With more than 1,500,000 copies of our MCSE, MCSD, CompTIA, and Cisco
study guides in print, we continue to look for ways we can better serve the
information needs of our readers. One way we do that is by listening.
Readers like yourself have been telling us they want an Internet-based ser-
vice that would extend and enhance the value of our books. Based on
reader feedback and our own strategic plan, we have created a Web site
that we hope will exceed your expectations.
is an interactive treasure trove of useful infor-
mation focusing on our book topics and related technologies. The site
offers the following features:
■
One-year warranty against content obsolescence due to vendor
product upgrades. You can access online updates for any affected
chapters.
■
“Ask the Author” customer query forms that enable you to post
questions to our authors and editors.
■
Exclusive monthly mailings in which our experts provide answers to
reader queries and clear explanations of complex material.
■
Regularly updated links to sites specially selected by our editors for
readers desiring additional reliable information on key topics.
Best of all, the book you’re now holding is your key to this amazing site.
Just go to www.syngress.com/solutions, and keep this book handy when
you register to verify your purchase.
Thank you for giving us the opportunity to serve your needs. And be sure
to let us know if there’s anything else we can do to help you get the
maximum value from your investment. We’re listening.

their respective companies.
KEY SERIAL NUMBER
001 GT6YUJ8KFC
002 2PBP9MJ5MR
003 83N5M44ER4
004 VZW233N54N
005 NFG4R77TG4
006 NV88HTR46T
007 XC5CMU6NVH
008 KTCD54MPE4
009 SGD34Y5GFN
010 T945AQ2YT5
PUBLISHED BY
Syngress Publishing, Inc.
800 Hingham Street
Rockland, MA 02370
Hack Proofing Your Identity in the Information Age
Copyright © 2002 by Syngress Publishing, Inc.All rights reserved. Printed in the United States of
America. Except as permitted under the Copyright Act of 1976, no part of this publication may be
reproduced or distributed in any form or by any means, or stored in a database or retrieval system,
without the prior written permission of the publisher, with the exception that the program listings
may be entered, stored, and executed in a computer system, but they may not be reproduced for
publication.
Printed in the United States of America
1 2 3 4 5 6 7 8 9 0
ISBN: 1-931836-51-5
Technical Editor: Michael Cross Cover Designer: Michael Kavish
Technical Reviewer: Ryan Russell Page Layout and Art by: Shannon Tozier
Acquisitions Editor: Catherine B. Nolan Copy Editor: Mary Millhollon
Developmental Editor: Kate Glennon Indexer: Claire Splan

Jaguar Book Group for their help with distribution of Syngress books in Canada.
221_HPID_FM.qxd 6/7/02 5:41 PM Page v
vii
Teri Bidwell (GCIA) is an independent security consultant, a GIAC
Certified Intrusion Analyst, and a member of The SANS Institute GGIA
Advisory Board.Additionally,Teri has over 10 years experience designing
and building secure computer infrastructures for companies of all sizes.
She has taught multiple courses and written articles on various topics
related to computer security and analysis of computer intrusions.Teri is
also a contributing author to the Syngress publication Hack Proofing Your
E-Commerce Site (ISBN: 1-928994-27-X).As an independent security
consultant,Teri assists companies and individuals evaluate and reduce their
risk for computer network intrusion; her specialties include creating secu-
rity policies, establishing secure administrative procedures, and installing
both firewalls and intrusion detection systems.
Michael Cross (MCSE, MCP+I, CNA, Network+) is an Internet
Specialist and Programmer with the Niagara Regional Police Service and
has also served as their Network Administrator. Michael performs computer
forensic examinations of computers involved in criminal investigations, and
has consulted and assisted in cases dealing with computer-related/Internet
crimes. He is responsible for designing and maintaining their Web site at
www.nrps.com, and two versions of their Intranet (one used by worksta-
tions, and another accessed through patrol vehicles). He programs applica-
tions used by various units of the police service, has been responsible for
network security and administration, and continues to assist in this regard.
Michael is part of an Information Technology team that provides support to
a user base of over 800 civilian and uniform users. His theory is that when
Technical Editor and Contributor
Author
221_HPID_FM.qxd 6/7/02 5:41 PM Page vii

