Keep Yourself Safe from the Prying Eyes of Hackers and Snoopers!



Similar documents
User Guide. Version 3.0 April 2006

RAPID BROADBAND INSTALLATION RAPID BROADBAND SUPPORT CONTACT DETAILS. AND TROUBLESHOOTING GUIDE. Tel:

Overview Keys. Overview

Encryption. How do I send my encryption key?

Setting up in Outlook Express

Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice.

HomeNet. Gateway User Guide

Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice.

Xythos on Demand Quick Start Guide For Xythos Drive

Microsoft Outlook Web Access Overview

4. Click Next and then fill in your Name and address. Click Next again.

Exchange 2003 Mailboxes

CNW Re-Tooling Exercises

This guide will go through the common ways that a user can make their computer more secure.

SECURE USER GUIDE OUTLOOK 2000

Contents First Time Setup... 2 Setting up the Legal Vault Client (KiteDrive)... 3 Setting up the KiteDrive Outlook Plugin Using the Legal Vault

Unipass Secur Client FAQ Document v1.1. This document a summary of some of the most common questions asked about the Unipass Secur client.

PGP Desktop Quick Start Guide version 9.6

INSTALLATION AND CONFIGURATION GUIDE (THIS DOCUMENT RELATES TO MDAEMON v ONWARDS)

VPOP3 Your post office Getting Started Guide

User's Manual. Intego Remote Management Console User's Manual Page 1

Dell SonicWALL SRA 7.5 Secure Virtual Meeting and Secure Virtual Assist

Secure Your Home Computer and Router. Windows 7 Abbreviated Version. LeRoy Luginbill, CISSP

DigiDelivery Client Quick Start

Client Configuration Guide

IsItUp Quick Start Manual

Configuring your client to connect to your Exchange mailbox

Symantec File Share Encryption Quick Start Guide Version 10.3

MessageGuard 3.0 User Guide

INTRODUCTION TO CRYPTOGRAPHY

BCTextEncoder Help File

Zen Internet. Online Data Backup. Zen Vault Express for Windows. Issue:

Gold Lock Desktop. User Manual. Follow these simple steps to install, configure, and use Gold Lock Desktop.

PREMIUM MAIL USER GUIDE

Configuring Your Client: Outlook Express

USER GUIDE. General Information The BeAnywhere Service BeAnywhere Server BeAnywhere DRIVE Security... 2

WebEx Remote Access User s Guide

WordCom, Inc. Secure File Transfer Web Application

Configuring Your Client: Outlook Express. Quick Reference

How To Set Up An Outlook Mailbox On A Windows 2007 (For Free) With A Free Account On A Blackberry Or Ipad (For A Free) Or Ipa (For An Ipa) With An Outlook 2007 (Free) Or

GoldKey Software. User s Manual. Revision WideBand Corporation Copyright WideBand Corporation. All Rights Reserved.

Configuring, Customizing, and Troubleshooting Outlook Express

Changes to Skillnet Group s. Outlook and Outlook Express Users

Student Mail Access. Introduction. Option One: Using an Client

Departmental (Service) Account Set Up

Quick Start Guide v4.0 Client Outlook Connection

Sending an Encrypted/Unencrypted Message. Let's Begin: Log In and Set Up Security Questions. Create Additional ProMailSource Accounts:

Corporate Telephony Toolbar User Guide

Using Rackspace Webmail

Point to Point Broadband Internet Service Business

INSTALLATION AND CONFIGURATION GUIDE (THIS DOCUMENT RELATES TO MDAEMON v9.5.0 ONWARDS)

How To Use Quantum Rbs Inc. Small Business Backup

Microsoft Outlook Quick Reference Sheet

Quick Start Guide. Laplink Software, Inc. Quick Start Guide MN-LLTLBR-EN-05 (REV. 02/2010) h t t p : / / w w w. l a p l i n k.

