security and privacy issues for internet users (and internet searching tips) revision 09/2012 russ...
TRANSCRIPT
Security and Privacy Issues for Internet Users(and Internet Searching Tips)
Revision 09/2012
Russ Haynal Internet
Instructor, Speaker, and Paradigm Shaker
21015 Forest Highlands CtAshburn, VA 20147
http://navigators.com
Phone : [email protected]
Note: If you send me an email, put “internet training” in the e-mail's subject
Copyright © Information Navigators
Page 2
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/Security and Privacy Issues
1. Background and Statistics
2. “Persona” issues and options
3. Network Connections (home /small business)
4. Firewalls
5. Anti-Virus
6. Web Browsing issues such as cookies
7. Other Applications: Email, peer to peer, Spyware
8. Authored Content and specialized databases
9. Local options (storage, encryption)
10. Internet Search tips
Online Web page = http://navigators.com/opensource.html
specific_page.html
Page 3
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/Disclaimer
• This session illustrates a variety of search tools, techniques and research methods.
• You should consult your organization’s policies to verify if these methods are approved for your types of Internet connections.
Page 4
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/An Opening Survey
• Do you have a Broadband connection (i.e. cable, DSL, Fiber ) ?
• Do you have a wireless network at home?
• Do you access the Internet at home without a firewall?
• Is someone in your home PC downloading music? (without paying)
• Do you, or anyone in your extended family, use a genealogy program (i.e. Family Tree Maker)
• Do you, or anyone in your immediate family, use facebook?
• Do you receive Spam email daily?
• Received Phishing? ( = fake request to verify your account )
• What type of Internet connection(s) do you have:
– Attributable (agency.gov), Mis-Attributable, Home
• Have you researched work-related topics via your home account?
• Do you know which Apps in your smart phone can access your GPS?
Page 5
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/Why this Course…• This course covers a variety of security and privacy issues
• Some issues apply directly to work-related Internet usage
• Many issues apply strictly to home-based Internet usage
• These issues are important from a counter-intelligence perspective
– Minimize “leaking” of your research interests
– Protection of your personal information and identity
• If the security of your home PC is breeched, it could lead to you being in a compromised/vulnerable situation.
Remember: Internet = Passport to interact with foreign resources and people
Page 6
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/Some StatisticsPrivacy Practices of Web Domains
Random Sample
Top 100 Popular
Collect Personally Identifiable Information 90% 96%
Places Third Party Cookies 28% 48%
Posts Privacy Statement 88% 98%
Displays Privacy Seal (ie. Truste, BBB) 12% 44%
Source:http://www.pff.org/publications/privacyonlinefinalael.pdf
privacy.html
source: www.cert.org/stats
source: webroot.com
Page 7
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/Identity theft
• Identity theft occurs when someone has collected enough personal information about you, that they can “impersonate” you.
• They can use your identification information to access your existing financial accounts, investment accounts, etc.
• They can use your identification information to establish new accounts (checking, credit card, loans) based on your name/credit history.
• They can collect your personal Information through traditional means – dumpster diving, scam solicitations, corrupt employee.
• Now add the risk from Internet/PC usage:
• Hacker gains access to your PC: bank account information, investment software, cookies, auto-complete password, auto web form fill-ins’ and family genealogy (birth date, mother’s maiden name)
• Hacker gains access to your relative’s PC which has a genealogy program.
• Researcher looks through facebook and public record databases
During 2008, there were ~10 million victims in the U.S.Average loss = $5,885 and 28 hours of time
privacy.html
Page 8
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/Security and Privacy Issues
1. Background and Statistics
2. “Persona” issues and options
3. Network Connections (home /small business)
4. Firewalls
5. Anti-Virus
6. Web Browsing issues such as cookies
7. Other Applications: Email, peer to peer, Spyware
8. Authored Content and specialized databases
9. Local options (storage, encryption)
10. Internet Search tips
specific_page.html
Page 9
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/Backbones Connecting
regionalISP #1
Your Internet traffic flows through several Internet ProvidersBackbone
ISP- A
Backbone ISP
Regional ISP
Exchange Point
Client(PC)
Server
Private Peering
Backbone ISP- B
regionalISP #2
Web hosting center
Enterprise LAN/Wan
Large organization
Destination
traceroute.html
Page 10
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/Introduction to “Persona”
• While viewing a web page (URL1), You click on a hyperlink to visit another web page (URL2)
• Your web browser sends “environment variables” to the web server.
• Webmaster’s use this information to determine information about you and your organization (physical location, your interests, Software, etc.)
ReportsAccesslogs
Analyst Webmaster
Web ServerURL1
URL2
InternetAccess
As you surf the Internet, you give-off a certain persona
You should always know what websites know about you
persona.html
Page 11
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/Persona Details•Your persona is communicated to every web server that you visit.
•You should be explicitly aware of your persona before you visit any website. For example, should you visit:– badguy.com from agency.gov?
