Transcript Student presentation

Security, Privacy and Freedom
“There is no privacy in this digital world.”
By: Fong-Ting Yau and Ralph L Fidel
What does it mean to be
“digitally” secure?
• All personal data and digital transactions are kept
confidential
• Each user remain unique and their identity protected
(from fraud, etc.)
• Users granted freedom to access and modify their
information freely
Presentation Overview
•
•
•
•
Security of Online Banking
Security of Credit Card transactions
Local File/Network Security
Security of Digital Correspondence and Real Time
Chats
• Does privacy exist in the digital world?
Online Banking
You can now access your bank account online!
•
•
•
•
•
•
•
•
Check balance
Check recent transactions
Update direct deposit/withdrawal
Access credit card information
Make bill payments
Ability to consolidate multiple accounts
Apply for Investments and Loans
Financial Planning
Form and Function
Initial Purpose: Once limited to bank visits and telephone calls, online banking is
a growing trend allowing bank customers the ability to access and manage all their
accounts in the privacy of their homes or any other location (convenience).
•
•
When visiting your bank’s website, you are prompted to enter personal
information that include your name, bank number and usually, if registering for
the first time, a validation code that you receive from contacting an actual
banking representative.
Although the majority of the process is automated, the user is usually required
to first contact their bank (through telephone or by visiting a branch) to set up
this feature.
(Wikipedia: Credit Card, 2006)
Case Study #1
Carol, an elderly woman, has just discovered that
she is able to access her bank account online. She
rushes to the library and quickly entering in the
requested information, she transfers funds from her
chequing account to her savings account. Satisfied,
she smiles and leaves.
Possible Security Flaws
• She is using a public computer, leaving her
information exposed to those who know how
to access usage internet logs.
• She may have inadvertently left the banking
window open allowing the next user complete
access to her accounts.
Online Banking: The Now
•
Banks use various methods to ensure the security and feasibility of banking online:
•
•
•
•
•
Personal Verification Question
Access Logs
Session Time Outs
Last Sign On feature
128-bit Encryption
Online Banking: The Now
•
Users ought to be held accountable, at least in part, to ensure the protection of
their own information:
• Ensuring the website is legitimate
• Ensuring aforementioned banking features are present
• Obtaining a hardcopy of recent transactions
•
What to do if you are a victim: Contact your bank as soon as possible!
Credit Cards
What can you do with your credit card nowadays?
•
•
•
•
•
Make online purchases (Ebay, Amazon, PayPal etc.)
Make subscriptions (automatic withdrawals)
Means of insurance regarding transactions (collateral)
Means of personal identification
Establish a credit history
Form and Function
Initial Function: Credit Cards are a means of ensuring secure transactions because they are processed without a long clearance period (unlike cheques).
Credit card transactions are especially useful for making online purchases and
have become the standard method when dealing with such exchanges.
•
With the advent of services such as Ebay and PayPal, consumers are free to sell
their goods to other consumers safely.
Case Study #2
Patrick is about to make his very first purchase online.
The website has asked for his full name, address,
and contact phone number. Credit card in hand he
carefully fills in the form, enters the numbers on the
card and confirms his purchase without much
hesitation.
Possible Security Flaws
• Someone else could be recording Patrick’s
information without his consent.
• Someone, other than Patrick (but with his credit
card), could’ve easily completed this transaction
without any form of identity verification.
• The source website may not be legitimate, and
Patrick may never receive the item but would still be
charged for it =(.
Credit Cards: The Now
•
Credit Card companies use various methods to ensure the security of their clients:
•
•
•
•
Credit Card Insurance
Requiring a four digit personal identification number
Advent of forgery resistant smart cards
Implementation of Card Verification Value/Code (CVV/CVC)
(CIBC, 2006)
Credit Cards: The Now
•
Credit Card holder’s obligation to security:
• Always report lost or stolen cards
• Ensure source is credible before providing credit card information
• Always obtain and review a hardcopy of recent transactions
Local File/Network Security
• Local files include those present on your
computer’s hard drive
• Local Network include all machines
(computers, routers, modems, etc.) present
in your home network
Form and Function
•
Initial Purpose: Initial attraction of networking was to share disc space and
laser printers
•
In the days before personal computers, a site might have just one central
computer, with users accessing this via computer terminals over simple lowspeed cabling
•
Through the development of CP/IM and DOS (Operating Systems), a single site
began to have dozens and even hundreds of computers (as a result, more
individuals may be at risk for having their information exposed to others).
