Personal Security and Privacy on the Web Prabhaker Mateti Wright State University

Slides:



Advertisements
Similar presentations
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Advertisements

BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Internet Privacy Jillian Brinberg, Maggie Kowalski, Sylvia Han, Isabel Smith-Bernstein, Jillian Brinberg.
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
Chapter 10: Electronic Commerce Security. Electronic Commerce, Seventh Annual Edition2 Impact of Security on E-Commerce In 2006 an estimated $913 million.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Web server security Dr Jim Briggs WEBP security1.
INTERNET and CODE OF CONDUCT
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Privacy in Computing Legal & Ethical Issues in Computer …Security Information Security Management …and Security Controls Week-9.
1 Enabling Secure Internet Access with ISA Server.
Lesson 46: Using Information From the Web copy and paste information from a Web site print a Web page download information from a Web site customize Web.
11 SUPPORTING INTERNET EXPLORER IN WINDOWS XP Chapter 11.
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
The World-Wide Web. Why we care? How much of your personal info was released to the Internet each time you view a Web page? How much of your personal.
PART THREE E-commerce in Action Norton University E-commerce in Action.
CHAPTER 2 PCs on the Internet Suraya Alias. The TCP/IP Suite of Protocols Internet applications – client/server applications The client requested data.
C4- Social, Legal, and Ethical Issues in the Digital Firm
Cosmos Security Feature Overview Product Planning Group Samsung IT Solutions Business 12 July 2010.
Chapter 11 Computers and Society, Security, Privacy, and Ethics.
Internet Security for Small & Medium Business Week 6
XHTML Introductory1 Linking and Publishing Basic Web Pages Chapter 3.
JavaScript, Fourth Edition
Chapter 8 The Internet: A Resource for All of Us.
0Gold 11 0Gold 11 LapLink Gold 11 Firewall Service How Connections are Created A Detailed Overview for the IT Manager.
OHT 11.1 © Marketing Insights Limited 2004 Chapter 9 Analysis and Design EC Security.
Forensic and Investigative Accounting Chapter 14 Internet Forensics Analysis: Profiling the Cybercriminal © 2005, CCH INCORPORATED 4025 W. Peterson Ave.
Chapter 1: The Internet and the WWW CIS 275—Web Application Development for Business I.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
Jeopardy Computer Internet Policy & Legal Potpourri Q $100 Q $200 Q $300 Q $400 Q $500 Q $100 Q $200 Q $300 Q $400 Q $500 Final Jeopardy.
TECHNOLOGY GUIDE THREE Protecting Your Information Assets.
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
Dimensions of E – Commerce Security
1 CHAPTER 2 LAWS OF SECURITY. 2 What Are the Laws of Security Client side security doesn’t work Client side security doesn’t work You can’t exchange encryption.
Types of Electronic Infection
Protecting Students on the School Computer Network Enfield High School.
G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.
Internet Security. 2 PGP is a security technology which allows us to send that is authenticated and/or encrypted. Authentication confirms the identity.
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
COSC 513 Operating Systems Project Presentation: Internet Security Instructor: Dr. Anvari Student: Ying Zhou Spring 2003.
1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.
CS453: Introduction to Information Security for E-Commerce Prof. Tom Horton.
Encryption. Introduction The incredible growth of the Internet has excited businesses and consumers alike with its promise of changing the way we live.
DIGITAL SIGNATURE.
Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed.
Chapter 12: How Private are Web Interactions?. Why we care? How much of your personal info was released to the Internet each time you view a Web page?
BY: CHRIS GROVES Privacy in the Voting Booth. Reason for Privacy Voters worry that their vote may be held against them in the future  People shouldn’t.
LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.
Jump to first page Internet Security in Perspective Yong Cao December 2000.
Chapter 9 Sending and Attachments. Sending and Attachments FAQs: – How does work? – How do I use local ? – How do I use Web-based.
Internet Flow By: Terry Hernandez. Getting from the customers computer onto the internet Internet Browser
Csci5233 Computer Security1 Bishop: Chapter 14 Representing Identity.
LEARNING AREA 1 : INFORMATION AND COMMUNICATION TECHNOLOGY PRIVACY AUTHENTICATION VERIFICATION.
ASHRAY PATEL Protection Mechanisms. Roadmap Access Control Four access control processes Managing access control Firewalls Scanning and Analysis tools.
Lecture 10 Page 1 CS 236 Online SSL and TLS SSL – Secure Socket Layer TLS – Transport Layer Security The common standards for securing network applications.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
SAMET KARTAL No one wants to share own information with unknown person. Sometimes while sharing something with someone people wants to keep.
Privacy and the Law.
Internet Business Associate v2.0
TECHNOLOGY GUIDE THREE
Web Privacy Chapter 6 – pp 125 – /12/9 Y K Choi.
Personal Security and Privacy on the Web
Unit 8 Network Security.
Designing IIS Security (IIS – Internet Information Service)
Presentation transcript:

Personal Security and Privacy on the Web Prabhaker Mateti Wright State University

Mateti on "Personal Security and Privacy"2 J. Edgar Hoover: "Why should you care if you have nothing to hide?"

