iMinistry: Website

1
iMinistry Website Internet Security Issues

• Ernest Staats
• Technology Director
• MS Information Assurance, CISSP, CEH, MCSE, CNA,
  CWNA, CCNA, Security, I-Net, Network, Server,
  A
• erstaats_at_gcasda.org Resources available _at_
  http//www.es-es.net/2.html

2
Two Sides to Every Issue

• Let every worker in the Master's vineyard, study,
  plan, devise methods, to reach the people where
  they are. --Ev 122, 123.
• How do we take advantage of the new and exciting
  technologies while at the same time keeping our
  visitors Safe?

3
iMinistry Examples

• The Consumer Electronics Association of America
  says that the average American home now has 26
  different electronic devices for communication
  and media. The Consumer Electronics Association
  of America also tracks sales and consumer
  references for 53 separate gadgets.1
• 50 of online Americans use the Internet
  wirelessly
• 63 of Internet users go online from someplace
  other than work or home
• 73 of American adults use the Internet
• 94 of American teens use the Internet
• 44 of American homes have high-speed broadband
  connections

4
Safety Considerations

• Be careful what your online name means or could
  mean
• Choose your words and photos wisely
• Never use full names of anyone under the age of
  18
• Have a media release for everyone who is going to
  be in your photos/videos
• Everything put online stays online forever
• Never give out or store personal information on
  your website

5
Web 2.0 Security risks
6
To Tweet or Not, That is the Question

• Social networking sites, such as Facebook, which
  were once only considered to be consumer
  applications, are quickly moving into every
  environment.
• Many organizations are struggling with allowing
  their employees to use Web 2.0 tools responsibly
  without sacrificing security and compliance
  requirements. Web 2.0 have created both a risk of
  data leaks as well as a new channels for malware.
  
• IDC believes Web 2.0 technologies, if used
  securely, can help organizations increase
  collaboration and productivity and drive revenue.
  This is especially important in today's tough
  economic climate.
• The advances in Web 2.0 technologies require a
  new generation of Web security tools that go well
  beyond traditional URL filtering

7
Sources Information Leaks
8
Data Leakage HTTP
9
Your browser is HACKED
I Recommend using Firefox
10
A shift in Network Security

• Old filtering software does not
• Work well to protect your information

11
COPPA Does it Apply?

• Children's Online Privacy Protection Act
• The rule applies to the following
• Operators of commercial websites or online
  services directed to children under 13 that
  collect personal information from children
• Operators of general audience sites that
  knowingly collect personal information from
  children under 13
• Operators of general audience sites that have a
  separate children's area and that collect
  personal information from children

12
COPPA Requirements

• A site must obtain parental consent before
  collecting, using, or disclosing personal
  information about a child
• A site must post a privacy policy on the homepage
  of the website and provide a link to the privacy
  policy everywhere personal information is
  collected
• A site must allow parents to revoke their consent
  and delete information collected from their
  children
• A site must maintain the confidentiality,
  security, and integrity of the personal
  information collected from children

13
Privacy Policy Must Include

• Types of personal information they collect from
  kidsname, home address, e-mail address, or
  hobbies
• How the site will use the informationfor
  example, to market to the child who supplied the
  information, to notify contest winners, or to
  make the information available through a childs
  participation in a chat room
• Whether personal information is forwarded to
  advertisers or other third parties
• A contact person at the website Including Phone
  number, Snail Mail, and Email

14
Report all Data Collected

• Network Traffic Logs
• In addition to the personal information described
  above, our system collects server log data (also
  called clickstream data) that may include an IP
  address, the type of browser and operating system
  used, the time of day visited, the pages viewed
  and the information requested through searches.
  We aggregate this data and use it for statistical
  purposes, helping us to understand, for example,
  the amount of interest in portions of our Web
  site and ways to improve the navigation and
  content of our Web site.

15
IMAGE RELEASE FORM

• For value received, I hereby consent and
  authorize the INSERT ORGANIZATION NAME
  (____), or its assigns, to use my name and/or
  the names of my family members who are minors, as
  listed below, as well as my likeness, photos,
  videos and other information (or that of family
  members who are minors) for the purpose of news
  releases, advertising, publicity, publication or
  distribution in any manner whatsoever. I further
  consent to such use in their present form and to
  any changes, alterations, or additions thereto.
  I hereby release INSERT NAME OF ORGANIZATION
  from all liability in connection with all such
  uses.
•  
• Dated this day of , 20 .

16
General Guidelines

• Make sure you have a written privacy policy
• Make sure you have a media release form as a part
  of your privacy policy
• Collect as little information as possible and
  make sure it is stored safely
• Be careful of what you post online and of what
  you say to youth online
• You are responsible for everything you POST or
  collect online

17
The Reality of Web2.0 World

• Young people are being targeted and information
  collected about them is used to locate them.
• We must be careful what information we post about
  young people online
• Easily tracked the reality

18
Networking 2.0
19
Why Care Some Statistics

• A child goes missing every 40 seconds in the
  U.S, over 2,100 per day (OJJDP)
• In 2005 662,196 children were reported lost,
  runaway, or kidnapped (ncmec)
• 2/3 of all missing children reports were for
  youths aged 15-17 (ncmec)
• 2/5 missing children ages 15-17 are abducted due
  to Internet activity (ICAC)
• Do the mathover 2 million teens age 15-17 are
  abducted due to Internet activity since the
  internet has been around

20
Info Mining with Google

• Google search string
• sitemyspace.com birthday
• sitemyspace.com "phone number
• Place name in quotation marks (use variations)
• First (Jon) Last -- Legal First (Jonathan)
  Last
• Information that the Google Hacking Database
  identifies
• Advisories and server vulnerabilities
• Error messages that contain too much information
• Files containing passwords
• Sensitive directories
• Pages containing logon portals
• Pages containing network or vulnerability data
  such as firewall logs. http//johnny.ihackstuff.co
  m/ghdb.php

21
Keep Data Secure Web 2.0

• Continued Education of Computer Users
• Dont click on strange links (avoid
  tempt-to-click attacks)
• Do not release personal information online
• Use caution with IM and SMS (short message
  service)
• Avoid social networking sites
• Dont e-mail sensitive information
• Dont hit reply to a received -email containing
  sensitive information
• Require mandatory VPN (virtual private network)
  use over wireless networks

22
Data Secure Web 2.0 cont.

• Host-Based Technology
• Require hard drive encryption on all laptops
• Control the use of portable storage media by
  managing desktops
• Require the use of personal/desktop firewall
  software
• Require the use of personal/desktop anti-malware
  software
• Consider implementing document management systems

23
Secure your Network

• Network-Based Technology
• Deploy network intrusion prevention (IPS)
• Consider network admission control (NAC)
• Implement information leakage detection and
  prevention
• Consider IP reputation-based pre-filtering
  solutions
• Run vulnerability scans on your network

24
Online Design Strategies

• Define and articulate your PURPOSE
• Build flexible, extensible gathering PLACES
• Create meaningful and evolving member PROFILES
• Design for a range of ROLES
• Develop a strong LEADERSHIP program

• 6. Promote cyclic EVENTS
• Integrate the RITUALS of community life
• Facilitate member-run SUBGROUPS
• Build site for quick SCANNING
• Write text in short chunks CHUNKING

25
iMinistry Website and Internet Security Issues

• Ernest Staats
• erstaats_at_es-es.net
• My Site
• es-es.net
• More Resources at
• http//www.es-es.net/2.html