Internet Security

Module 6

Simplifying Security.

1 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
 May 18, 2011 1:15 AM CDT

Our View: Bolstering Internet Security Is Imperative

On Monday, the Obama administration proposed a much‐needed international effort to bolster the security of the Internet. It’s
needed because cyberspace has come to serve as both a communications miracle and, potentially, one of the greatest threats to
our security in the 21st century.
That description may seem like hyperbole as it pulls in two completely different directions. But there are justifications for both
descriptions.
The Internet is arguably the greatest technological breakthrough introduced to our society since the television. Perhaps that’s more
hyperbole, unless you consider just how much of our world now is tied to online access and interconnectivity.
The 2010 census noted that 68.7 percent of all U.S. households have Internet connections; a vast majority of businesses also use
the Web for marketing or for inventory purposes, among other tools.
Cyberspace has become a staple in our lives, even if you don’t have an Internet connection in your home or office. Our banking, our
medical records, our credit and our businesses are all linked in some form to the Web. So, too, is much of our infrastructure, our
communication and our national security. Odds are, there is something you want, rely on or need each day that is dependent on
Internet connectivity for you to have it. That may not be a game‐changer in terms of how you live your life, but it’s definitely a
sobering impact.
http://www.yankton.net

2 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Module Objectives
Internet Security Online Gaming Risks
Internet Explorer Security Settings Security Practices Specific to Gaming
Child Online Safety
Mozilla Firefox Security Settings
Role of Internet in Child Pornography
Google Chrome Security Settings
Protecting Children from Online
Apple Safari Security Settings Threats
Instant Messaging (IMing) How to Report a Crime?
Searching on the Web Internet Security Laws
Internet Security Checklists
Online Gaming and MMORPG

3 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Module Flow

Browser Search Engine and Online

Security IM Security Games

Internet Security Child Online

Laws Safety

4 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Internet Security
Internet security involves
protecting user data from
Top 10 Malware Hosting Countries
unauthorized access and damage
when connected to the Internet

A proper browser configuration United States 39%

helps in preventing malware France 10%
infection, protecting personal
information, and preventing or Russia 8.72%
limiting the damage from an cyber
attack Germany 5.87%
Online attack paths:
China 5.04%
Emails
Instant messaging United Kingdom 2.68%

Chat rooms Poland 2.43%

File sharing and downloads
Canada 2.03%

Ukraine 1.97%

Hungary 1.84%

http://www.findmysoft.com

5 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Internet Explorer Security Settings
Launch Internet Explorer, click the Tools button, and select Internet options
Select the Security tab, which displays websites classified into four zones:
1. Internet 2. Local Intranet 3. Trusted sites 4. Restricted sites

6 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Internet Explorer Security
Settings: Internet Zone
The Internet zone is for all the Internet
websites except for those listed in the
Trusted or Restricted zones
Click Custom level to set the Internet
zone security settings
Disable or enable the required options
Move the slider to change the security
level
Set the security level for the zone High
to ensure higher security
Maintaining the higher security level
may degrade the performance of the
browser
Click OK to apply the settings

7 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Internet Explorer Security
Settings: ActiveX Controls
ActiveX controls are small programs that work
over the Internet through the browser
They include customized applications that are
required to gather data, view select files, and run
animations when the user visits websites
Malware is downloaded onto the user system
through ActiveX controls when he/she visits
malicious websites
Disable the ActiveX controls and plug‐ins options
in the Security Settings window
Enable the Automatic prompting for ActiveX
controls option so that the browser prompts
when there is a requirement of ActiveX controls
and plug‐ins to be enabled
Click OK to apply the settings

8 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Internet Explorer Security
Settings: Local Intranet Zone
Local intranet

Local
intranet

Security Local Intranet

Sites
Advanced
Add this
website to the zone
Add
OK

9 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Internet Explorer Security
Settings: Trusted Sites Zone