Your persona is communicated via “environment variables” such as:
•REMOTE_HOST = This is the name associated with your IP Number.
•REMOTE_ADDR= This is the IP number of your computer, or proxy. A webmaster could do a traceroute to see how you are connected.
•HTTP_REFERER = This is the URL of the page you were previously viewing. You should be careful on how you create web pages. For example, do you want to reveal the following?:
– http://badguy.com is listed on http://intranet.agency.gov/joe_smith/investigation_targets.html?
• Your persona may also be transmitted via Java Applets such as ga.js and urchin.js (google analytics)
persona.html
Page 12
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/A Typical Scenario...
searchtool.com webmaster knows your “search terms”
destination.com webmaster knows what “search terms” you used to find them
Persona:- agency.gov OR- town.ninja.com
Analyst
searchtool.com
destination.com
“search terms”
http://searchtool.com/query=searchterms
hits
page
webmaster
webmaster
persona.html
Page 13
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/Always check your Persona
• You can also search for: proxify who am I
This is a key paragraph to look for… If this is missing, then no referring URL is being passed
Important Note: This testing page is most accurate when you click on a link to bring you towards this page.
persona.html
Page 14
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/Think before you click...• Does your connection method leak a Referring URL?
• IF IT DOES... do NOT “Click” on your search results
• A click on this search result will tell the webmaster at orgnet.com that you are searching for “terrorist”
Referring URL
Hover over the link to see its URL
persona.html
http://www.google.com/query=terrorist_&start=110
Page 15
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/Anonymizers
• Anonymizers replace your persona with their persona.
• Anonymizer now “knows your business”
• Web Masters may easily recognize anonymizer traffic
anonymizer.html
Page 16
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/
ninja.com
Agency_portal.com/page_namestarget.comagency.gov
Analyst #1
Analyst #2
Persona=agency.gov + referrer = portal
Persona=ninja.com + referrer = portal
The “portal” Problem...
Exposing a “less recognizable” persona
Analyst #1: uses agency.gov persona to visit “targets”
Analyst #2: uses “ninja.com” persona to visit “targets”
Now “ninja” persona may be recognized as “agency.gov” visitor
The “parallel visit” Problem...
Even with no http_referer, a webmaster can still make the association due to high volume hits or similar usage patterns.ninja.com
target.comagency.govAnalyst #1
Analyst #2
Page 17
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/Internet Accounts, Policies, & Procedures
• There may be several different types of Internet accounts with their own intended use, and strengths/limitations
• There may be some policies which always apply
• There may also be unique policies associated with each type of account
• Policies are probably in a state of flux, as organizations try to keep up with the ever-changing Internet and legal environment.
• Clarify these issues from within your organization
• Make sure ALL Internet users are kept aware of the latest internet usage policies. Mistakes by a handful of users could jeopardize your connection’s privacy, and cause unwanted publicity for your organization.
Page 18
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/Internet Connection Definitions
• IP # - Internet Protocol number is allocated to you from your ISP
• Fixed IP # - the same IP Number remains permanently assigned
• Dynamically Assigned IP Number – During a log-in/connect sequence, an IP number is assigned to the user for the duration of that session. Such IP numbers may be assigned from a “DHCP” Host (Dynamic Host Configuration Protocol)
• Dial-up – only connected part-time. Dial-up accounts receive dynamically assigned IP #’s.
• Broadband – Cable or DSL. Usually connected 24 X 7. A broadband account may receive a fixed or dynamic IP #. A dynamic IP # may persist for a very long time. Most broadband modems are “External Modems” and must be connected to the PC via a network connection (Ethernet, wireless)
getting_connected.html
Page 19
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/Network Address Translation
10.0.0.0 - 10.255.255.255 172.16.0.0 - 172.31.255.255 192.168.0.0 - 192.168.255.255
• NAT is the translation of an IP number from one network segment into an IP Number that is used within another network segment.
• NAT is often used where a private network touches a public network, such as: Internet Broadband modem Internal LAN)
• There are certain IP numbers allocated for use on private networks. (reference: RFC’s 1918, 1631)
NAT Device
68.70.164.89 192.168.0.1
192.168.0.5
192.168.0.83
• To See your “external” IP Address: “Check your persona” on my web site.• To see your Computer’s “local” IP Address: DOS Prompt -> ipconfig /all
getting_connected.html
“external” “local”
Page 20
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/Getting Online…
Phone Modem
Broadband Modem
Internet Gateway
Router
Dial-up Modem With a single PC- Temporary Connection- Dynamically assigned IP number
Broadband (Cable/DSL/fiber) With a single PC- Persistent Connection- IP Number may remain constant throughout “session”
Broadband Modem With multiple PCs- “Internet gateway router” includes extra features: DHCP and NAT to assign additional IP #’s to all Computers; Firewall, Print server, wireless- Modem’s IP number = Internet persona
getting_connected.html
Broadband Modem
High speed Router
Local Routers Employee PCs
ISP / Internet
Home options
At Work…. Wide variety of implementations including firewalls.
