Ethical Hacking and Countermeasures V6 Exam 312-50 Certified Ethical Hacker Privacy on The Internet Module XLV Page | 3395 Ethical Hacking and Countermeasures V6 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Module XLV Privacy on The Internet Ethical Hacking and Countermeasures Version 6 Ethical Hacking and Countermeasures v6 Module XLV: Privacy on the Internet Exam 312-50 Ethical Hacking and Countermeasures V6 Exam 312-50 Certified Ethical Hacker Privacy on The Internet Module XLV Page | 3396 Ethical Hacking and Countermeasures V6 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited News Source: http://news.bbc.co.uk/ News According to the Consumer group Which?, the members of some sites like Facebook, are keeping themselves open to identity theft attacks by exposing the personal information to thousands of other members on the network. According to the Which?, members of various websites are at a greater risk because they are targeted by fraudsters. Which? added that the attackers can collect private information which can be used to reveal the pin number and other security details. In a Facebook network, the personal information of a user can be seen by thousands of other members if he/she sticks with the default privacy setting. Which? said that the Facebook allows their users to customize their security settings to a level where they feel comfortable with a Facebook spokesman. Ethical Hacking and Countermeasures V6 Exam 312-50 Certified Ethical Hacker Privacy on The Internet Module XLV Page | 3397 Ethical Hacking and Countermeasures V6 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited News Source: http://media.www.thetriangle.org/ News JuicyCampus.com recently made headlines for providing mechanisms for anonymous users to exploit the personal information of other users. Sexually explicit recollections and possible fraudulent reports expose users by their name across the Internet. In the last few days, seven colleges have banned the gossip website due to sexually explicit recollections and possible fabrications that mention students by name. Student leader Andy Canales from Pepperdine announced that many students from the student body have opposed these gossip websites. Recently, many students voted 23-5 in Pepperdine to ban these gossip websites as these websites pose privacy risk for users. Ethical Hacking and Countermeasures V6 Exam 312-50 Certified Ethical Hacker Privacy on The Internet Module XLV Page | 3398 Ethical Hacking and Countermeasures V6 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited News Source: http://media.www.thedailyaztec.com/ News The use of the Internet and computers is increasing every year and may lead to difficulty in preventing the data mining and breaches of privacy. In the past few years, there have been many breaches on the piracy on the Internet. When user visits to a website, the account details are stored in the cookie for the next visit. Yahoo!, Google, and Facebook are running their websites in this method. When you shut down your computer or disconnect from the Internet, you can find that you are still logged in on your account. Cookies allow others to track your information on the web. In 2005, the Associated Press discovered that the National Security Agency was tracking Internet users’ information. It had created a cookie that tracks all the users’ information who visited the website. While surfing the website, users are advised not to use their name, address, and other details, such as a credit card number. Ethical Hacking and Countermeasures V6 Exam 312-50 Certified Ethical Hacker Privacy on The Internet Module XLV Page | 3399 Ethical Hacking and Countermeasures V6 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. EC-Council Copyright © by EC-Council All Rights Reserved. Reproducti on is Stri ctly Prohibited Module Objective • Internet Privacy • Proxy Privacy Configuration Modes • Email Privacy • Internet Privacy Tools: Anonymizers • Internet Privacy Tools: Firewall Tools • Internet Privacy Tools: Others • Countermeasures This module will familiarize you with: Module Objective This module will familiarize you with: Internet Privacy Proxy Privacy Configuration Modes Email Privacy Internet Privacy Tools: Anonymizers Internet Privacy Tools: Firewall Tools Internet Privacy Tools: Others Countermeasures Ethical Hacking and Countermeasures V6 Exam 312-50 Certified Ethical Hacker Privacy on The Internet Module XLV Page | 3400 Ethical Hacking and Countermeasures V6 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Module Flow Internet Privacy Proxy Privacy Email Privacy Internet Privacy Tools: Firewall Tools Internet Privacy Tools: Anonymizers Internet Privacy Tools: Others Countermeasures Module Flow Ethical Hacking and Countermeasures V6 Exam 312-50 Certified Ethical Hacker Privacy on The Internet Module XLV Page | 3401 Ethical Hacking and Countermeasures V6 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Internet Privacy Internet Privacy gives the security to an individual to access the Internet, so that no one can detect or intercepts his/her personal information Issues with Internet privacy include knowing what personal information is available online It can be managed by web browser cookies and preventing pop up advertisements Internet Privacy An individual’s personal information is exposed while accessing the Internet. A web browser stores this information in the form of cookies. Internet privacy gives the facility to an individual to secure the personal information, without detection or interception by the third party while accessing Internet. If people are aware of what is done with their information collected online, they will be cautious while entering some information asked by any website. In the United States, Canada, and many other countries, there is a law for Internet privacy information that safeguards the customer’s privacy. As the technology of power processing, data storage, and retrieval areas is advancing, Internet privacy becomes a pressing need for consumers. The global standard for online Internet privacy policies is a platform for privacy preferences (P3P). This P3P copy of privacy policy runs at the background and checks Internet