Mastering the Internet, XHTML, and JavaScript

1
Mastering the Internet, XHTML, and JavaScript

• Chapter 6
• Security and Privacy

2
Outline

• Goals and Objectives
• Chapter Headlines
• Introduction
• Fraud
• Crackers
• Firewalls
• P3P

• Sniffing and Web Bugs
• Stalking
• Censorship
• TRUSTe
• EPIC
• .NET Passport
• Liberty Alliance Project

3
Goals and Objectives

• Goals
• Understand and master the important issues of
  web security and privacy, know your online
  rights, configure browsers for tighter security
  and better privacy, and find out how to protect
  the exchange of sensitive data online.
• Objectives
• Web security and privacy issues
• Fraud, crackers, and firewalls
• P3P
• Sniffing, stalking, and censorship
• EPIC
• TRUSTe
• .NET Passport
• Liberty Alliance Project

4
Chapter Headlines

• 6.1 Introduction
• Find out what effects your security and privacy
  on the Web
• 6.2 Fraud
• Do not fall victim to internet fraud check
  online resources for help
• 6.3 Crackers
• They use system identity to launch attacks
• 6.4 Firewalls
• Put a wall between a network and internet to
  prevent computer fire
• 6.5 P3P
• P3P helps web surfers protect their privacy
• 6.6 Sniffing and Web bugs
• It allows unauthorized information access

5
Chapter Headlines

• 6.7 Stalking
• Fight web stalking and ask for help immediately
• 6.8 Censorship
• Internet is the worst enemy of censorship
• 6.9 TRUSTe
• This seal of approval ensures maximum online
  privacy
• 6.10 EPIC
• EPIC views content filtering as a form of
  suppression of speech
• 6.11 .NET Passport
• Reduces the burden of online registrations
• 6.12 Liberty Alliance Project
• Provides security and efficiency to use web
  services

6
Introduction

• Web security is a complex issue that deals with
• Computer and network security
• Authentication services
• Message validation
• Cryptography
• Personal privacy issues
• A breach of web security causes financial and
  other damage
• Web security includes
• Authentication
• Authorization
• Privacy
• A user must view a web sites privacy policy

7
Fraud

• Internet fraud is most common in credit card use
  and internet investing
• Consumer protection is offered by credit card
  companies
• The four schemes of investment frauds are
• Pump and Dump Scam urges investors to buy/sell
  stock urgently
• Pyramid Scam how to earn money by working from
  home
• Risk free Fraud offers investors low-risk
  investment opportunties
• Off-shore Fraud takes advantages of currency
  fluctuations and economic systems of other
  contries
• Internet Fraud Complaint Center (IFCC), Internet
  National Fraud Information Center (INFIC), and
  Fraud Bureau (FB) are organizations that alert
  users and avoid frauds

8
Crackers

• Crackers disable networks by launching attacks
  through web servers and other public access nodes
• The motivation is Personal Satisfaction or Social
  Attention
• Firewall provides protection from crackers
• An administrators job is to create a
  cracker-resistant system and not a cracker-proof
  one
• A cracker can
• Erase data files
• Modify data files
• Sell them to others
• Use system identity to attack other computers

9
Firewalls

• Firewalls are used for security purposes
• Firewalls use one or more the following three
  methods to control traffic flow
• Packet filtering analyzes TCP packets against
  a set of filters
• Proxy service the firewall sends/receives
  information
• Stateful inspection compares key parts of
  packets to a database of trusted information
• Firewalls are customizable, an administrator can
  set the level of security provided by a firewall
  according to system needs

10
P3P

• P3P protocol is all about getting the server and
  the client to be up front about which personal
  data is collected and used
• P3P does not give users more privacy, it only
  allows them to exercise personal data preferences
• P3P policy editors are important to developers
• Major browsers and web sites are P3P enabled and
  compliant
• Cookies are viewed as precursors to P3P
• P3P 1.0 specs. tells servers and clients how to
  implement the P3P protocol
• P3P complements existing security and privacy
  efforts

11
Sniffing and Web Bugs

• Sniffing is the act of collecting information
  about web surfers without their prior knowledge
• Sniffing may be good or bad
• Sniffing is used to monitor and analyze network
  traffic and detect and avoid bottlenecks
• Web bug is a piece of invisible code or file in a
  web page to collect data about web users
• Web bugs can install files on users computer
• Three types of bugs can be identified
• Image file
• Executable bugs
• Script based executable bugs

12
Stalking

• Stalking on the web means to harass someone by
  spamming, flaming and other such activities
• Web stalkers hide their true personalities
• To fight stalking
• Work as a team
• Be patient
• Ignore stalkers
• Change ISPs
• Avoid meeting strangers online
• To report stalking problem go to
  http//www.cybercrime.gov/reporting.htm

13
Censorship

• Internet is the best medium for freedom of speech
• The internet eliminates awkward ways of smuggling
  information across foreign borders
• The attempt to ban or regulate access to
  information is censorship
• Oppressive regimes can censor the internet
• There are ways to fight internet censorship
• Smuggle information via networks of underground
  correspondents

14
TRUSTe

• TRUSTe is an independent, non-profit privacy
  auditing service
• It promotes trust of privacy between users and
  web sites
• TRUSTe logo on a web site ensures protection of
  information
• It advocates users privacy rights
• Consumer Privacy Protection guidelines have 6
  tips
• Read privacy policy
• Look for approved seals
• Credit card purchase protection laws are same for
  online shopping and malls
• Use secure servers
• Use common sense
• Teach children to be cybersmart

15
EPIC

• EPIC stands for Electronic Privacy Information
  Center
• It is a public interest research center
  established to protect privacy
• EPIC has many interesting publications in the
  form of books and reports
• Two important publications are
• Privacy Law Source book
• Filters and Freedom 2.0 Free speech
  perspectives on internet content and controls
• EPIC works for web users

16
.NET Passport

• .NET Passport is a Microsoft service that allows
  users to perform online purchases with the use
  of one single login name
• .NET Passport consolidates web services
• A user must create a .NET Passport Profile to
  register
• .NET passport needs to use personal information
  and cookies to operate
• .NET Passport is a member of TRUSTe privacy
  program
• Visit http//www.passport.net for registration
  and information

17
Liberty Alliance Project

• LAP is a collaboration of companies and
  organizations to develop and deploy an open,
  federated solution of internet identitys
• LAP is important to the future of web services
• LAP enables consumers and businesses to maintain
  personal information securely
• LAP specifications define a principal that
  mediates authentication between and identity
  provider and a service provider
• The LAP concept can bring great financial and
  other benefits to both consumers and businesses

18
Summary

• Web security is a complex issue
• A user must be aware of web based frauds
• One must try to build a cracker-resistant system
• Firewalls prevents unauthorized access to a
  computer
• P3P works with existing privacy and security
  efforts
• Sniffing and web bugs may be good or bad
• Stalking on the web is an important issue
• A user must fight internet censorship
• Visit http//www.truste.org for information about
  TRUSTe
• EPIC works for web users
• .NET passport consolidates web services
• LAP is important to the future of web services