Cyber Security Primer - I

 

Why is Cyber Security a Problem?

What is cyber security?

It seems that everything relies on computers and the internet now — communication (email, cell phones), entertainment (digital cable, mp3s), transportation (car engine systems, airplane navigation), shopping (online stores, credit cards), medicine (equipment, medical records), and the list goes on. How much of your daily life relies on computers? How much of your personal information is stored either on your own computer or on someone else's system? Cyber security involves protecting that information by preventing, detecting, and responding to attacks.

What are the risks?

There are many risks, some more serious than others. Among these dangers are viruses erasing your entire system, someone breaking into your system and altering files, someone using your computer to attack others, or someone stealing your credit card information and making unauthorized purchases. Unfortunately, there's no 100% guarantee that even with the best precautions some of these things won't happen to you, but there are steps you can take to minimize the chances.

What can you do?

The first step in protecting yourself is to recognize the risks and become familiar with some of the terminology associated with them.

·      Hacker, attacker, or intruder - These terms are applied to the people who seek to exploit weaknesses in software and computer systems for their own gain. Although their intentions are sometimes fairly benign and motivated solely by curiosity, their actions are typically in violation of the intended use of the systems they are exploiting. The results can range from mere mischief (creating a virus with no intentionally negative impact) to malicious activity (stealing or altering information).

 

·      Malicious code - Malicious code, sometimes called malware, is a broad category that includes any code that could be used to attack your computer. Viruses and worms are examples of malicious code. Malicious code can have the following characteristics:-

 

·         It might require you to actually do something before it infects your computer. This action could be opening an email attachment or going to a particular web page.

 

·         Some forms propagate without user intervention and typically start by exploiting software vulnerability. Once the victim computer has been infected, the malicious code will attempt to find and infect other computers. This code can also propagate via email, websites, or network-based software.

 

·         Some malicious code claims to be one thing while in fact doing something different behind the scenes. For example, a program that claims it will speed up your computer may actually be sending confidential information to a remote intruder.

 

·         Vulnerability - In most cases, vulnerabilities are caused by programming errors in software. Attackers might be able to take advantage of these errors to infect your computer, so it is important to apply updates or patches that address known vulnerabilities.

 

Guidelines for Publishing Information Online

 

Why is it important to remember that the internet is public?

 

Because the internet is so accessible and contains a wealth of information, it has become a popular resource for communicating, for researching topics, and for finding information about people. It may seem less intimidating than actually interacting with other people because there is a sense of anonymity. However, you are not really anonymous when you are online, and it is just as easy for people to find information about you as it is for you to find information about them. Unfortunately, many people have become so familiar and comfortable with the internet that they may adopt practices that make them vulnerable. For example, although people are typically wary of sharing personal information with strangers they meet on the street, they may not hesitate to post that same information online. Once it is online, it can be accessed by a world of strangers, and you have no idea what they might do with that information.

 

What guidelines can you follow when publishing information on the internet?

 

View the internet as a novel, not a diary - Make sure you are comfortable with anyone seeing the information you put online. Expect that people you have never met will find your page; even if you are keeping an online journal or blog, write it with the expectation that it is available for public consumption. Some sites may use passwords or other security restrictions to protect the information, but these methods are not usually used for most web sites. If you want the information to be private or restricted to a small, select group of people, the internet is probably not the best forum.

 

Be careful what you advertise - In the past, it was difficult to find information about people other than their phone numbers or address. Now, an increasing amount of personal information is available online, especially because people are creating personal web pages with information about themselves. When deciding how much information to reveal, realize that you are broadcasting it to the world. Supplying your email address may increase the amount of spam you receive. Providing details about your hobbies, your job, your family and friends, and your past may give attackers enough information to perform a successful social engineering attack.

 

Realize that you can't take it back - Once you publish something online, it is available to other people and to search engines. You can change or remove information after something has been published, but it is possible that someone has already seen the original version. Even if you try to remove the page(s) from the internet, someone may have saved a copy of the page or used excerpts in another source. Some search engines "cache" copies of web pages so that they open faster; these cached copies may be available after a web page has been deleted or altered. Some web browsers may also maintain a cache of the web pages a user has visited, so the original version may be stored in a temporary file on the user's computer. Think about these implications before publishing information—once something is out there, you can't guarantee that you can completely remove it.

 

As a general practice, let your common sense guide your decisions about what to post online. Before you publish something on the internet, determine what value it provides and consider the implications of having the information available to the public. Identity theft is an increasing problem, and the more information an attacker can gather about you, the easier it is to pretend to be you. Behave online the way you would behave in your daily life, especially when it involves taking precautions to protect yourself.

Understanding ISPs

What is an ISP?

