 |
Security Information Links
|
|
Developing a Computer Security Plan
 |
Identify information assets: hardware, software, documentation, procedures,
people, data, facilities, supplies |
|
Identify security risks: identify types of risk, and value of loss if event
occurs |
|
Identify safeguards: identify types of safeguards to detect, prevent, and
recover from loss |
|
|
Network
Security Issues (VeriSign, Guide to Securing Intranet and Extranet
Servers)
|
Privacy (Only the intended recipient to view message) [digital
signature] |
|
Ease of Use |
|
Content Integrity (Guarantee that the message received was not
altered during transmission). [Digital signature] |
|
Authentication
(Establishing that the sender, receiver, and
handlers of a message are who
they say they are, and are
authorized to take the actions they attempt) [digital signature,
digital certificate] |
|
Non-repudiation
(Establishing that a message was not changed
after receipt) [Digital signature] |
|
|
Security Updates
|
Internet Explorer 6.0
 |
More sophisticated control for accepting cookies |
|
Loads slightly faster |
|
Ability to block pop-up ads |
|
Can download Outlook Express 6.0 with IE6.0 (About 11 MB
download) http://www.microsoft.com |
|
|
Outlook Express 6.0
|
Alerts you to existence of an externally generated automatic
mailing request. Prompts you for permission to continue. |
|
Antivirus software |
|
|
|
Unauthorized Access and Use
|
cracker [buzz...], hacker [buzz...]: nothing new. Breaking into operating systems
was the game in the 1960s just to prove it could be done.
Malicious intent was rarely the motivation. It was a rite of
passage by computer science majors to prove competency as a
programmer. This was usually achieved by breaking into the
accounting system to reset computer run time for the semester to
zero. What has changed is the presence of the
Internet and the potential of widespread and high cost
damage. This is no longer just a nuisance rite-of-passage
prank. |
|
Access control: identification and authentication |
|
|
User Identification and Passwords
|
PIN: Personal Identification Number, a special case of a
password. |
|
Recommendations for passwords
|
longer is better |
|
random and special characters are better |
|
typed quickly without looking at keyboard |
|
|
Avoid passwords that
|
you can't remember. |
|
use family member or pet names or addresses. |
|
people, places, events important to yourself. |
|
|
Do not
|
Write passwords. |
|
Write passwords on the bottom side of keyboard, mouse pad,
underside of desk drawers, etc. |
|
Share passwords with other people. |
|
|
DO
|
Change your passwords periodically. |
|
Put passwords in sealed envelope for storage in a safe. |
|
|
|
Possessed Objects
|
Hardware key for use of high-value software: I-DEAS, SYSNOISE.
Key has code matched to software. Plug key into printer port
between the computer and the printer. |
|
Key to unlock computer console. |
|
Smart Card for access to computer, or to high security spaces
for special computer access. |
|
|
Biometric Devices: fingerprint scanner, hand geometry system, face
recognition system, voice verification system, signature verification
system, iris (eye) recognition system |
|
Callback System
|
Not foolproof, but better than nothing. This is a
safeguard against the casual crook, but not effective against
professional espionage agents. |
|
|
Information Theft, Alteration, Destruction
|
Password-Stealing Schemes (advice from CompuServe):
|
Hackers sometimes pose as "helpers" or "consultants,"
and ask for your password
to help you. |
|
Some hackers pretend to be people who are trying to prevent
hacking. |
|
Hackers may pose as representatives from the billing department and ask you for your
credit card information and/or password. |
|
The Trojan Horse: "Trojan Horse" programs come to your mailbox as e-mail attachments
disguised
as software, screen savers, photos, or an offer of other free products. If you download and
execute one of these attachments, the Trojan Horse program captures your password and mails it back
to the hacker's e-mail address. Never download files sent to you from people you don't know! |
|
|
1998 survey of
520 institutions:
|
44 percent reported unauthorized
access
by employees. |
|
