Personal Internet Self-Defense 2003:  Security and Privacy for the New Millennium Robert C. Jones, M.D. LtCol, USAF, Medic...
Disclaimer/Disclosure <ul><li>This talk represents my own views, not those of the USAF, the DoD, or anyone else. </li></ul...
CIA XXIIIII Copyright (C) 2003 Robert C. Jones, M.D.  All Rights Reserved.
CIA XXIIIII Copyright (C) 2003 Robert C. Jones, M.D.  All Rights Reserved.
CIA XXIIIII Copyright (C) 2003 Robert C. Jones, M.D.  All Rights Reserved.
CIA XXIIIII Copyright (C) 2003 Robert C. Jones, M.D.  All Rights Reserved.
CIA XXIIIII Copyright (C) 2003 Robert C. Jones, M.D.  All Rights Reserved.
CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D..  All Rights Reserved.
CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D..  All Rights Reserved.
CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D..  All Rights Reserved.
CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D..  All Rights Reserved.
Do you feel like this? CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D..  All Rights Reserved.
The Dirty Truth: “ Internet technologies are not designed to be secure. They're designed to be interactive...  ...we as co...
You can’t afford  perfect  security “ The only secure computer is one that is unplugged, locked in a secure vault that onl...
...but can you really afford  this ? CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D..  All Rights Reserved.
What this talk is about <ul><li>Basic Internet self-defense for average users </li></ul><ul><li>How to protect your privac...
What this talk is  NOT  about <ul><li>Advanced intrusion detection and response </li></ul><ul><li>How to hide nuclear secr...
What is Internet Security? <ul><li>For that matter, what is the Internet? </li></ul>
 
CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D..  All Rights Reserved. Mail2News http logon to web e-mail service newsr...
<ul><li>“ Information protection is not a technology issue.  It is a people issue and therefore the  people need  to be ed...
What do  people need ?
Maslow’s Hierarchy of Needs Copyright (C) 2003 Robert C. Jones, M.D..  All Rights Reserved. CIA XXIII
Basic Security Needs Workstation Needs Privacy Needs Confidence Guru The Security Pyramid CIA XXIII Copyright (C) 2003 Rob...
CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D..  All Rights Reserved.
CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D..  All Rights Reserved.
CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D..  All Rights Reserved.
CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D..  All Rights Reserved.
CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D..  All Rights Reserved.
CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D..  All Rights Reserved.
CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D..  All Rights Reserved.
CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D..  All Rights Reserved.
CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D..  All Rights Reserved.
Physical Security 2003 <ul><li>Theft (especially portables)‏ </li></ul>
Physical Security 2003 <ul><li>Theft (especially portables)‏ </li></ul><ul><ul><li>locks, vigilance in airport X-ray lines...
Physical Security 2003 <ul><li>Theft (especially portables)‏ </li></ul><ul><li>Electrical problems </li></ul><ul><ul><li>U...
Physical Security 2003 <ul><li>Theft (especially portables)‏ </li></ul><ul><li>Electrical problems </li></ul><ul><li>Lack ...
Physical Security 2003 <ul><li>Theft (especially portables)‏ </li></ul><ul><li>Electrical problems </li></ul><ul><li>Lack ...
CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D..  All Rights Reserved.
Passwords 2003 <ul><li>Pick Good Passwords </li></ul><ul><li>Avoid Bad Passwords </li></ul><ul><li>Protect Passwords </li>...
Passwords 2003 <ul><li>Good Passwords </li></ul><ul><ul><li>At least 8 characters (more if possible)‏ </li></ul></ul><ul><...
Passwords 2003 <ul><li>Bad Passwords </li></ul><ul><ul><li>Anything having to do with you </li></ul></ul><ul><ul><ul><li>A...
Passwords 2003 <ul><li>Pick Good Passwords </li></ul><ul><li>Avoid Bad Passwords </li></ul><ul><li>Protect Passwords </li>...
CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D..  All Rights Reserved.
Passwords 2003 <ul><li>Pick Good Passwords </li></ul><ul><li>Avoid Bad Passwords </li></ul><ul><li>Protect Passwords </li>...
CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D..  All Rights Reserved.
Antivirus Defense 2003 <ul><li>Install antivirus software FIRST </li></ul><ul><li>Update antivirus software regularly </li...
Terms of Endangerment <ul><li>Virus:   Self-replicating computer code with variable adverse effect (“payload”) [Example: M...
Antivirus Defense 2003 <ul><li>Install antivirus software FIRST </li></ul><ul><li>Update antivirus software regularly </li...
Blaster Worm (2003)‏ <ul><li>Blaster-B variant exploits hole in MS Windows XP and 2000 (DCOM RPC)‏ </li></ul><ul><li>Patch...
Antivirus Defense 2003 <ul><li>Install antivirus software FIRST </li></ul><ul><li>Update antivirus software regularly </li...
MS Outlook = Danger! “ I'm on record as saying that Outlook is a security hole that also happens to be an e-mail client.” ...
The Melissa Virus <ul><li>E-mail  Productivity Suite integration exploit </li></ul>Yet another...
CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D..  All Rights Reserved.
CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D..  All Rights Reserved.
Browser Security 2003 <ul><li>Disable routine ActiveX and Java/Javascript  </li></ul>
How Secure is ActiveX? <ul><li>“ The problem with ActiveX security, according to analysts, developers, and IS managers ali...
CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D..  All Rights Reserved.
Browser Security 2003 <ul><li>Disable ActiveX and Java/Javascript  </li></ul><ul><li>Use the maximum security setting you ...
MSIE 4.72.x CIA XXIII (note: Fixed in MSIE versions 5.x)‏ Copyright (C) 2003 Robert C. Jones, M.D..  All Rights Reserved.
How to tell when your browser settings are correct... CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D..  All Rights Rese...
Browser Security 2003 <ul><li>Disable ActiveX and Java/Javascript   </li></ul><ul><li>Use the maximum security setting you...
How to check your encryption strength
Browser Security 2003 <ul><li>Disable ActiveX and Java/Javascript   </li></ul><ul><li>Use the maximum security setting you...
Don’t be an unpaid beta tester! <ul><li>“ Time to market and functionality always beat out security.  Always.  Always.” </...
CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D..  All Rights Reserved.
Privacy 2003: Endangered Species <ul><li>“ You have zero privacy now. Get over it.” </li></ul><ul><li>-- SUN CEO Scott McN...
