Home Cyber-security tips newsletter Volume 1 Number 2, July 2006

Reference URL

Rate

To link to the entire object, paste this link in email, IM or document

To embed the entire object, paste this HTML in website

To link to this page, paste this link in email, IM or document

To embed this page, paste this HTML in website

Cyber-security tips newsletter

Cyber-security tips newsletter Volume 1 Number 2, July 2006

1 of 23

View Description

View PDF & Text

This page

All

Subset

PDF
Text

Text Search...

ADOA/ISD/ISS
Monthly Cyber Security Tips
NEWSLETTER
JULY 2006 Volume 1, Issue 2
How Anonymous Are You?
From the Desk of Information Security Services
What information is collected?
When you visit a web site, a certain amount of information is automatically sent to the site. This
information may include the following:
• IP address - Each computer on the internet is assigned a specific, unique IP (internet protocol)
address. Your computer may have a static IP address or a dynamic IP address. If you have a
static IP address, it never changes. However, some ISPs own a block of addresses and assign
an open one each time you connect to the internet—this is a dynamic IP address. You can
determine your computer's IP address at any given time by visiting www.showmyip.com.
• domain name - The internet is divided into domains, and every user's account is associated
with one of those domains. You can identify the domain by looking at the end of URL; for
example, .edu indicates an educational institution, .gov indicates a US government agency,
.org refers to organization, .com is for commercial use. Many countries also have specific
domain names. The list of active domain names is available at http://www.iana.org/domain-names.
htm or http://www.norid.no/domenenavnbaser/domreg.html.
• software details - It may be possible for an organization to determine which browser, including
the version, that you used to access its site. The organization may also be able to determine
what operating system your computer is running.
• page visits - Information about which pages you visited, how long you stayed on a given page,
and whether you came to the site from a search engine is often available to the organization
operating the web site.
If a web site uses cookies, the organization may be able to collect even more information, such as your
browsing patterns, which include other sites you've visited. If the site you're vising is malicious, files on
your computer, as well as passwords stored in the temporary memory, may be at risk.
How is this information used?
Generally, organizations use the information that is gathered automatically for legitimate purposes,
such as generating statistics about their sites. By analyzing the statistics, the organizations can better
understand the popularity of the site and which areas of content are being accessed the most. They
may be able to use this information to modify the site to better support the behavior of the people
visiting it.
Another way to apply information gathered about users is marketing. If the site uses cookies to
determine other sites or pages you have visited, it may use this information to advertise certain
products. The products may be on the same site or may be offered by partner sites.
However, some sites may collect your information for malicious purposes. If attackers are able to
access files, passwords, or personal information on your computer, they may be able to use this data to
their advantage. The attackers may be able to steal your identity, using and abusing your personal
information for financial gain. A common practice is for attackers to use this type of information once or
twice, then sell or trade it to other people. The attackers profit from the sale or trade, and increasing the
number of transactions makes it more difficult to trace any activity back to them. The attackers may also
alter the security settings on your computer so that they can access and use your computer for other
malicious activity.
Are you exposing any other personal information?
While using cookies may be one method for gathering information, the easiest way for attackers to get
access to personal information is to ask for it. By representing a malicious site as a legitimate one,
attackers may be able to convince you to give them your address, credit card information, social
security number, or other personal data (see Avoiding Social Engineering and Phishing Attacks for
more information).
How can you limit the amount of information collected about you?
• Be careful supplying personal information - Unless you trust a site, don't give your address,
password, or credit card information. Look for indications that the site uses SSL to encrypt your
information (see Protecting Your Privacy for more information). Although some sites require you
to supply your social security number (e.g., sites associated with financial transactions such as
loans or credit cards), be especially wary of providing this information online.
• Limit cookies - If an attacker can access your computer, he or she may be able to find
personal data stored in cookies. You may not realize the extent of the information stored on
your computer until it is too late. However, you can limit the use of cookies (see Browsing
Safely: Understanding Active Content and Cookies for more information).
• Browse safely - Be careful which web sites you visit; if it seems suspicious, leave the site. Also
make sure to take precautions by increasing your security settings (see Evaluating Your Web
Browser's Security Settings for more information), keeping your virus definitions up to date (see
Understanding Anti-Virus Software for more information), and scanning your computer for
spyware (see Recognizing and Avoiding Spyware for more information).
This series of information security tips will give you more information about how to recognize and
protect yourself from attacks.
Brought
to you
by:
http://www.msisac.org
Powered
by:
Copyright Carnegie Mellon University
Produced byUS-CERT http://www.us-cert.gov/

you wish to report:

Your comment:

Your Name:

Submit

Cancel

...

