C/IL 102
<ul><li>Security  </li></ul><ul><ul><li>Controls access to your data </li></ul></ul><ul><ul><li>Only you and those you des...
<ul><li>Browser transmits: </li></ul><ul><ul><li>IP Address of your machine </li></ul></ul><ul><ul><li>IP Address of machi...
<ul><li>A  small piece of information  that a Web site saves on computer when you visit the site </li></ul><ul><li>Browser...
<ul><li>Impact on  Privacy </li></ul><ul><ul><li>Advantages </li></ul></ul><ul><ul><ul><li>Personalize interactions with W...
<ul><li>Yahoo Privacy  Policy </li></ul><ul><ul><li>“ Yahoo! displays targeted advertisements based on personal informatio...
<ul><li>Could  delete cookies  from your hard drive, but lose convenience </li></ul><ul><ul><li>Different from  “history” ...
<ul><li>Public cables used to transmit data between computers </li></ul><ul><li>Data sent in packets (about 1000 bytes) </...
<ul><li>About as private as a postcard traveling via snail mail </li></ul><ul><ul><li>Internet Service Providers </li></ul...
<ul><li>Networks can be ‘snooped’ </li></ul><ul><li>Even IM content is not secure </li></ul>Packet Sniffer
Look Here!   Packet Sniffer
<ul><li>Tool for network administrators </li></ul><ul><ul><li>Allows users to ‘listen’ to network traffic (analyze) </li><...
<ul><li>IM </li></ul><ul><ul><li>IMSecure (ZoneAlarm) </li></ul></ul><ul><ul><li>Simp (Secway) </li></ul></ul><ul><ul><li>...
<ul><li>Encrypt  data </li></ul><ul><ul><li>Scramble data so that it can not be read as data passes from computer to compu...
<ul><li>Even with Encryption, theft is possible </li></ul><ul><ul><li>Data obtained  before  actual encryption </li></ul><...
<ul><li>Encoding information –  cryptography </li></ul><ul><ul><li>Dan Brown’s “DaVinci Code” and “Digital Fortress” </li>...
<ul><li>Public-key  systems  </li></ul><ul><ul><li>Used with modern computer systems </li></ul></ul><ul><ul><li>Complex ma...
<ul><li>Wireless networks </li></ul><ul><ul><li>Passwords  control what computers and users access network </li></ul></ul>...
<ul><li>Prevents ‘Piggybacking’ </li></ul><ul><ul><ul><li>Tapping into someone else’s wireless Internet connection without...
<ul><li>Easily guessed (40-50%) </li></ul><ul><li>Share passwords </li></ul><ul><li>Post password next to computer </li></...
<ul><li>Use ‘strong’ passwords </li></ul><ul><ul><li>Mix numbers and letters; mix case (upper and lower) </li></ul></ul><u...
<ul><li>No such thing as 100% security  : </li></ul><ul><ul><li>Make sure Operating System is up-to-date (automatic update...
<ul><li>Caesar Cipher </li></ul><ul><li>Certificates </li></ul><ul><li>Cookies </li></ul><ul><li>Cryptography </li></ul><u...
