SURF SAFE BASICS 1. Introduction 2. Browser Security 3. Browser Check 4. NetBios 5. Cookies 6. WebBugs 7. Good Housekeeping 8. Firewalls 9. Anonymity Providers 10. Resources 1. Introduction: Safe Surfing consists in minimizing your profile and identity trail as you surf on the internet. Every site you visit will record your machine's unique internet protocol number or IP address. Cookies can act as remote identifiers, and the information they store can be retrieved by html web pages using email or post commands. Any of the web pages that you download may contain either Active-x or Java applets both of which can be programed to access the Windows System or your registry. Embedded Gifs or Web-Bugs can record your presence and 'phone home' modules - often known as spyware can report on you to a remote database. As well as providing servers with another way to get Referer and other information. Disabling Java also stops many pop-up ads and interstitials. All the scripting languages like Javascript, Visual Basic Script (VBS) etc. can execute system calls from inside a web page, query your registry and posting sensitive data back to the server. In the case of a hacker, invisible frames can be loaded containing scripting to execute DOS commands such as "del C:\*.*"; "del Windows\*.*" - on other words wipe your hard disk! Other means of gaining referer information are for the server to ask you to connect either on shttp or https which is SSL, both are secure protocols that can override ordinary proxies and nullify them. Thus allowing the server to read your true ip address and in some cases this is their purpose not secure messaging! Coming up in the rear is SOAP (Simple Object Access Protocol). This is a lightweight, XML-based protocol for exchanging information in a decentralized, and distributed environment. This is a messaging protocol, unlike Active-x, which uses remote procedure calls (RPC). It does not require synchronous execution or request/resonse interaction, and SOAP messages can have multiple parts addressed to different parties. Furthermore SOAP is progmatically extensible. In laymans speak this protocol allows web page to speak to web page, remotely and on a queued basis ie allowing for time lapses. SOAP boasts A Proxy and Wire Transfer Service. This protocol has been submitted to W3C for consideration, and is along with XML the basis for Microsofts latest web gambit .NET. SOAP is extremely unsafe since it has access to the dns and the underlying windows system. It can totally bypass any firewall since messaging is web page to web page. COM controls can be written to phone home via SOAP just as in HTTP. Last but not least is NetBios and File and Print Sharing which is auto enabled on installation on some old operating systems, leaving your hard disk open for the world. So disabling all these options within your browser and in conjuction with using a proxy, preferably one from country outwith your own, you can leverage some form of control over information leakage whilst you surf. Being aware of how and where ip leakage can occur allows you to Surf Safe! 2. Browser Security To cover your tracks and prevent others from finding out your ip address you have to use a proxy and disable certain browser functions, proxies are covered in more detail in Proxy Basics. These functions are as follows: Internet Explorer: Tools Menu ... Select Internet Options... Security tab... Custom Level Disable all Active-x Options Disable all Cookie Options Disable Java Disable all Scripting Options Logon Option: Check the "Prompt for user name and password" radio button For netscape users, to turn off java ans also ... Edit -> Preferences -> advanced -> uncheck "enable java" and "enable javascript" and check "disable cookies" To use software based proxy: Edit -> Preferences -> advanced+ -> proxies -> check "manual configuration" -> view -> fill in the needed fields. To enable a proxy server in IE, go to Tools > Internet Options > Connections. If you use a dialup connection, click the "Settings" button next to the dialup properties box. If you have a broadband connection, click the "LAN Settings" button instead. Check the "Use a proxy" option, then enter the proxy's hostname and port number in the fields. To enable a proxy server in Netscape, go to Edit > Preferences > Advanced > Proxies. Choose "Manual Proxy Configuration," then click the View button and enter the proxy's hostname and port number in the WWW field. To confirm that the proxy is functioning correctly, go to the IP-address page. You should see the proxy's IP address instead of your own. Alternatively select one of the url's from the Proxy Checking Sites list in the Resources section below and check that the ip-address you see on the page is the same as your proxy! Some browsers have an auto email facility find and disable this. What does a browser record? There are three things a browser records when you visit a web page. Each one is stored in a different manner, in different places. It depends on which browser and which version you use, and even on what Operating System platform you are running it. The three thing a browser records are: I The page itself in your cache II The URL of the page in your history III The URL's you typed in at the URL box (drop down list) So the folowing tasks have to be undertaken. Clearing the cache: Clearing the History: Clearing the URL history: Its optional on all the main browsers ie Netscape, Internet