Security Awareness, 6e Module 4: Internet Security PDF
Document Details
Uploaded by BlitheObsidian8424
Zayed University
2024
Mark Ciampa
Tags
Summary
This Cengage textbook details internet security concepts, including how the internet works, the roles of web browsers and email, and various security risks. It also covers ways to secure web browsers and email. The objectives and activities related to email and web security are also covered.
Full Transcript
Security Awareness, 6e Module 4: Internet Security Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly acc...
Security Awareness, 6e Module 4: Internet Security Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 1 Module Objectives 4.1: Explain how the World Wide Web and email work 4.2: Identify the risks associated with using a browser and email 4.3: Explain the threats from web servers and transmissions 4.4: Describe the steps in securing a web browser 4.5: List email defenses Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 2 How the Internet Works Internet – A global network that allows devices connected to it to exchange information – Often defined as an international network of computer networks – Not owned or regulated by any organization or government entity – Computers loosely cooperate to make the Internet a global information resource – Two main Internet tools: World Wide Web and email Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 3 The World Wide Web (1 of 5) World Wide Web (WWW) – Better known as the web – Internet server computers that provide online information in a specific format Hypertext Markup Language (HTML) – Allows Web authors to combine text, graphic images, audio, video, and hyperlinks (which allow users to jump from one area to another) – HTML code is combined into a series of webpages that make up a website Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 4 The World Wide Web (2 of 5) Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 5 The World Wide Web (3 of 5) Web browser – Software on a user’s device that interprets the HTML code – Displays the words, pictures, and other elements on a user’s screen Hypertext Transport Protocol (HTTP) – Standards or protocols used by Web servers to distribute HTML documents – Subset of Transmission Control Protocol/Internet Protocol standards (TCP/IP) – User’s web browser displays the document Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 6 The World Wide Web (4 of 5) User opens the web browser and enters a uniform resource locator (URL) – Web browser on the user’s computer sends a request to a remote web server using HTTP – Web server responds by sending the HTML document to the user’s local computer Transfer-and-store process – Entire document is transferred and then stored on the local computer before the browser displays it Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 7 The World Wide Web (5 of 5) Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 8 Email (1 of 6) First email was sent in 1971 by developer Ray Tomlinson Estimate: over 400 billion emails are sent per day – About 15% are legitimate and the remaining 85% are spam Two basic components involved in sending and receiving mail – Mail User Agent (MUA) Used to read and send mail from a device (such as Microsoft Outlook or Gmail) – Mail Transfer Agent (MTA) Programs that accept email messengers from senders and route them to their recipients Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 9 Email (2 of 6) Two different email systems in use today An earlier email system uses two TCP/IP protocols: – Simple Mail Transfer Protocol (SMTP) Handles outgoing mail – Post Office Protocol (POP or POP3) Responsible for incoming mail – MUAs use both SMTP and POP3 to send and download messages Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 10 Email (3 of 6) Internet Mail Access Protocol (IMAP) – A more recent and advanced email system – Email remains on the email server and is not downloaded to user’s computer – Mail can be organized into folders on the server – Can be read from any device—laptop, tablet, smartphone – Users can use a website as their MUA (such as Gmail) – As email is transferred from one MTA to another MTA, information is added to the email header Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 11 Email (4 of 6) Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 12 Email (5 of 6) Email headers also contain an analysis of the email by the MTA Email attachments – Documents attached to an email message – Encoded in a special format – Sent in a single transmission with email message – The receiving computer converts the attachment back to its original format Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 13 Email (6 of 6) Table 4-1 Microsoft Office 365 email analysis Abbreviation Category BULK Bulk DIMP Domain impersonation GIMP Mailbox intelligence-based impersonation HPHISH High confidence phishing HSPM High confidence spam MALW Malware PHSH Phishing SPM Spam SPOOF Spoofing UIMP User impersonation AMP Anti-malware SAP Safe attachments OSPM Outbound spam Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 14 Internet Security Risks Variety of risks from using the Internet – User device threats – Threats from web servers – Transmission risks Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 15 