Upcoming SlideShare
Loading in …5
×

C/IL 102 Security Controls access to your data

338 views
259 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
338
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
6
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

C/IL 102 Security Controls access to your data

  1. 1. C/IL 102
  2. 2. <ul><li>Security </li></ul><ul><ul><li>Controls access to your data </li></ul></ul><ul><ul><li>Only you and those you designate have access to data </li></ul></ul><ul><li>Safety </li></ul><ul><ul><li>Process that guarantees the availability of your data </li></ul></ul><ul><ul><li>Makes sure data is not lost </li></ul></ul>
  3. 3. <ul><li>Browser transmits: </li></ul><ul><ul><li>IP Address of your machine </li></ul></ul><ul><ul><li>IP Address of machine responding to request </li></ul></ul><ul><ul><li>Operating System of your machine </li></ul></ul><ul><ul><ul><li>Examples: Windows XP, Windows Vista, Linux 7.0.2, Macintosh OS X 10.2.6 </li></ul></ul></ul><ul><ul><li>Browser you are using </li></ul></ul><ul><ul><ul><li>Internet Explorer 8 or Mozilla Firefox 3.5.5 </li></ul></ul></ul><ul><ul><ul><li>Different HTML tags work with some browsers but not others </li></ul></ul></ul><ul><ul><li>Other stuff, too </li></ul></ul>
  4. 4. <ul><li>A small piece of information that a Web site saves on computer when you visit the site </li></ul><ul><li>Browser maintains list of cookies </li></ul><ul><li>Web site may then determine something about your past involvement at that site </li></ul><ul><ul><li>It ‘remembers’ you ! </li></ul></ul>
  5. 5. <ul><li>Impact on Privacy </li></ul><ul><ul><li>Advantages </li></ul></ul><ul><ul><ul><li>Personalize interactions with Web sites </li></ul></ul></ul><ul><ul><ul><li>Tailor to preferences and interests </li></ul></ul></ul><ul><ul><li>Disadvantages </li></ul></ul><ul><ul><ul><li>Web Beacons / Web Bugs </li></ul></ul></ul><ul><ul><ul><ul><li>Small (1 x 1 pixel) image </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Tracks references to URL (usage details) </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Foreign cookies, third-party cookies </li></ul></ul></ul></ul><ul><ul><ul><li>Common for commercial Web sites (Ex. Yahoo!) </li></ul></ul></ul><ul><ul><ul><li>Tracks contacts your computer has with Web sites </li></ul></ul></ul><ul><ul><ul><li>Allows e-commerce folks to promote products ($$$$) and refine marketing (through advertising) </li></ul></ul></ul>
  6. 6. <ul><li>Yahoo Privacy Policy </li></ul><ul><ul><li>“ Yahoo! displays targeted advertisements based on personal information. Advertisers (including ad serving companies) may assume that people who interact with, view, or click targeted ads meet the targeting criteria—for example, women ages 18-24 from a particular geographic area.” </li></ul></ul><ul><li>Yahoo Web Beacon Policy </li></ul><ul><ul><li>Yahoo Web Beacons </li></ul></ul><ul><li>A Web beacon: </li></ul><ul><ul><li>Can be detected by viewing the source code of a Web Page </li></ul></ul><ul><ul><li>Look for any IMG tags that load from a different server than the rest of the site. </li></ul></ul>
  7. 7. <ul><li>Could delete cookies from your hard drive, but lose convenience </li></ul><ul><ul><li>Different from “history” file </li></ul></ul><ul><li>Can configure Browser to disable cookies </li></ul><ul><ul><li>However, many sites will not work properly, including U of S site (my.scranton.edu) </li></ul></ul><ul><li>Check Privacy Policy of commercial sites </li></ul><ul><ul><li>How will they use your information? </li></ul></ul><ul><li>Check privacy policy of company or ISP whose computer you use </li></ul>
  8. 8. <ul><li>Public cables used to transmit data between computers </li></ul><ul><li>Data sent in packets (about 1000 bytes) </li></ul><ul><li>Packets could be analyzed by other intermediary computers (credit card numbers, etc.) </li></ul>