24 percent reporting system
penetration from the outside. |
|
VeriSign, "Guide to Securing Intranet and Extranet
Servers", secure-ext.pdf, 08 NOV 2000, http://www.verisign.com |
|
|
|
Encryption
|
Plain text, cipher text |
|
Encryption, Decryption |
|
Substitution, Transposition, Padding, Compaction
|
Substitution: Captain Quick's Secret Decoder (comes with
badge, ID card, and whistle)
|
A |
B |
C |
D |
E |
F |
G |
H |
I |
J |
K |
L |
M |
N |
O |
P |
Q |
R |
S |
T |
U |
V |
W |
X |
Y |
Z |
| C |
H |
X |
F |
U |
L |
S |
P |
A |
I |
Z |
D |
O |
G |
B |
Y |
J |
R |
E |
N |
W |
M |
Q |
K |
V |
T |
|
|
Compaction described in the text is a variation of
substitution, used to reduce probabilistic code breaking based
on letter or word frequency occurrence. |
|
|
Self-authentication encoding (digital watermark)
|
Mauro Barni, Franco Bartolini, Ingemar J. Cox, Juan Hernández, and
Fernando Pérez-González, "Digital Watermarking for Copyright Protection: A Communications
Perspective", IEEE Communications Magazine, IEEE Communications Society (August 2001)
http://www.comsoc.org/livepubs/ci1/Public/2001/Aug/gstedgonzalez.html,
05 SEP 2001 |
|
Must either prevent alteration of a document, or hide the
data and code generating the watermark from experts. |
|
Blue Spike Giovanni Digital Watermark |
|
Steganography is the art of hiding a message in plain
sight. |
|
Steganography has been a hot topic and publicly discussed
among electrical engineers at least before 1997. |
|
Electronic equivalent of using invisible ink, lemon juice on
paper, or hiding a microdot in your hair. |
|
U.S. agents have reported bin Laden has used steganography.
"These messages can be hidden in e-mail or in a downloaded
picture", said Chet Hosmer, president and CEO of WetStone
Technologies. CompuServe news, 05 OCT 2001.
|
bin Laden's genius (genius can be evil as well as good)
is his ability to examine an enemy's cultural assumptions
and technology for vulnerabilities and achieve damage
through practical exploitation within his own means.
Do not expect him to reuse one attack method many
times. He observes we emplace corrective measures to
discovered problems. Expect him to exploit
additional methods. |
|
|
|
Secret Key (single key) systems, Symmetric Encryption
|
Only one key is used. It is used both for
encoding and decoding. |
|
Requirement for secure transmission of key to communications
partner. |
|
|
Paired Key (two key) systems, Public Key Encryption System, Public Key - Private
Key, Asymmetric Encryption
|
One key is used to encrypt a
message. Another key is used to decrypt a message.
The same key cannot be used for both tasks, but they must work
together. |
|
If you keep both the encoding key and the decoding key
secret, and ensure secure transmission of one of the key
pairs to person #2, you have improved security (secrecy or
authenticity) over the single key system. |
|
If you keep one of the keys secret, you can still achieve
some desired goals which are important commercially.
|
Transmission of the public key with a message increases the
total transmission time. This increases the chance that
the existence of the communication will be detected. You
could separately distribute the second key to avoid this
problem. |
|
|
Secret encoding key, public decoding
key: The code generator declares the encoding key to be secret, and
decoding key to be the public key. The sender (person
#1) encodes the message with secret key (encoding key), and
transmits message plus the public key (decoding key) to the receiver (person #2). Anyone intercepting the message
can also decode the message. What is gained is that all
recipients have high confidence that the message was generated
by the owner of the secret key (person #1). This is
useful in competitive advertising. It does not guarantee
the identity of the owner of the secret key.
|
|
Public encoding key, secret decoding
key: The code generator (person #1) declares the encoding key to be
the public key and sends it to the other partner (person
#2). The decoding key is kept secret. The other
partner (person #2) uses the public key (encoding key) to
encrypt message and send it back to person #1. The
content of all such encrypted messages are secure during
transit. Only person #1 can decrypt the messages.
