Cyber Security Awareness

UNIT 1
 What is Cyber Security???
• Cyber security is the practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious
attacks. It's also known as information technology security or electronic information security.
• Cyber security can be described as the collective methods, technologies, and processes to help protect the confidentiality, integrity, and
availability of computer systems, networks and data, against cyber-attacks or unauthorized access. The main purpose of cyber security
is to protect all organizational assets from both external and internal threats as well as disruptions caused due to natural disasters.
• Network security is the practice of securing a computer network from intruders, whether targeted attackers or opportunistic malware.
• Application security focuses on keeping software and devices free of threats. A compromised application could provide access to the
data its designed to protect. Successful security begins in the design stage, well before a program or device is deployed.
• Mobile Security
• Mobile security refers to protecting both organizational and personal information stored on mobile devices like cell phones, laptops,
tablets, etc. from various threats such as unauthorized access, device loss or theft, malware, etc.
• Identity Management and Data Security: Identity management includes frameworks, processes, and activities that enables
authentication and authorization of legitimate individuals to information systems within an organization. Data security involves
implementing strong information storage mechanisms that ensure security of data at rest and in transit.
• Information security protects the integrity and privacy of data, both in storage and in transit.
• Operational security includes the processes and decisions for handling and protecting data assets. The permissions users have when
accessing a network and the procedures that determine how and where data may be stored or shared all fall under this umbrella.
• Disaster recovery and business continuity define how an organization responds to a cyber-security incident or any other event that
causes the loss of operations or data. Disaster recovery policies dictate how the organization restores its operations and information to
return to the same operating capacity as before the event. Business continuity is the plan the organization falls back on while trying to
operate without certain resources.
• End-user education addresses the most unpredictable cyber-security factor: people. Anyone can accidentally introduce a virus to an
otherwise secure system by failing to follow good security practices. Teaching users to delete suspicious email attachments, not plug in
unidentified USB drives, and various other important lessons is vital for the security of any organization.
• The threats countered by cyber-security are
three-fold:
• 1. Cybercrime includes single actors or groups
targeting systems for financial gain or to cause
disruption.
• 2. Cyber-attack often involves politically motivated
information gathering. A cyber-attack is a deliberate
attempt by external or internal threats or attackers to
exploit and compromise the confidentiality, integrity
and availability of information systems of a target
organization or individual(s). Cyber-attackers use
illegal methods, tools and approaches to cause
damages and disruptions or gain unauthorized access
to computers, devices, networks, applications and
databases.
• 3. Cyberterrorism is intended to undermine electronic
systems to cause panic or fear.
 What’s the difference between a
cyber-attack and a security breach?
• A cyber-attack is not exactly the same as a security
breach. A cyber-attack as discussed above is
an attempt to compromise the security of a system.
Attackers try to exploit the confidentially, integrity or
availability of a software or network by using various
kinds of cyber-attacks as outlined in the above section.
• Security breach on the other hand is a successful
event or incident in which a cyber-attack results in a
compromise of sensitive information, unauthorized
access to IT systems or disruption of services.
 11 top cyber security best practices to
1.
prevent a breach
Conduct cyber security training and awareness
A strong cyber security strategy would not be successful if the employees are not educated on topics of cyber security, company policies
and incidence reporting. Even the best technical defenses may fall apart when employees make unintentional or intentional malicious
actions resulting in a costly security breach. Educating employees and raising awareness of company policies and security best practices
through seminars, classes, online courses is the best way to reduce negligence and the potential of a security violation.
2. Perform risk assessments
Organizations should perform a formal risk assessment to identify all valuable assets and prioritize them based on the impact caused
by an asset when its compromised. This will help organizations decide how to best spend their resources on securing each valuable
asset.
