Protecting Your System When You Are Online
description
Transcript of Protecting Your System When You Are Online
Protecting Your SystemWhen You Are Online
Presented By: Dan BarkerSpecial Projects Manger - Kingdom Telephone Co
Protecting Your System When Online
Overview
This session is designed to:
Put Your Mind At Ease
Inform and Educate
Arm You With The Tools
Make Your Internet Experience Pleasant & Safe
Protecting Your System When Online
How The Internet Works
A View From 30,000 Ft.
Protecting Your System When Online
How The Internet Works – A View From 30,000 Ft.
Survivable
Protecting Your System When Online
How The Internet Works – A View From 30,000 Ft.
Enable different types of computers and devices all talk and communicate together…
Protocols Were Born
TCP/IP
HTTP
POP3 & SMTP
100s of Others
Protecting Your System When Online
How The Internet Works – A View From 30,000 Ft.
MAILBOX
POSTOFFICE
AIRPLANE
POSTOFFICE
DESTINATION
The rules (protocols) ofthe postal system ensurethat a properlyaddressed letter (format)will reach the destinationthrough a delivery route(transmission).
Protocols
Protecting Your System When Online
How The Internet Works – A View From 30,000 Ft.
1 2 3
4 5 6
1 2 3
4 5 6
Data that makesup entire e-mail
mesasage
Data that makesup entire e-mail
mesasage
1
ROUTER
4
ROUTER
ROUTER
ROUTER
ROUTER
11
2
2
3
45
5
6
STEP 1
STEP 2
STEP 3
Message being sent Message is received
4
3
6
Message is sent
Protecting Your System When Online
How The Internet Works – A View From 30,000 Ft.
Because of the true nature and by design the Internet is an OPEN resource, but can
be susceptible to pitfalls.
Protecting Your System When Online
Your Privacy Online
How To Protect It
Protecting Your System When Online
Your Online Privacy
Why is my information so important to someone?
Businesses want to gain new customers and keep the customers they have. To do this, they need information.
The more information a business has about a prospect or a customer, the more likely it can meet that customer’s needs or shape its promotions to appeal to those needs.
This is called a “profile.”
Protecting Your System When Online
Your Online Privacy
Why is my information so important to someone?
Remember when Radio Shack began asking you for your mailing address?
They were leading the way for modern business. Now, virtually every company wants your personal information because their customer database is so valuable.
This is called “Database Marketing”.
Protecting Your System When Online
Your Online Privacy
Online Forms & Registrations
Websites (Traffic and Web Logs)
Newsgroups
Spyware/Adware
Online Methods Of Getting Your Data
Protecting Your System When Online
Your Online Privacy
Market additional products to you.
Sell it to a third-party company for a fee or a commission on the products it sells to you.
Trade it as barter for the use of another company's customer database.
What They Do With Your Information
This leads to unwanted email offers, more junk mail, and targeted web sites.
Protecting Your System When Online
Your Online Privacy
Don’t give out SS # or other personal information.
Don’t respond to surveys or polls unless sure of source – and then only give generic information
Weigh the importance of someone having your information
How To Deal With This…
Protecting Your System When Online
Your Online Privacy
Other pitfalls will also cause a loss of privacy…
Viruses
Hackers
Online Scams
Adware/Spyware
How would you like having a person follow you around town ?
Recording everything you did…
Reporting back to a company on where you went, what you did, and what you purchased?
Your Online Privacy
Protecting Your System When Online
Spyware is any software that employs a user's Internet connection in the background without their knowledge or explicit permission.
It typically comes in the form of a small part of a larger program that sits there reporting your every move.
Your Online Privacy
Protecting Your System When Online
Other privacy invading programs include RealNetworks RealDownload, Netscape/AOL Smart Download, NetZip Download Demon, Comet Cursor
Spyware Infested Software List. (http://www.infoforce.qc.ca/spyware/)
Your Online Privacy
Protecting Your System When Online
1. Your name as listed in the system registry
2. Your IP address
3. A listing of ALL software that is shown in your registry as being installed.
4. Ad banners you may click on
5. All downloads you do showing the filename/file size/date/time/type of file
6. Full time and date stamps of all your actions while using your browser
7. The dialup number you are dialing in on.
8. Dialup password if saved
Aureate.com
Your Online Privacy
Protecting Your System When Online
Additional help for this topic can be found at Gibson’s Research web site at www.grc.com which also offers software to assist you in checking your machine and ridding it of this type of invasion.
