Conclusion

There are many dangers on the internet. In an effort to stay safe while enjoying the benefits that the internet offers, certain measures should be taken. This course makes an effort to highlight several of the simple or fundamental steps that should be taken by any user on the web.

A phrase I learned from Saturday morning cartoons is "Knowing is half the battle." Being aware of the dangers that may be present on the internet goes a long way to avoiding them. It is also important to realize that knowledge in of itself is useless if it is not acted upon.

The final project for this course I found interesting. I struggled to collaborate with my team members to the depth I wanted.  Much of the work done on the project was done offline, which excluded my participation.  I was able to help with some final edits, and narrated the project video. The project can be found below.

Wireless Access: The battle between convience and security

With advancements in technology, computers become smaller, faster, and more mobile. As the devices become more mobile, need to connect them to the internet without being tied to wires becomes more important. Wireless networks are found in homes, public areas, retail stores, schools, and many other places. Even in some churches wireless networks can be found. With wireless networks sending out a signal that anyone can find, how can these networks be kept safe?  

Home Wireless Networks 

 In many homes, several different devices are connected to the network. They range from computers to phones to TVs to lighting and heating. Though turning off the wireless may be the only way to be sure no unauthorized devices connect, that is not always a practical solution.

• Change the Admin Password - Wireless routers come with a default admin and password set. This password should be changed as soon as the router is set up.
• Encrypt and password protect - One important thing to do with any network is to make sure it is encrypted. WPA2 is currently the strongest wireless encryption available. There is no reason a wireless network should not be encrypted at this level. If the wireless router is unable to support this, then it is time to upgrade to a new one. With the encryption a password or other secure handshake should be used. Below is what my encryption setting looks like.
  
  
• Hide SSID - The SSID is the name of the wireless network. Many routers have the ability to have this not broadcasted. This would mean that the device will need to know the SSID to connect.

• Restrict devices that can connect - It is also a possibility to restrict what devices are able to connect to the wireless network through MAC addresses. MAC addresses are the unique code for each network card. This is done through the Wireless router.

• Update firmware - From time to time an update to the router may be available. It is important to keep this up to date as it may fix vulnerabilities in the router.
• Monitor the network - Make sure that firewalls and other security applications are in place and up to date. Many routers will also allow you to see what devices are connected, and this should be check occasionally.

Business Networks

With businesses trying to cater to the needs of their clients and reliance on mobile devices, wireless networks are found and being installed in many locations. The business owner has a responsibility to keep sensitive data safe. This takes many steps. Several of these steps are the ones that are taken for the home networks. Additional steps taken are setting up a second wireless network separate from the business network for guest access, adding software to monitor network traffic, and other security measures.

Related Links

• 5 Key features to include in your retail wireless network access 
• Securing your wireless network
• Guest mode on home routers
• Why Comply with PCI Security standards
• Fighting Cyber Crime in the Retail World

When Danger Comes Knocking

Cyber criminals are constantly developing new and better threats. They discover and exploit holes in software, and build off of and disguise existing threats. Just having a computer on the network makes it a potential target.

• Known Threats

Software updates and Patches

Operating system and software developers work towards plugging those holes and making their software safe from those attacks. These fixes come in the form of updates, patches, and new versions. The updates are only beneficial if they are actually installed on the computer. It is up to the computer user or system admin to make sure that the auto update is turn on or that there is some method to routinely install these updates.

Antivirus software

Antivirus software attempts to identify and stop the threats from infecting the computer. This is another essential component to keeping a computer safe on line. Just as with other software, this too must be updated routinely.   New definitions are pushed out, often daily, as new threats are identified. Antivirus companies require a subscription for these definition updates to be received by a computer. The following picture is the interface of the antivirus installed on my computer. My primary device is a corporate owned laptop. This antivirus software is an enterprise level antivirus protection that my company recently moved to from Symantec Endpoint Protection. System Center Endpoint Protection is a Microsoft product.

System Center Endpoint Protection

Be careful when selecting an Antivirus product as there are fake ones out there as explained in this clip.

Backup and Restore point

Even with all this protection, it may be possible for an attack to find its way through and infect your computer. Having documents and files backed up to an external drive provides a way to keep them safe should something happen to the computer. Operating systems often have a built in mechanism to restore the computer to a point from an earlier time. This function can be used to restore the computer to a point before it got the virus and then updates should be used to protect it from being re-infected. The following video is a walk-through of using a restore point in Windows 7.

Just a Little Fish in a big Ocean?

