Security and Privacy Issues for Internet Users

Russ Haynal Internet Instructor, Speaker, and Paradigm Shaker 21015 Forest Highlands Ct Ashburn, VA 20147 Phone : 703-729-1757 russ@navigators.com http://navigators.com Security and Privacy Issues for Internet Users Rev. 01/2008 Note: If you send me an email, put “internet training” in the e-mail's subject Copyright © Information Navigators

Course Topics issues.html 6 8 Web Server - Web Server logs - Off-limit sites • Authored content • - Usenet – archived • - Mailing list archives • Web pages 4 Online Security Testers Persona Network Connection 1 Background Statistics 2 3 • User actions • - Parental controls • encryption • Passwords • offline media • - updating software • - Critical Advice 9 4 Firewall - Hardware Your PC 4 Firewall - software 10 5 4 Anti-virus Security Testers 11 7 6 Email - Spam - attachments Web Browser - Cookies 7 Other Apps Chat, P2P Spyware

Security and Privacy Issues specific_page.html • Background and Statistics • “Persona” issues and options • Network Connections (home /small business) • Firewalls • Anti-Virus • Web Browsing issues such as cookies • Other Applications: Email, peer to peer, Spyware • Authored Content and specialized databases • Local options (storage, encryption, parent controls) • Updating your Operating System / and software • Summary and Critical Advice Online Web page = http://navigators.com/issues.html

Disclaimer • This session illustrates a variety of search tools, techniques and research methods. • You should consult your organization’s policies to verify if these methods are approved for your type of Internet connection.

An Opening Survey (raise your hands high) • Do you have a Broadband connection (i.e. cable or DSL ) ? • Do you have more than one computer at home? Are they Networked? • Do you have a wireless network at home? • Do you access the Internet at home without a firewall? • Is someone in your home PC downloading music? (without paying) • Do you, or anyone in your extended family, use a genealogy program (i.e. Family Tree Maker) • Do you receive Spam email daily? • Received Phishing? ( = fake request to verify your account ) • What type of Internet connection(s) do you have: • Attributable (company.com), Non-Attributable, Home • Have you researched work-related topics via your home account?

Why this Course… • This course covers a variety of security and privacy issues • Some of these issues apply directly to work-related Internet usage • Many of these issues apply strictly to home-based Internet usage • These issues are important from a counter-intelligence perspective • Minimize “leaking” of your research interests • Protection of your personal information and identity • If the security of your home PC is breeched, it could lead to your being in a compromised/vulnerable situation. Remember: Internet = Passport to interact with foreign resources and people

Some Statistics privacy.html source: www.cert.org/stats Estimated Damages: love Bug Virus = $10 Billion. Melissa Virus = $385 Million

Spyware Statistics • Results from EarthLink’s Spy Audit programs • A large percentage of all computer have spyware Source: http://www.earthlink.net/about/press/pr_spyuditpress_1004/

Identity theft privacy.html During 2005, there were 9.2 million victims in the U.S. Average loss = $5,885 and 28 hours of time • Identity theft occurs when someone has collected enough personal information about you, that they can “impersonate” you. • They can use your identification information to access your existing financial accounts, investment accounts, etc. • They can use your identification information to establish new accounts (checking, credit card, loans) based on your name/credit history. • They can collect your personal Information through traditional means – dumpster diving, scam solicitations, corrupt employee. • Now add the risk from Internet/PC usage: • Hacker gains access to your PC: bank account information, investment software, cookies, auto-complete password, auto web form fill-ins’ and family genealogy (birth date, mother’s maiden name) • Hacker gains access to your relative’s PC which has a genealogy program.