Privacy 2003: Endangered Species <ul><li>“ Like murder, privacy invasion is most frequently committed by those close to us...
Privacy 2003: Basic <ul><li>Assume workplace internet use is monitored </li></ul>
Privacy 2003: Basic <ul><li>Assume workplace internet use is monitored </li></ul><ul><ul><li>E-mail, surfing should be bos...
Privacy 2003: Basic <ul><li>Assume workplace internet use is monitored </li></ul><ul><li>Beware of prying eyes </li></ul><...
Privacy 2003: Basic <ul><li>Assume workplace internet use is monitored </li></ul><ul><li>Beware of prying eyes </li></ul><...
Privacy 2003: Basic <ul><li>Assume workplace internet use is monitored </li></ul><ul><li>Beware of prying eyes </li></ul><...
CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D..  All Rights Reserved.
Privacy 2003: Advanced <ul><li>Use strong encryption for sensitive information  </li></ul><ul><ul><li>PGP, RSA, IDEA, Blow...
from  Introduction to Cryptography , Network Associates, 1999 Copyright (C) 2003 Robert C. Jones, M.D..  All Rights Reserv...
“ The primary benefit of public key cryptography is that it allows people who have no preexisting security arrangement to ...
Privacy 2003: Advanced <ul><li>Use strong encryption for sensitive information   </li></ul><ul><li>Con your OS (GUID, Comp...
Why does my software have to know my name? start | run | regedit | edit | find | your_name be careful...regedit can ruin y...
Office 97 and the Personal ID/Global User ID... get the fix here:  http://officeupdate.microsoft.com/Articles/privacy.htm ...
Privacy 2003: Advanced <ul><li>Use strong encryption for sensitive information   </li></ul><ul><li>Con your OS (GUID, Comp...
Cookies are bad for your wealth
CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D..  All Rights Reserved.
Privacy 2003: Advanced <ul><li>Use strong encryption for sensitive information   </li></ul><ul><li>Con your OS (GUID, Comp...
How anon proxy servers work Web Server X Anon Proxy Server Your computer “ this is joeschmoe@joesisp.com” “ this is nobody...
Turn off file and print sharing <ul><li>unless you want the Internet to be your LAN </li></ul><ul><li>Especially important...
CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D..  All Rights Reserved.
CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D..  All Rights Reserved.
What is spam? <ul><li>Not the Hormel ®  Luncheon Meat  (SPAM™)‏ </li></ul><ul><li>Unsolicited Bulk e-mail </li></ul><ul><l...
Why spam is bad. <ul><li>&quot; Spamming is the scourge of electronic-mail and newsgroups on the Internet. ... Spammers ar...
This is your Inbox
This is your Inbox with e-mail
This is your Inbox with spam Job Offer Love letter from Salma Hayek
Spam = Theft! <ul><li>Key aspect is  unauthorized theft of services </li></ul><ul><ul><li>bandwidth, hard dive space, per-...
Spam = Theft! <ul><li>Key aspect is unauthorized theft of services </li></ul><ul><li>Costs shifted to recipients, not send...
Spam = Theft! <ul><li>Key aspect is unauthorized theft of services </li></ul><ul><li>Costs shifted to recipients, not send...
Anti-Spam 2003 <ul><li>Munge </li></ul><ul><ul><li>[email_address] SPAMBL 0 CK isp.com </li></ul></ul>
Anti-Spam 2003 <ul><li>Munge </li></ul><ul><li>Filter </li></ul><ul><ul><li>E-mail filter rules; Usenet killfiles; IRC #ig...
Anti-Spam 2003 <ul><li>Munge </li></ul><ul><li>Filter </li></ul><ul><li>Use throwaways </li></ul><ul><ul><li>Get free e-ma...
Anti-Spam 2003 <ul><li>Munge </li></ul><ul><li>Filter </li></ul><ul><li>Use throwaways </li></ul><ul><li>Complain </li></u...
CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D..  All Rights Reserved.
What is a firewall?
Copyright (C) 2003 Robert C. Jones, M.D..  All Rights Reserved. CIA XXIII Beaumaris Castle Ynys Môn Cymru
What is a firewall? <ul><li>Firewalls are like medieval moats: </li></ul><ul><ul><li>Restrict people to  entering  at one ...
port 25 (smtp)‏ port 8080 (http)‏ port 119 (nntp)‏ port 6667 (IRC)‏ port 23 (telnet)‏ TCP/IP Hi, I’m 102.74.145.234 Hello,...
port 8080 (http)‏ Firewall Your computer port 6667 (IRC)‏ Firewalls implement your security decisions port 25 (smtp)‏ port...
What a Firewall Can Do <ul><li>Serves as focus for security decisions </li></ul><ul><li>Enforces security policy </li></ul...
What a Firewall  Can’t  Do <ul><li>Can’t protect against insiders </li></ul><ul><li>Can’t protect you against connections ...
CIA XXIII Firewalls can’t protect you from SE! ( S ocial  E ngineering)‏ Copyright (C) 2003 Robert C. Jones, M.D..  All Ri...
Do you need a firewall? <ul><li>Home user  vs.  Business user </li></ul>
Do you need a firewall? <ul><li>Home user  vs.  Business user </li></ul><ul><li>Dynamic internet IP address  vs.  Static I...
Do you need a firewall? <ul><li>Home user  vs.  Business user </li></ul><ul><li>Dynamic internet IP address  vs.  Static I...
Do you need a firewall? <ul><li>Home user  vs.  Business user </li></ul><ul><li>Dynamic internet IP address  vs.  Static I...
CIA XXIII Fat pipes make juicy targets! Copyright (C) 2003 Robert C. Jones, M.D..  All Rights Reserved.
Types of Firewalls <ul><li>Software </li></ul><ul><li>Hardware </li></ul>
Types of Firewalls <ul><li>Software </li></ul><ul><ul><li>NetworkICE BlackICE Defender </li></ul></ul><ul><ul><li>Zonelabs...
BlackICE Defender attack list (against my dialup sessions)‏ Copyright (C) 2003 Robert C. Jones, M.D..  All Rights Reserved...
Automatic reverse IP address lookup on attacker reveals... Copyright (C) 2003 Robert C. Jones, M.D..  All Rights Reserved....
Zonelabs ZoneAlarm (freeware for personal use)‏ Copyright (C) 2003 Robert C. Jones, M.D..  All Rights Reserved. CIA XXIII
Zonelabs ZoneAlarm Alert Example Copyright (C) 2003 Robert C. Jones, M.D..  All Rights Reserved. CIA XXIII
NOTE: As of January, 2002, ZoneAlarm (not Black ICE) is the only leading software firewall that looks at OUTGOING packets ...
