C/IL 102
<ul><li>Public cables used to transmit data between computers </li></ul><ul><li>Data sent in packets (about 1000 bytes) </...
<ul><li>About as private as a postcard traveling via snail mail </li></ul><ul><ul><li>Internet Service Providers </li></ul...
<ul><li>Networks can be ‘snooped’ </li></ul><ul><li>Even IM content is not secure </li></ul>Packet Sniffer
Look Here! Packet Sniffer
<ul><li>IM </li></ul><ul><ul><li>IMSecure (ZoneAlarm) </li></ul></ul><ul><ul><li>Simp (Secway) </li></ul></ul><ul><ul><li>...
<ul><li>Good (tool for network administrators) </li></ul><ul><ul><li>Analyzes network traffic </li></ul></ul><ul><ul><li>D...
<ul><li>Browser transmits: </li></ul><ul><ul><li>IP Address of your machine </li></ul></ul><ul><ul><li>IP Address of machi...
<ul><li>IP Address (both sender and receiver) </li></ul><ul><li>Logs where URL requests come from </li></ul><ul><ul><li>Us...
<ul><li>A  small piece of information  that a Web site saves on computer when you visit the site </li></ul><ul><li>Browser...
<ul><li>Impact on  Privacy </li></ul><ul><ul><li>Advantages </li></ul></ul><ul><ul><ul><li>Personalize interactions with W...
<ul><li>Yahoo Privacy  Policy </li></ul><ul><ul><li>No two-seater sport car ads for me!   </li></ul></ul><ul><li>Yahoo We...
<ul><li>Could  delete cookies  from your hard drive, but lose convenience </li></ul><ul><ul><li>Different from  “history” ...
<ul><li>Encrypt  data </li></ul><ul><ul><li>Scramble data so that it can not be read </li></ul></ul><ul><ul><li>HTTPS – en...
<ul><li>Even with Encryption, theft is possible </li></ul><ul><ul><li>Data obtained before actual encryption </li></ul></u...
<ul><li>Encoding information – cryptography </li></ul><ul><ul><li>Dan Brown’s “DaVinci Code” and “Digital Fortress” </li><...
<ul><li>Public-key  systems  </li></ul><ul><ul><li>Used with modern computer systems </li></ul></ul><ul><ul><li>Complex ma...
<ul><li>Wireless networks </li></ul><ul><ul><li>Passwords  control what computers and users access network </li></ul></ul>...
<ul><li>Prevents ‘Piggybacking’ </li></ul><ul><ul><ul><li>Tapping into someone else’s wireless Internet connection without...
<ul><li>Easily guessed (40-50%) </li></ul><ul><li>Share passwords </li></ul><ul><li>Post password next to computer </li></...
<ul><li>Use ‘strong’ passwords </li></ul><ul><ul><li>Mix numbers and letters; mix case </li></ul></ul><ul><ul><li>The long...
<ul><li>Google </li></ul><ul><ul><li>Modify saved search logs after 18 months </li></ul></ul><ul><ul><li>Will pull cookie ...
<ul><li>Facebook Profiles Personal Information </li></ul><ul><li>Search engines have access to public profile information ...
<ul><li>No such thing as 100% security  : </li></ul><ul><ul><li>Make sure Operating System is up-to-date (automatic update...
<ul><li>Anonymize Search Logs </li></ul><ul><li>Caesar Cipher </li></ul><ul><li>Certificates </li></ul><ul><li>Cookies </l...
