Russ Haynal
Download
1 / 63

Security and Privacy Issues for Internet Users - PowerPoint PPT Presentation


  • 363 Views
  • Updated On :

Russ Haynal Internet Instructor, Speaker, and Paradigm Shaker 21015 Forest Highlands Ct Ashburn, VA 20147 Phone : 703-729-1757 [email protected] http://navigators.com Security and Privacy Issues for Internet Users Rev. 01/2008

Related searches for Security and Privacy Issues for Internet Users

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Security and Privacy Issues for Internet Users' - jaden


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Slide1 l.jpg

Russ Haynal

Internet

Instructor, Speaker, and Paradigm Shaker

21015 Forest Highlands Ct

Ashburn, VA 20147

Phone : 703-729-1757

[email protected]

http://navigators.com

Security and Privacy Issues for Internet Users

Rev. 01/2008

Note: If you send me an email, put “internet training” in the e-mail's subject

Copyright ©  Information Navigators


Course topics l.jpg
Course Topics

issues.html

6

8

Web Server

- Web Server logs

- Off-limit sites

  • Authored content

  • - Usenet – archived

  • - Mailing list archives

  • Web pages

4

Online

Security Testers

Persona

Network Connection

1

Background

Statistics

2

3

  • User actions

  • - Parental controls

  • encryption

  • Passwords

  • offline media

  • - updating software

  • - Critical Advice

9

4

Firewall - Hardware

Your PC

4

Firewall - software

10

5

4

Anti-virus

Security

Testers

11

7

6

Email

- Spam

- attachments

Web Browser

- Cookies

7

Other Apps

Chat, P2P

Spyware


Security and privacy issues l.jpg
Security and Privacy Issues

specific_page.html

  • Background and Statistics

  • “Persona” issues and options

  • Network Connections (home /small business)

  • Firewalls

  • Anti-Virus

  • Web Browsing issues such as cookies

  • Other Applications: Email, peer to peer, Spyware

  • Authored Content and specialized databases

  • Local options (storage, encryption, parent controls)

  • Updating your Operating System / and software

  • Summary and Critical Advice

Online Web page = http://navigators.com/issues.html


Disclaimer l.jpg
Disclaimer

  • This session illustrates a variety of search tools, techniques and research methods.

  • You should consult your organization’s policies to verify if these methods are approved for your type of Internet connection.


An opening survey raise your hands high l.jpg
An Opening Survey (raise your hands high)

  • Do you have a Broadband connection (i.e. cable or DSL ) ?

  • Do you have more than one computer at home? Are they Networked?

  • Do you have a wireless network at home?

  • Do you access the Internet at home without a firewall?

  • Is someone in your home PC downloading music? (without paying)

  • Do you, or anyone in your extended family, use a genealogy program (i.e. Family Tree Maker)

  • Do you receive Spam email daily?

  • Received Phishing? ( = fake request to verify your account )

  • What type of Internet connection(s) do you have:

    • Attributable (company.com), Non-Attributable, Home

  • Have you researched work-related topics via your home account?


Why this course l.jpg
Why this Course…

  • This course covers a variety of security and privacy issues

  • Some of these issues apply directly to work-related Internet usage

  • Many of these issues apply strictly to home-based Internet usage

  • These issues are important from a counter-intelligence perspective

    • Minimize “leaking” of your research interests

    • Protection of your personal information and identity

  • If the security of your home PC is breeched, it could lead to your being in a compromised/vulnerable situation.

Remember: Internet = Passport to interact with foreign resources and people


Some statistics l.jpg
Some Statistics

privacy.html

source: www.cert.org/stats

Estimated Damages: love Bug Virus = $10 Billion.

Melissa Virus = $385 Million


Spyware statistics l.jpg
Spyware Statistics

  • Results from EarthLink’s Spy Audit programs

  • A large percentage of all computer have spyware

Source: http://www.earthlink.net/about/press/pr_spyuditpress_1004/


Identity theft l.jpg
Identity theft

privacy.html

During 2005, there were 9.2 million victims in the U.S.