privacy practices against the user’s settings and a popup is shown to the user whenever the exploit occurs. Internet privacy revolves around the data, which is nothing but the formatted information that can be fed in to the system. The data has the capability of identifying the person based on the analysis of personal information entered. As per the individual privacy information is concerned, both tangible and intangible values are associated. Ethical Hacking and Countermeasures V6 Exam 312-50 Certified Ethical Hacker Privacy on The Internet Module XLV Page | 3402 Ethical Hacking and Countermeasures V6 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Proxy Privacy Proxy Privacy Settings allow to configure the type of concealment for the proxy server Concealment includes to strip certain HTTP headers from requests as they pass through the proxy Types of proxy privacy concealment: • No Concealment • Standard Concealment • Proxy Privacy Paranoid Concealments • Custom Proxy Privacy Concealment Anonymous http proxies can be used to improve online security and proxy privacy Proxy Privacy Configuration Modes Proxy’s privacy settings can be configured in different ways to filter required or unnecessary http headers. In general, privacy settings can be configured in four modes as: None: None or no proxy filtering mode is the lowest level of privacy configuration. In this mode, no header is modified or filtered. Standard: In standard configuration mode, only From, Server, User-Agent, Referrer, WWW- Authenticate, and Link headers are filtered out from HTTP request traffic. Paranoid: The paranoid configuration mode is employed for extra sensitive or paranoid filtering of HTTP headers from HTTP requests. In this case, all HTTP headers are filtered out from request traffic except a few such as Allow, Connection, Authorization, Retry-After, Accept, Cache-Control, Content-Encoding, Host, Content-Language, Content-Length, Content- Type, Date, Expires, Accept-Encoding, If-Modified-Since, Last-Modified, Location, Pragma, Accept-Charset, Accept-Language, Mime-Version, Retry-After, Title, and Proxy- Connection. Custom: Headers to clean proxy are chosen using this option. In order to protect online proxy privacy and security, anonymous HTTP proxies should be used. These proxies hide the information about user and user system in headers, so that the information can be never used in any way. By entering the false information in proxy checker page, online proxy privacy is achieved. Many websites collect personal information and this collected information may be targeted to spam emails and spyware programs. By using proxy privacy, the Internet should be surfed very carefully. Blocked websites can be accessed using the proxy setting. Ethical Hacking and Countermeasures V6 Exam 312-50 Certified Ethical Hacker Privacy on The Internet Module XLV Page | 3403 Ethical Hacking and Countermeasures V6 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Email Privacy Email privacy solution protects your data and information Administrators, hackers, or anyone having intent of gaining access to emails can read your e-mail if email privacy is not maintained You should use a strong password and encrypt your email to protect you from email privacy threats Email Privacy Email privacy involves protecting the data present in your email account. For this, a strong and good password is to be chosen and also the encryption techniques should be followed to protect from email privacy threats email IDs need to be protected from spammers who might spoof your email id to send spam emails. The attackers who gain access to the email account can read the email easily and misuse it. Emails have emerged to be cheap, easy, and funny means to communicate with the people all over the globe. As the technology is advancing, it gives way to many problems pertaining to privacy. These problems consist of personal information being collected while surfing the Internet and the viruses being sent as an attachment, which may corrupt the computer’s hard drive. Ethical Hacking and Countermeasures V6 Exam 312-50 Certified Ethical Hacker Privacy on The Internet Module XLV Page | 3404 Ethical Hacking and Countermeasures V6 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Cookies Cookie is a piece of information that a website sends to a browser when it accesses information at that site They allow website operators to give unique permanent identifier to the system; this identifier associates requests made to the website by the system Internet cookies raise privacy concerns, although they can also make the Web easier to navigate Cookies stored on hard drive helps to build users profile; if they are stolen while public system is used ,they affect privacy Browsers have the feature to set cookies and notify before it is written to the computer Cookies When any website is accessed for the first time, the web server sends a piece of information to the browser called a cookie, which is saved to the web surfer’s hard drive. The browser must support cookies to place small text files. These are unique and can be identified by the server from which they came. Cookies give unique permanent identity for the system by the website operators; this identifier associates requests made to the website by that system. Cookies record the parts of the website visited. But they cannot identify uniquely as they do not have any name or address. If any extra information is provided by the user to the website while purchasing any products online, then cookies help to build a profile of the user according to their buying habits. Data on hard drives can be stolen by attacking the system without user’s permission. The steps taken to protect privacy are as follows: Browser cookie file is set as read only; this setting may depend on the type of the operating system and the browser used. If this setting is used, the cookies will last long until the browser is running. Setting is made to delete the cookies files whenever the browser is started Browsers have the feature to set cookies and notify before it is written to the computer The cookies can be removed or deleted when the browser is closed Selection can be made to remove the cookie