Mastering the Internet, XHTML, and JavaScript
Download
Report
Transcript Mastering the Internet, XHTML, and JavaScript
Mastering the Internet,
XHTML, and JavaScript
Chapter 6
Security and Privacy
Outline
Goals and Objectives
Chapter Headlines
Introduction
Fraud
Crackers
Firewalls
P3P
Sniffing and Web Bugs
Stalking
Censorship
TRUSTe
EPIC
.NET Passport
Liberty Alliance Project
Chapter 6 - Security and Privacy
2
Goals and Objectives
Goals
Understand and master the important issues of web security and
privacy, know your online rights, configure browsers for tighter
security and better privacy, and find out how to protect the
exchange of sensitive data online.
Objectives
Web security and privacy issues
Fraud, crackers, and firewalls
P3P
Sniffing, stalking, and censorship
EPIC
TRUSTe
.NET Passport
Liberty Alliance Project
Chapter 6 - Security and Privacy
3
Chapter Headlines
6.1 Introduction
Find out what effects your security and privacy on the Web
6.2 Fraud
Do not fall victim to internet fraud; check online resources
for help
6.3 Crackers
They use system identity to launch attacks
6.4 Firewalls
Put a wall between a network and internet to prevent
computer fire
6.5 P3P
P3P helps web surfers protect their privacy
6.6 Sniffing and Web bugs
It allows unauthorized information access
Chapter 6 - Security and Privacy
4
Chapter Headlines
6.7 Stalking
Fight web stalking and ask for help immediately
6.8 Censorship
Internet is the worst enemy of censorship
6.9 TRUSTe
This seal of approval ensures maximum online privacy
6.10 EPIC
EPIC views content filtering as a form of suppression of
speech
6.11 .NET Passport
Reduces the burden of online registrations
6.12 Liberty Alliance Project
Provides security and efficiency to use web services
Chapter 6 - Security and Privacy
5
Introduction
Web security is a complex issue that deals with :
A breach of web security causes financial and other
damage
Web security includes :
Computer and network security
Authentication services
Message validation
Cryptography
Personal privacy issues
Authentication
Authorization
Privacy
A user must view a web site’s privacy policy
Chapter 6 - Security and Privacy
6
Fraud
Internet fraud is most common in credit card use and
internet investing
Consumer protection is offered by credit card companies
The four schemes of investment frauds are :
1.
2.
3.
4.
Pump and Dump Scam: urges investors to buy/sell stock urgently
Pyramid Scam: how to earn money by working from home
Risk free Fraud: offers investors low-risk investment opportunties
Off-shore Fraud: takes advantages of currency fluctuations and
economic systems of other contries
Internet Fraud Complaint Center (IFCC), Internet National
Fraud Information Center (INFIC), and Fraud Bureau (FB)
are organizations that alert users and avoid frauds
Chapter 6 - Security and Privacy
7
Crackers
Crackers disable networks by launching attacks through
web servers and other public access nodes
The motivation is Personal Satisfaction or Social
Attention
Firewall provides protection from crackers
An administrator’s job is to create a cracker-resistant
system and not a cracker-proof one
A cracker can :
Erase data files
Modify data files
Sell them to others
Use system identity to attack other computers
Chapter 6 - Security and Privacy
8
Firewalls
Firewalls are used for security purposes
Firewalls use one or more the following three methods to control
traffic flow :
1. Packet filtering : analyzes TCP packets against a set of filters
2. Proxy service : the firewall sends/receives information
3. Stateful inspection : compares key parts of packets to a database
of trusted information
Firewalls are customizable, an administrator can set the level of
security provided by a firewall according to system needs
Chapter 6 - Security and Privacy
9
P3P
P3P protocol is all about getting the server and the client
to be up front about which personal data is collected and
used
P3P does not give users more privacy, it only allows
them to exercise personal data preferences
P3P policy editors are important to developers
Major browsers and web sites are P3P enabled and
compliant
Cookies are viewed as precursors to P3P
P3P 1.0 specs. tells servers and clients how to
implement the P3P protocol
P3P complements existing security and privacy efforts
Chapter 6 - Security and Privacy
10
Sniffing and Web Bugs
Sniffing is the act of collecting information about web
surfers without their prior knowledge
Sniffing may be good or bad
Sniffing is used to monitor and analyze network traffic
and detect and avoid bottlenecks
Web bug is a piece of invisible code or file in a web
page to collect data about web users
Web bugs can install files on users’ computer
Three types of bugs can be identified
Image file
Executable bugs
Script based executable bugs
Chapter 6 - Security and Privacy
11
Stalking
Stalking on the web means to harass someone by
spamming, flaming and other such activities
Web stalkers hide their true personalities
To fight stalking :
Work as a team
Be patient
Ignore stalkers
Change ISPs
Avoid meeting strangers online
To report stalking problem go to
http://www.cybercrime.gov/reporting.htm
Chapter 6 - Security and Privacy
12
Censorship
Internet is the best medium for freedom of speech
The internet eliminates awkward ways of smuggling
information across foreign borders
The attempt to ban or regulate access to information is
censorship
Oppressive regimes can censor the internet
There are ways to fight internet censorship :
Smuggle information via networks of underground
correspondents
Chapter 6 - Security and Privacy
13
TRUSTe
TRUSTe is an independent, non-profit privacy auditing service
It promotes trust of privacy between users and web sites
TRUSTe logo on a web site ensures protection of information
It advocates users’ privacy rights
Consumer Privacy Protection guidelines have 6 tips
Read privacy policy
Look for approved seals
Credit card purchase protection laws are same for online
shopping and malls
Use secure servers
Use common sense
Teach children to be “cybersmart”
Chapter 6 - Security and Privacy
14
EPIC
EPIC stands for Electronic Privacy Information Center
It is a public interest research center established to
protect privacy
EPIC has many interesting publications in the form of
books and reports
Two important publications are :
Privacy Law Source book
Filters and Freedom 2.0 : Free speech perspectives on internet
content and controls
EPIC works for web users
Chapter 6 - Security and Privacy
15
.NET Passport
.NET Passport is a Microsoft service that allows users to
perform online purchases with the use of one single
login name
.NET Passport consolidates web services
A user must create a .NET Passport Profile to register
.NET passport needs to use personal information and
cookies to operate
.NET Passport is a member of TRUSTe privacy program
Visit http://www.passport.net for registration and
information
Chapter 6 - Security and Privacy
16
Liberty Alliance Project
LAP is a collaboration of companies and organizations
to develop and deploy an open, federated solution of
internet identitys
LAP is important to the future of web services
LAP enables consumers and businesses to maintain
personal information securely
LAP specifications define a principal that mediates
authentication between and identity provider and a
service provider
The LAP concept can bring great financial and other
benefits to both consumers and businesses
Chapter 6 - Security and Privacy
17
•
•
•
•
•
•
•
•
•
•
•
•
Summary
Web security is a complex issue
A user must be aware of web based frauds
One must try to build a cracker-resistant system
Firewalls prevents unauthorized access to a computer
P3P works with existing privacy and security efforts
Sniffing and web bugs may be good or bad
Stalking on the web is an important issue
A user must fight internet censorship
Visit http://www.truste.org for information about TRUSTe
EPIC works for web users
.NET passport consolidates web services
LAP is important to the future of web services
Chapter 6 - Security and Privacy
18