Page 21
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/A special note about wireless networks(are you sure, you can’t install a wire?)
• A Wireless router is connected directly to your LAN/ ISP.
• Wireless Networking Standards are always evolving: 802.11b, 802.11g, 802.11n, 802.11i
• WEP (Wireless Equivalent Privacy) adds encryption, but a weakness in its algorithm means it can be easily compromised using free shareware. WPA/WPA2 (WiFi Protected Access) adds additional security
• Remote “guests” may be able to connect into your LAN
Gateway RouterISP /
Internet
Neighbor’s Computer
WirelessRouter
Broadband Modem
getting_connected.html
Read the manual for your router AND update the Firmware
Page 22
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/Security and Privacy Issues
1. Background and Statistics
2. “Persona” issues and options
3. Network Connections (home /small business)
4. Firewalls
5. Anti-Virus
6. Web Browsing issues such as cookies
7. Other Applications: Email, peer to peer, Spyware
8. Authored Content and specialized databases
9. Local options (storage, encryption)
10. Internet Search tips
specific_page.html
Page 23
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/Personal Firewalls• A firewall should monitor incoming and outgoing traffic
(windows XP firewall was incoming only)• Some firewalls are more secure than others
(stateful packet inspection, ICSA Certified, etc)• Most firewalls do not protect against viruses• All firewalls require administration (set-up configuration,
updates, granting permissions for applications)• Change the default administrative
password included in the firewall
• Event logs – learn how to read these
• Many “alerts” come from infected machines doing random scanning
• You can traceroute IP#’s and search for info on Port Numbers
firewall.html
Page 24
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/Firewall Options
Broadband Modem
Firewall(hardware)
Ethernet Hub
Firewall(Software)
Firewall(Software)
Firewall(Software)
Ethernet Hub
Internet Internet
• Prices: <$100 to ~$500• Additional functions available• NAT, DCHP, Email notification• Easier for computers to share folders / printers
• Prices: free to ~$50• Each machine needs to be configured• Firewalls may interfere with local network sharing
Broadband Modem
firewall.html
Page 25
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/Anti-Virus Software
• Every machine should have updated anti-virus software installed, and running
• AV software should automatically examine every incoming file ( email attachment, web download, peer-to peer download)
• AV software will occasionally scan every file on your machine for viruses
• The heart of most AV programs is a “dictionary” of pre-defined viruses which is compared to your files. The dictionary may have over 100,000 definitions.
• AV programs will also monitor certain sensitive system resources for any changes
Important: the virus definition dictionary must to be updated frequently. There may be 100 new virus definitions added to the dictionary in one week.
virus.html
Page 26
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/Security and Privacy Issues
1. Background and Statistics
2. “Persona” issues and options
3. Network Connections (home /small business)
4. Firewalls
5. Anti-Virus
6. Web Browsing issues such as cookies
7. Other Applications: Email, peer to peer, Spyware
8. Authored Content and specialized databases
9. Local options (storage, encryption)
10. Internet Search tips
specific_page.html
Page 27
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/Web Surfing Risks
• There are numerous concerns with web surfing
• Cookies / web bugs – track your individual movements
• Java / Active X – Executable code downloaded and running on your machine
• Web Site registrations- collect personal info, credit cards
• Social networking – sharing your information
• Pop-ups, pop-unders, Fake ad windows,
• Browser leaks – persona, referrer, plug-ins, Clipboard
• Numerous web browser settings and third party software options, toolbars, advertisement blockers.
privacy_browser.html
Page 28
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/Cookies ( = barcode on forehead)
• A cookie is a piece of text stored on your computer by a web server.
• Helps the web site to “recognize you” (username_greetings) and “remember” your interactions within the web site (shopping cart)
• Web site may repeatedly refer/update your cookie and its internal database on your movements.
• 3rd parties may also place cookies through many web sites (advertisers, hit trackers, etc)
def.comabc.comxyz.com
xyz_cookieBrowser
ad_cookies
“I am not a piece of your inventory”
cookies.html
Page 29
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/Are you visiting just one site?
• Viewing a single web page may cause your browser to interact with many different web servers.
• Even with cookies turned off, you still make foot prints on third-party web servers while retrieving their graphics.