Types of Firewalls <ul><li>Software </li></ul><ul><li>Hardware </li></ul><ul><ul><li>SonicWall  </li></ul></ul><ul><ul><li...
Remember… <ul><li>A poorly-administered firewall is worse than none at all! </li></ul><ul><li>From comp.security.firewalls...
CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D..  All Rights Reserved.
Continuing Security Education 2003 <ul><li>Friends?  </li></ul>
Continuing Security Education 2003 <ul><li>Friends? </li></ul><ul><ul><li>The worst source.  Virus hoaxes and urban legend...
Continuing Security Education 2003 <ul><li>Friends? </li></ul><ul><li>3-Space Mass Media? </li></ul>
Continuing Security Education 2003 <ul><li>Friends? </li></ul><ul><li>3-Space Mass Media? </li></ul><ul><ul><li>24 hours t...
Continuing Security Education 2003 <ul><li>Friends? </li></ul><ul><li>3-Space Mass Media? </li></ul><ul><li>Books? </li></...
CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D..  All Rights Reserved.
The Tao of Network Security 1994-1999: Information Access
The Tao of Network Security 1994-1999: Information Access 2000-2005: Information Denial
Security 2004 Preview
Copyright (C) 2003 Robert C. Jones, M.D..  All Rights Reserved. CIA XXIII
Copyright (C) 2003 Robert C. Jones, M.D..  All Rights Reserved. CIA XXIII
Copyright (C) 2003 Robert C. Jones, M.D..  All Rights Reserved. CIA XXIII
Online Resources <ul><li>Physical Security </li></ul><ul><li>Targus (notebook locks, alarms): http://www.targus.com/ </li>...
Online Resources <ul><li>Password Security </li></ul><ul><li>Picking good passwords </li></ul><ul><ul><li>http://www.itis....
Online Resources <ul><li>Antivirus Security </li></ul><ul><li>Symantec Antivirus Research Center: http://www.sarc.com/ </l...
Online Resources <ul><li>Browser Security </li></ul><ul><li>Microsoft IE: http://www.microsoft.com/windows/ie/default.htm ...
Online Resources <ul><li>Privacy Protection </li></ul><ul><li>The Electronic Frontier Foundation: http://www.eff.org/ </li...
Online Resources <ul><li>Anti-Spam Activism </li></ul><ul><li>Junkbusters: http://www.junkbusters.com/ </li></ul><ul><li>S...
Online Resources <ul><li>Learning the Lingo (Usenet, IRC, IM)‏ </li></ul><ul><li>news.announce.newusers: http://www.netann...
Online Resources <ul><li>Firewalls </li></ul><ul><li>Symantec Norton Internet Security: http://www.symantec.com/ </li></ul...
Online Resources <ul><li>Continuing Security Education </li></ul><ul><li>The SANS Institute:  http://www.sans.org/ </li></...
CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D..  All Rights Reserved.
Offline Resources <ul><li>Books/Articles </li></ul><ul><ul><ul><ul><li>Cheswick, WR, Bellovin, SM,  Firewalls and Internet...
Offline Resources <ul><li>Books/Articles </li></ul><ul><ul><ul><ul><li>Knightmare, The,  Secrets of a Super Hacker , Port ...
Offline Resources <ul><li>Books/Articles </li></ul><ul><ul><ul><ul><li>Schwartz, Alan and Garfinkel, Simson,  Stopping Spa...
Offline Resources <ul><li>Books/Articles </li></ul><ul><ul><ul><ul><li>Weiss, Aaron,  The Complete Idiot's Guide to Protec...
Offline Resources <ul><li>Books/Articles </li></ul><ul><ul><ul><ul><li>Chapman, D. Brent and Zwicky, Elizabeth D.,  Buildi...
 
Upcoming SlideShare
Loading in …5
×

Personal Internet Self Defense 2004

1,629 views

Published on

Published in: Business, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,629
On SlideShare
0
From Embeds
0
Number of Embeds
14
Actions
Shares
0
Downloads
22
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Personal Internet Self Defense 2004

  1. 2. Personal Internet Self-Defense 2003: Security and Privacy for the New Millennium Robert C. Jones, M.D. LtCol, USAF, Medical Corps Staff Anesthesiologist Andrews Air Force Base, Maryland E-mail: rob@notbob.com Web site: http://notbob.com
  2. 3. Disclaimer/Disclosure <ul><li>This talk represents my own views, not those of the USAF, the DoD, or anyone else. </li></ul><ul><li>I am a Microsoft shareholder. </li></ul><ul><li>I am a Palm shareholder. </li></ul><ul><ul><li>Far from a controlling interest in either! </li></ul></ul><ul><li>Nobody paid me anything to write or present this. </li></ul><ul><li>The opinions/content on external URLs belong to the authors, not myself, the USAF, or the DoD. </li></ul>
  3. 4. CIA XXIIIII Copyright (C) 2003 Robert C. Jones, M.D. All Rights Reserved.
  4. 5. CIA XXIIIII Copyright (C) 2003 Robert C. Jones, M.D. All Rights Reserved.
  5. 6. CIA XXIIIII Copyright (C) 2003 Robert C. Jones, M.D. All Rights Reserved.
  6. 7. CIA XXIIIII Copyright (C) 2003 Robert C. Jones, M.D. All Rights Reserved.
  7. 8. CIA XXIIIII Copyright (C) 2003 Robert C. Jones, M.D. All Rights Reserved.