Even though we may see ourselves a little fish in this ocean of data and users, there are predators actively and passively seeking to collect our Personally Identifiable Information, Credit card information and more. It is important to recognize and actively avoid their snares.

Definition Phishing

• Phishing is where email or malicious websites are used to collect personal and financial information or infect your machine with malware and viruses.
  
  

 Recognizing Phishing

•  Spelling and Grammar Mistakes -  Spelling and grammar mistakes are often seen in phishing emails. Companies often take great pain in making sure that their emails and sites are professional. Cyber criminals are not known for their spelling or grammar. Having these mistakes in a site or email, may be a reason to start to question it.
• Generic Greetings - Phishing emails tend to start with generic phrases like "Dear valued customer" or your email account name, instead of your name. Most legitimate companies include your name in their correspondence because companies will have it on record (if you've dealt with them before).

• False links -  Be cautious of links. Before clinking on links, make sure you know where they will take you. Move your mouse over the link, and leave it there for a moment (without clicking) and it should display the path the link will take you. The link path may show at the bottom of the browser depending on which browser you use. 
•  Asking for Personal Information - If you receive an email requesting personal information, do not provide any information. Do not reply to the message or click any of the links in the message. Businesses have more secure methods of collecting this information. They will often have secure sections of their sites designed to give and receive information safely.
• Threats - If the email states that if you do not respond now or it is a limited time offer, this wording is designed to have you make an impulse response due to this sense of urgency. If it appears to be a company that you have business with go to them by going to their site in a new browser session and getting contact information from there or signing into your account.

 

Other Modes of Phishing

Technology continues to advance and evolve. We will seek to use these advancements to enrich our lives. Criminals will seek to use these same tools against us. Phishing can come through phone calls, text messages, and have been seen on social sites.

 

What to do with Phishing Attempts 

Report any emails to the Federal Trade Commission and other agencies as described on this link. Reporting these emails will help these agencies to fight these types of scams. If the sender is trying to pose as a actual business, let that company know.

 

Where to find out more

Here are some additional resources to learn about these crimes.

US Securities and Exchange Commission - "Phishing" Fraud
Microsoft - What is Phishing
StaySafeOnline - Spam & Phishing

The battle between the customized web and protecting privacy

With the internet being such a vast expanse of information, there is a desire to customize the internet to the individual, to be able to quickly find or access what one is looking for. Companies want to drive perspective customers to their sites, and then to make it easy for them to spend money. These seem like worth while goals, but is the a cost to facilitating navigation through the web?
  

PII, Cookies, and Deep-packet Inspections, Oh my

To begin, let's define a few terms:

PII, or Personally Identifiable Information, is any information that can be used to distinguish a person's identity.
 More on PII on www.gsa.gov
 

A cookie is a piece of text that a web server can store on a user's hard disk. Cookies allow a Web site to store information on a user's machine and later retrieve it. The pieces of information are stored as name-value pairs.

 Article on cookies

Deep-packet Inspection - Through Internet service providers, companies are able to gather information on full extent of computer usage. Every site visited, every search, even every email sent can be harvested. This information is then used to profile a person’s interests, and then sold to advertisers to allow for targeted ads. Companies involved say that customers’ privacy is protected because no PII are released.

 Washington Post article on Deep-packet inspection

Companies Selling information on their Customers

Whether we are aware of it or not, many of the companies we do business with sell information on us.  Any information they have access to (items searched for, location, gender and so for) has the potential to be used or sold to a third party. Often on their site is a privacy policy outlining what they collect and how they use it and share it with other companies. With information passing between companies, how is that information safe guarded? How many customers take the time to educate themselves on these practices? If kept anonymous, at what point does this packaged information lead to a detail profile that can lead back to the user and therefore be view as PII? Do the companies with these practices have a clear way for their customers to opt out?

 Walmart's Privacy Policy

Insight from two Business owners

As part of my research I asked some business owners for their views of these practices. The following are their responses.

Adrian Dayton, founder of ClearView Social, Inc 

"1. Should people buy and sell this information? Absolutely. Not because it is creepy or weird, but because it helps us understands somebody's needs better. Take Facebook for example, through seeing what you look at, they can tailor adds to your liking. Contrast this with news sites that share with everyone the same article to help reduce belly fat. I have some belly fat, but certainly not enough to want to spend money to get rid of it. 

2. The limitations are pretty obvious in my opinion. Information must be anonymized. This is the only way to guarantee that you maintain the privacy of individuals.  This is the pact, we share our information and in exchange they keep in anonymous and sell us the things we have demonstrated we are interested in. 