Defining Identity Theft 3
Take a Risk Factor Test 4
Why Do They Do It? 5
How Do They Get Away with It? 6
Dumpster Diving 7
Shoulder Surfing 8
Social Engineering 8
Physical Theft 10
Online Theft 12
Privacy Erosion 14
Limited Enforcement Resources 15
Recognizing Identity Theft When It Happens 15
Unauthorized Credit Cards 16
Unauthorized Phone or Other
Utility Services 16
Bank Fraud 17
Fraudulent Loans 18
Government Documents 18
Other Forms of Identity Theft 18
Understanding What Electronic Information
Is Private 19
Striving for Theft Prevention 22
Keeping Private Information Private 26
Protecting Your Social Security Number 26
Online Theft
Tthink of your computer’s
hard drive as an online
“wallet” that can contain
the following:
■

Summary 37
Solutions Fast Track 38
Frequently Asked Questions 41
Chapter 2 Protecting Your Hard Drive 43
Introduction 44
Know Your Computer 44
Temporary Files 46
Temporary Internet Files 48
Deleting Files Permanently for Privacy 49
Other Information that Might be on Your
Computer 52
What Are You Protecting? 54
Password Protecting Your Computer 55
Programs and Files 57
Antivirus Software:Your First Line of Defense 59
What You Might Not Know about Antivirus
Software 60
Why Update? 61
What Kinds of Software Are Available? 61
Manually Updated Signatures 62
Automatically Updated Signatures 62
Web-based Software 63
Performing Signature Updates 63
McAfee 63
Norton 64
Viewing Hidden
Programs
Hidden programs are pro-
grams that run on your
system without your being

Avoiding Account Sharing 74
Common Reasons, Risks, and Deterrents
for Sharing Accounts 75
Creating Multiple Accounts in Windows 76
Setting Up an Account in Windows XP 77
Setting Up an Account in Windows 2000 78
Creating Multiple Internet Connection
Accounts 78
Setting up Multiple Internet
Connection Accounts in Windows 98 79
Setting up Multiple Internet
Connection Accounts in Windows XP 79
Setting up Multiple Internet
Connection Accounts in Windows 2000 81
Creating Multiple E-mail Accounts
with Outlook Express 82
Using Disk and File Encryption 83
Choosing Strong Passwords 86
Avoiding Weak Passwords 87
Protecting PINs 89
Tradeoffs: Using Password Storage 90
Creating Strong Passwords You Can
Remember 93
221_HPID_TOC.qxd 6/10/02 11:40 AM Page xi
xii Contents
Summary 98
Solutions Fast Track 99
Frequently Asked Questions 101
Chapter 3 Keeping Your E-mail Private 103
Introduction 104

Frequently Asked Questions 149
E-mail Privacy Is Not
Just About SPAM
Check privacy policies of
Web sites to determine
what they do with any
information they acquire
from you.
If you receive SPAM, check
the message to see if they
provide a method to be
removed from their
mailing list. Look into
software or services
provided by your Internet
Service Provider to have e-
mail flagged and/or
deleted before reaching
your inbox.
Disable cookies to prevent
information from being
sent to Web sites.
221_HPID_TOC.qxd 6/10/02 11:40 AM Page xii
Contents xiii
Chapter 4 Self Defense on the Web 151
Introduction 152
Understanding Risk on the Web 152
Learning to Be Street Smart on the Web 154
Understanding the Privacy Policy 155
Managing Risk on the Web 159

Internet Safely 187
Introduction 188
Different Connections, Different Risks 189
Understanding Network Terminology 189
Dial-up Connections 190
America Online 192
Employer-Provided Internet Access 194
Always-on Broadband 196
DSL, ISDN, and Cable Modem 197
Cable Modem 198
ISDN Modem 199
Wireless 199
Understanding Data Interception 200
Snooping on a Network with a Sniffer 201
Snooping on Your Network with
Network Neighborhood/My Network
Places 203
Snooping on Your Network with nbtstat 204
Taking Precautions 207
Setting Permissions for Shared Drives
and Files 208
Registering Your Domain.com 211
Turning Off Unneeded Services 212
Securing Your Personal Web Server 215
Firewalls for the Home 216
Personal Firewalls for Home Office Use 219
Network Firewalls for Home Office Use 221
Using Common Firewall Configuration
Features 223
Network Configuration 223

