Securing Your Online Privacy
ITS 351
Securing Your Online Privacy
11/16/09
Prepared by:
Tracie Sandefur
Marcus Strenkowski
Jeremy Shoup
As technology has advanced and use of the internet has exploded in recent years, issues of online privacy now confront many individuals. Although no single definition of privacy exists, everyone acknowledges the threats to individual privacy facing online users, and many now search for ways to reverse the problem. Nevertheless, while there have been some advances in protecting online privacy, countless threats still exist, and many individuals are unaware of the depth of the problem or what they can do to protect themselves. This paper addresses various tactics one can employ to protect his or her privacy online. Overall, individuals can utilize various hardware and software to thwart threats to privacy, and general awareness of options available online can also help users keep their privacy intact.
At the center of every computer network is the actual hardware that makes the systems run and operate on a day-to-day basis. What many people do not realize, though, is that some of this hardware plays a key part in ensuring everyone’s online privacy. Without these devices in place, computers and other network devices are much more susceptible to viruses that infringe on privacy rights by logging keystrokes, tracking internet surfing habits, and many other things that are in clear violation of any user’s privacy.
The main piece of hardware that protects privacy is a firewall. Firewalls are widely used in every industry and are, without a doubt, a necessity for any home or business that plans on connecting outside of their own private network. In today’s society, many people are aware that they need some form of firewall in place before connecting to a network, but few people actually know or understand exactly what they do or how they work.
The basic rule of firewalls is to block all incoming traffic and allow in only what is absolutely necessary. This rule exists because there is a lot of traffic on a network that happens in the background without the end user even knowing that it is happening. The firewall filters out all of this needless information, stopping it from interring in to the private network which cuts down on network congestion. At the same time, this stops viruses from interring the network which protects all of the network users’ privacy. These filters can be set up to check a variety of different things including: IP addresses, domain names, protocols, ports, and specific words and phrases (Tyson, 2009). However, the most notable of these are the ports. Viruses are always set to enter a computer through a specific port number (0-65535). When one of a computer’s ports is open, any information can enter or exit through it. To help prevent any unwanted information entering (viruses), a firewall makes all of your ports invisible to anyone outside of your network. This makes it nearly impossible for a virus to enter your computer solely through an open port (you could still download a harmful .exe file and get a virus, but that would not be due to the firewall).
Another piece of network hardware that helps ensure users’ privacy is properly installed and managed servers. Data breaches in corporate networks have become all too common in recent years. When information is leaked or stolen off an insecure server, it can be detrimental to anyone in the stolen records. People’s identities can be taken this way, which leads to years and years of paperwork and headaches to repair the damage that has been caused. In many cases, it can also lead to lawsuits which cause the individuals further damage in legal fees. To stay away from this happening in the first place, there are many things a network technician or administrator can do when setting up a secure server that will help ensure that all the information that is stored in it stays private and out of a hacker’s hands.
One of the easiest ways to help ensure a network server is secure is to uninstall every piece of software that is not absolutely essential for operation. Since all software has certain weak spots that can be exploited, uninstalling everything that is not necessary will reduce the chance of a server being hacked (Thomas, 2008). Another easy way to make sure a server remains secure is to routinely run updates for all of its software (Thomas, 2008). At first this seems like an easy step, but not having an updated server is one of the most common ways information is stolen or leaked. Usually companies release patches or updates to software because a weakness has been found that could potentially cause security or privacy problems. So, not updating the machine would potentially put you at risk for having that weak spot exploited and having information stolen from the machine. Updating your server is clearly the easiest way to keep it secure and is definitely one that should not be overlooked.
The last step in any server installation would be having an outside audit. This is usually the most effective way of insuring that your server is completely secure from outside attacks. In an external audit, a company that specializes in security attempts to hack in to your server from outside and inside your network. If they find any weaknesses, they are reported so they can be fixed to prevent against any future attacks. An outside audit is very beneficial, and it is a very important step in any network installation.
