloaded from a trusted website/vendor

Free downloads of games may contain malicious software, including plugins to run the game

This software may be used to gain administrator level control of the computer

Instead of using the administrator account, the gamer is advised to browse the Internet or play the games using a User Account, which may deny the attacker access to administrator rights

3

Recognize Administrator Mode Risks


45

Some of the games played over the web require ActiveX or JavaScript to be enabled

Recognize Risks due to ActiveXand JavaScript


46

Play the Game, Only at the Game Site

Play the games at the game site and save the Internet browsing for later

Once done with playing the game, switch to the user account to browse the Internet

This reduces the risk of visiting a malicious websitewhen playing a game


47

Playing certain multiplayer games may require thefirewall settings to be changed to allow information from the game to get through to the gamers’ computers

Every time the permissive settings are changed on the firewall, the risk of computer security concerns increases

Pay Attention to Firewall Management

In the firewalls, the gamer can designate the fellowgamers’ IP addresses as trusted to avoid any interactions

with the attacker


48

Module Flow

Browser Security


Online Games

Child Online Safety



49

The risks involved when a child works online include:

Misdirected searches

Stealth sites and misleading URLs

Online sexual harassment

Child pornography

Grooming

Cyberbullying

Risks Involved Online


50

Parents may take all the precautions to protect the child online, but all that could be negated when the child is unconsciously led to visit harmful sites

When a user searches for websites, the search engines display the results using the meta variables

Search engines use terms known as “meta variables” to index a website

Porn site promoters add popular search terms to their meta variable list, to redirect the web traffic towards their site

Porn sites may use the words “sports”, “school”, “movies”, etc., to lure children to their websites

Unless a filtering software is used, the search engines cannot distinguish between the search requests of an adult and a child

Misdirected Searches1

2

3

4

5

6

Example: a sports website may be indexed by the meta terms “soccer”, “football”, “scores”, etc.


51

Stealth Sites and Misleading URLs

Pornographic websites thrive on increased web traffic

Pornographic sites use common typo errors to lure visitors to their websites

Children may end up at a pornographic website just by typing “www.whitehouse.com” instead of “www.whitehouse.gov”

Porn site promoters buy domain names such as the “.com” equivalent of a “.gov” or a “.org” website, being aware that web surfers would end up at their website if there is a typographical error


52

Child Pornography, Grooming, and CyberbullyingChild Pornography Grooming Cyberbullying

“Under federal law (18 U.S.C. §2256), child pornography is defined as any visual depiction, including any photograph, film, video, picture, or computer or computer‐generated image or picture, whether made or produced by electronic, mechanical, or other means, of sexually explicit conduct, where the production of the visual depiction involves the use of a minor engaging in sexually explicit conduct”

“Grooming” is an act of befriending and establishing emotional connection with children

Child grooming is used for lessening the child’s inhibitions and preparing them for child abuse

The offenders target children through attention, affection, kindness and sympathy, and offer gifts and/or money

Cyberbullying occurs when a child, preteen or teen, is threatened, harassed, and/or embarrassed using the Internet or mobile phones or other communication media

Cyberbullying signs:

Upset after using the computer

Refuse to step out of the house or to go to school

Draws away from friends and family

‐http://www.missingkids.com


53

Role of the Internet in Child Pornography

The Internet provides easy access to huge quantities of pornographic materials

It ensures complete anonymity and privacy

Various web services such as emails, newsgroups, and chat rooms facilitate the sharing of pornographic materials

It provides a cost‐effectivemedium for the transfer of pornographic materials

It enables people with an Internet connection to access pornographic materials at any time and anywhere

It supports transfer of pornographic materials in various formats that can be stored on different digital storage devices


54

Effects of Pornography on Children

Child victims suffer from depression, anger, withdrawal, and other psychological problems

Physical injuries due to molestation, such as genital bruising or exposure to sexually transmitted diseases

They experience mental weakness such as:

