Data Mining - GCPCUG May 2011

697
-1

Published on

SecureState's Jake Garlie presentation to the Greater Cleveland PC Users Group (GCPCUG) on Data Mining, It's Your Data. May 14th 2011.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
697
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
10
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Data Mining - GCPCUG May 2011

  1. 1. Data Mining, Its Your Data May 14, 2011
  2. 2. Agenda• Intro – About Your Presenter – About SecureState• Who is Tracking You• Legality• How to (try to) Protect Yourself – Browser Configurations – Browser Add-ons – Opt-Out Services• Closing – Q&A 2
  3. 3. About Your Presenter• Jake Garlie• Security Consultant at SecureState• Specializes in External, Internal and Wireless Penetration Tests, Web Application Security Assessments 3
  4. 4. SecureState Overview A Management Consulting Firm Specializing in Information Security• Founded in September 2001• Payment Card Industry Certified (PCI)• Qualified Security Assessor (QSA)• Approved Scanning Vendor• Qualified Payment Application Security Company• Largest dedicated security company in the Great Lakes• Number of Employees 47 4
  5. 5. The Company We Keep We Keep The CompanyKey Industries: Retail , Financial Services, Healthcare, Critical Infrastructure, Professional Services, Service Providers, Education, Food Service, Entertainment and Government
  6. 6. SecureState OverviewAudit and Compliance •PCI (Payment Card Industry) •ISO 27001/SAS 70 •SOX, GLBA, HIPAA, TR-39, NERC/CIP etc. •INFOSEC (Information System Security Risk Assessment)Profiling and Attack • Web Application Security (WAS) • Attack and Penetration Services (internal, external, client, physical, wireless) • Wireless Audits • TrainingRisk Management • Security Program Manager (SPM) • StateScan • SecureTime • Architecture ReviewsBusiness Preservation Services • Data Forensics/Incident Response • Business Impact AnalysisAdvisory Services • CISO Advisement • Risk Management • Special Projects 6
  7. 7. Terminology• Cookie – Piece of data (usually a text file) stored in the browser – Can be used for authentication, shopping carts, and more• First-Party cookie – Cookie issued by Yahoo.com while viewing Yahoo.com• Third-Party cookie – Cookie issued by SecureState.com while viewing Yahoo.com• Flash Cookies – Can be first or third-party cookies – Outside of browser’s control – Remain after “clearing cookies” 7
  8. 8. Who is Tracking You? 8http://onlinehomebusinessidea.com/wp-content/uploads/2010/02/targeted-visitors-with-niche-blueprint-300x225.jpg
  9. 9. Advertising Companies …and many, many more 9
  10. 10. Why? 10http://www.decidetostayfit.com/blog/wp-content/uploads/2010/11/make-money-beachbody-coach.jpg
  11. 11. How it Works• Advertising companies contract with businesses• Businesses allow advertisers to place content on their web sites• Your browsing habits and search criteria can be tracked and sent to these advertising companies• Next time you go to a website with the same advertising scripts, they will display relevant ads 11
  12. 12. 12
  13. 13. LegalityEU Safe Harbor law governs European Union nations1. Notice2. Purpose3. Consent4. Security5. Disclosure6. Access7. Accountability 13
  14. 14. Legality (cont.)• U.S. has no law enforcing online privacy policies• FTC has the “Do Not Track” initiative• Companies can be reported/fined if not abiding to their policy 14
  15. 15. Privacy Policies• Not required in the U.S.• Many large sites/organizations have them• Adding “/privacy” or “/policy” to find policies quickly• Explain what information is stored, tracked and transferred 15
  16. 16. Privacy Policies (cont.) www.facebook.com/policy.phpwww.google.com/privacy 16
  17. 17. Privacy Policies (cont.) www.amazon.com/privacy 17
  18. 18. How to (try to) Protect Yourself 18http://www.lindaforpresident2011.com/wp-content/uploads/2011/02/protection-order-stop1.jpg
  19. 19. Options• Browser Settings – Private Browsing• Browser Add-ons• Opt-Out Services 19
  20. 20. Browser Settings (Internet Explorer) Tools > Internet Options > Privacy Advanced Settings 20
  21. 21. Browser Settings (IE cont.) 21
  22. 22. Browser Settings (IE cont.) IE Privacy Settings affect other applications too! Cisco’s SSL VPN Client 22
  23. 23. Browser Settings (Firefox) Tools > Options… > Privacy Recommended settings shown, but may hamper browsing due to blocking third-party cookies. 23
  24. 24. Browser Settings (Google Chrome) > Options > Under the Bonnet > Privacy > Content Settings 24