Channeling a Child’s Interest in Hacking 247
Identifying Risky Software and Risky Behavior 250
Chat Programs 250
Web Forums and Newsgroups 252
Massive Multiplayer Online Games 253
File-Sharing Software 254
Hacking Tools 256
Monitoring Online Activities 257
Parental Contracts 258
Application Logging 260
Browser Activity Logging 261
Keystroke Logging 264
Screen Imaging 264
Avoiding Monitoring Pitfalls 265
Summary 267
Solutions Fast Track 268
Frequently Asked Questions 270
Chapter 7 If You Become a Victim 271
Introduction 272
Taking Immediate Action 272
Step 1: Filing Police Reports 273
Step 2: Reporting Fraud and Stolen Accounts 276
Closing Credit Card Accounts 276
Closing Bank and Loan Accounts 277
Reporting and Closing Other
Commercial Accounts 279
SafeKids Kid’s Pledge
1. I will not give out
personal information,
such as my address,

set up rules for going
online.
7. I will not give out my
Internet password to
anyone (even my best
friends) other than my
parents.
8. I will be a good online
citizen and not do
anything that hurts
other people or is
against the law.
221_HPID_TOC.qxd 6/10/02 11:40 AM Page xv
xvi Contents
Dealing with Compromised Online
Accounts 280
Step 3: Notifying the Federal Trade
Commission (FTC) 281
Managing Other Fraud Situations 282
Reporting Stolen IDs 282
Dealing with Telephone Fraud 283
Dealing with Stolen Wireless Service 284
Managing the Fallout 284
Contacting Credit Bureau Services 285
Obtaining a Report 286
Understanding Your Credit Report:
A Case Study 288
Preparing Your Victim’s Statement 290
Knowing When to Seek Legal Help 292
Keeping Records 292

else is using my
computer?
A: No. What it means is
that you’ve visited
some fairly innocuous
Web site that has set a
cookie or installed
some spyware on your
computer that is
displaying those ads. If
that’s the case, you
should follow the
instructions in Chapter
4 for deleting cookies
and temporary files
from your computer,
and blocking ad-ware.
You might have
installed some
software that contains
spyware within it. It’s
easy to do if you
download software
from the Internet
frequently. If this is the
case, the pop-up ads
won’t go away until
you remove the
spyware from your
computer.

Index 357
NOTE
Most browsers have an
option that allows you
to enter your personal
information profile. A
form typically asks for
the kind of information
you’d put on a business
card. The browser can
then insert the informa-
tion into Web forms, e-
mails, or news postings
without having to
retype it. This feature
makes life easier, cer-
tainly, but it also stores
private information you
might not want to be
viewable by everyone.
There is a small risk
that the information
might be shared with
the wrong service, your
computer could be
stolen, or the informa-
tion could otherwise be
obtained without your
knowledge.
221_HPID_TOC.qxd 6/10/02 11:40 AM Page xvii

After digging into the technology behind the devices used by the store, I learned
that my signature was encrypted before being sent to the computer in the back
room; thereby significantly reducing it’s value to any thief.Thank goodness. However,
the entire incident made me wonder: How much technology out there is making
mistakes with people’s private information by storing it insecurely, using weak
encryption, and ultimately putting it into the hands of untrained operators for whom
security is not the primary focus?
If you’re like most people, your day includes writing checks or using a debit card
at stores, using credit cards at the gas station, or using an ATM terminal to get cash. If
you’re among the growing numbers of Internet users, you’ve probably also bought a
thing or two online, and might even do your banking or trade stocks online as well.
Each time you enter into any of these transactions, you must share private informa-
tion about yourself with the outside world. Most people don’t give it a second
thought. But do you know how your private information will be used? Is your pri-
vate information safe from theft?
You may not care about the answers to these questions until you find out one
day that someone else has stolen this private information and used your identification
to commit your name to a legally binding agreement such as a credit card charge, a
loan application, a driver’s license, or a variety of other agreements.What do you do?
How do you repair the damage? How can you prevent it from happening again?
Hack Proofing Your Identity is designed to answer these questions, and teach you the
methodology of how to find answers to questions this book will inevitably be unable
to address. Unfortunately, it is impossible to anticipate all the possible ways in which
someone might steal your identity given the current rapid evolution rate of new
technology. Instead, we hope this book will teach you how to think about your per-
sonal information in a new way; how to recognize when you are unnecessarily
putting yourself or your family at risk for identity theft, and how to recognize
opportunities to reduce that risk by making small changes in the way you manage
your personal privacy, both online and offline.
www.syngress.com