Getting Started with WebEx Access Anywhere

Regain Your Privacy on the Internet

New World Construction FTP service User Guide

Using Remote Web Workplace Version 1.01

Exchange Outlook Profile/POP/IMAP/SMTP Setup Guide

Using desktop ANYWHERE

CamGuard Security System CamGuard Security System Manual

ACCEPT THE SECURITY CERTIFICATE FOR THE WEB FILTER

RMFT Web Client User Guide

TWO WAYS TO SCHEDULE A SCOPIA VIDEO CONFERENCE BASED MEETING. 1- SCOPIA USER PORTAL 2- OUTLOOK SCOPIA MEETING PLUG-IN

OutDisk 4.0 FTP FTP for Users using Microsoft Windows and/or Microsoft Outlook. 5/1/ Encryptomatic LLC

How to Remotely View Security Cameras Using the Internet

Step-by-Step Guide for Creating and Testing Connection Manager Profiles in a Test Lab

ProxyCap Help. Table of contents. Configuring ProxyCap Proxy Labs

Microsoft Exchange Mailbox Software Setup Guide

USER GUIDE WWPass Security for (Outlook) For WWPass Security Pack 2.4

Getting Started Configuring Your Computer Network Settings

client configuration guide. Business

Law Conferencing uses the Webinterpoint 8.2 web conferencing platform. This service is completely reservationless and available 24/7.

Installing the SSH Client v3.2.2 For Microsoft Windows

Using Remote Desktop to access your Office Computer or Faculty Remote Desktop Server August, 2005 This document consists of two main parts and an

How to set up Outlook Anywhere on your home system

CITRIX TROUBLESHOOTING TIPS

File and encryption with GPG4win & Enigmail

Creating the Certificate Request

Zimbra Connector for Outlook User Guide. Release 6.0

Secure transaction guidelines for external users with Commission personnel.

MS Live Communication Server managed by TELUS. Getting Started Guide. v. 1.0

WS_FTP Professional 12. Security Guide

Vodafone Text Centre User Guide for Microsoft Outlook

Published : License : None

Get Started Guide - PC Tools Internet Security

AXIS Camera Station Quick Installation Guide

Getting Started Guide

Hosted Microsoft Exchange Client Setup & Guide Book

HOSTED DESKTOP MANUAL

Outlook 2010 Essentials

Windows BitLocker Drive Encryption Step-by-Step Guide

Personal Call Manager User Guide. BCM Business Communications Manager

GE Measurement & Control. Remote Comms System. Installation and User Reference Guide

Your Assistant Collaboration Module

Skype for Business User Guide

TeamViewer 10 Manual Remote Control

Honeywell Secure External User Guide August 2013

Transcription:

Protect Your Privacy Online P 7/1 Keep Yourself Safe from the Prying Eyes of Hackers and Snoopers! With the information in this article you can: Find out what secret information your PC is sharing with others Use an anonymous proxy to restrict access to your personal data when browsing the web Discover great free software to surf, chat privately and send secure email The desire to remain anonymous on the Internet is not necessarily an indication of nefarious activity. People do not walk around in public with their phone numbers visibly displayed. It is just common sense to be selective about those you share personal information with. The same degree of caution should apply when we use the Internet. You may be surprised to discover what your computer is publicly announcing about its internal settings. So, why would anyone be interested? There are a variety of reasons that users might be snooping on your activities. Examples might include: profiling your interests for marketing purposes, identity theft, payment card theft, hijacking your PC for a further crime or just a voyeuristic interest in your personal communications. This article will show you how to surf, email and chat without having to worry about online snoopers. Dr Steve North: It amazes me that the free software tools in this article make industry standard encryption and anonymity available to all of us. Just remember better safe than sorry! Protect yourself from snoopers and hackers online... P 7/2 Hide your PC s details with anonymous proxies... P 7/3 Secure your email with Crypto Anywhere... P 7/4 Anonymous web browsing with JAP... P 7/9 Safe online chat using PSST... P 7/11 1

P 7/2!? Protect Your Privacy Online Protect Yourself from Snoopers and Hackers Online The two key elements to protecting your online privacy are: limiting the information that you reveal when you are web browsing and encrypting (encoding) some or all of your email and chat communication. To find out what information your computer is sharing when you are online, open Internet Explorer and browse to the web page: http://www.leader.ru/cgi-bin/go?who This will produce a report similar to the one shown below. Your IP address. Your browser..net is installed. You are using XP. The time/date on your PC. Websites visited. Your home network. Software installed. An example of your online profile 2

