Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Cyber-security regulation wikipedia , lookup
Citizen Lab wikipedia , lookup
Outlook.com wikipedia , lookup
Security-focused operating system wikipedia , lookup
Computer security wikipedia , lookup
Web of trust wikipedia , lookup
Unix security wikipedia , lookup
Mobile security wikipedia , lookup
Cybercrime countermeasures wikipedia , lookup
Computer and network surveillance wikipedia , lookup
Cross-site scripting wikipedia , lookup
Security of Cookies In A Public Computer Lab Setting Russell Fech November 30, 2000 Outline • • • • • • • Introduction of Cookies Problem Statement Motivation/Importance Objective Research Plan Assumptions Conclusion What are cookies? • “Cookies are a general mechanism which server side connections can use to both store and retrieve information on the client side of the connection.” - Netscape • Also known as “Magic Cookies” • Cookies can only be read by the website that issued them Types of cookies • Persistent – Stored on hard drive for the long time duration • Non-persistent – Stored only for the current session of the web browser Where are the cookies? • Cookies exist on both major web browsers – Netscape stores all cookies in the cookies.txt file in a Netscape directory – Internet Explorer stores individual cookies as text files in a cookies directory Why use cookies? • Used to keep track of the client session state – Allows the “Full Web Experience” • • • • • Rotating banners Electronic shopping carts Password saving Data mining Other uses Why use cookies? • Web browsers do not keep continuous connections to the web sites – Cookies send the information to reestablish connections • Web sites keep information about users to customize the “Full Web Experience” Problem Statement • With the emergence of cookies, many users are unknowingly releasing data about themselves • Win95/98 does not provide security to protect users’ cookies • Cookies are not designed to be used in a multi-user environment Problem Statement • There are methods to eliminate/disallow the use of cookies, but this blocks the “Full Web Experience” Motivation/Importance • With the controversy concerning the safety of cookies, it is in the best interest of the administrator to ensure the security of user information being transmitted to web sites Motivation/Importance • Protect the user from cookie crime • Protect the subsequent users from getting unwanted advertisement • If cookie theft occurs, the administration may be held accountable, however, if the cookies are cleared off, there will be no such threat Objective • Evaluate the use of cookies in public lab settings • Develop a hands-off approach to protect users against the cookies threat by providing a transparent layer of protection • Provide formidable arguments why users need protection from cookies Research Plan • Review current methods that attempt to solve the cookie security problems • Test these methods in a lab setting and review their performance • Improve on these methods Methods and Problems • Disable cookies completely – Provides high security because no cookies are formed – Takes away from the “Full Web Experience” • Clear cookies at startup/shutdown – Safer than no protection, but requires a user to do something Methods and Problems • Intercept the web browser and clean after exiting – High security, cleans up cookies when the user shuts down the web browser – Mischievous user may “disable” the program in some fashion – Program may crash Assumptions • Use of Win 95/98 – Win95/98 does not provide any security for files or folders – Most other operating systems protect users because they require users to log into an account in which their data is saved in a secured area Resources and Special Needs • Public computer lab – Computers with Win95/98 • Various cookie security methods – – – – – Disabling cookies Batch file deletion of cookies User deleting cookies themselves Cookie Crunching Software Most are free and easily obtainable over the internet Conclusion • With the threat of mischievous users and the possible misuse of cookies, it is up to the administration to protect users from as many threats as possible. • Cookie security continues to be under major dispute. If cookies are cleared from computers in a lab setting the administration is no longer prone to receiving any future threat to cookies. Questions? Questions?