• Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint
Share this Page URL



Why write a book on privacy? Aren't there several technical books that deal with security? Even though many books cover computer security, there are no great resources on personal privacy.

Privacy used to mean making sure no one found your credit card sales receipt or got a copy of your e-mail. Within the past few years, the average person's personal information has become capable of being made available from dozens of sources. The worst part of the problem is that we freely give away our rights to privacy through all types of services, such as the Internet, e-mail, and surveys. We don't think about how little pieces of information about us can be pulled from many sources to create a full profile of what we buy, what we eat, where we live, and how may hours we spend on the Internet.

The recognition of data privacy issues has increased in the past few years because of high-profile security break-ins. It seems as if some company is always getting hacked and credit card or personal information is being stolen. The one benefit of these break-ins is that the level of awareness about information security and privacy issues has come to the forefront of public news sources.

The questions facing most non-technical users are, “How does all this security activity in the corporate world affect me? And how can I benefit from the expensive tools being used to protect the privacy and data of corporations?” As consultants to large corporations, we have seen the vast amounts of time and money that are dedicated to security and privacy issues. The problem is that the average user cannot afford to spend the time to learn all the various options to secure themselves, nor can he spend the money necessary to buy and then learn all these sophisticated tools. The market has not adequately addressed the needs of individuals when it comes to data privacy and security. Although many methods exist for distributing your personal information and being attacked by hostile users in the online world, few safeguards are available to the average user. Pockets of security resources do exist that apply to an individual, such as banking applications and credit card transaction processing. However, these functions all relate to monetary transactions. But as we have seen, these are not perfect. The major shortfall in the market relates to small, cost-effective tools that are easy to use by individuals to protect themselves in the savage online world. The consumer market has not been addressed when it comes to disseminating security information. Corporate administrators have all the technical information at their fingertips, but the everyday consumer has not been given practical advice on what steps to take and what tools to use to keep his information and home systems secure. We hope to address this lack in the security market that has forgotten the consumer.

With the advent of such technologies as cable modems and Digital Subscriber Line (DSL), the individual user has opened himself to attack from direct Internet connections. Sending data to companies for free e-mail accounts, buying merchandise online, and signing up for services over the Internet has opened a black hole for data collection. Every piece of information you send is being stored in a database somewhere that can and will be sold to agencies all over the world. Such information doesn't even need to be stolen anymore; companies can just buy everything there is to know about you.

Understanding the potential problems you face by using new technologies has not been communicated to the public. Such technologies as purchasing online, using cable modems, and using mobile phones to browse the Internet never advertise the potential privacy concerns and security risks. Such marketing material never quite makes it into a public forum until someone has been hacked and the news headlines broadcast the gory details.

One primary goal of this book is give the everyday user the practical knowledge to understand the sophisticated battle for data privacy and security. The technical jargon has been left to the reference manuals used in corporate information technology (IT) environments. Usability is our number one priority in presenting this material. You don't have to work in IT to understand how to keep your data private. A secondary goal is to balance your knowledge with practical tools and techniques to use today's technologies in a secure fashion.

You will need practical, cost-effective methods of keeping yourself secure once you understand the pitfalls that lie in your path on the road to newer and better technologies. Examples are given of how to use the tools we describe, as well as best practice cases and references to additional material that can increase your knowledge of the risks you face in keeping your data private.

What's So Special About This Book?

We wrote this book to educate you about your right to privacy. Technical folks have hundreds of books that are somewhat incomprehensible to people who are not in the IT industry. IT can appear to be black magic with all its acronyms; it's like casting a spell—ICMP TCP, IP, UDP, WEP, IEEE, IPSEC, poof! You just baked a network. This book should be your bridge between all the technical jargon and the practical advice you need to operate securely in an Internet environment. Consumers are faced with new technologies that no one has told them how to secure, and now their information is being attacked.

The Problem

You have just gotten your cable modem installed. After 2–3 weeks of fighting with the cable company and 4–6 hours of tech support, you are finally blazing away on the Internet, surfing your favorite Web pages and downloading some music from Napster. You then check your e-mail, and you see a joke from a friend sent as an attachment. You execute the attachment, and it has a dancing baby.

Your 733MHz Pentium III Windows 98 home system is pretty fast, you have a fast cable modem connection, you aren't doing anything too intensive, and yet your computer begins slowing down. You stop that file you were downloading, but you can barely surf a Web page. Nothing seems to be wrong with your computer, but the problem persists.

The Cause

Several things might be happening. First, cable modems give you an IP address that is reachable from the Internet. You now have a direct connection, so anyone on the Internet can see you. This leaves you open to a denial-of-service attack, in which the attacker attempts to disable your connection or computer through various means of attack. Another possibility is that the Web site you were surfing that asked you to download something or click some function could have performed hostile activity on your computer. Or, that e-mail attachment with the dancing baby could have installed a Trojan horse program (a program that is supposed to perform a task but also performs some other task, usually hostile, in the background) that is using up your system resources.

The Solution

Leaving your computer wide open to anyone on the Internet is the first problem that must be solved. Several good, inexpensive software products can be used to protect and hide your computer from attackers. The potential problems involved with surfing a site that you might not know is hostile can be solved through learning how to download programs securely and how to know when a program is trying to attack your computer. E-mail attachments can be checked with virus scanners that have to be kept up-to-date constantly.

Consumers often rely on third parties to keep them secure. For example, you assume that your bank is keeping your data secure when you pay bills online, that the Web site where you just bought a Palm Pilot has securely accepted your credit card information, and that your Internet service provider is doing something to protect your home computer. This is not enough in today's environment. Often, the large third-party corporation can't keep itself secure, so how will it keep its users secure? Security and privacy go hand in hand; you can't keep you data private if you're using an insecure technology.

For every potential weakness in the technologies we discuss, we will have a solution and countermeasure available for you to use. Privacy and security can be achieved with the right tools, techniques, and the knowledge of how to use them. You will not be able to secure an IT environment with this knowledge, but you will know how to securely use the technologies that apply to you on a daily basis.

Legislation has been severely lacking to accommodate the new needs of consumers. How our privacy is affected by new technologies is not yet understood by lawyers or courts, much less the consumer. We will strive to make some sense of the current legal environment and attempt to demystify the future of privacy when it comes to new laws.

Here to Help

This book explains why you are a target of attack, how the government is intricately involved with your privacy, and how you can take control of the mechanisms necessary in today's sophisticated environment to protect yourself. Through a combination of practical steps and forward-looking analysis of security measures you need to implement, we hope that you can secure your home and family with the information we provide.

We, the authors, come from a background of computer security consulting and training. For years we have been performing network penetration testing and computer security assessments for corporations around the world and in virtually every industry sector. Companies have taken a proactive stance regarding security and as a result, privacy of consumer information has benefited. We have seen all sorts of security breaches and have done testing to prove these breaches can and do occur. That experience is what we bring to this book.

We have tested and secured various technologies, and we now present that knowledge to the consumer market. We have seen how a hacker or disgruntled system administrator can invade your privacy by stealing your personal information from a company. The gap between corporate IT and the consumer's knowledge about security and privacy is vast; hopefully, we can help close that gap by giving you some practical advice to keep yourself and your systems private and secure.

Feel free to contact any of us—we are here to help:




  • Creative Edge
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint