One document matched: draft-williams-inet-security-guidelines-00.txt
Internet Engineering Task Force
INTERNET-DRAFT Joe Williams
draft-williams-inet-security-guidelines-00.txt Logical.621.org
Expires February 2003 6 June 2003
Windows Internet Security and Privacy Guidlines
Status of this Document
This document is an Internet-Draft and is subject to
all provisions of Section 10 of RFC2026 except that the
right to produce derivative works is not granted.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as
Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other
documents at any time. It is inappropriate to use Internet-
Drafts as reference material or to cite them other than as
"work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/1id-abstracts.html
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html
Abstract
This document describes guidelines and good practices for
privacy and security while using the Microsoft Windows Operating
System. It also gives examples of software to protect the
users information. Background information of the Internet is
also included as a introduction.
A place of seemingly unlimited knowledge and
information would appear to be the least likely place for
thieves, epidemics and annoyances. But in this place they
thrive. This place that was once called ARPANET, is now
called the Internet. Many of us use the Internet to work and
to play, but who is watching us while we do our daily tasks.
Hackers, viruses, spy-ware and Trojan horses can find there
way to your computer this makes the Internet a very unsafe
place for you and your information. There are many ways that
the Internet is unsafe, Hackers, and etc., but what makes it
this way and how did it begin?
The Internet began as an ARPA (Advanced Research
Projects Agency), which is a part of the Department of
Defense, project called ARPANET (Advanced Research Projects
Agency Network). ARPA was created in response to the Soviet
Unions launch of Sputnik in 1957 and to use the computer
investment "via Command and Control Research" (Hauben.
"History of ARPANET" Par. 4). In the beginning ARPANET was
based on the idea of Dr. J.C.R. Licklider, the head of ARPA,
of an `intergalactic network' (Leiner et al. A Brief History
of the Internet.). After some planning and experiments the
first node of the ARPANET was installed at UCLA in September
1969, and then one month later at Stanford. Later there were
two more nodes installed at UC Santa Barbara and University
of Utah. After this many more were added.
The main purpose of this project is to move computer
technology forward. At the time the use of punch cards, and
batch processing was used, this was very inefficient. Batch
processing is a way to process data, which entails saving a
large chunk of data and processing it all at once. The
opposite of this is online processing which is processing as
the data comes in. Licklider wanted a global network that
was interactive. According to Hauben, Licklider was the
first to get a sense of a `sprit of community.' The idea
that many of the men involved had was that the computer was
not an "arithmetic engine" it was a medium in which to
communicate (Hauben. Par. 15). This is basically how we
view it today, more as a communication device than a number
cruncher.
In many ways the ARPANET project has changed what we do
and how we do it, though many people don't know it. It has
created new industries, ways to communicate and get work
done. But why did the internet become a dangerous place, for
one to communicate or store personal information? There are
many parts to this question.An increase in computing and
networking power, high availability of cheap computers and
internet connections, the large discrepancy between the
computer smart and not and Spy-ware.
Computers have exploded with power, with accordance
with Moore's law (computing power doubles every eighteen
months), and there has been no let up. The same, though not
as rapid, is for networking speed. At the time of the
creation of the ARPANET the connection speeds were around
2.4Kbs (kilobytes per second), later they were upgraded to
50Kbs. Currently a dial up connections are at the speed of
56Kbs. They could be much faster, but ISPs (Internet Service
Provider) must comply with FCC regulations. DSL (Digital
Subscriber Line) and Cable modems
have become extremely popular because of there high speeds.
In comparison the 50Kbs lines used in the late 60s by ARPA
where probably as fast as they could go whereas currently
the government uses fiber optic technologies to transfer at
OC768 which is equivalent to 40Gbs (gigabytes per second).
This is about 100,000 times as fast. The speed increase is
very similar for computers. Just ten years ago we were using
30 MHz 486 processors, now we have Intel Pentium 4s running
at 3 GHz. Getting to my main point, this increase of speed
causes the internet to be taken advantage of. If speeds were
still very slow many wouldn't have the time or patience
hack, create viruses, or anything else to make the internet
an unsafe place.