This is good for electronic transfer of funds and getting
credit card numbers over the internet. There is still
the problem of knowing who the originator of the message
is. Who is person #2? Anyone intercepting the
message can also respond to person #1 using the public key. |
|
|
Public Key Infrastructure
(PKI)
|
The authentication problem, important in contracts, can be
solved by a mutually trusted agent certifying the ownership of
the secret key. This can be achieved by a trusted
agent generating the single secret key or the key pair and delivering it to the owner
through a secure chain of custody. |
|
Compared to the secret key owner generating keys, the
trusted agent approach is more likely to have procedures to
increase the chance that an owner of a secret key is who they
claim to be. |
|
|
|
Backup Procedures
|
Regular plan of copying important data and program
files and storing the copy elsewhere. |
|
Full, Differential, Incremental |
|
Offsite file storage |
|
|
Disaster Recovery Plan
|
Immediate Emergency Incident Response Plan
|
Immediate response Points Of Contact: fire, rescue, police,
information systems manager, chief executive |
|
Equipment shutdown procedures
|
Electrical isolation |
|
Firefighting equipment |
|
|
Evacuation plan
|
Planned location to take casualties awaiting medical
attention and transport |
|
Planned congregating point for disaster scene survivors
|
Create as accurate list as possible of who
|
was present at the disaster scene at the initial
time of incident. |
|
was not present at the disaster scene at the
initial time of incident. |
|
|
|
Identify, in order of importance, which data and
equipment are to be removed from the disaster scene to
support start-up operations at an alternate site. |
|
Identify the delivery location for evacuated equipment
and data, and plan for security at that location.
Inventory items delivered and released. |
|
|
Disaster scene access control
|
Planned location for controlling all access to facility. |
|
Isolate disaster scene from everyone not logged in. |
|
Log in and out all people who enter a disaster scene
|
Needed for secondary disaster rescue. |
|
Needed for later legal proceedings.
|
Criminal investigation support. |
|
Validation and processing of civil claims. |
|
|
Issue identification to each person authorized entry
to disaster scene. A wrist strap or token will
work. |
|
Collect identification from each person departing
disaster scene.
|
Carefully identify and log those departing a
disaster scene that do not possess or present the
identification. These people should be
disaster survivors. Others should be
considered potentially unauthorized entrants and
documented carefully for later legal proceedings. |
|
|
Must include fire fighting, law enforcement, and
rescue personnel |
|
|
Should provide escort or guide services from own staff |
|
|
Secondary notification list: Chief operating officer, owner,
public affairs officer, legal counsel, principal business suppliers
and customers, etc. as appropriate. |
|
Hazardous Materials list.
|
Needed by emergency response teams at the time of
disaster. |
|
Needed to validate and process legal claims after the
disaster. |
|
Need positive identification of hazardous
materials
|
used in construction the facility, such as asbestos. |
|
used in fire suppression systems. |
|
used in industrial processes, maintenance, or
cleaning. In a computer center, this might
include fluids used for cleaning tape heads, for
example. |
|
resulting from combustion or chemical reaction of
separate materials which independently were not
hazardous. |
|
|
|
Military: Civilian disaster response teams have a plan
of operations that assume they are in complete charge of a
disaster scene, and aggressively assert control at a disaster
scene, which is an invalid assumption at a military
installation. Advance work with civilian fire fighters
and rescue teams is essential. Military commanders
should have a Memorandum of Understanding with civilian fire
fighters and rescue personnel for use in training and
operations which explicitly spells out issues of who has
on-scene authority, and there should be an annual training
exercise to practice coordination. |
|
|
Public Affairs Plan
|
Ensure safety of press corps at disaster scene. |
|
Identify a well-known congregating place for press corps. |
|
Appoint and provide an escort to the press corps. |
|
Make press releases publicly available to all the press
corps. |
|
Ensure the press corps gets essential information that the
public is reasonably interested in, along with an evaluation
of the quality of information.
|
Casualties |
|
Cause |
|
Responders |
|
|
Tell press corps what kind of information will not be
released, and why.
