NAME: JATIN.R.
JAIN
TOPIC: INTERNET SECURITY
ROLL NO:-910316
SUB: - I.T
SYBBI
1
�INTERNET SECURITY:
Internet security is a branch of computer security specifically
related to the Internet. Its objective is to establish rules and measure to
use against attacks over the Internet. The Internet represents an insecure
channel for exchanging information leading to a high risk of intrusion or
fraud (e.g. phishing). Different methods have been used to protect the
transfer of data, including encryption.
2
�Types of Security:
1)Network layer security:
TCP/IP can be made secure with the help of cryptography.
Cryptographic methods and protocols have been developed for different
purposes in securing communications on the internet. These protocols
include SSL and TLS for web traffic, PGP for email, and IPSec for the
network layer security.
IPSec Protocol:
This protocol is designed to protect communication in a secure manner
using TCP/IP. This is a set of security extensions developed by IETF
and it provides security and authentication at the IP layer by using
cryptography. To protect the content, the data is transformed using
encryption techniques. There are two main types of transformation that
form the basis of IPSec, the Authentication Header (AH) and
Encapsulating Security Payload (ESP). These two protocols provide data
integrity, data origin authentication, and anti-reply service. These
protocols can be used alone or in combination to provide desired set of
security services for the Internet Protocol (IP) layer.
The basic components of the IPSec security architecture are
described in terms of the following functionalities:
Security protocols for AH and ESP
Security association for policy management and traffic processing
Manual and automatic key management for the internet key
exchange (IKE)
Algorithms for authentication and encryption
3
�The set of security services provided at the IP layer include access
control, data origin integrity, protection against replays and
confidentiality. The algorithm allows these sets to work independently
without affecting other parts of the implementation. The IPSec
implementation operated in a host or security gateway environment
giving protection to IP traffic.
2)Electronic mail security (E-mail)
Background:
Understanding of how email messages are composed, delivered,
and stored is helpful in understanding email security. This is a multiple
step process. The process starts with message composition. When the
user finishes composing the message and sends the message, the
message is then transformed into a specific standard format specified by
Request for Comments (RFC) 2822, Internet Message Format. Once the
message is translated into an RFC 2822 formatted message, it can be
transmitted. Using a network connection, the mail client, referred to as a
mail user agent (MUA), connects to a mail transfer agent (MTA)
operating on the mail server. After initiating communication, the mail
client provides the sender’s identity to the server.
Next, using the mail server commands, the client tells the server who are
the intended recipients. After the complete recipient list is sent to the
server the client supplies the message. Once the mail server is
processing the message, several events occur: recipient server
identification, connection establishment, and message transmission.
Using Domain Name System (DNS) services, the sender’s mail server
determines the mail server(s) for the recipient(s).
4
� Then, the server opens up a connection(s) to the recipient mail
server(s) and sends the message employing a process similar to that used
by the originating client. Finally the message is delivered to the
recipient.
3) Pretty Good Privacy (PGP)
PGP provides confidentiality by encrypting messages to be
transmitted or data files to be stored locally using an encryption
algorithm such 3DES, CAST-128. Email messages can be protected by
using cryptography in various ways, such as the following:
Sign an email message to ensure its integrity and confirm the
identity of its sender.
Encrypt the body of an email message to ensure its confidentiality.
Encrypt the communications between mail servers to protect the
confidentiality of both the message body and message header.
The first two methods, message signing and message body
encryption, are often used together. The third cryptography method,
encrypting the transmissions between mail servers, is typically
applicable only when two organizations want to protect emails regularly
sent between them. For example, the organizations could establish a
virtual private network (VPN) to encrypt the communications between
their mail servers over the Internet.
Unlike methods that can only encrypt a message body, a VPN can
encrypt entire messages, including email header information such as
senders, recipients, and subjects. In some cases, organizations may need
to protect header information.
5
� However, a VPN solution alone cannot provide a message signing
mechanism, nor can it provide protection for email messages along the
entire route from sender to recipient.
Multipurpose Internet Mail Extensions (MIME)
MIME transforms non-ASCII data at the sender's site to Network
Virtual Terminal [4](NVT) ASCII data and delivers it to client's Simple
Mail Transfer Protocol (SMTP) to be sent through the internet. The
server SMTP at the receiver's side receives the NVT ASCII data and
delivers it to MIME to be transformed back to the original non-ASCII
data.