Equally as important as hardware, software also plays a key role in securing one’s online privacy. When it comes to protecting ones identity on the Internet, everybody needs to take the proper precautions to make sure they are not hacked or phished. One of those ways of protecting your identity is through software. One of the types of software many rely on to protect them while surfing the web is firewalls. Firewalls are software programs that go through all the traffic flowing to someone’s computer and filter it. By doing this, users can take the first step to prevent their computers from being attacked.
The way traffic is filtered is through a set of rules. These rules can be established by anybody who runs the firewall, from a couple setting up their brand new computer to a network advisor for a company. The rules can be set up in many different combinations for the most optimal way to secure your computer.
As explained earlier, when it comes to filtering the traffic, firewalls can do it three different ways. The most common way of filtering is just regular packet filtering, also referred to as packet purity. Its job is to look through all the packets flowing to the machine and check to see if they are offensive or unwanted. The second way of filtering traffic is through proxy. This way turns the firewall into a fake recipient basically taking the traffic and reading it as if it was the machine itself. After it reads the traffic, it then forwards it to the actual recipient. The last way a firewall can filter traffic is by inspection. With inspection, the firewall looks through all of the packet’s information looking for relevant information that is coming through, and then based on that, it allows or denies traffic from coming through.
The next way to protect your computer from the risk of identity theft, is the standard anti-virus protection software. This is a good thing to have on one’s machine because with many viruses currently out there, one wants to keep the machine up to date with the protection it needs to keep from getting infected. Having the anti-virus protection software can prevent the attack of a machine by a virus, and this is very helpful because the viruses that are out there can not only cripple your computer, but they can also hide in your machine and allow others to look inside your files. This is a significant threat to users because if one has any files on a computer with personal information, it can be extracted and used maliciously. Another reason why one would want anti-virus software on their computer is because there are viruses that can infiltrate your machine and be used to watch what one types. In doing this, it then sends the information back to the hacker that sent the virus. The hacker can then use the keystroke information and match it up to what sites one visited and to get valuable information from users such as credit card information or passwords to banks and then steal information from you.
The next thing that people buy software for is spyware and adware. Spyware is a form of malware that is put on people’s computers without them knowing and it then looks at the behaviors the customer exhibits on the internet. With this type of program placed on users’ computers to look at online activity, one can never know if it can be used for evil instead of good. To make sure one is not exposed to those he or she does not know on the internet, one should invest in anti-spyware software to help keep it off the computer. What this software does is remove the spyware from computers, and it also intercepts and throws away the spyware before it is installed on a machine.
When it comes to protecting your computer from all of these elements, it seems safe to go out and buy all of the previous types of programs, but there could be a simpler and more economic solution. That solution would be an internet suite program. Just like an anti-virus and firewall program, an internet suite program protects your computer from unwanted visitors and viruses. Using this, consumers can kill two birds with one stone. These programs also go beyond the traditional anti-virus and firewall software and make sure that one has a safe and successful time on the internet by giving the customer actual identity theft protection. Companies like Norton add features on their programs that look out for sites that phish people’s identities. When you do searches online via Google or Bing, the program notifies you which sites in your search results might not be safe. The best thing these programs do is prevent hackers from listening in to what one is doing on the internet. By doing this, the program encrypts the packets going out and being exchanged between the two machines. This makes it harder for the hacker to get any important information from the user, like a credit card number or home address. With the help of these different types of software that are out and available for the common user to use, there is no need for anyone to worry about his or her safety on the internet.
While software and hardware can go a long way in protecting one’s privacy, a general knowledge and awareness of internet practices is also crucial for online users. As mentioned earlier, firewalls play a pivotal role in defending users against invasions of privacy, and as such, online traffickers need to be aware of the presence and necessity of firewalls on their personal systems. In addition, a properly updated and maintained device is important to protect users online, and as discussed previously, it is often wise to delete all unnecessary programs in order to decrease the chances of a breach in user privacy. Another seemingly simply aspect many individuals overlook is the physical security of their devices. It is very important that users keep their computer in a safe location and make sure their passwords are protected. It also makes sense for users to change passwords regularly and to back up important files from their devices. It may seem simple, but physical security is often the first step to maintaining privacy. Overall, by properly updating their systems, and by maintaining a sufficient firewall and keeping their device in a secure location, individuals can increase the chances of maintaining their privacy online.