Explorer, Opera etc whether you choose to do this by hand and the precise syntax and commands vary by Browser version and Operating System version, but the principal is constant ie find where they are logged and delete the references! Under Windows this is normally inside the Registry. So in Netscape under windows 95: The URL history is stored in the windows registry. Example: Clearing the URL history - Close Netscape if it is still running. Start the registry editor by running REGEDIT.EXE. Go to HKEY_CURRENT_USER\Software\Netscape\Netscape Navigator\URL History\ (doing a search for "URL History" will get you there immediately.) Delete the entries URL_1 through URL_10, but NOT the Default entry. Close the registry editor. This is repeated for the other tasks. A simpler method is to use a program such as Window Washer or Evidence Eliminator both will automatically clean the required areas. Now these items ie cache, url, and url history have been deleted but microsoft in their wisdom chose to record the url and occassionally the url history elsewhere in areas such as the swap file, user.dat and system.dat and if you use microsoft office or similar softwares the document history list may record your url history as well. Windows Washer should be able to deal with this. To deal with the swap file read the Swap File Basics. Remember under some versions of Windows such as Windows NT and Windows 2000 each user has a unique profile and history so if you use different accounts. Check them all. 3. Browser Check: Every time you DialUp or connect to surf you should firstly connect with a proxy checking site that will tell you what your current browser ip is and other relevant environment variables, such as javascript etc. It is a good idea to paste the url of the proxy checker into the "Address" edit box situated under the General tab of the Internet Options Properties box. This will alert you to surfing on an unsafe ip. 4. NetBios: NetBIOS (or Network Basic Input Output System) is a program, that is used by Microsoft Networking. One use of NetBIOS is to allow the sharing of files and printers between computers on a Local Area Network (LAN). However, if you are connected to the Internet and using file and print sharing through NetBIOS, you may be exposed to unnecessary security risks. Most systems do not need NetBIOS to connect to the Internet. However, some older cable modem systems mght need some components of NetBIOS. Out of the box NetBios is configured to enable about 9 separate components of your PC. These are : 1. Client for Microsoft Networks, the networking application 2. File and Printer Sharing for Microsoft Networks 3. Microsoft Family Logon 4. TCP/IP 5. NetBEUI (NetBIOS Enhanced User Interface) 6. IPX/SPX 7. Dial-up adapter 8. Cable modem/DSL interface 9. Local area network (LAN) interface (if applicable) The insecure components in the pre-configured NetBIOS are: Microsoft Networks application and file and printer sharing. Since all nine NetBIOS components--including TCP/IP--are interconnected, your data is vulnerable when you're online. Each time you're connected to the Internet with the pre-configured NetBIOS, hackers can easily access your passwords, upload malicious code to your computer and more. Your computer is exposed to any, and all, kinds of security threats. The solution is to re-configure your NetBIOS. TCP/IP will only be connected to the dial-up adapter. The NetBEUI transport will also be connected to the dial-up adapter and, therefore, TCP/IP. Since NetBEUI provides safe local file and network sharing, your files will not be exposed in this configuration. The Microsoft Network application, file and print sharing and Microsoft Family Logon will all be connected to NetBEUI. The IPX/SPX protocol should be removed from the networking component list! Disabling File And Printer Sharing for Your Dial-Up Adapter (Win 95/98) 1) Click Start, point to Settings, click Control Panel, and then double-click Network. 2) Click TCP/IP->Dial-up Adapter, click Properties, and then click the Bindings tab. 3) Click to clear the File and Printer Sharing check box, click OK, and then click OK. 4) Restart your computer. NOTE: This disables the File And Printer Sharing component only for the Dial-Up Networking adapter. Local network file sharing or printer sharing is not affected. Windows NT users should disable TCP/IP Binding from NetBIOS. Turning Off File and Print Sharing Completely 1) Click on Start then to Control Panels. Double click on the icon Network. 2) Click on the button File and Print Sharing. 3) To disable File and Print Sharing, uncheck both boxes. To enable File and Print Sharing, check both boxes. 4) Click OK and then OK again. File and Print Sharing is now disabled. 