Security and Privacy Issues specific_page.html • Background and Statistics • “Persona” issues and options • Network Connections (home /small business) • Firewalls • Anti-Virus • Web Browsing issues such as cookies • Other Applications: Email, peer to peer, Spyware • Authored Content and specialized databases • Local options (storage, encryption, parent controls) • Updating your Operating System / and software • Summary and Critical Advice

Reports Access logs Introduction to “Persona” persona.html As you surf the Internet, you give-off a certain persona • While viewing a web page (URL1), You click on a hyperlink to visit another web page (URL2) • Your web browser sends “environment variables” to the web server. • Webmaster’s use this information to determine information about you and your organization (physical location, your interests, Software, etc.) Web Server URL1 Analyst Webmaster URL2 Internet Access You should always know what websites know about you

Persona Details persona.html • Your persona is communicated to every web server (and every webmaster) of every web page that you visit. • You should be explicitly aware of your persona before you visit any website. For example, should you visit: • badguy.com from agency.gov? Your persona is communicated via “environment variables” such as: • REMOTE_HOST = This is the name associated with your IP Number. • REMOTE_ADDR= This is the IP number of your computer, or proxy. A webmaster could do a traceroute to see how you are connected. • HTTP_REFERER = This is the URL of the page you were previously viewing. Web masters use this to see what web page lead you towards their site. You should therefore be careful on how you create web pages. For example, do you want to reveal the following?: • http://badguy.com is listed on http://intranet.agency.gov/joe_smith/investigation_targets.html?

A Typical Search Scenario... persona.html searchtool.com searchtool.com webmaster knows your “search terms” badguy.com webmaster knows what “search terms” you used to find their webpages “search terms” webmaster Analyst hits http://searchtool.com/keywords=searchterms page badguy.com Persona: - agency.gov OR - yourtown.isp.com webmaster

Always check your Persona persona.html Important Note: This testing page is most accurate when you click on a link to bring you towards this page. • If the “http_referer” paragraph is missing, then no referring_URL is being passed This is a key paragraph to look for

Think before you click... persona.html • Does your connection transmit a Referring URL? • IF IT DOES... do NOT “Click” on your search results Referring URL Hover over the link to see its URL Destination URL • A click on this search result will tell the webmaster at fas.org that you are searching for “terrorist”

Anonymizers anonymizer.html • Anonymizers replace your persona with their persona. • Anonymizer now “knows your business” • Web Masters may easily recognize anonymizer traffic

Web Site Log Analysis persona_connection.html There are many standard reports that a webmaster can run

Exposing a “less recognizable” persona Analyst #1: uses agency.gov persona to visit “badguy” Analyst #2: uses “ninja.com” persona to visit “badguy” Now “ninja.com” persona is easily recognized as “agency.gov” kind of visitor The “parallel visit” Problem... Analyst #1 badguy.com agency.gov Even with no http_referer, a webmaster can still make the association due to high volume hits or similar usage patterns. Analyst #2 Ninja.com The “portal” Problem... Agency.gov/targets.html Analyst #1 badguy.com Agency.gov Persona=agency + referrer = portal Analyst #2 Ninja.com Persona=ninja + referrer = portal

Internet Accounts, Policies, & Procedures • There may be several different types of Internet accounts • They each have their own intended use • They each have their own strengths/limitations • There may be some policies which always apply • There may also be unique policies associated with each type of account • Policies are probably in a state of flux, as organizations try to keep up with the ever-changing Internet and legal environment. • Clarify these issues from within your organization • Make sure ALL Internet users are kept aware of the latest internet usage policies. Mistakes by a handful of users could jeopardize your connection’s privacy, and cause unwanted publicity for your organization.

Definitions Related to an Internet Connection getting_connected.html • IP # - Internet Protocol number is allocated to you from your ISP • Fixed IP # - the same IP Number remains permanently assigned • Dynamically Assigned IP Number – During a log-in/connect sequence, an IP number is assigned to the user for the duration of that session. Such IP numbers may be assigned from a “DHCP” Host (Dynamic Host Configuration Protocol) • Dial-up – only connected part-time. May be disconnected after 10-20 minutes of idle time. Almost all Dial-up accounts receive dynamically assigned IP #’s. Most Dial-up modems are included internal to a PC • Broadband – Cable or DSL. Usually connected 24 X 7. A broadband account may receive a fixed or dynamic IP #. A dynamic IP # may persist for a very long time. Most new broadband modems are “External Modems” and must be connected to the PC via a network connection (Ethernet, USB)