Protect Your Privacy Online P 7/3 All of the information listed on the report can be used by a hacker as a possible avenue to attack your PC (called an attack vector in the computer security industry). Before closing this section, it should be noted that a reputable website would automatically encrypt your payment card details. An encrypted page will have a URL starting with https: ( s stands for secure) and a locked padlock icon at the bottom right of the browser window. Hide Your PC s Details with Anonymous Proxies A quick Internet search with Google for anonymous prox y will produce many hits. These are free websites that allow users to browse the Internet without revealing their identities. For each page that you visit, you will need to type a URL into the appropriate text field on the prox y s web page. A proxy acts as an intermediary between your computer and the information that you require. It fetches the web page data on your behalf and forwards it on to your browser. Free anonymous proxy websites come and go on the Internet with great frequency. Try the following free proxies to protect your web browsing: http://www.the-cloak.com/login.html http://www.megaproxy.com/freesurf/ To establish the level of anonymity offered by an anonymous p r ox y, visit the security analysis mentioned above (h t t p : / / w w w. l e a d e r. r u / c g i - b i n / g o? w h o) and note the differences in the security report. Using megaproxy with the same computer that was used to produce the resulting figure on page P 7/2, a quick test revealed that online visibility had been greatly reduced. The only information available via megaproxy is: the browser name, browser version, Windows version (or other operating system), supported languages Secure web pages have a URL starting with https and display a locked padlock icon.!? Surf the web without giving away your personal information. You can test anonymous proxies to see how much information you are sharing. 3

P 7/4 Protect Your Privacy Online Megaproxy significantly improves your privacy. (but not which is actually being used) and the status of the browser s JavaScript (enabled or disabled). The following information is completely hidden by megaproxy: IP address, ISP s mail server, websites visited during the current browsing session, the browser s interface language, the processor family (for example Pe n t i u m ), Internet connection type (for example via Local Area Network), available monitor screen sizes, the currently selected screen resolution and colour depth, cookie status (enabled or disabled), Java status (enabled or disabled) and a complete list of common applications (mainly Microsoft software but also popular plug-ins). In the remaining sections of this article, you will learn about some great free tools to improve your online privacy. All of the software can be found on the CD accompanying this update, either as a download or by following the links provided.!? Crypto Anywhere is small enough to fit on a floppy disk or a USB flash drive. You can safely distribute your public key. Secure Your Email with Crypto Anywhere Crypto Anywhere is a tiny email encryption program (a program to encode your email). It is small enough to fit on a USB flash drive, but provides industry-standard protection. This means that you can take it with you to a cyber-café and still send secure emails. This software makes use of strong encryption algorithms based on public key techniques. Crypto Anywhere can be downloaded by clicking the link provided on the CD accompanying this update: h t t p : / / w w w. b y t e f u s i o n. c o m / p r o d u c t s / e n s / c r y p t o a n y w h e r e / whatiscryptoanywhere.htm The essence of public key security is that anyone can send an encrypted message to you but only you can read it. The public key that someone uses to send you a secure email can be freely distributed to anyone. Having the public key does not allow a third party to read an intercepted email. It only allows them to send you an encrypted mail. It is common 4

Protect Your Privacy Online P 7/5 practice to attach public keys to email signatures, so that others can mail you securely. Your private key must never be shared with anyone. Every user has a unique pair of public and private keys. To send someone an encrypted email, you need to have his or her public key. Therefore, they will need to be using Crypto Anywhere or a compatible tool (Crypto Anywhere is compatible with PGP Pretty Good Privacy and most popular encryption software). Once you have received a public key from your friend (remember this initial email does not need to be secure, anybody is allowed access to the public key), you can start sending them secure emails. It s even possible to send encrypted email to users who do not have Crypto Anywhere. This is sent as a self-extracting attachment, which will reveal its contents only when the recipient enters a pre-arranged password. Configuring Crypto Anywhere It s time to get Crypto Anywhere up and running. Luckily, it has its own very simple configuration wizard. To get started: 1. After installing Crypto Anywhere, a configuration wizard will run. Select Yes, configure now and then click Next. 2. If you want to use Crypto Anywhere with Microsoft Outlook, select Yes (otherwise select No) and then click Next. Note: even if you select No, Crypto Anywhere will integrate itself with Outlook Express. 3. Select Use Direct Drop recommended. Note: if your encrypted emails fail to arrive, you may need to reconfigure this to Use my ISP s mail server. To configure it in this way, you will need to enter the details for your email account (user, password, mail server etc). Using your ISP s mail server may not be possible if you are not connected to the Internet via the same ISP (you might be in a cyber-café, for example). Crypto Anywhere will work with most other encryption software tools and can even send secure mail to users without appropriate software. Direct Drop will send the encrypted email straight to the recipient s mail server. 5