(Wikipedia; Local Area Network, 2006)
Case Study #3
Sue is setting up her first wireless home
network. After installing her wireless network
cards, connecting her router, she logs onto
the network and transfers files from her
desktop to her laptop.
Possible Security Flaws
• Without knowing about network security, her home
network is vulnerable to outsiders (her neighbors
could easily access her files and even hijack her
internet).
• Without changing her default password, others could
access her router settings and change its password,
locking her out of her own network!
Local File/Network Security: The Now
•
•
Various methods for securing your files:
• Hardware/Software firewall
• WEP
• Local Computer/Network Access Passwords
• External Media Backup
• Stay Informed
What to do if your system/network is compromised:
• Change your passwords immediately
• That’s what backups are for!
(Potter, 2006)
(Tyson, How Firewalls Work, 2006)
Digital Correspondence and Real Time Chat
• What does this include?
• Instant Messaging
• Online Discussion Forums
• Online Communities (MySpace)
• Blogs (Livejournal, Xanga, etc.)
• Chat rooms
• Email
Case Study #4
Cam, a young student, has accessed his
school’s online discussion forum. He posts
regularly and has met a new friend posting
from a different school. This particular friend
has invited Cam out to the movies, but has
asked for his address in order to pick him up.
Possible Security Flaws
• Cam’s new “online” friend may not necessarily
be who he expects
• By giving out such personal information, his
safety and that of his family may be in
jeopardy
Digital Correspondence and
Real Time Chat: The Now
•
Precautions to Take:
• Never give out personal information
• Avoid meeting with strangers you meet online; if unavoidable, take
all necessary precautions
(McKenna, 2006)
The Fine Line Between
Security and Freedom
Online Banking: “Almost 40 million people logged on to a banking Web site in the fourth quarter of 2005,
according to comScore, based outside Washington, D.C. That was a 27 percent increase over the fourth
quarter of 2004.”
(http://bankwatch.wordpress.com/2006/04/15/statistics-us-online-banking/)
Credit Card: The Federal Trade Commission shows that 42% of Identity theft cases involved credit card fraud
(http://www.myidfix.com/creditcard-fraud.phphoth.lib.ucalgary.ca/uhtbin/cgisirsi/X/UCALGARY/0/5/)
Local File/Network Security: 60% of all corporate data assets reside unprotected on PCs. Source: Search
Security Newsletter, April 4, 2002 (http://www.pcsecurity.com/html/2178.html)
Digital Correspondence: 25% of remote workers said they open unknown emails when using work devices
(Furnell, 2006)
So…
Is there privacy in this digital world?
Yes and no; Complete privacy in this technological era is something that must be
constantly attained and re-attained. Through the use of the internet users are
granted access to a plethora of information in the struggle against hackers,
identity thieves, scammers, etc.
(Alladin Securing the Global Village, 2006)
References
•
•
•
•
•
•
•
Furnell, S. (2006). Securing the home worker. Network Security, vol 2006. Pp. 6-12.
McKenna, B. (2006). ‘Social networking’ study shows cybercrime risk. Network Security, vol 2006. Pp. 2.
Potter, B. (2006). The changing face of IT security. Network Security, vol. 2006. Pp. 16-17.
Tyson, J. (n.d.). How Firewalls Work. Retrieved November 29, 2006, from howstuffworks
Web site: http://computer.howstuffworks.com/firewall.htm
(n.d.). Credit Card. Retrieved November 22, 2006, from Wikipedia
Web site: http://en.wikipedia.org/wiki/Credit_card
(n.d.). Local Area Network. Retrieved November 21, 2006, from Wikipedia
Web site: http://en.wikipedia.org/wiki/Local_area_network
(2006). Online Banking Security. Retrieved November 22, 2006, from CIBC
Web site: http://www.cibc.com/ca/legal/online-banking-security.html
(n.d.). Security Statistics. Retrieved November 29, 2006, from Alladin Securing the Global Village
Web site: http://www.esafe.com/home/csrt/statistics/statistics_2005.as