Securing Interaction for Sites, Apps and Extensions in the Browser
9 1 ADVANCED WEB TOPICS Browser Extensions and Internet Security New Perspectives on THE INTERNET.
-
Upload
erick-gary-short -
Category
Documents
-
view
219 -
download
1
description
Transcript of 9 1 ADVANCED WEB TOPICS Browser Extensions and Internet Security New Perspectives on THE INTERNET.
1
9
ADVANCED WEB TOPICSBrowser Extensions and
Internet Security
New Perspectives onTHE INTERNET
2
9
Objectives
• Learn how to enhance your Web browser capabilities with browser extensions
• Discover where to locate popular browser extensions for Microsoft Internet Explorer
• Visit a Web site where you can test a plug-in
3
9
Objectives
• Investigate Internet security and learn about secrecy, integrity, necessity, and privacy
• Identify several ways to defend against security risks
• Learn about copyright and intellectual property rights on the Internet
4
9
Browser Extensions
• Allow a Web browser to perform tasks it was not originally designed to perform.
• Plug-ins – programs that a browser starts to display or play a specific file.
• Helper applications or helper apps – “help” a browser to display or play a file.
5
9What Are Plug-Ins
and Helper Applications?
• Plug-ins differ slightly from helper applications in the way they run.
• Helper applications are independent programs that are stored on your computer and are activated automatically when needed.
• Plug-ins do their work inside the browser and do not activate standalone programs.
6
9What Are Plug-Ins
and Helper Applications?
7
9What Are Plug-Ins
and Helper Applications?
8
9What Are Plug-Insand Helper Applications?
Figure 9-3
9
9
Browser Extension Categories
• Document and productivity• Image viewer• Multimedia• Sound player• Video player• VRML and 3-D
10
9Document and
Productivity Browser Extensions
• Let you use a browser to read documents.
• Files saved in PDF format require Adobe Acrobat Reader.
• Microsoft Office lets the browser start Word, Excel and other Office files.
11
9
Image Viewer Browser Extensions
• Image viewer displays graphics.
• Display different picture file formats. More than one graphic viewer will be needed to view the different kinds of pictures on the Web.
• AutoDesk displays line drawings in the proprietary Drawing Web format.
• Real estate agents use iPix.
12
9
Multimedia Browser Extensions
• Largest category of browser extensions.
• Shockwave provides animated interfaces, interactive advertisements and product demonstrations, multi-user games, and streaming CD-quality audio.
• Flash displays high-impact user interfaces, interactive online advertising, and animation. Automatically installed with Internet Explorer and Navigator.
13
9
Multimedia Browser Extensions
Figure 9-4
14
9
Sound Player Browser Extensions
• Let your Web browser play sounds.
• Beatnik and Crescendo deliver high-quality interactive music and sound on the Web.
• RealPlayer delivers MIDI music in very small file sizes. RealPlayer plays streaming audio and video and uses buffered play.
15
9
Video Player Browser Extensions
• Deliver movies to Web browsers.
• QuickTime technology plays video, sound, and music. QuickTime movie format is computer-platform neutral.
• QuickTime’s format was adopted by the ISO as the starting point for developing an improved and unified digital media storage format.
16
9
Video Player Browser Extensions
17
9
VRML and 3-D Browser Extensions
• Virtual Reality Modeling Language is a programming language that creates three-dimensional environments that can mimic known worlds or define fictional ones.
• Cosmo Player is a VRML player that lets you experience three-dimensional Web worlds without having special three-dimensional graphics acceleration hardware installed.
18
9
VRML and 3-D Browser Extensions
19
9
Finding Browser Extensions
20
9
Finding Browser Extensions
21
9
Finding Browser Extensions
22
9
Finding Browser Extensions
23
9Installing and Testing Browser Extensions
24
9
Security Overview
• Protection of assets from unauthorized access, use, alteration, or destruction.
• Physical Security – tangible protection devices
• Logical Security – uses non-physical protections
• Countermeasure – procedure that recognizes, reduces, or eliminates a threat
25
9
Security Overview
Figure 9-13
26
9
Security Overview
• Secrecy prevents unauthorized data disclosure and ensures the authenticity of the data’s source.
• Integrity prevents unauthorized data modification
• Necessity prevents data delays or denials.
27
9
Security Overview• Copyright is the protection of expression.
28
9Security Overview
29
9
Security Threats
• Integrity Threat – also know as active wiretapping
• Delay and Denial Threats – disrupts normal computer processing or deny processing entirely
• Intellectual Property Threats – use material without the owner’s permission
30
9
Security Threats
• Threat Delivery Mechanisms –
– A hacker uses Trojan horses, viruses, and worms to attack computers.
• Computer Emergency Response Team has teams around the world to recognize and respond to computer attacks.
31
9Security Threats
32
9
Security Countermeasures The security countermeasures necessary for
Internet transactions should ensure that the transaction or message being sent:
– Cannot be read by anyone except the intended recipient.
– Is tamperproof, ensuring that no one was able to modify its contents or delete it entirely.
– Is authored by the person who claims to be the sender.
33
9
Security Countermeasures
A digital certificate contains:
• The certificate holder’s name, address, and e-mail address
• A special key that “unlocks” the digital certificate, thereby verifying the certificate’s authenticity
• The certificate's expiration date or validity period• A trusted third party, called a certificate authority,
which verifies the person’s identity and issues the digital certificate
34
9Security Countermeasures
Figure 9-17
35
9
Security Countermeasures
36
9
Secrecy and Privacy
• Encryption – process of coding information using a mathematical-based program and a secret key to produce a string of characters that is unreadable
• Decryption – the reverse of encryption
• Two-types of encryption used today:– Symmetric (private-key) encryption– Asymmetric (public-key) encryption
37
9
Secrecy and Privacy
Figure 9-19
38
9
Secrecy and Privacy
Figure 9-20
39
9
Protecting Web Commerce Transactions
• Sockets Layer (SSL) – widely used, nonproprietary protocol that travels as a separate layer on top of the TCP/IP protocol
• SSL uses both symmetric and asymmetric encryption and keys to ensure privacy.
• Session keys exist only during a single, active session between the browser and server.
40
9
Protecting Web Commerce Transactions
Internet Explorer’s Secure State Indicator
Navigator’s Secure State Indicator
41
9
Protecting Web Commerce Transactions
42
9
Protecting Web Commerce Transactions
Figure 9-24
43
9
Integrity• A message digest function program is used to
maintain the integrity of an e-mail message.
• This program produces a number called a message authentication code or MAC.
– It must be impossible or costly to reverse the MAC and produce the original message.
– The MAC should be random to prevent creating the original message form the MAC.
– The MAC must be unique to the message so there is an extremely small chance that two messages could ever produce the same MAC.
44
9
Integrity
Figure 9-25
45
9
Necessity
• A necessity attack can slow down processing, completely remove an item, or deny its use.
• Programs that travel with applications to your browser can execute on your PC can be dangerous. May have the following components:– Java– JavaScript– ActiveX
46
9
Necessity
47
9
Security Countermeasures• Whenever possible, avoid completing Web page
registration forms.
• Omit your resume and other personal information from your Web page.
• Set your Web browser to limit or disable cookies.
• Purchase and use a virus detection program.
• Download software and files from known and trustworthy sources.