This is second article from darkfaq edition that has been wroten about 6-7 years but still actuall.
----------------------------------
How to navigate the Internet safely
1. Introduction
2. Browser Security
3. Browser Check
4. Steps for Finding an Anonymous Proxy
5. NetBios
6. Cookies
7. WebBugs
8. Good Housekeeping
9. Firewalls
1. Introduction
Safe Surfing consists in minimizing your profile and identity trail as you surf on the Internet. Every site you visit will record your machines unique Internet protocol number or ip address. Cookies can act as remote identifiers, and the values can be returned from within html web pages using e-mail or post commands. Any of the web pages that you download may contain either Active-x or Java applets both of which can be programmed to access the Windows System or your registry. Embedded Gifs or Web-Bugs can record your presence and 'phone home' style components can talk to some database.
As well as providing servers with another way to get Referer and other information. Disabling Java also stops many pop-up ads and interstitials. All the scripting languages like Javascript, Visual Basic Script (VBS) etc can execute system calls from inside the web page, query your registry and post back to the server sensitive data. In the case of a hacker, invisible frames can be loaded containing scripting to execute DOS commands such as "del C:\*.*"; "del Windows\*.*" i.e. wipe your hard disk away!
Other means of gaining referer information are for the server to ask you to connect either on shttp or https which is SSL, both are secure protocols that can override ordinary proxies and nullify them. Thus allowing the server to read your true ip address and in some cases this is their purpose not secure messaging!
Coming up in the rear is SOAP (Simple Object Access Protocol). This is a lightweight, XML-based protocol for exchanging information in a decentralized, and distributed environment. This is a messaging protocol, unlike Active-x, which uses remote procedure calls (RPC). It does not require synchronous execution or request/response interaction, and SOAP messages can have multiple parts addressed to different parties. Furthermore SOAP is programmatically extensible. In lay mans speak this protocol allows web page to speak to web page, remotely and on a queued basis i.e. allowing for time lapses. SOAP boasts A Proxy and Wire Transfer Service. This protocol has been submitted to W3C for consideration, and is along with XML the basis for Microsofts latest web gambit .NET. SOAP is extremely unsafe since it has access to the dns and the underlying windows system. It can totally bypass any firewall since messaging is web page to web page. COM controls can be written to phone home via SOAP just as in HTTP.
Last but not least is NetBios and File and Print Sharing which is auto enabled on installation on some old operating systems, leaving your hard disk open for the world. So disabling all these options within your browser and in conjunction with using a proxy, preferably one from country out with your own, you can leverage some form of control over information leakage whilst you surf. Being aware of how and where ip leakage can occur allows you to Surf Safe!
--------------------------------------------------------------------------------
2. Browser Security:-
To cover your tracks and prevent others from finding out your ip address you have to use a proxy and disable certain browser functions, proxies are covered in more detail in Proxy Basics. These functions are as follows:
To change the security settings in Internet Explorer: Tools Menu ... Select Internet Options... Security tab... Custom Level
Recommended Settings:
Active-X controls and plug-ins
Download signed Active-X controls Disable
Download unsigned Active-X controls Disable
Initialized script ActiveX controls not marked as safe Disable
Run ActiveX controls and plug-ins Disable
Script Active-X controls marked safe for scripting Disable
Cookies Allow cookies that are stored on your computer Disable
Allow per-session cookies (not-stored) Disable
Downloads Downloads Enable
Font Download Enable
Java Java Permissions Disable Java
Miscellaneous Access data sources across domains Disable
Drag and drop or copy and paste files Disable
Installation of desktop items Disable
Launching programs and files in an IFrame Disable
Navigate sub-frames across different domains Disable
Software channel permissions High Safety
Submit non encrypted form data Disable
Userdata persistance Disable
Scripting Active scripting Disable
Allow paste operations via script Disable
Scripting of java applets Disable
After checking these settings, click on 'ok', then the 'advanced' tab.
Scroll down until you find the heading 'Java VM'.
Java VM Java console enabled Disable
Java logging enabled Disable
JIT compiler for virtual machine Disable
For netscape users, to turn off java and also ... Edit... Preferences... Advanced... uncheck "enable java" and "enable javascript" and check "disable cookies"
To enable a proxy server in IE:-
Go to Tools... Internet Options... Connections. If you use a dialup connection, click the "Settings" button next to the dialup properties box. If you have a broadband connection, click the "LAN Settings" button instead. Check the "Use a proxy" option, then enter the proxy's hostname and port number in the fields.