Upcoming SlideShare
Loading in …5
×

C/IL 102 Public cables used to transmit data between computers

391 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
391
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
11
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

C/IL 102 Public cables used to transmit data between computers

  1. 1. C/IL 102
  2. 2. <ul><li>Public cables used to transmit data between computers </li></ul><ul><li>Data sent in packets (about 1000 bytes) </li></ul><ul><li>Packets could be analyzed by other intermediary computers (credit card numbers, etc.) </li></ul>
  3. 3. <ul><li>About as private as a postcard traveling via snail mail </li></ul><ul><ul><li>Internet Service Providers </li></ul></ul><ul><ul><li>Employers, etc. </li></ul></ul><ul><ul><ul><li>Healthcare professionals </li></ul></ul></ul><ul><ul><ul><ul><li>No patient info in e-mail </li></ul></ul></ul></ul><ul><ul><ul><li>Use Web-based account (example: Yahoo) </li></ul></ul></ul><ul><li>Secure e-mail through encryption </li></ul>
  4. 4. <ul><li>Networks can be ‘snooped’ </li></ul><ul><li>Even IM content is not secure </li></ul>Packet Sniffer
  5. 5. Look Here! Packet Sniffer
  6. 6. <ul><li>IM </li></ul><ul><ul><li>IMSecure (ZoneAlarm) </li></ul></ul><ul><ul><li>Simp (Secway) </li></ul></ul><ul><ul><li>AIM Pro (AIM) </li></ul></ul><ul><li>E-mail and IM </li></ul><ul><ul><li>PGP Desktop </li></ul></ul><ul><ul><ul><li>PGP – Pretty Good Privacy Encryption </li></ul></ul></ul><ul><ul><ul><li>Security for e-mail and IM </li></ul></ul></ul><ul><ul><ul><li>‘ Certificates’ are used to digitally sign e-mail </li></ul></ul></ul><ul><ul><ul><li>Can secure portions of your hard drive, too! </li></ul></ul></ul><ul><ul><ul><li>Windows and Mac platform </li></ul></ul></ul><ul><li>PC Magazine Article April 2008 </li></ul>
  7. 7. <ul><li>Good (tool for network administrators) </li></ul><ul><ul><li>Analyzes network traffic </li></ul></ul><ul><ul><li>Detects intrusion attempt </li></ul></ul><ul><li>Not-so-good </li></ul><ul><ul><li>Can be used to ‘snoop’ </li></ul></ul>
  8. 8. <ul><li>Browser transmits: </li></ul><ul><ul><li>IP Address of your machine </li></ul></ul><ul><ul><li>IP Address of machine responding to request </li></ul></ul><ul><ul><li>Operating System of your machine </li></ul></ul><ul><ul><ul><li>Windows XP, Windows Vista, Linux 7.0.2, Macintosh OS X 10.2.6 </li></ul></ul></ul><ul><ul><li>Browser you are using </li></ul></ul><ul><ul><ul><li>Internet Explorer 6 or Mozilla Firefox 4.6 </li></ul></ul></ul><ul><ul><ul><li>Different HTML tags work with some browsers but not others </li></ul></ul></ul>
  9. 9. <ul><li>IP Address (both sender and receiver) </li></ul><ul><li>Logs where URL requests come from </li></ul><ul><ul><li>Usage info (demand for Web pages) </li></ul></ul><ul><li>Login Information (logs) </li></ul><ul><ul><li>When, how long, etc. </li></ul></ul><ul><ul><li>Can pinpoint activity on a computer </li></ul></ul>
  10. 10. <ul><li>A small piece of information that a Web site saves on computer when you visit the site </li></ul><ul><li>Browser maintains list of cookies </li></ul><ul><li>Web site may then determine something about your past involvement at that site </li></ul><ul><ul><li>It ‘remembers’ you ! </li></ul></ul>
  11. 11. <ul><li>Impact on Privacy </li></ul><ul><ul><li>Advantages </li></ul></ul><ul><ul><ul><li>Personalize interactions with Web sites </li></ul></ul></ul><ul><ul><ul><li>Tailor to preferences and interests </li></ul></ul></ul><ul><ul><li>Disadvantages </li></ul></ul><ul><ul><ul><li>Web Beacons / Web Bugs </li></ul></ul></ul><ul><ul><ul><ul><li>Small (1 x 1 pixel) image </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Tracks references to URL (usage details) </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Foreign cookies, third-party cookies </li></ul></ul></ul></ul><ul><ul><ul><li>Common for commercial Web sites (Ex. Yahoo!) </li></ul></ul></ul><ul><ul><ul><li>Tracks contacts your computer has with Web sites </li></ul></ul></ul><ul><ul><ul><li>Allows e-commerce folks to promote products ($$$$) and refine marketing (through advertising) </li></ul></ul></ul>