The Trusted sites zone

contains those websites that
the users believe will not
damage their computers or
data

Select Security Trusted sites

Click the Sites button
Enter the URL into Add this
website to the zone column and
click Add
Click OK to apply the settings

10
Copyright © by EC-Council
All Rights
Reserved. Reproduction is Strictly Prohibited.
Internet Explorer Security
Settings: Restricted Zone
The Restricted sites zone restricts
the access to the websites that
might cause damage to a computer
To add restricted websites to
Restricted sites zone:
Select the Security tab and choose
Restricted sites
Click the Sites button
Enter the site URL into the Add this
website to the zone column to
restrict the access
Click Add and then click OK to apply
the settings

11 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Understanding Cookies
A cookie is information that is provided by a web server to web browser and then sent back
unchanged by the browser each time it accesses that server
When the website is revisited, the browser sends the information back to it to help
recognize the user
This activity is invisible to the user and is generally intended to improve the web surfing
experience (for example, at an online store)

12 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Internet Explorer Privacy Settings
The user can limit the information
that is stored in a cookie
A cookie is only a text file and cannot
search a drive for information or
carry a virus
To configure cookie settings:
Choose Internet options from the Tools
menu on the browser
Select the Privacy tab and use the slider
to set the level at low, medium,
medium‐high, or high
Block all or accept all cookies
depending upon the requirement
Check the Turn on Pop‐up Blocker option
to block the pop‐ups that appear while
visiting some websites

13 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Deleting Browsing History
Internet options
Tools

Browsing history

Delete Browsing
History
Delete

14 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Do Not Allow the Browser to
Remember any Password
Internet Explorer Autocomplete Password
prompt

Firefox Remember Password prompt

15 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Securing File Downloads
To configure the download settings
for Internet Explorer, navigate to
Tools Internet options go to
Security tab
Click the Custom Level button in the
Security Settings window
In the Downloads menu Enable the
Automatic prompting to File
downloads and File download
options
Click OK to save the settings

Setting Download options in Internet Explorer

16 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Mozilla Firefox: Security Settings
Launch the Mozilla Firefox browser
Click the Tools menu item and select Options

17 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Mozilla Firefox: Security Settings
Select Security from the Options window

Check the option Warn me when sites try to

install add‐ons so that the browser prompts
before installing add‐ons to the browser

Click the Exceptions button and enter the URL into

Address of Website box and click Allow to specify
which websites are allowed to install add‐ons

Check the Block reported attack sites option to

avoid visiting malicious websites

Check the option Block reported web forgeries

to actively check whether the site being visited
is an attempt to steal personal information

Uncheck the Remember passwords for sites

option to prevent the browser from remembering
the passwords for the login pages visited

18 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Mozilla Firefox: Privacy Settings
Select Privacy in the Options
window

The user can choose if Firefox

remembers the browsing history

Click clear your recent

history

Select the Time range to clear

the history

Check the options required to

clear the history and click
Clear Now

19 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Securing File Downloads
Do not accept file downloads from unknown
members on the Internet
These downloads may contain malware that will
degrade computer performance

File are downloaded by default to My

Documents Downloads
The user may configure the browser settings
so that he/she is prompted to specify the
location to save the file

20
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Securing File Downloads

To configure the download

settings for Mozilla Firefox,
navigate to Tool Options
General
Check the option Always ask me
where to save the file to allow
the browser to ask before
downloading a file and to
specify the location to which it
will be downloaded
The browser directly downloads
Setting Download options in Mozilla Firefox the file to the default location
without any intimation if this
option is unchecked

21
All Rights Copyright © by EC-Council
Reserved. Reproduction is Strictly Prohibited.
Installing Plugins
The Install Missing Plugins message appears while opening
1 some websites

Plug‐ins are required to display files, graphics or play a video

2 on a webpage

Check if the source of missing plug‐ins is trustworthy or

3 not

Scan the downloaded plug‐in using an antivirus software

4 before installing it

22 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Google Chrome Privacy and
Security Settings