Page2.htmlLogo.gifCookiesScripts, etc
Ad_banner.gifCookies, etc
Tiny_dot.gifCookies, etchit_counter.gif
Cookies, etc
Page1.html
Page2.html
privacy_browser.html
Page 30
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/Third Party cookies
Web pages can include graphics (and therefore cookies) from “third parties”
[email protected] history
[email protected]_phoneViewing history
badplace.comFake [email protected] history
Jokes.com ID#_201loan.com ID#_4873
badplace.com ID#_539
3p.com
3p.com ID#_435349
Your Cookies
[email protected] viewing [email protected]_phoneYour viewing historybadplace.comFake [email protected] viewing history
Buys/sells your data with its “partners”
Copyright navigators.com
The “third party site” can compile an extensive profile on you, and sell this information to companies that are online and offline.Google Analytics is embedded in 50% of the top 1 million websites
Page 31
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/Web Bugs and Beacons• Web Bugs are “hidden” graphics
• The graphic is usually a 1 x 1 pixel and is the same color as the background
• Some web privacy policies refer to web bugs as “beacons”
• www.bugnosis.org offered a free plug-in which highlighted all web bugs, showed you its cookie value, and other parameters:
Each tiny graphic = item to be downloaded
cookies.html
• Try Firefox plug-in; Ghostery
Page 32
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/Managing Cookies
Tools -> Options ( or Internet options )
You can allow cookies from specific web sites, while blocking most other sites.
cookies.html
Browsers have several settings to control cookies
There are also Adobe “Flash cookies”. See my web page for links: navigators.com/cookies.html
Page 33
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/Secure Web Pages
• Webserver invokes encryption with browser on a page by page basis.
• Watch for encryption whenever personal information is being transferred (username/password, credit card #, Financial info, etc)
• Encryption protects the contents of page information as it is transferred between your web browser and the remote web server.
• Encryption does NOT protect your data from a local keystroke logger
• Encryption does NOT protect your data after it arrives at the remote web server
• Encryption does NOT guarantee that the vendor is reputable.
Not Encrypted Encrypted
privacy_browser.html
Page 34
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/What about the other applications?
• Many applications you use are “internet enabled”
• These applications carry your connection persona, and may have their own set of privacy and security settings
Internet Access Internet
privacy_other_apps.html
Page 35
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/Email issues• Default email program settings may leave you vulnerable
• Viruses often transmitted via address books (don’t trust any attachment – even from your friends)
• Spam – Do not reply to get “removed”
• Scams – nigeria money scam – Give us your bank account number
• Hoaxes - $300 cookie recipe, boy brain tumor, modem tax, etc.
• Social engineering – One virus hoax email told you to search for a file and delete it... Unfortunately the file in question is a normal system file.
• If it says “tell everyone you know”, it IS a hoax. To confirm if it is a hoax, simply search for part of the email using google .
• Microsoft outlook – Look for updates, patches and learn about settings
privacy_other_apps.html
Page 36
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/Spam, Spam, Spam, Spam
• For every email you receive, dozens of spam messages have been blocked by your ISP.
• Some Spam is sent from infected computers (Your computer…?)
privacy_other_apps.html
Source: www.junk-o-meter.com
Source: Symantec state of spam report
Page 37
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/Reading Email = Web Surfing!
• Most graphics are downloaded from an online server as you view email
• The Spammer now knows that you have read his email
• Ways to avoid this:
– Disable HTML, preview options
– Block Internet while browsing downloaded email
• Try it yourself: www.readnotify.com
Graphics downloaded as you
preview/display an email
privacy_other_apps.html
Page 38
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/Email Architecture
• A sent email may include the following information in its “headers”
– IP # of YOUR PC as you send the email
– IP # of the email server that handles your email (your ISP’s server)
– IP # of the recipient's email server (their ISP’s Server)
Mail Server #1
POP3 SMTP
Email Client B
Port 110 Port 25
Mail Server #2
POP3SMTP
Port 110Port 25
WebBrowser D
Email Client C
Email Client A
Web-Based Email #3
SMTPPort 80
HTTPPort 25
Optional
email_details.html
Page 39
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/Email Details
• The “from” of a message is absolutely unreliable. The sender can put anything they want here.
• To see the headers, look under viewing options in your email software or web-based email.
• Anti-spam web sites contain good information for identifying email
To: [email protected] From: [email protected]: meeting agendahere is the body of the message.Stuff, stuff, stuff, etc.
Headers: mail server - mail server communications
Look at the headers too
The part of an email you normally look at
persona_email.html
Page 40
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/Other applications
• Most forms of peer- to - peer programs may reveal your specific IP number (file sharing, chat rooms, Instant messenger, etc)
• Peer- to- peer programs can be configured to share the contents of your hard disk.
• Some free programs include piggy-back programs
• Some programs include spyware, which monitor your usage of their product
• Trojans , viruses – Once they are in your system, they can be used to collect personal information ( This is why you want a 2-way firewall)
privacy_other_apps.html
Page 41
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/Look for the options / settings
• Homework: Examine every application on your PC which is “internet aware”, you need to explore through every preference / option menu
• Your firewall settings are WORTHLESS, if your 12-year old enables your entire hard disk to be shared with everyone who also uses that chat program, music swapper, etc.
privacy_other_apps.html
Page 42
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/Piggy Back Applications
(Spyware, Adware)• Some Free program include piggy-back programs (they provide
revenue to the free program)
• For example: a stealth p2p network application is bundled with Kazaa
– Buried in the user agreement:
– "You hereby grant “Brilliant” the right to access and use the unused computing power and storage space on your computer/s and/or Internet access or bandwidth for the aggregation of content and use in distributed computing,"
• “Brilliant” now has the keys to your computer.