  8. 9. CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
  9. 10. CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
  10. 11. CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
  11. 12. CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
  12. 13. Do you feel like this? CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
  13. 14. The Dirty Truth: “ Internet technologies are not designed to be secure. They're designed to be interactive... ...we as consumers are not taking the responsibility...to learn basics about using this stuff” Russ Cooper, editor of the NT Bugtraq mailing list (www.securityadvice.com), in http://cnn.com/TECH/computing/9909/28/ms.security.idg/index.html
  14. 15. You can’t afford perfect security “ The only secure computer is one that is unplugged, locked in a secure vault that only one person knows the combination to, and that person died last year.” Eckel, G and Steen, W., Intranet Working , New Riders, 1996, p. 419 CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
  15. 16. ...but can you really afford this ? CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
  16. 17. What this talk is about <ul><li>Basic Internet self-defense for average users </li></ul><ul><li>How to protect your privacy on the internet </li></ul><ul><li>Where to learn more about Net security </li></ul><ul><li>My own personal opinions (not the USAF)‏ </li></ul>
  17. 18. What this talk is NOT about <ul><li>Advanced intrusion detection and response </li></ul><ul><li>How to hide nuclear secrets behind photocopiers </li></ul><ul><li>Advanced TCP/IP networking and protocols </li></ul><ul><li>Anyone else’s opinions (especially the USAF)‏ </li></ul>
  18. 19. What is Internet Security? <ul><li>For that matter, what is the Internet? </li></ul>
  19. 21. CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved. Mail2News http logon to web e-mail service newsreader web2mail
  20. 22. <ul><li>“ Information protection is not a technology issue. It is a people issue and therefore the people need to be educated.” </li></ul>Personal Internet Self-Defense 2003 Geza Szenes CISSP, Computer Security Awareness: A Case Study , SANS 99 http://www.sans.org/newlook/misc/Final_szenes.pdf
  21. 23. What do people need ?
  22. 24. Maslow’s Hierarchy of Needs Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved. CIA XXIII
  23. 25. Basic Security Needs Workstation Needs Privacy Needs Confidence Guru The Security Pyramid CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
  24. 26. CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
  25. 27. CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
  26. 28. CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
  27. 29. CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
  28. 30. CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
  29. 31. CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
  30. 32. CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
  31. 33. CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
  32. 34. CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
  33. 35. Physical Security 2003 <ul><li>Theft (especially portables)‏ </li></ul>
  34. 36. Physical Security 2003 <ul><li>Theft (especially portables)‏ </li></ul><ul><ul><li>locks, vigilance in airport X-ray lines/queues </li></ul></ul>
  35. 37. Physical Security 2003 <ul><li>Theft (especially portables)‏ </li></ul><ul><li>Electrical problems </li></ul><ul><ul><li>UPS protects against brownouts & surges </li></ul></ul>
  36. 38. Physical Security 2003 <ul><li>Theft (especially portables)‏ </li></ul><ul><li>Electrical problems </li></ul><ul><li>Lack of reliable current backup </li></ul><ul><ul><li>Backup regularly to reliable media; net backup </li></ul></ul>
  37. 39. Physical Security 2003 <ul><li>Theft (especially portables)‏ </li></ul><ul><li>Electrical problems </li></ul><ul><li>Lack of reliable current backup </li></ul><ul><li>C & C: Coffee and Cats </li></ul><ul><ul><li>Don’t drink and compute; keep fans clean </li></ul></ul>
  38. 40. CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
  39. 41. Passwords 2003 <ul><li>Pick Good Passwords </li></ul><ul><li>Avoid Bad Passwords </li></ul><ul><li>Protect Passwords </li></ul><ul><li>Change Passwords </li></ul>
  40. 42. Passwords 2003 <ul><li>Good Passwords </li></ul><ul><ul><li>At least 8 characters (more if possible)‏ </li></ul></ul><ul><ul><li>Mix of capital and small letters </li></ul></ul><ul><ul><li>Mix of letters and numbers </li></ul></ul><ul><ul><li>At least one special character ($#@!*^*)‏ </li></ul></ul><ul><ul><li>Based on complex passphrase </li></ul></ul><ul><ul><ul><li>tB0ntB?t1stFq! </li></ul></ul></ul>
  41. 43. Passwords 2003 <ul><li>Bad Passwords </li></ul><ul><ul><li>Anything having to do with you </li></ul></ul><ul><ul><ul><li>Any part of your social security number </li></ul></ul></ul><ul><ul><ul><li>Your birthday </li></ul></ul></ul><ul><ul><ul><li>Your kids’ birthdays </li></ul></ul></ul><ul><ul><ul><li>Relating to your hobbies </li></ul></ul></ul><ul><ul><li>Less than 8 characters </li></ul></ul><ul><ul><li>Anything in a dictionary </li></ul></ul><ul><ul><li>Fictional characters (Gandalf, Frodo, Bilbo)‏ </li></ul></ul>
  42. 44. Passwords 2003 <ul><li>Pick Good Passwords </li></ul><ul><li>Avoid Bad Passwords </li></ul><ul><li>Protect Passwords </li></ul><ul><ul><li>Don’t share them, don’t write them down </li></ul></ul>
  43. 45. CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
  44. 46. Passwords 2003 <ul><li>Pick Good Passwords </li></ul><ul><li>Avoid Bad Passwords </li></ul><ul><li>Protect Passwords </li></ul><ul><li>Change Passwords </li></ul><ul><ul><li>Change is good; automatic change is better? </li></ul></ul><ul><li>Too frequent change = bad passwords </li></ul>
  45. 47. CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
  46. 48. Antivirus Defense 2003 <ul><li>Install antivirus software FIRST </li></ul><ul><li>Update antivirus software regularly </li></ul><ul><li>Check for Operating System (OS) patches monthly (more frequently if serious security holes arise)‏ </li></ul><ul><li>Scan all downloaded files and attachments </li></ul><ul><ul><li>Beware of viruses, trojans, spyware… </li></ul></ul>
  47. 49. Terms of Endangerment <ul><li>Virus: Self-replicating computer code with variable adverse effect (“payload”) [Example: Melissa macro virus] </li></ul><ul><li>Trojan: Sneaky program which, once activated by user, causes harm to computer, privacy, or both [Example: Back Orifice 2000 (BO2K)] </li></ul><ul><li>Spyware: Programs that connect to internet and report personal data regarding user [Example: RealNetworks Jukebox] </li></ul>
  48. 50. Antivirus Defense 2003 <ul><li>Install antivirus software FIRST </li></ul><ul><li>Update antivirus software regularly </li></ul><ul><li>Check for Operating System (OS) patches monthly (more frequently if serious security holes arise)‏ </li></ul><ul><li>Scan all downloaded files and attachments </li></ul><ul><ul><li>Beware of viruses, trojans, spyware… </li></ul></ul>
  49. 51. Blaster Worm (2003)‏ <ul><li>Blaster-B variant exploits hole in MS Windows XP and 2000 (DCOM RPC)‏ </li></ul><ul><li>Patch had been available for weeks…people just never bother to patch their systems! </li></ul><ul><li>ALL Operating Systems (OSes) need to be patched frequently to plug security holes (yes, even Linux!)‏ </li></ul>http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.b.worm.htm l Jeffrey Lee Parsons, alleged Blaster Variant B creator
  50. 52. Antivirus Defense 2003 <ul><li>Install antivirus software FIRST </li></ul><ul><li>Update antivirus software regularly </li></ul><ul><li>Patch your OS at least monthly </li></ul><ul><li>Scan all downloaded files and attachments </li></ul><ul><li>(Radical) Disable M$ Outlook/Outlook Express </li></ul>
  51. 53. MS Outlook = Danger! “ I'm on record as saying that Outlook is a security hole that also happens to be an e-mail client.” Steven J. Vaughan-Nichols ZDNet News May 4, 2000 http://www.zdnet.com/sp/stories/column/0,4712,2562098,00.html
  52. 54. The Melissa Virus <ul><li>E-mail  Productivity Suite integration exploit </li></ul>Yet another...