Secure/Multipurpose Internet Mail Extensions (S/MIME)
S/MIME provides a consistent means to securely send and receive
MIME data. S/MIME is not only limited to email but can be used with
any transport mechanism that carries MIME data, such Hypertext
Transfer Protocol (HTTP).
6
�Firewalls:
Firewall is a device that controls the access between networks. It
generally consists of gateways, and filters, which vary from one firewall
to another. It is secure gateway between public internet and private
network. Firewall also screens the network traffic and is able to block
the traffic that is dangerous. Fire walls act as the intermediate server
between SMTP and HTTP connections.
A firewall is a part of a computer system or network that is designed to
block unauthorized access while permitting authorized communications.
It is a device or set of devices that is configured to permit or deny
network transmissions based upon a set of rules and other criteria.
Firewalls can be implemented in either hardware or software, or a
combination of both. Firewalls are frequently used to prevent
unauthorized Internet users from accessing private networks connected
to the Internet, especially intranets. All messages entering or leaving the
intranet pass through the firewall, which inspects each message and
blocks those that do not meet the specified security criteria.
There are several types of firewall techniques:
Packet filter:
Packet filtering inspects each packet passing through the network
and accepts or rejects it based on user-defined rules. Although difficult
to configure, it is fairly effective and mostly transparent to its users. It is
susceptible to IP spoofing.
7
� Application gateway:
Applies security mechanisms to specific applications, such as FTP
and Telnet servers. This is very effective, but can impose performance
degradation.
Circuit-level gateway:
Applies security mechanisms when a TCP or UDP connection is
established. Once the connection has been made, packets can flow
between the hosts without further checking.
Proxy server:
Intercepts all messages entering and leaving the network. The
proxy server effectively hides the true network addresses.
Role of Firewalls in Internet Security
Firewalls impose restrictions on incoming and outgoing packets to
and from private network. All the traffic whether incoming or outgoing
must pass through the firewall, but only authorized traffic is allowed.
Firewalls create checkpoints between internal private network public
internets.
They are also called choke points. Firewalls can create choke
points based on IP source, and TCP port number. They can also serve as
the platform for IPSec. Using tunnel mode capability, firewall can be
used to implement VPNs. Firewalls can also limit network exposure by
hiding the internal network system and information from public internet.
8
�Types of firewalls
1) Packet Filters:
Packet filters are one of several different types of firewalls that
process network traffic on packet-by-packet basis. Its main job is to
filter traffic from a remote IP host, so a router is needed to connect the
internal network to the internet. The routers are known as screening
router, which screens packets leaving and entering the network.
2) Circuit-Level Gateways:
The Circuit-Level Gateway represents proxy server that statically
defines what traffic will be allowed. Circuit proxies’ always forward
packets containing a given port number, if the port number is permitted
by the rules set.
This gateway operates at the network level of OSI model. IT act as
IP address translator between internet and internal network. The main
advantage of proxy server is its ability to provide Network Address
Translation (NAT). NAT hides the IP address from the internet. This
process effectively protects all internal information from internet.
3) Application-Level Gateways:
The application-level gateways represent the proxy server
operating at the TCP/IP application level. A packet is forwarded only if
a connection is established using some known protocol. The application
gateway analysis the whole message instead of individual packets when
receiving or sending data.
9
�Anti-virus:
Antivirus (or anti-virus) software is used to prevent, detect, and
remove malware, including computer viruses, worms, and Trojan horses.
Such programs may also prevent and remove adware, spyware, and
other forms of malware.
A variety of strategies are typically employed. Signature-based
detection involves searching for known patterns of data within
executable code. However, it is possible for a user to be infected with
new malware for which no signature exists yet. To counter such so-
called zero-day threats, heuristics can be used. One type of heuristic
approach, generic signatures, can identify new viruses or variants of
existing viruses by looking for known malicious code (or slight
variations of such code) in files. Some antivirus software can also
predict what a file will do if opened/run by emulating it in a sandbox and
analyzing what it does to see if it performs any malicious actions. If it
does, this could mean the file is malicious.
