protecting your system when you are online

Protecting Your SystemWhen You Are Online

Presented By: Dan BarkerSpecial Projects Manger - Kingdom Telephone Co

Protecting Your System When Online

Overview

This session is designed to:

Put Your Mind At Ease

Inform and Educate

Arm You With The Tools

Make Your Internet Experience Pleasant & Safe


How The Internet Works

A View From 30,000 Ft.


How The Internet Works – A View From 30,000 Ft.

Survivable



Enable different types of computers and devices all talk and communicate together…

Protocols Were Born

TCP/IP

HTTP

POP3 & SMTP

100s of Others



MAILBOX

POSTOFFICE

AIRPLANE

POSTOFFICE

DESTINATION

The rules (protocols) ofthe postal system ensurethat a properlyaddressed letter (format)will reach the destinationthrough a delivery route(transmission).

Protocols



1 2 3

4 5 6

1 2 3

4 5 6

Data that makesup entire e-mail

mesasage

Data that makesup entire e-mail

mesasage

1

ROUTER

4

ROUTER

ROUTER

ROUTER

ROUTER

11

2

2

3

45

5

6

STEP 1

STEP 2

STEP 3

Message being sent Message is received

4

3

6

Message is sent



Because of the true nature and by design the Internet is an OPEN resource, but can

be susceptible to pitfalls.


Your Privacy Online

How To Protect It


Your Online Privacy

Why is my information so important to someone?

Businesses want to gain new customers and keep the customers they have. To do this, they need information.

The more information a business has about a prospect or a customer, the more likely it can meet that customer’s needs or shape its promotions to appeal to those needs.

This is called a “profile.”


Your Online Privacy

Why is my information so important to someone?

Remember when Radio Shack began asking you for your mailing address?

They were leading the way for modern business. Now, virtually every company wants your personal information because their customer database is so valuable.

This is called “Database Marketing”.


Your Online Privacy

Online Forms & Registrations

Websites (Traffic and Web Logs)

Newsgroups

Spyware/Adware

Online Methods Of Getting Your Data


Your Online Privacy

Market additional products to you.

Sell it to a third-party company for a fee or a commission on the products it sells to you.

Trade it as barter for the use of another company's customer database.

What They Do With Your Information

This leads to unwanted email offers, more junk mail, and targeted web sites.


Your Online Privacy

Don’t give out SS # or other personal information.

Don’t respond to surveys or polls unless sure of source – and then only give generic information

Weigh the importance of someone having your information

How To Deal With This…


Your Online Privacy

Other pitfalls will also cause a loss of privacy…

Viruses

Hackers

Online Scams

Adware/Spyware

How would you like having a person follow you around town ?

Recording everything you did…

Reporting back to a company on where you went, what you did, and what you purchased?

Your Online Privacy


Spyware is any software that employs a user's Internet connection in the background without their knowledge or explicit permission.

It typically comes in the form of a small part of a larger program that sits there reporting your every move.

Your Online Privacy


Other privacy invading programs include RealNetworks RealDownload, Netscape/AOL Smart Download, NetZip Download Demon, Comet Cursor

Spyware Infested Software List. (http://www.infoforce.qc.ca/spyware/)

Your Online Privacy


1. Your name as listed in the system registry

2. Your IP address

3. A listing of ALL software that is shown in your registry as being installed.

4. Ad banners you may click on

5. All downloads you do showing the filename/file size/date/time/type of file

6. Full time and date stamps of all your actions while using your browser

7. The dialup number you are dialing in on.

8. Dialup password if saved

Aureate.com

Your Online Privacy


Additional help for this topic can be found at Gibson’s Research web site at www.grc.com which also offers software to assist you in checking your machine and ridding it of this type of invasion.

Your Online Privacy



Email & Spam

Typical junk email comes in the form of:Chain letters

Pyramid schemesGet Rich Quick schemes

Offers for pornographic web sites Stock offerings

Quack health products

Email & Spam


Free Web Hosting(GeoCities, Tripod)

Shareware/Software

Data Mining

Opt-In Email Lists and “Get Paid To Surf” programs.

Forwarded Emails With All Headers (jokes, virus warnings)

Newsgroups & Ebay

Software Registrations

Email & Spam


Complaining – Does it do any good?

If you want to complain, you should forward the message, including the full headers, to the services that handled the message, complaining that you don't want such mail.

What specific address? Use both abuse@[domain] and postmaster@[domain]

If you see the message was routed through AOL, then send it to [email protected] & [email protected]. NOT YOUR ISP

Email & SpamSo What Can I Do?


Never Respond to Spam

Use A Throw Away Address

Use SpamCop – spamcop.net

Don’t Forward Mail With Everyone’s Address

When Filling Out Online Forms – Use Throw Away Address or Bogus Address

Use screen name not email address for Ebay, Chat Rooms, etc.

Email & Spam

So What Can I Do?



