How to help your kids use social websites more safely

These days, many kids draw little distinction between real life and online life. They may use social websites designed for children such as Webkinz or Club Penguin, or social websites designed for adults such as Windows Live Spaces, YouTube, MySpace, Flickr, Twitter, Facebook, and others. Whatever they're doing, they should understand that many of these web pages can be viewed by anyone with access to the Internet.

Kids can use these sites to:


=> Chat

=>  Play games

=>  Post and browse through photos and videos

=> Blog

=> Post an online profile

Unfortunately, some of the information kids post on their pages can also make them vulnerable to phishing scams, cyberbullying, and Internet predators. Here are several ways you can help your kids can use social websites more safely.

>>  Communicate with your children about their experiences. Encourage your children to tell you if something they encounter on one of these sites makes them feel anxious, uncomfortable or threatened. Stay calm and remind your kids they are not in trouble for bringing something to your attention. Let them know you will work with them to help resolve the situation for a positive outcome.

>>  Set your own house Internet rules. As soon as your children begin to use the Internet on their own, it is a good idea to come up with a list of rules for using the Internet that everyone can agree on. These rules should include whether your children can use social websites and how they can use them. For more information on setting rules, see Using family contracts to help protect your kids online.

>>   Ensure your kids follow age limits on the site. The recommended age for signing up for social websites is usually 13 and over. If your children are under the recommended age for these sites, do not let them use the sites. It is important to remember that you cannot rely on the services themselves to keep your underage child from signing up.


>>   Educate yourself about the site. Evaluate the sites that your child plans to use and make sure both you and your child understand the privacy policy and the code of conduct. Find out if the site monitors content that people post. Also, review your child's page periodically. For more suggestions, see Tips on blogging safely for parents and kids.


>>   Insist that your children never meet anyone in person that they've communicated with online only, and encourage them to communicate only with people they've met in person. Kids are in real danger when they meet strangers in person whom they've communicated with online only. You can help protect your children by encouraging them to use these sites to communicate with their friends, but not with people they've never met in person.
It might not be enough to simply tell your child not to talk to strangers, because your child might not consider someone they've "met" online to be a stranger. For more advice on protecting your children on the Internet, see Online predators: What you can do to minimize the risk.


>>   Ensure your kids don't use full names. Have your children use only their first names or a nickname, but not a nickname that would attract inappropriate attention. Also, do not allow your children to post the full names of their friends.


>>   Be wary of other identifiable information in your child's profile. Many social websites allow kids to join public groups that include everyone who goes to a certain school.
Be careful when your children reveal this and other information that could be used to identify them, such as their school mascots, their workplaces,or the name of the towns they live in. Too much information can make your children vulnerable to cyberbullying, Internet predators, Internet fraud, or identity theft. For more information, see Recognize phishing scams and fake emails.


>>   Consider using a site that is not very public. Some websites allow you to password-protect your site or use other methods to help limit viewers to only people your child knows. With Windows Live Spaces, for example, you can set permissions for who can view your site, ranging from anyone on the Internet to only people you choose.

>>   Be smart about details in photographs. Explain to your children that photographs can reveal a lot of personal information. Encourage your children not to post photographs of themselves or their friends with clearly identifiable details such as street signs, license plates on their cars, or the name of their school on their sweatshirts.


>>   Warn your child about expressing emotions to strangers. You've probably already encouraged your kids not to communicate with strangers directly online. However, kids use social websites to write journals and poems that often express strong emotions. Explain to your children that many of these words can be read by anyone with access to the Internet and that predators often search out emotionally vulnerable kids. For more information, see things you can teach kids to improve their web safety.


>>   Teach your children about cyberbullying. As soon as your children are old enough to use social websites, talk to them about cyberbullying. Tell them that if they think they're being cyberbullied, they should share this information right away with a parent, a teacher, or another adult that they trust. It's also important to encourage kids to communicate with other people online in the same way they would face-to-face. Ask kids to treat other people the way they would prefer to be treated.


>>   Removal of your child's page. If your children refuse to abide by the rules you've set to help protect their safety and you've attempted to help them change their behavior, you can contact the social website your child uses and ask them to remove the page. You may also want to investigate Internet-filtering tools (such as Windows Live Family Safety) as a complement to, not a replacement for, parental supervision.

Protect your privacy on the Internet

Your privacy on the Internet depends on your ability to control both the amount of personal information that you provide and who has access to that information. To read about how your information gets on the Internet and how it is used, see Your information on the Internet: What you need to know.


Follow the practical advice below to help increase your privacy online.