However, no matter how useful antivirus software is, it can
sometimes have drawbacks. Antivirus software can degrade computer
performance. Inexperienced users may have trouble understanding the
prompts and decisions that antivirus software presents them with. An
incorrect decision may lead to a security breach. If the antivirus software
employs heuristic detection (of any kind), success depends on achieving
the right balance between false positives and false negatives. False
positives can be as destructive as false negatives. Finally, antivirus
software generally runs at the highly trusted kernel level of the operating
system, creating a potential avenue of attack. In addition to the
drawbacks mentioned above, the effectiveness of antivirus software has
10
�also been researched and debated. One study found that the detection
success of major antivirus software dropped over a one-year period.
Some apparently useful programs also contain features with hidden
malicious intent. Such programs are known as Malware, Viruses,
Trojans, Worms, Spyware and Bots.
Malware:- Is the most general name for any malicious software
designed for example to infiltrate, spy on or damage a computer or
other programmable device or system of sufficient complexity, such
as a home or office computer system, network, mobile phone, PDA,
automated device or robot.
Viruses: Are programs which are able to replicate their structure or
effect by integrating themselves or references to themselves, etc. into
existing files or structures on a penetrated computer. They usually
also have a malicious or humorous payload designed to threaten or
modify the actions or data of the host device or system without
consent. For example by deleting, corrupting or otherwise hiding
information from its owner.
Trojans: (Trojan Horses) are programs which may pretend to do one
thing, but in reality steal information, alter it or cause other problems
on a such as a computer or programmable device / system.
Spyware: Includes programs that surreptitiously monitor keystrokes,
or other activity on a computer system and report that information to
others without consent.
Worms: Are programs which are able to replicate themselves over a
(possibly extensive) computer network, and also perform malicious
acts that may ultimately affect a whole society / economy.
Bots: Are programs that take over and use the resources of a
computer system over a network without consent, and communicate
those results to others who may control the Bots.
11
� The above concepts overlap and they can obviously be combined.
The terminology, along with the dangers involved, is constantly
evolving. Antivirus programs and Internet security programs are useful
in protecting a computer or programmable device / system from
malware.
Such programs are used to detect and usually eliminate viruses.
Anti-virus software can be purchased or downloaded via the Internet.
Care should be taken in selecting anti-virus software, as some programs
are not as effective as others in finding and eliminating viruses or
malware. Also, when downloading anti-virus software from the Internet,
one should be cautious as some websites say they are providing
protection from viruses with their software, but are really trying to
install malware on your computer by disguising it as something else.
Anti-spyware:
Spyware is a type of malware that can be installed on computers
and collects little bits of information at a time about users without their
knowledge. The presence of spyware is typically hidden from the user,
and can be difficult to detect. Typically, spyware is secretly installed on
the user's personal computer. Sometimes, however, spywares such as
key loggers are installed by the owner of a shared, corporate, or public
computer on purpose in order to secretly monitor other users.
While the term spyware suggests that software that secretly
monitors the user's computing, the functions of spyware extend well
beyond simple monitoring.
12
� Spyware programs can collect various types of personal
information, such as Internet surfing habits and sites that have been
visited, but can also interfere with user control of the computer in other
ways, such as installing additional software and redirecting Web
browser activity. Spyware is known to change computer settings,
resulting in slow connection speeds, different home pages, and/or loss of
Internet or functionality of other programs. In an attempt to increase the
understanding of spyware, a more formal classification of its included
software types is captured under the term privacy-invasive software.
In response to the emergence of spyware, a small industry has
sprung up dealing in anti-spyware software. Running anti-spyware
software has become a widely recognized element of computer security
practices for computers, especially those running Microsoft Windows. A
number of jurisdictions have passed anti-spyware laws, which usually
target any software that is surreptitiously installed to control a user's
computer.
There are two major kinds of threats in relation to spyware:
Spyware collects and relays data from the compromised computer to a
third-party.
Adware automatically plays, displays, or downloads advertisements.
Some types of adware are also spyware and can be classified as privacy-
invasive software. Adware often are integrated with other software.
Email security:
A significant part of the Internet, E-mail encryption is an important
subset of this topic.