Network Address Translation getting_connected.html • NAT is the translation of an IP number from one network segment into an IP Number that is used within another network segment. • NAT is often used where a private network touches a public network, such as: the ISP towards your house; or within your own Network (Your modem towards your Internal LAN) • There are certain IP numbers allocated for use on Private networks. (reference: RFC’s 1918, 1631) 10.0.0.0 - 10.255.255.255 172.16.0.0 - 172.31.255.255 192.168.0.0 - 192.168.255.255 192.168.0.5 “local” 192.168.0.83 “external” NAT Device 68.70.164.89  192.168.0.1 • To See your Computer’s local IP Address: Windows 95, 98: Start -> run -> winipcfg • Windows NT,2000, XP: DOS Prompt -> ipconfig /all • To See your “external IP Address: “Check your persona” on my web site.

Getting Online… getting_connected.html At Work…. Wide variety of implementations including firewalls. Local Routers High speed Router Employee PCs Home options Dial-up Modem With a single PC - Temporary Connection - Dynamically assigned IP number Phone Modem ISP / Internet Broadband Modem (Cable/DSL) With a single PC - Persistent Connection - IP Number may remain constant throughout “session” Broadband Modem Broadband Modem With a multiple PCs - “Internet gateway router” includes extra features: DHCP and NAT to assign additional IP #’s to all Computers; Firewall, Print server, wireless AP - Only the Modem’s IP number is seen by the Internet Internet Gateway Router Broadband Modem

A special note about wireless networks(are you sure, you can’t install a wire?) getting_connected.html • A Wireless Access point is connected directly to your LAN/ ISP. Wireless Network adaptors are connected to you PCs • Wireless Networking Standards are always evolving 802.11a, 802.11b, 802.11g, 802.11n • WEP (Wireless Equivalent Privacy) adds encryption, but a weakness in its algorithm means it can be easily compromised using free shareware. WPA (WiFi Protected Access) adds additional security • Remote “guests” with high gain antenna may be able to connect into your LAN Access Point Neighbor, Stranger’s Computer Broadband Modem Internet Gateway Router ISP / Internet Own more than one computer? You must visit these two sites:

Personal Firewalls firewall.html • A firewall should monitor incoming and outgoing traffic (windows XP firewall is incoming only) • Some firewalls are more secure than others (stateful packet inspection, ICSA Certified, etc) • Most firewalls do not protect against viruses • All firewalls require administration (set-up configuration, updates, making holes for applications) • Change the default administrative password included in the firewall • Event logs – learn how to read these • Many “alerts” come from infected machines doing random scanning • You can traceroute IP#’s and search for info on Port Numbers

Firewall Options firewall.html Internet Internet Broadband Modem Broadband Modem Firewall (hardware) Ethernet Hub Ethernet Hub Firewall (Software) Firewall (Software) Firewall (Software) • Prices: <$100 to ~$500 • Additional functions available • (NAT, DCHP, Email notification) • Easier for Computers to share folders / printers • Prices: free to ~$50 • Each machine needs to be configured • Firewalls may interfere with local network sharing

Testing Security / firewall firewall.html • There are several online websites that will scan your personal computer, looking for openings. Do not try these scanners at work. • Some online scanners only test the well known vulnerabilities, while other test sites are more comprehensive. (There are over 65,000 different ports supported by the TCP –IP protocol.) • Most of these sites will educate you on how to close any holes they discover. • There are also software tools that can be installed locally into your machine to scan for problems. (packet sniffers) • Do NOT assume that you are 100% invincible

Anti-Virus Software virus.html • Every machine should have updated anti-virus software installed, and running • AV software will occasionally scan every file on your machine for viruses • AV software should automatically examine every incoming file (via, floppy disk, email attachment, web download, peer-to peer download) • The heart of most AV programs is a “dictionary” of pre-defined viruses which is compared to your files. The dictionary may have over 60,000 definitions. • AV programs will also monitor certain sensitive system resources for any changes – You may need to disable AV software when installing certain kinds of programs. Important: the virus definition dictionary must to be updated frequently. There may be 100 new virus definitions added to the dictionary in one week.