In addition to updating devices and focusing on physical security, online users should utilize the options provided by many websites’ privacy policies. In these policies, many websites offer users the choice of opting out from various information gathering practices, and if individuals take the time and effort to utilize these options, they can further maintain their privacy. For example, many websites collect user information, such as buying preferences or what advertisements are well-received, and store this information, which they can later sell to third party companies. By opting out of these practices, users can somewhat avoid having their information collected and sold to outside vendors. It may take added effort, but it is worth protecting individual privacy to utilize opt out functions provided by websites.
In addition, users can look for various seals of approval many websites display in order to indicate their commitment to user privacy. For instance, TRUSTe is an outside company that validates website’s privacy standards and then allows the website to display a TRUSTe symbol, indicating to consumers that the website has acceptable privacy practices. The Better Business Bureau also verifies privacy standards as well as general business practices, and as such, consumers can also see if a website is backed by the BBB to get an indication of their commitment to high standards of business. These privacy seals may not indicate perfect protection of privacy, but they are a great way for consumers to start being aware of online privacy practices.
When surfing online, individuals also need to be aware of various internet practices, such as phishing, spam, and cookies. Many websites place cookies on individual servers in order to allow that website to track patterns of use and various websites visited, and as mentioned previously, this information is often stored and can be sold to third party companies. However, users can defend themselves against this by setting their browser to reject various cookies or only to accept cookies when asked or from specific websites. In addition, users should delete their browsing history often in order to clear out cookies and other information stored in their server history. Another common practice in the online world is phishing and/or spam. In this, individuals or companies send someone an email or other notification trying to convince him or her to respond by providing personal information. It is very important for consumers to report these messages as spam and delete them as soon as possible. One should never respond to a suspicious email requesting personal information. In fact, as a general practice, consumers should be extremely cautious when providing personal information on the internet, even with trusted sites. Users should give as little information as necessary in order to minimize the risks of a breach of privacy.
As previously discussed, password utilization and protection is also very important in making sure that user privacy remains intact. In addition, users can often implement forms of encryption in their emails and other online communication as well. Encryption can help ensure that if a message is intercepted, it is not easy to decipher and share, thereby keeping the content of the message private. Users should also consider using several different email accounts, with one account designated as the “clean” account. The clean email account should be utilized sparingly for specific information from trusted websites and companies. Other email addresses can be given more frequently, but these accounts should have less information provided about the actual operator. This tactic will essentially help filter emails, with more spam and junk emails going to various email accounts while one account remains “cleaner”.
Internet users also need to acknowledge and be aware of employee monitoring at their place of work. Often, employers will monitor the sites employees visit and what they do on various websites, and this data is stored by company servers. Some companies also log keystrokes and other data in order to measure efficiency and productivity. Users need to be aware of this, and it is often a good idea to avoid doing personal online surfing while using a work device or an employer’s wireless system. This will prevent employers from observing employee habits and therefore can help maintain individual privacy while online.
Another important aspect of internet surfing that users should be aware of is who to contact if something does go wrong. If an individual’s personal information is breached, then he or she needs to know how to rectify that issue as much as possible. There are many routes one can take to report possible violations of privacy, one of which being contacting the site itself. Individuals can also contact the Federal Trade Commission to report internet fraud, or they can contact the Identity Theft division of the Federal Trade Commission to report possible leaks of personal information. To report spamming or phishing, individuals can contact either the Federal Trade Commission or awareness groups, such as The Anti-Phishing Working Group. Individuals can confront situations in which there have been violations of their privacy, but they must first be aware of the options available to them.