Do You Practice Safe Surfing Internet Security

1
Do You Practice Safe Surfing? Internet Security
PrivacyPresented by John Spear
2
At the end of this session Id like you to be

• AWAKE
• AWARE of new technology you can immediately put
  to use
• KNOWLEDGEABLE about strategic uses of
  technologies that lie ahead
• INCLINED TO COMMUNICATE with colleagues about the
  tools, sites and issues weve discussed
• SURPRISED at something you learned here today.

3

• "The right to be left alone -- the most
  comprehensive of rights, and the right most
  valued by civilized men. To protect that right,
  every unjustifiable intrusion by the government
  upon the privacy of the individual, whatever the
  means employed, must be deemed a violation of the
  Fourth Amendment."
• -- Justice Louis Brandeis, Olmstead v. U.S.,
  1928
• "You already have no privacy. So get over it."
• -- Scott McNeeley, President, Sun
  Microsystems, 1999

4
Overview

• The CONCERN factor (Data storage/transfer)
• Financial details (e.g. credit cards)
• Personal information (street address, phone
  number, medical history, etc.)
• Behavior patterns (cookies spyBots)
• The ANNOYANCE factor
• Cookies
• Ads
• SPAM (phone snail mail solicitation)
• DoS (crackers, denial of service attacks)

5
1. Whats already out there?

• Paid search services
• www.ussearch.com
• www.lostpeople.com
• www.usafind.com
• Personal directories
• http//people.yahoo.com
• Googles Phone Book

6
2. Password strategies

• Easy to remember
• Memorize!
• If you must write down no Post-Its on monitor!
• Keep secret, even from family, friends spouse
• Letters, numbers characters gibberish is
  better than words
• Upper- lower-case

• No names, pets, address, nickname, birth date
  anything that could be guessed
• At least eight characters
• Extended ASCII (Alt)
• Change every six to eight weeks
• Different passwords for each service

7
3. Cover your tracks online

• Remember to log out!
• Internet cafes
• Airport lounges
• Kiosks
• Dont forget home work
• Dont select Remember me next time
• Be aware of employer tracking
• Ultimately, server security

8
4. Data security Firewalls

• Test your system with Shields Up! at
  http//grc.com
• Get a firewall. Period.
• Zone Alarm www.zonelabs.com
• Sygate Personal Firewall www.sygate.com (free)
• McAfee Personal Firewall Plus www.mcafee.com
• Norton Personal Firewall www.norton.com
• Dont forget about physical security!

9
5. Data security Viruses

• Varieties Spyware, worms, Trojan Horses, logic
  bombs, web bugs, adware
• Keep your software updated
• Establish automatic virus protection updates
• Avoid Windows 95, 98 ME in favor of Windows NT,
  2000 Professional and XP
• Windows Update in Start menu
• Beware file attachments
• File extensions .exe, .vbd, .dll, .bat, .com
• 95 of viruses are spread from someone you know
• Back up your data, just in case

10
6. Data security Identity theft

• Dont reveal your SSN to any site
• Review your credit reports for error /or fraud
  every 6-12 months Experian, Equifax, TransUnion
• Opt-out of credit solicitations Call
  800/567-8688
• Get off DMA members lists at www.dmaconsumers.org
  /consumerassistance.html
• Keep abreast of rapidly changing telemarketing
  regulations at www.ftc.gov/privacy
• Dont list address in phone book / Get P.O. Box
• Know how to fight back
• Enigma www.find.pcworld.com/26402
• More tips www.projectliberty.org

11
7. Data security Buying online

• Secure server robust encryption
• Reputable vendor
• Read the privacy policy
• Trustmarks/Seals (Truste, BBBOnline, Verisign)
• Verify at www.resellerratings.com and
  www.bbbonline.com
• Credit card with low limit
• Payment services (Amex Private Payments, PayPal)
• Recourse www.planetfeedback.com,
  www.bbbonline.com

12
8. Serious solutions

• Encryption
• Email PGP at www.find.pcworld.com/26421 (free)
  and Sigaba at www.sigaba.com ()
• Files www.centuriansoft.com, www.linksoft.com,
  www.applian.com
• Wireless WEP, WPA, AES
• Integrated solutions
• www.onlineprivacystore.com
• www.norton.com www.mcafee.com
• EFS NTFS
• Foundstone (www.foundstone.com)

13
9. Data privacy Cookies

• Cookies are good
• Cookies are bad
• Browser cookie security settings
• Deleting cookies
• Cookie managers
• Cookie Crusher at www.find.pcworld.com/26424
• www.download.com

14
10. Data privacy Ads

• Banner ads, pop-ups, pop-unders, animated,
  SpyWare
• Transmission methods
• Application downloads
• File-sharing sites (e.g. Kazaa)
• Solution Ad-Aware at www.lavasoft.de/software/ada
  ware
• Try a new browser Opera Mozilla

15
11. Data privacy SPAM

• Dont fill out that form!
• Beware the little check boxes
• Dont reply to unscrupulous spammers
• Use In Box protectors filtering
• Get a free, web-based email account
• Dont get harvested (munge your address)
• One-use email accounts www.sneakmail.com
• Further resources www.junkbusters.com,
  http//cexx.org
• Legislation? Dont hold your breath

16
12. Advocacy

• All fired up? Here are some resources
• www.righttoprivacy.com
• www.privacyrights.org
• www.eff.org
• www.epic.org
• www.prif.org