Think before you share personal information
First, read the website's privacy policy


Privacy policies should clearly explain what data the website gathers about you, how it is used, shared, and secured, and how you can edit or delete it. (For example, look at the bottom of this and every page on Microsoft.com.) No privacy statement? Take your business elsewhere.


Do not share more than you need to


>>Do not post anything online that you would not want made public.

>>Minimize details that identify you or your whereabouts.

>>Keep your account numbers, user names, and passwords secret.

>>Only share your primary email address or Instant Message (IM) name with people who you know or with reputable organizations. Avoid listing your address or name on Internet directories and job-posting sites.

Enter only required information—often marked with an asterisk (*)—on registration and other forms.


Choose how private you want your profile or blog to be
Modify Windows Internet Explorer or website settings or options to manage who can see your online profile or photos, how people can search for you, who can make comments on what you post, and how to block unwanted access by others.


Monitor what others post

Search for your name on the Internet using at least two search engines. Search for text and images. If you find sensitive information on a website about yourself, look for contact information on the website and send a request to have your information removed.

Regularly review what others write about you on blogs and social networking websites. Ask friends not to post photos of you or your family without your permission. If you feel uncomfortable with material such as information or photos that are posted on others' websites, ask for it to be removed.

For more information, see Your information on the Internet: What you need to know.


Guard your information


Protect your computer
You can greatly reduce your risk of online identity theft by taking these three steps to protect your computer:

1.  Use an Internet firewall.
Note: Windows 7, Windows Vista, and Windows XP with Service Pack 2 and Service Pack 3 have a firewall already built in and automatically turned on.


2. Visit Microsoft Update to verify your settings and check for security updates.
Note Microsoft Update will also update your Microsoft Office programs.


3. Subscribe to antivirus software and keep it current. Microsoft Security Essentials is a free download for Windows 7, Windows Vista, and Windows XP. For more information, see Help protect your PC with Microsoft Security Essentials. For more information, see How to boost your malware defense and protect your PC.


Create strong passwords

1.Strong passwords are at least 14 characters long and include a combination of letters (both upper and lower case), numbers, and symbols. They are easy for you to remember but difficult for others to guess.

2.Don't share your passwords with friends.

3.Avoid using the same password everywhere. If someone steals it, all the information that password protects is at risk.


Tip Learn how to create strong passwords.


Save sensitive business for your home computer


Avoid paying bills, banking, and shopping on a public computer, or on any device (such as a laptop or mobile phone) over a public wireless network.
Tip Internet Explorer can help erase your tracks on a public computer, leaving no trace of specific activity. For more information, see InPrivate: Frequently asked questions.
Protect yourself from fraud


Spot the signs of a scam


Watch for deals that sound too good to be true, phony job ads, notices that you have won a lottery, or requests to help a distant stranger transfer funds. Other clues include urgent messages ("Your account will be closed!"), misspellings, and grammatical errors.


   1.Think before you click to visit a website or call a number in a suspicious email or phone message both could be phony.
    2.Be cautious with links to video clips and games, or open photos, songs, or other files—even if you know the sender. Check with the sender first.


Look for signs that a web page is safe


Before you enter sensitive data, check for evidence that:

  1.The site uses encryption, a security measure that scrambles data as it crosses the Internet. Good indicators that a site is encrypted include a web address with https ("s" stands for secure) and a closed padlock beside it. (The lock might also be in the lower-right corner of the window.)

  2.You are at the correct site—for example, at your bank's website, not a phony website. If you are using Internet Explorer, one sign of trustworthiness is a green address bar like the one above.

Use a phishing filter
Find a filter that warns you of suspicious websites and blocks visits to reported phishing sites. For example, try the SmartScreen Filterincluded in Internet Explorer.


Help detect potential fraud


In the United States, you are entitled to one free credit report every year from each of the three major U.S. credit bureaus: Experian, Equifax, and TransUnion. Get them by visiting AnnualCreditReport.com.


Tip If you have been a victim of identity theft, find out what you can do about it.

Port Control Protocol (PCP) Security

A fter the transition to Internet Protocol Version 6 (IPv6), hosts will often be behind IPv6 firewalls. But before the transition, mobile wireless devices will want to reduce their keepalive messages, and hosts of all sorts will share IPv4 addresses using a variety of address-sharing technologies. To meet these needs, the IETF formed the Port Control Protocol Working Group in August 2010 to define a new protocol for hosts to communicate with such devices. The initial output of this Working Group is the Port Control Protocol (PCP). Interoperability between two independently developed implementations of PCP was demonstrated at the IETF meeting in July 2011, highlighting the importance of this protocol to the industry. After it becomes a standard, PCP is expected to be deployed in various operating systems, IPv6 home gateways, IPv4 home gateways (Network Address Translators [NATs]), mobile third- and fourth-generation (3G and 4G, respectively) gateways (Gateway GPRS Support Nodes [GGSNs]), and Carrier-Grade NATs (CGNs).