Your Online Privacy
Protecting Your System When Online
Protecting Your System When Online
Email & Spam
Typical junk email comes in the form of:Chain letters
Pyramid schemesGet Rich Quick schemes
Offers for pornographic web sites Stock offerings
Quack health products
Email & Spam
Protecting Your System When Online
Free Web Hosting(GeoCities, Tripod)
Shareware/Software
Data Mining
Opt-In Email Lists and “Get Paid To Surf” programs.
Forwarded Emails With All Headers (jokes, virus warnings)
Newsgroups & Ebay
Software Registrations
Email & Spam
Protecting Your System When Online
Complaining – Does it do any good?
If you want to complain, you should forward the message, including the full headers, to the services that handled the message, complaining that you don't want such mail.
What specific address? Use both abuse@[domain] and postmaster@[domain]
If you see the message was routed through AOL, then send it to [email protected] & [email protected]. NOT YOUR ISP
Email & SpamSo What Can I Do?
Protecting Your System When Online
Never Respond to Spam
Use A Throw Away Address
Use SpamCop – spamcop.net
Don’t Forward Mail With Everyone’s Address
When Filling Out Online Forms – Use Throw Away Address or Bogus Address
Use screen name not email address for Ebay, Chat Rooms, etc.
Email & Spam
So What Can I Do?
Protecting Your System When Online
Protecting Your System When Online
Cookies
Protecting Your System When Online
Cookies
A cookie is a small text file that is planted on your hard disk when you visit certain Web sites. These cookies are stored in your "cookie" folder or subdirectory.
Not all cookies are bad. In order to separate the bad from the good, you need to understand the three basic types of cookies.
Protecting Your System When Online
Cookies
Type 1: Logon Cookies — These are common where the site requires registration.
Provides you with a convenient way to access the site without having to re-enter your logon information every time you visit
Type 2: Preference Cookies — Example, when you visit a weather site, a cookie may be used to store your zip code, so that you don't have to enter this every time you want to check your local weather forecast.
Protecting Your System When Online
Cookies
Type 3: Tracking Cookies —Some cookies are used to store information about ads you have clicked on, sites you have visited, and even files you have downloaded.
The goal of this cookie is visitor tracking and is far from innocent. The problem is that this is done without your permission for reasons that are not disclosed.
Protecting Your System When Online
CookiesI just want to block all cookies.
You can set your security level on most browsers to reject all cookies. There will be some sites that simply don't let you on.
Internet Explorer is set up to allow the creation of cookies; however, you can specify that you be prompted before a site puts a cookie on your hard disk, so you can choose to allow or disallow the cookie.
Protecting Your System When Online
Cookies
I just want to block all cookies.
IE 6.0 implements advanced cookie filtering based on the Platform for Privacy Preferences (P3P).
Protecting Your System When Online
Online Scams
Don’t Get Caught In One
Protecting Your System When Online
Online Scams
Protecting Your System When Online
Online Scams
Do business with companies you know and trust.
Understand the offer. Look carefully at the information and ask for more information, if needed.
Check out the company's track record. Ask your state or local consumer protection agency.
Protecting Your System When Online
Online Scams
Be careful to whom you give your financial or other personal information.
You may be better off paying by credit card than with a check, cash or money order.
Protecting Your System When Online
Online Scams
Don't ever buy an item that you learn about via bulk email ("spam").
If you are buying something at a reputable online auction site, always check out the references for the seller and only buy from sellers who have good references.
Use common sense and trust your intuition.
Protecting Your System When Online
Viruses/Trojans
Protecting Your System When Online
Viruses/Trojans
Many times a message is attached with a file that gives the user the impression that he is receiving a new screen saver or game.
When in fact when the recipient executes this small attachment not only does it install a visible application but also a silent and hidden application as well.
The silent application the user just installed will allow a remote computer to access all applications on the users computer hard drive.
Protecting Your System When Online
Viruses/Trojans
Good Health Comes From…
Install and USE and Virus Program
Virus programs should be kept up to date!
