Acceptable Use Policy • The Acceptable Use Policy defines the rules of the machine and internet connection you are on. • Specific policies differ by machine owner. • Most companies and universities require some form to be signed stating that the machines will be used acceptably. • Most service providers require some acknowledgment that you are aware of and will abide by a set of rules. • They typically require that you will not run your own business, violate copyrights, perform illegal or harassing activities, or view pornographic material.
Internet Privacy • There is no privacy on the Internet – yet. • Passwords - The basic defensive measure. • Hackers use machines to rapidly try combinations of passwords. • Phishing attacks attempt to fool you into giving away your password or other account information. • Use more than 6 characters and special characters (!@#$%) to increase combinations possible. • Protecting Files • Access to files is typically given to user, group, and world. More complex schemes can be incorporated within software. • Keep truly sensitive files disconnected from the internet. • Firewalls • Attempts to control your machines access to the internet • Attempts to block unwanted access to your machine
Internet Attacks, General • All software must be executed or run before it can do anything • How does the software get on your machine? • Through an infected file. • By downloading unsafe software deliberately designed to contain the harmful software. • Email attachments. • HTML links running scripts. • Placed there by software. • Placed there by hackers. • Protection • Virus scanning software with constant updates. • Firewall to limit access to your machine. • Good policies: • Don’t automatically open email • Don’t use program until scanned • Update scanner frequently (to get the latest viruses)
Internet Attacks, Viruses • Viruses • Act like biological viruses in that they attach themselves to a host program or email. • Viruses cannot infect the machine until the host is executed. • Viruses propagate by moving the infected file from one machine to another. • Can be harmless or very harmful • Tend to affect MS products as MS is so popular.
Internet Attacks • Trojan Horses • Are embedded within useful software. • Performs a secondary function while the software is in operation. • Worms • Standalone software that propagates through the internet • Tries to find a host machine on which to run without the owners knowledge.
Internet Attacks • Email Attacks • These viruses, etc, use the email system to propagate. • They all need your help – be careful opening attachments. • They use your address book to forward themselves to others. • Denial of Service Attacks • Floods a server with requests using multiple “robots” on multiple machines. • Currently popular form of attack • Robots can be set up over time and instructed to “attack” at once. • Protection is very difficult right now – multiple servers.
Hoaxes and Scams • Hoaxes and scams use human gullibility to achieve their aims. • Hoaxes • Designed to use up internet resources (bandwidth and your time) • Hoaxes use humans to propagate. • Recognizing them: • “Send this to everyone you know!” is a big tip off. • Typically has good sounding jargon that is really meaningless. • Typically references some authority (often non-existent) • What to do? • If suspicious, don’t send it out. • Check with web sites like http://hoaxbusters.ciac.org
Hoaxes and Scams • Scams • Designed to separate you from your money • May try to get information from you (passwords, account numbers). • Online auctions – caveat emptor! • Recognizing them: • Unwanted solicitation • Request for instant cash (credit card # or faxing a check) • No real way to get in touch with a human (street address, phone) • What to do? • Be suspicious! Ignore un-asked for solicitations. • Check with web sites like http://www.scambusters.com • Online Auctions • Caveat Emptor: check out the seller’s history.
Internet Privacy • Identity Theft occurs when somebody uses your personal identification to obtain loans and services (ref http://www.identitytheft.org and www.privacyrights.org) • Protection (before) • Do not keep personal information on a web-accessible machine • Do not transmit personal information unless from an encrypted web site ( https:// ) • Read through a companies security/privacy policies to be sure. • Protection (after) • Contact all known sources of credit • Obtain a record of your credit status • Consider changing SSN and driver license