Web Surfing Risks privacy_browser.html • There are numerous concerns with web surfing • Cookies / web bugs – track your individual movements • Java / Active X – Executable code downloaded and running on your machine • Web Site registrations- collect personal info, credit cards • Wimpy Privacy statements on Web sites • Pop-ups, pop-unders, Fake ad windows, • Browser leaks – persona, referrer, plug-ins, Clipboard • Numerous web browser settings and third party software options, toolbars, alexa, advertisement blockers.

Cookies ( = barcode on forehead) cookies.html “I am not a piece of your inventory” abc.com def.com xyz.com • A cookie is a piece of text stored on your computer by a web server. • Helps the web site to “recognize you” (username_greetings) and “remember” your interactions within the web site (shopping cart) • Web Site may repeatedly refer/update the cookie or its internal database on your movements. • 3rd parties may also place cookies through many web sites (advertisers, hit trackers, etc) ad_cookies xyz_cookie Browser

Are you visiting just one site? privacy_browser.html Page1.html • Viewing a single web page may cause your browser to interact with many different web servers. • Even with cookies turned off, you still make foot prints on third-party web servers while retrieving their graphics. Page2.html Page2.html Logo.gif Cookies Scripts, etc Ad_banner.gif Cookies, etc Tiny_dot.gif Cookies, etc hit_counter.gif Cookies, etc

Third Party cookies Web pages can include graphics (and therefore cookies) from “third parties” 3p.com Jokes.com Joe_nobody joe@hotmail.com Viewing history Buys/sells your data with its “partners” Jokes.com Joe_nobody joe@hotmail.com Your viewing history loan.com Real_Name Real_N@isp.com Address_phone Viewing history Your Cookies loan.com Real_Name Real_N@isp.com Address_phone Your viewing history Jokes.com ID#_201 loan.com ID#_4873 badplace.com ID#_539 badplace.com Fake Name Faker@hushmail.com Your viewing history 3p.com ID#_435349 badplace.com Fake Name Faker@hushmail.com Viewing history Copyright navigators.com The “third party site” can compile an extensive profile on you, and sell this information to companies that are online and offline.

Web Bugs and Beacons cookies.html • Web Bugs are “hidden” graphics • The graphic is usually a 1 x 1 pixel and is the same color as the background • Some web Privacy policies refer to web bugs as “beacons” • Mentioned in some privacy statements • www.bugnosis.org offers a free plug-in which highlights all web bugs, shows you its cookie value, and these other parameters: Each tiny graphic = item to be downloaded

Managing Cookies cookies.html Netscape 4.79 – edit -> preferences ->advanced Explorer 6.0 – Tools -> Internet Options • Older Browsers offered limited tools for managing cookies • Third-party Software tools were developed to meet user’s needs • Newest Browsers contain many more cookie management tools Nice Feature: You can explicitly allow cookies from specific web sites (i.e. amazon.com ) while blocking most other sites.

Secure Web Pages privacy_browser.html Not Encrypted Encrypted • A web server invokes encryption with your browser on a page by page basis. • Watch for encryption whenever personal information is being transferred (credit card #, username/password, Financial info, etc) • Encryption protects the contents of page information as it is transferred between your web browser and the remote web server. • Encryption does NOT protect your data from a local keystroke logger • Encryption does NOT protect your data after it arrives at the remote web server • Encryption does NOT guarantee that the vendor is reputable. (Netscape 4.79) (Internet Explorer 5.5 ) (Netscape 4.79) (Internet Explorer 5.5 )

Explore Your Web Browser Settings privacy.html • Internet Explorer = Tools  Internet Options • Netscape = Edit  Preferences Cookies Settings Settings for Active X, scripts, etc

What about the other applications? privacy_other_apps.html • Many applications you use are “internet enabled” • These applications carry your connection persona, and may have their own set of privacy and security settings Internet Access Internet

