Cyber Laws Project

Internet Security: User s Perspective

Presented To:To:-

Dr. Hitesh Kapoor
Asstt. Professor Dept. of Applied Sciences
Presented By:By:-

Siddharth Bhardwaj UE 85094

Surbhi Vijh UE 85098

Introduction
Internet Security: User s Perspective is a Security: study on the various practices and precautions a user must undertake to protect his/her computer system from the viable threats when connected in a computer network (Internet). (Internet). The topic is aimed at understanding the various threats that are encountered on a widespread basis and the various security measures that need to be implemented so as to counter them. them.

Internet Security
Internet security is a branch of computer security specifically related to the Internet. Internet. Its objective is to establish rules and measures to use against attacks over the Internet. Internet. The Internet represents an insecure channel for exchanging information leading to a high risk of intrusion or fraud, such as phishing. phishing.

Need: Internet Security
o o o o o

Security not a design consideration Implementing change is difficult Openness makes machines easy targets Increasing complexity Rising number of threats in the form of viruses, trojans, worms, spam etc. etc.

Rising Security Incidents
High Sophistication of Hacker Tools

Technical Knowledge Required Low 1980 1990 2000
-from Cisco Systems

Internet Security?

Keyloggers

The Most Common Excuses
o o o

Or

o

o

No one could possibly be interested in my information AntiAnti-virus software slows down my processor speed too much. much. I don't use anti-virus software antibecause I never open viruses or email attachments from people I don't know. know. So many people are on the Internet, I'm just a face in the crowd. No one crowd. would pick me out. out. I'm busy. I can't become a security busy. expert--I expert--I don't have time, and it's not important enough

Security Countermeasures
Three Phase Approach PROTECTION DETECTION RESPONSE

Viruses
o

A program that gets into a computer system by means of hardware or software without the knowledge of the computer user, and then attaches itself to a program file. file. o The virus then starts to replicate itself and do the damage it has been programmed to do. do.

Installation
o

o

o

Viral code is attached or inserted into the order of execution so that when the legitimate code is run the viral code is also run or run instead of the legitimate code. May be tacked on to the end of an executable file or inserted into unused program space. Legitimate code must be modified so that the viral code is branched/vectored to.

Worms
Computer Worms are like a virus in the fact that they do self replicate themselves within your computer system. system. o However, a computer worm does not have to attach itself to a program in your system like a computer virus does in order to function. function.
o

Worms
o o

o

Worms are a subset of viruses The differ in the method of attachment; attachment; rather than attaching to a file like a virus a worm copies itself across the network without attachment. attachment. Infects the environment rather than specific objects

Trojan Horses
An apparently useful and innocent program containing additional hidden code which allows the unauthorized collection, exploitation, falsification, or destruction of data. data.

Installation: Trojan Horses
o Secretly installed when an infected executable is run o Much like a virus o Executables typically come from P2P networks or unscrupulous websites

Effects
o Allows remote access: o To spy o To disrupt o To relay a malicious connection, so as to disguise the attacker s location (spam, hacking) o To access resources (i.e. bandwidth, files) o To launch a Distributed Denial of Service (DDoS) attack

Spyware
A general term for a program that surreptitiously monitors your actions. While actions. they are sometimes sinister, like a remote control program used by a hacker, software companies have been known to use Spyware to gather data about customers. customers. The practice is generally frowned upon. upon.

Disadvantages: Spyware
o Browsing profiles created for users without consent o Used for target marketing and statistical analysis o Unable to remove Spyware programs or disable them o Increased number of misleading / inappropriate pop-ups popo Invasion of user privacy (hidden from user) o Often badly written programs corrupt user system o Automatically provides unwanted helpful tools o Estimated over 20 million+ people have Spyware on their machines. machines.

Spyware Defence
User Initiatives
o o o o o o

Technical Initiatives... o Spyware Removal Programs o Pop-up Blockers Popo Firewall Technology o Disable ActiveX Controls o Not Sandboxed o E-Mail Filters o Download Patches

Issue Awareness Use Legitimate S/W Sources Improved Technical Ability Choice of Browser Choice of OS Legal action taken against breaches of privacy

Similarities / Differences
Spyware
Commercially Motivated Internet connection required Initiates remote connection Purpose: To monitor activity Collects data and displays pop-ups popLegal Not Detectable with Virus Checker Age: Relatively New (< 5 Years) Malicious Any network connection required Receives incoming connection Purpose: To control activity Unauthorized access and control Illegal Detectable with Virus Checker Age: Relatively Old ( > 20 Years) Memory Resident Processes Surreptitiously installed without user s consent or understanding Creates a security vulnerability

Trojan Horses

Malware
Short for "malicious software o Includes viruses, worms, trojans, spyware etc. to steal personal info, send spam, and commit fraud i.e. may lead to identity theft. o Downloaded via links to desirable downloads such as music, blogs, websites, games etc.
o

Symptoms: Malware
Slow down, malfunction, or display repeated error messages o Won't shut down or restart o Serve up a lot of pop-up ads, or display them when you're not surfing the web o Display web pages or programs you didn't intend to use, or send emails you didn't write
o

Keyloggers
Keystroke logging (often called keylogging) is the action of tracking (or logging) the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored. There are numerous keylogging methods, ranging from hardware to software-based approaches

Keylogging Includes:
o o o o o

o

Clipboard logging Screen logging Programmatically capturing the text in a control The recording of every program/folder/window opened. The recording of search engines queries, Instant Messenger Conversations, FTP Downloads and other internet based activities. In some advanced software keyloggers, sound can be recorded from a user's microphone and video from a user's webcam.