Average loss = $5,885 and 28 hours of time

  • Identity theft occurs when someone has collected enough personal information about you, that they can “impersonate” you.

  • They can use your identification information to access your existing financial accounts, investment accounts, etc.

  • They can use your identification information to establish new accounts (checking, credit card, loans) based on your name/credit history.

  • They can collect your personal Information through traditional means – dumpster diving, scam solicitations, corrupt employee.

  • Now add the risk from Internet/PC usage:

  • Hacker gains access to your PC: bank account information, investment software, cookies, auto-complete password, auto web form fill-ins’ and family genealogy (birth date, mother’s maiden name)

  • Hacker gains access to your relative’s PC which has a genealogy program.


Security and privacy issues10 l.jpg
Security and Privacy Issues

specific_page.html

  • Background and Statistics

  • “Persona” issues and options

  • Network Connections (home /small business)

  • Firewalls

  • Anti-Virus

  • Web Browsing issues such as cookies

  • Other Applications: Email, peer to peer, Spyware

  • Authored Content and specialized databases

  • Local options (storage, encryption, parent controls)

  • Updating your Operating System / and software

  • Summary and Critical Advice


Introduction to persona l.jpg

Reports

Access

logs

Introduction to “Persona”

persona.html

As you surf the Internet, you give-off a certain persona

  • While viewing a web page (URL1), You click on a hyperlink to visit another web page (URL2)

  • Your web browser sends “environment variables” to the web server.

  • Webmaster’s use this information to determine information about you and your organization (physical location, your interests, Software, etc.)

Web Server

URL1

Analyst

Webmaster

URL2

Internet

Access

You should always know what websites know about you


Persona details l.jpg
Persona Details

persona.html

  • Your persona is communicated to every web server (and every webmaster) of every web page that you visit.

  • You should be explicitly aware of your persona before you visit any website. For example, should you visit:

    • badguy.com from agency.gov?

      Your persona is communicated via “environment variables” such as:

  • REMOTE_HOST = This is the name associated with your IP Number.

  • REMOTE_ADDR= This is the IP number of your computer, or proxy. A webmaster could do a traceroute to see how you are connected.

  • HTTP_REFERER = This is the URL of the page you were previously viewing. Web masters use this to see what web page lead you towards their site. You should therefore be careful on how you create web pages. For example, do you want to reveal the following?:

    • http://badguy.com is listed on http://intranet.agency.gov/joe_smith/investigation_targets.html?


A typical search scenario l.jpg
A Typical Search Scenario...

persona.html

searchtool.com

searchtool.com webmaster knows your “search terms”

badguy.com webmaster knows what “search terms” you used to find their webpages

“search terms”

webmaster

Analyst

hits

http://searchtool.com/keywords=searchterms

page

badguy.com

Persona:

- agency.gov OR

- yourtown.isp.com

webmaster


Always check your persona l.jpg
Always check your Persona

persona.html

Important Note: This testing page is most accurate when you click on a link to bring you towards this page.

  • If the “http_referer” paragraph is missing, then no referring_URL is being passed

This is a key paragraph to look for


Think before you click l.jpg
Think before you click...

persona.html

  • Does your connection transmit a Referring URL?

  • IF IT DOES... do NOT “Click” on your search results

Referring URL

Hover over the link to see its URL

Destination URL

  • A click on this search result will tell the webmaster at fas.org that you are searching for “terrorist”


Anonymizers l.jpg
Anonymizers

anonymizer.html

  • Anonymizers replace your persona with their persona.

  • Anonymizer now “knows your business”

  • Web Masters may easily recognize anonymizer traffic


Web site log analysis l.jpg
Web Site Log Analysis

persona_connection.html

There are many standard reports that a webmaster can run


Exposing a less recognizable persona l.jpg
Exposing a “less recognizable” persona

Analyst #1: uses agency.gov persona to visit “badguy”

Analyst #2: uses “ninja.com” persona to visit “badguy”

Now “ninja.com” persona is easily recognized as “agency.gov” kind of visitor

The “parallel visit” Problem...