Guilt and feeling responsible for the abuse and betrayal

A sense of powerlessness and worthlessness

Low self‐esteem


55

Risks Involved in Social Networking Websites

People on the social networking websites can view the profiles, photos, and videos of other people on that website

The child may provide too much information on a social networking website

Online predators may use this information for cyberbullying, identity theft, or cyber exploitation

Online predators may get information such as email IDs, telephone numbers, residential address, hobbies, interests and more from their profile


56

Online predators may use email techniquesto steal information from children

They may send spam emailsthat contain pornographic materials or links to pornographic websites

The child may even be asked to register on that website by providing personal information

Unsolicited Emails


57

Chat Rooms

Online predators may use social engineering techniques to get personal information from children in a chat room

Online predators may use chat rooms to build contacts with children and then lead them into cyber prostitution

They may also use chat rooms to sends links to websites with inappropriate content, such as pornography

They may also send malicious links to children, which may result in the computer getting infected with malware


58

Finding if Children are at Risk OnlineThe parent can find if their children are facing any online threats from the following symptoms:

Pornographic material is present on the child’s computer

The child spends more time sitting at the computer

The child receives phone calls and/or gifts from unknown persons

The child turns off the monitor or quickly changes the screen when the parent enters their room

The child looks depressed and does not show any interest in talking with family or friends


59

Ensure that the child knows about dangers of computer‐sex offenders

Monitor what the child does on the computer

Use caller ID on phones to determine who is calling the child, and block numbers that are suspicious

Monitor the child's access to all types of live electronic communications such as chat rooms, instant messages, Internet Relay Chat, etc.

Restrict access to the malicious and porn websites using Internet content filtering software

If the child is maintaining a social networking profile, look closely at what information they have posted in their member profiles and blogs, including photos and videos

Protecting Children from Online Threats

Check credit card statements eachmonth for any unusual charges that may indicate unauthorized purchases by a stranger or your child

Notify the police if someone the child met online starts calling them, sends gifts, or trying to lure them for revealing sensitive information

Ensure that the child does not:

Provide personal information such as name, address, phone, school name

Meet anyone online without permission

Open emails from unknown senders

Share their photos/videos with strangers over the Internet


60

Encourage Children to Report

The parents should encourage their children to report any inappropriate behavior they may face online

The parents can encourage the child to come to them if they are being bullied or are facing online predators

The children may also be encouraged to speak to a trusted individual such as an aunt, uncle, or older sibling, if they are uncomfortable talking to the parents


61

How to Report a Crime

http://www.ic3.gov

Internet crimes can be reported at http://www.ic3.gov/complaint/default.aspx by clicking Report Internet Crime


62

Web blockingTo help prevent the child from viewing inappropriate content

Program blockingTo help block games, peer‐peer file sharing, etc.

Email blockingTo help block unknown email addresses and prevent children from communicating with people they met online, through email

Time limitsTo help control the amount of time the child spends on the computer

IM featuresTo help in recording and monitoring the IM chats of the child, thus help the parent in determining if the child is engaged in an inappropriate dialogue with unknown persons

Usage reportsTo provide a timely report on the child’s Internet usage and IM history to monitor the child’s online interactions

Video filteringTo ensure that the child does not view inappropriate videos on sites such as YouTube, but at the same time allow the child to view useful/fun videos

Social networking featuresTo help in recording and monitoring the content that the child posts online, and to determine if the child is being bullied online

Children can be protected from online threats by installing appropriate security software on the child’s computerThe features that a parent should look for in the software include:

Security Software for Protecting Children from Online Threats


63

KidZui

http://www.kidzui.com

KidZui is a free web browser, search engine, and online playground for kids

It has a large number of games, websites, videos, and photos reviewed by parents and teachers

It eliminates the need for parents when kids are online


64

Actions To Take When the Child Becomes an Online Victim

Report the offense to the Internet Service Provider

(ISP)Also report to the offender’s ISP

Encourage the child not to log into the website where bullying occurred

Block the offender’s email address and screen name so that they cannot contact the child anymore

Change the online information of the child and delete the social networking

accounts if necessary

Ignore any contact from the online predator or cyberbully


65

Module Flow

Browser Security


Online Games

Child Online Safety



66

Internet Laws

Why you need to know Internet laws: Internet laws cover: Important laws:

Defamation

Intellectual property

Patents

Copyrights

Privacy infringement

Child protection, etc.

