Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Internet Privacy - At Home and At Work: A Tutorial Presented by Dr. Robert J. Boncella Professor of CIS CIS Department and School of Business Washburn.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Internet Privacy - At Home and At Work: A Tutorial Presented by Dr. Robert J. Boncella Professor of CIS CIS Department and School of Business Washburn."— Presentation transcript:

1 1 Internet Privacy - At Home and At Work: A Tutorial Presented by Dr. Robert J. Boncella Professor of CIS CIS Department and School of Business Washburn University Topeka, Kansas

2 2 Internet Privacy - At Home

3 3 Client Server This is a requestThis is a response Client/Server Computing

4 4 Web Basics Uniform Resource Identifier (URI) Uniform Resource Locator (URL) Uniform Resource Name (URN) URL/URN Syntax –protocol://host[:port]/url-path –protocol://username:password@host/url-path Protocol Examples –http://host[:port]/path/resource_name[#section][?query_string] –ftp://username:password@host[:port]/path Examples –http://www.webcrawler.com:80/cgi-bin/WebQuery?searchText=servlets –ftp://anonymous@ftp.netscape.com/

5 5 HTTP Protocol Client sends a request to a server Server sends a response to client Connectionless –Client: Opens connection to server Sends request –Server Responds to request Closes connection Stateless –Client/Server have no memory of prior connections –Server cannot distinguish one client request from another client

6 6 Request Line Blank Line Body (Present in only some messages) Request headers Entity headers General headers Request message Status Line Blank Line Body (Present in only some messages) Response headers Entity headers General headers Response message HTTP Protocol

7 7 Request Type (method) URL HTTP version Space Request Line Syntax GET /login.html HTTP/1.0 POST /login.html HTTP/1.0 GET /login.html?username=zzbonc&password=demo1 HTTP/1.0 generated by the URL: http://www.washburn.edu/login.html?username=zzbonc&password=demo1

8 8 HTTP version Status Code Status phrase Space Status Line Format in Response Message HTTP/1.0 200 OK HTTP/1.0 401 Unauthorized HTTP/1.0 404 Not Found

9 9 Header name : Header Value Space Header Format Several Types of Headers: General- provides general information about the message Request - specifies client’s configuration and preferred document format Response - specifies the server’s configuration and information about the response Entity - information about the body of the document

10 10 Client Server Request (Get Method) GET /usr/bin/image1 HTTP/1.1 Accept: image/gif Accept: image/jpeg Response HTTP/1.1 200 OK Date: Mon, 08-Jan-01 13:15:14 GMT Server: Challenger MIME-version: 1.0 Content-length: 2048 (Body of document)

11 11 Client Server Request (Head method) HEAD usr/user/file1.html HTTP/1.1 Accept: */* Response HTTP/1.1 200 OK Date: Mon, 08-Jan-01 13:15:14 GMT Server: Challenger MIME-version: 1.0 Content-type: text/html Content-length: 1020

12 12 Client Server Request (Post Method) POST /cgi-bin/doc.pl HTTP/1.1 Accept: *.* Accept: image/gif Accept: image/jpeg Content-length: 50 (Input information) Response HTTP/1.1 200 OK Date: Mon, 08-Jan-01 13:15:14 GMT Server: Challenger MIME-version: 1.0 Content-length: 2000 (Body of the document)

13 13 HTTP and Privacy Privacy Threats –Server Log Files –Proxy Log Files –Referer Header –Cookies –Web Bugs Privacy Assurance –Anonymizing Proxies –Cookie Cutters

14 14 Server Log Files The name & IP address of the client computer The time of the request The URL that was requested The time it took to send the resource If HTTP authentication used; the username of the user of the client will recorded Any errors that occurred The referer link The kind of web browser that was used Each time a client requests a resource the server of that resource may record the following in its log files: Same info may be recorded in a Proxy Server’s log file

15 15 Cookies Used to solve the “Statelessness” of the HTTP Protocol Used to store and retrieve user-specific information on the web When an HTTP server responds to a request it may send additional information that is stored by the client - “state information” When client makes a request to this server the client will return the “cookie” that contains its state information State information may be a client ID that can be used as an index to a client data record on the server

16 16 HTTP Header Syntax for a Cookie Set-Cookie: = ; expires= ; domain= ; Path= ; secure Response Example: HTTP/1.0 200 OK Server: Netscape-Enterprise/2.01 Content Type: text/html Content Length: 87 Set-Cookie: userID=1234; domain=mysite.org path=/cookie_info Request Example: GET /login.html HTTP/1.0 User-Agent: Mozilla/4.02 [en] (Win95; I) Accept: image/gif, image/jpeg, */* Cookie userID=1234;color=blue

17 17 Attributes of the Cookie Header = The only required name/value pair is the cookie name and its value e.g. Set-Cookie: custID=12345 expires= Indicates when cookie is no longer valid. When a cookie expires it should be removed from storage. If no date is specified then cookie expires at end of user session.

