Mastering the internet xhtml and javascript
This presentation is the property of its rightful owner.
Sponsored Links
1 / 18

Mastering the Internet, XHTML, and JavaScript PowerPoint PPT Presentation


  • 82 Views
  • Uploaded on
  • Presentation posted in: General

Mastering the Internet, XHTML, and JavaScript. Chapter 6 Security and Privacy. Goals and Objectives Chapter Headlines Introduction Fraud Crackers Firewalls P3P. Outline. Sniffing and Web Bugs Stalking Censorship TRUSTe EPIC .NET Passport Liberty Alliance Project.

Download Presentation

Mastering the Internet, XHTML, and JavaScript

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Mastering the internet xhtml and javascript

Mastering the Internet, XHTML, and JavaScript

Chapter 6

Security and Privacy


Outline

Goals and Objectives

Chapter Headlines

Introduction

Fraud

Crackers

Firewalls

P3P

Outline

  • Sniffing and Web Bugs

  • Stalking

  • Censorship

  • TRUSTe

  • EPIC

  • .NET Passport

  • Liberty Alliance Project

Chapter 6 - Security and Privacy


Goals and objectives

Goals and Objectives

  • Goals

    Understand and master the important issues of web security and privacy, know your online rights, configure browsers for tighter security and better privacy, and find out how to protect the exchange of sensitive data online.

  • Objectives

    • Web security and privacy issues

    • Fraud, crackers, and firewalls

    • P3P

    • Sniffing, stalking, and censorship

    • EPIC

    • TRUSTe

    • .NET Passport

    • Liberty Alliance Project

Chapter 6 - Security and Privacy


Chapter headlines

Chapter Headlines

  • 6.1 Introduction

    • Find out what effects your security and privacy on the Web

  • 6.2 Fraud

    • Do not fall victim to internet fraud; check online resources for help

  • 6.3 Crackers

    • They use system identity to launch attacks

  • 6.4 Firewalls

    • Put a wall between a network and internet to prevent computer fire

  • 6.5 P3P

    • P3P helps web surfers protect their privacy

  • 6.6 Sniffing and Web bugs

    • It allows unauthorized information access

  • Chapter 6 - Security and Privacy


    Chapter headlines1

    Chapter Headlines

    • 6.7 Stalking

      • Fight web stalking and ask for help immediately

  • 6.8 Censorship

    • Internet is the worst enemy of censorship

  • 6.9 TRUSTe

    • This seal of approval ensures maximum online privacy

  • 6.10 EPIC

    • EPIC views content filtering as a form of suppression of speech

  • 6.11 .NET Passport

    • Reduces the burden of online registrations

  • 6.12 Liberty Alliance Project

    • Provides security and efficiency to use web services

  • Chapter 6 - Security and Privacy


    Introduction

    Introduction

    • Web security is a complex issue that deals with :

      • Computer and network security

      • Authentication services

      • Message validation

      • Cryptography

      • Personal privacy issues

    • A breach of web security causes financial and other damage

    • Web security includes :

      • Authentication

      • Authorization

      • Privacy

    • A user must view a web site’s privacy policy

    Chapter 6 - Security and Privacy


    Fraud

    Fraud

    • Internet fraud is most common in credit card use and internet investing

    • Consumer protection is offered by credit card companies

    • The four schemes of investment frauds are :

      • Pump and Dump Scam: urges investors to buy/sell stock urgently

      • Pyramid Scam: how to earn money by working from home

      • Risk free Fraud: offers investors low-risk investment opportunties

      • Off-shore Fraud: takes advantages of currency fluctuations and economic systems of other contries

    • Internet Fraud Complaint Center (IFCC), Internet National Fraud Information Center (INFIC), and Fraud Bureau (FB) are organizations that alert users and avoid frauds

    Chapter 6 - Security and Privacy


    Crackers

    Crackers

    • Crackers disable networks by launching attacks through web servers and other public access nodes

    • The motivation is Personal Satisfaction or Social Attention

    • Firewall provides protection from crackers

    • An administrator’s job is to create a cracker-resistant system and not a cracker-proof one

    • A cracker can :

      • Erase data files

      • Modify data files

      • Sell them to others

      • Use system identity to attack other computers

    Chapter 6 - Security and Privacy


    Firewalls

    Firewalls

    • Firewalls are used for security purposes

    • Firewalls use one or more the following three methods to control traffic flow :

