IT1100-IWT-Lecture 9 - Security_241029_002440

How Safe is the Internet?

  • Recent Attacks:

    • eBay was attacked, exposing vulnerabilities in the Magento e-commerce platform, affecting over 240,000 businesses.

    • Hackers could intercept credit card details by injecting malicious code into Magento core files, demonstrating significant security flaws.

  • Sony PlayStation Hack:

    • In 2011, personal data of 77 million PlayStation users was stolen, making it one of the largest data breaches.

    • Sony's delayed disclosure of the breach caused public outrage, showcasing the severity of cyber threats.

  • Panama Papers Leak:

    • A major hack involved the Mossack Fonseca email server, revealing hidden wealth of public figures through 2.6 TB of documents, emphasizing data security concerns at high-profile firms.

  • Ransomware Threat:

    • Users face risks from ransomware that encrypts files and demands payment, indicating increasing sophistication of cybercriminals.

Understanding Internet Security

  • Definition:

    • Internet security encompasses rules and actions designed to safeguard digital interactions against cyber threats.

  • Importance:

    • Ensures privacy and confidentiality

    • Prevents data and identity theft

    • Maintains organizational productivity

    • Mitigates risks of cyber-terrorism

    • Helps avoid legal repercussions related to unsecured information

Types of Internet Security Threats

  • Common Threats:

    • Websites are vulnerable to various attacks including political espionage, corporate espionage, and malicious pranks.

Common Attack Types

  • Denial of Service Attacks (DoS):

    • Aim to prevent legitimate users from accessing services by overwhelming them with excessive requests.

      • Flooding Attacks: Utilizes types like SYN flood, Ping of Death, and Smurf attacks.

      • Distributed Denial of Service (DDoS): Conducted using many compromised systems, making it harder to trace the source.

  • DNS Attacks:

    • Involve attempts to alter a legitimate DNS service, impacting user access and security.

  • Active Code Attacks:

    • Such as Java Applets and ActiveX, which can exploit vulnerabilities in web browsers to execute unauthorized actions.

  • SQL Injection Attacks:

    • Attackers execute harmful SQL queries on databases, risking unauthorized data access or modification. Mitigation requires validating and sanitizing user input.

  • Cross-Site Scripting (XSS):

    • Common application-level attack that targets client-side web applications to steal sensitive information like cookies.

Internet Security Services

  1. Confidentiality:

    • Protects the secrecy of messages; only authorized parties can access the information.

  2. Integrity:

    • Ensures that data remains unchanged during transmission; detects unauthorized modifications.

  3. Availability:

    • Guarantees that information and communication services are accessible when needed.

  4. Authentication:

    • Verifies the identity of the parties involved in communication to prevent impersonation.

  5. Non-Repudiation:

    • Provides proof of the origin of data, ensuring senders cannot deny sending a message.

Challenges in Achieving Internet Security

  • The Internet was designed primarily for research without security in mind, leading to vulnerabilities in protocols. Features such as plain-text messaging in HTTP and lack of authentication in emails highlight these issues.

Cryptography in Internet Security

  • Role of Cryptography:

    • Essential in implementing security measures like HTTPS and securing data transmission through encryption.

  • Encryption Techniques:

    • Symmetric Key Cryptography: Uses a single key for encryption and decryption.

    • Asymmetric Key Cryptography: Utilizes two keys (public and private), enhancing security during key exchange.

Best Security Practices for e-Life

  • Social Media Security (e.g. Facebook):

    • Control your posts, manage tags, prioritize privacy settings, and use strong passwords to enhance security.

  • YouTube Security:

    • Regularly update account recovery information, ensure strong passwords, and be cautious of phishing scams.

  • Gmail Security:

    • Monitor account activities, enable authentication for verified senders, avoid spam, and use strong passwords.

Lessons Learned

  • The Internet presents substantial risks, necessitating the implementation of security techniques.

  • Understanding threats and the importance of the CIA Triad (Confidentiality, Integrity, Availability) is vital to protect digital assets.

  • Cryptography plays a crucial role in enhancing internet security through the development of sophisticated security protocols like TLS.

  • It's essential to adopt best practices to safeguard personal interactions online.