Analyst #1

badguy.com

agency.gov

Even with no http_referer, a webmaster can still make the association due to high volume hits or similar usage patterns.

Analyst #2

Ninja.com

The “portal” Problem...

Agency.gov/targets.html

Analyst #1

badguy.com

Agency.gov

Persona=agency + referrer = portal

Analyst #2

Ninja.com

Persona=ninja + referrer = portal


Internet accounts policies procedures l.jpg
Internet Accounts, Policies, & Procedures

  • There may be several different types of Internet accounts

  • They each have their own intended use

  • They each have their own strengths/limitations

  • There may be some policies which always apply

  • There may also be unique policies associated with each type of account

  • Policies are probably in a state of flux, as organizations try to keep up with the ever-changing Internet and legal environment.

  • Clarify these issues from within your organization

  • Make sure ALL Internet users are kept aware of the latest internet usage policies. Mistakes by a handful of users could jeopardize your connection’s privacy, and cause unwanted publicity for your organization.


Security and privacy issues20 l.jpg
Security and Privacy Issues

specific_page.html

  • Background and Statistics

  • “Persona” issues and options

  • Network Connections (home /small business)

  • Firewalls

  • Anti-Virus

  • Web Browsing issues such as cookies

  • Other Applications: Email, peer to peer, Spyware

  • Authored Content and specialized databases

  • Local options (storage, encryption, parent controls)

  • Updating your Operating System / and software

  • Summary and Critical Advice


Definitions related to an internet connection l.jpg
Definitions Related to an Internet Connection

getting_connected.html

  • IP # - Internet Protocol number is allocated to you from your ISP

  • Fixed IP # - the same IP Number remains permanently assigned

  • Dynamically Assigned IP Number – During a log-in/connect sequence, an IP number is assigned to the user for the duration of that session. Such IP numbers may be assigned from a “DHCP” Host (Dynamic Host Configuration Protocol)

  • Dial-up – only connected part-time. May be disconnected after 10-20 minutes of idle time. Almost all Dial-up accounts receive dynamically assigned IP #’s. Most Dial-up modems are included internal to a PC

  • Broadband – Cable or DSL. Usually connected 24 X 7. A broadband account may receive a fixed or dynamic IP #. A dynamic IP # may persist for a very long time. Most new broadband modems are “External Modems” and must be connected to the PC via a network connection (Ethernet, USB)


Network address translation l.jpg
Network Address Translation

getting_connected.html

  • NAT is the translation of an IP number from one network segment into an IP Number that is used within another network segment.

  • NAT is often used where a private network touches a public network, such as: the ISP towards your house; or within your own Network (Your modem towards your Internal LAN)

  • There are certain IP numbers allocated for use on Private networks. (reference: RFC’s 1918, 1631)

10.0.0.0 - 10.255.255.255

172.16.0.0 - 172.31.255.255

192.168.0.0 - 192.168.255.255

192.168.0.5

“local”

192.168.0.83

“external”

NAT Device

68.70.164.89  192.168.0.1

  • To See your Computer’s local IP Address: Windows 95, 98: Start -> run -> winipcfg

  • Windows NT,2000, XP: DOS Prompt -> ipconfig /all

  • To See your “external IP Address: “Check your persona” on my web site.


Getting online l.jpg
Getting Online…

getting_connected.html

At Work….

Wide variety of implementations including firewalls.

