1 / 18

Mastering the Internet, XHTML, and JavaScript

Mastering the Internet, XHTML, and JavaScript. Chapter 6 Security and Privacy. Goals and Objectives Chapter Headlines Introduction Fraud Crackers Firewalls P3P. Outline. Sniffing and Web Bugs Stalking Censorship TRUSTe EPIC .NET Passport Liberty Alliance Project.

jethro
Download Presentation

Mastering the Internet, XHTML, and JavaScript

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Mastering the Internet, XHTML, and JavaScript Chapter 6 Security and Privacy

  2. Goals and Objectives Chapter Headlines Introduction Fraud Crackers Firewalls P3P Outline • Sniffing and Web Bugs • Stalking • Censorship • TRUSTe • EPIC • .NET Passport • Liberty Alliance Project Chapter 6 - Security and Privacy

  3. Goals and Objectives • Goals Understand and master the important issues of web security and privacy, know your online rights, configure browsers for tighter security and better privacy, and find out how to protect the exchange of sensitive data online. • Objectives • Web security and privacy issues • Fraud, crackers, and firewalls • P3P • Sniffing, stalking, and censorship • EPIC • TRUSTe • .NET Passport • Liberty Alliance Project Chapter 6 - Security and Privacy

  4. Chapter Headlines • 6.1 Introduction • Find out what effects your security and privacy on the Web • 6.2 Fraud • Do not fall victim to internet fraud; check online resources for help • 6.3 Crackers • They use system identity to launch attacks • 6.4 Firewalls • Put a wall between a network and internet to prevent computer fire • 6.5 P3P • P3P helps web surfers protect their privacy • 6.6 Sniffing and Web bugs • It allows unauthorized information access Chapter 6 - Security and Privacy

  5. Chapter Headlines • 6.7 Stalking • Fight web stalking and ask for help immediately • 6.8 Censorship • Internet is the worst enemy of censorship • 6.9 TRUSTe • This seal of approval ensures maximum online privacy • 6.10 EPIC • EPIC views content filtering as a form of suppression of speech • 6.11 .NET Passport • Reduces the burden of online registrations • 6.12 Liberty Alliance Project • Provides security and efficiency to use web services Chapter 6 - Security and Privacy

  6. Introduction • Web security is a complex issue that deals with : • Computer and network security • Authentication services • Message validation • Cryptography • Personal privacy issues • A breach of web security causes financial and other damage • Web security includes : • Authentication • Authorization • Privacy • A user must view a web site’s privacy policy Chapter 6 - Security and Privacy

  7. Fraud • Internet fraud is most common in credit card use and internet investing • Consumer protection is offered by credit card companies • The four schemes of investment frauds are : • Pump and Dump Scam: urges investors to buy/sell stock urgently • Pyramid Scam: how to earn money by working from home • Risk free Fraud: offers investors low-risk investment opportunties • Off-shore Fraud: takes advantages of currency fluctuations and economic systems of other contries • Internet Fraud Complaint Center (IFCC), Internet National Fraud Information Center (INFIC), and Fraud Bureau (FB) are organizations that alert users and avoid frauds Chapter 6 - Security and Privacy

  8. Crackers • Crackers disable networks by launching attacks through web servers and other public access nodes • The motivation is Personal Satisfaction or Social Attention • Firewall provides protection from crackers • An administrator’s job is to create a cracker-resistant system and not a cracker-proof one • A cracker can : • Erase data files • Modify data files • Sell them to others • Use system identity to attack other computers Chapter 6 - Security and Privacy

  9. Firewalls • Firewalls are used for security purposes • Firewalls use one or more the following three methods to control traffic flow : • Packet filtering : analyzes TCP packets against a set of filters • Proxy service : the firewall sends/receives information • Stateful inspection : compares key parts of packets to a database of trusted information • Firewalls are customizable, an administrator can set the level of security provided by a firewall according to system needs Chapter 6 - Security and Privacy

  10. P3P • P3P protocol is all about getting the server and the client to be up front about which personal data is collected and used • P3P does not give users more privacy, it only allows them to exercise personal data preferences • P3P policy editors are important to developers • Major browsers and web sites are P3P enabled and compliant • Cookies are viewed as precursors to P3P • P3P 1.0 specs. tells servers and clients how to implement the P3P protocol • P3P complements existing security and privacy efforts Chapter 6 - Security and Privacy

  11. Sniffing and Web Bugs • Sniffing is the act of collecting information about web surfers without their prior knowledge • Sniffing may be good or bad • Sniffing is used to monitor and analyze network traffic and detect and avoid bottlenecks • Web bug is a piece of invisible code or file in a web page to collect data about web users • Web bugs can install files on users’ computer • Three types of bugs can be identified • Image file • Executable bugs • Script based executable bugs Chapter 6 - Security and Privacy

  12. Stalking • Stalking on the web means to harass someone by spamming, flaming and other such activities • Web stalkers hide their true personalities • To fight stalking : • Work as a team • Be patient • Ignore stalkers • Change ISPs • Avoid meeting strangers online • To report stalking problem go to http://www.cybercrime.gov/reporting.htm Chapter 6 - Security and Privacy

  13. Censorship • Internet is the best medium for freedom of speech • The internet eliminates awkward ways of smuggling information across foreign borders • The attempt to ban or regulate access to information is censorship • Oppressive regimes can censor the internet • There are ways to fight internet censorship : • Smuggle information via networks of underground correspondents Chapter 6 - Security and Privacy

  14. TRUSTe • TRUSTe is an independent, non-profit privacy auditing service • It promotes trust of privacy between users and web sites • TRUSTe logo on a web site ensures protection of information • It advocates users’ privacy rights • Consumer Privacy Protection guidelines have 6 tips • Read privacy policy • Look for approved seals • Credit card purchase protection laws are same for online shopping and malls • Use secure servers • Use common sense • Teach children to be “cybersmart” Chapter 6 - Security and Privacy

  15. EPIC • EPIC stands for Electronic Privacy Information Center • It is a public interest research center established to protect privacy • EPIC has many interesting publications in the form of books and reports • Two important publications are : • Privacy Law Source book • Filters and Freedom 2.0 : Free speech perspectives on internet content and controls • EPIC works for web users Chapter 6 - Security and Privacy

  16. .NET Passport • .NET Passport is a Microsoft service that allows users to perform online purchases with the use of one single login name • .NET Passport consolidates web services • A user must create a .NET Passport Profile to register • .NET passport needs to use personal information and cookies to operate • .NET Passport is a member of TRUSTe privacy program • Visit http://www.passport.net for registration and information Chapter 6 - Security and Privacy

  17. Liberty Alliance Project • LAP is a collaboration of companies and organizations to develop and deploy an open, federated solution of internet identitys • LAP is important to the future of web services • LAP enables consumers and businesses to maintain personal information securely • LAP specifications define a principal that mediates authentication between and identity provider and a service provider • The LAP concept can bring great financial and other benefits to both consumers and businesses Chapter 6 - Security and Privacy

  18. Summary • Web security is a complex issue • A user must be aware of web based frauds • One must try to build a cracker-resistant system • Firewalls prevents unauthorized access to a computer • P3P works with existing privacy and security efforts • Sniffing and web bugs may be good or bad • Stalking on the web is an important issue • A user must fight internet censorship • Visit http://www.truste.org for information about TRUSTe • EPIC works for web users • .NET passport consolidates web services • LAP is important to the future of web services Chapter 6 - Security and Privacy

More Related