  53. 55. CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
  54. 56. CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
  55. 57. Browser Security 2003 <ul><li>Disable routine ActiveX and Java/Javascript </li></ul>
  56. 58. How Secure is ActiveX? <ul><li>“ The problem with ActiveX security, according to analysts, developers, and IS managers alike, is that there is no security with ActiveX. ” </li></ul><ul><li>--Paul Festa, CNET News.com, 18 Feb 98 </li></ul><ul><li>http://news.cnet.com/news/0-1003-201-326605-0.html </li></ul>
  57. 59. CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
  58. 60. Browser Security 2003 <ul><li>Disable ActiveX and Java/Javascript </li></ul><ul><li>Use the maximum security setting you can stand </li></ul>
  59. 61. MSIE 4.72.x CIA XXIII (note: Fixed in MSIE versions 5.x)‏ Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
  60. 62. How to tell when your browser settings are correct... CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
  61. 63. Browser Security 2003 <ul><li>Disable ActiveX and Java/Javascript </li></ul><ul><li>Use the maximum security setting you can stand </li></ul><ul><li>Upgrade encryption to 128 bits minimum </li></ul><ul><ul><li>40 bits is standard…and insecure. </li></ul></ul>
  62. 64. How to check your encryption strength
  63. 65. Browser Security 2003 <ul><li>Disable ActiveX and Java/Javascript </li></ul><ul><li>Use the maximum security setting you can stand </li></ul><ul><li>Upgrade encryption to 128 bits minimum </li></ul><ul><li>Update browser regularly to get bug fixes </li></ul><ul><ul><li>But beware of version X.0 of anything </li></ul></ul>
  64. 66. Don’t be an unpaid beta tester! <ul><li>“ Time to market and functionality always beat out security. Always. Always.” </li></ul><ul><li>--David Bradley, UC Berkeley, 25 August 99 </li></ul>
  65. 67. CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
  66. 68. Privacy 2003: Endangered Species <ul><li>“ You have zero privacy now. Get over it.” </li></ul><ul><li>-- SUN CEO Scott McNealy, February 99, when asked by a reporter about Jini’s tracking of users across networks </li></ul>
  67. 69. Privacy 2003: Endangered Species <ul><li>“ Like murder, privacy invasion is most frequently committed by those close to us.” </li></ul><ul><li>--Rob Jones, M.D. , Dec 1999 </li></ul>
  68. 70. Privacy 2003: Basic <ul><li>Assume workplace internet use is monitored </li></ul>
  69. 71. Privacy 2003: Basic <ul><li>Assume workplace internet use is monitored </li></ul><ul><ul><li>E-mail, surfing should be boss/CEO-acceptable </li></ul></ul>
  70. 72. Privacy 2003: Basic <ul><li>Assume workplace internet use is monitored </li></ul><ul><li>Beware of prying eyes </li></ul><ul><ul><li>“ Shoulder-surfing” on airplanes, ATM machines </li></ul></ul>
  71. 73. Privacy 2003: Basic <ul><li>Assume workplace internet use is monitored </li></ul><ul><li>Beware of prying eyes </li></ul><ul><li>Lock your workstation when you are away </li></ul><ul><ul><li>Password-protected screen saver or log off </li></ul></ul>
  72. 74. Privacy 2003: Basic <ul><li>Assume workplace internet use is monitored </li></ul><ul><li>Beware of prying eyes </li></ul><ul><li>Lock your workstation when you are away </li></ul><ul><li>Password-protect sensitive documents </li></ul><ul><ul><li>Not cracker-proof, but will deter average snoop </li></ul></ul>
  73. 75. CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
  74. 76. Privacy 2003: Advanced <ul><li>Use strong encryption for sensitive information </li></ul><ul><ul><li>PGP, RSA, IDEA, Blowfish (DES is cracked)‏ </li></ul></ul>
  75. 77. from Introduction to Cryptography , Network Associates, 1999 Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved. CIA XXIII
  76. 78. “ The primary benefit of public key cryptography is that it allows people who have no preexisting security arrangement to exchange messages securely.” Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved. CIA XXIII from Introduction to Cryptography , Network Associates, 1999
  77. 79. Privacy 2003: Advanced <ul><li>Use strong encryption for sensitive information </li></ul><ul><li>Con your OS (GUID, ComputerName,Workgroup)‏ </li></ul><ul><ul><li>Pleased to meet you. Hope you guess my name. </li></ul></ul>
  78. 80. Why does my software have to know my name? start | run | regedit | edit | find | your_name be careful...regedit can ruin your computer if you change stuff unwisely...always back up first
  79. 81. Office 97 and the Personal ID/Global User ID... get the fix here: http://officeupdate.microsoft.com/Articles/privacy.htm Unique number derived, in part, from network card MAC address
  80. 82. Privacy 2003: Advanced <ul><li>Use strong encryption for sensitive information </li></ul><ul><li>Con your OS (GUID, ComputerName,Workgroup)‏ </li></ul><ul><li>Nuke intrusive information on your hard drive </li></ul><ul><ul><li>Cookies and History and Cache, oh my! </li></ul></ul>
  81. 83. Cookies are bad for your wealth
  82. 84. CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
  83. 85. Privacy 2003: Advanced <ul><li>Use strong encryption for sensitive information </li></ul><ul><li>Con your OS (GUID, ComputerName,Workgroup)‏ </li></ul><ul><li>Nuke intrusive information on your hard drive </li></ul><ul><li>Use anon proxies for private web browsing </li></ul><ul><ul><li>ZKS Freedom, Anonymizer, etc . </li></ul></ul>
  84. 86. How anon proxy servers work Web Server X Anon Proxy Server Your computer “ this is joeschmoe@joesisp.com” “ this is nobody@ anonproxy.net” Web page + cookies Web page - cookies
  85. 87. Turn off file and print sharing <ul><li>unless you want the Internet to be your LAN </li></ul><ul><li>Especially important with cable modem or xDSL </li></ul>oh, one more thing...