|
It is always better to be direct with the press. |
|
Information withheld by law. |
|
Information withheld, pending notification of
next-of-kin or legal authorities. |
|
Information withheld to protect intellectual property
rights. |
|
Information withheld to protect physical security of
facilities. |
|
Information withheld to protect essential privacy of
business relationships. |
|
Information withheld, pending legal advice, to protect
against litigation vulnerability. This is the
information the press is most likely to challenge. |
|
|
|
Backup Plan: to resume immediate processing
|
Identify an alternate processing sites
|
reciprocal agreements (common in
banking and finance) |
|
|
Alternate site startup procedure |
|
Operation restoration schedule |
|
Prequalified list of authorized
non-employee help |
|
Rescue Disk / Emergency Disk |
|
|
Recovery Plan: restoration of facilities
|
Hardware replacement |
|
Software replacement |
|
The rate of changes in commercially available hardware and
software is fast. This list should be updated every two
years, or when significant well-known changes take place. |
|
|
Test Plan
|
Disaster simulation |
|
|
|
Ethics and the Information Age
|
|
Unethical practices used on the World Wide Web
|
Pagejacking: redirection to unrequested website, by altering links on
legitimate web pages |
|
Mousetrapping: disabling the "Back" button to prevent exit.
|
Netscape: you can use the "Go" menu to get back to a
previously visited site. |
|
You can type in a new address. |
|
You can select "Home" to get to your sign-on default
page. |
|
|
|
Ethics and Society
|
| Internal |
External |
| Virtue based |
Rule based
Duty |
| Absolutist |
Consequentialist
Utility |
| Divine Command |
Human reason |
| Natural Law |
|
|
|
|
Unauthorized Use: time, resource, and information theft, or resource
denial.
|
Use by unauthorized people. |
|
Unauthorized use by otherwise authorized people. |
|
Basis for justifying employee monitoring. |
|
|
Information Privacy
|
The biggest issue today is the ethics about use of cookies, Web
bugs, and spyware. http://news.cnet.com/news/0-1005-200-6873202.html?tag=prntfr
Web bugs are used to monitor your browsing habits. These are
usually used by advertising agencies. Cookies can be used to
store your user name and password for the web site that deposited
the cookie. Cookies can record how many times you have visited
a particular site, and the date and time of the last visit.
Cookies can record preferences you supplied to a web site at
previous visits. |
|
Cookies store information about you on your computer. You
usually cannot read the content of a cookie. Cookies
supposedly are readable only by the web site that created the
cookie. This does not prevent that site from sharing that
data. |
|
Cookies cannot be used to get or view data on your hard drive. |
|
|
Information Accuracy
|
Affects quality of decisions. |
|
You must carefully assess the accuracy of what you obtain over the
Internet. The shared assumption of mutual honesty and trust of
the early Internet days is no longer valid. Anyone can publish
on the Internet. Caveat emptor. |
|
Guidelines for evaluating the value of a web site: audience,
authority (pedigree), affiliation, content, currency, design,
objectivity. |
|
|
Intellectual Property Rights:
|
Software and data theft and misuse. |
|
Copyright issues. The person who places information on the
Internet might not be the copyright owner. You might still be
held liable. |
|
|
Codes of Conduct
|
Useful guideline for personal conduct: Not on company time,
furniture, or personnel, or with company information or
resources. Always be professional when on company time or
property. |
|
Issues in codes of conduct are:
|
Avoiding conflicts of interest. |
|
Truth in advertising. Representing capabilities,
availability, and cost honestly. |
|
Unauthorized use of someone else's resources for personal
gain. |
|
Placing a sponsor or employer at risk because of unauthorized
personal conduct. |
|
Reporting violations of law promptly when known, and not
falsely accusing someone. |
|
Hierarchy of
loyalties. God, nation, family, community,
profession, international community, employer. |
|
Responsibility for public welfare trumps private or corporate
gain. Whistle-blowing. |
|
|
Codes of ethics are responses to ethical problems. |
|