3. Ensure vulnerability management and software patch management/updates
It is crucial for organizational IT teams to perform identification, classification, remediation, and mitigation of vulnerabilities within all
software and networks that it uses, to reduce threats against their IT systems. Furthermore, security researchers and attackers identify
new vulnerabilities within various software every now and then which are reported back to the software vendors or released to the
public. These vulnerabilities are often exploited by malware and cyber attackers. Software vendors periodically release updates which
patch and mitigate these vulnerabilities. Therefore, keeping IT systems up-to-date helps protect organizational assets.
4. Use the principle of least privilege
The principle of least privilege dictates that both software and personnel should be allotted the least amount of permissions necessary
to perform their duties. This helps limits the damage of a successful security breach as user accounts/software having lower
permissions would not be able to impact valuable assets that require a higher-level set of permissions. Also, two-factor authentication
should be used for all high-level user accounts that have unrestricted permissions.
5. Enforce secure password storage and policies
Organizations should enforce the use of strong passwords that adhere to industry recommended standards for all employees. They should
also be forced to be periodically changed to help protect from compromised passwords. Furthermore, password storage should follow
industry best practices of using salts and strong hashing algorithms.
6. Implement a robust business continuity and incidence response (BC-IR) plan
Having a solid BC-IR plans and policies in place will help an organization effectively respond to cyber-attacks and security breaches while
ensuring critical business systems remain online.
7. Perform periodic security reviews
Having all software and networks go through periodic security reviews helps in identifying
security issues early on and in a safe environment. Security reviews include application and
network penetration testing, source code reviews, architecture design reviews, red team
assessments, etc. Once security vulnerabilities are found, organizations should prioritize and
mitigate them as soon as possible.
8. Backup data
Backing up all data periodically will increase redundancy and will make sure all sensitive data is not
lost or comprised after a security breach. Attacks such as injections and ransomware, compromise
the integrity and availability of data. Backups can help protect in such cases.
9. Use encryption for data at rest and in transit
All sensitive information should be stored and transferred using strong encryption algorithms.
Encrypting data ensures confidentiality. Effective key management and rotation policies should
also be put in place. All web applications/software should employ the use of SSL/TLS.
10. Design software and networks with security in mind
When creating applications, writing software, architecting networks, always design them with security
in place. Bear in mind that the cost of refactoring software and adding security measures later on
is far greater than building in security from the start. Security designed application help reduce
the threats and ensure that when software/networks fail, they fail safe.
11. Implement strong input validation and industry standards in secure coding
Strong input validation is often the first line of defense against various types of injection attacks.
Software and applications are designed to accept user input which opens it up to attacks and here
is where strong input validation helps filter out malicious input payloads that the application
would process. Furthermore, secure coding standards should be used when writing software as
these helps avoid most of the prevalent vulnerabilities outlined in OWASP and CVE.
 Information as an asset
• Definition of information: ‘Information is a message, usually in the form of a document or an audible or
visible communication’.
• In other words, information is an entity which has identifiable and communicable attributes.
• It is important to remember, however, that information that is communicated has both the intention of
the sender and the expectations of the receiver to take into account. As such, it cannot be viewed as an
independent entity.
• What is an Information Asset?
• An Information Asset is organized Information that is valuable and easily accessible to those who need it.
Information Assets comprise a wide range of corporate product, service and process information.
• In information security, computer security and network security, an asset is any data, device, or other
component of the environment that supports information-related activities.
• Assets generally include hardware (e.g. servers and switches), software (e.g. mission critical applications
and support systems) and confidential information. Assets should be protected from illicit access, use,
disclosure, alteration, destruction, and/or theft, resulting in loss to the organization
• In raw form- Information may be nonarchived product data, uncaptured customer information, a partially
documented Engineering process or unshared corporate intellectual property. In typical day-to-day
business activity, products are designed, services are sold, customers are supported and the necessary
Information moves in a more or less efficient fashion to facilitate these actions.
• Ten Characteristics of an Information Asset
• An Information Asset is any organized documentation or data incorporated into a
communication structure that empowers the organization to have a better chance of
reaching its goals.
• An Information Asset is created by organizing Information to resolve an important
issue in the organization.