  86. 88. CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
  87. 89. CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
  88. 90. What is spam? <ul><li>Not the Hormel ® Luncheon Meat (SPAM™)‏ </li></ul><ul><li>Unsolicited Bulk e-mail </li></ul><ul><li>Junk Usenet posts </li></ul><ul><li>(New) Instant Messaging spam </li></ul>
  89. 91. Why spam is bad. <ul><li>&quot; Spamming is the scourge of electronic-mail and newsgroups on the Internet. ... Spammers are, in effect, taking resources away from users and service suppliers without compensation and without authorization. &quot; </li></ul><ul><ul><li>- - Vint Cerf, Senior Vice President, MCI and (unlike Al Gore) acknowleged &quot;Father of the Internet”, as quoted on http://www.cauce.org/problem.html </li></ul></ul>
  90. 92. This is your Inbox
  91. 93. This is your Inbox with e-mail
  92. 94. This is your Inbox with spam Job Offer Love letter from Salma Hayek
  93. 95. Spam = Theft! <ul><li>Key aspect is unauthorized theft of services </li></ul><ul><ul><li>bandwidth, hard dive space, per-minute costs, time </li></ul></ul>
  94. 96. Spam = Theft! <ul><li>Key aspect is unauthorized theft of services </li></ul><ul><li>Costs shifted to recipients, not senders </li></ul><ul><ul><li>Unlike junk snail mail; 47 USC 227: no junk faxes </li></ul></ul>
  95. 97. Spam = Theft! <ul><li>Key aspect is unauthorized theft of services </li></ul><ul><li>Costs shifted to recipients, not senders </li></ul><ul><li>Content neutral…not a freedom of speech issue! </li></ul><ul><ul><li>Violation of Acceptable Use Policies/TOSes </li></ul></ul><ul><ul><li>Violation of U.S. state laws (WA, VA…)‏ </li></ul></ul><ul><ul><li>Violation of Austrian federal law </li></ul></ul><ul><ul><ul><li>http://www.pcwelt.de/ausgabe/99_07/n090799011.HTM </li></ul></ul></ul>
  96. 98. Anti-Spam 2003 <ul><li>Munge </li></ul><ul><ul><li>[email_address] SPAMBL 0 CK isp.com </li></ul></ul>
  97. 99. Anti-Spam 2003 <ul><li>Munge </li></ul><ul><li>Filter </li></ul><ul><ul><li>E-mail filter rules; Usenet killfiles; IRC #ignore </li></ul></ul>
  98. 100. Anti-Spam 2003 <ul><li>Munge </li></ul><ul><li>Filter </li></ul><ul><li>Use throwaways </li></ul><ul><ul><li>Get free e-mail accounts for net registrations </li></ul></ul>
  99. 101. Anti-Spam 2003 <ul><li>Munge </li></ul><ul><li>Filter </li></ul><ul><li>Use throwaways </li></ul><ul><li>Complain </li></ul><ul><ul><li>E-mail spammers’ ISPs; be polite to sysops </li></ul></ul>
  100. 102. CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
  101. 103. What is a firewall?
  102. 104. Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved. CIA XXIII Beaumaris Castle Ynys Môn Cymru
  103. 105. What is a firewall? <ul><li>Firewalls are like medieval moats: </li></ul><ul><ul><li>Restrict people to entering at one controlled point </li></ul></ul><ul><ul><li>Prevent attackers from getting close to your other defenses </li></ul></ul><ul><ul><li>Restrict people to leaving at one controlled point </li></ul></ul>--Chapman and Zwicky, Building Internet Firewalls, O’Reilly, 1995, p 17
  104. 106. port 25 (smtp)‏ port 8080 (http)‏ port 119 (nntp)‏ port 6667 (IRC)‏ port 23 (telnet)‏ TCP/IP Hi, I’m 102.74.145.234 Hello, I’m 214.90.1.43 Everyday computer conversations use many “ports” CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
  105. 107. port 8080 (http)‏ Firewall Your computer port 6667 (IRC)‏ Firewalls implement your security decisions port 25 (smtp)‏ port 25 (smtp)‏ Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved. CIA XXIII
  106. 108. What a Firewall Can Do <ul><li>Serves as focus for security decisions </li></ul><ul><li>Enforces security policy </li></ul><ul><li>Logs internet activity efficiently </li></ul><ul><li>Limits damage to your network </li></ul>--Chapman and Zwicky, Building Internet Firewalls, O’Reilly, 1995, pp 19-20
  107. 109. What a Firewall Can’t Do <ul><li>Can’t protect against insiders </li></ul><ul><li>Can’t protect you against connections that don’t pass through it </li></ul><ul><li>Can’t protect against completely new threats </li></ul><ul><li>Can’t protect you from viruses/trojans </li></ul>--Chapman and Zwicky, Building Internet Firewalls, O’Reilly, 1995, pp 19-20
  108. 110. CIA XXIII Firewalls can’t protect you from SE! ( S ocial E ngineering)‏ Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
  109. 111. Do you need a firewall? <ul><li>Home user vs. Business user </li></ul>
  110. 112. Do you need a firewall? <ul><li>Home user vs. Business user </li></ul><ul><li>Dynamic internet IP address vs. Static IP address </li></ul>
  111. 113. Do you need a firewall? <ul><li>Home user vs. Business user </li></ul><ul><li>Dynamic internet IP address vs. Static IP address </li></ul><ul><li>Unix/Linux OS vs. any flavor of Windows </li></ul>
  112. 114. Do you need a firewall? <ul><li>Home user vs. Business user </li></ul><ul><li>Dynamic internet IP address vs. Static IP address </li></ul><ul><li>Unix/Linux OS vs. any flavor of Windows </li></ul><ul><li>Dialup modem vs. always-on Broadband </li></ul>
  113. 115. CIA XXIII Fat pipes make juicy targets! Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
  114. 116. Types of Firewalls <ul><li>Software </li></ul><ul><li>Hardware </li></ul>
  115. 117. Types of Firewalls <ul><li>Software </li></ul><ul><ul><li>NetworkICE BlackICE Defender </li></ul></ul><ul><ul><li>Zonelabs ZoneAlarm (free for personal use)‏ </li></ul></ul><ul><ul><li>Norton Internet Security 200x </li></ul></ul><ul><ul><li>Others… </li></ul></ul><ul><li>Hardware </li></ul>