Formal codes of ethics are becoming more common as abuse of unwritten codes have become
common. |
|
Early codes of ethics: Code of
Hammurabi, The Avalon Project, Yale
University
http://www.yale.edu/lawweb/avalon/hamframe.htm
http://www.evergreen.edu/user/library/ref/history.htm
http://www.yale.edu/lawweb/avalon/avalon.htm
|
|
With hippies,
yippies, and yuppies as history, the new generation
is tired of throw-away relationships and relativism. Look for
codes of ethics to reestablish the values of the World War II
generation. |
|
|
Information Security
|
If you want to keep a secret, do not let
anyone know you have a secret. |
|
Safeguard the secrets you have. |
|
Privacy
|
Use cash and barter only. Caution: even serial numbers on
paper money can be tracked. If you truly want transactions to
be anonymous, use only barter transactions. Banks report large
transactions. |
|
Codes of ethics and laws come into being because of abuse of
common social norms (Hippocratic Oath) |
|
Text listing of laws is a good overview |
|
|
Unauthorized Collection and Use of Information
|
Any information provided by you about you will be used by
someone |
|
Assurances of today will be forgotten tomorrow (Social
Security Number system) |
|
The moving finger, having writ, moves on. Once you
have written or spoken something, consider it as being
potential public knowledge. |
|
|
Employee Monitoring
|
The person who pays for the equipment has the right to
regulate its use. |
|
The person who pays for your time has the right to regulate
how that time is used. |
|
Monitoring is the key to prevention of information theft. |
|
Productive use of employee time is a leadership
responsibility of every supervisor.
Leadership starts at the
top. |
|
Monitoring software and problem site databases. Alan Cohen,
"Worker Watchers", Fortune/CNET Technology Review
(Summer 2001), pp. 70 - 80.
|
Legally, monitoring employee use of company
communications is fair game. |
|
Tell employees what they CAN do, as well as what they
cannot do. |
|
SuperScout, from SurfControl, ScottsValley, CA; www.surfcontrol.com
|
Used by Alabama Motors Association |
|
It monitors employee Internet surfing, including
sites attempted but blocked. |
|
|
Websense Enterprise, from Websense Ind., San Diego, CA; www.netpart.com |
|
Elron Internet Manager 4.5, from Elron Software Inc.,
Burlington, MA; www.elronsw.com |
|
I-Gear, from Symantec Corp., Supertino, CA; www.symantec.com |
|
SmartFilter, from Securte Computing Corp., San Jose, CA;
www.sctc.com |
|
TeleMate.Net Software, Atlanta, GA |
|
|
Any use of Internet makes demands on bandwidth the company
has paid for. |
|
Porn viewing places company at risk for expensive lawsuits. |
|
Dow Chemical, The New York Times, and Xerox have fired
people for inappropriate Internet use. |
|
|
Wiretapping and Surveillance
|
|
|
Objectionable Materials on the Internet
|
Images require large files. Transmission of large files
significantly increases the bandwidth requirements of the
Internet. Who should pay for the increase in cost of
equipment and operation of the Internet? The right to speak
does not impose an obligation on the part of other people to
provide or pay for transmission and ensure existence of an
audience. |
|
Placing material on the Internet is equivalent to placing
material on a billboard, radio, or TV. You cannot make an
informed choice in advance whether or not to view it, or to
protect minors from viewing it. On this point, Internet
pornography is fundamentally different from pornographic books and
magazines on a news stand out of reach of children, or from
pornography masquerading as art at an art gallery or museum. |
|
Pornographers targeting children
|
Stealth web site addresses
|
Easy misspellings of web site addresses that are
otherwise legitimate for children to view |
|
Changing the top level domain name of web site addresses
that are otherwise legitimate for children to view |
|
|
Aggressive advertisement of porn on free web email shortly
after signup (Hotmail is particularly bad about this.) |
|
Preponderance of sexually suggestive advertising |
|
|
Gay and lesbian activists targeting children
|
Indirect links on sites for children that lead to gay
and lesbian sites. The initial site has an innocent
sounding title which most parents would accept and
approve. First level links on that site are the
offensive sites.
