![Page 1: C/IL 102 Public cables used to transmit data between computers](https://reader035.vdocument.in/reader035/viewer/2022062513/5565d1c3d8b42a8a7b8b5074/html5/thumbnails/1.jpg)
C/IL 102
![Page 2: C/IL 102 Public cables used to transmit data between computers](https://reader035.vdocument.in/reader035/viewer/2022062513/5565d1c3d8b42a8a7b8b5074/html5/thumbnails/2.jpg)
Public cables used to transmit data between computers
Data sent in packets (about 1000 bytes) Packets could be analyzed by other intermediary computers (credit card numbers, etc.)
![Page 3: C/IL 102 Public cables used to transmit data between computers](https://reader035.vdocument.in/reader035/viewer/2022062513/5565d1c3d8b42a8a7b8b5074/html5/thumbnails/3.jpg)
About as private as a postcard traveling via snail mail◦ Internet Service Providers◦ Employers, etc.
Healthcare professionals No patient info in e-mail
Use Web-based account (example: Yahoo) Secure e-mail through encryption
![Page 4: C/IL 102 Public cables used to transmit data between computers](https://reader035.vdocument.in/reader035/viewer/2022062513/5565d1c3d8b42a8a7b8b5074/html5/thumbnails/4.jpg)
Networks can be ‘snooped’ Even IM content is not secure
Packet Sniffer
![Page 5: C/IL 102 Public cables used to transmit data between computers](https://reader035.vdocument.in/reader035/viewer/2022062513/5565d1c3d8b42a8a7b8b5074/html5/thumbnails/5.jpg)
Look Here!
Packet Sniffer
![Page 6: C/IL 102 Public cables used to transmit data between computers](https://reader035.vdocument.in/reader035/viewer/2022062513/5565d1c3d8b42a8a7b8b5074/html5/thumbnails/6.jpg)
IM◦ IMSecure (ZoneAlarm)◦ Simp (Secway)◦ AIM Pro (AIM)
E-mail and IM◦ PGP Desktop
PGP – Pretty Good Privacy Encryption Security for e-mail and IM ‘Certificates’ are used to digitally sign e-mail
Can secure portions of your hard drive, too! Windows and Mac platform
PC Magazine Article April 2008
![Page 7: C/IL 102 Public cables used to transmit data between computers](https://reader035.vdocument.in/reader035/viewer/2022062513/5565d1c3d8b42a8a7b8b5074/html5/thumbnails/7.jpg)
Good (tool for network administrators)◦ Analyzes network traffic◦ Detects intrusion attempt
Not-so-good◦ Can be used to ‘snoop’
![Page 8: C/IL 102 Public cables used to transmit data between computers](https://reader035.vdocument.in/reader035/viewer/2022062513/5565d1c3d8b42a8a7b8b5074/html5/thumbnails/8.jpg)
Browser transmits:◦ IP Address of your machine◦ IP Address of machine responding to request
◦ Operating System of your machine Windows XP, Windows Vista, Linux 7.0.2, Macintosh OS X 10.2.6
◦ Browser you are using Internet Explorer 6 or Mozilla Firefox 4.6 Different HTML tags work with some browsers but not others
![Page 9: C/IL 102 Public cables used to transmit data between computers](https://reader035.vdocument.in/reader035/viewer/2022062513/5565d1c3d8b42a8a7b8b5074/html5/thumbnails/9.jpg)
IP Address (both sender and receiver) Logs where URL requests come from◦ Usage info (demand for Web pages)
Login Information (logs)◦ When, how long, etc. ◦ Can pinpoint activity on a computer
![Page 10: C/IL 102 Public cables used to transmit data between computers](https://reader035.vdocument.in/reader035/viewer/2022062513/5565d1c3d8b42a8a7b8b5074/html5/thumbnails/10.jpg)
A small piece of information that a Web site saves on computer when you visit the site
Browser maintains list of cookies
Web site may then determine something about your past involvement at that site◦ It ‘remembers’ you!