5. Cookies Recording which IP address accessed a site is a start, but it's not enough for many places on the net. They want to know more - such as whether you've visited before. This is done using what are called cookies. There are many myths about cookies, which are best dispelled by looking at a site such as www.cookiecentral.com. A cookie is simply a piece of information that a website asks your browser to store on your PC. The same site can then request the cookie next time you visit. This allows it, for instance, to automatically fill in your login name on the AvantGo pages, or supply the weather reports you asked for on the msn.com home page. What a cookie can't do is trawl your hard drive for your credit card number, neither can it tell a website anything it didn't already know about you. If you tell a site your name is Tipper instead of Albert, then that's what will be in the cookie that's stored on your computer. So why do so many people get worked up about cookies? Because a few companies, most notably DoubleClick, have found a way round the fact that a server can only request cookies for its own site. DoubleClick is an agency that supplies the ads that appear on many of the net's most popular sites. Using cookies, DoubleClick can uniquely identify you, allowing a profile of the type of sites you visit to be built up, and even supplying relevant adverts for you. So how can it do this when cookies are unique to a site? It's simple -the DoubleClick adverts aren't on the site you visit. They're stored on DoubleClick's own servers, and your web browser dutifully fetches them from there. This means it has requested information from the DoubleClick server, and can therefore have a cookie sent, or passed back to, that server. Solution: In your browser disable all cookie access and clean regularly! 6. WebBugs: WebBugs: There are about five different types of Web bugs, The simplest bug is a small, clear GIF with no content and its set to be tranparent so the web page background shines through. Its included on the web page you surf to but is downloaded from another site. Usually some Advert based site the download call along with the referrer information is enough to identify your machine as visiting some site. It normally works with cookies to send information to third parties about a your online travels. Other more malicious forms of Web bugs are "executable bugs," which can install a file onto people's hard drives to collect information whenever they are online. For example, one such bug can scan a person's machine to send information on every document that contains the word "sex" . the sneakiest bugs are "script-based executable bugs that can go out and take any document from your computer" without notice, there are programs that can track live, private recordings through Webcams or voice recorders hooked up to computers. Other script-based bugs also execute files, but they're not installed on a person's PC. They can simply try to control the person's computer from its server, as well as track the consumer's travels on the Web from behind the scenes. An example of this can be found on a popular entertainment site, PassThisOn.com, which launches multiple browser windows when a person tries to exit the site. These methods can bypass your firewall since your browser will have permission to fetch stuff from web-sites. This principle can be employed in Word documents or emails such that when you open them, some site somewhere is notified that some pc is opening and reading this document. Nice thought? 7. Good Housekeeping: One consequence of surfing on the Internet is not only do other people want to know your surfing habits and real ip. So does your own PC! Each installed program will invariably come with some form of a history list. This list will be stored in the registry or less commonly in a text file with a .ini extension, usually found in the installation folder. In the registry search for LastVisitedMRU. These are used to enumerate your last five actions or so. ie Windows MediaPlayer has a hidden history list that contains a description of items last activated by it, be it some mp3 or visually enticing mpg movie. Likewise RealPlayer has a similar facility furthermore if you use it to search online music datatbases like DDB it will phone home to the RealPlayer web site sending your list of preferences along with a unique number that was written into the registry when the program was first installed, and its usually a mixture of your real ip and some pc generated number, ie a GUID. Thereby identifying you regardless of whether you employ a proxy or not! Do Url's Go To Heaven? Url's that you have surfed through may be stored covertly within the Swap File, on a just in case they are needed again basis, furthermore any of the microsoft products might, depending on your preference settings, choose to add one of these url's to its history list or Most Recently Used document list in MS Word's case. These are then stored in proprietary files and within and any of index.dat, system.dat, user.dat and on windows2000, Windows Millenium in pagefile.sys. or the Swap file. Each time you switch on your computer unknown to you these are then loaded into the respective program registry mappings or hidden files. Latest versions of windows use individual profiles called "UserData" stored within the registry. This is how Windows maintains its appearance of being static, looking the same, or attempting to achieve "persistance" across multiple boot ups. So some Url's do go to heaven and kinda live for ever ;-) Spyware: Some "free" software will, as it is being installed, copy a 2nd parties programs, usually to the System folder. These type of programs are what is known as AdWare since once online your surfing habits are monitored by the 2rd party and advert streams are sent to the application based on your preferences. The application author gets paid for allowing his program to target you with adverts and this is the price you pay for free software. Naturally you don't want any of these things on your pc. COM/SOAP These are ostensibly microsoft protocols. SOAP leaves you insecure since it has