Countermeasures
o o o o o o o o

Anti-spyware Network monitors Automatic form filler programs One-time passwords On-screen keyboards Speech recognition Keystroke interference software Handwriting recognition and mouse gestures

Cookies
o A Cookie is a small text file sent to the user from a website. website. o Contains Website visited o Provides client-side personalisation cliento Supports easy Login o The website is effectively able to remember the user and their activity on previous visits. visits. o Spyware companies working with websites are able to use this relatively innocent technology to deliver targeted REAL TIME marketing, based on cookies and profiles. profiles.

Cookies can be saved for varying lengths of time: time: o Session cookies - Session cookies store information only as long as you're using the browser; once you close the browser, browser; the information is erased. erased. o Persistent cookies - Persistent cookies are stored on your computer so that your personal preferences can be retained. retained. In most browsers, you can adjust the length of time that persistent cookies are stored. stored.

Taking Precautions with Cookies
To increase your level of security, consider adjusting your privacy and security settings to block or limit cookies in your web browser. browser. o To make sure that other sites are not collecting personal information about you without your knowledge, choose to only allow cookies for the web site you are visiting; block or limit cookies from a visiting; third-party. third-party. o If you are using a public computer, you should make sure that cookies are disabled to prevent other people from accessing or using your personal information. information.
o

AntiAnti-Virus
o

o

Anti-Virus Software is a computer program that can be used to scan files to identify and eliminate computer viruses, worms, trojan horses and other malicious software (malware) from an infected computer. It also protects the computer from further virus attacks.

Functions: Antivirus
o o o o o o o o

Scanning Files Removing Infections Virus Protection Spyware Real-Time Scanning Websites Email Data Mining

Detecting Computer Threats
o Most commercial anti-virus software use the following approaches, with an emphasis on the virus dictionary approach:
o Virus dictionary approach o Suspicious behavior approach

Firewall
A system or group of systems that enforces an access control policy between two networks. o A firewall is like a castle with a drawbridge o Only one point of access into the network o This can be good or bad o Can be configured to block data from certain locations while allowing the relevant and necessary data through.
o

Firewalls
o Basic problem many network applications and protocols have security problems that are fixed over time o Difficult for users to keep up with changes and keep host secure o Solution o Administrators limit access to end hosts by using a firewall o Firewall is kept up-to-date by administrators up-to-

Conclusion: Firewall
o o

o o

Cannot control back door traffic Cannot fully protect against new viruses o Need antivirus on each host Machine Needs to be correctly configured The security policy must be enforced

Phishing
o o o

Sending people e-mail messages in order to elure them into divulging sensitive data The data sought is commonly passwords and credit-card details creditThe data is commonly keyed into a webwebform on a site that purports to be operated by the trusted identity

Example: Phishing Site

Good Security Habits
o o o o o o o o o o

Lock your computer when you are away from it Disconnect your computer from the Internet when you aren't using it Evaluate your security settings Protect your computer against power surges and brief outages Back up all of your data Use and maintain anti-virus software antiInstall or enable a firewall Keep software up to date Use anti-spyware tools antiFollow good security practices

Software Analysis

Awareness about Various Threats

Antivirus Softwares Used

Awareness about Security Measures

AntiAnti-Spyware

SpybotSpybot- Search and Destroy
Spybot - Search & Destroy detects and removes spyware, a relatively new kind of threat not yet covered by common anti-virus applications. antiapplications. o Spyware silently tracks your surfing behaviour to create a marketing profile for you that is transmitted without your knowledge to the compilers and sold to advertising companies. companies. o If you see new toolbars in your Internet Explorer that you haven't intentionally installed, if your browser crashes inexplicably, or if your home page has been "hijacked" (or changed without your knowledge), your computer is most probably infected with spyware. spyware. o Even if you don't see the symptoms, your computer may be infected, because more and more spyware is emerging. emerging.
o

Ratings: Spybot
Ease of Setup/Use Detection Effectiveness Removal Effectiveness System Performance Scan Performance Support/Docume ntation 5/5 4.5/5 4.5/5 3.5/5 4/5 4/5

AntiAnti-Malware

Malwarebytes Anti-Malware Antio Malwarebytes Anti-Malware is a surprisingly effective freeware antiAntiantimalware tool. It can detect and remove malware that even the most tool. well known anti-virus and anti-malware applications fail to detect. antiantidetect. o Malwarebytes' Anti-Malware monitors every process and stops Antimalicious processes before they even start. start. o Key Features: Features: o Light speed quick scanning. scanning. o Ability to perform full scans for all drives. drives. o Database updates released daily. daily. o Quarantine to hold threats and restore them at your convenience. convenience. o Ignore list for both the scanner and Protection Module. Module. o A small list of extra utilities to help remove malware manually. manually. o Multi-lingual support. Multisupport. o Works together with other anti-malware utilities. antiutilities. o Command line support for quick scanning. scanning. o Context menu integration to scan files on demand. demand.