  25. 25. Browser Settings (Safari) > Preferences… > Security 25
  26. 26. Private Browsing 26http://ngiley.com/wp-content/uploads/2010/03/private-browsing-laptop.jpg
  27. 27. Private Browsing (cont.)• Can also be referred to as Incognito or InPrivate• Prevents history, cache files, searches and cookies from being stored after exiting Private Browsing, or closing your browser• Does not prevent websites from storing on their end• Prevents many add-ons from functioning• Meant to protect against other users on a system 27
  28. 28. Browser Add-Ons• Ghostery• BetterPrivacy• Tor (TorButton)• NoScript• AdBlock Plus• TrackerBlock• Advertising Cookie Opt-Out 28
  29. 29. Ghostery• http://www.ghostery.com/• Created by the folks at Evidon• Pros: – Cross Platform – Easy to Install/Configure – Blocks Flash/Silverlight Cookies – White-listing of sites• Cons: – Advanced Settings may be confusing 29
  30. 30. Ghostery (cont.) 30
  31. 31. 31
  32. 32. Ghostery (cont.) Deleting Flash/Silverlight Cookies Provides Extra Security 32
  33. 33. BetterPrivacyPros:• Cleans up Flash Cookies (Local Shared Objects, LSO)• Can alert when LSOs are created• Can schedule deletion while browsingCons:• Firefox only• Functionality is also in Ghostery 33
  34. 34. 34
  35. 35. 35
  36. 36. Tor (The Onion Router) Project • https://www.torproject.org/ • "Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet." Pros: •Very Anonymous •Exit node changes often Cons: •Slower Browsing •Confidentiality goes out the window •Technical to configure 36
  37. 37. Before 37
  38. 38. After 38
  39. 39. NoScriptPros:• Blocks untrusted JavaScript, Java, Flash• Can prevent attacks• Highly configurableCons:• Firefox only• Takes time and patience to tune effectively• Easy to become desensitized 39
  40. 40. 40
  41. 41. AdBlock PlusPros:• Can block Iframes, scripts, and Flash.• Uses Filter Subscriptions to block content• “EasyList” filter has over 4 million subscribers• Replaces advertisements with whitespaceCons:• Firefox and Chrome only 41
  42. 42. AdBlock Plus (cont.) Before After 42
  43. 43. TrackerBlockPros:• Blocks cookies and deletes Flash cookies• Based on privacy preferences with PrivacyChoice• Blocks 300+ advertising companiesCons:• May conflict with other browser add-ons 43
  44. 44. TrackerBlock (cont.) 44
  45. 45. Advertising Cookie Opt-Out• Available for Firefox, Chrome, and IE at http://www.google.com/ads/preferences/plugin/• Permanently opts-out of Google’s DoubleClick Cookie 45
  46. 46. Opt-Out Services• Network Advertising Initiative• AboutAds.info• PrivacyChoice• Evidon 46
  47. 47. AboutAds.info• Collaboration of many organizations in media and marketing industry• Self-Regulatory Program for Online Behavioral Advertising• Consumer Opt-Out Page 47
  48. 48. 48
  49. 49. Network Advertising InitiativeSelf-regulatory principles set stage forFTC’s “Do Not Track” initiative•Opts-Out of 73 Advertising Companies•Requires Third-Party Cookies•Has to be reset every time Cookies arecleared•Can be white-listed by Browser Add-Ons 49
  50. 50. Network Advertising Initiative (cont.) 50
  51. 51. PrivacyChoice•Created TrackerBlock and the Privacy Bookmark•Have an Opt-Out page•Lots of great privacy information 51
  52. 52. Evidon•Selected by the Digital Advertising Alliance (DAA) to power theSelf-Regulatory Program for online behavioral advertising•Searchable Opt-Out Page 52
  53. 53. Evidon (cont.) 53
  54. 54. Conclusion• Determine your own level of acceptable risk• Dont browse to sites you dont trust• Read the companys privacy policy• Web-Browser Protections 54
  55. 55. Thank you for your time! Jake Garlie jgarlie@securestate.com QUESTIONS ANSWERS 55
  56. 56. ReferencesBrowser Add-ons• http://www.ghostery.com/• https://addons.mozilla.org/en-US/firefox/addon/betterprivacy/• https://addons.mozilla.org/en-US/firefox/addon/noscript/• https://www.torproject.org/• https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/• http://easylist.adblockplus.org/en/• https://addons.mozilla.org/en-US/firefox/addon/trackerblock/Opt-Out Pages• http://www.evidon.com/consumers/profile_manager#tab3• http://www.networkadvertising.org/managing/opt_out.asp• http://www.privacychoice.org/trackerblock/firefox• http://www.privacychoice.org/privacymark• http://www.aboutads.info/choices/Other References• http://www.time.com/time/business/article/0,8599,2058114-1,00.html• http://www.ftc.gov/os/2010/12/101201privacyreport.pdf• http://www.reputation.com/• http://abcnews.go.com/Technology/tracking-online-myths- track/story?id=12984499 56
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×