access to the dns (domain name calls) and the underlying windows system. So it can request o/s serial numbers, bad if you paid for Windows by credit card. It can totally bypass any firewall and router filtering, since messaging is web page to web page. COM controls can be written to phone home via SOAP just as in HTTP. COM is the basis for .NET and the new Windows coming you way soon. Windows has been re-written to use COM everwhere including the windows controls such as edit, list and treeview controls etc. This makes Windows a highly insecure communications environment. Coupled with the fact that Microsoft shares some of its source codes with Govt Agencies and favored Corporations under strict terms of secrecy, this should alert the wise! Cleaning Up: Since each application that you have installed can store a History List of associated files, ie Internet Explorer will have a list of Url's your browser last surfed, for its use in its "IntelliSense" or Smart matching on partial Url's that you type into the browser AddressBar. You need an application to sweep these out and clean up each time that you either boot up or shut down. One such application is Window Washer it is safe and simple to use and it allows customized items both in the registry and any folder to be set for deletion. It comes with a default set of Windows locations to delete ie Documents under the Start menu is wiped clean. So for each application you will have to work out what it stores, where it stores it and set WindowsWasher to delete it on a regular basis. For the more trickier case of the Swap File, User.dat and Sytem.dat see The Swap File and Registry Basics faqs. There are programs available to search for and remove phone home components, where web-bugs are concerned the use of a Firewall, either Norton Personal Firewall or Zonealarm are good 1st choices here, and proxy and cookie cleaning on a regular basis will minimise any problem here. A security site is working on a Web-Bug filter at present. 8. Firewalls A Firewall is a program that filters all ingoing and outgoing connections to the internet. Anyone who is running ADSL or Cable and other fixed ip services are more vulnerable to security breaches. A Firewall will allow you to set filters on which packets can enter or leave your computer. Most Firewalls come with standard settings enabled such as Application privileges, Internet traffic blocking, local network access to the systems services and shared accounts, and the blocking of known advertising companies. Along with the disabling of javascript this will stop all those annoying pop up windows appearing. A firewall will also allow you to decide what appears in the packets that leave your computer ie your type of computer , operating system , timezone etc all which helps to enforce your privacy. If your computer is personal and for home use then find yourself a copy of AtGuard which is an excellent configurable Firewall, and if you cannot find a version, then Norton Personal Firewall is a good substitute since it purchased a licence to the AtGuard kernel. 9. Anonymity Providers Here is a list of providers who provide reasonable privacy and security to their users. Their numbers are few, most of these providers use telnet, some use SSH, or S/Key to log in for added protection. HushMail: --------- HushMail Is the world's first 1024 bit encrypted free mail service! Anonymous.To: ------------- Anonymous.To Offer Free Anonymous Email Accounts. Freedom.net: ------------ Freedom.net Offer anonymous mail, telnet, IRC, SSH and web-surfing. SecureNym: ---------- SecureNym Offers secure and anonymous web based E-mail by subscription. Pop3Now: -------- Pop3Now Lets you access your mail from the web with SSL encryption. Cyberpass: ---------- Cyberpass Run by Lance Cottrell, a well known cryptographer & cypherpunk. LOD Communications: ------------------- LOD Communications Offers for $10 a month a shell account with WWW page. AnonMailNet: ------------ AnonMailNet Offers Web2Mail & Web2News interfaces with standard Internet services. Data Haven Project ------------------ Data Haven Project For $10 a month shell account with full access. Offshore Information Services: ------------------------------ Offshore Information Services Offer anonymous services from Anguilla B.W.I. Nymserver: ---------- Nymserver Offers anonymous e-mail and newsgroup posting, PGP, & finger info. Somebody.net: ------------ Somebody.net Offers anonymous surfing and anonymous email services Resentment.org: --------------- Resentment.org Now offers free SSL web mail accounts Altopia Privacy: ---------------- Altopia Privacy accounts now, Anonymous accounts later... 10. Resources: Window Washer Evidence Eliminator GUID Cleaner Cache Cleaner Spyware Faqs Spyware Cleaner Spyware Cleaner Web_Bugs: About Cookies : ~http://members.tripod.com/~ethika/Cookies.html Proxy Lists: ~http://www8.big.or.jp/~000/CyberSyndrome/psl.shtml Proxy Checking Sites: ~http://mizuno-labo.cs.inf.shizuoka.ac.jp/~s5087/proxy.html ~http://thor.prohosting.com/~tcpip/cgi-bin/env.cgi ~http://www.rental-web.com/~azuma/cgi-bin/env.cgi Firewall Sites: Firewall check : Firewallls: Home PC Firewall Guide : Firewall Resource Centre : Firewall Guide : Firewall Q&A : The TIS Firewall Toolkit FAQ : Zeuros Network Solutions Firewall Resource : Firewalls FAQ : Personal Firewalls: ZoneAlarm: http:www.zonelabs.com/ BlackICE: AtGuard: :- now owned by Symantec Norton: McAfee SafeGuard Sphinx