To enable a proxy server in Netscape
Go to Edit... Preferences... Advanced... Proxies. Choose "Manual Proxy Configuration," then click the View button and enter the proxy's hostname and port number in the WWW field.
To confirm that the proxy is functioning correctly, go to the IP-address page. You should see the proxy's IP address instead of your own. Alternatively select one of the url's from the Proxy Checking Sites list in the Resources section below and check that the ip-address you see on the page is the same as your proxy!
Some browsers have an auto e-mail facility find and disable this.
What does a browser record? There are three things a browser records when you visit a web page. Each one is stored in a different manner, in different places. It depends on which browser and which version you use, and even on what Operating System platform you are running it.
The three things a browser records are: I The page itself in your cache
II The URL of the page in your history
III The URL's you typed in at the URL box (drop down list)
So the following tasks have to be undertaken. Clearing the Cache:
Clearing the History:
Clearing the URL history:
Its optional on all the main browsers i.e. Netscape, Internet Explorer, Opera etc whether you choose to do this by hand and the precise syntax and commands vary by Browser version and Operating System version, but the principal is constant i.e. find where they are logged and delete the references! Under Windows this is normally inside the Registry. So in Netscape under windows 95: The URL history is stored in the windows registry.
Example: Clearing the URL history - Close Netscape if it is still running. Start the registry editor by running REGEDIT.EXE. Go to HKEY_CURRENT_USER\Software\Netscape\Netscape Navigator\URL History\ (doing a search for "URL History" will get you there immediately.) Delete the entries URL_1 through URL_10, but NOT the Default entry. Close the registry editor.
This is repeated for the other tasks. A simpler method is to use a program such as Window Washer or Evidence Eliminator both will automatically clean the required areas.
Now these items i.e. cache, url, and url history have been deleted but Microsoft in their wisdom chose to record the url and occasionally the url history elsewhere in areas such as the swap file, user.dat and system.dat and if you use Microsoft office or similar softwares the document history list may record your url history as well. Windows Washer should be able to deal with this. To deal with the swap file read the Swap File Basics. Remember under some versions of Windows such as Windows NT and Windows 2000 each user has a unique profile and history so if you use different accounts. Check them all.
--------------------------------------------------------------------------------
3. Browser Check:-
Every time you DialUp or connect to surf you should firstly connect with a proxy checking site that will tell you what your current browser ip is and other relevant environment variables, such as javascript etc. It is a good idea to paste the url of the proxy checker into the "Address" edit box situated under the General tab of the Internet Options Properties box. This will alert you to surfing on an unsafe ip.
--------------------------------------------------------------------------------
4. Steps for Finding an Anonymous Proxy:-
Step 1.
Find a List of Proxies
Step 2.
Check the Proxies for Anonymity
Step 3.
Check the Proxy Server's Country
Change your proxy regularly, else you leave yourself open to relationship analysis. Accomplished by comparing Referer, Site Location, and your current proxy, along with all the other visitors. If you keep your proxy long enough the logs may be hacked or made available to some interested 3rd party!
--------------------------------------------------------------------------------
5. NetBios:-
NetBIOS (or Network Basic Input Output System) is a program, that is used by Microsoft Networking. One use of NetBIOS is to allow the sharing of files and printers between computers on a Local Area Network (LAN). However, if you are connected to the Internet and using file and print sharing through NetBIOS, you may be exposed to unnecessary security risks. Most systems do not need NetBIOS to connect to the Internet. However, some older cable modem systems might need some components of NetBIOS. Out of the box NetBios is configured to enable about 9 separate components of your PC. These are :
Client for Microsoft Networks, the networking application
File and Printer Sharing for Microsoft Networks
Microsoft Family Logon
TCP/IP
NetBEUI (NetBIOS Enhanced User Interface)
IPX/SPX
Dial-up adapter
Cable modem/DSL interface
Local area network (LAN) interface (if applicable)
The insecure components in the pre-configured NetBIOS are: Microsoft Networks application and file and printer sharing. Since all nine NetBIOS components--including TCP/IP--are interconnected, your data is vulnerable when you're online. Each time you're connected to the Internet with the pre-configured NetBIOS, hackers can easily access your passwords, upload malicious code to your computer and more. Your computer is exposed to any, and all, kinds of security threats.