Launch Google Chrome

Click the icon, then

select Options

23 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Google Chrome:
Privacy Settings

Click the Under the Hood tab in Google

Chrome Options window
Under Privacy, check the desired web
services
Check the Use DNS pre‐fetching to
improve page load performance option
DNS pre‐fetching stands for Domain Name
System pre‐fetching
When the user visits a webpage, Google
Chrome can look up or pre‐fetch the IP
addresses of all links on the webpage
Check the option Enable phishing and
malware protection to prevent the
browser from opening any malicious
websites

24 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Google Chrome: Security Settings
Secure Sockets Layer (SSL) is an Internet
protocol used by many websites to
ensure safe data encryption and
transmission
The SSL setting in web browsers is
turned on by default
Some websites require older version of
SSL 2.0; check the Use SSL 2.0 option in
such conditions
Check the check for server certificate
revocation option to turn on real‐time
verification for the validity of a
website's certificate

25 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Apple Safari: Security Settings
Launch the Safari browser
To change the settings, select the icon and then select Preferences

26 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
 Apple Safari: Security Settings
Select the Security tab in the
preferences window

The Web Content section

permits the user to enable
or disable various forms of
scripting and active content

It is recommended to accept
cookies only from the sites
visited

Checking this option allows

the browser to warn the
user before opening any
website that is not secure

27 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
 Testing the Browser
for Privacy
Launch the Internet browser and
navigate to http://privacy.net/
analyze/ to test the privacy
Click Click here to take the browser
test and analyze the privacy of your
Internet connection

28 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Module Flow

Browser Search Engine and Online

Security IM Security Games

Internet Security Child Online

Laws Safety

29 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Instant Messaging (IMing)
Instant Messaging (IMing) allows the user to interact with other people on
the Internet using a software application

30 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Instant Messaging Security Issues
IMWorm
A worm that harms the computer and locates all the
contacts in the IM address book
The IMWorm tries to send itself to all the contacts in the
user’s IM contact list

Social Engineering
Social engineering depends on human interaction that
involves tricking people through IM and getting their
personal information

Spam over IM( SPIM)

SPIM is spam delivered through IM instead of delivering

it through email
IM systems such as Yahoo! Messenger, AIM, Windows
Live Messenger, and chat rooms in social networking
sites are popular targets for spammers

31 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Instant Messaging Security Measures
Do not reveal personal information
on IMs

Do not accept links received from

unknown people on IM

Block the users who send unsolicited

web‐links

Always use strong passwords

Sign out of the IM application after

using it

Do not check the Remember

password option

32 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
 Searching on the Web
Search engines display
hundreds of results for a Not all the web page results
search query obtained by the search
engine are secure

To filter the malicious search

results, use an antivirus To add Add‐ons in the
application as an add‐on to Mozilla Firefox browser,
the browser and Enable it navigate to Tools Add‐ons
Get Add‐ons

33 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Module Flow

Browser Search Engine and Online

Security IM Security Games

Internet Security Child Online

Laws Safety

34 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
 Online Gaming and MMORPG
Online gaming has become a
popular pastime, especially due
to high‐speed Internet and
emerging technology
MMORPGs are popular It has also become the target
worldwide and the revenues for attackers for the large
for these games are well amounts of money involved
over a billion dollars

Massively Multiplayer Online Role‐

Playing Game (MMORPG) is a type
of computer role‐playing games in
which a large number In the world of MMORPGs, also known
of players interact with one another as online games, players can meet other
within a virtual game world players, become friends, engage in a
battle, fight against evil, and play

35 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Online Gaming Risks
Interactions with
potential fraudsters who Computer intruders
may trick the gamer to exploiting security
reveal personal/financial vulnerabilities
information

Malware such as viruses,

Trojan horses (Trojans), Online and real‐world
computer worms, and predators
spyware