P 7/6 Protect Your Privacy Online A longer pass phrase generates stronger encryption. 4. If Crypto Anywhere says that it has detected an installation of SecExMail, select No, do not import keys and then click Next. 5. Select Yes, create encryption keys now and then click Finish. 6. On the Choose New Key Type screen, select Create SecExtMail Key RSA + Twofish. 7. Click OK > Next. 8. Enter your name and email address. 9. Click Next. 10. Select 2048 bits safe. 11. Click Next. 12. Enter a memorable pass phrase (twice). Note: the strength of the cryptographic protection is indicated and it is stronger with a longer phrase. 13. Click Next. 14. Click randomly on the window but try to evenly cover the screen with cross hairs. 15. Click OK > Next > OK. 16. Click Finish > OK. Random mouse clicks are used to create a unique cryptographic key. Configuring Crypto Anywhere in Windows XP 6

Protect Your Privacy Online P 7/7 Getting Started with Crypto Anywhere and Outlook Express Crypto Anywhere will work perfectly happily on its own without Outlook or Outlook Express. However, using it in this manner does result in one disadvantage. Any encrypted outgoing email will not be saved with your regular email. Encrypted emails arriving in your email client will still need pasting into Crypto Anywhere, for decryption. The copy in your email inbox will remain in its encrypted form. As described above, integrating Crypto Anywhere with Outlook is presented as an option during the configuration wizard. To switch it on or off after configuration, you can access the option as follows: 1. In the left pane of Crypto Anywhere, click Configuration > Outlook Integration. 2. Tick Integrate with Outlook Office (or un-tick it to cancel integration). 3. Click OK to dismiss the confirmation alert. Integration with Outlook Express is automatically established during initial configuration. If you do want to change its status, you will find an appropriate option in the same location as above: 1. In the left pane of Crypto Anywhere, click Configuration > Outlook Integration. 2. Tick Integrate with Outlook Express at start-up (or un-tick it to cancel integration). 3. Tick Minimize to system tray at start-up (or un-tick it to cancel integration). Outlook Express integration will only work if Crypto Anywhere is running first. This option starts and minimises Crypto Anywhere, each time Windows starts. 4. Click OK to dismiss the confirmation alert. Note that integration is only possible with Outlook Express versions 5 or 6. Using Crypto Anywhere with Outlook Express ensures that all of your email is stored in one location. Remember to start Crypto Anywhere before you run Outlook Express. 7

P 7/8 Protect Your Privacy Online Try sending a test email to yourself to confirm installation. You will need to communicate the password to the recipient. Encrypting outgoing email with Crypto Anywhere and Outlook Express To encrypt an email from Outlook Express: 1. Start Crypto Anywhere (if not already started). You may need to click Use Unregistered Version. 2. Start Outlook Express. 3. Compose an email in the normal manner. 4. Click the new Outlook Express toolbar button Encrypt before sending (note that this button toggles and nothing will happen until you click Send). 5. Click Send. Crypto Anywhere s For your eyes only screen will open. 6. If the intended recipient s public key is shown in the list, select it and click OK. If you are just testing how this works, then send yourself an email. Your public key should be on the list. 7. If you don t yet have the intended recipient s public key, then select no key. The email address from Outlook Express should appear under Self Decrypting E-Mail. 8. Enter a password of your choosing (twice). Remember that you will have to communicate this password to the recipient in some manner. Don t send it by email, as this defeats the object of the exercise! 9. Click OK and Outlook Express should now send the encrypted email. You can confirm this by looking in the Sent Items folder of Outlook Express. A self-decrypting email will appear as an attachment. Decrypting incoming email with Crypto Anywhere and Outlook Express This subsection will help you to decrypt an email received in Outlook Express. This might include a test message that you have sent to yourself. To proceed: 8

Protect Your Privacy Online P 7/9 1. Start Crypto Anywhere (if not already started). You may need to click Use Unregistered Version. 2. Start Outlook Express. 3. Double-click on the received email, so that it opens in its own window. This is the only way to see the Decrypt Message button on the toolbar. 4. Click Decrypt Message. 5. Crypto Anywhere should display the decrypted version in a window headed Your Message. Remember that the version in your Outlook Express inbox will remain encrypted. If you want the message in a readable format, you will need to save it as a text file, or decrypt it each time you read it. Anonymous Web Browsing with JAP The free tool JAP performs in a similar manner to the anonymous proxies described earlier. It provides anonymous web browsing, preventing others from tracking your online activities. JAP works by sharing a single, static IP address amongst all users of the software. You can download JAP by clicking on the link provided on the CD accompanying this update: http://anon.inf.tu-dresden.de/win/download_en.html Instead of connecting directly to a web server, your browsing is conducted through several encrypted intermediaries. These are called mixes. A predetermined sequence of mixes is called a mix cascade. Your connection is hidden among the connections of all the other users. Not even the provider of the intermediary mixes can determine which connection belongs to which user. Independent institutions such as universities, which officially declare that they do not keep connection log files, generally provide mixes. The big advantage to using JAP (as compared to the various anonymous proxies) is that you You need to double-click on the email in order to display the Decrypt Message button.!? JAP shares a single IP address amongst a group of users. With JAP you can use your favourite browser. 9