The solution is to re-configure your NetBIOS. TCP/IP will only be connected to the dial-up adapter. The NetBEUI transport will also be connected to the dial-up adapter and, therefore, TCP/IP. Since NetBEUI provides safe local file and network sharing, your files will not be exposed in this configuration. The Microsoft Network application, file and print sharing and Microsoft Family Logon will all be connected to NetBEUI. The IPX/SPX protocol should be removed from the networking component list!
Disabling File And Printer Sharing for Your Dial-Up Adapter (Win 9x)
Click Start, point to Settings, click Control Panel, and then double-click Network.
Click TCP/IP->Dial-up Adapter, click Properties, and then click the Bindings tab.
Click to clear the File and Printer Sharing check box, click OK, and then click OK.
Restart your computer.
NOTE:
This disables the File And Printer Sharing component only for the Dial-Up Networking adapter. Local network file sharing or printer sharing is not affected. Windows NT users should disable TCP/IP Binding from NetBIOS.
Turning Off File and Print Sharing Completely
Click on Start then to Control Panels. Double click on the icon Network.
Click on the button File and Print Sharing.
To disable File and Print Sharing, uncheck both boxes. To enable File and Print Sharing, check both boxes.
Click OK and then OK again. File and Print Sharing is now disabled.
6. Cookies:-
Recording which IP address accessed a site is a start, but it's not enough for many places on the net. They want to know more - such as whether you've visited before. This is done using what are called cookies. There are many myths about cookies, which are best dispelled by looking at a site such as w*w.cookiecentral.com. A cookie is simply a piece of information that a website asks your browser to store on your PC. The same site can then request the cookie next time you visit. This allows it, for instance, to automatically fill in your login name on the AvantGo pages, or supply the weather reports you asked for on the msn.com home page. What a cookie can't do is trawl your hard drive for your credit card number, neither can it tell a website anything it didn't already know about you. If you tell a site your name is Tipper instead of Albert, then that's what will be in the cookie that's stored on your computer. So why do so many people get worked up about cookies? Because a few companies, most notably DoubleClick, have found a way round the fact that a server can only request cookies for its own site. DoubleClick is an agency that supplies the ads that appear on many of the net's most popular sites. Using cookies, DoubleClick can uniquely identify you, allowing a profile of the type of sites you visit to be built up, and even supplying relevant adverts for you. So how can it do this when cookies are unique to a site? It's simple -the DoubleClick adverts aren't on the site you visit. They're stored on DoubleClick's own servers, and your web browser dutifully fetches them from there. This means it has requested information from the DoubleClick server, and can therefore have a cookie sent, or passed back to, that server. Solution: In your browser disable all cookie access and clean regularly!
--------------------------------------------------------------------------------
7. WebBugs:-
WebBugs: There are about five different types of Web bugs, The simplest bug is a small, clear GIF with no content and its set to be transparent so the web page background shines through. Its included on the web page you surf to but is downloaded from another site. Usually some Advert based site the download call along with the referrer information is enough to identify your machine as visiting some site. It normally works with cookies to send information to third parties about a your online travels. Other more malicious forms of Web bugs are "executable bugs," which can install a file onto people's hard drives to collect information whenever they are online. For example, one such bug can scan a person's machine to send information on every document that contains the word "sex" . The sneakiest bugs are "script-based executable bugs that can go out and take any document from your computer" without notice, there are programs that can track live, private recordings through Webcams or voice recorders hooked up to computers. Other script-based bugs also execute files, but they're not installed on a person's PC. They can simply try to control the person's computer from its server, as well as track the consumer's travels on the Web from behind the scenes. An example of this can be found on a popular entertainment site, PassThisOn.com, which launches multiple browser windows when a person tries to exit the site. These methods can bypass your firewall since your browser will have permission to fetch stuff from web-sites. This principle can be employed in Word documents or em ails such that when you open them, some site somewhere is notified that some PC is opening and reading this document. Nice thought?
