IT1914

Incident Countermeasure
Netiquette
Netiquette is a combination of the words “network” and “etiquette” and is defined as “a set of rules for acceptable online behavior.”
Netiquette exists to help people to communicate more effectively while online, as well as to avoid unnecessary misunderstandings
and potential conflicts. Similarly, online ethics focuses on the acceptable use of online resources in an online social environment.

What Does Good Web Etiquette Look Like?

SOCIETY
• Recognizing that the Internet is an extension of society – The Internet isn’t a new world in which anything goes, but rather, a
new dimension of the world around us.
• Applying the same standards online as we do in public – In simple terms, this means that the values society has in place against
hate speech, copyright violations, and other forms of theft remain intact. Values around courtesy, kindness, openness, and
treating others with the same respect we wish to receive should also be adhered to.
• Refusing to empower abuse and harassment while online – Accepting that the laws which are currently in place to protect the
rights and dignity of citizens apply online and that where needed, laws are updated to reflect these rights in the extended
environment.
• Acknowledging cultural differences – Even when national boundaries no longer apply, cultural respect and tolerance should
remain. This requires finding a way to accept that the social values and norms of some netizens will not be the social values and
norms of all netizens.

BUSINESS
• Respecting rights of privacy for offline employees – Information possessed by citizens in their offline interactions should be
respected.
• Maintaining transparency in information policies.

Netiquette Golden Rules

Respect people’s If someone isn’t comfortable sharing information with you, try not to push or pressure them into doing so.
privacy. Never share other people’s personal information, such as addresses, phone numbers, or e-mails, without
permission as this can be considered doxing.
Note: Doxing refers to the practice of gathering and publishing personal or private information about
someone on the Internet.
Be mindful of your Be aware of the language you use online. Although you might believe it to be funny or harmless, another
language. person might take offense to it or find it upsetting.
Don’t be sarcastic. Sarcasm doesn’t translate well on the Internet.
Choose your Emojis or emoticons have now become a recognized language in their own right. Make sure that if you use
emojis carefully. emoticons, you are using one that is appropriate for the emotion you are trying to convey as they can easily
change the context of an entire conversation.
Respect others’ The beauty of the Internet relies on varying and diverse opinions and beliefs. Allow others to share their
views. views without the conversation becoming heated or turning into an argument.
Table 1. Netiquette Golden Rules

Firewall and Software

A firewall is a software program or built-in hardware device with a specific purpose to defend one’s home or business against
electronic threats by screening viruses, hackers, and works that infiltrate the computer through the Internet. It also serves as a
gatekeeper between a company’s servers and the outside world. It keeps external threats out while alerting the user to more elusive
problems by diverting outgoing data.

Benefits of Using a Firewall

• Confidence in choices: There is a variety of business-class firewalls to choose from. Some network security devices include a
broad range of features and services at a high cost, while others have basic services for a lower cost.

08 Handout 1 *Property of STI

 [email protected] Page 1 of 3
 IT1914

• Functionality and usability: Many firewall models deliver tight security and offer GUI-friendly administration. Some of the
benefits of having a GUI help prevent installation mistakes.
• Virtual Private Network (VPN) confirmation: A firewall’s purpose isn’t just to keep hackers and unauthorized traffic out of
the network. A good firewall also establishes and monitors secure channels and enables remote connectivity.
• Warranty and technical support: Hardware fails. Just because a device is new and fresh from the factory doesn’t mean it will
work properly. Check if there is a 24/7 technical support available and implement technical support contracts with the
firewall’s manufacturer. Having a down firewall for a day or two can lead to complete failure inclusive of e-mail, Internet, and
remote connectively.
• Integrity of hardware: The hardware’s integrity is critical. Having an outdated firewall in today’s fast-paced, ever-changing
business environment can lead to slowness, Internet issues, and major security concerns. The older a firewall becomes, the
more vulnerable it gets.
• Monitoring and reporting: Firewalls manage critical network tasks. Repeatedly, throughout just one (1) business day, a single
router can block thousands of intrusion attempts, detect consolidated attacks, and log failing or failed network connections.
• Content filtering: Some firewall manufacturers offer Web filtering subscriptions. The benefit is that all the network services
associated with a business, from gateway security services to content filtering, can be consolidated on a single device. Content
filtering is the use of a program to screen and exclude from accessing the content to Web pages or e-mail that are deemed
inappropriate. This type of filtering can help prevent malware from penetrating an infrastructure when the staff is surfing the
Internet.
• Failover: Some organizations require a wide area network (WAN) failover or redundant Internet connections with automatic
fault detection and correction. This is critical and recommended when using cloud services to run the entire or critical parts
of a business and recommended when using cloud services to run the entire or the critical parts of a business. Many firewall
models don’t have support for automatic failover. If that feature is critical to an organization, confirm that the selected model
includes seamless failover.
• Feature-rich: Consider picking a firewall that has enhanced security features.
• Volume, performance, and capacity: Due to the network role of the firewall, this serves as an organization’s Internet
gateway. Smaller offices may leverage a firewall in a dual capacity to serve as a security device and as a network switch.
• Expertise of installation: Installing a business class firewall properly is not as easy as it seems. Many things have to happen
to set up a business-class firewall correctly.