![Page 11: C/IL 102 Public cables used to transmit data between computers](https://reader035.vdocument.in/reader035/viewer/2022062513/5565d1c3d8b42a8a7b8b5074/html5/thumbnails/11.jpg)
Impact on Privacy◦ Advantages
Personalize interactions with Web sites Tailor to preferences and interests
◦ Disadvantages Web Beacons / Web Bugs
Small (1 x 1 pixel) image Tracks references to URL (usage details) Foreign cookies, third-party cookies
Common for commercial Web sites (Ex. Yahoo!) Tracks contacts your computer has with Web sites
Allows e-commerce folks to promote products ($$$$) and refine marketing (through advertising)
![Page 12: C/IL 102 Public cables used to transmit data between computers](https://reader035.vdocument.in/reader035/viewer/2022062513/5565d1c3d8b42a8a7b8b5074/html5/thumbnails/12.jpg)
Yahoo Privacy Policy◦No two-seater sport car ads for me!
Yahoo Web Beacon Policy◦Yahoo Web Beacons
![Page 13: C/IL 102 Public cables used to transmit data between computers](https://reader035.vdocument.in/reader035/viewer/2022062513/5565d1c3d8b42a8a7b8b5074/html5/thumbnails/13.jpg)
Could delete cookies from your hard drive, but lose convenience◦ Different from “history” file
Check Privacy Policy of commercial sites◦ How will they use your information?
Check privacy policy of company or ISP whose computer you use
![Page 14: C/IL 102 Public cables used to transmit data between computers](https://reader035.vdocument.in/reader035/viewer/2022062513/5565d1c3d8b42a8a7b8b5074/html5/thumbnails/14.jpg)
Encrypt data◦ Scramble data so that it can not be read◦ HTTPS – encrypts before data is sent and decrypts when received (Secure Hypertext Transfer Protocol)
![Page 15: C/IL 102 Public cables used to transmit data between computers](https://reader035.vdocument.in/reader035/viewer/2022062513/5565d1c3d8b42a8a7b8b5074/html5/thumbnails/15.jpg)
Even with Encryption, theft is possible◦ Data obtained before actual encryption◦ Keyboard Sniffer
Monitor Use of Computer and Installed Programs
◦ If you ask browser to record data typed into forms Monitor others using your computer and account information
![Page 16: C/IL 102 Public cables used to transmit data between computers](https://reader035.vdocument.in/reader035/viewer/2022062513/5565d1c3d8b42a8a7b8b5074/html5/thumbnails/16.jpg)
Encoding information – cryptography◦ Dan Brown’s “DaVinci Code” and “Digital Fortress”
The Caesar Cipher ◦ Julius Caesar encoded messages by replacing each letter with 3rd letter after in alphabet (a=d, b=e, z=c, etc.)
◦ Improve: use cipher alphabet BUT use different shifts for subsequent letters 1st letter = shift by 3 letters 2nd letter = shift by 1 letter 3rd letter = shift by 4 letters Pi = 3.1415926
◦What would ‘Hello’ be?
![Page 17: C/IL 102 Public cables used to transmit data between computers](https://reader035.vdocument.in/reader035/viewer/2022062513/5565d1c3d8b42a8a7b8b5074/html5/thumbnails/17.jpg)
Public-key systems ◦ Used with modern computer systems◦ Complex mathematical formulas◦ Person wishing to receive messages will publish public key (often 128 bits – larger the key – longer to break) Example:1000 years
◦ Important for e-commerce (secure sites) ◦ PGP – Pretty Good Privacy – protects data in storage, too
Public key is for encryption Private key is for decryption
◦ Debate over public key encryption Terrorists use encryption Yet, needed for e-commerce growth
TLS/SSL – Transport Layer Security/Secure Sockets Layer ◦ Web browsers◦ Protects data in transit over a network
![Page 18: C/IL 102 Public cables used to transmit data between computers](https://reader035.vdocument.in/reader035/viewer/2022062513/5565d1c3d8b42a8a7b8b5074/html5/thumbnails/18.jpg)
Wireless networks◦ Passwords control what computers and users access network Encryption and Authentication Encryption:
WEP (Wired Equivalency Privacy) Protects against casual snooping No longer recommended – crack in minutes