their parent’s employer, and so on. This chapter stresses the importance of proper
education, and offers some suggestions for monitoring your child’s activities online.
Chapter 7 offers suggestions and possible answers to the question, What to Do If
You Become A Victim? This chapter offers helpful tips on contacting law enforcement,
filing reports, contacting credit bureaus, and rebuilding your finances after becoming
a victim of identity theft.
Foreword xxi
221_HKPID_fore.qxd 6/10/02 11:28 AM Page xxi
xxii Foreword
Finally, Chapter 8, Configuring Your Browser and Firewall, offers some practical step-
by-step instructions for setting up your Internet browser and personal firewalls to
further protect your computer from intruders or identity thieves
Unlike other books in the Syngress series, this book is not directed exclusively at
a high-tech audience.We assume you have at least one computer in your home that’s
connected to the Internet, perhaps another one at work, and regularly use e-mail and
surf the Web. If you are an IT professional, you may already know most of the tech-
nical information in this book; however, you might not have applied this knowledge
to the protection of your own private information.This book will help technical and
non-technical people alike understand how to better protect private, personal infor-
mation and avoid becoming a victim of identity theft.
—Teri Bidwell, GCIA
www.syngress.com
221_HKPID_fore.qxd 6/10/02 11:28 AM Page xxii
Identity Theft:
Are You At Risk?
Solutions in this chapter:
■
Defining Identity Theft
■
Understanding What Electronic

words) require safeguarding just like any traditional form (like a license). However,
because they are not tangible (you can’t see or touch them), your traditional
notions of how to lock up your belongings do not apply. Not only does that put
you at risk, but, just as thieves often prey upon people struggling to understand
what’s happening around them, cyber criminals can more easily take advantage of
people for whom locking up their digital information is a new concept.
Today, you are asked to sign credit charge slips using signature-capturing
devices designed to copy your signature for storing electronically.You can type
your credit card numbers into a Web form and a product will magically appear at
your door several days later.An unprecedented number of homes are exposing
private information, stored on their computers, to the Internet 7 days a week, 24
hours a day.These are all completely new challenges to our traditional notions of
personal identification, and these challenges bring with them new responsibilities
for protecting personal information.
Businesses and consumers are beginning to look at personal identification in a
way never before required. No longer is it sufficient to keep your wallet on your
bed stand where it’s safe each night.You need to understand how to protect your
identity in its digital form as well.
www.syngress.com
221_HPID_01.qxd 6/6/02 1:30 PM Page 2
www.syngress.com
In this chapter, we investigate the forms of identification that make up your
identity in an Internet-enabled world.We begin by focusing on physically
securing the sources of information that identify you as an individual, using tan-
gible security methods.We finish the chapter by introducing some of the ways
you can protect your personal information using the less tangible features of your
computers and the Internet.Those methods are covered in depth in this book’s
remaining chapters.
Defining Identity Theft
Identity theft is a crime involving someone impersonating a victim for the purpose

Identity Theft: Are You At Risk? • Chapter 1 3
221_HPID_01.qxd 6/6/02 1:30 PM Page 3
4 Chapter 1 • Identity Theft: Are You At Risk?
■
Identity theft was reported to the FTC at a rate of about 3,000 calls per
week, up from 2,000 the year before, according to FTC Chairman
Robert Muris in April 2002 (www.technews.com).
■
Identity theft costs victims an average of 175+ hours and $1,000 in out-
of-pocket expenses to clear their names, according to The Identity Theft
Resource Center (www.idtheftcenter.org/html/facts_and_statistics.htm).
For the sake of clarity, here are a few examples of actions that constitute
identity theft:
■
Having your wallet stolen is not identity theft. However, if your wallet is
stolen and, subsequently, the thief uses your driver’s license and credit
card to make a purchase, the crime becomes identity theft.
■
Losing your ATM card does not constitute identity theft. However, iden-
tity theft occurs if you lose your ATM card and someone finds it and
then obtains your PIN (personal identification number) to withdraw
money from your bank account or uses your ATM card in some other
way for financial gain.
■
Having your cell phone stolen is not identity theft unless the thief makes
calls using your phone or uses the data stored on your phone in some
way in an effort to impersonate you.
Take a Risk Factor Test
Take this test to determine your risk factors. If more than half of the following
statements are true, you are at high risk for identity theft. Keep these risk factors