36
All Rights Copyright © by EC-Council
Reserved. Reproduction is Strictly Prohibited.
Insecure or Compromised Game Servers
and Game Coding
If the software at the game server is compromised,
the computers that are connected to the server can
also be compromised
Any game with a network connection has a risk
involved
The attacker may even use the vulnerabilities to
crash the gaming server
The vulnerabilities in the game server can be used by the
attackers to:
Steal game passwords
Steal information from the gamers’ computers
Control the gamers’ computers remotely
Launch attacks on other computers
Install programs such as Trojans, adware, spyware

The game code is generally not as well analyzed as the

other software coding
This may result in introducing unknown vulnerabilities
onto the computer

37 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
 Social Risks
The attackers may use the social interaction in the online game environment to
attack the unprotected computers or to exploit security vulnerabilities

Social Engineering Virtual Mugging

Identity Theft Cyber Prostitution

Protection Schemes

38
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Social Engineering
Attackers may trick the gamers into installing malicious
software on their computers by social engineering

They offer a bonus or help in the game in exchange for

other players’ passwords or other information in the
game forums on a game server

The gamers who are looking for ways to make the play
easier respond to such offers

Attackers send phishing emails supposedly from

the game server administrators, which will invite the
player to authenticate his/her account via a website
linked in the message

Note: Game Masters (GMs) of a game will never ask a gamer for his/her username and/or password

39 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Message from a Gamer About a Password
Stolen by a Malicious Program

http://www.securelist.com

40 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Protection Schemes, Cyber Prostitution,
and Virtual Mugging
Protection Cyber Virtual
Schemes Prostitution Mugging

Organized crime has Online games are being Virtual mugging was
emerged in South Korean used for cyber prostitution coined when some
gaming community where the players of Lineage II
The criminal organizations customers/gamers pay used bots to defeat
force the gamers into money for cybersex other gamers and take
protection schemes, In The Sims online, a their items; these items
where the gamers have to Massively Multiplayer were later put on sale in
pay money (virtual or Online (MMO) game, a 17‐ online auctions
real) to avoid killing of the year‐old developed a cyber
gamers’ characters and “brothel”, where the
theft of the passwords gamers paid Sim‐money
(Simoleans) for cybersex
per minute
The gamers’ accounts were
eventually cancelled

41 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
How the Malicious Users Make Money
Stolen items such as passwords or virtual items are put on sale on websites, such as eBay, or on forums
These are sold to other gamers for real or virtual money
The cyber criminal may ask the gamer for ransom in return for this information

http://www.securelist.com

42 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Security Practices Specific
to Gaming

43 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
 Recognize Administrator Mode Risks

Some games require the Free downloads of games may Instead of using the
game to be run in contain malicious software, administrator account, the
Administrator mode including plugins to run the gamer is advised to browse the
If that is the case, ensure game Internet or play the games
that the game has been This software may be used using a User Account, which
downloaded from a to gain administrator level may deny the attacker access
trusted website/vendor control of the computer to administrator rights

1 2 3

44 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Recognize Risks due to ActiveX
and JavaScript

Some of the games played

over the web require
ActiveX or JavaScript to be
enabled

45 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Play the Game, Only at the
Game Site

Play the games at the This reduces the risk

game site and save of visiting a malicious
the Internet Once done with website when playing
browsing for later playing the game, a game
switch to the user
account to browse
the Internet

46 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Pay Attention to Firewall
Management
Playing certain multiplayer games may require the
firewall settings to be changed to allow information
from the game to get through to the gamers’ computers

Every time the permissive settings are changed

on the firewall, the risk of computer security
concerns increases

In the firewalls, the gamer can designate the fellow

gamers’ IP addresses as trusted to avoid any interactions
with the attacker

47 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Module Flow

Browser Search Engine and Online

Security IM Security Games

Internet Security Child Online

Laws Safety

48 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Risks Involved Online
The risks involved when a child works
online include:
Misdirected searches
Stealth sites and misleading URLs
Online sexual harassment
Child pornography

Grooming

Cyberbullying

49 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Misdirected Searches
Parents may take all the precautions to protect the child online, but all that could
1 be negated when the child is unconsciously led to visit harmful sites

2 Search engines use terms known as “meta variables” to index a website

When a user searches for websites, the search engines display the results using
3 the meta variables

Example: a sports website may be indexed by the meta terms “soccer”,

“football”, “scores”, etc.

