Data Mining - GCPCUG May 2011
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Data Mining - GCPCUG May 2011

on

  • 840 views

SecureState's Jake Garlie presentation to the Greater Cleveland PC Users Group (GCPCUG) on Data Mining, It's Your Data. May 14th 2011.

SecureState's Jake Garlie presentation to the Greater Cleveland PC Users Group (GCPCUG) on Data Mining, It's Your Data. May 14th 2011.

Statistics

Views

Total Views
840
Views on SlideShare
829
Embed Views
11

Actions

Likes
0
Downloads
9
Comments
0

3 Embeds 11

http://gcpcug.wildapricot.org.dev5.bonasource.com 5
http://gcpcug.wildapricot.org.devbranch.bonasource.com 4
http://www.gcpcug.org 2

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Data Mining - GCPCUG May 2011 Presentation Transcript

  • 1. Data Mining, Its Your Data May 14, 2011
  • 2. Agenda• Intro – About Your Presenter – About SecureState• Who is Tracking You• Legality• How to (try to) Protect Yourself – Browser Configurations – Browser Add-ons – Opt-Out Services• Closing – Q&A 2
  • 3. About Your Presenter• Jake Garlie• Security Consultant at SecureState• Specializes in External, Internal and Wireless Penetration Tests, Web Application Security Assessments 3
  • 4. SecureState Overview A Management Consulting Firm Specializing in Information Security• Founded in September 2001• Payment Card Industry Certified (PCI)• Qualified Security Assessor (QSA)• Approved Scanning Vendor• Qualified Payment Application Security Company• Largest dedicated security company in the Great Lakes• Number of Employees 47 4
  • 5. The Company We Keep We Keep The CompanyKey Industries: Retail , Financial Services, Healthcare, Critical Infrastructure, Professional Services, Service Providers, Education, Food Service, Entertainment and Government
  • 6. SecureState OverviewAudit and Compliance •PCI (Payment Card Industry) •ISO 27001/SAS 70 •SOX, GLBA, HIPAA, TR-39, NERC/CIP etc. •INFOSEC (Information System Security Risk Assessment)Profiling and Attack • Web Application Security (WAS) • Attack and Penetration Services (internal, external, client, physical, wireless) • Wireless Audits • TrainingRisk Management • Security Program Manager (SPM) • StateScan • SecureTime • Architecture ReviewsBusiness Preservation Services • Data Forensics/Incident Response • Business Impact AnalysisAdvisory Services • CISO Advisement • Risk Management • Special Projects 6
  • 7. Terminology• Cookie – Piece of data (usually a text file) stored in the browser – Can be used for authentication, shopping carts, and more• First-Party cookie – Cookie issued by Yahoo.com while viewing Yahoo.com• Third-Party cookie – Cookie issued by SecureState.com while viewing Yahoo.com• Flash Cookies – Can be first or third-party cookies – Outside of browser’s control – Remain after “clearing cookies” 7
  • 8. Who is Tracking You? 8http://onlinehomebusinessidea.com/wp-content/uploads/2010/02/targeted-visitors-with-niche-blueprint-300x225.jpg
  • 9. Advertising Companies …and many, many more 9
  • 10. Why? 10http://www.decidetostayfit.com/blog/wp-content/uploads/2010/11/make-money-beachbody-coach.jpg
  • 11. How it Works• Advertising companies contract with businesses• Businesses allow advertisers to place content on their web sites• Your browsing habits and search criteria can be tracked and sent to these advertising companies• Next time you go to a website with the same advertising scripts, they will display relevant ads 11
  • 12. 12
  • 13. LegalityEU Safe Harbor law governs European Union nations1. Notice2. Purpose3. Consent4. Security5. Disclosure6. Access7. Accountability 13
  • 14. Legality (cont.)• U.S. has no law enforcing online privacy policies• FTC has the “Do Not Track” initiative• Companies can be reported/fined if not abiding to their policy 14
  • 15. Privacy Policies• Not required in the U.S.• Many large sites/organizations have them• Adding “/privacy” or “/policy” to find policies quickly• Explain what information is stored, tracked and transferred 15
  • 16. Privacy Policies (cont.) www.facebook.com/policy.phpwww.google.com/privacy 16
  • 17. Privacy Policies (cont.) www.amazon.com/privacy 17
  • 18. How to (try to) Protect Yourself 18http://www.lindaforpresident2011.com/wp-content/uploads/2011/02/protection-order-stop1.jpg
  • 19. Options• Browser Settings – Private Browsing• Browser Add-ons• Opt-Out Services 19
  • 20. Browser Settings (Internet Explorer) Tools > Internet Options > Privacy Advanced Settings 20
  • 21. Browser Settings (IE cont.) 21
  • 22. Browser Settings (IE cont.) IE Privacy Settings affect other applications too! Cisco’s SSL VPN Client 22