The computing industry has been a great boom for the
economy the past few years. The internet has been to us like
the steam engine was in the twenties. It has created new
jobs, industries and companies. With the popularity,
computers and internet connections have become cheap and
easy to get. Computer prices have fallen drastically; it is
not difficult to find computers for less $600. This is
because it has become easier and easier to produce mass
quantities of high quality and cheap silicon. Silicon is the
material many microchips are made of. Internet connections
are also cheap and in some cases free. Many local ISPs cost
around $20 for unlimited monthly usage, dial up service.
Most high speed connections like DSL or Cable modems are
available for approximately $50 a month for unlimited usage.
The data than can be transferred over a high speed line,
like DSL, is huge when compared to the cost per month. Cheap
prices can lead to the same problem as having very fast
computers the internet and related technologies become
abused and misused.
The next reason is the so-called "gap" between computer
savvy and computer illiterate. This is very obvious to me
because I work in the computer service industry. Everyday I
see individuals I work for having problems with their PC
that would not have happened if they were more informed and
educated. These people can be easily taken advantage of by
viruses and hackers. These people do not take any
precautions to avoid problems. There are many ways to
protect oneself from viruses, spy-ware, trojan horses, and
hackers.
The most popular and easiest way to protect yourself is
to use programs like "Nortons Anti-Virus" or "Mc. Affee Anti-
Virus." These programs search your hard drive, memory and
boot sector for any traces of know viruses, worms and Trojan
horses. A virus is a "A computer virus is a self-replicating
program containing code that explicitly copies itself and
that can "infect" other programs by modifying them or their
environment such that a call to an infected program implies
a call to a possibly evolved copy of the virus." (Hakim
Pascal. No Virus here at all, 1996.) A trojan horse while
similar to a virus is not at all, trojan horses are used to
make a backdoor into your computer, letting in anyone with
the know how to use them. A worm is usually a Visual Basic
script that is sent with an email. This is replicated and
sent to all of your friends and family in your address book
on your computer. Theses can cause security holes in your
system. Using anti-virus software can rid you of many of
these annoyances, but as I said all they can do is search
for known viruses. They are other ways to protect yourself
against viruses too.
One is to turn off any macros; these are small programs that
you may be using in "Excel" that do repetitive jobs for you.
These macros are made the same way worms are, with Visual
Basic. Another way is to always back up your important and
irreplaceable documents. This is easily done with floppy
disks or a CD-RW. With the proper steps anyone can be virus
free.
There are many ways to secure you and your information
from hackers. The ways I will discuss are firewalls, VPNs
and encryption. Firewalls are gaining in popularity because
of there ease of use and simply the need for them. What a
firewall does is it blocks traffic in and out of your
computer. This blocking mechanism can be configured by the
user, according to the needs of the individual. Everyone
using broadband should use a firewall because of the nature
of there connection. Broadband, like DSL or cable, have
connections that are always on and have an IP address that
is static (never changes). Whereas a person's IP with a 56k
connection dials-up every time, in order to receive an IP.
An IP (internet protocol) is the way that most computers are
addressed in order to communicate between one another.
Some individuals have the need to transfer files from
home to work and vise versa. VPNs are used to keep this
connection secure. A VPN (virtual private network) is just
that. Its virtually private in the sense that the software
on the switch at the company site is separating the physical
port the individual is using from the rest in order to make
it private and secure from intruders. A switch is a
networking device that specifies addresses to physical ports
and sends information directly to the specific physical
port. An example is if computer A at my home connects into a
VPN at Joe's Soap Company,on port eleven on the switch.
No one else can use that port unless they are part of
the VPN i.e. other employees, thus making it secure.
Another way to protect your information is to use
encryption. There are many free and inexpensive encryption
programs floating around on the net. These are base on
algorithms and passwords. There are many specific algorithms
examples would be PKI and PGP (Pretty Good Protection).
Documents that need to be secured can be encrypted and
password protected using these types of programs. Suppose a
person has a financial document that they want to get to
there CPA by email. The sender can encrypt the document and
send it to the CPA. The CPA or anyone else cannot look at
the document unless the sender gives him/her a key for the
encrypted file. A precaution with encryption is that with as
much computing power as many of us have the algorithms can
be deciphered. When making passwords/keys use many letters,
numbers and symbols in a random order, this makes them
harder to figure out.