Local

Routers

High speed

Router

Employee PCs

Home options

Dial-up Modem With a single PC

- Temporary Connection

- Dynamically assigned IP number

Phone

Modem

ISP /

Internet

Broadband Modem (Cable/DSL) With a single PC

- Persistent Connection

- IP Number may remain constant throughout “session”

Broadband

Modem

Broadband Modem With a multiple PCs

- “Internet gateway router” includes extra features: DHCP and NAT to assign additional IP #’s to all Computers; Firewall, Print server, wireless AP

- Only the Modem’s IP number is seen by the Internet

Internet

Gateway

Router

Broadband

Modem


A special note about wireless networks are you sure you can t install a wire l.jpg
A special note about wireless networks(are you sure, you can’t install a wire?)

getting_connected.html

  • A Wireless Access point is connected directly to your LAN/ ISP. Wireless Network adaptors are connected to you PCs

  • Wireless Networking Standards are always evolving 802.11a, 802.11b, 802.11g, 802.11n

  • WEP (Wireless Equivalent Privacy) adds encryption, but a weakness in its algorithm means it can be easily compromised using free shareware. WPA (WiFi Protected Access) adds additional security

  • Remote “guests” with high gain antenna may be able to connect into your LAN

Access Point

Neighbor, Stranger’s Computer

Broadband

Modem

Internet

Gateway Router

ISP /

Internet

Own more than one computer?

You must visit these two sites:


Security and privacy issues25 l.jpg
Security and Privacy Issues

specific_page.html

  • Background and Statistics

  • “Persona” issues and options

  • Network Connections (home /small business)

  • Firewalls

  • Anti-Virus

  • Web Browsing issues such as cookies

  • Other Applications: Email, peer to peer, Spyware

  • Authored Content and specialized databases

  • Local options (storage, encryption, parent controls)

  • Updating your Operating System / and software

  • Summary and Critical Advice


Personal firewalls l.jpg
Personal Firewalls

firewall.html

  • A firewall should monitor incoming and outgoing traffic (windows XP firewall is incoming only)

  • Some firewalls are more secure than others (stateful packet inspection, ICSA Certified, etc)

  • Most firewalls do not protect against viruses

  • All firewalls require administration (set-up configuration, updates, making holes for applications)

  • Change the default administrative password included in the firewall

  • Event logs – learn how to read these

  • Many “alerts” come from infected machines doing random scanning

  • You can traceroute IP#’s and search for info on Port Numbers


Firewall options l.jpg
Firewall Options

firewall.html

Internet

Internet

Broadband

Modem

Broadband

Modem

Firewall

(hardware)

Ethernet Hub

Ethernet Hub

Firewall

(Software)

Firewall

(Software)

Firewall

(Software)

  • Prices: <$100 to ~$500

  • Additional functions available

  • (NAT, DCHP, Email notification)

  • Easier for Computers to share folders / printers

  • Prices: free to ~$50

  • Each machine needs to be configured

  • Firewalls may interfere with local network sharing


Testing security firewall l.jpg
Testing Security / firewall

firewall.html

  • There are several online websites that will scan your personal computer, looking for openings. Do not try these scanners at work.

  • Some online scanners only test the well known vulnerabilities, while other test sites are more comprehensive. (There are over 65,000 different ports supported by the TCP –IP protocol.)

  • Most of these sites will educate you on how to close any holes they discover.

  • There are also software tools that can be installed locally into your machine to scan for problems. (packet sniffers)

  • Do NOT assume that you are 100% invincible


Anti virus software l.jpg
Anti-Virus Software

virus.html

  • Every machine should have updated anti-virus software installed, and running

  • AV software will occasionally scan every file on your machine for viruses

  • AV software should automatically examine every incoming file (via, floppy disk, email attachment, web download, peer-to peer download)

  • The heart of most AV programs is a “dictionary” of pre-defined viruses which is compared to your files. The dictionary may have over 60,000 definitions.

  • AV programs will also monitor certain sensitive system resources for any changes – You may need to disable AV software when installing certain kinds of programs.

Important: the virus definition dictionary must to be updated frequently. There may be 100 new virus definitions added to the dictionary in one week.


