Safer Web Browsing Terry Labach Information Security Services
Safer Web Browsing Terry Labach Information Security Services IST "People are terrible about making security tradeoffs. If you give a naive user a choice, such as, 'If you want to see the dancing pigs, you could be compromising your machine,' most users will choose the dancing pigs over security every time." - Bruce Schneier, security author and consultant, on
how computer users manage risks while using the Internet. [http://www.theglobeandmail.com/servlet/story/ LAC.20060803.TWVISTA03/TPStory/Business] 2011 Outline
The risks Taking responsibility Browser configuration Browser tools Questions 2011 The risks
Embarrassment Identity theft Financial loss Loss of productivity 2011
Taking responsibility The basics Use good passwords Not in dictionary Reasonably long with mix of characters Dont reuse passwords Dont let browser save passwords Master password
Password vault 2011 "You know, I almost bore myself when I say to myself, 'It's time to get the groceries,' I certainly don't want to put it out there for people to read." - Eugene Levy, comedian, talking about Twitter in a Canadian Press interview. 2011
Taking responsibility Thoughtful browsing Dont give up personal information Date of birth Postal code or location Vacation schedule
Social Insurance Number! 2011 Taking responsibility Maintain safe environment Keep operating system, browser up to date Apply security patches Be cautious using public Wi-Fi Use secure communications (https)
2011 Taking responsibility Clicking on links can introduce attacks Poisoned search results Clickjacking Cross-site scripting 2011 Taking responsibility
Installing software Know what software needed for sites you browse Enter software web site address yourself, dont click link Dont install software for unknown file types or oddly named files 2011 Taking responsibility
Separate browsing environments Have one user login id for social networking, etc.; a different id for financial transactions Virtual machines (advanced) Use separate virtual computers on your PC for browsing with different security needs High security virtual machine has no unneeded software 2011
Browser configuration General principles Protect your information Protect your privacy Disallow access and execution Exceptions You will want to break these principles for good reasons at times Use principles as your default 2011
2011 Browser configuration Chrome Limit cookie permissions Web content settings 2011 Humanshave unacceptable speed and accuracy.
(They are also large, expensive to maintain, difficult to manage, and they pollute the environment. It is astonishing that these devices continue to be manufactured and deployed. But they are sufficiently pervasive that we must design our protocols around their limitations.) - C. Kaufman, R. Perlman, & M. Speciner in Network Security: PRIVATE Communication in a PUBLIC World 2011
Web of Trust (WOT) http://www.mywot.com/ Ranks websites based on feedback from WOT users Adds links to search engine results 2011 Tools Ghostery http://www.ghostery.com/
detect and block 3rd party tracking Shows the elements of web pages served from third parties 2011 Tools View Thru https://chrome.google.com/webstore/detail/jkn cfnbcgbclefkbknfdbngiegdppgdd Displays the target of shortened URLs
2011 Tools HTTPS Everywhere https://www.eff.org/https-everywhere Forces use of https protocol on web pages that support it 2011
Tools Adblock Plus http://adblockplus.org/en/ Blocks ads while browsing 2011 Resources - User safety
CERT - Securing Your Web Browser SANS - Browser Safety SANS - Secure Browsing Environment Canadian Cyber Incident Response Centr e U.S. Computer Emergency Readiness Tea m 2011
Resources - Browsers Firefox Privacy & Security Internet Explorer Improve the safety of your browsing and e-mail activities Safari Security & Privacy
Chrome Manage privacy and security settings 2011 Resources Tools discussed
NoScript Web of Trust Ghostery View Thru HTTPS Everywhere AdBlock Plus 2011
Resources Other Tools Facecloak Protect user privacy on Facebook Qualys BrowserCheck ensures browser and plugins are up to date Trashmail lets you use a disposable email address LastPass
Secure password vault 2011 Resources Waterloo IST Information Security Services Terry Labach Web application security
Consulting Testing applications Ethical hacking Programming best practices Web training and education 2011 Questions?
Agenda. The value of AP Computer Science Principles (AP® CSP) Course and exam details. Support for AP Computer Science Principles. Q&A. In this presentation, I will reinforce the value of AP CSP, I'll walk you through what's changed in the...
Letus augment θ units of flow along the cycle in the direction of its orientation. Increases flow on forward arcs by θ units and decreases the flow on backward arcs by θ units. The per unit incremental cost for this...
Geomorphology (sediment transport) H&H - how water moves through the system and the amount of water flowing through the river at different times. ... such as the FEMA surveys from the early 1980s - dual purpose to help in the...
Introduction. Purpose. Acknowledgments Environmental Public Health, University of Wisconsin-Eau Claire Hydraulic fracturing, or fracking, is a popular method for extracting natural gas from shale deposits below the earth's crust.
Which one will heat up quicker and will have a higher temperature? O = Ocean Currents Gulf Stream Warm water moves away from the equator Cold water moves away from the poles North Atlantic Drift W = Winds - pressure...
How do soils form? Processes. List the processes that occur in a soil? Give an example of each. Additions - rain adds water, dust adds minerals, as plants die and animals poop organic mater is added, humans also add fertilizer
A Real-time Non-intrusive FPGA-based Drowsiness Detection System. Salvatore Vitabile, Alessandra De Paola, Filippo Sorbello. Department of Biopathology and Medical Biotechnology andForensics, University of Palermo, Italy
Ready to download the document? Go ahead and hit continue!