Practising Safer Web Browsing Terry Labach Information Security
Practising Safer Web Browsing Terry Labach Information Security Services IST February 17, 2012 "People are terrible about making security tradeoffs. If you give a naive user a choice, such as, 'If you want to see the dancing pigs, you could be compromising your machine,' most users will choose the dancing pigs over security every time." - Bruce Schneier, security author and consultant, on
how computer users manage risks while using the Internet. [http://www.theglobeandmail.com/servlet/story/ LAC.20060803.TWVISTA03/TPStory/Business] Practising Safer Web Browsing 2 Outline
The risks The threats Taking responsibility Browser configuration Browser tools Questions Practising Safer Web Browsing 3
The risks Embarrassment Identity theft Financial loss Loss of productivity Practising Safer Web Browsing
4 The threats Government Businesses Criminals Practising Safer Web Browsing 5
Taking responsibility The basics Use good passwords Not in dictionary Reasonably long with mix of characters Dont reuse passwords Dont let browser save passwords Master password Password vault Practising Safer Web Browsing
6 "You know, I almost bore myself when I say to myself, 'It's time to get the groceries,' I certainly don't want to put it out there for people to read." - Eugene Levy, comedian, talking about Twitter in a Canadian Press interview. Practising Safer Web Browsing 7 Taking responsibility
Thoughtful browsing Dont give up personal information Date of birth Postal code or location Vacation schedule Social Insurance Number! Practising Safer Web Browsing
8 Taking responsibility Secret questions Use with caution Might be easier to reset your password than you think Fun With Secret Questions & Answers Practising Safer Web Browsing
9 Taking responsibility Maintain safe environment Keep operating system, browser up to date Apply security patches Be cautious using public Wi-Fi Use secure communications (https) Practising Safer Web Browsing 10
Taking responsibility Clicking on links can introduce attacks Poisoned search results Clickjacking Cross-site scripting Practising Safer Web Browsing 11 Taking responsibility Installing software Know what software needed for sites you
browse Enter software web site address yourself, dont click link Dont install software for unknown file types or oddly named files Practising Safer Web Browsing 12 Taking responsibility Separate browsing environments Have one user login id for social networking,
etc.; a different id for financial transactions Virtual machines (advanced) Use separate virtual computers on your PC for browsing with different security needs High security virtual machine has no unneeded software Practising Safer Web Browsing 13 Browser configuration
General principles Protect your information Protect your privacy Disallow access and execution Exceptions You will want to break these principles for good reasons at times Use principles as your default Practising Safer Web Browsing 14
Practising Safer Web Browsing 17 Browser configuration Chrome Limit cookie permissions Web content settings Practising Safer Web Browsing 18
Humanshave unacceptable speed and accuracy. (They are also large, expensive to maintain, difficult to manage, and they pollute the environment. It is astonishing that these devices continue to be manufactured and deployed. But they are sufficiently pervasive that we must design our protocols around their limitations.) - C. Kaufman, R. Perlman, & M. Speciner in Network Security: PRIVATE Communication in a PUBLIC World Practising Safer Web Browsing
Tools Web of Trust (WOT) http://www.mywot.com/ Ranks websites based on feedback from WOT users Adds links to search engine results Practising Safer Web Browsing 21 Tools
Ghostery http://www.ghostery.com/ Detect and block 3rd party tracking Shows the elements of web pages served from third parties Practising Safer Web Browsing 22 Tools Do Not Track Plus http://www.donottrackplus.com/
Detect and block 3rd party tracking Shows you who is tracking you Practising Safer Web Browsing 23 Tools View Thru https://chrome.google.com/webstore/detail/jkn cfnbcgbclefkbknfdbngiegdppgdd Displays the target of shortened URLs Known to be flaky in use
Practising Safer Web Browsing 24 Tools HTTPS Everywhere https://www.eff.org/https-everywhere Forces use of https protocol on web pages that support it Practising Safer Web Browsing
25 Tools Adblock Plus http://adblockplus.org/en/ Blocks ads while browsing Practising Safer Web Browsing 26 Resources - User safety
CERT - Securing Your Web Browser SANS - Browser Safety SANS - Secure Browsing Environment Canadian Cyber Incident Response Centr e U.S. Computer Emergency Readiness Tea m Practising Safer Web Browsing
27 Resources - Browsers Firefox Privacy & Security Internet Explorer Improve the safety of your browsing and e-mail activities Safari Security & Privacy
Chrome Manage privacy and security settings Practising Safer Web Browsing 28 Resources Tools discussed
NoScript Web of Trust Ghostery View Thru HTTPS Everywhere AdBlock Plus Do Not Track Plus Practising Safer Web Browsing
29 Resources Other Tools Facecloak Protect user privacy on Facebook Qualys BrowserCheck ensures browser and plugins are up to date Trashmail lets you use a disposable email address LastPass
Secure password vault Practising Safer Web Browsing 30 Resources Waterloo IST Information Security Services Terry Labach Web application security
Consulting Testing applications Ethical hacking Programming best practices Web training and education Practising Safer Web Browsing 31 Questions?
SGW also produced a number of more complex daily forms for tests like Cl2 demand, jar testing and chemical delivery. Although we were really happy with these forms we found it difficult to ensure all operators were using them as...
Efficient Markets Hypothesis - 3. 6/10/2013. Behavioral Finance [Textbook] Arbitrage: By simultaneously selling and purchasing identical securities at favorably different prices, the arbitrageur captures an immediate payoff with no up-front capital and no risk
In the short story "The Cask of Amontillado," Edgar Allan Poe uses imagery to create a horrific mood. by: Altay, Shawn, Peter, and Justin. Pg. 211 "We had passed through walls of piled bones, with casks and puncheons intermingling, into...
Define conquistador. Describe Cortes and his take over of the Aztecs. Describe Pizarro and how he took over the Incan empire. Describe how the Catholic Church influenced Spanish conquest. What were the early years of English settlements like in America?...
You can make up meetings by: attending another clubs weekly meeting, doing a online eclub meeting on the RI website, donating Blood, doing meals on wheels, volunteering for any Rotary sponsored community service project or attending any other Rotary event...
Ready to download the document? Go ahead and hit continue!