Cookies


Cookies

A cookie is a small text file that is planted on your hard disk when you visit certain Web sites. These cookies are stored in your "cookie" folder or subdirectory.

Not all cookies are bad. In order to separate the bad from the good, you need to understand the three basic types of cookies.


Cookies

Type 1: Logon Cookies — These are common where the site requires registration.

Provides you with a convenient way to access the site without having to re-enter your logon information every time you visit

Type 2: Preference Cookies — Example, when you visit a weather site, a cookie may be used to store your zip code, so that you don't have to enter this every time you want to check your local weather forecast.


Cookies

Type 3: Tracking Cookies —Some cookies are used to store information about ads you have clicked on, sites you have visited, and even files you have downloaded.

The goal of this cookie is visitor tracking and is far from innocent. The problem is that this is done without your permission for reasons that are not disclosed.


CookiesI just want to block all cookies.

You can set your security level on most browsers to reject all cookies. There will be some sites that simply don't let you on.

Internet Explorer is set up to allow the creation of cookies; however, you can specify that you be prompted before a site puts a cookie on your hard disk, so you can choose to allow or disallow the cookie.


Cookies

I just want to block all cookies.

IE 6.0 implements advanced cookie filtering based on the Platform for Privacy Preferences (P3P).


Online Scams

Don’t Get Caught In One


Online Scams


Online Scams

Do business with companies you know and trust.

Understand the offer. Look carefully at the information and ask for more information, if needed.

Check out the company's track record. Ask your state or local consumer protection agency.


Online Scams

Be careful to whom you give your financial or other personal information.

You may be better off paying by credit card than with a check, cash or money order.


Online Scams

Don't ever buy an item that you learn about via bulk email ("spam").

If you are buying something at a reputable online auction site, always check out the references for the seller and only buy from sellers who have good references.

Use common sense and trust your intuition.


Viruses/Trojans


Viruses/Trojans

Many times a message is attached with a file that gives the user the impression that he is receiving a new screen saver or game.

When in fact when the recipient executes this small attachment not only does it install a visible application but also a silent and hidden application as well.

The silent application the user just installed will allow a remote computer to access all applications on the users computer hard drive.


Viruses/Trojans

Good Health Comes From…

Install and USE and Virus Program

Virus programs should be kept up to date!

Check If Your Provider Offers Email Virus Scanning

The best defense is treat every attachment with caution – EVEN IF YOU KNOW THE SENDER

“Shoring Up Defenses”

One of best according to many reviews and sources is Zone Alarm.

The “light version” can be downloaded at www.zonealarm.com for free.

Viruses/Trojans



Hoaxes & Urban Legends



Internet hoaxes and chain letters are e-mail messages written with one purpose; to be sent to everyone you know. The messages they contain are usually untrue.

Hoax messages try to get you to pass them on to everyone you know using several different methods of social engineering.



If the warning uses the proper technical jargon, most individuals, including technologically savvy individuals, tend to believe the warning is real.

Spammers will use this method to get email addresses.

This lends itself to -

Trust in authority

Excitement

Sense of importance or belonging



Netscape and AOL have recently merged to form the largest internet company in the world.

In an effort to remain at pace with this giant, Microsoft has introduced a new email tracking system. This email is a beta test of the new software and Microsoft has generously offered to compensate whoever participates in the testing process.

For each person you send this email to, you will be given $5. For every person they give it to, you will be given an additional $3. For every person they send it to you will receive $1.



Curt B. Please Forward Chain Letter

Dear FriendsMy name is Curt and I live in Charleston, SC. My son Jermaine recently was hit by a car in front of our apartment.

Taco Bell Chihuahua

This is SOOOOOO Cool!!!!!! You Have to see this!!!!!! It is SOOO cute that the people that HAVE seen this keep asking me to send it to them again!!

Send this to 1-7 people and you will see the little Taco Bell Chihuahua walk to the middle of you screen and he will say "Yo Quiro Taco Bell."


Hoaxes & Urban LegendsFederal Bill 602p Guess the warnings were true. Federal Bill 602P 5-cents per E-mail sent. It figures! No more free E-mail! We knew this was coming!! Bill 602P will permit the Federal Government to charge a 5-cent charge on every deliveredE-mail. Washington DC lawyer Richard Stepp is working without pay to prevent this legislation from becoming law. The US Postal Service is claiming lost revenue, due to the proliferation of E-mail, is costing nearly$230,000,000 in revenue per year. Send this E-mail to EVERYONE on your list, and tell all your friends andrelatives to write their congressional representative and say "NO" to Bill 602P. PLEASE FORWARD!



1. Note whether the text was actually written by the person who sent it to you. If not, be skeptical.

2. Look for the telltale phrase, "Forward this to everyone you know."

3. Look for statements like "This is not a hoax" or "This is not an urban legend." They usually mean the opposite of what they say.

4. Look for overly emphatic language, the frequent use of UPPERCASE LETTERS and multiple exclamation points!!!!!!!

5. If the message seems geared more to persuade than to inform, be suspicious. Hoaxers are out to push emotional buttons.

