1 / 25

iMinistry: | Website & Internet Security Issues

iMinistry: | Website & Internet Security Issues. Ernest Staats Technology Director MS Information Assurance, CISSP, CEH, MCSE, CNA, CWNA, CCNA, Security+, I-Net+, Network+, Server+, A+ erstaats@gcasda.org Resources available @ http://www.es-es.net/2.html. Two Sides to Every Issue.

xerxes
Télécharger la présentation

iMinistry: | Website & Internet Security Issues

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. iMinistry: |Website & Internet Security Issues Ernest Staats Technology Director MS Information Assurance, CISSP, CEH, MCSE, CNA, CWNA, CCNA, Security+, I-Net+, Network+, Server+, A+ erstaats@gcasda.org Resources available @ http://www.es-es.net/2.html

  2. Two Sides to Every Issue • Let every worker in the Master's vineyard, study, plan, devise methods, to reach the people where they are. --Ev 122, 123. • How do we take advantage of the new and exciting technologies while at the same time keeping our visitorsSafe?

  3. iMinistry: Examples The Consumer Electronics Association of America says that the average American home now has 26 different electronic devices for communication and media. The Consumer Electronics Association of America also tracks sales and consumer references for 53 separate gadgets.1 50% of online Americans use the Internet wirelessly 63% of Internet users go online from someplace other than work or home 73% of American adults use the Internet 94% of American teens use the Internet 44% of American homes have high-speed broadband connections

  4. Safety Considerations Be careful what your online name means or could mean Choose your words and photos wisely Never use full names of anyone under the age of 18 Have a media release for everyone who is going to be in your photos/videos Everything put online stays online forever… Never give out or store personal information on your website

  5. Web 2.0 Security risks

  6. To Tweet or Not, That is the Question • Social networking sites, such as Facebook, which were once only considered to be consumer applications, are quickly moving into every environment. • Many organizations are struggling with allowing their employees to use Web 2.0 tools responsibly without sacrificing security and compliance requirements. Web 2.0 have created both a risk of data leaks as well as a new channels for malware. • IDC believes Web 2.0 technologies, if used securely, can help organizations increase collaboration and productivity and drive revenue. This is especially important in today's tough economic climate. • The advances in Web 2.0 technologies require a new generation of Web security tools that go well beyond traditional URL filtering

  7. Sources Information Leaks

  8. Data Leakage –HTTP

  9. Your browser is HACKED I Recommend using Firefox

  10. A shift in Network Security • Old filtering software does not • Work well to protect your information

  11. COPPA Does it Apply? Children's Online Privacy Protection Act The rule applies to the following: Operators of commercial websites or online services directed to children under 13 that collect personal information from children Operators of general audience sites that knowingly collect personal information from children under 13 Operators of general audience sites that have a separate children's area and that collect personal information from children

  12. COPPA Requirements A site must obtain parental consent before collecting, using, or disclosing personal information about a child A site must post a privacy policy on the homepage of the website and provide a link to the privacy policy everywhere personal information is collected A site must allow parents to revoke their consent and delete information collected from their children A site must maintain the confidentiality, security, and integrity of the personal information collected from children

  13. Privacy Policy Must Include • Types of personal information they collect from kids—name, home address, e-mail address, or hobbies • How the site will use the information—for example, to market to the child who supplied the information, to notify contest winners, or to make the information available through a child’s participation in a chat room • Whether personal information is forwarded to advertisers or other third parties • A contact person at the website Including Phone number, Snail Mail, and Email

  14. Report all Data Collected • Network Traffic Logs • In addition to the personal information described above, our system collects server log data (also called clickstream data) that may include an IP address, the type of browser and operating system used, the time of day visited, the pages viewed and the information requested through searches. We aggregate this data and use it for statistical purposes, helping us to understand, for example, the amount of interest in portions of our Web site and ways to improve the navigation and content of our Web site.

  15. IMAGE RELEASE FORM • For value received, I hereby consent and authorize the [INSERT ORGANIZATION NAME] (“____”), or its assigns, to use my name and/or the names of my family members who are minors, as listed below, as well as my likeness, photos, videos and other information (or that of family members who are minors) for the purpose of news releases, advertising, publicity, publication or distribution in any manner whatsoever. I further consent to such use in their present form and to any changes, alterations, or additions thereto. I hereby release [INSERT NAME OF ORGANIZATION] from all liability in connection with all such uses. • Dated this day of , 20.

  16. General Guidelines Make sure you have a written privacy policy Make sure you have a media release form as a part of your privacy policy Collect as little information as possible and make sure it is stored safely Be careful of what you post online and of what you say to youth online You are responsible for everything you POST or collect online

  17. Young people are being targeted and information collected about them is used to locate them. We must be careful what information we post about young people online Easily tracked the reality The Reality of Web2.0 World

  18. Networking 2.0

  19. Why Care: Some Statistics “…A child goes missing every 40 seconds in the U.S, over 2,100 per day” (OJJDP) In 2005 662,196 children were reported lost, runaway, or kidnapped (ncmec) 2/3 of all missing children reports were for youths aged 15-17 (ncmec) 2/5 missing children ages 15-17 are abducted due to Internet activity (ICAC) Do the math—over 2 million teens age 15-17 are abducted due to Internet activity since the internet has been around

  20. Info Mining with Google Google search string site:myspace.com “birthday” site:myspace.com "phone number“ Place name in quotation marks (use variations) “First (Jon) Last” -- Legal First (Jonathan) Last” Information that the Google Hacking Database identifies: Advisories and server vulnerabilities Error messages that contain too much information Files containing passwords Sensitive directories Pages containing logon portals Pages containing network or vulnerability data such as firewall logs. http://johnny.ihackstuff.com/ghdb.php

  21. Keep Data Secure Web 2.0 Continued Education of Computer Users Don’t click on strange links (avoid tempt-to-click attacks) Do not release personal information online Use caution with IM and SMS (short message service) Avoid social networking sites Don’t e-mail sensitive information Don’t hit “reply” to a received -email containing sensitive information Require mandatory VPN (virtual private network) use over wireless networks

  22. Data Secure Web 2.0 cont. • Host-Based Technology • Require hard drive encryption on all laptops • Control the use of portable storage media by managing desktops • Require the use of personal/desktop firewall software • Require the use of personal/desktop anti-malware software • Consider implementing document management systems

  23. Secure your Network Network-Based Technology Deploy network intrusion prevention (IPS) Consider network admission control (NAC) Implement information leakage detection and prevention Consider IP reputation-based pre-filtering solutions Run vulnerability scans on your network

  24. Online Design Strategies Define and articulate your PURPOSE Build flexible, extensible gathering PLACES Create meaningful and evolving member PROFILES Design for a range of ROLES Develop a strong LEADERSHIP program 6. Promote cyclic EVENTS Integrate the RITUALS of community life Facilitate member-run SUBGROUPS Build site for quick SCANNING Write text in short chunks CHUNKING

  25. iMinistry: Website and Internet Security Issues Ernest Staats erstaats@es-es.net My Site es-es.net More Resources at http://www.es-es.net/2.html

More Related