Security and privacy issues30 l.jpg
Security and Privacy Issues

specific_page.html

  • Background and Statistics

  • “Persona” issues and options

  • Network Connections (home /small business)

  • Firewalls

  • Anti-Virus

  • Web Browsing issues such as cookies

  • Other Applications: Email, peer to peer, Spyware

  • Authored Content and specialized databases

  • Local options (storage, encryption, parent controls)

  • Updating your Operating System / and software

  • Summary and Critical Advice


Web surfing risks l.jpg
Web Surfing Risks

privacy_browser.html

  • There are numerous concerns with web surfing

  • Cookies / web bugs – track your individual movements

  • Java / Active X – Executable code downloaded and running on your machine

  • Web Site registrations- collect personal info, credit cards

  • Wimpy Privacy statements on Web sites

  • Pop-ups, pop-unders, Fake ad windows,

  • Browser leaks – persona, referrer, plug-ins, Clipboard

  • Numerous web browser settings and third party software options, toolbars, alexa, advertisement blockers.


Cookies barcode on forehead l.jpg
Cookies ( = barcode on forehead)

cookies.html

“I am not a piece of your inventory”

abc.com

def.com

xyz.com

  • A cookie is a piece of text stored on your computer by a web server.

  • Helps the web site to “recognize you” (username_greetings) and “remember” your interactions within the web site (shopping cart)

  • Web Site may repeatedly refer/update the cookie or its internal database on your movements.

  • 3rd parties may also place cookies through many web sites (advertisers, hit trackers, etc)

ad_cookies

xyz_cookie

Browser


Are you visiting just one site l.jpg
Are you visiting just one site?

privacy_browser.html

Page1.html

  • Viewing a single web page may cause your browser to interact with many different web servers.

  • Even with cookies turned off, you still make foot prints on third-party web servers while retrieving their graphics.

Page2.html

Page2.html

Logo.gif

Cookies

Scripts, etc

Ad_banner.gif

Cookies, etc

Tiny_dot.gif

Cookies, etc

hit_counter.gif

Cookies, etc


Third party cookies l.jpg
Third Party cookies

Web pages can include graphics (and therefore cookies) from “third parties”

3p.com

Jokes.com

Joe_nobody

[email protected]

Viewing history

Buys/sells your data with its “partners”

Jokes.com

Joe_nobody

[email protected]

Your viewing history

loan.com

Real_Name

[email protected]

Address_phone

Viewing history

Your Cookies

loan.com

Real_Name

[email protected]

Address_phone

Your viewing history

Jokes.com ID#_201

loan.com ID#_4873

badplace.com ID#_539

badplace.com

Fake Name

[email protected]

Your viewing history

3p.com ID#_435349

badplace.com

Fake Name

[email protected]

Viewing history

Copyright navigators.com

The “third party site” can compile an extensive profile on you, and sell this information to companies that are online and offline.


Web bugs and beacons l.jpg
Web Bugs and Beacons

cookies.html

  • Web Bugs are “hidden” graphics

  • The graphic is usually a 1 x 1 pixel and is the same color as the background

  • Some web Privacy policies refer to web bugs as “beacons”

  • Mentioned in some privacy statements

  • www.bugnosis.org offers a free plug-in which highlights all web bugs, shows you its cookie value, and these other parameters:

Each tiny graphic = item to be downloaded


Managing cookies l.jpg
Managing Cookies

cookies.html

Netscape 4.79 – edit -> preferences ->advanced

Explorer 6.0 – Tools -> Internet Options

  • Older Browsers offered limited tools for managing cookies

  • Third-party Software tools were developed to meet user’s needs

  • Newest Browsers contain many more cookie management tools

Nice Feature: You can explicitly allow cookies from specific web sites (i.e. amazon.com ) while blocking most other sites.


Secure web pages l.jpg
Secure Web Pages

privacy_browser.html

Not Encrypted

Encrypted

  • A web server invokes encryption with your browser on a page by page basis.

  • Watch for encryption whenever personal information is being transferred (credit card #, username/password, Financial info, etc)

  • Encryption protects the contents of page information as it is transferred between your web browser and the remote web server.