  9. 9. <ul><li>About as private as a postcard traveling via snail mail </li></ul><ul><ul><li>Internet Service Providers </li></ul></ul><ul><ul><li>Employers, etc. </li></ul></ul><ul><ul><ul><li>Healthcare professionals </li></ul></ul></ul><ul><ul><ul><ul><li>No patient info in e-mail </li></ul></ul></ul></ul><ul><ul><ul><li>Use Web-based account (example: Yahoo) </li></ul></ul></ul><ul><li>Secure e-mail through encryption </li></ul>
  10. 10. <ul><li>Networks can be ‘snooped’ </li></ul><ul><li>Even IM content is not secure </li></ul>Packet Sniffer
  11. 11. Look Here! Packet Sniffer
  12. 12. <ul><li>Tool for network administrators </li></ul><ul><ul><li>Allows users to ‘listen’ to network traffic (analyze) </li></ul></ul><ul><ul><li>Detects intrusion attempt and network problems (legitimate use) </li></ul></ul><ul><li>But… </li></ul><ul><ul><li>Can be used to ‘snoop’ </li></ul></ul>
  13. 13. <ul><li>IM </li></ul><ul><ul><li>IMSecure (ZoneAlarm) </li></ul></ul><ul><ul><li>Simp (Secway) </li></ul></ul><ul><ul><li>AIM Pro (AIM) </li></ul></ul><ul><li>E-mail and IM </li></ul><ul><ul><li>PGP Desktop </li></ul></ul><ul><ul><ul><li>PGP – Pretty Good Privacy Encryption </li></ul></ul></ul><ul><ul><ul><li>Security for e-mail and IM </li></ul></ul></ul><ul><ul><ul><li>‘ Certificates’ are used to digitally sign e-mail </li></ul></ul></ul><ul><ul><ul><li>Can secure portions of your hard drive, too! </li></ul></ul></ul><ul><ul><ul><li>Windows and Mac platform </li></ul></ul></ul><ul><li>PC Magazine Article April 2008 </li></ul>
  14. 14. <ul><li>Encrypt data </li></ul><ul><ul><li>Scramble data so that it can not be read as data passes from computer to computer </li></ul></ul><ul><ul><li>HTTPS – encrypts before data is sent and decrypts when received (Secure Hypertext Transfer Protocol) </li></ul></ul><ul><li>Decrypt data </li></ul><ul><ul><li>Unscramble data on receiving end of message </li></ul></ul><ul><li>Example: GNU Privacy Guard (Also known as: GPG) </li></ul><ul><ul><li>It’s free software: available for Windows, Mac, FreeBSD, Linux, etc. </li></ul></ul>
  15. 15. <ul><li>Even with Encryption, theft is possible </li></ul><ul><ul><li>Data obtained before actual encryption </li></ul></ul><ul><ul><li>Keyboard Sniffer </li></ul></ul><ul><ul><ul><li>Monitor Use of Computer and Installed Programs </li></ul></ul></ul><ul><ul><li>If you ask browser to record data typed into forms </li></ul></ul><ul><ul><ul><li>Monitor others using your computer and account information </li></ul></ul></ul>
  16. 16. <ul><li>Encoding information – cryptography </li></ul><ul><ul><li>Dan Brown’s “DaVinci Code” and “Digital Fortress” </li></ul></ul><ul><li>The Caesar Cipher </li></ul><ul><ul><li>Julius Caesar encoded messages by replacing each letter with 3 rd letter after in alphabet (a=d, b=e, z=c, etc.) </li></ul></ul><ul><ul><li>Improve: use cipher alphabet BUT use different shifts for subsequent letters </li></ul></ul><ul><ul><ul><li>1 st letter = shift by 3 letters </li></ul></ul></ul><ul><ul><ul><li>2 nd letter = shift by 1 letter </li></ul></ul></ul><ul><ul><ul><li>3 rd letter = shift by 4 letters </li></ul></ul></ul><ul><ul><ul><li>Pi = 3.1415926 </li></ul></ul></ul><ul><ul><li>What would ‘Hello’ be? </li></ul></ul>
  17. 17. <ul><li>Public-key systems </li></ul><ul><ul><li>Used with modern computer systems </li></ul></ul><ul><ul><li>Complex mathematical formulas </li></ul></ul><ul><ul><li>Person wishing to receive messages will publish public key (often 128 bits – larger the key – longer to break) </li></ul></ul><ul><ul><ul><li>Example:1000 years </li></ul></ul></ul><ul><ul><li>Important for e-commerce (secure sites) </li></ul></ul><ul><ul><li>PGP – Pretty Good Privacy – protects data in storage, too </li></ul></ul><ul><ul><ul><ul><li>Public key is for encryption </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Private key is for decryption </li></ul></ul></ul></ul><ul><ul><li>Debate over public key encryption </li></ul></ul><ul><ul><ul><li>Terrorists use encryption </li></ul></ul></ul><ul><ul><ul><li>Yet, needed for e-commerce growth </li></ul></ul></ul><ul><ul><ul><li>‘ Key Escrow ’ – was proposed, not adopted (key provided to gov’t) </li></ul></ul></ul><ul><li>TLS/SSL – Transport Layer Security/Secure Sockets Layer </li></ul><ul><ul><li>Web browsers </li></ul></ul><ul><ul><li>Protects data in transit over a network </li></ul></ul>