--------------------------------------------------------------------------------
8. Good Housekeeping:-
One consequence of surfing on the Internet is not only do other people want to know your surfing habits and real ip. So does your own PC! Each installed program will invariably come with some form of a history list. This list will be stored in the registry or less commonly in a text file with a .ini extension, usually found in the installation folder. In the registry search for LastVisitedMRU. These are used to enumerate your last five actions or so. i.e. Windows MediaPlayer has a hidden history list that contains a description of items last activated by it, be it some mp3 or visually enticing mpg movie. Likewise RealPlayer has a similar facility furthermore if you use it to search online music databases like DDB it will phone home to the RealPlayer web site sending your list of preferences along with a unique number that was written into the registry when the program was first installed, and its usually a mixture of your real ip and some pc generated number, i.e. a GUID. Thereby identifying you regardless of whether you employ a proxy or not!
Do Url's Go To Heaven?
Url's that you have surfed through may be stored covertly within the Swap File, on a just in case they are needed again basis, furthermore any of the microsoft products might, depending on your preference settings, choose to add one of these url's to its history list or Most Recently Used document list in MS Word's case. These are then stored in proprietary files and within and any of index.dat, system.dat, user.dat and on windows2000, Windows Millenium in pagefile.sys. or the Swap file. Each time you switch on your computer unknown to you these are then loaded into the respective program registry mappings or hidden files. Latest versions of windows use individual profiles called "UserData" stored within the registry. This is how Windows maintains its appearance of being static, looking the same, or attempting to achieve "persistence" across multiple boot ups. So some Url's do go to heaven and kinda live for ever ;-)
Spyware:
Some "free" software will, as it is being installed, copy a 2nd parties programs, usually to the System folder. These type of programs are what is known as AdWare since once online your surfing habits are monitored by the 2rd party and advert streams are sent to the application based on your preferences. The application author gets paid for allowing his program to target you with adverts and this is the price you pay for free software. Other nonspyware software can periodically attempt to update itself; for example, the Windows 98 Update feature checks an address at Microsoft every five minutes once you enable it (and you can't turn it off without uninstalling it). Naturally you don't want any of these things on your pc.
COM/SOAP
These are ostensibly microsoft protocols. SOAP leaves you insecure since it has access to the dns (domain name calls) and the underlying windows system. So it can request o/s serial numbers, bad if you paid for Windows by credit card. It can totally bypass any firewall and router filtering, since messaging is web page to web page. COM controls can be written to phone home via SOAP just as in HTTP. COM is the basis for .NET and the new Windows coming you way soon. Windows has been re-written to use COM everywhere including the windows controls such as edit, list and treeview controls etc. This makes Windows a highly insecure communications environment. Coupled with the fact that Microsoft shares some of its source codes with Govt Agencies and favored Corporations under strict terms of secrecy, this should alert the wise!
Cleaning Up:
Since each application that you have installed can store a History List of associated files, i.e. Internet Explorer will have a list of Url's your browser last surfed, for its use in its "IntelliSense" or Smart matching on partial Url's that you type into the browser AddressBar. You need an application to sweep these out and clean up each time that you either boot up or shut down. One such application is Window Washer it is safe and simple to use and it allows customized items both in the registry and any folder to be set for deletion. It comes with a default set of Windows locations to delete i.e. Documents under the Start menu is wiped clean. So for each application you will have to work out what it stores, where it stores it and set WindowsWasher to delete it on a regular basis. For the more trickier case of the Swap File, User.dat and Sytem.dat see The Swap File and Registry Basics faqs.
There are programs available to search for and remove phone home components, where web-bugs are concerned the use of a Firewall, either Norton Personal Firewall or Zonealarm are good 1st choices here, and proxy and cookie cleaning on a regular basis will minimize any problem here. A security site is working on a Web-Bug filter at present.
--------------------------------------------------------------------------------
9. Firewalls:-
A Firewall is a program that filters all ingoing and outgoing connections to the internet. Anyone who is running ADSL or Cable and other fixed ip services are more vulnerable to security breaches. A Firewall will allow you to set filters on which packets can enter or leave your computer. Most Firewalls come with standard settings enabled such as Application privileges, Internet traffic blocking, local network access to the systems services and shared accounts, and the blocking of known advertising companies. Along with the disabling of javascript this will stop all those annoying pop up windows appearing.
A firewall will also allow you to decide what appears in the packets that leave your computer i.e. your type of computer , operating system , timezone etc all which helps to enforce your privacy. If your computer is personal and for home use then find yourself a copy of AtGuard which is an excellent configurable Firewall, and if you cannot find a version, then Norton Personal Firewall is a good substitute since it purchased a license to the AtGuard kernel.
By darkfaq |
