PRIVACY ISSUES

Privacy is . . .
the right to be left alone or as state or condition of limited access to a person. A classic definition describes privacy as the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others.

Key Elements of Information Privacy

1.Separateness - ability to describe the boundaries and ownership or access rights to information. 2.Restricted access - the ability to protect the identified data. 3.Beneficial use - implies that only data owners or parties explicitly authorized to receive the information are able to benefit from its use.

Privacy Issues
1. 2. 3. 4. 5. 6. 7. Cookie proliferation Seizing cloud data E-mail Concerns Computer Matching Wireless privacy challenges Denial of service attacks Software vulnerability

Cookie Proliferation
The invisible cookie software agents that track your browsing habits and personal data. Advertising networks, marketers, and other data profiteers depend on cookies to learn more about who you are.

Seizing Cloud Data

The files stored in Cloud based Data servers are vulnerable to privacy loopholes. Absence of adequate legal framework. 36 percent of the consumer content will be stored in the cloud by 2016.

E-mail Concerns
Corporations and individuals are now using email as a major means of communication. Two types of threats : 1.Spamming 2.Flaming

Spamming Sending of unsolicited e-mail by mass advertisers. Used to spread computer viruses or infiltrate systems.
Flaming Sending of messages.

critical

and

vulgar

e-mail

Computer Matching
Selling of information about customers from database to other parties. Consumers are then subjected to a barrage of unsolicited promotional material.

Wireless Privacy Challenges

Wifi transmission technology uses spread spectrum transmission Here a signal is spread over a wide range of frequencies and the particular version of spread spectrum transmission used . Standards like 802.11 was designed to make it easier for stations to find and here one another. This wifi standard can be easily penetrated by outsiders. Hackers may use this gap to access vital servers.

Denial of Service Attacks

Hackers flood a network server or webserver with many thousands of false communication or requests for service to crash the network . The network receives somany querries that it cannot keep up with them and is thus unavailable to service legitimate request. It causes the website to shut down , making it impossible for legitimate users to access the site.

Software Vulnerability
Software errors also pose a constant threat to information systems. The problem is the presence of hidden bugs or program code defects .

Measures to Protect Privacy

1. Web-bugs 2. Virtual Private Networking 3. IPSec (Ipv6) 4. Cookies 5. Security outsourcing 6. Access control 7. Intrusion detection systems 8. Securing wireless networks 9. Ensure software reliability 10. Secured Socket Layer

Web-bugs
Which provides server capability to monitor the behaviour of the visitor. Web bugs are tiny graphic files inserted in e-mail messages and web pages , which monitor the visitor behaviour . These tiny files identify the visitor , and keep track of pages visited and transmit this information to website monitor computer.

Virtual Private Networking (VPN)

VPN technology provides the medium to use the public Internet backbone as an appropriate channel for private data communication. With encryption and encapsulation technology, a VPN essentially carves out a private passageway through the Internet.

IPSec (Ipv6)
IPSec provides security for transmission of sensitive information over unprotected networks. IPSec acts at the network layer, protecting and authenticating IP packets between participating IPSec devices ("peers") With IPSec, data can be transmitted across a public network without fear of observation, modification, or spoofing.

Cookies
The technology produces tiny files deposited on computer hard disk known as cookies. These cookies are designed to collect the data about the visitors and retain it for the future guidance.

Security Outsourcing
The main security function can be outsourced to managed security service providers (mssp). It monitor network activity and perform vulnerability testing and intrusion testing. GUARDENT, COUNTERPANE, VERISIGN are some mssps now available.

Access Control
These are the policies and procedures a company uses to prevent improper access to systems by unauthorized insiders and outsiders

Intrusion Detection Systems

It is a full time monitoring tool placed at the most vulnerable points or hot spots of corperate networks. It is for detect and deter intruders continually. The system generates an alarm if it finds any suspicious program attacking.

Securing Wireless Networks

WEP provides some margin of security if wi-fi users remember to activate it. Wifi protected access improves data encryption by replacing the static encryption keys with longer 128-bit keys that continually change ,making them harder to crack. wpa provides another facility known as extensible authentication protocol (EAP). It works with central authentication server to authenticate each user on the network before user can join it..

Ensure Software Reliability

Devote more attention to software reliability and quality. Errors should be corrected at the early stage of software design before when it is programmed. Thorough testing ferther reduces software errors , even though it may be impossible to eliminate them completely.

Secured Socket Layer (SSL)

SSL is a communication system that ensures privacy when communicating with other SSLenabled products. SSL is a protocol that runs above TCP/IP and below HTTP or other top-level protocols. It is symmetric encryption nested within publickey encryption, authenticated through the use of certificates. An SSL connection can only occur between an SSL-enabled client and an SSL-enabled server.

THANK YOU