1 / 19

Security of Cookies In A Public Computer Lab Setting

Security of Cookies In A Public Computer Lab Setting. Russell Fech November 30, 2000. Outline. Introduction of Cookies Problem Statement Motivation/Importance Objective Research Plan Assumptions Conclusion. What are cookies?.

essien
Télécharger la présentation

Security of Cookies In A Public Computer Lab Setting

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security of Cookies In A Public Computer Lab Setting Russell Fech November 30, 2000

  2. Outline • Introduction of Cookies • Problem Statement • Motivation/Importance • Objective • Research Plan • Assumptions • Conclusion

  3. What are cookies? • “Cookies are a general mechanism which server side connections can use to both store and retrieve information on the client side of the connection.” - Netscape • Also known as “Magic Cookies” • Cookies can only be read by the website that issued them

  4. Types of cookies • Persistent • Stored on hard drive for the long time duration • Non-persistent • Stored only for the current session of the web browser

  5. Where are the cookies? • Cookies exist on both major web browsers • Netscape stores all cookies in the cookies.txt file in a Netscape directory • Internet Explorer stores individual cookies as text files in a cookies directory

  6. Why use cookies? • Used to keep track of the client session state • Allows the “Full Web Experience” • Rotating banners • Electronic shopping carts • Password saving • Data mining • Other uses

  7. Why use cookies? • Web browsers do not keep continuous connections to the web sites • Cookies send the information to reestablish connections • Web sites keep information about users to customize the “Full Web Experience”

  8. Problem Statement • With the emergence of cookies, many users are unknowingly releasing data about themselves • Win95/98 does not provide security to protect users’ cookies • Cookies are not designed to be used in a multi-user environment

  9. Problem Statement • There are methods to eliminate/disallow the use of cookies, but this blocks the “Full Web Experience”

  10. Motivation/Importance • With the controversy concerning the safety of cookies, it is in the best interest of the administrator to ensure the security of user information being transmitted to web sites

  11. Motivation/Importance • Protect the user from cookie crime • Protect the subsequent users from getting unwanted advertisement • If cookie theft occurs, the administration may be held accountable, however, if the cookies are cleared off, there will be no such threat

  12. Objective • Evaluate the use of cookies in public lab settings • Develop a hands-off approach to protect users against the cookies threat by providing a transparent layer of protection • Provide formidable arguments why users need protection from cookies

  13. Research Plan • Review current methods that attempt to solve the cookie security problems • Test these methods in a lab setting and review their performance • Improve on these methods

  14. Methods and Problems • Disable cookies completely • Provides high security because no cookies are formed • Takes away from the “Full Web Experience” • Clear cookies at startup/shutdown • Safer than no protection, but requires a user to do something

  15. Methods and Problems • Intercept the web browser and clean after exiting • High security, cleans up cookies when the user shuts down the web browser • Mischievous user may “disable” the program in some fashion • Program may crash

  16. Assumptions • Use of Win 95/98 • Win95/98 does not provide any security for files or folders • Most other operating systems protect users because they require users to log into an account in which their data is saved in a secured area

  17. Resources and Special Needs • Public computer lab • Computers with Win95/98 • Various cookie security methods • Disabling cookies • Batch file deletion of cookies • User deleting cookies themselves • Cookie Crunching Software • Most are free and easily obtainable over the internet

  18. Conclusion • With the threat of mischievous users and the possible misuse of cookies, it is up to the administration to protect users from as many threats as possible. • Cookie security continues to be under major dispute. If cookies are cleared from computers in a lab setting the administration is no longer prone to receiving any future threat to cookies.

  19. Questions? Questions?

More Related