|
Disney Adventures magazine, for kids, contained a
link to an Antarctica Expedition. The expedition
site home page had prominently displayed links to gay and lesbian sites. |
|
|
|
Sexual predators targeting children
|
"3 Arrested in Teen Cyber Sex Slave Case", 14
August 2001,
©2001 CompuServe Interactive Services, Inc., http://member.compuserve.com/news/content.jsp?file=news/slot1/slot1.jsp
15 year-old girl who worked at a mall in Wrentham, Mass.
was held for a week as sex slave. She had corresponded
with the abductor for 2 months prior to the
incident. Contact was made after she said she wanted
to run away. |
|
13-year old Danbury, CT girl Christina Long murdered by
25-year old man Saul Dos Reis of Greenwich, CT, whom she met
over Internet. Police said she had created a provocative Web site and routinely had sex with men she met online.
Eileen Fitzgerald, "Farewell, Christina", The
News-Times, Danbury, CT (24 May 2002). http://www.newstimes.com/cgi-bin/dbs.cgi?db=news&view_records=1&id=29194
24 May 2002. |
|
Gamers, mostly boys, often look to web sites that offer
codes, or cheats, to help them beat the games faster or add
bonus levels. Some of these sites don't just provide
videogame cheats, but lead users to pornographic web sites
through provocative advertisements. While not all cheat
sites advertise pornography, the National Coalition
found that most of them
are affiliated with and link to one that does. "Weekly
E-Brief from NCPCF", NCPCF E-Brief - June 14, 2002 http://www.nationalcoalition.org/
|
10-year-old boy was exposed to pornography for the first
time through PureCheats.com. PureCheats.com has
sponsors that send those who click through to sign-up
pages displaying pornography prior to age verification. |
|
AceCheats.com maintains that their advertisers require
age verification with a credit card upon clicking through.
However, a National Coalition staff member was able to
access pornography though AceCheats.com without such
verification. |
|
|
|
Businesses are being sued for sexual harassment due to circulation
of pornography and offensive email. |
|
|
Filters
|
|
Training your children under 13 years old: An Internet quiz for
them from CyberAngels: http://www.cyberangels.org/kids/quiz/quiz.html |
|
Business Wire, 19 DEC 2000, "NetValue Report on Minors
Online...": Three million of the unique visitors to adult web
sites in September 2000 were age 17 or younger. Of the minors who
visited these sites, 21.2 percent were 14 or younger. (Quoted from:
"HARM... is just a mouse click away", Internet Safety,
National Coalition for the Protection of Children & Families, 02 May
2001) |
|
The United States Supreme Court
struck down the Communications Decency
Act
|
|
National Academy of Sciences report, Youth, Pornography, and the
Internet (2002), National Academy Press, http://www.nap.edu/books/0309082749/html/ |
|
National Coalition for the Protection of Children and Families
http://www.nationalcoalition.org/
|
Lisa Miree, reigning Miss Black USA, and Scott
Dotas of the Fellowship of Christian Athletes were both added to
the National Coalition's Board of Directors (NCPCF Brief, 17
May 2002) |
|
|
Child Safety on the Internet, Part I, Focus on the Family, 01 NOV
2000
|
70 % of families with children have a home computer. 25,000,000
children aged 2 to 17 regularly surf the net. Of these kids, about 20 % have
been propositioned for cybersex by strangers, using the Internet to gain
access to kids for sexual purposes. |
|
58 % have accessed offensive or obscene web sites either purposefully or
by mistake. |
|
62 % of parents are unaware their kids have accessed offensive web sites. |
|
62 % of parents do not set rules for time spent by children on the
internet at home. |
|
26 % of parents use some kind of filtering software on their computers. |
|
AOL cannot handle or control the problem. |
|
Mouse trapping: hitting "Back" leads to further images.