User Device Threats (1 of 13) Multiple threats focus on the user device itself – Browser dangers – Email risks Browser Dangers In early days of web, users viewed static content – Information that does not change Today, users demand dynamic content – Content that changes (animation or customized info) Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 16 User Device Threats (2 of 13) Ways to produce dynamic content, which carry cybersecurity risks – Scripting code – Extensions Scripting code – Computer code that commands the browser to perform specific actions – JavaScript and PowerShell are the most popular scripting languages Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 17 User Device Threats (3 of 13) JavaScript – Embedded inside HTML documents – Interact with the HTML page’s Document Object Model (DOM), which connects webpages to scripts or programming languages – When a website that uses JavaScript is accessed, the HTML document that contains it is downloaded onto the user’s computer – Visiting a website that automatically downloads code to run on a user’s device can be dangerous A malicious JavaScript program can capture and send user information without the user’s knowledge or authorization Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 18 User Device Threats (4 of 13) PowerShell by Microsoft – A task automation and configuration management framework – Administrative tasks are performed by cmdlets (“command-lets”) – Users and developers can create and add their own cmdlets – On the Microsoft Windows platform, PowerShell has full access to a range of operating system operations and components – It is a prime target for threat actors Can be configured so its commands are not detected by antimalware Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 19 User Device Threats (5 of 13) Extensions – Expand the normal capabilities of a web browser for a specific webpage – Most are written in JavaScript – Generally have wider access privileges than JavaScript running in a webpage – Browser-dependent—extensions that work in Google Chrome will not function in Microsoft Edge – Since extensions are given special authorizations, they are attractive to attackers Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 20 User Device Threats (6 of 13) Plug-ins – Were widely popular as additions to web browsers – Add new functionality to the browser so users can play music, view videos, or display special graphic image – Almost all web browsers have dropped support for automatic plug-ins due to their security risks Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 21 User Device Threats (7 of 13) Email Risks Malicious attachments Embedded hyperlinks Spam Malicious Attachments – Attacks are often distributed through email attachments via Microsoft Office files that contain a macro (a series of instructions that can be grouped as a single command) Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 22 User Device Threats (8 of 13) Email Risks Malicious attachments Embedded hyperlinks Spam Malicious Attachments – Attacks are often distributed through email attachments via Microsoft Office files that contain a macro (a series of instructions that can be grouped as a single command) Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 23 User Device Threats (9 of 13) Macro – Usually written by using Visual Basic for Applications (VBA) – VBA is built into most Microsoft Office applications (Word, Excel, PowerPoint, etc.) for both Windows and Apple macOS platforms – VBA can manipulate toolbars, menus, forms, and dialog boxes – Microsoft has reported that 98% of all Office-targeted threats are a result of macro-based malware Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 24 User Device Threats (10 of 13) Embedded Hyperlinks – Contained within the body of the email message as a shortcut to a website – Redirection from a malicious hyperlink is easily accomplished because an embedded hyperlink in an email message can display any content or URL to the user Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 25 User Device Threats (11 of 13) Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 26 User Device Threats (12 of 13) Spam – Unsolicited email can be measured in the hundreds of billion messages sent daily – Almost all spam is sent from botnets – Spam is widely used to distribute malware – Spam filters look for spam-related words and block the email – Spammers have now turned to image spam so the content appears as an image rather than text Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 27 User Device Threats (13 of 13) Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 28 Threats from Web Servers (1 of 7) Web servers that provide content to users can pose a risk Some threats are – Malvertising – Drive-by downloads – Cross-site scripting (XSS) attacks – Cross-site request forgery (CSRF) attacks Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 29 Threats from Web Servers (2 of 7) Malvertising (malicious advertising) – Attackers promote themselves as reputable third-party advertising to distribute malware through ads sent to users’ web browsers Advantages for the attacker: – Occurs on “big-name” websites – Usually website owners are unaware malware is being distributed through their website ads – Ad networks rotate