Best Security Software for 2019 Reviews

• AttackIQ FireDrill – This was created to watch the watchers. It is a penetration testing tool but is configured to operate from
the inside, with the primary goal of identifying flaws, misconfigurations, and outright shortcomings in all other cybersecurity
defenses.
• Bitglass – This is essentially an agentless and lightweight platform without any of the over-burdensome complexity or
draconian rules those mobile management tools normally require. Bitglass is installed in the cloud, which technically makes
it a cloud access security broker.
• Fidelis Deception – This software combats hackers by creating realistic living deception assets.
• GreatHorn – This takes a modern and highly effective approach to protecting enterprise e-mail that goes well beyond the
capabilities of legacy mail scanners.
• JASK Autonomous Security Operations Center (ASOC) – This software helps in facilitating the link between the local console
and the brains of the platform in the cloud.
• SlashNext – This software has taken the adage of doing one (1) thing very well to heart. There are two (2) products available
to organizations. The first is a detailed and dedicated phishing threat feed that can be used to block phishing sites as they
pop up. The second is an appliance that provides even more protection which can halt even targeted attacks aimed at a single
organization that wouldn’t trigger other kinds of alert.

08 Handout 1 *Property of STI

 [email protected] Page 2 of 3
 IT1914

Authentication Mechanisms
Authentication is the process of recognizing a user’s identity. It is the mechanism of associating an incoming request with a set of
identifying credentials. The credentials provided are compared to those on a file in a database of the authorized user’s information on
a local operating system or within an authentication server.
These are the top six (6) authentication mechanisms that are a part of a step-up multi-factor architecture (Madsen, 2016):
• Passwords – A password is a shared secret known by the user and presented to the server to authenticate the user. Passwords
are the default authentication mechanism on the Web today. However, poor usability and vulnerability to large scale
breaches and phishing attacks make passwords unacceptable authentication mechanisms in isolation. To a large extent,
additional authentication mechanisms serve to mitigate the risks associated with passwords.
• Hard Tokens – These are small hardware devices that the owner carries to authorize access to a network service. The device
may be in the form of a smart card, or it may be embedded in an easily carried object such as a key fob or USB drive.
• Soft Tokens – These software-based security token applications typically run on a smartphone and generate a One Time
Password (OTP) for signing in. Software tokens have some significant advantages over hardware tokens. Users are less likely
to forget their phones at home than lose a single-use hardware token. When they lose a phone, users are more likely to
report the loss, and the soft token can be disabled. Soft tokens are less expensive and easier to distribute than hardware
tokens which need to be shipped.
• Biometric Authentication – Biometric authentication methods include retina, iris, fingerprint and finger vein scans, facial and
voice recognition, and hand or even earlobe geometry. The latest phones are adding hardware support for biometrics, such
as TouchID on the iPhone. Biometric factors may demand an explicit operation by the user.
• Contextual Authentication – Every time a user interacts with an authentication server, in addition to any explicit credentials
they present, it implicitly presents several different signals. Contextual authentication collects signals like geolocation, IP
address, and time of day to help establish assurance that the user is valid.
In this authentication, the analysis can be one (1) of the following:
o Contextual – comparing a given signal value to a prescribed list of allowed or prohibited values
o Behavioral – comparing a given signal value to the expected value based on a previously established pattern
o Correlative – comparing a given signal value to a different collected signal value and looking for inconsistencies in
the data.
• Device Identification – A specific noteworthy example of contextual authentication is for the authentication server to be able
to recognize a particular device over repeated interactions. Device identification establishes a fingerprint that is somewhat
unique to that device. Over time, this fingerprint allows the authentication server to recognize and determine when the user
associated with attempts to authenticate from a different device, which could indicate fraudulent activity.

References:
Breeden II., J. (2019). Best security software, 2019: Lab-tested reviews of today’s top tools. Retrieved from https://www.csoonline.com/article/3206685/best-
security-software-how-cutting-edge-tools-tackle-todays-threats.html on May 22, 2019
Cybersecurity: What is a firewall and which type is for you? (2015). In Southridge Technology. Retrieved from https://www.southridgetech.com/picking-firewall-
security/ on May 22, 2019
Madsen, P. (2016, February 4). The top 6 authentication mechanisms [Web log post]. Retrieved from
https://www.pingidentity.com/content/ping/en/company/blog/posts/2016/the-top-6-authentication-mechanisms.html on May 22, 2019
Netiquette. (n.d). In Cybersmile. Retrieved from https://www.cybersmile.org/advice-help/category/netiquette on May 24, 2019
Netiquette. (n.d). In Digital Citizenship. Retrieved from https://www.auburn.edu/citizenship/netiquette.html on May 24, 2019
What is netiquette? A guide to online ethics and etiquette. (n.d). In Webroot. Retrieved from https://www.webroot.com/hk/en/resources/tips-articles/netiquette-
and-online-ethics-what-are-they on May 22, 2019
The importance of having firewalls. (n.d). In Geeks On Site. Retrieved from https://www.geeksonsite.com/internet-security/the-importance-of-having-firewalls/ on
May 24, 2019

08 Handout 1 *Property of STI

 [email protected] Page 3 of 3