Mateti on "Personal Security and Privacy"3 'There are worse things than having your privacy violated... like murder.'

Mateti on "Personal Security and Privacy"4 "Civilization is the progress toward a society of privacy. The savage's whole existence is public, ruled by the laws of his tribe. Civilization is the process of setting man free from men." Privacy Ayn Rand, The Fountainhead (1943)

Mateti on "Personal Security and Privacy"5 Loss of Privacy “Consumer Relationship Management” $40 billion in 2000, $90 billion by 2003 Acxiom keeps personal and lifestyle data on 95% of U.S. households and can arrange it according to ethnicity, race or other criteria

Mateti on "Personal Security and Privacy"6 Loss of Privacy Web sites unknowingly send data to advertisers, June 14, 2000 E-sign bill passed by the House in a vote. June 14,2000 “Safe Harbor" US-EU agreement offers more than American companies offer customers at home. June 12, 2000

Mateti on "Personal Security and Privacy"7 Loss of Privacy New breed of viruses: Caligula sends data over Internet. Feb Accidental Release of Info: University of Michigan Health System, 18 MB of patient’s data; Feb 1999

Mateti on "Personal Security and Privacy"8 Loss of Privacy FTC surveyed 1400 web sites: 92% collect personal info; only 14% notify users; only 2% have a privacy policy; June 1998 Example: has garnered 30 million user profiles; Aug 1998.

Mateti on "Personal Security and Privacy"9 Your Privacy and Security is Compromised... When you when you surf the Web when you have a home page

Mateti on "Personal Security and Privacy"10 Your Privacy and Security is Compromised... When your PC is on-line When your PC is idle...

Mateti on "Personal Security and Privacy" million Americans over age 16 an increase of 14 million from the 1998 CommerceNet/Nielsen survey on Internet Usage ( Spring 1999 )

Mateti on "Personal Security and Privacy"12 Connecting to the Net NIC: Ethernet Card Address Modem + PPP You are a node on the Net IP address

Mateti on "Personal Security and Privacy"13 Network Security Breaches All the usual breaches; in particular: A program runs on your machine without your permission You are impersonated

Mateti on "Personal Security and Privacy"14 Firewalls provide... Filtering of network packets to/from certain addresses and ports. Detailed logs of who accessed what, when, and for how long.

Mateti on "Personal Security and Privacy"15 Firewalls do not provide... Security of personal data Authentication of Individuals Anonymity Alerts when an unauthorized program runs

Mateti on "Personal Security and Privacy"16 Globally Unique Identifiers Each document created by Word,... has a guid. Windows install generates a guid. Registration sends this and other info.

Mateti on "Personal Security and Privacy"17 Pentium III “designed with the Internet in mind” The PSN (processor serial number) is built into the silicon chip during manufacturing

Mateti on "Personal Security and Privacy"18 Intel Assures... the serial number can be turned off with a utility to develop tools and guidelines on the responsible use of the processor serial number. it will not maintain a database that correlates processor serial numbers with consumers

Mateti on "Personal Security and Privacy"19 Fact Is... the serial number can be turned on with a remote utility (ActiveX,...)

Mateti on "Personal Security and Privacy"20 Zero knowledge demo

Mateti on "Personal Security and Privacy"21 Processor Serial Number Intel has not removed the PSN from its P3. Intel admitted that some Pentium II chips contain the PSN. Intel will not include a PSN in its upcoming chip.

Mateti on "Personal Security and Privacy"22 Give yourself privacy in electronic communications Understand the scientific basis for privacy: Cryptography.

Mateti on "Personal Security and Privacy"23 Security of Content No observer can read the contents of the message No observer can identify the sender and receiver

Mateti on "Personal Security and Privacy"24 Integrity of Message the message has not changed the message has not been prevented from reaching the recipient

Mateti on "Personal Security and Privacy"25 Sender and Receiver Only the intended recipient receives the message The message is sent by the claimed sender The sender cannot deny The recipient cannot deny

Mateti on "Personal Security and Privacy"26 Guide to Practical Privacy Tools »Snoop Proof »Anonymous R ers »Surf Anonymously »HTML Filters »Cookie Busters »Voice Privacy » and File Privacy »Encryption »Disk/File Erasing Programs »PC Firewalls

Mateti on "Personal Security and Privacy"27 PGP “Pretty Good Privacy” Uses two coupled keys:Public key published; Private key kept secret Plug-ins for many packages File storage applications also

Mateti on "Personal Security and Privacy"28 Anonymizers Everything you do on the Web can be attributed to you. Anonymizer.com “Privacy is your right” Search on “anonymous r ers”

Mateti on "Personal Security and Privacy"29 SSL “Secure Sockets Layer” Transport layer authenticated: servers, always; clients, optionally uses encryption

Mateti on "Personal Security and Privacy"30 HTTPS Secure HTTP application protocol Client/Server Authentication Spontaneous Encryption Request/Response Non-repudiation

Mateti on "Personal Security and Privacy"31 Privacy Checklist Minimize the information that you put in your mail signature files. Reconsider what you have in your personal web pages. Consider what information you give out to web sites.