  12. 12. <ul><li>Yahoo Privacy Policy </li></ul><ul><ul><li>No two-seater sport car ads for me!  </li></ul></ul><ul><li>Yahoo Web Beacon Policy </li></ul><ul><ul><li>Yahoo Web Beacons </li></ul></ul>
  13. 13. <ul><li>Could delete cookies from your hard drive, but lose convenience </li></ul><ul><ul><li>Different from “history” file </li></ul></ul><ul><li>Check Privacy Policy of commercial sites </li></ul><ul><ul><li>How will they use your information? </li></ul></ul><ul><li>Check privacy policy of company or ISP whose computer you use </li></ul>
  14. 14. <ul><li>Encrypt data </li></ul><ul><ul><li>Scramble data so that it can not be read </li></ul></ul><ul><ul><li>HTTPS – encrypts before data is sent and decrypts when received (Secure Hypertext Transfer Protocol) </li></ul></ul>
  15. 15. <ul><li>Even with Encryption, theft is possible </li></ul><ul><ul><li>Data obtained before actual encryption </li></ul></ul><ul><ul><li>Keyboard Sniffer </li></ul></ul><ul><ul><ul><li>Monitor Use of Computer and Installed Programs </li></ul></ul></ul><ul><ul><li>If you ask browser to record data typed into forms </li></ul></ul><ul><ul><ul><li>Monitor others using your computer and account information </li></ul></ul></ul>
  16. 16. <ul><li>Encoding information – cryptography </li></ul><ul><ul><li>Dan Brown’s “DaVinci Code” and “Digital Fortress” </li></ul></ul><ul><li>The Caesar Cipher </li></ul><ul><ul><li>Julius Caesar encoded messages by replacing each letter with 3 rd letter after in alphabet (a=d, b=e, z=c, etc.) </li></ul></ul><ul><ul><li>Improve: use cipher alphabet BUT use different shifts for subsequent letters </li></ul></ul><ul><ul><ul><li>1 st letter = shift by 3 letters </li></ul></ul></ul><ul><ul><ul><li>2 nd letter = shift by 1 letter </li></ul></ul></ul><ul><ul><ul><li>3 rd letter = shift by 4 letters </li></ul></ul></ul><ul><ul><ul><li>Pi = 3.1415926 </li></ul></ul></ul><ul><ul><li>What would ‘Hello’ be? </li></ul></ul>
  17. 17. <ul><li>Public-key systems </li></ul><ul><ul><li>Used with modern computer systems </li></ul></ul><ul><ul><li>Complex mathematical formulas </li></ul></ul><ul><ul><li>Person wishing to receive messages will publish public key (often 128 bits – larger the key – longer to break) </li></ul></ul><ul><ul><ul><li>Example:1000 years </li></ul></ul></ul><ul><ul><li>Important for e-commerce (secure sites) </li></ul></ul><ul><ul><li>PGP – Pretty Good Privacy – protects data in storage, too </li></ul></ul><ul><ul><ul><ul><li>Public key is for encryption </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Private key is for decryption </li></ul></ul></ul></ul><ul><ul><li>Debate over public key encryption </li></ul></ul><ul><ul><ul><li>Terrorists use encryption </li></ul></ul></ul><ul><ul><ul><li>Yet, needed for e-commerce growth </li></ul></ul></ul><ul><li>TLS/SSL – Transport Layer Security/Secure Sockets Layer </li></ul><ul><ul><li>Web browsers </li></ul></ul><ul><ul><li>Protects data in transit over a network </li></ul></ul>
  18. 18. <ul><li>Wireless networks </li></ul><ul><ul><li>Passwords control what computers and users access network </li></ul></ul><ul><ul><ul><li>Encryption and Authentication </li></ul></ul></ul><ul><ul><ul><li>Encryption: </li></ul></ul></ul><ul><ul><ul><ul><li>WEP (Wired Equivalency Privacy) </li></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Protects against casual snooping </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>No longer recommended – crack in minutes </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><li>WPA (Wi-Fi Protected Access) </li></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Works with all wireless network adapters but not all older routers or access points </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><li>WPA2 (Wi-Fi Protected Access) </li></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>More Secure than WPA </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Will not work with some older network adapters </li></ul></ul></ul></ul></ul>