      • Packet filtering : analyzes TCP packets against a set of filters

      • Proxy service : the firewall sends/receives information

      • Stateful inspection : compares key parts of packets to a database of trusted information

    • Firewalls are customizable, an administrator can set the level of security provided by a firewall according to system needs

    Chapter 6 - Security and Privacy


    Mastering the internet xhtml and javascript

    P3P

    • P3P protocol is all about getting the server and the client to be up front about which personal data is collected and used

    • P3P does not give users more privacy, it only allows them to exercise personal data preferences

    • P3P policy editors are important to developers

    • Major browsers and web sites are P3P enabled and compliant

    • Cookies are viewed as precursors to P3P

    • P3P 1.0 specs. tells servers and clients how to implement the P3P protocol

    • P3P complements existing security and privacy efforts

    Chapter 6 - Security and Privacy


    Sniffing and web bugs

    Sniffing and Web Bugs

    • Sniffing is the act of collecting information about web surfers without their prior knowledge

    • Sniffing may be good or bad

    • Sniffing is used to monitor and analyze network traffic and detect and avoid bottlenecks

    • Web bug is a piece of invisible code or file in a web page to collect data about web users

    • Web bugs can install files on users’ computer

    • Three types of bugs can be identified

      • Image file

      • Executable bugs

      • Script based executable bugs

    Chapter 6 - Security and Privacy


    Stalking

    Stalking

    • Stalking on the web means to harass someone by spamming, flaming and other such activities

    • Web stalkers hide their true personalities

    • To fight stalking :

      • Work as a team

      • Be patient

      • Ignore stalkers

      • Change ISPs

      • Avoid meeting strangers online

    • To report stalking problem go to http://www.cybercrime.gov/reporting.htm

    Chapter 6 - Security and Privacy


    Censorship

    Censorship

    • Internet is the best medium for freedom of speech

    • The internet eliminates awkward ways of smuggling information across foreign borders

    • The attempt to ban or regulate access to information is censorship

    • Oppressive regimes can censor the internet

    • There are ways to fight internet censorship :

      • Smuggle information via networks of underground correspondents

    Chapter 6 - Security and Privacy


    Truste

    TRUSTe

    • TRUSTe is an independent, non-profit privacy auditing service

    • It promotes trust of privacy between users and web sites

    • TRUSTe logo on a web site ensures protection of information

    • It advocates users’ privacy rights

    • Consumer Privacy Protection guidelines have 6 tips

      • Read privacy policy

      • Look for approved seals

      • Credit card purchase protection laws are same for online shopping and malls

      • Use secure servers

      • Use common sense

      • Teach children to be “cybersmart”

    Chapter 6 - Security and Privacy


    Mastering the internet xhtml and javascript

    EPIC

    • EPIC stands for Electronic Privacy Information Center

    • It is a public interest research center established to protect privacy

    • EPIC has many interesting publications in the form of books and reports

    • Two important publications are :

      • Privacy Law Source book

      • Filters and Freedom 2.0 : Free speech perspectives on internet content and controls

    • EPIC works for web users

    Chapter 6 - Security and Privacy


    Net passport

    .NET Passport

    • .NET Passport is a Microsoft service that allows users to perform online purchases with the use of one single login name

    • .NET Passport consolidates web services

    • A user must create a .NET Passport Profile to register

    • .NET passport needs to use personal information and cookies to operate

    • .NET Passport is a member of TRUSTe privacy program

    • Visit http://www.passport.net for registration and information

    Chapter 6 - Security and Privacy


    Liberty alliance project

    Liberty Alliance Project

    • LAP is a collaboration of companies and organizations to develop and deploy an open, federated solution of internet identitys

    • LAP is important to the future of web services

    • LAP enables consumers and businesses to maintain personal information securely

    • LAP specifications define a principal that mediates authentication between and identity provider and a service provider

    • The LAP concept can bring great financial and other benefits to both consumers and businesses

    Chapter 6 - Security and Privacy


    Summary

    Summary

    • Web security is a complex issue

    • A user must be aware of web based frauds

    • One must try to build a cracker-resistant system

    • Firewalls prevents unauthorized access to a computer

    • P3P works with existing privacy and security efforts

    • Sniffing and web bugs may be good or bad

    • Stalking on the web is an important issue

    • A user must fight internet censorship

    • Visit http://www.truste.org for information about TRUSTe

    • EPIC works for web users

    • .NET passport consolidates web services

    • LAP is important to the future of web services

    Chapter 6 - Security and Privacy


  • Login