Spy-ware is a huge problem with the internet right now.
This isn't like the problems with viruses and hackers, which
is obviously illegal. The problem with spy-ware is deciding
its illegal and what is public information and what is
private. The questions I will be answering are what is spy-
ware and is it illegal?
First of all, spy-ware is any program on ones PC that
can take information, without one knowing, you enter and
send it to another PC somewhere else. This is why it gets
the name spy-ware, software that spy's on you. Some forms of
spy-ware include cookies, downloading software, instant
messaging software, and many others especially free
software. I am sure most have heard of cookies, these are
files stored on ones PC when one visits a website.
The information stored is how long they stayed, what
type of website it was, and etc. This is not the problem,
but what happens next is. The next website one visits can
then read those and collect demographics. The rest of the
examples of spy-ware run this
way. Once one installs a program with spy-ware on it on to
the PC, that program then monitors your activity. The
program monitors much of the same information that cookies
do, including web addresses. All this information then can
be sold to companies to find marketing and demographic
information.
I believe that spy-ware should be banned and that it is
totally illegal. Cookies and others are infringements of my
privacy. What I do in my own home is no one else's business,
unless I am hurting myself or another. This spy-ware gets
information about me and what I do on the net. So, if I buy
a shirt from the Gap.com not only does the Gap know, but the
Gap's competitors know as well. This is total misuse of the
internet. My information is just that it is mine. I can deal
with taking surveys and that sort of thing but, the
involuntary take of my information is wrong. To solve this
problem the government needs to set guidelines on really
what is public information and what is private. Europe has
done this with great success. Their guidelines are basically
and information taken involuntarily form a individual is
wrong and that information is private. For example, if a
business person wants to collect information about the
people walking down the street for cotton products he can't
sit on the corner and write down information, he must gain
consent from the person before collecting. This is how the
U.S. should take care to the problem. Because I value my
personal information and don't want XYZ company know
everything about me.
With all this in mind the internet becomes a haven for
underhanded schemes and individuals. The stealing of
information and basically making things hard for everyone
else is common place in the once secure ARPANET. Even with
the problems we face with the internet, it is still an
amazing source for information, including all that was used
in this document. As long as one is knowledgeable in
protecting their information the internet is a safe place
for all.
References
Delger, Henri. Computer Virus Help. 1995.
<http://pages.prodigy.net/
henri_delger/index.htm>.
Home PC Firewall Guide
<http://www.firewallguide.com/index.htm>.
Hauben, Michael. "History of ARPANET, Behind the Net - The
untold history of
the ARPANET."
<http://www.dei.isep.ipp.pt/docs/arpa.html>.
Ludwig, Katherine. "Security Awareness: a Lack in Security
Consciousness." 25
May 2001. <http://rr.sans.org/aware/lack.php>.
Leiner, Barry M., Cerf, Vinton G., Clark, David D., Kahn,
Robert E., Kleinrock,
Leonard, Lynch, Daniel C., Postel, Jon, Roberts, Larry
G., Wolff, Stephen. "A Brief History of the internet."
4 Aug. 2000. <http://www.isoc.org/internet/history/>.
Pascal, Hakim. No Virus in here at all. 6 Oct. 1996
<http://www.geocities.com/
siliconvalley/1710/index.html>.
Stein, Lincoln D., Stewart, John N. "The World Wide Web
Security FAQ." 4 Feb.
2000. < http://www.w3.org/Security/Faq/www-security-
faq.html>.
Schlesinger, Lee. "Your Biggest Threat." 1 April 2002.
<http://techupdate.zdnet.com/techupdate/stories/main/0,
14179,2859492,00.html>.
Tyson, Jeff. How VPNs Work.
<http://www.howstuffworks.com/vpn.htm/printable>.
Wiggins, Richard. "Al Gore and the Creation of the
Internet." 1 Oct. 2000.
<http://www.firstmonday.dk/issues/issue5_10/wiggins/>
| PAFTECH AB 2003-2026 | 2026-04-24 07:13:47 |