180 likes | 316 Views
Mastering the Internet, XHTML, and JavaScript. Chapter 6 Security and Privacy. Goals and Objectives Chapter Headlines Introduction Fraud Crackers Firewalls P3P. Outline. Sniffing and Web Bugs Stalking Censorship TRUSTe EPIC .NET Passport Liberty Alliance Project.
E N D
Mastering the Internet, XHTML, and JavaScript Chapter 6 Security and Privacy
Goals and Objectives Chapter Headlines Introduction Fraud Crackers Firewalls P3P Outline • Sniffing and Web Bugs • Stalking • Censorship • TRUSTe • EPIC • .NET Passport • Liberty Alliance Project Chapter 6 - Security and Privacy
Goals and Objectives • Goals Understand and master the important issues of web security and privacy, know your online rights, configure browsers for tighter security and better privacy, and find out how to protect the exchange of sensitive data online. • Objectives • Web security and privacy issues • Fraud, crackers, and firewalls • P3P • Sniffing, stalking, and censorship • EPIC • TRUSTe • .NET Passport • Liberty Alliance Project Chapter 6 - Security and Privacy
Chapter Headlines • 6.1 Introduction • Find out what effects your security and privacy on the Web • 6.2 Fraud • Do not fall victim to internet fraud; check online resources for help • 6.3 Crackers • They use system identity to launch attacks • 6.4 Firewalls • Put a wall between a network and internet to prevent computer fire • 6.5 P3P • P3P helps web surfers protect their privacy • 6.6 Sniffing and Web bugs • It allows unauthorized information access Chapter 6 - Security and Privacy
Chapter Headlines • 6.7 Stalking • Fight web stalking and ask for help immediately • 6.8 Censorship • Internet is the worst enemy of censorship • 6.9 TRUSTe • This seal of approval ensures maximum online privacy • 6.10 EPIC • EPIC views content filtering as a form of suppression of speech • 6.11 .NET Passport • Reduces the burden of online registrations • 6.12 Liberty Alliance Project • Provides security and efficiency to use web services Chapter 6 - Security and Privacy
Introduction • Web security is a complex issue that deals with : • Computer and network security • Authentication services • Message validation • Cryptography • Personal privacy issues • A breach of web security causes financial and other damage • Web security includes : • Authentication • Authorization • Privacy • A user must view a web site’s privacy policy Chapter 6 - Security and Privacy
Fraud • Internet fraud is most common in credit card use and internet investing • Consumer protection is offered by credit card companies • The four schemes of investment frauds are : • Pump and Dump Scam: urges investors to buy/sell stock urgently • Pyramid Scam: how to earn money by working from home • Risk free Fraud: offers investors low-risk investment opportunties • Off-shore Fraud: takes advantages of currency fluctuations and economic systems of other contries • Internet Fraud Complaint Center (IFCC), Internet National Fraud Information Center (INFIC), and Fraud Bureau (FB) are organizations that alert users and avoid frauds Chapter 6 - Security and Privacy
Crackers • Crackers disable networks by launching attacks through web servers and other public access nodes • The motivation is Personal Satisfaction or Social Attention • Firewall provides protection from crackers • An administrator’s job is to create a cracker-resistant system and not a cracker-proof one • A cracker can : • Erase data files • Modify data files • Sell them to others • Use system identity to attack other computers Chapter 6 - Security and Privacy
Firewalls • Firewalls are used for security purposes • Firewalls use one or more the following three methods to control traffic flow : • Packet filtering : analyzes TCP packets against a set of filters • Proxy service : the firewall sends/receives information • Stateful inspection : compares key parts of packets to a database of trusted information • Firewalls are customizable, an administrator can set the level of security provided by a firewall according to system needs Chapter 6 - Security and Privacy
P3P • P3P protocol is all about getting the server and the client to be up front about which personal data is collected and used • P3P does not give users more privacy, it only allows them to exercise personal data preferences • P3P policy editors are important to developers • Major browsers and web sites are P3P enabled and compliant • Cookies are viewed as precursors to P3P • P3P 1.0 specs. tells servers and clients how to implement the P3P protocol • P3P complements existing security and privacy efforts Chapter 6 - Security and Privacy
Sniffing and Web Bugs • Sniffing is the act of collecting information about web surfers without their prior knowledge • Sniffing may be good or bad • Sniffing is used to monitor and analyze network traffic and detect and avoid bottlenecks • Web bug is a piece of invisible code or file in a web page to collect data about web users • Web bugs can install files on users’ computer • Three types of bugs can be identified • Image file • Executable bugs • Script based executable bugs Chapter 6 - Security and Privacy
Stalking • Stalking on the web means to harass someone by spamming, flaming and other such activities • Web stalkers hide their true personalities • To fight stalking : • Work as a team • Be patient • Ignore stalkers • Change ISPs • Avoid meeting strangers online • To report stalking problem go to http://www.cybercrime.gov/reporting.htm Chapter 6 - Security and Privacy
Censorship • Internet is the best medium for freedom of speech • The internet eliminates awkward ways of smuggling information across foreign borders • The attempt to ban or regulate access to information is censorship • Oppressive regimes can censor the internet • There are ways to fight internet censorship : • Smuggle information via networks of underground correspondents Chapter 6 - Security and Privacy
TRUSTe • TRUSTe is an independent, non-profit privacy auditing service • It promotes trust of privacy between users and web sites • TRUSTe logo on a web site ensures protection of information • It advocates users’ privacy rights • Consumer Privacy Protection guidelines have 6 tips • Read privacy policy • Look for approved seals • Credit card purchase protection laws are same for online shopping and malls • Use secure servers • Use common sense • Teach children to be “cybersmart” Chapter 6 - Security and Privacy
EPIC • EPIC stands for Electronic Privacy Information Center • It is a public interest research center established to protect privacy • EPIC has many interesting publications in the form of books and reports • Two important publications are : • Privacy Law Source book • Filters and Freedom 2.0 : Free speech perspectives on internet content and controls • EPIC works for web users Chapter 6 - Security and Privacy
.NET Passport • .NET Passport is a Microsoft service that allows users to perform online purchases with the use of one single login name • .NET Passport consolidates web services • A user must create a .NET Passport Profile to register • .NET passport needs to use personal information and cookies to operate • .NET Passport is a member of TRUSTe privacy program • Visit http://www.passport.net for registration and information Chapter 6 - Security and Privacy
Liberty Alliance Project • LAP is a collaboration of companies and organizations to develop and deploy an open, federated solution of internet identitys • LAP is important to the future of web services • LAP enables consumers and businesses to maintain personal information securely • LAP specifications define a principal that mediates authentication between and identity provider and a service provider • The LAP concept can bring great financial and other benefits to both consumers and businesses Chapter 6 - Security and Privacy
Summary • Web security is a complex issue • A user must be aware of web based frauds • One must try to build a cracker-resistant system • Firewalls prevents unauthorized access to a computer • P3P works with existing privacy and security efforts • Sniffing and web bugs may be good or bad • Stalking on the web is an important issue • A user must fight internet censorship • Visit http://www.truste.org for information about TRUSTe • EPIC works for web users • .NET passport consolidates web services • LAP is important to the future of web services Chapter 6 - Security and Privacy