18 18 Attributes of the Cookie Header domain= If the domain of a client request matches the domain attribute of a cookie, then the request’s path is compared to the cookie’s path attribute. If there is a match, the cookie is transmitted to the server along with the request. path= The path attribute indicates the URLs within a domain for which the cookie is valid. If no path attribute is set in the Set-Cookie header, the path is assumed to be the same as the resource that is being returned by the server. secure The secure attribute indicates that this cookie should be sent via a secure connection.

19 19 Web Bugs Used to determine a client browsing profile based on their “clickstream” As a web page is rendered by a browser each URL on the page causes a request to be sent by the client – Suppose every page rendered by a client requests the same URL (located on the same server) Among other info, the GET method contains the cookie issued to the client by the server of that URL and the referer header. The referer info can be extracted by the server and associated with that cookie.

20 20 Client Browser My_Brwsr Server B Server C W BS Server A Cookie: My_Brwsr Pg A - Server A Pg B - Server B Pg C - Server C 1. Render page 2. Click on URL Page B cnts - URLs & Img Src - WebBug Img@ WBS. TRKSTRM.COM Page A cnts - URLs & Img Src - WebBug Img @ WBS. TRKSTRM.COM Page C cnts - URLs & Img Src - WebBug Img@ WBS. TRKSTRM.COM Req : Page _ B.html Req: Page_A.html Res: Page_A.html Req: WebBug IMG -Referer Header - Any cookie for TRKSTRM.COM Res: WebBug Img -Cookie to client Browser on 1st Req. Res: Page_B.html Res : Page _ C.html Req: Page_C.html Web Bug Process

21 21 Are Cookies Anonymous? A click stream can be associated with a specific cookie on a server. Cookies may be associated with a paticular client, based on IP address but are assumed to not be associated with a particular user. E-mail readers can render web pages (e.g. MS Outlook, Netscape Messenger) Suppose a user receives a junk e-mail containing a web bug modified to contain user’s e-mail address

22 22 Are Cookies Anonymous? This URL in the e-mail Generates this request to the server of the Web Bug GET /webbug.gif?e-mail=thisuser@theirdomain.com HTTP/1.1 User-Agent: Mozilla/4.7 [en] (WIN98; I) … Cookie: userID=1234

23 23 Privacy Assurance Anonymizing Proxies –work like normal proxy servers –but they scrub any identification from the request (e.g. cookies, referer header contents, IP address of host making the request) –no log files are kept regarding a host’s use of the proxy server Advantages –effective and transparent Disadvantges –Slow web response time –cookies unavailable –may not support SSL –Need to trust anonymizer

24 24 Privacy Assurance Cookie Cutters –Browsers offer options for cookies accept all reject all warn before accepting only accept cookies that are offered by the site of the rendered page i.e.do not accept web bugs –If “accept all cookies” chosen user can remain somewhat private by doing a clean sweep - remove files containing cookies, history, and clear cache

25 25 Internet Privacy - At Work

26 26 Why Do Web Surveillance Employee Productivity Wasted Bandwidth Computer Security –Viruses and Trojan Horses Legal Issues –Illegal Use of Commercial Software –Hostile Work Environment –Pornography in the Workplace –Sexually Explicit E-mail

27 27 Items For Web Surveillance Web Browsing & Cookies E-mail Use Active Content (e.g. Java Applets & Active X ) Malicious Mobile Code –Trojan Horses, Viruses, Macros, Executable Scripts Failed Logon Attempts “Access Denied” Events

28 28 How To Do Web Surveillance Web Proxies –Offer Inspection & Restriction –Drawback is Slower Response Time E-mail Context & Content Scan –Used to Monitor and Filter E-mails –Filter Malicious Code (e.g..vbs attachments) –Monitor Content for Racist or Sexually Harassing Content

29 29 How To Do Web Surveillance Intrusion Detection Systems –Host Based track user keystrokes –Networked Based application keystrokes per user –Internal Firewalls monitor access & use of a organization’s intranet Remote Control Progams –allows control of remote host and redirect display –e.g. pcAnywhere or Citrix’s ICA Client

30 30 Employees and Web Surveillance Web Surveillance Is Effective & Accepted If Employee Is Aware of an Institution’s Policy For Web Surveillance Corporations Must Provide an Acceptable Use Policy (AUP) for Computing Resources That Contains An Internet Access Policy (IAP) IAP, As Well As AUP, Should Specified, in Plain Language What Is Acceptable and Not Acceptable IAP Should Provide Specific Examples of Do’s and Don’ts

31 31 Internet Privacy - Final Comment Even Though the WEB Feels Anonymous IT IS NOT!! Users Need To Be Aware of Restrictions on Their Privacy

Download ppt "1 Internet Privacy - At Home and At Work: A Tutorial Presented by Dr. Robert J. Boncella Professor of CIS CIS Department and School of Business Washburn."

