03 IT WKSH Internet Security 2021

IT Learning Centre
The Hang Seng University of Hong Kong Workshop for IT Proficiency Test
03 Internet Security
IT Test: 4 M.C. Qns.
1
IT Learning Centre
The Hang Seng University of Hong Kong
Contents
1. System Security
2. Privacy
3. Threats of Malware
Department of Computing 2
IT Learning Centre
1. System Security
THREAT & TECHNICAL MEASURES
IT Learning Centre
System Security
◼ Security refers to the policies, procedures,
and technical measures used to
prevent unauthorized access, theft, or
damage to information systems
Policies
Procedures Unauthorized access
Technical measures Theft of information
IT Learning Centre
Unauthorized Access (Hacking)

◼ Unauthorized access (Hacking)
◼ The use of a computer or network
without permission.
◼ Hackers are experts in technology
who use their knowledge to break
into computers and computer
networks, either for profit or just
motivated by the challenge.
IT Learning Centre
Security Measure – Installing Firewall

◼ Firewall can prevent unauthorized users
from accessing private network.
◼ It is hardware and/or software that protects
a network’s resources from intrusion by
users on another network such as the
Internet.
Outside traffic Hacker

Corporate network 6
Department of Computing
IT Learning Centre
Personal Firewall
◼ Home and small office/home office users
often protect their computers with a personal
firewall.
◼ It is a utility program that detects and
protects a personal computer and its data
from unauthorized intrusions.
IT Learning Centre
Personal Firewall
◼ Some operating systems (OS), such as
Windows and macOS,
include personal
firewalls.
IT Learning Centre
Protecting Information Systems –

Identification and Authentication
◼ To protect information systems, many of
them implement access controls using a
two-phase process:
◼ Identification: verifies that an individual
is a valid user
◼ Authentication: verifies that the
individual is the person he or she
claims to be.
IT Learning Centre

◼ Possessed Objects
◼ ATM card
• With PIN (personal identification number)
which is a numeric password
◼ Biometrics
◼ Authenticate a person’s identity using a
personal characteristic, such as
fingerprint, iris, voice,…etc.
IT Learning Centre

◼ User names and passwords
◼ With CAPTCHA
• Completely Automated Public Turing test
to tell Computers and Humans Apart.
• Type I: Display a series of distorted
characters and requires the user enter the
characters correctly to continue using the
Web site.
The Standard Distorted

Word CAPTCHA with an
Audio Option
IT Learning Centre

◼ With CAPTCHA
◼ Type II: This
CAPTCHA provides
the user with an
elementary choice of
choosing the correct
image that they are
asked to identify.
Picture Identification Captcha
IT Learning Centre
Information Theft
◼ It occurs when someone steals personal or
confidential information.
◼ Information transmitted over networks offers
a higher degree of risk because
unscrupulous users can intercept it during
transmission.
Hacker
Internet
13
IT Learning Centre
Security Measure - Encryption

◼ Encryption is a process of converting
readable data into unreadable characters.
◼ To read the data, the recipient must
decrypt it into the original readable form.
IT Learning Centre
Encryption - HTTPS
◼ HTTPS is a protocol to secure
communication over a computer network,
which is widely used on the Internet.
◼ It consists of communication over
Hypertext Transfer Protocol (HTTP) within
a connection encrypted by Secure Sockets
Layer.
IT Learning Centre
HTTPS Connections
◼ An SSL website can be identified by
◼ URLs of secure sites often begin with
https instead of http.
◼ Browsers also often display a lock
symbol in the window.
IT Learning Centre
Other Potential Risks

◼ Opening email attachments
◼ Your computer system may get
infected with malicious software.
◼ Clicking embedded URL links
◼ Your computer system may be
connected to a pretended website
(Phishing next slide).
◼ Your computer system may get infected
with malicious software.
IT Learning Centre
Phishing (Fishing)
◼ A fraudulent attempt to acquire sensitive
information such as usernames, passwords and
credit card details by masquerading as a
trustworthy entity in Internet.
◼ E.g., use email or instant messaging to deceive
and direct users to enter personal
information at a fake website
that looks or feels identical to
the legitimate site.
18
IT Learning Centre
Wireless Security
◼ To access the network, an individual must
be in range of the wireless network.
◼ Some intruders intercept and monitor
communications as they transmit through
the air.
◼ Common types of wireless security
standards: WPA2, WPA3
IT Learning Centre
2. Privacy
COOKIE
IT Learning Centre
Cookies
◼ E-commerce and other Web applications
often rely on cookies to identify users and
customize Web pages.
◼ A cookie is a small text file generated by a
website.
◼ It is placed on the hard disk of the user’s
computer.
◼ Cookies typically contain data about you,
such as your user name or viewing
preferences.
IT Learning Centre
How cookies identify Web visitors?

