C/IL 102
May 27, 2015
C/IL 102
Security ◦ Controls access to your data◦ Only you and those you designate have access to
data Safety
◦ Process that guarantees the availability of your data
◦ Makes sure data is not lost
Browser transmits:◦ IP Address of your machine◦ IP Address of machine responding to
request◦ Operating System of your machine
Examples: Windows XP, Windows Vista, Linux 7.0.2, Macintosh OS X 10.2.6
◦ Browser you are using Internet Explorer 8 or Mozilla Firefox 3.5.5 Different HTML tags work with some browsers but
not others◦ Other stuff, too
A small piece of information that a Web site saves on computer when you visit the site
Browser maintains list of cookies
Web site may then determine something about your past involvement at that site◦ It ‘remembers’ you!
Impact on Privacy◦ Advantages
Personalize interactions with Web sites Tailor to preferences and interests
◦ Disadvantages Web Beacons / Web Bugs
Small (1 x 1 pixel) image Tracks references to URL (usage details) Foreign cookies, third-party cookies
Common for commercial Web sites (Ex. Yahoo!) Tracks contacts your computer has with Web sites Allows e-commerce folks to promote products ($$$
$) and refine marketing (through advertising)
Yahoo Privacy Policy◦ “Yahoo! displays targeted advertisements based on
personal information. Advertisers (including ad serving companies) may assume that people who interact with, view, or click targeted ads meet the targeting criteria—for example, women ages 18-24 from a particular geographic area.”
Yahoo Web Beacon Policy◦ Yahoo Web Beacons
A Web beacon:◦ Can be detected by viewing the source code of a Web Page ◦ Look for any IMG tags that load from a different server than the rest of
the site.
Could delete cookies from your hard drive, but lose convenience◦ Different from “history” file
Can configure Browser to disable cookies◦ However, many sites will not work properly,
including U of S site (my.scranton.edu) Check Privacy Policy of commercial sites
◦ How will they use your information? Check privacy policy of company or ISP
whose computer you use
Public cables used to transmit data between computers Data sent in packets (about 1000 bytes) Packets could be analyzed by other intermediary
computers (credit card numbers, etc.)
About as private as a postcard traveling via snail mail◦ Internet Service Providers◦ Employers, etc.
Healthcare professionals No patient info in e-mail
Use Web-based account (example: Yahoo) Secure e-mail through encryption
Networks can be ‘snooped’ Even IM content is not secure
Packet Sniffer
Look Here!
Packet Sniffer
Tool for network administrators◦ Allows users to ‘listen’ to network traffic (analyze)◦ Detects intrusion attempt and network problems
(legitimate use) But…
◦ Can be used to ‘snoop’
IM◦ IMSecure (ZoneAlarm)◦ Simp (Secway)◦ AIM Pro (AIM)
E-mail and IM◦ PGP Desktop
PGP – Pretty Good Privacy Encryption Security for e-mail and IM ‘Certificates’ are used to digitally sign e-mail Can secure portions of your hard drive, too! Windows and Mac platform
PC Magazine Article April 2008
Encrypt data◦ Scramble data so that it can not be read as data passes from
computer to computer◦ HTTPS – encrypts before data is sent and decrypts when
received (Secure Hypertext Transfer Protocol) Decrypt data
◦ Unscramble data on receiving end of message
Example: GNU Privacy Guard (Also known as: GPG)◦ It’s free software: available for Windows, Mac, FreeBSD, Linux, etc.
Even with Encryption, theft is possible◦ Data obtained before actual encryption◦ Keyboard Sniffer
Monitor Use of Computer and Installed Programs◦ If you ask browser to record data typed into forms
Monitor others using your computer and account information
Encoding information – cryptography◦ Dan Brown’s “DaVinci Code” and “Digital Fortress”
The Caesar Cipher ◦ Julius Caesar encoded messages by replacing each
letter with 3rd letter after in alphabet (a=d, b=e, z=c, etc.)
◦ Improve: use cipher alphabet BUT use different shifts for subsequent letters 1st letter = shift by 3 letters 2nd letter = shift by 1 letter 3rd letter = shift by 4 letters Pi = 3.1415926
◦ What would ‘Hello’ be?
Public-key systems ◦ Used with modern computer systems◦ Complex mathematical formulas◦ Person wishing to receive messages will publish public key
(often 128 bits – larger the key – longer to break) Example:1000 years
◦ Important for e-commerce (secure sites) ◦ PGP – Pretty Good Privacy – protects data in storage, too
Public key is for encryption Private key is for decryption
◦ Debate over public key encryption Terrorists use encryption Yet, needed for e-commerce growth ‘Key Escrow’ – was proposed, not adopted (key provided to
gov’t) TLS/SSL – Transport Layer Security/Secure Sockets Layer
◦ Web browsers◦ Protects data in transit over a network
Wireless networks◦ Passwords control what computers and users access
network Encryption and Authentication Encryption:
WEP (Wired Equivalency Privacy) Protects against casual snooping No longer recommended – crack in minutes
WPA (Wi-Fi Protected Access) Works with all wireless network adapters but not all
older routers or access points WPA2 (Wi-Fi Protected Access)
More Secure than WPA Will not work with some older network adapters
Prevents ‘Piggybacking’ Tapping into someone else’s wireless Internet
connection without proper authorization Apartment complex Neighborhoods Illegal in some states
NY Times Article 2006
Easily guessed (40-50%) Share passwords Post password next to computer Passwords too short
Use ‘strong’ passwords◦ Mix numbers and letters; mix case (upper and
lower)◦ The longer the better (6-8 chars or longer)
Brute Force – trying every combination until password is determined
◦ Pet, kids and spouse names make bad passwords◦ Be inconsistent – use different passwords for
different sites (I know…hard to do!)
◦ Change passwords often
No such thing as 100% security :◦ Make sure Operating System is up-to-date (automatic
update/service packs)◦ Use anti-malware programs/Security Suites (update)◦ Use a bidirectional firewall◦ Use additional anti-spyware scanners (Spybot S&D,
Adaware, Windows Defender)◦ Secure wireless network (WEP/WPA/WPA2)◦ Use unique (strong) passwords ◦ Consider using different browser – Internet Explorer is a
popular target (Opera, Firefox)◦ Use encryption (E-mail, IM - example ‘PGP Desktop’)◦ Backup important files (ex. storms, hardware
failure)◦ Be mindful of “social engineering” issues ◦ Turn computer OFF when not in use
Caesar Cipher Certificates Cookies Cryptography Decryption E-mail / IM Security Encryption HTTPS IP Address Keyboard Sniffer Key Escrow Packet Sniffer Passwords PGP
Piggybacking Privacy Issues Privacy Policy Public-Key System Routinely Transmitted Info. Security (Steps) Third-party Cookie/ Foreign
Cookie TLS /SSL URL Web Beacon / Web Bug Wireless Security WEP / WPA / WPA2