Ratings: Malwarebytes
Ease of Setup/Use Detection Effectiveness Removal Effectiveness System Performance Scan Performance Support/Docume ntation 5/5 4/5 4.5/5 5/5 4/5 3.5/5

Firewall

Comodo Internet Security
Comodo firewall is unique in way that it passes all known leak tests to ensure the integrity of data entering and exiting your system. system. o Comodo has put firewall through all kinds of sophisticated tests to ensure it s firewall is powerful enough to ward off these attacks with default settings. No other firewall has had to work settings. this hard. hard.
o

o o o o
o

Secures against internal and external attacks Blocks internet access to malicious Trojan programs Safeguards your Personal data against theft Delivers total end-point security for Personal Computers and endNetworks

Because Comodo Internet Security is more than a firewall, it has the wherewithal to detect and block viruses, Trojan horses, worms, keyloggers, rootkits and other malware in real time. time.

Ratings: Comodo Firewall
Firewall Features 5/5

Additional Security Features

5/5

Ease Of Use

4.5/5

Support/Document ation

5/5

Antivirus

Kaspersky Antivirus 2011
o o o o o o o o o

Real-time protection Disinfection Proactive Defense IM Antivirus and AntiPhishing Virtual Keyboard Vulnerability scanner Automatic or Manual Updates Quarantine Scanning Options

90 89 88 87 86 85 84 83 82 81 Performance Features Design

Ratings: Kaspersky
ATTRIBUTE
Scope Of Protection Effectiveness Ease of Installation Ease of Use Features Updates, Help & Support

POINTS
5/5 5/5 4/5 4/5 4/5 4/5

Conclusion: Kaspersky
Pros Attractive easy interface. Excellent results in independent lab tests. Effective built-in support. Speed full scan. Bonus system tuning and privacy features. Rescue Disk can scan even systems that won't boot. Cons Earned mediocre scores in hands-on malware removal and blocking tests. Erroneously identification also found. Bottom Line Kaspersky's latest antivirus looks better than ever, and independent labs consistently put it at or near the top. In the hands-on tests it scored well below what the labs would suggest, though, and it made a couple of serious faux pas false positives.

Bit Defender Antivirus 2011
o o o o

o o o

Stops Virus, Malware and Spyware Safeguards Your Privacy Surf Safely Play and Work Seamlessly (Game Mode) Smart Tips Automatic or Manual Updates Video Library Support

100 80 60 40 20 0 Performance Features Design

Ratings: Bit Defender
ATTRIBUTE
Scope Of Protection Effectiveness Ease of Installation Ease of Use Features Updates, Help & Support

POINTS
4½/5 4½/5 4/5 4½/5 4/5 4/5

Conclusion: Bit Defender
Pros Preinstall scan eases installation. Best suite protection against phishing. Above-average parental control. Local, remote, and advanced backup. PC Tune-up. Effective spam filtering. Configurable UI. Private data protection. Remote management. Game/laptop/silent mode. Cons Mediocre malware removal and blocking. Parental control's IM management easily evaded. Oldschool firewall passes security decisions to the user. Bottom Line BitDefender doesn t score as well as previous versions on anti-malware tests. Still, its performance optimization tool and and its phishing protection is excellent. It's a good security suite with a full-featured backup system.

Miscellaneous

Sandboxie
o

o o

o

Isolation Program (Creates sandbox-like isolated operating environment ) Runs your programs in an isolated space Prevents them from making permanent changes to other programs and data in your computer An isolated virtual environment allows controlled testing of untrusted programs and web surfing

Benefits of Isolated Sandbox
o

o

o

Secure Web Browsing: Running your Web browser under the protection of Sandboxie means that all malicious software downloaded by the browser is trapped in the sandbox and can be discarded trivially. Enhanced Privacy: Browsing history, cookies, and cached temporary files collected while Web browsing stay in the sandbox and don't leak into Windows. Secure E-mail: Viruses and other malicious software that might be hiding in your email can't break out of the sandbox and can't infect your real system.

VirusTotal.com
VirusTotal is a service developed by Hispasec Sistemas that analyzes suspicious files and URLs enabling the identification of viruses, worms, trojans and other kinds of malicious content detected by antivirus engines and web analysis toolbars. o It uses up to 43 different antivirus products
o

o o o o o

VirusTotal's main characteristics are: Free, independent service. Runs multiple antivirus engines. Runs multiple file characterization tools. Real time automatic updates of virus signatures. Detailed results from each antivirus engine.

Thank You