  18. 18. <ul><li>Wireless networks </li></ul><ul><ul><li>Passwords control what computers and users access network </li></ul></ul><ul><ul><ul><li>Encryption and Authentication </li></ul></ul></ul><ul><ul><ul><li>Encryption: </li></ul></ul></ul><ul><ul><ul><ul><li>WEP (Wired Equivalency Privacy) </li></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Protects against casual snooping </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>No longer recommended – crack in minutes </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><li>WPA (Wi-Fi Protected Access) </li></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Works with all wireless network adapters but not all older routers or access points </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><li>WPA2 (Wi-Fi Protected Access) </li></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>More Secure than WPA </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Will not work with some older network adapters </li></ul></ul></ul></ul></ul>
  19. 19. <ul><li>Prevents ‘Piggybacking’ </li></ul><ul><ul><ul><li>Tapping into someone else’s wireless Internet connection without proper authorization </li></ul></ul></ul><ul><ul><ul><ul><li>Apartment complex </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Neighborhoods </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Illegal in some states </li></ul></ul></ul></ul><ul><ul><ul><li>NY Times Article 2006 </li></ul></ul></ul>
  20. 20. <ul><li>Easily guessed (40-50%) </li></ul><ul><li>Share passwords </li></ul><ul><li>Post password next to computer </li></ul><ul><li>Passwords too short </li></ul>
  21. 21. <ul><li>Use ‘strong’ passwords </li></ul><ul><ul><li>Mix numbers and letters; mix case (upper and lower) </li></ul></ul><ul><ul><li>The longer the better (6-8 chars or longer) </li></ul></ul><ul><ul><ul><li>Brute Force – trying every combination until password is determined </li></ul></ul></ul><ul><ul><li>Pet, kids and spouse names make bad passwords </li></ul></ul><ul><ul><li>Be inconsistent – use different passwords for different sites (I know…hard to do!) </li></ul></ul><ul><ul><li>Change passwords often </li></ul></ul>
  22. 22. <ul><li>No such thing as 100% security : </li></ul><ul><ul><li>Make sure Operating System is up-to-date (automatic update/service packs) </li></ul></ul><ul><ul><li>Use anti-malware programs/Security Suites (update) </li></ul></ul><ul><ul><li>Use a bidirectional firewall </li></ul></ul><ul><ul><li>Use additional anti-spyware scanners (Spybot S&D, Adaware, Windows Defender) </li></ul></ul><ul><ul><li>Secure wireless network (WEP/WPA/WPA2) </li></ul></ul><ul><ul><li>Use unique (strong) passwords </li></ul></ul><ul><ul><li>Consider using different browser – Internet Explorer is a popular target (Opera, Firefox) </li></ul></ul><ul><ul><li>Use encryption (E-mail, IM - example ‘PGP Desktop’) </li></ul></ul><ul><ul><li>Backup important files (ex. storms, hardware failure) </li></ul></ul><ul><ul><li>Be mindful of “social engineering” issues </li></ul></ul><ul><ul><li>Turn computer OFF when not in use </li></ul></ul>
  23. 23. <ul><li>Caesar Cipher </li></ul><ul><li>Certificates </li></ul><ul><li>Cookies </li></ul><ul><li>Cryptography </li></ul><ul><li>Decryption </li></ul><ul><li>E-mail / IM Security </li></ul><ul><li>Encryption </li></ul><ul><li>HTTPS </li></ul><ul><li>IP Address </li></ul><ul><li>Keyboard Sniffer </li></ul><ul><li>Key Escrow </li></ul><ul><li>Packet Sniffer </li></ul><ul><li>Passwords </li></ul><ul><li>PGP </li></ul><ul><li>Piggybacking </li></ul><ul><li>Privacy Issues </li></ul><ul><li>Privacy Policy </li></ul><ul><li>Public-Key System </li></ul><ul><li>Routinely Transmitted Info. </li></ul><ul><li>Security (Steps) </li></ul><ul><li>Third-party Cookie/ Foreign Cookie </li></ul><ul><li>TLS /SSL </li></ul><ul><li>URL </li></ul><ul><li>Web Beacon / Web Bug </li></ul><ul><li>Wireless Security </li></ul><ul><li>WEP / WPA / WPA2 </li></ul>

×