Print
Category: EYE ON I.T.
Hits: 8800
Some people say never send anything confidential or private over the Internet. This may have been good advice five years ago, but things are changing quickly on the Internet. Privacy has been added to many programs and features so that only the recipient of the communication can read it. Thus there are times when it’s perfectly safe to send credit card numbers, resumes, and other sensitive information over the Internet.

It’s not all that difficult to assess the risks and make a judgment whether or not to send the information encrypted or not. Let’s first talk about where the risks of compromising your information really are. First and most important, there is your own machine. If people have access to your machine, there are trails of your activity in different files in your machine. Your machine may contain documents, spreadsheets and other kinds of sensitive data you would not want prowling eyes on. Your e-mail program may keep a record of mail that was received and sent.

Your web browser keeps a cache of recently accessed web pages. I.R.C. Chat has logging functions that could be left on. The point is that your machine contains a lot of sensitive data that may need to be physically or software password secured.

While it is possible for people to illegally tap your phone lines, it usually requires equipment and to be in an open place. Although many people have heard clicks and pops when talking about sensitive information over the phone, the actual likelihood of it being an illegal wiretap is actually quite negligible. In the telephone company switching office, it is possible to tap communications, and read the character based communications using a modem and a communications protocol analyser. However this can only be done under court order.

From there to the Internet Service Provider is a trip over local or long distance trunk lines to another telephone switching office or directly to their office. To tap these trunks, although possible, is difficult. Once at the Internet Service Provider, the incoming lines go to a collection of modems. From the modem, the signal is routed in the I.S.Ps internal network to one of maybe several connections to the Internet. Your I.S.P. can easily attach a protocol sniffer and read any of the traffic going through. With a little more sophisticated equipment, the I.S.P. can read most anything you do on the Internet. However, they have little time to spy on their customers.

From there, the information goes out over the Internet. Again, these are big trunk lines owned by the backbone Internet Provider. It is difficult and complicated to tap these lines. So in short, what I am telling you is that the biggest risk in your privacy is probably your computer, garbage can or someone looking directly over your shoulder.

If you are concerned with transmitting confidential information over the Internet, make sure that you secure your office or home and use only secure forms of transmission. Keep your sensitive data on removable media, which you can lock up. You may also want a polarised glare screen to keep prying eyes from seeing passwords and sensitive information.
For web browsing and purchases online, I would suggest using sites that use a secure server. With Netscape, you will notice the golden key on the lower left is no longer broken on a secure site. With Internet Explorer, there is an annoying pop-up warning you that security mode has changed, but there is no indication. I have already ordered several items online with secured connection using my credit card and the items received and nothing happened so far.

For e-mail I would suggest PGP 5.0 which uses public key encryption. It is available at http://mail.telstar. net/mirror/pgp/downloads.html for International Users.

Protect Your Computer

Before you address the issue of online privacy, consider protecting something even more fundamental: your P.C. Remember, your office computer and its contents don't belong to you. Your employers can track your movements on the Net by using sophisticated U.R.L. tracking snoop ware. They can intercept and read your e-mail, back up the data on your system, remove your hard disk, or take away your computer altogether.

And as soon as you leave your office for the night, nosy coworkers can start poking around, if they haven't already done so over the network. Here's what you can do to avoid ugliness and embarrassment in the office.

BIOS Passwords Are Best

Though it's not an entirely foolproof method, the best way to prevent people from using your P.C. when you aren't around is to change the system password in the BIOS setup program. Because this tactic halts the computer's boot-up process before it loads the operating system, it works every time. You should be aware, however, that some hardware manufacturers provide "backdoor" passwords that enable your employer to bypass your security measures; moreover, a knowledgeable system cracker can defeat any BIOS password by opening the computer case and disconnecting the battery that powers the BIOS settings chip.

Screen Saver's No Savior

Here's another bit of false security. You can password-protect Windows' screen saver, so your colleague in the next cube can't peek at your sensitive memo to H.R. But he can bypass this barrier by rebooting your computer and logging in as the default user (unless you've blocked access with a third-party security tool, System Policy Editor, or a BIOS password).

Wipe Out All File Traces

If you want to eradicate something that's currently stored in a file on your computer, deleting the file isn't enough. The files that you thought were gone may still be sitting in Windows' Recycle Bin. And deleting files doesn't remove them from the drive--they're still there, and readable with special tools, until another file overwrites the space the "deleted" file still occupies.