P 7/10 Protect Your Privacy Online don t have to type URLs into the proxy s web page. You can use your favourite browser, in the normal manner. Configure Internet Explorer to work with JAP. Verify that JAP is hiding your IP address. 10 Getting started with JAP The interface for JAP is partially in English, with some items described in the developer s native German. As only one click is required to activate it, this should not prove problematic. To set up JAP for Internet Explorer, perform the following steps: 1. Start JAP. 2. Under the section Ananymität (anonymity), select Ein. The needle on the anonymity meter should now indicate low, fair or high. A low setting indicates that not many other users are currently sharing the same JAP IP address. The more users that are online, the more secure your identity will become. 3. Start Internet Explorer. 4. Click Tools > Internet Options > Connections. 5. If you use a dial-up Internet connection, select your connection from the Dial-up and Virtual Private Network settings section. Click on Settings. 6. If you use a broadband Internet connection, click LAN Settings... under the Local Area Network (LAN) settings section. 7. Select Use a proxy server for this connection (or Use a proxy server for your LAN). 8. Type: 127.0.0.1 as the proxy server and 4001 as the port. 9. Click OK > OK. Note that if you now browse to http://www.leader.ru/ cgi-bin/go?who (the checker that we used earlier in this article), you should see that your real IP address is no longer visible. To surf anonymously, you will need to start JAP as well as Internet Explorer. To surf without JAP, you will need to disable the proxy by unselecting the Use a proxy server

Protect Your Privacy Online P 7/11 for this connection (or Use a proxy server for your LAN) option in Internet Explorer. Safe Online Chat Using PSST This is a simple, highly encrypted, peer-to-peer instant messaging tool. Unlike many instant chat applications, PSST does not use an intermediary server. Instead, messages pass directly between the two users engaged in chatting. This arrangement is known as P2P (peer-to-peer). You can download PSST from the CD accompanying this update. There are two things that you will need to check with the remote user before staring a secure chat session. Firstly, you will need to agree a question and answer phrase to use for security. This can be anything. For example: Q. What colour is the dog? A. Black. All that matters is that the person initiating the connection remembers both the question and answer. The other user only needs to know the answer. This provides a further level of security, to make sure that your chat session has not been hijacked by a malicious third party. Secondly, the chat initiator will need to know the IP address of the remote user. If the remote user s ISP (Internet Service Provider) allocates static IPs, then you will only need to find this out once. If the allocation is dynamic, the IP will change each time the remote user connects to the Internet. For a broadband connection, this number will stay the same for days, weeks or months at a time. For a dial-up connection, the IPs will change for each session. If the IP is dynamic and the remote user has reconnected, you will need to know the new IP address. The remote user will need to check his or her current IP address, by proceeding as follows: 1. Click Start > Run. 2. Type: ipconfig 3. Press Enter.!? PSST does not use an intermediary server. Time to choose a simple question and answer. Ask your chat partner to check his or her IP address. 11

P 7/12 Protect Your Privacy Online If you are using a LAN, check the IP address using your router s interface. Use the question and answer to provide extra security. This prevents your chat from being vulnerable to a man-in-themiddle attack. Please note: if you are connected via a LAN (Local Area Network), the ipconfig command may return a local IP address (one that is not reachable over the Internet). If this is the case, you will need to use your router s browser interface (please refer to the manual) to discover its public IP address. Get chatting with PSST To start chatting, both users will need to start their copies of PSST. You (as the local user) will need to establish a connection, as follows: When prompted, move your mouse around randomly. This happens each time that you start PSST and is a part of the encryption process. 1. Click Connect. 2. Type the remote user s IP address into the appropriate field. 3. Click OK. 4. Type the answer to the agreed question. 5. Click OK. You should see the message: Correct answer received connection secured. 6. You can now type a message into the appropriate text field and then click Send to transmit it to the remote user. 7. Click Quit when you wish to end a chat session. 1. 2. 3. 4. 5. That s it! Now you can surf the web, email and chat without constantly looking over your virtual shoulder. By using encryption techniques you can be confident that the data you send over the Internet cannot be read by anyone other than the intended recipient. Just be careful out there 12

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information