• 150 million copies of Kazaa had been downloaded.
• How hard would it be for a hacker to also access these capabilities?
privacy_other_apps.html
• Programs such as Spyware doctor, ad-aware, “Spybot Search and destroy”, can be used to identify & remove such programs.
Page 43
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/Security and Privacy Issues
1. Background and Statistics
2. “Persona” issues and options
3. Network Connections (home /small business)
4. Firewalls
5. Anti-Virus
6. Web Browsing issues such as cookies
7. Other Applications: Email, peer to peer, Spyware
8. Authored Content and specialized databases
9. Local options (storage, encryption)
10. Internet Search tips
specific_page.html
Page 44
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/Authoring issuesIf you author any content, here are some concerns:
• Mailing lists – If you post a message to a mailing list – do you know who else is on that list? There may also be an archive of that list’s messages.
• Blogs such as facebook – Assume that your content will be archived and shared with a very large audience.
• Web Pages – Your HTML authoring program may embed your full name into an HTML meta-tag. The software “knows” your name from the first day when you installed the program. (This is also true of most other programs such as Word, Powerpoint)
• Web – based email – includes IP number of workstation
Page 45
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/Facebook must be managed…
• Information you (or your kids) post that can assist with identity theft: (birthdate, home town, name of high school, dog’s name, name of best man at wedding, etc)
• Are your co-workers also facebook friends? 8 of your friends have college degrees in “International Relations” and their kids go to Langley High School…
• Facebook Privacy controls are splintered into many different sections and layers. New features are usually defaulted to “everyone”. You have to keep changing them to “friends only”
• Try these tests:
– Make a new “fake person” at facebook, and see how much of your information (and your kid’s) can be seen by “everyone’.
– Make “fake person #2” at facebook, make them a friend to one of your friends/relatives; and see how much of your information (and your kid’s) can be seen by this “friend of friend”
Facebook tracks you across many websites
Consider a web browser dedicated to only Facebook
Page 46
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/www.archive .org
• Any user can surf through previous copies of a web site.
• Deleting sensitive information from today’s web server does not remove it from archive.org / public access
• Search engine robot collects web pages like other search engines
• Previous web page copies are also retained
Web Servers
RobotUser
Interface
Recent copy
copied Web page
Archive copies
User PC
• “document not found”? – Paste the address into archive.org
• Viewing archived web pages can still cause hits to live target website
Page 47
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/Local Set-up options
• Consider using encryption at home to protect personal data . For example, encrypted file systems are now standard in Windows. - You can also explore using encryption for email (learning curve)
• Some applications offer encryption schemes for files (quicken), but these are not very secure. There are numerous “cracker” programs which will easily break these open.
• Require Passwords for access to computers or internet access
• Create multiple user accounts (even for yourself) = public / private disk space
• Physical security of computer – logon passwords, boot sequence, other users.
privacy.html
Page 48
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/Consider Offline Storage
$400+ : A Second PC without a network connection. You can use a KVM switch to run this CPU to your existing keyboard/monitor
$350 : an extra notebook computer
~$100 : Second hard disk – can be external, or internal with a lock key to switch disks (nicklock)
Removable media – optical or magnetic storage that is removable
USB flash drive – Some include encryption
Where will you store the offline media?
privacy.html
Page 49
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/Consider Alternatives
• Switch away from Microsoft products
• Alternative products may be more secure, or less targeted by hackers.
• Browsers
• Email Clients
• Operating Systems
Page 50
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/Keep your system up to date
• Macintosh: “apple” menu software updates
• Also get updates for Microsoft Office Applications
privacy.html
Page 51
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/Worst case considerations• Read through your cookies - what if a clever website
were able to copy all of your cookies?
• Look at the content of your hard drive - what if a clever website were able to copy a directory listing, or individual files?
• If your research requires you to visit “exotic places” you should use a “sacrificial machine” - which has a very “bland identity”
• On the “sacrificial machine”, never use personalized sites (gmail, amazon, local restaurant, etc)
Page 52
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/Public Terminals
• Public terminals = Library, Kinkos, Hotel Lobby, Cyber Café, etc
• Is there any kind of consistent “administration” to guarantee the integrity of these computers?
For a public terminal, you should always assume that the machine has been compromised, and that a “keystroke logger” is quietly capturing all keystrokes. ( usernames, passwords, credit cards, etc)
Page 53
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/Future• Biometric scanner – finger, voice, eye • Other devices leaking information – Web surfing via cell
phone/GPS… • In the UK there are millions of cameras monitoring public spaces.• Much personal Information is in databases: phone number, map,
county taxes, DMV, court records, supermarket purchases, credit card company, phone company records, etc.