An ISP, or internet service provider, is a company that provides its customers access to the internet and other web services. In addition to maintaining a direct line to the internet, the company usually maintains web servers. By supplying necessary software, a password-protected user account, and a way to connect to the internet (e.g., modem, phone number), ISPs offer their customers the capability to browse the web and exchange email with other people. Some ISPs also offer additional services. ISPs can vary in size—some are operated by one individual, while others are large corporations. They may also vary in scope—some only support users in a particular city, while others have regional or national capabilities.

 

What services do ISPs provide?

Almost all ISPs offer email and web browsing capabilities. They also offer varying degrees of user support, usually in the form of an email address or customer support hotline. Most ISPs also offer web hosting capabilities, allowing users to create and maintain personal web pages; and some may even offer the service of developing the pages for you. Many ISPs offer the option of high-speed access through DSL or cable modems, and some still offer dial-up connections.

As part of normal operation, most ISPs perform backups of email and web files. If the ability to recover email and web files is important to you, check with your ISP to see if they back up the data; it might not be advertised as a service. Additionally, some ISPs may implement firewalls to block some incoming traffic, although you should consider this a supplement to your own security precautions, not a replacement.

How do you choose an ISP?

There are thousands of ISPs, and it's often difficult to decide which one best suits your needs. Some factors to consider include

   Security - Do you feel that the ISP is concerned about security? Does it use encryption and SSL to protect any information you submit (e.g., user name, password)?

   Privacy - Does the ISP have a published privacy policy? Are you comfortable with who has access to your information and how it is being handled and used?

   Services - Does your ISP offer the services you want? Do they meet your requirements? Is there adequate support for the services?

   Cost - Are the ISP's costs affordable? Are they reasonable for the number of services you receive, as well as the level of those services? Are you sacrificing quality and security to get the lowest price?

   Reliability - Are the services your ISP provides reliable, or are they frequently unavailable due to maintenance, security problems, a high volume of users, or other reasons? If the ISP knows that services will be unavailable for a particular reason, does it adequately communicate that information?

   User Support - Are there published methods for contacting customer support? Do you receive prompt and friendly service? Do their hours of availability accommodate your needs? Do the consultants have the appropriate level of knowledge?

   Speed - How fast is your ISP's connection? Is it sufficient for accessing your email or navigating the internet?

   Recommendations - Have you heard or seen positive reviews about the ISP? Were they from trusted sources? Does the ISP serve your geographic area? If you've uncovered negative points, are they factors you are concerned about?

Comments

Post a Comment

Popular posts from this blog

OROP: A DROP IN THE OCEAN 1.  Last few days have seen some unprecedented actions, reactions and lack of action regarding "demand" of OROP by veterans of Indian Armed Forces. Debates on audio and visual media, messages on social media and heated arguments over a glass of beer in messes / clubs have focused on how successive Govts have failed to fulfill long standing demand of OROP, how the wily bureaucrats are putting spokes in its implementation, the base year for calculations and the estimates of budgetary allocations and cash outgo for the treasury. Few enterprising guys have even put up calculated revised pensions for various ranks. People in armed forces - both serving and veterans are agitated that their 'dues' are not being given and that while others like MTNL/BSNL losses of 10000 Cr are being written off, $ 10 Billion aid is being given to Nepal and 6000 Cr worth loans have been waived off, Govt is nickpicking and calculating how it can save a few / few h...
Read more

Cyber Security Primer IV

  ATTACKS AND THREATS- I Dealing with Cyber-bullies What is cyber-bullying? Cyber-bullying refers to the new, and growing, practice of using technology to harass, or bully, someone else. Bullies used to be restricted to methods such as physical intimidation, postal mail, or the telephone. Now, developments in electronic media offer forums such as email, instant messaging, web pages, and digital photos to add to the arsenal. Computers, cell phones, and PDAs are new tools that can be applied to an old practice. Forms of cyber-bullying can range in severity from cruel or embarrassing rumors to threats, harassment, or stalking. It can affect any age group; however, teenagers and young adults are common victims, and cyber-bullying is a growing problem in schools. Why has cyber-bullying become such a problem? The relative anonymity of the internet is appealing for bullies because it enhances the intimidation and makes tracing the activity more difficult. Some bullies also fin...
Read more

Surgical Strike by Indian Special Forces in POK

1.     Since 1205 hrs on 29 Sep 16 the issue which has been "dissected" by all and sundry specially in Indian Media is the declaration by Lt Gen Ranbir Singh, DGMO of Indian Army that Indian Special Forces conducted surgical strikes inside POK and neutralized terrorists and "those who supported them".  Social media is abuzz like beehive with all kinds of messages being forwarded to all and sundry. Now let me enumerate what happened thereafter:- (a)  Pakistan gave out conflicting statements ranging from flat denial of any such operations, to accepting death of two of its army personnel in cross border" firing (Do they mean LOC is now IB?) to total silence from their Defence Minister who was talking of dropping nuclear bombs on India in case of any military action by India as also Gen Sharief their COAS who retires in a few weeks. Her efforts to raise the matter in UNO have elicited absolutely no response. (b) South Asian Countries gave either ...
Read more