  • Encryption does NOT protect your data from a local keystroke logger

  • Encryption does NOT protect your data after it arrives at the remote web server

  • Encryption does NOT guarantee that the vendor is reputable.

(Netscape 4.79)

(Internet Explorer 5.5 )

(Netscape 4.79)

(Internet Explorer 5.5 )


Explore your web browser settings l.jpg
Explore Your Web Browser Settings

privacy.html

  • Internet Explorer = Tools  Internet Options

  • Netscape = Edit  Preferences

Cookies Settings

Settings for Active X, scripts, etc


Security and privacy issues39 l.jpg
Security and Privacy Issues

specific_page.html

  • Background and Statistics

  • “Persona” issues and options

  • Network Connections (home /small business)

  • Firewalls

  • Anti-Virus

  • Web Browsing issues such as cookies

  • Other Applications: Email, peer to peer, Spyware

  • Authored Content and specialized databases

  • Local options (storage, encryption, parent controls)

  • Updating your Operating System / and software

  • Summary and Critical Advice


What about the other applications l.jpg
What about the other applications?

privacy_other_apps.html

  • Many applications you use are “internet enabled”

  • These applications carry your connection persona, and may have their own set of privacy and security settings

Internet

Access

Internet


Email issues l.jpg
Email issues

privacy_other_apps.html

  • Default email program setting may leave you vulnerable

  • Viruses often transmitted via address books (don’t trust any attachment – even from your friends) or emails found on cached webpages.

  • Spam – Do not reply to get “removed”

  • spam – Do not even preview message: imbedded graphics may track you

    • Solution- Lock firewall when viewing email

  • Scams – nigeria money scam – Give us your bank account number

  • Hoaxes - marcus cookie recipe, boy brain tumor, missing child, modem tax, etc.

  • Social engineering – One virus hoax email told you to check for a file and delete it if found.. Unfortunately the file in question is a normal system file.

  • Remember if it says “tell everyone you know”, it IS a hoax. To confirm if it is a hoax, simply search for part of the email using google .

  • Microsoft outlook – Look for updates, patches and learn about settings


Spam spam spam spam l.jpg
Spam, Spam, Spam, Spam

privacy_other_apps.html

  • Spam attacks are increasing at an incredible rate.

  • Each attack includes many thousands of messages

  • Some Spam is sent from infected computers (Your computer…?)

Source: www.brightmail.com


Reading email web surfing l.jpg
Reading Email = Web Surfing!

privacy_other_apps.html

  • Do you see graphics when reading or previewing email?

  • Most graphics are downloaded from an online server as you view email

  • The Spammer now knows that you have read his email

  • Ways to avoid this:

    • Disable HTML, preview options

    • Block Internet while browsing email

Graphics downloaded as you preview/display an email


Email architecture l.jpg
Email Architecture

email_details.html

Web-Based Email #3

Mail Server #2

Mail Server #1

  • A sent email may include the following information in its “headers”

    • IP # of YOUR PC as you send the email

    • IP # of the email server that handles your email (your ISP’s server)

    • IP # of the recipent’s email server (their ISP’s Server)

Optional

SMTP

POP3

SMTP

POP3

HTTP

SMTP

Port 110

Port 25

Port 110

Port 25

Port 25

Port 80

Web

Browser D

Email

Client C

Email

Client B

Email

Client A


Email details l.jpg
Email Details

persona_email.html

Headers: mail server - mail server communications

Look at the headers too

  • The “from” of a message is absolutelyunreliable. The sender can put anything they want here.

  • To see the headers, look under viewing options in your email software or web-based email.

  • Anti-spam web sites contain good information for identifying email

To: [email protected]

From: [email protected]

Subject: meeting agenda

here is the body of the message.

Stuff, stuff, stuff, etc.

The part of an email you normally look at


Other applications l.jpg
Other applications

privacy_other_apps.html

  • Most forms of peer- to - peer programs may reveal your specific IP number (file sharing, chat rooms, Instant messenger, etc)

  • Peer- to- peer programs can be configured to share the contents of your hard disk.