USA PATRIOT Act

Children’s Online Privacy Protection Act (COPPA)

The Digital Millennium Copyright Act

CAN‐SPAM Act

Computer Misuse Act 1990

European Union Data Protection Directive

Data Protection Act 1998

Internet users should know the Internet laws to leverage the disputes against e‐commerce vendors, fraudsters/Internet criminals, etc.,

Knowing the Internet laws helps the users to understand what they can and cannot post on the Internet

Also, users need to know the Internet laws to be able to legally use the immense contentpresent on the Internet

The web space is a vast terrain and with plethora of e‐commerce sites, analytical sites, sports sites,information sites, business sites, etc.Such a large domain requires supervision to protect the netizens from Internet criminals, attackers, etc.Internet laws protect the users from immoral/indecent acts, privacy breach, etc., on the Internet


67

USA PATRIOT Act USA PATRIOT (Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism, USAPA),was passed on October 26, 2001

TITLE II‐Enhanced Surveillance Procedures, section 216 of the Patriot act, gives law enforcement authorities access to dialing, routing, and signaling information

According to the act, law enforcement authorities have access to the email packets(includes email content)

Under the act, the government can compel the ISP to release the subscriber information that includes:

Customer name

Customer address

Mode of payment

Credit card information

Bank account information

Section 212 of the act allows the ISPs to voluntarily disclose the customer information including the customer records and all electronic transmissions (email, voice transmissions)

The ISPs may choose to reveal the customer information if they believe that there is risk of death or bodily injury to an individual/group

Section 220 of the act allows for nationwide search warrants for email

This gives the authorities the right to search a suspect without having to go to the place of the ISP


68

Children’s Online Privacy Protection Act (COPPA)

The COPPA is relevant to the online collection of personal information from children below the age of 13The act dictates:

What a website owner must include in the privacy policyWhen and how the verifiable consent can be requested from the parentsThe responsibility of the website owner in protecting the children’s online safety and privacy

Every operator of a website or online service who collects the personal information of children, knowingly, must comply with COPPAThe operator must include a link to the privacy policy of the website on the home page

The privacy policy should include:The name and contact information of all the operators collecting/maintaining the personal information

The kind of personal information that will be collected

How the operator intends to use the personal information

Whether the operator releases the personal information to third parties

If the parents’ consent is required for releasing the information to third parties

The procedure that the parents should follow to control their children’s personal information

According to the act, the operator should:Notify the parents that he/she intends to collect their children’s information

Ask for the parents’ consent before releasing the information to the third parties/public disclosure

Inform the parents about the internal use of the personal information

Inform the parents if there are any changes in the privacy policy


69

The Digital Millennium Copyright Act (DMCA) 1998 was signed into law by President Clinton

The European Union Copyright Directive (EUCD) addresses some of the same copyright infringement issues as the DMCA

According to the act, any infringement of the copyrighted material is a criminal offense

The Digital Millennium CopyrightAct


70

Highlights of DMCA

Bans the production, sale, or distribution of code cracking tools to illegally copy software

Permits the cracking of copyright‐protected software to perform encryption research and test computer security systems

Nonprofit libraries, educational institutions, etc., are exempted from the act under certain circumstances

ISPs are exempt for simply transmitting information over the Internet

ISPs are, however, required to remove the copyright‐infringing materials from user websites

Webcasters are required to pay licensing fee to the recording companies

Circumventing any anti‐piracy measures built into commercial software is a crime


71

The CAN‐SPAM act was signed into law by the U.S. President George W. Bush on December 16, 2003