[Fact. Unfortunately, experienced by an FTCC student in lab in the
first several weeks of Fall 2001 term.] |
|
Courts have struck down Internet porn laws. [Fact] |
|
No prosecution during Clinton terms of office. [Need to do a
myth vs fact check. Need to check legal records to see what
question was actually asked. Recently (2002), I think I have
seen a new article referring to a prosecution that was initiated
during Clinton's second term.] |
|
American Library Association (ALA)
|
libraries post how to get around filters. [This seems
not to be the case in North Carolina public libraries,
thankfully.] |
|
ALA applauds federal court ruling on the Children's Internet Protection Act
The American Library Association (ALA) applauds the decision of the federal court in Philadelphia today,
which ruled unanimously that the Children's Internet Protection Act (CIPA) is unconstitutional. The opinion was written by Chief Judge Edward R. Becker of the Third Circuit and joined by U.S. District Judges John P. Fullam and Harvey Bartle III.
See this headline for yourself on the ALA web site: http://www.ala.org/cipa/cipatrial9.html,
05 Jun 2002
|
|
|
Children and the Internet
|
Ages 5 - 8: ISP and local filters are OK |
|
Ages 8 - 10: Children pass disks around, codes, etc. |
|
Instant Messenger: messages not traceable |
|
Monitored chat rooms are not secure. |
|
Kids gullible, including 15-year olds. |
|
|
|
Child Safety on the Internet, Part II, Focus on the Family, 02 NOV
2000
|
True example incident
|
ISP profile of subscriber vague description was searched for by the
pedophile. |
|
Contact made via Instant Messenger. |
|
Abduction of gullible 15-year old girl from Alabama to Philadelphia PA. |
|
Local police considered her a runaway. Not much cooperation. |
|
National Center for Missing Children was instrumental in her safe
return. |
|
Mother located child by demanding telephone long distance carrier for
list of incoming and outgoing phone numbers. |
|
|
|
Child Safety on the Internet, Part III, Focus on the Family, 03 NOV
2000
|
Student tell-tale behaviors
|
Compulsive Internet use has replaced TV. |
|
Secretive behavior. |
|
Screen goes blank when you walk into the room. |
|
|
If you "pull the plug", kids go to their friends houses. |
|
College age and high school kids go to friends and peers about sexual
behavior, not parents. |
|
False intimacy. Aggressiveness of pornographers. |
|
On Windows 2000, can elect to accept email only from people on access
list. |
|
|
Relevant Resources from Focus on the Family
|
|
Parental Guidance: If you have children or plan to have children in
the future, now is the time to actively learn about the Internet
and porn and a few things you can do to reduce the impact on your family.
|
FBI guidelines for child internet safety: http://www.fbi.gov/publications/pguide/pguidee.htm |
|
Focus on the Family: Steve Watters, "Protection and Socialization:
Two Keys to Family Internet Use", CitizenLink (01 August
1998). http://www.family.org/cforum/research/papers/a0002553.html |
|
National Center for Missing and Exploited Children, NetSmartz
Workshop http://www.missingkids.com/ |
|
NCMEC Tips for Parents: http://www.netsmartz.org/PARENTS/tips.html
05 July 2002 |
|
It is not too soon to become vigilant if you even have an 8 year
old.
|
Other slightly older kids are evangelists about illicit sexual
material and teaching younger kids how to get around. |
|
Kids at school trade notes on
URLs and methods of getting around filters and parental
controls. |
|
Kids quickly learn how to
change screens when adults wander by. |
|
|
If you have kids, monitor your family computer on a weekly basis
for the sites they visit.
Some of the things to check are listed below. |
|
Netscape Navigator
|
The
box in which a URL can be typed has different names, depending
on the version of Netscape you have.
It can be called “Location” or “Netsite”. |
|
Check
addresses listed in the “Location” bar by clicking on the
down-arrow on the right end of the “Location” or
“Netsite” edit/list box near the top center of the Netscape
Navigator window. Scroll
and look for undesirable addresses. |
|
Check
“Bookmarks”. You
can delete unwanted bookmarks by selecting
Bookmarks | Edit Bookmarks. |
|
Check
Communicator | Tools | History. |
|
You
can see when a site was last visited, and how many times it
has been visited since added to the History list. |
|
You
can set the length of time an unvisited page reference will
remain in the History list by going to Edit | Preferences and
changing the expiration time.