6. Check for references to outside sources. Hoaxes will not typically name any, nor link to Websites with corroborating information.



DO NOT circulate warnings without first checking with an authoritative source. Authoritative sources are your computer system security administrator, your computer incident handling team, or your antivirus vendor.

Most anti-virus companies have a web page containing information about most known viruses and hoaxes.


Instant Messengers

Viruses

Privacy

Could be problem for children

Set Some Rules For Their Use!


Password Defenses


Password Defenses

Use passwords and change them often

Start by observing the following rules:

Rule #1: Don't use common words. This includes words like "password," "admin," your first name, your last name, your mother's maiden name, or your birth date. These are the first passwords hackers will try.


Password Defenses

Rule #2: Don't use real words. Instead use a combination of letters, numbers, and punctuation.

Rule #3: Don't use the same password for every application. If you do, once someone cracks one password, they have effectively cracked all of them.


Kids Online


Kids Online

Teach your children to check with you before giving out personal — or family — information and to look for privacy policies when they enter a web site that asks for information about them.

Consider parental filtering services available from your provider or in the form of software to monitor and restrict your children’s access.


Kids Online

Finally, and I cannot stress this enough… know what your kids are doing online.

Do not use the Internet as a replacement for a babysitter and technology doesn’t replace good parenting.

Kids can get into areas where they shouldn’t -- even by accident.


Safety Test


Safety Test Purchase a leading anti-virus software package, one that will scan incoming mail messages and files on-access automatically.

Update anti-virus software definitions weekly, if not more often (ideally, the AV software should update the virus definitions automatically.)

Use the anti-virus software to run full disk scans (i.e. scan the entire computer) monthly, if not more often. Full disk scans should also be scheduled to run automatically.

Learn how to identify virus hoaxes from real threats.

Install a firewall, such as Zone Alarm or BlackIce, which is free to home users, to protect against Trojans and other unauthorized access to a machine.

Scan all floppies, CDs, or other external media that have been used on external systems or that you receive from others.


Safety Test Do not open attachments unless absolutely necessary, especially if they are sent by someone unknown to the recipient.

Do not open EXE, BAT, VBS, and SCR type attachments ever, since they are common vectors for virus/malware infections. Consider installing updated packages or the Security Updates, to block such attachments.

Always scan attachments manually with antivirus software before opening them, if they must be opened.

Consider using a plain text (non-HTML) e-mail reader such as Eudora.

If possible, set your e-mail client to send messages in plain text (for Outlook go to Tools/Options/Mail Format, and then choose Plain text from the windows below). HTML mail is a potential risk and allows for snooping and malicious code infection


Safety Test It is strongly suggested to disable dangerous web features, such as ActiveX. For more information on ActiveX dangers see www.digicrime.com

Disabling JavaScript is recommended, but may be unrealistic for some users, as many web sites use it for navigation. JavaScript can be used to steal e-mail passwords, form contents and even modify the Windows registry where the system settings and some passwords are recorded.

Turn off Windows file sharing: If sharing must be enabled, make sure it is password protected, only sharing necessary directories.

Avoid the use of insecure network applications such as ICQ, AIM or IRC for discussing private information. The content of such communication can be seen by third parties, used for attacking your system and deploying viruses.


Safety Test Perform system manufacturer security patch updates on a regular basis.

Backup your files regularly on ZIP disk or CD-ROM. This measure ensures that vital information will not be lost in the case of viruses and general hardware failures.

Ensure that effective passwords are used. Passwords should also be changed on a regular basis.

Set up company or family rules of use to ensure everyone has a safe experience.

Privacy IssuesRadiate Spyware List www.radiate.com/consumers/products.html

Spyware Infested Software List. www.infoforce.qc.ca/spyware/

Tracking Spyware on Your Systemwww.grc.com

Federal Trade Commission’s Site on Privacywww.ftc.gov/bcp/conline/edcams/kidzprivacy

Federal Trade Commission’s Safe Harborhttp://www.ftc.gov/privacy/safeharbor/

Credits


Unsolicited Email and Spam Issues

Coalition Against Unsolicited Commercial Emailwww.cauce.org

Network Abuse Clearinghousewww.abuse.net

SpamCop - punish spammers www.spamcop.net

Credits


Virus Issues

The Cleanerwww.moosoft.com

McAfeewww.mcafee.com

Norton Anti-Viruswww.norton.com

F-Securewww.f-secure.com

Credits


Children On The NetDept of Justice’s Kids Pagewww.usdoj.gov/kidspage/

Kids Guide to Dos and Don’tswww.usdoj.gov/kidspage/do-dont/kidinternet.htm

Other InfoFTC’s Guide to Buying and Selling on the Netwww.ftc.gov/bcp/conline/pubs/online/auctions.htm

www.fraud.org

www.quackwatch.com

Credits


[email protected]

Questions?

protecting your system when you are online

Documents