Check If Your Provider Offers Email Virus Scanning
The best defense is treat every attachment with caution – EVEN IF YOU KNOW THE SENDER
“Shoring Up Defenses”
One of best according to many reviews and sources is Zone Alarm.
The “light version” can be downloaded at www.zonealarm.com for free.
Viruses/Trojans
Protecting Your System When Online
Protecting Your System When Online
Hoaxes & Urban Legends
Protecting Your System When Online
Hoaxes & Urban Legends
Internet hoaxes and chain letters are e-mail messages written with one purpose; to be sent to everyone you know. The messages they contain are usually untrue.
Hoax messages try to get you to pass them on to everyone you know using several different methods of social engineering.
Protecting Your System When Online
Hoaxes & Urban Legends
If the warning uses the proper technical jargon, most individuals, including technologically savvy individuals, tend to believe the warning is real.
Spammers will use this method to get email addresses.
This lends itself to -
Trust in authority
Excitement
Sense of importance or belonging
Protecting Your System When Online
Hoaxes & Urban Legends
Netscape and AOL have recently merged to form the largest internet company in the world.
In an effort to remain at pace with this giant, Microsoft has introduced a new email tracking system. This email is a beta test of the new software and Microsoft has generously offered to compensate whoever participates in the testing process.
For each person you send this email to, you will be given $5. For every person they give it to, you will be given an additional $3. For every person they send it to you will receive $1.
Protecting Your System When Online
Hoaxes & Urban Legends
Curt B. Please Forward Chain Letter
Dear FriendsMy name is Curt and I live in Charleston, SC. My son Jermaine recently was hit by a car in front of our apartment.
Taco Bell Chihuahua
This is SOOOOOO Cool!!!!!! You Have to see this!!!!!! It is SOOO cute that the people that HAVE seen this keep asking me to send it to them again!!
Send this to 1-7 people and you will see the little Taco Bell Chihuahua walk to the middle of you screen and he will say "Yo Quiro Taco Bell."
Protecting Your System When Online
Hoaxes & Urban LegendsFederal Bill 602p Guess the warnings were true. Federal Bill 602P 5-cents per E-mail sent. It figures! No more free E-mail! We knew this was coming!! Bill 602P will permit the Federal Government to charge a 5-cent charge on every deliveredE-mail. Washington DC lawyer Richard Stepp is working without pay to prevent this legislation from becoming law. The US Postal Service is claiming lost revenue, due to the proliferation of E-mail, is costing nearly$230,000,000 in revenue per year. Send this E-mail to EVERYONE on your list, and tell all your friends andrelatives to write their congressional representative and say "NO" to Bill 602P. PLEASE FORWARD!
Protecting Your System When Online
Hoaxes & Urban Legends
1. Note whether the text was actually written by the person who sent it to you. If not, be skeptical.
2. Look for the telltale phrase, "Forward this to everyone you know."
3. Look for statements like "This is not a hoax" or "This is not an urban legend." They usually mean the opposite of what they say.
4. Look for overly emphatic language, the frequent use of UPPERCASE LETTERS and multiple exclamation points!!!!!!!
5. If the message seems geared more to persuade than to inform, be suspicious. Hoaxers are out to push emotional buttons.
6. Check for references to outside sources. Hoaxes will not typically name any, nor link to Websites with corroborating information.
Protecting Your System When Online
Hoaxes & Urban Legends
DO NOT circulate warnings without first checking with an authoritative source. Authoritative sources are your computer system security administrator, your computer incident handling team, or your antivirus vendor.
Most anti-virus companies have a web page containing information about most known viruses and hoaxes.
Protecting Your System When Online
Instant Messengers
Viruses
Privacy
Could be problem for children
Set Some Rules For Their Use!
Protecting Your System When Online
Password Defenses
Protecting Your System When Online
Password Defenses
Use passwords and change them often
Start by observing the following rules:
Rule #1: Don't use common words. This includes words like "password," "admin," your first name, your last name, your mother's maiden name, or your birth date. These are the first passwords hackers will try.
Protecting Your System When Online
Password Defenses
Rule #2: Don't use real words. Instead use a combination of letters, numbers, and punctuation.
Rule #3: Don't use the same password for every application. If you do, once someone cracks one password, they have effectively cracked all of them.