Rating
TITLE	Cyber-security tips newsletter
CREATOR	Arizona Department of Administration, Information Services Division
SUBJECT	Internet--Security measures--Pamphlets; Computer networks--Security measures--Periodicals; Computer security--Periodicals; Cyberspace--Security measures--Periodicals;
Browse Topic	Government and politics
DESCRIPTION	This title contains one or more publications
Language	English
Publisher	Arizona Department of Administration
Material Collection	State Documents
Source Identifier	ADM 2.3:N 38
Location	o442100233
REPOSITORY	Arizona State Library, Archives and Public Records--Law and Research Library

TITLE	Cyber-security tips newsletter Volume 1 Number 2, July 2006
DESCRIPTION	2 pages (PDF version). File size: 80 KB
TYPE	Text
RIGHTS MANAGEMENT	Copyright to this resource is held by the creating agency and is provided here for educational purposes only. It may not be downloaded, reproduced or distributed in any format without written permission of the creating agency. Any attempt to circumvent the access controls placed on this file is a violation of United States and international copyright laws, and is subject to criminal prosecution.
DATE ORIGINAL	2006-07
Time Period	2000s (2000-2009)
ORIGINAL FORMAT	Born Digital
Source Identifier	ADM 2.3:N 38
Location	o442100233
DIGITAL IDENTIFIER	july-2006-newsletter-tips.pdf
DIGITAL FORMAT	PDF (Portable Document Format)
REPOSITORY	Arizona State Library, Archives and Public Records--Law and Research Library.
File Size	81116 Bytes
Full Text	ADOA/ISD/ISS Monthly Cyber Security Tips NEWSLETTER JULY 2006 Volume 1, Issue 2 How Anonymous Are You? From the Desk of Information Security Services What information is collected? When you visit a web site, a certain amount of information is automatically sent to the site. This information may include the following: • IP address - Each computer on the internet is assigned a specific, unique IP (internet protocol) address. Your computer may have a static IP address or a dynamic IP address. If you have a static IP address, it never changes. However, some ISPs own a block of addresses and assign an open one each time you connect to the internet—this is a dynamic IP address. You can determine your computer's IP address at any given time by visiting www.showmyip.com. • domain name - The internet is divided into domains, and every user's account is associated with one of those domains. You can identify the domain by looking at the end of URL; for example,.edu indicates an educational institution,.gov indicates a US government agency,.org refers to organization,.com is for commercial use. Many countries also have specific domain names. The list of active domain names is available at http://www.iana.org/domain-names. htm or http://www.norid.no/domenenavnbaser/domreg.html. • software details - It may be possible for an organization to determine which browser, including the version, that you used to access its site. The organization may also be able to determine what operating system your computer is running. • page visits - Information about which pages you visited, how long you stayed on a given page, and whether you came to the site from a search engine is often available to the organization operating the web site. If a web site uses cookies, the organization may be able to collect even more information, such as your browsing patterns, which include other sites you've visited. If the site you're vising is malicious, files on your computer, as well as passwords stored in the temporary memory, may be at risk. How is this information used? Generally, organizations use the information that is gathered automatically for legitimate purposes, such as generating statistics about their sites. By analyzing the statistics, the organizations can better understand the popularity of the site and which areas of content are being accessed the most. They may be able to use this information to modify the site to better support the behavior of the people visiting it. Another way to apply information gathered about users is marketing. If the site uses cookies to determine other sites or pages you have visited, it may use this information to advertise certain products. The products may be on the same site or may be offered by partner sites. However, some sites may collect your information for malicious purposes. If attackers are able to access files, passwords, or personal information on your computer, they may be able to use this data to their advantage. The attackers may be able to steal your identity, using and abusing your personal information for financial gain. A common practice is for attackers to use this type of information once or twice, then sell or trade it to other people. The attackers profit from the sale or trade, and increasing the number of transactions makes it more difficult to trace any activity back to them. The attackers may also alter the security settings on your computer so that they can access and use your computer for other malicious activity. Are you exposing any other personal information? While using cookies may be one method for gathering information, the easiest way for attackers to get access to personal information is to ask for it. By representing a malicious site as a legitimate one, attackers may be able to convince you to give them your address, credit card information, social security number, or other personal data (see Avoiding Social Engineering and Phishing Attacks for more information). How can you limit the amount of information collected about you? • Be careful supplying personal information - Unless you trust a site, don't give your address, password, or credit card information. Look for indications that the site uses SSL to encrypt your information (see Protecting Your Privacy for more information). Although some sites require you to supply your social security number (e.g., sites associated with financial transactions such as loans or credit cards), be especially wary of providing this information online. • Limit cookies - If an attacker can access your computer, he or she may be able to find personal data stored in cookies. You may not realize the extent of the information stored on your computer until it is too late. However, you can limit the use of cookies (see Browsing Safely: Understanding Active Content and Cookies for more information). • Browse safely - Be careful which web sites you visit; if it seems suspicious, leave the site. Also make sure to take precautions by increasing your security settings (see Evaluating Your Web Browser's Security Settings for more information), keeping your virus definitions up to date (see Understanding Anti-Virus Software for more information), and scanning your computer for spyware (see Recognizing and Avoiding Spyware for more information). This series of information security tips will give you more information about how to recognize and protect yourself from attacks. Brought to you by: http://www.msisac.org Powered by: Copyright Carnegie Mellon University Produced byUS-CERT http://www.us-cert.gov/

Find results with:

Searching collections:

Home Cyber-security tips newsletter Volume 1 Number 2, July 2006

Cyber-security tips newsletter

Object Description

Description

Cyber-security tips newsletter

Cyber-security tips newsletter

	All
	Pages Enter page numbers or page ranges separated by commas. For example: 1,3,5-12