Similar presentations

World Wide Web Basics Original version by Carolyn Watters (Dalhousie U. Computer Science)

World Wide Web Basics Original version by Carolyn Watters (Dalhousie U. Computer Science)
HTTP HyperText Transfer Protocol. HTTP Uses TCP as its underlying transport protocol Uses port 80 Stateless protocol (i.e. HTTP Server maintains no information.

HTTP HyperText Transfer Protocol. HTTP Uses TCP as its underlying transport protocol Uses port 80 Stateless protocol (i.e. HTTP Server maintains no information.
HyperText Transfer Protocol (HTTP)

HyperText Transfer Protocol (HTTP)
HTTP – HyperText Transfer Protocol

HTTP – HyperText Transfer Protocol
16-Jun-15 HTTP Hypertext Transfer Protocol. 2 HTTP messages HTTP is the language that web clients and web servers use to talk to each other HTTP is largely.

16-Jun-15 HTTP Hypertext Transfer Protocol. 2 HTTP messages HTTP is the language that web clients and web servers use to talk to each other HTTP is largely.
HyperText Transfer Protocol (HTTP) Computer Networks Computer Networks Spring 2012 Spring 2012.

HyperText Transfer Protocol (HTTP) Computer Networks Computer Networks Spring 2012 Spring 2012.
HTTP Hypertext Transfer Protocol. HTTP messages HTTP is the language that web clients and web servers use to talk to each other –HTTP is largely “under.

HTTP Hypertext Transfer Protocol. HTTP messages HTTP is the language that web clients and web servers use to talk to each other –HTTP is largely “under.
How the web works: HTTP and CGI explained

How the web works: HTTP and CGI explained
HTTP Presented By: Holly Mortinson Amy Drout Kyle Balmer & Matt Conklin.

HTTP Presented By: Holly Mortinson Amy Drout Kyle Balmer & Matt Conklin.
Web, HTTP and Web Caching

Web, HTTP and Web Caching
1 Web Analytics: A Brief Tutorial by Dr. Robert J. Boncella Professor of Information Systems & Technology School of Business Washburn University Presented.

1 Web Analytics: A Brief Tutorial by Dr. Robert J. Boncella Professor of Information Systems & Technology School of Business Washburn University Presented.
Definitions, Definitions, Definitions Lead to Understanding.

Definitions, Definitions, Definitions Lead to Understanding.
1 K. Salah Module 2.1: Application Layer Application-level protocols provide high-level services –Web and HTTP –DNS –Electronic mail –Remote login –FTP.

1 K. Salah Module 2.1: Application Layer Application-level protocols provide high-level services –Web and HTTP –DNS –Electronic mail –Remote login –FTP.
HTTP Overview Vijayan Sugumaran School of Business Administration Oakland University.

HTTP Overview Vijayan Sugumaran School of Business Administration Oakland University.
2/9/2004 Web and HTTP February 9, 2004. 2/9/2004 Assignments Due – Reading and Warmup Work on Message of the Day.

2/9/2004 Web and HTTP February 9, /9/2004 Assignments Due – Reading and Warmup Work on Message of the Day.
Hypertext Transport Protocol CS - 328 Dick Steflik.

Hypertext Transport Protocol CS Dick Steflik.
Client, Server, HTTP, IP Address, Domain Name. Client-Server Model Client Bob Yahoo Server yahoo.com/finance.html A text file named finance.html.

Client, Server, HTTP, IP Address, Domain Name. Client-Server Model Client Bob Yahoo Server yahoo.com/finance.html A text file named finance.html.
 What is it ? What is it ?  URI,URN,URL URI,URN,URL  HTTP – methods HTTP – methods  HTTP Request Packets HTTP Request Packets  HTTP Request Headers.

 What is it ? What is it ?  URI,URN,URL URI,URN,URL  HTTP – methods HTTP – methods  HTTP Request Packets HTTP Request Packets  HTTP Request Headers.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Rensselaer Polytechnic Institute CSC-432 – Operating Systems David Goldschmidt, Ph.D.

Rensselaer Polytechnic Institute CSC-432 – Operating Systems David Goldschmidt, Ph.D.

Similar presentations

Ads by Google