13
�Browser choice:
As of December 2008, 68.2% of the browser market was held by
Internet Explorer. As a result, malware creators often exploit Internet
Explorer. Internet Explorer market share is continuously dropping (as of
2009; see list of web browsers for statistics) as users switch to other
browsers, most notably Firefox (with 21.3% market share), Safari (web
browser) (with 7.9% market share) and Google Chrome (1% market
share).
Buffer overflow attacks:
A buffer overflow is an attack that could be used by a cracker to get full
system access through various methods. It is similar to "Brute Forcing" a
computer in that it sends an immense attack to the victim computer until
it cracks. Most Internet security solutions today lack sufficient
protection against these types of attacks.
14
�Computer Internet Security Vulnerabilities:
While, browsing the Internet, running programs, and accessing files on
your computer, your hard drive accumulates many temporary files and
histories. These files may include passwords, credit card numbers,
confidential documents, and tracks of every site or file you have viewed.
Spyware, Trojan horses, viruses, and worms can all access these types of
files. Computer Internet security software such as Secure Clean securely
removes each of these items from your computer. Run computer Internet
security software as your first line of defense, because what's not there
can't be stolen!
Places on your computer where data might be stored:
Address Bar:
Clicking on the drop-down arrow on the right of the address bar
will display a list of the URL's you have typed in. Computer Internet
security software will clear this list.
Auto-Complete:
A feature that stores almost anything typed into a web site form
including passwords, names, addresses, and search terms. Remove auto-
complete entries automatically by running computer Internet security
software or by disabling the auto-complete function in your web
browser.
Browser History:
While surfing the Internet browsers keep a full log of visited sites.
This log can be accessed by websites you visit and by anyone using your
15
�computer. Clear your browser history either under Tools/ Internet
Options or by using computer Internet security software.
Cache:
Web page information such as images and documents that are
automatically saved to the hard drive for faster loading of that page in
the future. Clear cache files with computer Internet security software.
Cookies:
Cookies are small text files that are both stored and sent out by
web browsers. Many companies use cookies to log surfing patterns and
to obtain personal information for advertising purposes.
Remove cookies either under Tools/ Internet Options or by using
computer Internet security software.
"Deleted" files:
Deleting a file or folder does not erase your data. Windows only
deletes the file record, not the contents of a file. As a result, the free
space of a hard drive is filled with recoverable files. Computer
Internet security software erases files found on the free space of a
hard drive and can also permanently remove individual files and
folders in Windows.
"Deleted" e-mails:
Previously deleted e-mail messages often remain hidden in e-mail
archives. Permanently remove these lingering files with computer
Internet security software.
16
� File slack:
Windows master file indexes (FAT and NTFS) divide the drive
spaces in clusters. Because only one file can be stored in a cluster, file
slack is the space between the last byte in a file and the end of the last
cluster holding the file. This extra space contains whatever file
information that cluster previously contained and can only be removed
with computer Internet security software.
Index.dat files:
Index.dat files are hidden files in multiple directories that keep a
record of every web page you have visited. Deleting the cache,
temporary Internet files, and cookies will not remove these records.
These hard to find files can be cleaned using computer Internet
security software.
Recycle Bin:
Windows copies files to the Recycle Bin when deleted. These
files can be recovered with the click of a mouse. Simply emptying
these files out of the Recycle Bin will not permanently remove them.
Use computer Internet security software to make these files
unrecoverable.
Swap files:
In order to run multiple programs at the same time with a
limited amount of physical memory, Windows creates a temporary
file called a swap file.
Swap files contain application data such as passwords, pieces of
documents; email–basically anything in the memory. Use computer
Internet security software to erase leftover swap files.
17
� Temporary files:
Windows often stores temporary files in "Temp" folders that
remain on the hard drive. Erase these temporary directories with
computer Internet security software.
Increase Computer Internet Security in 5
Steps:
Install a computer Internet security program to
permanently erase all traces of your personal information.
Secure Clean meets the US Department of Defense data
removal standards and is trusted by major Fortune 500
companies and government agencies.
Install antivirus software and update it regularly.
Scan all e-mails and attachments for viruses, filter out spam,
and beware of e-mails asking for personal information for
any purpose.
Install anti-spyware software.
Install a firewall to block unauthorized access to your
computer.
18