The act establishes the standards for sending commercial email

The CAN‐SPAM act:Defines the rules for commercial email

Establishes the requirements for commercial messages

Gives recipients the right to have the sender stop emailing them

Each email that violates CAN‐SPAM act is subject to penalties of up to $16,000

Do not use false or misleading email header information

If the message is an advertisement, you are required to disclose it clearly

You should tell the recipients how they can opt out of receiving further emails from you

You should honor the recipients opt‐out request within 10 business days

If a third party is sending emails on your behalf, monitor what they are sending to the recipients

CAN-SPAM Act

Requirements


72

Computer Misuse Act 1990

The act makes certain activities illegal such as:

Hacking into other users’ computers

Misusing software

Helping an attacker gain access to secured files/documents in another user’s computer

The Computer Misuse Act 1990 is an act of the UK Parliament

The act defines three computer misuse offenses:

Unauthorized access to computer material

Unauthorized access with intent to commit or facilitate commission of further offenses

Unauthorized modification of computer material


73

The 95/46/EC directive provides guidelines to European Union member states for individuals’ privacy and data protection

The directive regulates the processing of personal data regardless of whether such processing is automated or not

Section 1of the directive provides the principles relating to data quality, section 2 provides criteria for making data processing legitimate and section 5 defines the data subject's right of access to data

According to section 1 of the directive, Member States shall provide that personal data must be collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes

Section 2 states that Member States shall provide that personal data may be processed only if the data subject has unambiguously given his consent

Section 5 states that Member States shall guarantee every data subject the right to obtain from the controller without constraint at reasonable intervals and without excessive delay

European Union Data Protection Directive (95/46/EC)


74

Data Protection Act 1998 defines UK law on the processing of data on identifiable living people and is the main piece of legislation that governs the protection of personal data in the UK

It protects people's fundamental rights and freedoms and in particular their right to privacy with respect to the processing of personal data

Personal Data

Authorization

Right To Privacy

Data must not be disclosed to other parties without the consent of the individual whom it is about, unless there is legislation or other overriding legitimate reason to share the information

It is an offence for other parties to obtain this personal data without authorization

Explicit Consent

Data Protection Act 1998 (UK)


75

Module Summary

Internet security involves protecting user’ data and information from unauthorized access when connected to the Internet

Scan the file downloads with updated antivirus software to check for the presence of malware

Online gaming has become a popular pasttime, especially due to high‐speed Internet and emerging technology

If the software at the game server is compromised, the computers that are connected to the server can also be compromised

Parents may take all precautions to protect the child online, but all that could be negated when the child is unconsciously led to visit harmful sites

Children can be protected from online threats by installing appropriate security software on the child’s computer

Internet laws protect users from immoral/indecent acts and privacy breach on the Internet

Knowing the Internet laws helps the users to understand what they can and cannot post on the Internet


76


Regularly update your operating system and other installed applications

Set up a firewall to control the flow of information

Ensure that you have the latest web browser installed on the system and update it regularly

Install a safe browsing tool that warns about reported phishing sites and blocks access to the addresses

Ensure that you are connected to a secured network when using a wireless network

Never respond to unsolicited email offers or requests for information


77


Do not download files from unknown sources

Do not give out personally identifiable information when registering with websites/applications

Do not click any pop‐ups that appear while browsing websites

Do not click the links sent by unknown users

Regularly scan your system for viruses, worms, Trojans, spyware, key loggers and other malware using antivirus

Update the antivirus application on a regular basis


78


Disconnect from the Internet if anything suspicious is found on the computer

Always check the Address bar for correct URL

Always check the website certificate, SSL padlocks and HTTPs

Use strong passwords and change them at regular intervals

Do not enable ActiveX and JavaScript features

Regularly back up the important files

Remove unnecessary protocols from the Internet interface

Check router or firewall logs to identify abnormal network connections to the Internet


79

Checklist for Parents to Protect Their Child from Online Threats

Talk to children about what they do on the computer

Get a profile on the social networking site the child is on

Review the list of the child’s friends

Be informed of the challenges of social networking

Check if anyone is trying to impersonate the child online

Encourage the child to use the child safe applications such as KidZui