Security%20of%20Cookies%20In%20A%20Public%20Computer%20Lab%20Setting

1
Security of Cookies In A Public Computer Lab
Setting

• Russell Fech
• November 30, 2000

2
Outline

• Introduction of Cookies
• Problem Statement
• Motivation/Importance
• Objective
• Research Plan
• Assumptions
• Conclusion

3
What are cookies?

• Cookies are a general mechanism which server
  side connections can use to both store and
  retrieve information on the client side of the
  connection. - Netscape
• Also known as Magic Cookies
• Cookies can only be read by the website that
  issued them

4
Types of cookies

• Persistent
• Stored on hard drive for the long time duration
• Non-persistent
• Stored only for the current session of the web
  browser

5
Where are the cookies?

• Cookies exist on both major web browsers
• Netscape stores all cookies in the cookies.txt
  file in a Netscape directory
• Internet Explorer stores individual cookies as
  text files in a cookies directory

6
Why use cookies?

• Used to keep track of the client session state
• Allows the Full Web Experience
• Rotating banners
• Electronic shopping carts
• Password saving
• Data mining
• Other uses

7
Why use cookies?

• Web browsers do not keep continuous connections
  to the web sites
• Cookies send the information to reestablish
  connections
• Web sites keep information about users to
  customize the Full Web Experience

8
Problem Statement

• With the emergence of cookies, many users are
  unknowingly releasing data about themselves
• Win95/98 does not provide security to protect
  users cookies
• Cookies are not designed to be used in a
  multi-user environment

9
Problem Statement

• There are methods to eliminate/disallow the use
  of cookies, but this blocks the Full Web
  Experience

10
Motivation/Importance

• With the controversy concerning the safety of
  cookies, it is in the best interest of the
  administrator to ensure the security of user
  information being transmitted to web sites

11
Motivation/Importance

• Protect the user from cookie crime
• Protect the subsequent users from getting
  unwanted advertisement
• If cookie theft occurs, the administration may be
  held accountable, however, if the cookies are
  cleared off, there will be no such threat

12
Objective

• Evaluate the use of cookies in public lab
  settings
• Develop a hands-off approach to protect users
  against the cookies threat by providing a
  transparent layer of protection
• Provide formidable arguments why users need
  protection from cookies

13
Research Plan

• Review current methods that attempt to solve the
  cookie security problems
• Test these methods in a lab setting and review
  their performance
• Improve on these methods

14
Methods and Problems

• Disable cookies completely
• Provides high security because no cookies are
  formed
• Takes away from the Full Web Experience
• Clear cookies at startup/shutdown
• Safer than no protection, but requires a user to
  do something

15
Methods and Problems

• Intercept the web browser and clean after exiting
• High security, cleans up cookies when the user
  shuts down the web browser
• Mischievous user may disable the program in
  some fashion
• Program may crash

16
Assumptions

• Use of Win 95/98
• Win95/98 does not provide any security for files
  or folders
• Most other operating systems protect users
  because they require users to log into an account
  in which their data is saved in a secured area

17
Resources and Special Needs

• Public computer lab
• Computers with Win95/98
• Various cookie security methods
• Disabling cookies
• Batch file deletion of cookies
• User deleting cookies themselves
• Cookie Crunching Software
• Most are free and easily obtainable over the
  internet

18
Conclusion

• With the threat of mischievous users and the
  possible misuse of cookies, it is up to the
  administration to protect users from as many
  threats as possible.
• Cookie security continues to be under major
  dispute. If cookies are cleared from computers
  in a lab setting the administration is no longer
  prone to receiving any future threat to cookies.

19
Questions?

• Questions?