Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Browser Security_Example v0.3

No description
by

Faham Usman

on 22 May 2014

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Browser Security_Example v0.3

Information Security
Browser Security
Awareness Campaign
Agenda
Salim is your Cyber Security Advisor.
Aims at promoting, building and ensuring a safer & secure cyber environment and culture in the UAE.
About aeCERT
One of the initiatives of the UAE Telecommunications Regulatory Authority.
aeCERT is the United Arab Emirates Computer Emergency Response Team.
About aeCERT
Securing Your Browser
The Risks
Web Browser Best Practices
Phishing Websites
Stats
Identity Theft
aeCERT
Salim (aeCERT)
@salim_aecert
For more information
www.aecert.ae
info@aecert.ae
Questions
Malicious Browser Plug-ins
Bad Websites
Report Phishing Websites
Securing Your Browser
Disconnect

NoScript Security Suite
Browser Security Plug-ins
WOT

Browser Security Plug-ins
Webutation (Firefox, Chrome)
Browser Security Plug-ins
Secunia Vulnerability Review 2013
Browsers Vulnerabilities
McAfee Q1 Threat report 2013
Phishing URLs
Web Browser Best Practices
Look for https.www (website address) as it indicates that it is a secure site.
Web Browser Best Practices
Malicious Browser Add-ons/Plug-ins: Symptoms
Malicious Websites
Many websites contain malicious content that may infect your machine.
Secunia Vulnerability Review 2013
Browsers Vulnerabilities Criticality
http://thehackernews.com/2013/11/ddos-attack-from-browser-based-botnets.html
http://www.darkreading.com/attacks-breaches/ddos-attack-used-headless-browsers-in-15/240162777
Incidents
Microsoft Security Intelligence Report Edition 14
Browser Attacks Compared to Other Attacks
Phishing Websites
Kaspersky Securelist 2012
Blocked Threats per Browser
McAfee Q1 Threat report 2013
Other

Multiplayer Gaming

Government

Shopping

Finance

Online Auctions

Industry-wise Phishing Targets
Other
Ukraine
Antarctica
Netherlands
Hong kong
United states
McAfee Q1 Threat report 2013
Countries Hosting Most Phishing Sites
2011
2012
Browser-based Attacks
Kaspersky Security Bulletin 2012
Industry-wise Phishing Targets
Browser with built-in or
Plug-in vulnerabilities
Phishing Websites
Stolen consumer information was misused for an average of 48 days in
2012, down from 55 days in 2011 and 95 days in 2010
1 identity theft incident every 3 seconds
Following are the key findings of Javelin Strategy and Research’s identity fraud report 2013:
Identity Theft
Identity Theft
Malware gets downloaded on user’s computer
Sets up malicious website

Accesses malicious website
Uses

Outdated browse
r
Example: Browser Security
Executed

Malicious Code
Outdated
Version
Bypasses
Java Sandbox
Example: Browser Security
Running
Risks
Loss of privacy leading to credit card and identity theft (phishing)
Unauthorized use of your
computer
Web browsers are the most common tools for accessing information on the Internet.


The Risks

Identity theft
Stolen, altered, and/or deleted personal information
2012

2011

2010

2009

2008

2007

2006

2005

$0
$5
$10
$15
$20
$25
$30
$35
$40
$45
Millions of victims

2.0

4.0

6.0

10.0

14.0

16.0

Identity Theft
Billions U.S

0.0

8.0

12.0

Computer infected with malicious software (malware)
Many websites require registering before accessing their
services such as viewing material or purchasing products.
Do not provide your personal information while registering
on websites.
Only register on trusted websites.
Carefully review the privacy statement on a website before
registering to understand how your personal information
will be used.
In case using financial or personal information is inevitable,
make sure that the receiving party is legitimate.
Always use strong passwords consisting of alphanumeric and special characters so that the risk of losing your information can be minimized.
$50
Limit the personal information you share online.
1 out of 4 consumers who received a data breach email became victim
of identity theft
Identity Theft
Identity theft incidents increased in 2012 by 1 million more consumers as compared to previous year.
The amount of money stolen in 2012 increased to $21 billion.
15% of identity theft victims changed their behavior after incident and avoided small online vendors.
15% of identity theft victims changed their behavior after incident and avoided small online vendors.
Pay attention that the URL starts with “https” and look for the lock icon as shown in the next diagram.
Never respond to unsolicited emails asking to fill out a form or provide personal or financial information on an embedded link .
Phishing websites are used to harvest login credentials and personal information.
At Risk Due To
Not Updating To
Most Secure Web
Browser And Plug-ins
Not latest most
Secure browsers
Internet
User
Opera 5 million
Safari 7 million
Firefox 38 million
Opera 5 million
Safari 7 million
Firefox 38 million
37%
63%
Use an up-to-date and trusted antivirus program to protect your machine.
Visit trusted websites and make sure they are legitimate.
Leave a website immediately if it seems suspicious and tries to execute a code through your browser or asks to download a codec.

Excessive pop-up ads
Slowed down computer
Frequent unexpected web browser crash. 
Auto-redirection to download unwanted programs or order useless service.
Auto-change of your browser default search engine and startup page.
Browser Security Plug-ins
Don’t enter personal information if you don’t know the site is secure.
Disable scripts (JavaScript, Java, and ActiveX controls) in the browser by default.
Make sure you log out of the website once you are done shopping and close the browser. This makes sure that no sensitive information is stored in the browser’s cache.
Look for the padlock sign.
Web Browser Best Practices
Use updated anti-virus and antispyware software.
Keep operating system updated with latest patches.
Use updated anti-virus and antispyware software.
Use firewall updated with latest patches.
Use up-to-date applications and install latest patches especially those applications that work with the browser e.g. multi-media applications that are used to view videos.
Use latest browser version and update it regularly.
Web Browser Best Practices
Block pop-up windows.
Never cache any of your passwords or forms containing personal details.
Install plug-ins or extensions only from authentic source.
Harden browser security settings by going to security, privacy, and content sections of your browser. Change the minimum level to medium.
Full transcript