content quickly, making it difficult to determine if malvertising was the culprit of attack – Attackers can narrowly target victims Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 30 Threats from Web Servers (3 of 7) Drive-by downloads – Attack attempting to infect the website directly – Can result in a user’s computer becoming infected just from viewing the website – Attackers attempt to inject malicious content by exploiting it through a vulnerability in the web server – Injected content is virtually invisible to the naked eye Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 31 Threats from Web Servers (4 of 7) Cross-Site Scripting (XSS) – An attack using scripting that originates on one site (the web server) to impact another site (the user’s computer) – Websites that create dynamic content typically ask for user input and then create the content based on that input – If the website does not first validate the user’s input (sanitizing), attackers can exploit input that has been entered into a form – The input can be replaced with malicious code and sent to the user’s web browser to be executed Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 32 Threats from Web Servers (5 of 7) Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 33 Threats from Web Servers (6 of 7) Cross-Site Request Forgery (CSRF) (sea-surf) – A request to a website is not from the authentic user but is a forgery that involves crossing sites – Takes advantage of an authentication “token” that a website sends to a user’s web browser – A user logged into a website is tricked into loading another webpage, and the new page inherits the identity and privileges of the victim who logged in Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 34 Threats from Web Servers (7 of 7) Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 35 Transmission Risks (1 of 4) Some attacks are designed to intercept network communications across the Internet – Man-in-the-middle – Session replay – Man-in-the-browser Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 36 Transmission Risks (2 of 4) Man-in-the-Middle (MITM) – A threat actor is positioned in a communication pathway between two endpoints—such as between two user laptops or a user’s computer and a web server – Neither party is aware of the threat actor – The goal of the attack is to either eavesdrop on the conversation or impersonate one of the parties Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 37 Transmission Risks (3 of 4) Session Replay – A replay attack is a variation of a MITM attack – Instead of sending the transmission immediately, a replay attack makes a copy of the legitimate transmission before sending it to the recipient Later, the MITM “replays” the transmission – Session Replay is a special type of replay attack, which involves intercepting and using a session ID to impersonate a user – A session ID is a unique number that a web server assigns a specific user for the duration of that user’s visit (session) Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 38 Transmission Risks (4 of 4) Man-in-the-Browser (MITB) – The attack intercepts communication between parties to steal or manipulate the data between a browser and the underlying computer – Usually begins with a Trojan infecting the computer and installing an extension into the browser configuration – When a user enters the URL of a site, the extension checks to determine if this is one of the sites that was targeted for attack – MITB software resides exclusively within the web browser, making it difficult for standard anti-malware software to detect it Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 39 Knowledge Check Activity 4-1 Which two statements are correct? 1. When a website that uses JavaScript is accessed, the HTML document that contains the JavaScript code is downloaded onto the user’s computer. 2. Extensions expand the normal capabilities of a web browser. 3. Spam, while annoying and a drain on productivity, is not considered dangerous. Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 40 Knowledge Check Activity 4-1: Answer Which two statements are correct? When a website that uses JavaScript is accessed, the HTML document that contains the JavaScript code is downloaded onto the user’s computer. Extensions expand the normal capabilities of a web browser. Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 41 Internet Defenses Defending against Internet-based attacks begins with having the device itself properly secured – Managing patches, running anti-malware software, examining person firewall settings, and having data backups Once computer is secured, additional steps to resist Internet- based attacks include: – Securing the web browser – Creating email defenses Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 42 Securing the Web Browser (1 of 9) Modern web browsers have evolved into strong defenses against attacks Security-related indicators Security settings Managing browser extensions Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 43 Securing the Web Browser (2 of 9) Security-related indicators – Web browsers display indicators to the user about something that may need attention or is a warning about a danger Hypertext Transport Protocol Secure (HTTPS) padlocks Web browser warnings – Hypertext Transport