View
219
Download
3
Tags:
Embed Size (px)
Citation preview
Security, Privacy and Freedom
Security, Privacy and Freedom“There is no privacy in this digital
world.”“There is no privacy in this digital
world.”By: Fong-Ting Yau and Ralph L FidelBy: Fong-Ting Yau and Ralph L Fidel
What does it mean to be “digitally” secure?What does it mean to be “digitally” secure?
• All personal data and digital transactions are kept confidential
• Each user remain unique and their identity protected (from fraud, etc.)
• Users granted freedom to access and modify their information freely
• All personal data and digital transactions are kept confidential
• Each user remain unique and their identity protected (from fraud, etc.)
• Users granted freedom to access and modify their information freely
Presentation Overview
Presentation Overview
• Security of Online Banking• Security of Credit Card transactions• Local File/Network Security• Security of Digital Correspondence and Real
Time Chats• Does privacy exist in the digital world?
• Security of Online Banking• Security of Credit Card transactions• Local File/Network Security• Security of Digital Correspondence and Real
Time Chats• Does privacy exist in the digital world?
Online Banking Online Banking
• Check balance• Check recent transactions• Update direct deposit/withdrawal• Access credit card information• Make bill payments• Ability to consolidate multiple accounts• Apply for Investments and Loans• Financial Planning
• Check balance• Check recent transactions• Update direct deposit/withdrawal• Access credit card information• Make bill payments• Ability to consolidate multiple accounts• Apply for Investments and Loans• Financial Planning
You can now access your bank account online! You can now access your bank account online!
Form and FunctionForm and FunctionInitial Purpose: Once limited to bank visits and telephone calls, online
banking isa growing trend allowing bank customers the ability to access and manage all
their accounts in the privacy of their homes or any other location (convenience).
• When visiting your bank’s website, you are prompted to enter personal information that include your name, bank number and usually, if registering for the first time, a validation code that you receive from contacting an actual banking representative.
• Although the majority of the process is automated, the user is usually required to first contact their bank (through telephone or by visiting a branch) to set up this feature.
(Wikipedia: Credit Card, 2006)
Initial Purpose: Once limited to bank visits and telephone calls, online banking is
a growing trend allowing bank customers the ability to access and manage all their
accounts in the privacy of their homes or any other location (convenience).
• When visiting your bank’s website, you are prompted to enter personal information that include your name, bank number and usually, if registering for the first time, a validation code that you receive from contacting an actual banking representative.
• Although the majority of the process is automated, the user is usually required to first contact their bank (through telephone or by visiting a branch) to set up this feature.
(Wikipedia: Credit Card, 2006)
Case Study #1Case Study #1
Carol, an elderly woman, has just discovered that she is able to access her bank account online. She rushes to the library and quickly entering in the requested information, she
transfers funds from her chequing account to her savings account. Satisfied, she smiles and
leaves.
Carol, an elderly woman, has just discovered that she is able to access her bank account online. She rushes to the library and quickly entering in the requested information, she
transfers funds from her chequing account to her savings account. Satisfied, she smiles and
leaves.
Possible Security Flaws
Possible Security Flaws
• She is using a public computer, leaving her information exposed to those who know how to access usage internet logs.
• She may have inadvertently left the banking window open allowing the next user complete access to her accounts.
• She is using a public computer, leaving her information exposed to those who know how to access usage internet logs.
• She may have inadvertently left the banking window open allowing the next user complete access to her accounts.
Online Banking: The Now
Online Banking: The Now
• Banks use various methods to ensure the security and feasibility of banking online:
• Personal Verification Question• Access Logs• Session Time Outs• Last Sign On feature• 128-bit Encryption
• Banks use various methods to ensure the security and feasibility of banking online:
• Personal Verification Question• Access Logs• Session Time Outs• Last Sign On feature• 128-bit Encryption
Online Banking: The Now
Online Banking: The Now
• Users ought to be held accountable, at least in part, to ensure the protection of their own information:
• Ensuring the website is legitimate• Ensuring aforementioned banking features are present• Obtaining a hardcopy of recent transactions
• What to do if you are a victim: Contact your bank as soon as possible!