  • Some free programs include piggy-back programs

  • Some programs include spyware, which monitor your usage of their product (Ws ftp, real player, smart download)

  • Trojans , viruses – Once they are in your system, they can be used to collect personal information ( This is why you want a 2-way firewall)


Look for the options settings l.jpg
Look for the options / settings

privacy_other_apps.html

  • Homework: Examine every application on your PC which is “internet aware”, you need to explore through every preference / option menu

  • Your firewall settings are WORTHLESS, if your 12-year old enables your entire Hard disk to be shared with everyone who also uses that chat program, music swapper, etc.


Piggy back applications spyware adware l.jpg
Piggy Back Applications(Spyware, Adware)

privacy_other_apps.html

  • Some Free program include piggy-back programs (they provide revenue to the free program)

  • For example: a stealth p2p network application is bundled with Kazaa

    • Buried in the user agreement:

    • "You hereby grant “Brilliant” the right to access and use the unused computing power and storage space on your computer/s and/or Internet access or bandwidth for the aggregation of content and use in distributed computing,"

  • “Brilliant” now has the keys to your computer.

  • 150 million copies of Kazaa have been downloaded.

  • How hard would it be for a hacker to also access these capabilities?

  • Programs such as ad-aware (by lavasoft) and “Spybot Search and destroy”, can be used to identify /remove such programs.


Security and privacy issues49 l.jpg
Security and Privacy Issues

specific_page.html

  • Background and Statistics

  • “Persona” issues and options

  • Network Connections (home /small business)

  • Firewalls

  • Anti-Virus

  • Web Browsing issues such as cookies

  • Other Applications: Email, peer to peer, Spyware

  • Authored Content and specialized databases

  • Local options (storage, encryption, parent controls)

  • Updating your Operating System / and software

  • Summary and Critical Advice


Authoring issues l.jpg
Authoring issues

If you Author any content, here are some concerns:

  • Mailing lists – If you post a message to a mailing list – do you know who else is on that list? There may also be an archive of that list’s messages.

  • Usenet Newsgroups – Assume that your message will be archived into resources such as Google-groups.

  • Web Pages – Your HTML authoring program may imbed your full name into an HTML meta-tag. The software “knows” your name from the first day when you installed the program. (This is also true of most other programs such as Word, Powerpoint)

  • Domain Name registrations – If you (or your kid) have a domain name – Your personal name address and phone number will soon be in the hands of marketers/spammers.

  • Web – based email – includes IP number of workstation


Www archive org l.jpg
www.archive .org

Web Servers

copied Web page

User

Interface

User PC

Robot

  • Any User can surf through previous copies of a web site.

  • Deleting sensitive information from today’s web server does NOT remove it from archive.org / public access

  • Optional “wayback” button part of alexa.com toolbar

  • Search engine robot collects web pages like other search engines

  • Previous web page copies are also retained

Recent

copy

Archive copies


Local set up options l.jpg
Local Set-up options

privacy.html

  • Consider using encryption at home to protect personal data . For example, encrypted file systems are now standard in Windows. - You can also explore using PGP for email (steep learning curve)

  • Some applications offer encryption schemes for files (quicken), but these are not very secure. There are numerous “cracker” programs which will easily break these open.

  • Require Passwords for access to computers or internet access

  • Create multiple user accounts (even for yourself) = public / private disk space

  • Physical security of computer – logon passwords, boot sequence, other users.


Consider offline storage l.jpg
Consider Offline Storage

privacy.html

$400+ : A Second PC without a network connection. You can use a KVM switch to run this CPU to your existing keyboard/monitor

Where will you store the offline media?

$600 : an extra notebook computer

($200 used from ebay)

~$100 : Second hard disk – can be external,

or internal with a lock key to switch disks (nicklock)

Varies: Removable media – optical or magnetic storage that is removable (Even a floppy disk , if your storage needs are modest)

USB Hard Disk – The size of a key chain


Consider alternatives l.jpg
Consider Alternatives

  • Switch away from Microsoft products

  • Alternative products may be more secure, or less targeted by hackers.

