中国的互联网

821 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
821
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

中国的互联网

  1. 1. Surfing the Internet Safely (for Journalists) Foreign Correspondents Club of China June 19, 2008 Andrew Lih http://www.andrewlih.com/ Copyright 2009 Andrew Lih
  2. 2. Mom’s advice: “Don’t take candy from strangers”
  3. 3. Net-connected computer continually doing this
  4. 4. What are the threats?
  5. 5. Sought/unsought threats • External intrusion/attacks • Viruses - malicious invasion • Spyware - software leeches • Web-based scripting • Sensitive data transmitted over Internet
  6. 6. Technology
  7. 7. Definitions • URL: Uniform Resource Location http://www.foo.com/news.html • DNS: Domain name system Convert www.foo.com to numerical address • Internet protocol (IP) address: Unique ID of computer on Internet (like 128.51.56.122) Used to route packets across the Internet
  8. 8. Typical Scenario • Computer connects to Internet DSL, Starbucks, corporate, et al. • Gets a DHCP welcome package IP address and DNS server • Access web page URL http://www.foo.com/news.html
  9. 9. Sequence • Happens quickly (hopefully) • Multiple “GET”s for images, ads, video, scripts, documents, audio, et al.
  10. 10. Incoming: Packets Connections Services Email
  11. 11. Incoming: Packets Connections Services Email Execute?
  12. 12. Unsolicited data? Incoming: Packets Connections Services Email Execute?
  13. 13. Where? Unsolicited data? Incoming: Packets Connections Services Email Execute?
  14. 14. Where? Unsolicited data? Incoming: Packets Connections Snooping? Services Email Execute?
  15. 15. Where? Unsolicited data? Incoming: Packets Connections Snooping? Services Email Execute? Who?
  16. 16. Where? Unsolicited data? Incoming: Packets Connections Snooping? Services Email Execute? Who? What?
  17. 17. Where? Unsolicited data? Incoming: Packets Connections Snooping? Services Email Execute? Who? What? Store cookie?
  18. 18. Where? Unsolicited data? Incoming: Packets Connections Snooping? Services Email Execute? Who? What? Store cookie?
  19. 19. Where? Unsolicited Firewall data? Incoming: Packets Connections Snooping? Services Email Execute? Who? What? Store cookie?
  20. 20. Where? Blacklist Unsolicited Firewall data? Incoming: Packets Connections Snooping? Services Email Execute? Who? What? Store cookie?
  21. 21. Where? Blacklist Unsolicited Firewall data? Incoming: Packets Connections Snooping? Services Email Execute? Who? Verification What? Store cookie?
  22. 22. Where? Blacklist Unsolicited Firewall data? Incoming: Packets Connections Snooping? Services Encryption Email Execute? Who? Verification What? Store cookie?
  23. 23. Where? Blacklist Unsolicited Firewall data? Incoming: Packets Connections Snooping? Services Encryption Email Execute? Who? Verification What? Distinguish/ Filter Store cookie?
  24. 24. Where? Blacklist Unsolicited Firewall data? Incoming: Packets Connections Snooping? Services Encryption Email Execute? Conditional Access Who? Verification What? Distinguish/ Filter Store cookie?
  25. 25. Where? Blacklist Unsolicited Firewall data? Incoming: Packets Connections Snooping? Services Encryption Email Execute? Conditional Access Who? Verification What? Distinguish/ Filter Store Manage cookie?
  26. 26. Motivation • Annoyance • Productivity • Corporate safety and privacy • Time
  27. 27. 1. Hardware router • Prevents outside traffic to naked computer • Share single connection, Wi-Fi • Use NAT “shield” • Use WPA or WPA-2 encryption (not WEP) • Manufacturers: Linksys, Netgear, D-Link, TP- LINK, Apple, Travel: Apple Airport
  28. 28. 2. Firewall software • Turn on Windows Firewall • Only allow known connections in/out • May need some customization • Apple: Security preferences
  29. 29. 3. Hosts file • Blacklist of known bad sites (built into Windows/Mac) • HostMan (Windows) manages hosts file • http://www.abelhadigital.com (Wordpress)
  30. 30. 4. Browser execution • Web 2.0: no longer just a read-only page • Javascript (AJAX, Google Docs, et al.) • Flash (YouTube) • Java • ActiveX (Microsoft)
  31. 31. Symptoms • Slowdown with apps/advertising • Running dangerous processes • Accessing resources (auto-play audio/video)
  32. 32. Use Firefox • Open source browser, secure, fast • Tabbed browsing • Plugins to enhance safety • NoScript • Ad Block Plus • Flashblock
  33. 33. Flashblock (no Flash unless enabled)
  34. 34. NoScript (blocks Javascript)
  35. 35. McAfee Siteadvisor • Firefox plugin, warns of bad sites • McAfee trusted name in security • Integrates with Google searches
  36. 36. 5. Viruses/Spyware • Infect computer through email, web surfing, or just sitting on the Internet • Virus: destroy data, nuisance • Spyware: sucks processor time, steals private data, becomes part of botnet
  37. 37. 5. Viruses/Spyware • Get good software • BitDefender or Kaspersky ($) • Avira AntiVir (free) • Ad-aware (free) • Spybot Search and Destroy (free) • Webroot Spysweeper
  38. 38. 6. Secure connections • Virtual Private Network (VPN) • Your news operation/company may already give you this capability • Surf any site, no Great Firewall blocks • Public options: HotspotVPN ($8.88/mo) PublicVPN ($59.95/yr) Witopia personalVPN ($39.99/yr)
  39. 39. 7. Practices • Password discipline • Email account discipline
  40. 40. Passwords • Have three types on hand • Trivial (“buddha”) • Nontrivial (“h@ppybuddh@”) • Banking strength ("6eijin9spring!1978", like Beijing Spring)
  41. 41. Accounts • Throwaway - Free services (spam collects, registrations, bogus name) try BugMeNot junkbox168@yahoo.com • General (Email, work, personal) fred.wong@gmail.com fred.wong@scmp.com • Secure (Confidential sources, HushMail) fred.wong@hush.com
  42. 42. Internet access • Home, cafes, wireless, hotels on the road • Consider extremely insecure • Who can contact your computer? • Who can read what you’re doing? • Passwords in the clear?
  43. 43. Steps • Google mail - https://mail.google.com/mail • Note the “S” and must be that address! • Entire session is encrypted • Yahoo/Hotmail - encrypted login, not session!
  44. 44. Steps • Firefox browser - clear private data • Try “Flock” as 2nd “clean” browser • Skype - http://www.skype.com • Secure instant messaging, voice
  45. 45. VPN • VPNs good for general use • Protect against snoopers in Starbucks and on hotel broadband
  46. 46. Prescriptions • Have some type of VPN accessible • Use Secure Google Mail (https:// mail.google.com/) • Use Skype for secure chat • Use a broadband router at home (Linksys WRT-54G or Apple Airport) • Use Apple Macintosh (w/Windows)
  47. 47. Review • If you remember nothing else today... • Hardware firewall • Firefox and plugins • Antivirus/Antispyware software • Avoid Yahoo/Hotmail • www.andrewlih.com/securitytips
  48. 48. Retooled Old New Internet Explorer Mozilla Firefox Yahoo/Hotmail Google mail (https) Weak password Strong passwords Cleartext transmissions VPN or secure email Naked computer Router/firewall No security software Antivirus/Antispyware Instant messaging Skype Naked email HushMail
  49. 49. Andrew Lih www.andrewlih.com Wikipedia book January 2009

×