Porn site promoters add popular search terms to their meta variable list, to redirect
4 the web traffic towards their site

Porn sites may use the words “sports”, “school”, “movies”, etc., to lure children
5 to their websites

Unless a filtering software is used, the search engines cannot distinguish between
6 the search requests of an adult and a child

50 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Stealth Sites and Misleading
URLs
Pornographic sites use
Pornographic websites
common typo errors to
thrive on increased web
lure visitors to their
traffic
websites

Porn site promoters buy

Children may end up at a
domain names such as the
pornographic website just by
“.com” equivalent of a “.gov”
typing
or a “.org” website, being
“www.whitehouse.com”
aware that web surfers would
instead of
end up at their website if
“www.whitehouse.gov”
there is a typographical error

51 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Child Pornography, Grooming, and
Cyberbullying
Child Pornography Grooming Cyberbullying
“Under federal law (18 U.S.C. “Grooming” is an act of Cyberbullying occurs when a
§2256), child pornography is befriending and establishing child, preteen or teen, is
defined as any visual depiction, emotional connection with threatened, harassed, and/or
including any photograph, film, children embarrassed using the
video, picture, or computer or Child grooming is used for Internet or mobile phones or
computer‐generated image or lessening the child’s other communication media
picture, whether made or inhibitions and preparing Cyberbullying signs:
produced by electronic, them for child abuse Upset after using the
mechanical, or other means, of computer
The offenders target children
sexually explicit conduct, where through attention, affection,
the production of the visual Refuse to step out of the
kindness and sympathy, and house or to go to school
depiction involves the use of a offer gifts and/or money
minor engaging in sexually Draws away from friends
explicit conduct” and family
‐http://www.missingkids.com

52
All Rights
Copyright © by EC-Council
Reserved. Reproduction is Strictly Prohibited.
Role of the Internet in Child Pornography

The Internet provides easy access to huge quantities of pornographic materials

It ensures complete anonymity and privacy

Various web services such as emails, newsgroups, and chat rooms facilitate the
sharing of pornographic materials

It provides a cost‐effective medium for the transfer of pornographic

materials

It enables people with an Internet connection to access pornographic

materials at any time and anywhere

It supports transfer of pornographic materials in various formats that can be

stored on different digital storage devices

53 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Effects of Pornography on Children

They experience mental

Child victims suffer weakness such as:
from depression, anger,
withdrawal, and other Guilt and feeling
psychological problems responsible for the
abuse and betrayal
Physical injuries due to
molestation, such as A sense of
genital bruising or powerlessness and
exposure to sexually worthlessness
transmitted diseases
Low self‐esteem

54 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Risks Involved in Social Networking
Websites
People on the social networking websites can view the profiles,
photos, and videos of other people on that website

The child may provide too much information on a social

networking website

Online predators may get information such as email IDs,

telephone numbers, residential address, hobbies, interests
and more from their profile

Online predators may use this information for cyberbullying,

identity theft, or cyber exploitation

55 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
 Unsolicited Emails
Online predators may
use email techniques
to steal information
from children

They may send spam emails The child may even be

that contain pornographic asked to register on that
materials or links to website by providing
pornographic websites personal information

56 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
 Chat Rooms
Online predators may use chat
rooms to build contacts with
children and then lead them into
cyber prostitution