  • 23. Browser Settings (Firefox) Tools > Options… > Privacy Recommended settings shown, but may hamper browsing due to blocking third-party cookies. 23
  • 24. Browser Settings (Google Chrome) > Options > Under the Bonnet > Privacy > Content Settings 24
  • 25. Browser Settings (Safari) > Preferences… > Security 25
  • 26. Private Browsing 26http://ngiley.com/wp-content/uploads/2010/03/private-browsing-laptop.jpg
  • 27. Private Browsing (cont.)• Can also be referred to as Incognito or InPrivate• Prevents history, cache files, searches and cookies from being stored after exiting Private Browsing, or closing your browser• Does not prevent websites from storing on their end• Prevents many add-ons from functioning• Meant to protect against other users on a system 27
  • 28. Browser Add-Ons• Ghostery• BetterPrivacy• Tor (TorButton)• NoScript• AdBlock Plus• TrackerBlock• Advertising Cookie Opt-Out 28
  • 29. Ghostery• http://www.ghostery.com/• Created by the folks at Evidon• Pros: – Cross Platform – Easy to Install/Configure – Blocks Flash/Silverlight Cookies – White-listing of sites• Cons: – Advanced Settings may be confusing 29
  • 30. Ghostery (cont.) 30
  • 31. 31
  • 32. Ghostery (cont.) Deleting Flash/Silverlight Cookies Provides Extra Security 32
  • 33. BetterPrivacyPros:• Cleans up Flash Cookies (Local Shared Objects, LSO)• Can alert when LSOs are created• Can schedule deletion while browsingCons:• Firefox only• Functionality is also in Ghostery 33
  • 34. 34
  • 35. 35
  • 36. Tor (The Onion Router) Project • https://www.torproject.org/ • "Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet." Pros: •Very Anonymous •Exit node changes often Cons: •Slower Browsing •Confidentiality goes out the window •Technical to configure 36
  • 37. Before 37
  • 38. After 38
  • 39. NoScriptPros:• Blocks untrusted JavaScript, Java, Flash• Can prevent attacks• Highly configurableCons:• Firefox only• Takes time and patience to tune effectively• Easy to become desensitized 39
  • 40. 40
  • 41. AdBlock PlusPros:• Can block Iframes, scripts, and Flash.• Uses Filter Subscriptions to block content• “EasyList” filter has over 4 million subscribers• Replaces advertisements with whitespaceCons:• Firefox and Chrome only 41
  • 42. AdBlock Plus (cont.) Before After 42
  • 43. TrackerBlockPros:• Blocks cookies and deletes Flash cookies• Based on privacy preferences with PrivacyChoice• Blocks 300+ advertising companiesCons:• May conflict with other browser add-ons 43
  • 44. TrackerBlock (cont.) 44
  • 45. Advertising Cookie Opt-Out• Available for Firefox, Chrome, and IE at http://www.google.com/ads/preferences/plugin/• Permanently opts-out of Google’s DoubleClick Cookie 45
  • 46. Opt-Out Services• Network Advertising Initiative• AboutAds.info• PrivacyChoice• Evidon 46
  • 47. AboutAds.info• Collaboration of many organizations in media and marketing industry• Self-Regulatory Program for Online Behavioral Advertising• Consumer Opt-Out Page 47
  • 48. 48
  • 49. Network Advertising InitiativeSelf-regulatory principles set stage forFTC’s “Do Not Track” initiative•Opts-Out of 73 Advertising Companies•Requires Third-Party Cookies•Has to be reset every time Cookies arecleared•Can be white-listed by Browser Add-Ons 49
  • 50. Network Advertising Initiative (cont.) 50
  • 51. PrivacyChoice•Created TrackerBlock and the Privacy Bookmark•Have an Opt-Out page•Lots of great privacy information 51
  • 52. Evidon•Selected by the Digital Advertising Alliance (DAA) to power theSelf-Regulatory Program for online behavioral advertising•Searchable Opt-Out Page 52
  • 53. Evidon (cont.) 53
  • 54. Conclusion• Determine your own level of acceptable risk• Dont browse to sites you dont trust• Read the companys privacy policy• Web-Browser Protections 54
  • 55. Thank you for your time! Jake Garlie jgarlie@securestate.com QUESTIONS ANSWERS 55
  • 56. ReferencesBrowser Add-ons• http://www.ghostery.com/• https://addons.mozilla.org/en-US/firefox/addon/betterprivacy/• https://addons.mozilla.org/en-US/firefox/addon/noscript/• https://www.torproject.org/• https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/• http://easylist.adblockplus.org/en/• https://addons.mozilla.org/en-US/firefox/addon/trackerblock/Opt-Out Pages• http://www.evidon.com/consumers/profile_manager#tab3• http://www.networkadvertising.org/managing/opt_out.asp• http://www.privacychoice.org/trackerblock/firefox• http://www.privacychoice.org/privacymark• http://www.aboutads.info/choices/Other References• http://www.time.com/time/business/article/0,8599,2058114-1,00.html• http://www.ftc.gov/os/2010/12/101201privacyreport.pdf• http://www.reputation.com/• http://abcnews.go.com/Technology/tracking-online-myths- track/story?id=12984499 56