  • Browsers

  • Email Clients

  • Operating Systems


Windows options l.jpg
Windows options

privacy.html

Be careful about what options you say “yes” to


Keep your system up to date l.jpg
Keep your system up to date

privacy.html

  • My New Laptop, pre-loaded with Windows XP Professional, required 8.2 MB of Critical Updates the very first time I launched Windows Update.

  • “windows update” requires Internet Explorer Version 5.01 or higher


Worst case considerations l.jpg
Worst case considerations

  • Try the various port-scanners, and testers from the training page and test the security of your [home] computer. (Hopefully, your IT administrators have already done this for work-supplied computers)

  • Read through your cookies - what if a clever website were able to copy all of your cookies

  • Look at the content of you hard drive - what if a clever website were able to copy a directory listing, or individual files?

  • If your research requires you to visit “exotic places” you should use a “sacrificial machine” - which has a very “bland identity”

  • On the “sacrificial machine”, never use personalized sites (check stocks, my yahoo, online purchase, etc)


Public terminals l.jpg
Public Terminals

  • Public terminals = Library, Kinkos, Hotel Lobby, Cyber Café, etc

  • Is there any kind of consistent “administration” to guarantee the integrity of these computers?

For a public terminal, you should always assume that the machine has been compromised, and that a “keystroke logger” is quietly capturing all keystrokes. ( usernames, passwords, credit cards, etc)


Future l.jpg
Future

privacy.html

  • Biometric scanner – finger, voice, eye

  • Other devices leaking information – Web surf via cell phone… your phone number is transmitted as part of persona!

  • In the UK there are millions of cameras monitoring public spaces.

  • Much personal Information is in databases: phone number, map, county taxes, DMV, court records, Supermarket purchases, credit card company, phone company records, etc.

  • Proposed law would give copyright owners the right to hack into your PC

Fingerprint scanner as USB accessory or built into a notebook

Watch with GPS. Can track the wearer via a web page


More than just a map l.jpg
More than just a Map

  • Internet users can put detailed “placemarks” all over the globe

  • bbs.keyhole.com is one of many places where such placemarks are discussed


Final advice l.jpg
Final Advice

advice.html

  • Always be self-aware of your persona

  • Know what policies apply to you

  • Go HOME – make backups (just in case)

  • Update operating system, change settings

  • Update Anti-virus software

  • Add / configure a firewall

  • Install & update spyware hunting software

  • Explore “options” menus in all programs

  • Make notes of all changes.

= Do it now!


Parent options l.jpg
Parent Options

navigators.com/parentguide.html

Your Options:

  • Do nothing…

  • Separate computers / user accounts

  • Require password for internet access

  • Time constraints on when access is available

  • Move computer screen to a visible location

  • Install parent control software

    • Blacklists, vs. logs

    • Monitoring web vs monitoring everything (key logger)

  • Know what applications are being installed and how they are configured (AOL IM, Kazaa, hotmail – email filter options, etc, etc)

  • Talk/listen to child – let them understand how they can be tracked – email articles to them about online predator cases.

  • Next, What about the neighbor’s computer where your child goes instead?

  • What happens when the child moves out? Will they have learned how to take care of themselves online?

Keystroke

catcher


Some statistics63 l.jpg
Some Statistics…

1 in 5 kids online is sexually solicited.

  • 87% of teenagers (12-17) use the internet

  • 54% of internet-connected families with teens use filters

  • 73% of online teens say their household computer is located in a public place inside the house.

  • 62% of parents report checking up on their child’s surfing habits after he or she has gone online…

  • …but only 33% of teens who use the internet from home say they believe their parents monitor their online activity.

  • 65% of all parents and 64% of all teens say that teens do things online that they wouldn’t want their parents to know about.

  • 19% of online teens have created their own blog.


ad