Scribd Logo
Importer

Bienvenue sur Scribd !

  • Cs Web Browser

    Transféré par

    lipika008
    58 vues16 pages
    Java, ActiveX contribute valuable functionality to Web Browsers by allowing users to automatically (and often invisibly) download code over the Internet. Imbedded security tools of these technologies provides restrictions on code execution. Possible consequences of downloading code and running it locally? Modify your local information Access other computers as if it were you Send e-mail signed by you execute a virus or Trojan horse.

    Description originale:

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Formats disponibles

    PPT, PDF, TXT ou lisez en ligne sur Scribd

    Avez-vous trouvé ce document utile ?

    Ce contenu est-il inapproprié ?

    Signaler ce document
    Java, ActiveX contribute valuable functionality to Web Browsers by allowing users to automatically (and often invisibly) download code over the Internet. Imbedded security tools of these technologies provides restrictions on code execution. Possible consequences of downloading code and running it locally? Modify your local information Access other computers as if it were you Send e-mail signed by you execute a virus or Trojan horse.

    Droits d'auteur :

    Attribution Non-Commercial (BY-NC)
    Téléchargez comme PPT, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    58 vues16 pages

    Cs Web Browser

    Transféré par

    lipika008
    Java, ActiveX contribute valuable functionality to Web Browsers by allowing users to automatically (and often invisibly) download code over the Internet. Imbedded security tools of these technologies provides restrictions on code execution. Possible consequences of downloading code and running it locally? Modify your local information Access other computers as if it were you Send e-mail signed by you execute a virus or Trojan horse.

    Droits d'auteur :

    Attribution Non-Commercial (BY-NC)
    Téléchargez comme PPT, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    sur 16

    Web Browsers – Threat and Menace?

    Web Browsers – Threat and Menace?


    Technical Seminar Presentation

    A Technical paper
    Under Guidance
    Presented by:
    of:
    Ravi Krishna .Y
    DutiKrushna
    Roll:cs200117193 panda

    NATIONAL INSTITUTE OF SCIENCE AND TECHNOLOGY


    Palur Hills, Berhampur
    Ravi Krishna .Y cs200117193 1
    Web Browsers – Threat and Menace?

    Introduction
    Technical Seminar Presentation

    • Java, ActiveX contribute valuable functionality to Web


    Browsers by allowing users to automatically (and often
    invisibly) download code over the Internet.
    • Once downloaded, this code automatically executes
    locally.
    • Imbedded security tools of these technologies provides
    restrictions on code execution.
    • A discussion of security models for Java, Java Script and
    ActiveX and their impact on computer viruses.

    Ravi Krishna .Y cs200117193 2


    Web Browsers – Threat and Menace?

    Why run code from the Web?


    Technical Seminar Presentation

    • Today’s servers download code and data to clients. Clients


    execute the code and perhaps return processed data.

    • Automatically downloading program upgrades or browser


    extensions helps increase the seamless nature of the
    computing experience, and potentially saves much time
    and hassle for the user.

    Ravi Krishna .Y cs200117193 3


    Web Browsers – Threat and Menace?

    Possible consequences of downloading code


    and running it locally?
    Technical Seminar Presentation

    • Modify your local information


    • Access other computers as if it were you
    • Send e-mail signed by you
    • Execute a virus or Trojan horse
    • Purchase goods or transfer funds as if it were you
    • Change security settings
    • And good stuff too

    Ravi Krishna .Y cs200117193 4


    Web Browsers – Threat and Menace?

    Safety approaches:
    Technical Seminar Presentation

    1. Fortification:

    • Limit what the program can try to do


    • Limit what the program can actually do
    • Search the code for viruses or before letting
    it run (virus scanners)
    • Manually limit the code’s behavior by
    asking the operator for permission

    Ravi Krishna .Y cs200117193 5


    Web Browsers – Threat and Menace?

    2.Mortification:
    Technical Seminar Presentation

    • Tools to obtain redress for the actions of a program whose


    author can be proven through a digital signature.
    • Digital signatures
    • Public key management
    • Digital certificate authorities

    Ravi Krishna .Y cs200117193 6


    Web Browsers – Threat and Menace?

    Programs browsers execute :


    Technical Seminar Presentation

    • Programs that are functionally in the browser:


    1. Interpreters for HTML, DHTML, XML,
    2. JavaScript, Java applets, etc.
    • Programs installed to extend the browser
    1. Navigator plug-ins such as the RealAudio plug-in
    2. Internet Explorer ActiveX controls
    • Programs started by the browser but executed by the OS
    1. Programs already installed e.g. download a doc file and start
    Microsoft Word to process
    2. Arbitrary downloaded programs

    Ravi Krishna .Y cs200117193 7


    Web Browsers – Threat and Menace?

    Working with programs that are functionally contained within the browser
    Technical Seminar Presentation

    Internet Options® Security ® Custom®Settings

    Ravi Krishna .Y cs200117193 8


    Web Browsers – Threat and Menace?
    Working with programs that extend the browser
    Technical Seminar Presentation

    Figure 3. To reach this dialog box enter View® Internet Options® Settings® View Objects.
    This figure shows the effect of right clicking on MSNBC.

    Ravi Krishna .Y cs200117193 9


    Web Browsers – Threat and Menace?

    Safe for Scripting


    Technical Seminar Presentation

    • A challenge in complex environments:to understand how pieces work


    together.
    • In Dynamic browser environment(ex: The way JavaScript or VBScript
    programs interact with ActiveX controls)
    • In order for the ActiveX control to interact with its JavaScript or
    VBScript companion it must contain an internal parameter set by the
    ActiveX control’s author that indicates the ActiveX control is safe for
    scripting.

    Ravi Krishna .Y cs200117193 10


    Web Browsers – Threat and Menace?

    Programs started by the browser but executed by the OS


    Technical Seminar Presentation

    View® Folder Options® File Types

    Ravi Krishna .Y cs200117193 11


    Web Browsers – Threat and Menace?

    Working with digital signatures


    Technical Seminar Presentation

    View® Internet Options®


    Content
    Ravi Krishna .Y cs200117193 12
    Web Browsers – Threat and Menace?

    NETSCAPE NAVIGATOR
    Technical Seminar Presentation

    Communicator®SecurityInfo®Java/JavaScri
    pt

    Ravi Krishna .Y cs200117193 13


    Web Browsers – Threat and Menace?

    CONCLUSION
    Technical Seminar Presentation

    • The ability to executing programs in Web browsers pays big dividends


    • There are many avenues for executing code from the web
    • Safety is a concern, proper configuration is important
    • Take the best of both trust and fortification
    • Browser configuration is complicated
    • There is less public scrutiny of browser extensions (individual
    ActiveX controls, Netscape Plug-ins, etc) than of the browsers
    themselves. Your browser is no safer than its weakest add-on
    • The system is working. Abuses are not overwhelming.

    Ravi Krishna .Y cs200117193 14


    Web Browsers – Threat and Menace?

    REFERENCES
    Technical Seminar Presentation

    • WWW.IBM.COM
    • WWW.MSNBC.COM
    • www.snort.org
    • www.lucidic.net/whitepapers

    Ravi Krishna .Y cs200117193 15


    Web Browsers – Threat and Menace?
    Technical Seminar Presentation

    THANK
    YOU!!!
    Ravi Krishna .Y cs200117193 16

    Vous aimerez peut-être aussi