  19. 19. <ul><li>Prevents ‘Piggybacking’ </li></ul><ul><ul><ul><li>Tapping into someone else’s wireless Internet connection without proper authorization </li></ul></ul></ul><ul><ul><ul><ul><li>Illegal in some states </li></ul></ul></ul></ul><ul><ul><ul><li>NY Times Article 2006 </li></ul></ul></ul>
  20. 20. <ul><li>Easily guessed (40-50%) </li></ul><ul><li>Share passwords </li></ul><ul><li>Post password next to computer </li></ul><ul><li>Passwords too short </li></ul>
  21. 21. <ul><li>Use ‘strong’ passwords </li></ul><ul><ul><li>Mix numbers and letters; mix case </li></ul></ul><ul><ul><li>The longer the better (6-8 chars or longer) </li></ul></ul><ul><ul><ul><li>Brute Force – trying every combination until password is determined </li></ul></ul></ul><ul><ul><li>Pet, kids and spouse names make bad passwords </li></ul></ul><ul><ul><li>Be inconsistent – use different passwords for different sites (I know…hard to do!) </li></ul></ul><ul><ul><li>Change passwords often </li></ul></ul>
  22. 22. <ul><li>Google </li></ul><ul><ul><li>Modify saved search logs after 18 months </li></ul></ul><ul><ul><li>Will pull cookie ID from record and clear final numbers of IP address </li></ul></ul><ul><li>Microsoft MSN </li></ul><ul><ul><li>Anonymize search logs after 18 months; clear entire IP address </li></ul></ul><ul><li>Yahoo </li></ul><ul><ul><li>Anonymize logs after 3 months (was 13 months) </li></ul></ul><ul><li>European Union </li></ul><ul><ul><li>Discard data after 6 months </li></ul></ul><ul><li>In response to AOL release of Internet searches over 3 month period (2006) PC World Article </li></ul><ul><li>Yahoo to Scrub Personal Data After 3 Months (Dec. 2008) </li></ul>
  23. 23. <ul><li>Facebook Profiles Personal Information </li></ul><ul><li>Search engines have access to public profile information on Facebook </li></ul><ul><ul><li>“ Identity fraudsters and phishers – scammers who pose as one of their target's friends, encouraging them to click on a message that downloads a virus onto a computer – are among the prime candidates for abusing such information.” </li></ul></ul><ul><li>Social Engineering issue </li></ul><ul><li>10 Privacy Settings Every Facebook User Should Know </li></ul>
  24. 24. <ul><li>No such thing as 100% security : </li></ul><ul><ul><li>Make sure Operating System is up-to-date (automatic update/service packs) </li></ul></ul><ul><ul><li>Use anti-malware programs/Security Suites (update) </li></ul></ul><ul><ul><li>Use a bidirectional firewall </li></ul></ul><ul><ul><li>Use additional anti-spyware scanners (Spybot S&D, Adaware, Windows Defender) </li></ul></ul><ul><ul><li>Secure wireless network (WEP/WPA/WPA2) </li></ul></ul><ul><ul><li>Use unique (strong) passwords </li></ul></ul><ul><ul><li>Consider using different browser – Internet Explorer is a popular target (Opera, Firefox) </li></ul></ul><ul><ul><li>Use encryption (E-mail, IM - example ‘PGP Desktop’) </li></ul></ul><ul><ul><li>Backup important files (ex. storms, hardware failure) </li></ul></ul><ul><ul><li>Be mindful of “social engineering” issues </li></ul></ul><ul><ul><li>Turn computer OFF when not in use </li></ul></ul>
  25. 25. <ul><li>Anonymize Search Logs </li></ul><ul><li>Caesar Cipher </li></ul><ul><li>Certificates </li></ul><ul><li>Cookies </li></ul><ul><li>Decryption </li></ul><ul><li>E-mail / IM Security </li></ul><ul><li>Encryption </li></ul><ul><li>Facebook Issues </li></ul><ul><li>HTTPS </li></ul><ul><li>IP Address </li></ul><ul><li>Keyboard Sniffer </li></ul><ul><li>Packet Sniffer </li></ul><ul><li>Passwords </li></ul><ul><li>PGP </li></ul><ul><li>Piggybacking </li></ul><ul><li>Privacy Issues </li></ul><ul><li>Privacy Policy </li></ul><ul><li>Public-Key System </li></ul><ul><li>Routinely Transmitted Info. </li></ul><ul><li>Security (Steps) </li></ul><ul><li>Third-party Cookie/ Foreign Cookie </li></ul><ul><li>TLS /SSL </li></ul><ul><li>URL </li></ul><ul><li>Web Beacon / Web Bug </li></ul><ul><li>Wireless Security </li></ul><ul><li>WEP / WPA / WPA2 </li></ul>

×