WPA (Wi-Fi Protected Access) Works with all wireless network adapters but not all older routers or access points
WPA2 (Wi-Fi Protected Access) More Secure than WPA Will not work with some older network adapters
![Page 19: C/IL 102 Public cables used to transmit data between computers](https://reader035.vdocument.in/reader035/viewer/2022062513/5565d1c3d8b42a8a7b8b5074/html5/thumbnails/19.jpg)
Prevents ‘Piggybacking’ Tapping into someone else’s wireless Internet connection without proper authorization Illegal in some states
NY Times Article 2006
![Page 20: C/IL 102 Public cables used to transmit data between computers](https://reader035.vdocument.in/reader035/viewer/2022062513/5565d1c3d8b42a8a7b8b5074/html5/thumbnails/20.jpg)
Easily guessed (40-50%) Share passwords Post password next to computer Passwords too short
![Page 21: C/IL 102 Public cables used to transmit data between computers](https://reader035.vdocument.in/reader035/viewer/2022062513/5565d1c3d8b42a8a7b8b5074/html5/thumbnails/21.jpg)
Use ‘strong’ passwords◦ Mix numbers and letters; mix case◦ The longer the better (6-8 chars or longer) Brute Force – trying every combination until password is determined
◦ Pet, kids and spouse names make bad passwords
◦ Be inconsistent – use different passwords for different sites (I know…hard to do!)
◦ Change passwords often
![Page 22: C/IL 102 Public cables used to transmit data between computers](https://reader035.vdocument.in/reader035/viewer/2022062513/5565d1c3d8b42a8a7b8b5074/html5/thumbnails/22.jpg)
Google◦ Modify saved search logs after 18 months◦ Will pull cookie ID from record and clear final numbers of IP address
Microsoft MSN◦ Anonymize search logs after 18 months; clear entire IP address
Yahoo◦ Anonymize logs after 3 months (was 13 months)
European Union◦ Discard data after 6 months
In response to AOL release of Internet searches over 3 month period (2006) PC World Article
Yahoo to Scrub Personal Data After 3 Months (Dec. 2008)
![Page 23: C/IL 102 Public cables used to transmit data between computers](https://reader035.vdocument.in/reader035/viewer/2022062513/5565d1c3d8b42a8a7b8b5074/html5/thumbnails/23.jpg)
Facebook Profiles Personal Information
Search engines have access to public profile information on Facebook◦ “Identity fraudsters and phishers – scammers who pose as one of their target's friends, encouraging them to click on a message that downloads a virus onto a computer – are among the prime candidates for abusing such information.”
Social Engineering issue
10 Privacy Settings Every Facebook User Should Know
![Page 24: C/IL 102 Public cables used to transmit data between computers](https://reader035.vdocument.in/reader035/viewer/2022062513/5565d1c3d8b42a8a7b8b5074/html5/thumbnails/24.jpg)
No such thing as 100% security :◦ Make sure Operating System is up-to-date (automatic update/service packs)
◦ Use anti-malware programs/Security Suites (update)
◦ Use a bidirectional firewall◦ Use additional anti-spyware scanners (Spybot S&D, Adaware, Windows Defender)
◦ Secure wireless network (WEP/WPA/WPA2)◦ Use unique (strong) passwords ◦ Consider using different browser – Internet Explorer is a popular target (Opera, Firefox)
◦ Use encryption (E-mail, IM - example ‘PGP Desktop’)
◦ Backup important files (ex. storms, hardware failure)
◦ Be mindful of “social engineering” issues ◦ Turn computer OFF when not in use
![Page 25: C/IL 102 Public cables used to transmit data between computers](https://reader035.vdocument.in/reader035/viewer/2022062513/5565d1c3d8b42a8a7b8b5074/html5/thumbnails/25.jpg)
Anonymize Search Logs Caesar Cipher Certificates Cookies Decryption E-mail / IM Security Encryption Facebook Issues HTTPS IP Address Keyboard Sniffer Packet Sniffer Passwords PGP
Piggybacking Privacy Issues Privacy Policy Public-Key System Routinely Transmitted Info. Security (Steps) Third-party Cookie/ Foreign Cookie
TLS /SSL URL Web Beacon / Web Bug Wireless Security WEP / WPA / WPA2