Online predators may use

social engineering techniques
to get personal information
from children in a chat room

They may also use chat rooms

to sends links to websites with
inappropriate content, such as
pornography

They may also send malicious

links to children, which may
result in the computer getting
infected with malware

57 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Finding if Children are at Risk Online
The parent can find if their children are facing any online threats from the following symptoms:

The child spends more time sitting at the computer

Pornographic material is present on the child’s computer

The child receives phone calls and/or gifts from unknown

persons

The child turns off the monitor or quickly changes the

screen when the parent enters their room

The child looks depressed and does not show any interest in
talking with family or friends

58 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Protecting Children from Online
Threats
Ensure that the child knows about dangers Check credit card statements each
of computer‐sex offenders month for any unusual charges that may
Monitor what the child does on the indicate unauthorized purchases by a
computer stranger or your child

Use caller ID on phones to determine who is Notify the police if someone the child
calling the child, and block numbers that met online starts calling them, sends
are suspicious gifts, or trying to lure them for revealing
sensitive information
Monitor the child's access to all types of live
electronic communications such as chat Ensure that the child does not:
rooms, instant messages, Internet Relay Provide personal information such as
Chat, etc. name, address, phone, school name
Restrict access to the malicious and porn Meet anyone online without
websites using Internet content filtering permission
software Open emails from unknown senders
If the child is maintaining a social Share their photos/videos with
networking profile, look closely at what strangers over the Internet
information they have posted in their
member profiles and blogs, including
photos and videos

59 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Encourage Children to Report

The parents should encourage their children to

report any inappropriate behavior they may face
online

The parents can encourage the child to come to

them if they are being bullied or are facing online
predators

The children may also be encouraged to speak to a

trusted individual such as an aunt, uncle, or older
sibling, if they are uncomfortable talking to the
parents

60 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
How to Report a Crime

Internet crimes can be

reported at
http://www.ic3.gov/comp
laint/default.aspx by
clicking Report Internet
Crime

http://www.ic3.gov

61 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Security Software for Protecting Children from Online
Threats
Children can be protected from online threats by installing appropriate security software on
the child’s computer
The features that a parent should look for in the software include:
Web blocking IM features
To help in recording and monitoring the IM chats of the child,
To help prevent the child from viewing
thus help the parent in determining if the child is engaged in
inappropriate content
an inappropriate dialogue with unknown persons

Program blocking Usage reports

To help block games, peer‐peer file To provide a timely report on the child’s Internet usage and IM
sharing, etc. history to monitor the child’s online interactions

Email blocking Video filtering

To help block unknown email addresses and To ensure that the child does not view inappropriate videos on
prevent children from communicating with sites such as YouTube, but at the same time allow the child to
people they met online, through email view useful/fun videos

Time limits Social networking features

To help in recording and monitoring the content that the child
To help control the amount of time the child
posts online, and to determine if the child is being bullied
spends on the computer
online

62 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
KidZui
KidZui is a free web
browser, search engine,
and online playground for
kids
It has a large number of
games, websites, videos,
and photos reviewed by
parents and teachers
It eliminates the need for
parents when kids are
online

http://www.kidzui.com

63 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
 Actions To Take When the Child
Becomes an Online Victim
Ignore any contact from the
online predator or cyberbully

Report the offense to the

Encourage the child not to
Internet Service Provider
log into the website where
(ISP)
bullying occurred
Also report to the offender’s ISP

Change the online Block the offender’s email

information of the child and address and screen name so
delete the social networking that they cannot contact the
accounts if necessary child anymore

64 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Module Flow

Browser Search Engine and Online

Security IM Security Games

Internet Security Child Online

Laws Safety

65 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
 Internet Laws
The web space is a vast terrain and with plethora of e‐commerce sites, analytical sites, sports sites,
information sites, business sites, etc.
Such a large domain requires supervision to protect the netizens from Internet criminals, attackers, etc.
Internet laws protect the users from immoral/indecent acts, privacy breach, etc., on the Internet