3. There needs to be some disclosure and some way for consumers to opt out. There is something similar to this that exists right now, where you can disable cookies, but you can only take advantage of that if you are familiar with the way this data is collected and used. In my opinion there should be far better disclosure for all users of this information."

Drew Payne, owner of Payne Brothers Custom Knives

He started off his response by saying he would not sell information without the customers knowledge, he would not sell it period. He stated, "I don't want to loose a potential customer because word got around that I do that." He went on to say how he hates being inundated by spam email, junk mail, phone calls, or other forms of ads just because he has done business online. As a small business, in order to do much of the data collection, an outside company would have to be brought in for that. Just because they state that their databases are done by client ID and does not contain person information, it does not mean they do not come across that or that their information is not enough to create a profile to get that. Gathered or sold information finding it's way into the wrong hands can cause severe issues to his customers. He concluded by stating that, "I would suffer through being a new small business than to do that to someone."

Conclusion

Businesses that participate in ecommerce should make every effort to protect those who do business with them. There is much that can be done to protect personally identifiable information. Through search engines, prospective customers are able to shop around, not only for the best price and quality, but also for a business they are willing to trust. At a time when one mistake can kill a reputation and business, it becomes important to be transparent in dealings with customers. If a company is going to collect or sell information gathered from their costumers, they need to make sure that they clearly state what is collected, with whom and how it is shared, and how it is protected. 

Individuals should take the time to understand how and what information is being collected on them. When seeking the best deal, make sure that PII is not part of the cost. 

Becoming a Digital Citizen

In this ever developing computer age, it is important to recognize how technology has an effect upon us. We must be conscious of our digital footprint and how it may affect our daily life. We must understand our role as a citizen of this digital world. 

 

Just as when we walk on soft ground or sand leaves footprints, so also as we move through the internet we leave evidence of our presence. Each time we click like, post a comment or post, or we are leaving a trace of our digital presence. Each of these activities adds to our digital footprint. In the early 1600’s Francis Bacon wrote, “Knowledge is power.” Just as it was true back then, it rings true now. What power does our digital foot print give others? Does it give someone a reason to be at odds with us? Does it provide so much information to allow passwords to be profiled? Does it set a pattern that a predator or other criminal can use against us? Could it sway a possible employer for or against us? Knowing who can see our digital footprint and how it would reflect upon us, can empower us to make wise decisions when it comes to our online presence.

As we seek to continue our presence in the digital world, we become a part of the digital community. We should strive to be a digital citizen. Citizenship in a country guarantees certain rights and responsibilities. Several sites seek to define digital citizenship and the rights and responsibilities associated with it. One of these sites is Digitalcitizenship.net. In their article “Nine Elements,” they lay out nine themes of digital citizenship. A few of these themes are Digital Communication, Digital Literacy, and Digital Health & Wellness.

·         Digital Communication – Defined as the “electronic exchange of information.”

o   My family is spread across the country and at times we have been spread across the world. We needed a way to stay in contact with one another, and were able to do so through blogs, face book, and email.

·         Digital Literacy – the “process of teaching and learning about technology and the use of technology.”

o   Technology must be embraced in what is taught and how it is taught. I am in school working toward an associate in Computer Information Systems. It will be a completely on line degree. With so much available, each Professor is able to embrace different technologies in presenting and structuring the courses.

o   “As we learn we learn to learn.” That was something I was fond of saying when I was younger. I have been working in the same department, but on different teams as my father for the past eleven years. His team is often seen as an escalation level for problems our team faces. On several occasions I have turned to him with issues. Rather than just handing me the answer, he would point me in the direction to find the answer.  In such a way he was able to teach me to use the technology available to not just find the answer to the issue I was having at the time, but to be able to use the same methods to resolve future issue.

·         Digital Health & Wellness – “physical and psychological well-being in a digital technology world.”

o   I spend eight hours a day in front of computers at work. Ergonomic guidelines and technologies are available to reduce strain from computer work. These include things from height of the monitor to special keyboards. Employing these will provide lasting effects in the work place.

Introduction and Purpose

I am taking Principles of Computer Security during this the fall semester at NCCC. This blog has been created to fulfill a requirement in this course. It will serve as an avenue for me to voice my reflection of the course material. It will provide the professor a way of gaining further insight into my understanding and thoughts upon this course.

Writing is an extension of thought and learning. Maintaining a writing journal will allow me to further structure and strengthen my understanding. Though I have authored blogs in the past, this will be the first time using one as a learning tool.