Email issues privacy_other_apps.html • Default email program setting may leave you vulnerable • Viruses often transmitted via address books (don’t trust any attachment – even from your friends) or emails found on cached webpages. • Spam – Do not reply to get “removed” • spam – Do not even preview message: imbedded graphics may track you • Solution- Lock firewall when viewing email • Scams – nigeria money scam – Give us your bank account number • Hoaxes - marcus cookie recipe, boy brain tumor, missing child, modem tax, etc. • Social engineering – One virus hoax email told you to check for a file and delete it if found.. Unfortunately the file in question is a normal system file. • Remember if it says “tell everyone you know”, it IS a hoax. To confirm if it is a hoax, simply search for part of the email using google . • Microsoft outlook – Look for updates, patches and learn about settings

Spam, Spam, Spam, Spam privacy_other_apps.html • Spam attacks are increasing at an incredible rate. • Each attack includes many thousands of messages • Some Spam is sent from infected computers (Your computer…?) Source: www.brightmail.com

Reading Email = Web Surfing! privacy_other_apps.html • Do you see graphics when reading or previewing email? • Most graphics are downloaded from an online server as you view email • The Spammer now knows that you have read his email • Ways to avoid this: • Disable HTML, preview options • Block Internet while browsing email Graphics downloaded as you preview/display an email

Email Architecture email_details.html Web-Based Email #3 Mail Server #2 Mail Server #1 • A sent email may include the following information in its “headers” • IP # of YOUR PC as you send the email • IP # of the email server that handles your email (your ISP’s server) • IP # of the recipent’s email server (their ISP’s Server) Optional SMTP POP3 SMTP POP3 HTTP SMTP Port 110 Port 25 Port 110 Port 25 Port 25 Port 80 Web Browser D Email Client C Email Client B Email Client A

Email Details persona_email.html Headers: mail server - mail server communications Look at the headers too • The “from” of a message is absolutelyunreliable. The sender can put anything they want here. • To see the headers, look under viewing options in your email software or web-based email. • Anti-spam web sites contain good information for identifying email To: friend@someplace.com From: sneaky@noplace.com Subject: meeting agenda here is the body of the message. Stuff, stuff, stuff, etc. The part of an email you normally look at

Other applications privacy_other_apps.html • Most forms of peer- to - peer programs may reveal your specific IP number (file sharing, chat rooms, Instant messenger, etc) • Peer- to- peer programs can be configured to share the contents of your hard disk. • Some free programs include piggy-back programs • Some programs include spyware, which monitor your usage of their product (Ws ftp, real player, smart download) • Trojans , viruses – Once they are in your system, they can be used to collect personal information ( This is why you want a 2-way firewall)

Look for the options / settings privacy_other_apps.html • Homework: Examine every application on your PC which is “internet aware”, you need to explore through every preference / option menu • Your firewall settings are WORTHLESS, if your 12-year old enables your entire Hard disk to be shared with everyone who also uses that chat program, music swapper, etc.

Piggy Back Applications(Spyware, Adware) privacy_other_apps.html • Some Free program include piggy-back programs (they provide revenue to the free program) • For example: a stealth p2p network application is bundled with Kazaa • Buried in the user agreement: • "You hereby grant “Brilliant” the right to access and use the unused computing power and storage space on your computer/s and/or Internet access or bandwidth for the aggregation of content and use in distributed computing," • “Brilliant” now has the keys to your computer. • 150 million copies of Kazaa have been downloaded. • How hard would it be for a hacker to also access these capabilities? • Programs such as ad-aware (by lavasoft) and “Spybot Search and destroy”, can be used to identify /remove such programs.

Authoring issues If you Author any content, here are some concerns: • Mailing lists – If you post a message to a mailing list – do you know who else is on that list? There may also be an archive of that list’s messages. • Usenet Newsgroups – Assume that your message will be archived into resources such as Google-groups. • Web Pages – Your HTML authoring program may imbed your full name into an HTML meta-tag. The software “knows” your name from the first day when you installed the program. (This is also true of most other programs such as Word, Powerpoint) • Domain Name registrations – If you (or your kid) have a domain name – Your personal name address and phone number will soon be in the hands of marketers/spammers. • Web – based email – includes IP number of workstation

Security and Privacy Issues for Internet Users