• Users ought to be held accountable, at least in part, to ensure the protection of their own information:
• Ensuring the website is legitimate• Ensuring aforementioned banking features are present• Obtaining a hardcopy of recent transactions
• What to do if you are a victim: Contact your bank as soon as possible!
Credit Cards Credit Cards
• Make online purchases (Ebay, Amazon, PayPal etc.)• Make subscriptions (automatic withdrawals)• Means of insurance regarding transactions (collateral)• Means of personal identification• Establish a credit history
• Make online purchases (Ebay, Amazon, PayPal etc.)• Make subscriptions (automatic withdrawals)• Means of insurance regarding transactions (collateral)• Means of personal identification• Establish a credit history
What can you do with your credit card nowadays?What can you do with your credit card nowadays?
Form and FunctionForm and Function
Initial Function: Credit Cards are a means of ensuring secure transactions - because they are processed without a long clearance period (unlike cheques). Credit card transactions are especially useful for making online purchases and have become the standard method when dealing with such exchanges.
• With the advent of services such as Ebay and PayPal, consumers are free to sell their goods to other consumers safely.
Initial Function: Credit Cards are a means of ensuring secure transactions - because they are processed without a long clearance period (unlike cheques). Credit card transactions are especially useful for making online purchases and have become the standard method when dealing with such exchanges.
• With the advent of services such as Ebay and PayPal, consumers are free to sell their goods to other consumers safely.
Case Study #2Case Study #2
Patrick is about to make his very first purchase online. The website has asked for his full
name, address, and contact phone number. Credit card in hand he carefully fills in the form, enters the numbers on the card and
confirms his purchase without much hesitation.
Patrick is about to make his very first purchase online. The website has asked for his full
name, address, and contact phone number. Credit card in hand he carefully fills in the form, enters the numbers on the card and
confirms his purchase without much hesitation.
Possible Security Flaws
Possible Security Flaws
• Someone else could be recording Patrick’s information without his consent.
• Someone, other than Patrick (but with his credit card), could’ve easily completed this transaction without any form of identity verification.
• The source website may not be legitimate, and Patrick may never receive the item but would still be charged for it =(.
• Someone else could be recording Patrick’s information without his consent.
• Someone, other than Patrick (but with his credit card), could’ve easily completed this transaction without any form of identity verification.
• The source website may not be legitimate, and Patrick may never receive the item but would still be charged for it =(.
Credit Cards: The Now
Credit Cards: The Now
• Credit Card companies use various methods to ensure the security of their clients:
• Credit Card Insurance• Requiring a four digit personal identification number• Advent of forgery resistant smart cards• Implementation of Card Verification Value/Code (CVV/CVC)
(CIBC, 2006)
• Credit Card companies use various methods to ensure the security of their clients:
• Credit Card Insurance• Requiring a four digit personal identification number• Advent of forgery resistant smart cards• Implementation of Card Verification Value/Code (CVV/CVC)
(CIBC, 2006)
Credit Cards: The Now
Credit Cards: The Now
• Credit Card holder’s obligation to security:
• Always report lost or stolen cards• Ensure source is credible before providing credit card information• Always obtain and review a hardcopy of recent transactions
• Credit Card holder’s obligation to security:
• Always report lost or stolen cards• Ensure source is credible before providing credit card information• Always obtain and review a hardcopy of recent transactions
Local File/Network Security
Local File/Network Security
• Local files include those present on your computer’s hard drive
• Local Network include all machines (computers, routers, modems, etc.) present in your home network
• Local files include those present on your computer’s hard drive
• Local Network include all machines (computers, routers, modems, etc.) present in your home network
Form and FunctionForm and Function
• Initial Purpose: Initial attraction of networking was to share disc space and laser printers
• In the days before personal computers, a site might have just one central computer, with users accessing this via computer terminals over simple low-speed cabling
• Through the development of CP/IM and DOS (Operating Systems), a single site began to have dozens and even hundreds of computers (as a result, more individuals may be at risk for having their information exposed to others).