• Proposed law would give copyright owners the right to hack into your PC
Fingerprint scanner as USB accessory or built into a notebook
privacy.html
Page 54
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/Final Advice
• Always be self-aware of your persona• Know what policies apply to you• Go HOME – make backups (just in case)• Update operating system, change settings• Update Anti-virus software• Add / configure a firewall• Install & update spyware hunting software• Explore “options” menus in all programs• Make notes of all changes.
= Do it now!
advice.html
Page 55
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/Parent Options
• Do nothing…
• Separate computers / user accounts
• Require password for internet access
• Time constraints on when access is available
• Move computer screen to a visible location
• Install parent control software
– Blacklists, vs. logs
– Monitoring web vs monitoring everything (key logger)
• Know what applications are being installed and how they are configured ( bit torrent, hotmail – email filter options, etc, etc)
• Talk to child – show them how they can be tracked – email articles to them about online predator cases.
• Next, what about the neighbor’s computer where your child goes instead?
• What happens when the child moves out? Have they learned how to take care of themselves online?
Keystroke catcher
navigators.com/parentguide.html
Your Options:
Page 56
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/Security and Privacy Issues
1. Background and Statistics
2. “Persona” issues and options
3. Network Connections (home /small business)
4. Firewalls
5. Anti-Virus
6. Web Browsing issues such as cookies
7. Other Applications: Email, peer to peer, Spyware
8. Authored Content and specialized databases
9. Local options (storage, encryption)
10. Internet Search tips
specific_page.html
Page 57
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/How Does it Work?• Internet started as “Packet Switching Networks” using TCP/IP
(Transmission Control Protocol - Internet Protocol)
• Every Internet connection has a unique IP Address consisting of 4 numbers, each number has a range of 0-255 (ie. 198.211.16.134)
• Internet IP numbers are allocated through a hierarchy
– IANA --> ARIN/RIPE/APNIC/LACNIC/AFRINIC --> ISP’s /Company/Country
• Routers direct your packets of information along the “preferred” path
Router Router
Router
Router
Router
Router
RouterRouter
Note: The next generation of IP Address space (IPV6) is quite LARGE3,911,873,538,269,506,102 IP #’s per square meter of the Earth's surface 4,500,000,000,000,000 IP#’s for every observable star in the known universe
traceroute.html
Page 58
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/Domain Name System• The Domain Name System (DNS) associates
alpha-numeric names with IP addresses
• Names are registered with commercial registrars such as Go Daddy or country-specific registrars
• DNS Servers are distributed throughout the Internet - They act as a set of inter-linked phone books
• You enter “www.navigators.com”, and the DNS servers match it to “198.171.173.51”
• Historical meaning for domain names– .com=commercial .net= Internet Provider .org = non-profit
– .uk = United kingdom .pk= Pakistan .ru = Russia
• Reality…. Many country domain names are now for sale to ANYONE from ANYWHERE
domain_name.html
Page 59
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/Web Server / Web Site
Web pages= name.html
Graphics=name.gif=name.jpg
• Web Site is the Content
• The Web Server is a computer loaded with server software and a reliable Internet connection.
Page 60
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/A more complex environment
DataBase
•Internet users interact with web server•Web server query is passed along to data base.•The content of the database is only displayed
TEMPORARILY in a web page that is created in response to USER-actions.
•Most database content is unreachable by search engines
Web Browser
Online Hosting
typed form
Web server
page data
Application server
Page 61
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/Plan out your Internet Research
• Spell it Out - Define the Topic, Spell it out, Key words, acronyms, “what” and “who”
• Strategize - Choose your approach, which online resources, search tools
• Search - Get online, execute, stay focused, use advanced search features
• Sift - Filter the results, Follow the leads
• Save – Make bookmarks, take notes, organize results, share with co-workers.
search_methodology.html
Page 62
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/Spell out the topic...1. Name of topic, and what do you want to learn about the topic:
__________________________________________________________________
__________________________________________________________________
2. Spell out the topic (words, acronyms, abbreviations)
_______________________________
_______________________________
_______________________________
_______________________________
_______________________________
_______________________________
_______________________________
_______________________________
3. Make a list of “who” might publish such information (industry association, government agency, NGO’s, user group etc.)
__________________________________________________________________
__________________________________________________________________
generic, simple terms obscure, specific terms
search_methodology.html
Page 63
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/Overview of Internet Search Tools
• Search Engines (Google, search.yahoo.com)– Large database – text from billions of clickable pages
• Directories (dir.yahoo.com, www.dmoz.org)– Manually built subject trees–links to millions of web sites
•“User Pages” (Joe’s guide to widgets)– Built by subject experts- hundreds of topic-related links
Each tool has strengths and weaknesses
Pick the right tool...
search_tool_intro.html
Page 64
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/
Internet Directory (i.e. dir.yahoo.com, www.dmoz.org)
Mega
Directory
Filer may not be a subject-expert
URL’s & Descriptions (submitted by Users)
• Good for early stages of search, general subjects
• Links are grouped by topic
• Pages are manually built
search_tool_intro.html
Page 65
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/Searching a directory...