  116. 118. BlackICE Defender attack list (against my dialup sessions)‏ Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved. CIA XXIII
  117. 119. Automatic reverse IP address lookup on attacker reveals... Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved. CIA XXIII
  118. 120. Zonelabs ZoneAlarm (freeware for personal use)‏ Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved. CIA XXIII
  119. 121. Zonelabs ZoneAlarm Alert Example Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved. CIA XXIII
  120. 122. NOTE: As of January, 2002, ZoneAlarm (not Black ICE) is the only leading software firewall that looks at OUTGOING packets from your machine (thus catching Trojans, spyware, and backdoors installed by your ISP’s software)‏ On the other hand, BlackICE tracks attackers back through the Net…freeware ZoneAlarm doesn’t (although the upgrade, ZA Pro, does)‏ Updated 10 Jan 02
  121. 123. Types of Firewalls <ul><li>Software </li></ul><ul><li>Hardware </li></ul><ul><ul><li>SonicWall </li></ul></ul><ul><ul><li>Watchguard SOHO </li></ul></ul><ul><ul><li>Your own Linux box with custom ipchains… etc. </li></ul></ul>
  122. 124. Remember… <ul><li>A poorly-administered firewall is worse than none at all! </li></ul><ul><li>From comp.security.firewalls newsgroup: </li></ul><ul><li>&quot;JArelXXXX&quot; <jarelXXXX@aol.com> wrote in message </li></ul><ul><li>news:20000822182824.13689.00000745@ng-mg1.aol.com... </li></ul><ul><li>> The company I work for is evaluating the possibility of outsourcing the </li></ul><ul><li>> administration of the FirewallVPN… </li></ul><ul><li>> I have just been appointed responsability (sic) of administering their firewall, </li></ul><ul><li>> however they do not want to send me to any type of training . They feel </li></ul><ul><li>> that once I get the training I will leave. </li></ul>
  123. 125. CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
  124. 126. Continuing Security Education 2003 <ul><li>Friends? </li></ul>
  125. 127. Continuing Security Education 2003 <ul><li>Friends? </li></ul><ul><ul><li>The worst source. Virus hoaxes and urban legends galore </li></ul></ul>
  126. 128. Continuing Security Education 2003 <ul><li>Friends? </li></ul><ul><li>3-Space Mass Media? </li></ul>
  127. 129. Continuing Security Education 2003 <ul><li>Friends? </li></ul><ul><li>3-Space Mass Media? </li></ul><ul><ul><li>24 hours to 3 months behind; Generally clueless with regard to non-web Net events </li></ul></ul>
  128. 130. Continuing Security Education 2003 <ul><li>Friends? </li></ul><ul><li>3-Space Mass Media? </li></ul><ul><li>Books? </li></ul><ul><ul><li>Excellent source for fundamentals; usually 1-5 years behind </li></ul></ul>
  129. 131. CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
  130. 132. The Tao of Network Security 1994-1999: Information Access
  131. 133. The Tao of Network Security 1994-1999: Information Access 2000-2005: Information Denial
  132. 134. Security 2004 Preview
  133. 135. Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved. CIA XXIII
  134. 136. Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved. CIA XXIII
  135. 137. Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved. CIA XXIII
  136. 138. Online Resources <ul><li>Physical Security </li></ul><ul><li>Targus (notebook locks, alarms): http://www.targus.com/ </li></ul><ul><li>American Power Conversion (UPS): http://www.apc.com/ </li></ul><ul><li>TrippLite (UPS) : http://www.tripplite.com/ </li></ul><ul><li>Iomega (backup hardware, software): http://www.iomega.com/ </li></ul><ul><li>Castlewood (backup hardware, software): http://www.castlewood.com/ </li></ul><ul><li>Xdrive (online backup): http://www.xdrive.com/ </li></ul><ul><li>iBackup (online backup): http://www.ibackup.com/ </li></ul>
  137. 139. Online Resources <ul><li>Password Security </li></ul><ul><li>Picking good passwords </li></ul><ul><ul><li>http://www.itis.gatech.edu/doc/passwd.html </li></ul></ul><ul><ul><li>http://www.alw.nih.gov/Security/Docs/passwd.html </li></ul></ul><ul><li>Top 10 Bad passwords </li></ul><ul><ul><li>http://www.knowledgeclicks.com/security/articles/11999/top10badpasswords.htm </li></ul></ul>
  138. 140. Online Resources <ul><li>Antivirus Security </li></ul><ul><li>Symantec Antivirus Research Center: http://www.sarc.com/ </li></ul><ul><li>McAfee Antivirus Center: http://www.mcafee.com/centers/anti-virus/ </li></ul><ul><li>Aladdin E-safe Antivirus/Firewall: http://www.aladdin.co.il/ </li></ul><ul><li>Qualcomm Eudora E-mail: http://www.eudora.com/ </li></ul>
  139. 141. Online Resources <ul><li>Browser Security </li></ul><ul><li>Microsoft IE: http://www.microsoft.com/windows/ie/default.htm </li></ul><ul><li>Microsoft Security Advisor: http://www.microsoft.com/security/default.asp </li></ul><ul><li>Netscape Communicator: http://www.netscape.com/download/index.html </li></ul><ul><li>Opera: http://www.opera.com/ </li></ul><ul><li>Sam Spade for Windows: http://samspade.org/ssw/ </li></ul><ul><li>Check your security with Shields Up! http://grc.com/default.htm </li></ul>
  140. 142. Online Resources <ul><li>Privacy Protection </li></ul><ul><li>The Electronic Frontier Foundation: http://www.eff.org/ </li></ul><ul><li>EPIC: http://www.epic.org/privacy/tools.html </li></ul><ul><li>PGP: http://www.pgp.com/ </li></ul><ul><li>NSClean/IEClean: http://www.nsclean.com/ </li></ul><ul><li>Microsoft Hotmail (for throwaways): http://www.hotmail.com/ </li></ul><ul><li>Anonymizer: http:/www.anonymizer.com/ </li></ul><ul><li>Zero Knowledge Systems Freedom: http://www.freedom.net/ </li></ul><ul><li>Hushmail: http://www.hushmail.com/ </li></ul>