Protecting Your System When Online
Kids Online
Protecting Your System When Online
Kids Online
Teach your children to check with you before giving out personal — or family — information and to look for privacy policies when they enter a web site that asks for information about them.
Consider parental filtering services available from your provider or in the form of software to monitor and restrict your children’s access.
Protecting Your System When Online
Kids Online
Finally, and I cannot stress this enough… know what your kids are doing online.
Do not use the Internet as a replacement for a babysitter and technology doesn’t replace good parenting.
Kids can get into areas where they shouldn’t -- even by accident.
Protecting Your System When Online
Safety Test
Protecting Your System When Online
Safety Test Purchase a leading anti-virus software package, one that will scan incoming mail messages and files on-access automatically.
Update anti-virus software definitions weekly, if not more often (ideally, the AV software should update the virus definitions automatically.)
Use the anti-virus software to run full disk scans (i.e. scan the entire computer) monthly, if not more often. Full disk scans should also be scheduled to run automatically.
Learn how to identify virus hoaxes from real threats.
Install a firewall, such as Zone Alarm or BlackIce, which is free to home users, to protect against Trojans and other unauthorized access to a machine.
Scan all floppies, CDs, or other external media that have been used on external systems or that you receive from others.
Protecting Your System When Online
Safety Test Do not open attachments unless absolutely necessary, especially if they are sent by someone unknown to the recipient.
Do not open EXE, BAT, VBS, and SCR type attachments ever, since they are common vectors for virus/malware infections. Consider installing updated packages or the Security Updates, to block such attachments.
Always scan attachments manually with antivirus software before opening them, if they must be opened.
Consider using a plain text (non-HTML) e-mail reader such as Eudora.
If possible, set your e-mail client to send messages in plain text (for Outlook go to Tools/Options/Mail Format, and then choose Plain text from the windows below). HTML mail is a potential risk and allows for snooping and malicious code infection
Protecting Your System When Online
Safety Test It is strongly suggested to disable dangerous web features, such as ActiveX. For more information on ActiveX dangers see www.digicrime.com
Disabling JavaScript is recommended, but may be unrealistic for some users, as many web sites use it for navigation. JavaScript can be used to steal e-mail passwords, form contents and even modify the Windows registry where the system settings and some passwords are recorded.
Turn off Windows file sharing: If sharing must be enabled, make sure it is password protected, only sharing necessary directories.
Avoid the use of insecure network applications such as ICQ, AIM or IRC for discussing private information. The content of such communication can be seen by third parties, used for attacking your system and deploying viruses.
Protecting Your System When Online
Safety Test Perform system manufacturer security patch updates on a regular basis.
Backup your files regularly on ZIP disk or CD-ROM. This measure ensures that vital information will not be lost in the case of viruses and general hardware failures.
Ensure that effective passwords are used. Passwords should also be changed on a regular basis.
Set up company or family rules of use to ensure everyone has a safe experience.
Privacy IssuesRadiate Spyware List www.radiate.com/consumers/products.html
Spyware Infested Software List. www.infoforce.qc.ca/spyware/
Tracking Spyware on Your Systemwww.grc.com
Federal Trade Commission’s Site on Privacywww.ftc.gov/bcp/conline/edcams/kidzprivacy
Federal Trade Commission’s Safe Harborhttp://www.ftc.gov/privacy/safeharbor/
Credits
Protecting Your System When Online
Unsolicited Email and Spam Issues
Coalition Against Unsolicited Commercial Emailwww.cauce.org
Network Abuse Clearinghousewww.abuse.net
SpamCop - punish spammers www.spamcop.net
Credits
Protecting Your System When Online
Virus Issues
The Cleanerwww.moosoft.com
McAfeewww.mcafee.com
Norton Anti-Viruswww.norton.com
F-Securewww.f-secure.com
Credits
Protecting Your System When Online
Children On The NetDept of Justice’s Kids Pagewww.usdoj.gov/kidspage/
Kids Guide to Dos and Don’tswww.usdoj.gov/kidspage/do-dont/kidinternet.htm
Other InfoFTC’s Guide to Buying and Selling on the Netwww.ftc.gov/bcp/conline/pubs/online/auctions.htm
www.fraud.org
www.quackwatch.com
Credits
Protecting Your System When Online
Questions?