Main Menu“top”
Topics
subtopics
Content of subject tree
website
Links to external web pages
• Searches the text within the directory’s own web pages.
• Use search terms that would appear in:
– category titles
– web site titles
– web site’s brief description
• You are NOT searching the websites – just their brief description
wireless
search_tool_intro.html
Page 66
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/
Search Engines (ie. google.com, bing.com)
• Search Engine’s “robot” explores Internet, and copies web pages into its database
• Supports very detailed keyword searches
• Take the time to learn about the features & options of the search engine
Web ServersSearch Engine Site
RobotIndexerSearch
Interface
Your PC
Indexed Database
cachedWeb pages
copied Web page
search_tool_intro.html
You must envision what the target page will look like. “Use your imagination”
Try adding the words “resume” or “curriculum vitae” to your search terms
Page 67
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/Which have you bookmarked?
• The advanced search page can be used just as easily as the basic search page.
• Just seeing the options might remind you to use them
Basic search Advanced Search
Key Tip: Limit your searches to PDF or Powerpoint files to quickly locate detailed content
from great web sites.
search_tools.html
Page 68
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/Pay Attention to search results
Clustering – Google showing a maximum of 2 hits per domain
Cached = Google’s local text copy of the page. Graphics will still be downloaded from the remote website, unless you add: &strip=1
See hits from only that domain
Indentation = clustering
Problem: The “cached” link has been moved into Google’s “instant preview” pane… and a google javascript “hi-jacks” all
links back through Google (this breaks the &strip=1 trick)Solution: disable javascript in your browser.
persona.html
Page 69
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/
Alexa.com
• Like most toolbars, it “spies” on its users• Most of the information collected via the tool bar is
available at alexa.com
search_tools.html
• This is a great way to discover new websites based on the traffic patterns of millions of Alexa Toolbar users
• Click on “site info”
• Enter a Domain name
• Click “get details” and then “related links” & “traffic stats”
Page 70
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/“User Pages”
Potential weblink
Usually focused on a specific subject
Developed by “experts” in that field(or just a person with passion for subject)
Info Expert
Often contain “the best” online resources
search_tool_intro.html
Page 71
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/Finding “User pages”• Announced to Dmoz and other directories
• Linked at wikipedia, wikimapia
• Groups of users at forums, blogs and mailing lists
• Watch for sites labeled:“Joe’s ultimate guide to widgets”
• “User pages” often point to other “user pages”
• “Surfing Upstream” from several related sites (covered in Hidden Universes part 2)
• Ask other researchers – there are several sites that everyone knows as “the best”
• Interactive, live communication (Chat, telephony, virtual worlds)
search_universes.html
Page 72
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/Wiki ____• A Wiki is a type of website that allows easy and immediate creation
and editing of pages by “anyone”
• Wikipedia.org – Encyclopedia that can be instantly edited by ANY Internet user.
• Good starting point for many subjects to gain an overview of the topic
• Page can be biased from the most recent editor
• Some entries get “locked-down” due to editorial vandalism
• Wikimapia.org – same concept applied to google maps
• “map type” google map: zoom to the right location
• “map type” “wikimapia classic” : to see comments
Page 73
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/Blogs and Forums• A Web Log (blog) is usually owned by one person.
• Owner can post a log of their daily activities, or post ongoing comments about a topic.
• Guests may be also be allowed to add comments onto the blog
• Wordpress and blogger are popular sites
• Forum – An online discussion site focused on a particular topic
• Many users can participate by posting messages.
• Moderators may “police” comments that are considered off-topic
• Try searching for:
• Searchterms forum post - to find a forum that discusses your topic
• Searchterms forum post replies views – to find individual threads and messages that discuss your topic
• Membership requirements are a barrier to search engine robots
• Vbulletin is a popular program used on many websites
social_networking.html
Page 74
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/Surfing Upstream vs. Downstream
#1 Most researchers follow the links “downstream” from an interesting page
#2 “link:http://www.target.com” shows all the web pages which link towards the target (=upstream). Indicates the page’s “popularity” (= who knows about target.com)
#3 shows web pages that link to both target sites … will show “user pages” for the that topic
Target.com
Target.com Target.com Target2.net
#1 #3#2
“Upstream” “Joe’s guide to MANY targets”
search_upstream.html
Page 75
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/Surfing Upstream Details
• You need to decide which scenario makes more sense; Row #1 or Row #2
• A 3rd and 4th site can be added if they are popular enough
• At Google, can try the following search format ( no link: )
“www.example1.com” “www.example2.com”
search_upstream.html
search terms (use www.blekko.com) Search Results
link:http://www.example.com Web pages containing links toward example.com
link:http://www.example.com/pageA.htmlWeb pages containing links toward the specific web page
link:http://www.example1.com link:http://www.example2.com
Web pages which contain links towards both example sites. This is a great way to discover “user pages” (i.e. Joe's guide to example-sites)
Page 76
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/“site:” examples
( Google works best)
• This technique can save you weeks of search time
• Much faster than reading through thousands of web pages from a large website.