Setting the expiration time to 8 days will give you a
week and a day between checks. |
|
You
can click on the icon of a page to revisit the site to see its
content to evaluate it. |
|
After
viewing the History list, you might want to clear the History
list. Do this
using the Edit | Preferences menu. |
|
|
Internet Explorer
|
The
box in which a URL can be typed is called “Address”. |
|
Check
addresses listed in the “Address” bar by clicking on the
down-arrow on the right end of the “Address” list box near
the top center of the Internet Explorer window.
Scroll and look for undesirable addresses. |
|
Check
the History. You
can place the mouse cursor on the right edge of the panel and
drag the right edge to the right to make the panel wider.
This will make it easier to see full URLs. |
|
Click
on each time category folder. |
|
Within
each folder are URLs of pages in cache.
Click on each folder to see what pages are there. |
|
You
can find out additional information about each page by
right-clicking on the page title.
Select “Properties” from the context-sensitive menu
that appears. This
will tell you when that page was last visited, and how many
times it has been visited since being added to the current
History list. |
|
|
Cookies
|
Cookies
are stored in the directory C:\Windows\Cookies. You can find it with Windows Explorer. |
|
Most
cookies are not easily read. |
|
You
can spot some of the offensive ones by the title of the cookie.
Some to look out for are any cookie name embedded with
(examples, identified in Summer 2000) |
|
words
or abbreviations that are sexual in nature |
|
po_n,
p_rn |
|
xxx |
|
lolita |
|
1000stars |
|
About
2/3 of the porn sites are hosted on machines in Russia.
Suspect cookies with names that end with “.ru”. |
|
Cookies
of many porn sites have just IP numbers (34.128.88.21) rather
than a character-based identifier. IP numbers are also used by
some online casinos. [There are other legitimate uses of IP
numbers, but it is unlikely a child will be a legitimate
receiver.] |
|
|
Chat Rooms
|
ICQ
and Chat Rooms do not log histories and are more productive for
providing porn than porn sites visited with
a browser. |
|
A
Chat Room with File Transfer enabled is used to trade pictures. |
|
|
Filter Programs
|
Can
filter web site Chat Rooms, but does not filter Chat Rooms that
are run outside of a browser.
If you have separate Chat Room software, the browser
history will not log visits. |
|
Specialized
Chat Rooms are not screened. |
|
Filter
programs do not work well.
Kids learn at school how to get around them easily. Kids at school learn quickly how to avoid detection of
illicit site visits. Libraries
are also helpless (as well as often unwilling). They lack
sufficient numbers of trained staff to adequately monitor
activity of students. |
|
|
Computers and Modems
|
Consider having a computer with no internal modem, and use an
external modem for connection with the internet. |
|
External modem is easier to remove and lock up if you must be
away from home while your child is at home. |
|
External modem is easier to replace if hit by lightning. |
|
|
Computer Location
|
Place the computer only in locations that can be under adult
supervision at all times. Choose a location visible from
the kitchen or wherever else the adult at home is likely to be. |
|
Do NOT allow a computer to be in a child's bedroom. |
|
|
Checking
|
Frequently walk by the computer while the child is using the
Internet. |
|
If you notice the screen changing frequently when you walk by,
take control of the machine and view other programs and files
having buttons in the task bar. |
|
Use the "Last Accessed" selection in the drop-down
list in Start | Find | Date | Find All Files. Select the
button "During the previous ___ day(s)". Set the
counter to one. Click "Find Now". This will
generate a list in a dialog box. Scroll horizontally to the
right to locate a column labeled "Modified".
Click on the column label titled "Modified".
This will cause the list to be sorted by date and time. You can
adjust the column widths with the mouse just as you do in Excel. |
|
|