  141. 143. Online Resources <ul><li>Anti-Spam Activism </li></ul><ul><li>Junkbusters: http://www.junkbusters.com/ </li></ul><ul><li>Spam.abuse.net: http://spam.abuse.net/ </li></ul><ul><li>Coalition Against Unsolicited Commercial E-mail: http://www.cauce.org/ </li></ul><ul><li>F.R.E.E.: http://www.spamfree.org/ </li></ul><ul><li>The Spam-L FAQ: http://oasis.ot.com/~dmuth/spam-l/ </li></ul><ul><li>The E-mail Spam FAQ: http://ddi.digital.net/~gandalf/spamfaq.html </li></ul><ul><li>The Munging FAQ: http://members.aol.com/emailfaq/mungfaq.html </li></ul>
  142. 144. Online Resources <ul><li>Learning the Lingo (Usenet, IRC, IM)‏ </li></ul><ul><li>news.announce.newusers: http://www.netannounce.org/news.announce.newusers </li></ul><ul><li>The Net-Abuse FAQ: http://www.cybernothing.org/faqs/net-abuse-faq.html </li></ul><ul><li>mIRC IRC FAQ: http://www.mirc.com/ircintro.html </li></ul><ul><li>NewIRCusers.com: http://www.newircusers.com/ </li></ul><ul><li>ICQ IM Security: http://www.icq.com/features/security/ </li></ul><ul><li>IM Security: http://www.pcmag.com/article2/0,4149,1217889,00.asp </li></ul>
  143. 145. Online Resources <ul><li>Firewalls </li></ul><ul><li>Symantec Norton Internet Security: http://www.symantec.com/ </li></ul><ul><li>ZoneLabs ZoneAlarm: http://www.zonelabs.com/ </li></ul><ul><li>Internet Firewalls FAQ: http://www.interhack.net/pubs/fwfaq/ </li></ul><ul><li>Keeping your site comfortably secure: an introduction to internet firewalls: http://cs-www.ncsl.nist.gov/publications/nistpubs/800-10/ </li></ul><ul><li>Some Hardware Firewall Vendors: http://www.thegild.com/firewall/ </li></ul><ul><li>Linux Firewall HOWTO: http://www.linuxdoc.org/HOWTO/Firewall-HOWTO.html </li></ul>
  144. 146. Online Resources <ul><li>Continuing Security Education </li></ul><ul><li>The SANS Institute: http://www.sans.org/ </li></ul><ul><li>Internet Storm Center: http://isc.sans.org/ </li></ul><ul><li>C|Net News.com: http://news.com.com/ (follow security tab)‏ </li></ul><ul><li>AntiOnline: http://www.antionline.com/index.php </li></ul><ul><li>ISTS: http://news.ists.dartmouth.edu/ </li></ul><ul><li>ISS X-Force: http://xforce.iss.net/ </li></ul><ul><li>2600: http://www.2600.com/ </li></ul>
  145. 147. CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
  146. 148. Offline Resources <ul><li>Books/Articles </li></ul><ul><ul><ul><ul><li>Cheswick, WR, Bellovin, SM, Firewalls and Internet Security: Repelling the Wily Hacker , New York: Addison-Wesley Publishing Company 1994. ISBN 0-201-63357-4 </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Gilster, Paul, Finding it on the Internet , New York: John Wiley & Sons, Inc., 1994. ISBN 0-471-03857-1 </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Wolff , Michael (ed.), Your Personal Netspy: How You Can Access the Facts and Cover Your Tracks Using the Internet and Online Services , New York: Wolff New Media LLC, 1996. ISBN 0-679-77029-1 </li></ul></ul></ul></ul>
  147. 149. Offline Resources <ul><li>Books/Articles </li></ul><ul><ul><ul><ul><li>Knightmare, The, Secrets of a Super Hacker , Port Townsend, WA: Loompanics Unlimited, 1994. ISBN 1-55950-106-5 </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Zimmerman, Philip R., The Official PGP User's Guide , Cambridge, Mass: M.I.T. Press, 1996. ISBN 0-262-74017-6 </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Wayner, Peter, Disappearing Cryptography: Being and Nothingness on the Net , Boston: Academic Press Professional, 1996. ISBN 0-12-738671-8 </li></ul></ul></ul></ul><ul><ul><ul><ul><li>O'Malley, Chris, Snoops: Welcome to a small town called the internet, where everyone knows your business , Popular Science, Jan 97, p. 56 </li></ul></ul></ul></ul>
  148. 150. Offline Resources <ul><li>Books/Articles </li></ul><ul><ul><ul><ul><li>Schwartz, Alan and Garfinkel, Simson, Stopping Spam , Cambridge: O’Reilly, 1998. ISBN 1-56592-388-X </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Communications of the ACM 42(7), July 1999, various authors: Defensive Information Warfare </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Communications of the ACM 42(2), Feb. 1999, various authors: Internet Privacy: the Quest for Anonymity </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Honeycutt, Jerry; Pike,Mary Ann, et al. , Special Edition: Using the Internet , 3rd Edition, Indianapolis, IN: Que® Corporation, 1996. ISBN 0-7897-0846-9 </li></ul></ul></ul></ul>
  149. 151. Offline Resources <ul><li>Books/Articles </li></ul><ul><ul><ul><ul><li>Weiss, Aaron, The Complete Idiot's Guide to Protecting Yourself on the Internet , Indianapolis, IN: Que® Corporation, 1995. ISBN 1-56761-593-7 </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Griffith, Samuel B.(trans), Sun Tzu: The Art of War , New York: Oxford University Press, 1963 ISBN 0-19-501476-6 </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Lane, Carole A, Naked in Cyberspace: How to Find Personal Information Online , Wilton, CT: Pemberton Press c/o Online Inc., 1997 ISBN 0-910965-17-X </li></ul></ul></ul></ul>
  150. 152. Offline Resources <ul><li>Books/Articles </li></ul><ul><ul><ul><ul><li>Chapman, D. Brent and Zwicky, Elizabeth D., Building Internet Firewalls , Sebastopol, CA: O'Reilly & Associates, 1995. ISBN 1-156592-124-0 </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Icove, David, Seger, Karl, and VonStorch, William, Computer Crime: A Crimefighter's Handbook , Sebastopol, CA: O'Reilly & Associates, 1995. ISBN 1-56592-086-4 </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Anonymous, Maximum Security , Second Edition, Indianapolis: Sams, 1998. ISBN 0-672-31341-3 </li></ul></ul></ul></ul>

×