Mateti on "Personal Security and Privacy"32 Privacy Checklist Search the people locators to find out what sites list your personal information. Have yourself removed from spam mailing lists. Your posts on a newsgroup or mailing list can imply a great deal about you.

Mateti on "Personal Security and Privacy"33 Privacy Checklist Frequently delete your browser's history and cache files. Understand cookies. Use PGP.

Mateti on "Personal Security and Privacy"34 Privacy Checklist Do not use “What’s Related?” Do not use “Show Related Links” Apply MS Office patches to remove GUID feature. Remove GUIDs from existing documents.

Mateti on "Personal Security and Privacy"35 Cookies A text file on your HDD that a browser creates at the request of a web site Can contain arbitrary data Not meaningfully editable by you (?!)

Mateti on "Personal Security and Privacy"36 Mateti’s Cookies

Mateti on "Personal Security and Privacy"37 MRU, … “Most Recently Used” items TweakUI from MS more properties,

Mateti on "Personal Security and Privacy"38 TweakUI

Mateti on "Personal Security and Privacy"39 MoreProperties

Mateti on "Personal Security and Privacy"40 If you want privacy in the electronic age... You have to give it to yourself. Your employer will not give it to you. Your government will not give it to you. Even the laws of your nation cannot be relied upon to give it to you.

Mateti on "Personal Security and Privacy"41 Fourth Amendment The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

Mateti on "Personal Security and Privacy"42 Art 12: Universal Declaration of Human Rights “No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honor and reputation. Everyone has the right to the protection of the law against such interference or attacks."

Mateti on "Personal Security and Privacy"43 Loss of Privacy "You already have zero privacy -- get over it." Scott McNealy, 1999, Sun

Mateti on "Personal Security and Privacy"44 Get Over It? "First they came for the hackers. But I never did anything illegal with my computer, so I didn't speak up. Then they came for the pornographers. But I thought there was too much smut on the Internet anyway, so I didn't speak up. Then they came for the anonymous r ers. But a lot of nasty stuff gets sent from anon.penet.fi, so I didn't speak up. Then they came for the encryption users. But I could never figure out how to work PGP anyway, so I didn't speak up. Then they came for me. And by that time there was no one left to speak up." -- Unknown

Mateti on "Personal Security and Privacy"45 FBI is asking Congress for the right to view the encrypted computer files of consumers, without the owner's knowledge.

Mateti on "Personal Security and Privacy"46 ACLU: Privacy Principles Your personal information should never be collected or disseminated without your knowledge and permission. Organizations must let you know why they're collecting your information; and they can't use it for other reasons than the one you granted permission for (unless they get a second permission from you)

Mateti on "Personal Security and Privacy"47 ACLU: Privacy Principles Organizations must ensure the privacy of the personal information they collect or maintain on you, retaining only what is necessary information and only for as long as it is needed. You should have the right to examine, copy, and correct your own personal information.

Mateti on "Personal Security and Privacy"48 ACLU: Privacy Principles There must be no national ID system -- either in law or in practice Unrelated data bases must be kept strictly separate so information can't be cross- referenced. Personal "biometric" data -- your fingerprints, DNA, retina or iris scans, etc. -- must not be involuntarily captured or used (except for fingerprinting criminals).

Mateti on "Personal Security and Privacy"49 ACLU: Privacy Principles The government must not prohibit or interfere with the development of technologies that protect privacy (such as encryption). These principles should be enforceable by law. Furthermore, no service, benefit, or transaction should be conditioned on waiving your privacy rights.

Mateti on "Personal Security and Privacy"50 Get Over It? Write your local elected officials and tell them you want stronger laws to protect your privacy. "Cyberspace must be free!"

Mateti on "Personal Security and Privacy"51 Recommended Reading: “Database Nation” by Simson L. Garfinkel, Chapter 1: Introduction to the US Edition Chapter 2: Database Nation Chapter 3: What Did You Do Today? Chapter 4: Absolute Identification Chapter 5: Nevermore a Lost Pen Chapter 6: The Body’s Own Privacy Chapter 7: Buy Now! Chapter 8: Who Owns Your Information? Chapter 9: Crooks, Kooks and Terrorists. Chapter 10: Excuse Me, But Are You Human? Chapter 11: The New Privacy Bibliography

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.