Why you need to

Internet laws cover: Important laws:
know Internet laws:
Internet users should know the Defamation USA PATRIOT Act
Internet laws to leverage the
disputes against e‐commerce Intellectual property Children’s Online Privacy
vendors, fraudsters/Internet Protection Act (COPPA)
Patents
criminals, etc., The Digital Millennium
Copyrights
Knowing the Internet laws helps Copyright Act
the users to understand what Privacy infringement CAN‐SPAM Act
they can and cannot post on the
Child protection, etc. Computer Misuse Act 1990
Internet
Also, users need to know the European Union Data
Internet laws to be able to legally Protection Directive
use the immense content
present on the Internet Data Protection Act 1998

66
All Rights
Copyright © by EC-Council
Reserved. Reproduction is Strictly Prohibited.
USA PATRIOT Act
USA PATRIOT (Uniting and Strengthening Section 212 of the act allows the ISPs to
America by Providing Appropriate Tools voluntarily disclose the customer
Required to Intercept and Obstruct Terrorism, information including the customer records
USAPA),was passed on October 26, 2001 and all electronic transmissions (email,
voice transmissions)
TITLE II‐Enhanced Surveillance Procedures,
section 216 of the Patriot act, gives law The ISPs may choose to reveal the
enforcement authorities access to dialing, customer information if they believe that
routing, and signaling information there is risk of death or bodily injury to an
individual/group
According to the act, law enforcement
authorities have access to the email packets Section 220 of the act allows for
(includes email content) nationwide search warrants for email
Under the act, the government can compel This gives the authorities the right to
the ISP to release the subscriber information search a suspect without having to go to
that includes: the place of the ISP

Customer name
Customer address
Mode of payment
Credit card information
Bank account information

67 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Children’s Online Privacy
Protection Act (COPPA)
The COPPA is relevant to the online collection of The privacy policy should include:
personal information from children below the age The name and contact information of all the operators
of 13 collecting/maintaining the personal information
The act dictates: The kind of personal information that will be collected
What a website owner must include in the privacy How the operator intends to use the personal information
policy
Whether the operator releases the personal information
When and how the verifiable consent can be requested to third parties
from the parents
If the parents’ consent is required for releasing the
The responsibility of the website owner in protecting
information to third parties
the children’s online safety and privacy
The procedure that the parents should follow to control
Every operator of a website or online service who
their children’s personal information
collects the personal information of children,
knowingly, must comply with COPPA According to the act, the operator should:
The operator must include a link to the privacy Notify the parents that he/she intends to collect their
policy of the website on the home page children’s information
Ask for the parents’ consent before releasing the
information to the third parties/public disclosure
Inform the parents about the internal use of the personal
information
Inform the parents if there are any changes in the privacy
policy

68 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
The Digital Millennium Copyright
Act
The European Union
The Digital Millennium
Copyright Directive
Copyright Act (DMCA)
(EUCD) addresses some of
1998 was signed into
the same copyright
law by President
infringement issues as the
Clinton
DMCA

According to the act, any

infringement of the copyrighted
material is a criminal offense

69 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Highlights of DMCA
Circumventing any anti‐piracy measures built into commercial software is a crime

Bans the production, sale, or distribution of code cracking tools to illegally copy software

Permits the cracking of copyright‐protected software to perform encryption research and test
computer security systems

Nonprofit libraries, educational institutions, etc., are exempted from the act under certain
circumstances

ISPs are exempt for simply transmitting information over the Internet

ISPs are, however, required to remove the copyright‐infringing materials from user websites

Webcasters are required to pay licensing fee to the recording companies

70 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
CAN-SPAM Act
Requirements
U.S. President George W.
false misleading
Bush

commercial email
disclose it
clearly
rules for commercial email
receiving further
commercial messages emails from you

sender stop emailing them 10 business days

penalties of up to monitor what they are

$16,000 sending to the recipients

71 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Computer Misuse Act 1990
The Computer Misuse Act 1990 is an act of the UK Parliament