• “use your imagination” to focus these searches.
search_upstream.html
Search Terms (use www.google.com ) Search Results
site:example.com
web pages hosted on any kind of example.com server (www.example.com, blog.example.com, etc). This is a quick way to access the size/depth of a web domain
site:example.com searchtermweb pages hosted on example.com servers which mention the "searchterm"
site:ru searchtermweb pages hosted on .ru web servers which mention the "search term"
site:ac.ru nuclearWeb pages hosted on any academic .Russian web servers which mention nuclear
site:iaea.org iran filetype:pdfPDF documents hosted at iaea web servers which mention iran.
Page 77
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/
Who knows about your topic?(google search terms in red)
Example: Iranian cell phone Company (Irancell-MTN)
Government Regulations, license site:gov.ir irancell
Industry MagazineNews, vendors, maps,Management interviewssite:gsmworld.com iran
Construction vendorTowers, networkssite:vendorsname.com iran
Equipment vendorPhones, networksPress announcementsite:nokia.com iran
Res
ume’
EmployeesResumes,Job Postingsresume irancellsite:linkedin.com irancell
CustomersService issues, technology insightsIrancell forum postsite:mob.ir irancell
Topic’s own websiteMarketing informationPress announcementsite:irancell.ir
Investors Ownership, disclosures
search_upstream.html
Page 78
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/
Mailing Lists
“The web” is TINY
• Many detailed searches are a two-step process
– First find the specialized database
– Then type a very specific query in the database.
World Wide Web (pages.html)
ChatVOIP
Blogs,Forums,
Multi-media
Search engines
Total Online material
SpecializedDatabases
Closed systems
1. Initial Search 2. Detailed Search
search_universes.html
( 1000X larger than the web )
Page 79
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/Lists of Search Engines
• For specific information, use a specialized search tool – Get “deeper” results than a general search engine
• Thousands of search engines are listed
• Search engines are grouped according to the subject they cover
search_tool_specialized.html
70,000 databases
55,000 public record
databases
.com
.net
Page 80
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/Many country resources are onlinecountry_specific_content.html
Phone books
Page 81
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/Many countries sell their domains
• These were just some of the country domains available for sale
• “All Domains” happens to be a licensed “registrar” for these countries.
• There are many additional countries who will sell their domain names to “anyone”
domain_name.html
Page 82
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/Learn about the 2-letter code
• Visit your county’s domain name registrar
–www.iana.org/domains/root/db OR
–www.norid.no/domenenavnbaser/domreg.html
• What is the policy for getting a domain name? (citizenship, trademark, local presence, money)
–What is the cost to register a domain name?
–Are there any censorship clauses?
• Does the registrar require any proof of identity? (drivers license, passport, business license)
• Is there a whois service? (make a bookmark)
domain_name.html
Page 83
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/Each search tool is different
• Each search tool has it’s own unique set of defaults and options
• Take the time to learn the options of each tool
– Don’t assume anything
• These tools are competing, trying to be unique
• Read the help
Page 84
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/
Several open sources can be combined to build a complete picture
fcc.gov filings: “12. C&W USA states that the Apollo Cable landing stations in the United States will be located in New York and New Jersey. In New York, the cable landing station will be located in Tritec Park, Brookhaven Technology Center, Shirley, New York, at coordinates 40º 50 minutes 30 seconds north and 72º 53 minutes 4 seconds west.”
Newspaper / Building Permit Section: “USA Apollo Cable Landing Station, Ramsay Rd. and Precision Dr., site plan-land division station, construct 25,573-square-foot one-story building to house computer equipment for a fiber optic cable landing station on one lot of a two-lot land division in Phase 1. External generators and associated above-ground vaulted diesel fuel tanks to be installed in Phase II. Cable & Wireless USA, Shirley.”
Start with a simple cable map
Nautical Charts show exact Cable locations
Satellite Imagery can follow cable ashore
FCC Filings, Building Permits, etc. provide additional details:
Reference: http://cryptome.org/eyeball/cable/cable-eyeball.htm
Here is the cable landing station
Page 85
Russ Haynal/navigators.com/
Internet Instructor & Speaker
http:/Summary• Internet contains a large, fragmented information space
• Search engines are limited to only billions of “Clickable” pages
• The best content is organized by “people without lives”
• The Internet’s “critical mass” will transcend all other communication technologies
• Change is the only constant
The Future is Clear...Master the Information Superhighway
orBecome Roadkill