Introduction to PCP
PCP performs two major functions: It allows packets to be received from the Internet to a host (such as to operate a server), and allows a host to reduce keepalive traffic of connections to a server. PCP can be extended in two ways: with new OpCodes or with new Options. The base PCP specification defines two OpCodes: map and peer , and defines several Options that can be carried with those OpCodes.
To operate a server, packets are sent from a host on the Internet to a server. The IP model expects devices to be connected to a network and be able to exchange packets with each other. However, few deployed networks actually permit hosts to receive packets from the Internet because of business needs (for example, to protect wireless spectrum from malicious or accidental packets originated on the Internet) or because of technology restrictions (for example, IPv4 address-sharing devices such as Network Address and Port Translators [NAPT]). To operate a server, a host uses the map OpCode.
To reduce keepalives, a host needs to send traffic before a middlebox will destroy an idle connection. Many middleboxes, such as firewalls or NATs, maintain state and will destroy mappings if the connection has been idle. Today, in order to prevent destruction of mappings, hosts send keepalive traffic to keep those mappings alive. The keepalive traffic has several disadvantages, including reduction of battery lifetime, network chatter, and server scalability (servers have to discard the keepalive traffic). PCP allows a host to determine how aggressively a middlebox will destroy an idle connection, allowing the host to reduce its keepalive traffic with the PEER OpCode.
PCP is encoded in binary and carried over the User Datagram Protocol (UDP), which eases implementation on clients and servers. The client is responsible for retransmitting messages, and all messages are idempotent. The PCP client can be part of the operating system (much like a Dynamic Host Configuration Protocol [DHCP] client or a Universal Plug and Play [UPnP] Internet Gateway Device Protocol [IGD] client) or the PCP client can be coded entirely in an application (much like any other application-level protocol such as the Network Time Protocol [NTP]). A major feature of PCP is its flexibility and simple messaging, so it can be implemented easily in a variety of systems and at high scale.

PCP Mapping IPv6 and IPv4

>>Security

When installing an IPv4 NAPT on a residential network, the NAPT has a side effect: it prevents unsolicited incoming traffic from reaching hosts inside the home. Traffic that originates inside the home can traverse the NAPT toward the Internet. This function is expected by many users to such a degree that when IPv6-capable routers were first installed on residential networks, users complained that their IPv6 hosts were seeing traffic from the Internet. This visibility meant that IPv6 printers, webcams, and other hosts had to be protected from malicious traffic from the Internet. Based on this experience, IPv6 Customer Premises Equipment (CPE) routers intended for installation in the residential market filter most unsolicited incoming traffic by default. Thus, IPv6 CPE routers provide filtering similar to what users experience today with IPv4 NAPT devices.

With both IPv4 NAPT and RFC 6092 IPv6 routers, outgoing traffic from a host creates a mapping that then allows bidirectional traffic to a specific (Transmission Control Protocol [TCP] or UDP) port on the internal host, meaning when a host sends a TCP SYN, a SYN ACK can be returned to the host. Neither IPv4 NAPT devices nor RFC 6092 IPv6 routers have to do any additional filtering of that mapping, and after that mapping is created will allow traffic from any host on the Internet to reach the internal host—not just traffic from that particular host. This lack of filtering is necessary for certain applications
to function.
PCP was built with a security model similar to that deployed on home networks. With PCP, a host can send a PCP packet requesting a mapping so that any host on the Internet can now initiate communications with the internal host. Similarly, without PCP, a host could send a TCP SYN from a specific port (for example, port 80), thereby creating a mapping nearly identical to a PCP mapping. As with sending a TCP SYN, PCP allows a host to open mappings only for itself, unless the network administrator has taken the extra step to enable the PCP THIRD_PARTY option.


You may wish to have additional restrictions for some networks. PCP is extensible to support authorization, and there is ongoing work to support authentication and authorization within PCP.
PCP is extensible and there are already several proposed extensions to the protocol, including a way to control which IP address pool is assigned to a mapping, bulk port allocation to optimize acquiring a large set of ports, and rapid recovery after NAT failure or network renumbering.