1 First visit
User
Yahoo
web server
Cookies (ID:a3fWa) 2
Visit Yahoo website again

3 (together with the cookie ID:a3fWa)
ID:a3fWa
Gets the cookie’s contents and 4
knows the user’s preference
IT Learning Centre
Typical Uses of Cookies

◼ Customizing a site
◼ Identifying a user during an e-commerce
session
◼ Avoiding users to re-enter username and
password again
◼ Facilitating targeted advertisement
IT Learning Centre
Cookies and Privacy Problems

◼ Servers of the Web sites can remember
your personal information and preference
through cookies.
◼ Some Web sites sell or trade information
stored in your cookie to advertisers – a
practice many believe to be unethical.
IT Learning Centre
Cookies and Privacy Problems

◼ Attackers may impersonate
users' requests by stealing a
full set of victims' cookies.
IT Learning Centre
Cookies and Privacy

◼ Most browsers include
privacy settings that
block cookies.
IT Learning Centre
Google Chrome: Privacy Settings
v
IT Learning Centre
Clearing cookies, browser histories,

and cached files
◼Tools → Internet Options → General
IT Learning Centre
3. Threat of Malware
IT Learning Centre
Malware
◼ Malware (or malicious software) is a
program that acts without user’s
knowledge and deliberately alters the
computer’s operations.
IT Learning Centre
Malware – Symptoms
◼ A computer infected by malware such as a (1)
virus, (2) worm or (3) Trojan horse often has one
or more of the following symptoms:
◼ OS runs much slower than usual
◼ Available memory is less than expected
◼ Screen displays unusual message or

image
◼ Music or unusual sound plays randomly
IT Learning Centre
Malware – Symptoms (cont.)

◼ Existing programs and files disappear
◼ Programs or files become corrupt and do
not work properly
◼ Unknown programs or files mysteriously
appear
◼ System properties change
◼ OS does not start up
◼ OS shuts down unexpectedly
IT Learning Centre
Ways of Infection
◼ Infection via connection media:
◼ opening an attachment in an e-mail
◼ sharing of data files
◼ installing software from an unknown

source: including use of illegal
software or clicking embedded URL
◼ by hackers (through network)
33
IT Learning Centre
Computer Virus
◼ A computer virus is a potentially damaging
computer program that affects the normal
functioning of a computer / network
system:
◼ Once the virus infects the computer, it
spreads throughout and may damage
files and system software, including the
operating system.
◼ It needs to attach to a host, e.g. word file.
IT Learning Centre
Worm
◼ Spread from one computer to another over a
network or the Internet, taking the
advantages of bugs and insecure settings
of a network and its connected computers.
◼ Unlike a virus, it does not need to attach itself
to an existing program or file.
Therefore, update your OS

(e.g. Windows 10) regularly
IT Learning Centre
Trojan Horse
◼ Portrays itself as something else, for instance,
as a useful application or a picture.
◼ Induces the user to install and run it.
◼ Creates backdoors to allow hacker to get in
and control the computer.
◼ Would not infect other files.
IT Learning Centre
Ransomware
◼ Ransomware is malicious code that is used by
cybercriminals to launch data kidnapping and
lockscreen attacks.
◼ The motive for ransomware attacks is monetary,
and unlike other types of attacks, the victim is
usually notified that an exploit has occurred and
is given instructions for how to recover from the
attack.
◼ Payment is often demanded in virtual currency
to protect the criminal’s identity.
Source from: TechTarget
IT Learning Centre
Cryptojacking
◼ Unauthorized use of other's computer to mine
cryptocurrency
◼ 4 millions coin miner malware by the end of the
third quarter of 2018
◼ Only 500,000 new coin miner malware in the
fourth quarter of 2017
◼ Targeted not only computers but also Internet-
connected devices, e.g., routers, CCTVs
Source from: TechTarget
IT Learning Centre
Security Measure –
Installing Anti-Virus Software
◼ Avoiding malware infection
◼ Install anti-virus software.
◼ Update the virus definition file
regularly.
◼ Scan your hard disk to check for virus
regularly.
◼ Scan all files and e-mail attachments
when they are downloaded.
IT Learning Centre
References
⚫ InfoSec Website
⚫ http://www.infosec.gov.hk
⚫ GovCERT.hk
⚫ https://www.govcert.gov.hk/en/index.html
THE END

03 IT WKSH Internet Security 2021

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

03 IT WKSH Internet Security 2021

Uploaded by

Copyright:

Available Formats

IT Learning Centre

IT Test: 4 M.C. Qns.

Unauthorized Access (Hacking)

Security Measure – Installing Firewall

Outside traffic Hacker

Protecting Information Systems –

Identification and Authentication

Identification and Authentication

The Standard Distorted

Identification and Authentication

Picture Identification Captcha

Security Measure - Encryption

Other Potential Risks

How cookies identify Web visitors?

Visit Yahoo website again

Typical Uses of Cookies

Cookies and Privacy Problems

Cookies and Privacy Problems

Cookies and Privacy

Google Chrome: Privacy Settings

Clearing cookies, browser histories,

◼ Available memory is less than expected

◼ Screen displays unusual message or

Malware – Symptoms (cont.)

◼ sharing of data files

◼ installing software from an unknown

Therefore, update your OS

Source from: TechTarget

You might also like