(Wikipedia; Local Area Network, 2006)
• Initial Purpose: Initial attraction of networking was to share disc space and laser printers
• In the days before personal computers, a site might have just one central computer, with users accessing this via computer terminals over simple low-speed cabling
• Through the development of CP/IM and DOS (Operating Systems), a single site began to have dozens and even hundreds of computers (as a result, more individuals may be at risk for having their information exposed to others).
(Wikipedia; Local Area Network, 2006)
Case Study #3Case Study #3
Sue is setting up her first wireless home network. After installing her wireless network cards, connecting her router,
she logs onto the network and transfers files from her desktop to her laptop.
Sue is setting up her first wireless home network. After installing her wireless network cards, connecting her router,
she logs onto the network and transfers files from her desktop to her laptop.
Possible Security Flaws
Possible Security Flaws
• Without knowing about network security, her home network is vulnerable to outsiders (her neighbors could easily access her files and even hijack her internet).
• Without changing her default password, others could access her router settings and change its password, locking her out of her own network!
• Without knowing about network security, her home network is vulnerable to outsiders (her neighbors could easily access her files and even hijack her internet).
• Without changing her default password, others could access her router settings and change its password, locking her out of her own network!
Local File/Network Security: The Now
Local File/Network Security: The Now
• Various methods for securing your files:• Hardware/Software firewall• WEP• Local Computer/Network Access Passwords• External Media Backup• Stay Informed
• What to do if your system/network is compromised:• Change your passwords immediately • That’s what backups are for!(Potter, 2006)
• Various methods for securing your files:• Hardware/Software firewall• WEP• Local Computer/Network Access Passwords• External Media Backup• Stay Informed
• What to do if your system/network is compromised:• Change your passwords immediately • That’s what backups are for!(Potter, 2006)
(Tyson, How Firewalls Work, 2006)
Digital Correspondence and Real Time ChatDigital Correspondence and Real Time Chat
• What does this include?• Instant Messaging• Online Discussion Forums• Online Communities (MySpace)• Blogs (Livejournal, Xanga, etc.)• Chat rooms• Email
• What does this include?• Instant Messaging• Online Discussion Forums• Online Communities (MySpace)• Blogs (Livejournal, Xanga, etc.)• Chat rooms• Email
Case Study #4Case Study #4
Cam, a young student, has accessed his school’s online discussion forum. He posts regularly and has met a new
friend posting from a different school. This particular friend has invited Cam
out to the movies, but has asked for his address in order to pick him up.
Cam, a young student, has accessed his school’s online discussion forum. He posts regularly and has met a new
friend posting from a different school. This particular friend has invited Cam
out to the movies, but has asked for his address in order to pick him up.
Possible Security Flaws
Possible Security Flaws
• Cam’s new “online” friend may not necessarily be who he expects
• By giving out such personal information, his safety and that of his family may be in jeopardy
• Cam’s new “online” friend may not necessarily be who he expects
• By giving out such personal information, his safety and that of his family may be in jeopardy
Digital Correspondence and Real Time Chat: The
Now
Digital Correspondence and Real Time Chat: The
Now
• Precautions to Take:• Never give out personal information• Avoid meeting with strangers you meet online; if
unavoidable, take all necessary precautions
(McKenna, 2006)
• Precautions to Take:• Never give out personal information• Avoid meeting with strangers you meet online; if
unavoidable, take all necessary precautions
(McKenna, 2006)
The Fine Line Between Security and
Freedom
The Fine Line Between Security and
FreedomOnline Banking: “Almost 40 million people logged on to a banking Web site in the fourth quarter of 2005,
according to comScore, based outside Washington, D.C. That was a 27 percent increase over the fourth quarter of 2004.”