Protocol Secure (HTTPS) padlocks Sends HTTP using a secure cryptographic protocol HTTPS URLs begin with https:// instead of http:// Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 44 Securing the Web Browser (3 of 9) At one time, web browsers displayed a green padlock to indicate the connections was secure Some web browsers now display an indicator that the connection is not secure Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 45 Securing the Web Browser (4 of 9) – Web Browser Warnings Web browsers display warnings if a website is known or suspected to be dangerous When you receive a warning, it is critical to carefully read the message and understand what it says It is strongly recommended that these warnings be heeded Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 46 Securing the Web Browser (5 of 9) Table 4-2 Google Chrome web browser warnings Warning message Explanation The site ahead contains malware The site you start to visit might try to install malware on your computer. Deceptive site ahead The site you are trying to visit might be a phishing site. Suspicious site The site you want to visit seems suspicious and may not be safe. The site ahead contains harmful The site you start to visit might try to trick you into installing programs programs that cause problems when you’re browsing online. This page is trying to load scripts from The site you are trying to visit isn’t secure. unauthenticated sources Fake site ahead (or may display Did you “Appears similar to a safe site you usually visit” or “Tries to mean [site] or Is this the right site?) trick you with a URL that is slightly changed from a known safe site” or “Has a URL that is slightly different from a URL in your browsing history.” Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 47 Securing the Web Browser (6 of 9) Web Browser Security Settings – Modern web browsers allow the user to customize cybersecurity settings by implementing modes of cybersecurity that encompass multiple settings – It is recommended that the highest level of security mode be turned on in a web browser – Exceptions can be made to this highest level – Having the security mode turned off completely is not recommended Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 48 Securing the Web Browser (7 of 9) Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 49 Securing the Web Browser (8 of 9) Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 50 Securing the Web Browser (9 of 9) Managing Browser Extensions – Carry security risks since they are often from third parties – To minimize the risks: Check the browser first Avoid using too many extensions Use reputable sources Review and purge unused extensions Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 51 Email Defenses (1 of 5) Security defenses can be configured to protect email Types of defenses – Restricting attachments – Spam filtering – Setting security options for email – Securing attachments Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 52 Email Defenses (2 of 5) Attachments – Some email clients allow preview of attachments without opening – Scripts are disabled during attachment preview Microsoft Office offers attachment protection – Protected View is a read only mode that disables most editing functions and macros will not launch Users can click Enable Editing to open the file for editing – Trusted document is a file that will open without warning – Files retrieved from a Trusted location can be designated as safe Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 53 Email Defenses (3 of 5) Spam filters – Can be implemented on user’s computer or at corporate or Internet service provider level – Email client spam filter settings Blocked senders (also known as a blacklist) Allowed senders (also known as a whitelist) Blocked top-level domain list (from entire countries or regions) Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 54 Email Defenses (4 of 5) Email security settings – Installed Email MAU Client: Read messages using a reading pane Malicious scripts are not activated Block external content Hyperlinks to pictures or sounds Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 55 Email Defenses (5 of 5) – Web Email considerations: Check account for unusual activity Verify general settings Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 56 Knowledge Check Activity 4-2 Which two statements are correct? 1. Defending against Internet-based attacks begins with the foundation of first having the device itself properly secured. 2. HTTP is a secure protocol for sending information through the web. 3. Before installing a new extension, users should first check to see if this feature has already been added to the browser itself. Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 57 Knowledge Check Activity 4-2: Answer Which two statements are correct? Defending against Internet-based attacks begins with the foundation of first having the device itself properly secured. Before installing a new extension, users should first check to see if this feature has already been added to the browser itself. Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 58 Summary Click the link to review the objectives for this presentation. Link to Objectives Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 59