The act makes certain activities The act defines three computer
illegal such as: misuse offenses:
Hacking into other users’ computers Unauthorized access to computer material
Misusing software Unauthorized access with intent to commit
Helping an attacker gain access to or facilitate commission of further offenses
secured files/documents in another Unauthorized modification of computer
user’s computer material

72 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
European Union Data Protection
Directive (95/46/EC)
The 95/46/EC directive provides guidelines to European Union member states for individuals’ privacy and
data protection

The directive regulates the processing of personal data regardless of whether such processing is
automated or not

Section 1of the directive provides the principles relating to data quality, section 2 provides criteria for
making data processing legitimate and section 5 defines the data subject's right of access to data

According to section 1 of the directive, Member States shall provide that personal data must be collected
for specified, explicit and legitimate purposes and not further processed in a way incompatible with those
purposes

Section 2 states that Member States shall provide that personal data may be processed only if the data
subject has unambiguously given his consent

Section 5 states that Member States shall guarantee every data subject the right to obtain from the
controller without constraint at reasonable intervals and without excessive delay

73 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Data Protection Act 1998 (UK)
Personal Data Right To Privacy

Data Protection Act 1998 It protects people's

defines UK law on the fundamental rights and
processing of data on freedoms and in particular
identifiable living people and is their right to privacy with
the main piece of legislation respect to the processing of
that governs the protection of personal data
personal data in the UK

Explicit Consent Authorization

Data must not be disclosed to It is an offence for other parties

other parties without the to obtain this personal data
consent of the individual whom without authorization
it is about, unless there is
legislation or other overriding
legitimate reason to share the
information

74 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Module Summary
Internet security involves protecting user’ data and information from unauthorized access when
connected to the Internet
Scan the file downloads with updated antivirus software to check for the presence of malware
Online gaming has become a popular pasttime, especially due to high‐speed Internet and emerging
technology
If the software at the game server is compromised, the computers that are connected to the server
can also be compromised
Parents may take all precautions to protect the child online, but all that could be negated when the
child is unconsciously led to visit harmful sites
Children can be protected from online threats by installing appropriate security software on the
child’s computer
Internet laws protect users from immoral/indecent acts and privacy breach on the Internet
Knowing the Internet laws helps the users to understand what they can and cannot post on the
Internet

75 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
 Checklists
Regularly update your operating system and other installed
applications

Set up a firewall to control the flow of information

Ensure that you have the latest web browser installed on

the system and update it regularly

Install a safe browsing tool that warns about reported phishing sites
and blocks access to the addresses

Ensure that you are connected to a secured network when using a

wireless network

Never respond to unsolicited email offers or requests for

information

76 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
 Checklists
Do not click the links sent by unknown users

Do not download files from unknown sources

Do not give out personally identifiable information when registering

with websites/applications

Do not click any pop‐ups that appear while browsing websites

Regularly scan your system for viruses, worms, Trojans, spyware, key
loggers and other malware using antivirus

Update the antivirus application on a regular basis

77 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
 Checklists
Use strong passwords and change them at regular intervals

Disconnect from the Internet if anything suspicious is found on the

computer

Always check the Address bar for correct URL

Always check the website certificate, SSL padlocks and HTTPs

Do not enable ActiveX and JavaScript features

Regularly back up the important files

Remove unnecessary protocols from the Internet interface

Check router or firewall logs to identify abnormal network

connections to the Internet

78 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
 Checklist for Parents

Talk to children about what they do on the computer

Get a profile on the social networking site the child is on

Review the list of the child’s friends

Be informed of the challenges of social networking

Check if anyone is trying to impersonate the child online

Encourage the child to use the child safe applications such as KidZui

79 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.