(http://bankwatch.wordpress.com/2006/04/15/statistics-us-online-banking/)
Credit Card: The Federal Trade Commission shows that 42% of Identity theft cases involved credit card fraud (http://www.myidfix.com/creditcard-fraud.phphoth.lib.ucalgary.ca/uhtbin/cgisirsi/X/UCALGARY/0/5/)
Local File/Network Security: 60% of all corporate data assets reside unprotected on PCs.Source: Search Security Newsletter, April 4, 2002(http://www.pcsecurity.com/html/2178.html)
Digital Correspondence: 25% of remote workers said they open unknown emails when using work devices (Furnell, 2006)
Online Banking: “Almost 40 million people logged on to a banking Web site in the fourth quarter of 2005, according to comScore, based outside Washington, D.C. That was a 27 percent increase over the fourth quarter of 2004.”
(http://bankwatch.wordpress.com/2006/04/15/statistics-us-online-banking/)
Credit Card: The Federal Trade Commission shows that 42% of Identity theft cases involved credit card fraud (http://www.myidfix.com/creditcard-fraud.phphoth.lib.ucalgary.ca/uhtbin/cgisirsi/X/UCALGARY/0/5/)
Local File/Network Security: 60% of all corporate data assets reside unprotected on PCs.Source: Search Security Newsletter, April 4, 2002(http://www.pcsecurity.com/html/2178.html)
Digital Correspondence: 25% of remote workers said they open unknown emails when using work devices (Furnell, 2006)
So… Is there privacy in this digital
world?
So… Is there privacy in this digital
world?
Yes and no; Complete privacy in this technological era is something that must be constantly attained and re-attained. Through the use of the internet users are granted access to a plethora of information in the
struggle against hackers, identity thieves, scammers, etc.
(Alladin Securing the Global Village, 2006)
Yes and no; Complete privacy in this technological era is something that must be constantly attained and re-attained. Through the use of the internet users are granted access to a plethora of information in the
struggle against hackers, identity thieves, scammers, etc.
(Alladin Securing the Global Village, 2006)
ReferencesReferences• Furnell, S. (2006). Securing the home worker. Network Security, vol 2006. Pp. 6-12.• McKenna, B. (2006). ‘Social networking’ study shows cybercrime risk. Network Security, vol 2006. Pp. 2.• Potter, B. (2006). The changing face of IT security. Network Security, vol. 2006. Pp. 16-17.
Tyson, J. (n.d.). How Firewalls Work. Retrieved November 29, 2006, from howstuffworksWeb site: http://computer.howstuffworks.com/firewall.htm
• (n.d.). Credit Card. Retrieved November 22, 2006, from WikipediaWeb site: http://en.wikipedia.org/wiki/Credit_card
• (n.d.). Local Area Network. Retrieved November 21, 2006, from WikipediaWeb site: http://en.wikipedia.org/wiki/Local_area_network
• (2006). Online Banking Security. Retrieved November 22, 2006, from CIBCWeb site: http://www.cibc.com/ca/legal/online-banking-security.html
• (n.d.). Security Statistics. Retrieved November 29, 2006, from Alladin Securing the Global VillageWeb site: http://www.esafe.com/home/csrt/statistics/statistics_2005.as
• Furnell, S. (2006). Securing the home worker. Network Security, vol 2006. Pp. 6-12.• McKenna, B. (2006). ‘Social networking’ study shows cybercrime risk. Network Security, vol 2006. Pp. 2.• Potter, B. (2006). The changing face of IT security. Network Security, vol. 2006. Pp. 16-17.
Tyson, J. (n.d.). How Firewalls Work. Retrieved November 29, 2006, from howstuffworksWeb site: http://computer.howstuffworks.com/firewall.htm
• (n.d.). Credit Card. Retrieved November 22, 2006, from WikipediaWeb site: http://en.wikipedia.org/wiki/Credit_card
• (n.d.). Local Area Network. Retrieved November 21, 2006, from WikipediaWeb site: http://en.wikipedia.org/wiki/Local_area_network
• (2006). Online Banking Security. Retrieved November 22, 2006, from CIBCWeb site: http://www.cibc.com/ca/legal/online-banking-security.html
• (n.d.). Security Statistics. Retrieved November 29, 2006, from Alladin Securing the Global VillageWeb site: http://www.esafe.com/home/csrt/statistics/statistics_2005.as