• An Information Asset may exist entirely within a single department or may be spread
across the entire organization.
• An Information Asset may be part of an Enterprise Application or may be entirely
separate.
• An Information Asset may be an organized and maintained data archive.
• An Information Asset may be as simple as a monthly updated spreadsheet on a
shared network drive or as complex as a development project ROI dashboard
updated on a weekly basis.
• An Information Asset increases in value according to the number of people able to
make gainful use of the Information.
• An Information Asset increases in value according to the amount of information it
aggregates.
• An Information Asset increases in value according to the amount of analysis it
performs converting low level Information into more refined Information.
• An Information Asset is maintained by people working in a consistent and
cooperative manner.
 What is Information Security?
• Information Security is not only about securing
information from unauthorized access.
• Information Security is basically the practice of
preventing unauthorized access, use, disclosure,
disruption, modification, inspection, recording or
destruction of information.
• Information can be physical or electronic one.
Information can be anything like Your details or
we can say your profile on social media, your data
in mobile phone, your biometrics etc.
• Thus Information Security spans so many research
areas like Cryptography, Mobile Computing, Cyber
Forensics, Online Social Media etc.
• Information Security programs are build around 3 objectives,
commonly known as CIA – Confidentiality, Integrity, Availability.
• Confidentiality – means information is not disclosed to
unauthorized individuals, entities and process. For example if we
say I have a password for my Gmail account but someone saw
while I was doing a login into Gmail account. In that case my
password has been compromised and Confidentiality has been
breached.
• Integrity – means maintaining accuracy and completeness of data.
This means data cannot be edited in an unauthorized way. For
example, a hacker may intercept data and modify it before
sending it on to the intended recipient. Another example of a
failure of integrity is when you try to connect to a website and a
malicious attacker between you and the website redirects your
traffic to a different website. In this case, the site you are directed
to is not genuine.
• Availability – means information must be available when needed.
Denial of service attack is one of the factor that can hamper the
availability of information.
• Availability is one of the three basic functions of security management that are
present in all systems. Availability is the assertion that a computer system is
available or accessible by an authorized user whenever it is needed. Systems have
high order of availability to ensures that the system operates as expected when
needed. Availability provides building of fault tolerance system in the products.
There are mainly two threats to availability of the system which are as follows:
• 1. Denial of Service 2. Loss of Data Processing Capabilities
• The above two facets of availability are explained as following below:
1. Denial of Service:
Denial of Service specifies to actions that lock up computing services in a way that
the authorized users is unable to use the system whenever needed.
• In computing, a denial-of-service attack (DoS attack) is a cyber-attack in which the
perpetrator seeks to make a machine or network resource unavailable to its
intended users by temporarily or indefinitely disrupting services of a host connected
to the Internet. Denial of service is typically accomplished by flooding the targeted
machine or resource with superfluous requests in an attempt to overload systems
and prevent some or all legitimate requests from being fulfilled.
• 2. Loss of Data Processing Capabilities:
The loss of data processing capabilities are generally caused by the natural disasters
or human actions is perhaps more common.
• Contingency planning is the measure to counter such type of losses, which helps in
minimizing the time for that a data processing capability remains unavailable.
Contingency planning provides an alternative means of processing which involves
business resumption planning, alternative site processing or simply disaster recovery
planning thereby ensures data availability.
• Confidentiality, integrity and availability, also known
as the CIA triad, is a model designed to guide policies
for information security within an organization.
• The model is also sometimes referred to as the AIC
triad (availability, integrity and confidentiality) to
avoid confusion with the Central Intelligence Agency.
The elements of the triad are considered the three
most crucial components of security.
• In this context, confidentiality is a set of rules that
limits access to information, integrity is the assurance
that the information is trustworthy and accurate,
and availability is a guarantee of reliable access to the
information by authorized people.
 • Confidentiality
• Confidentiality is roughly equivalent to privacy. Measures undertaken to ensure confidentiality
are designed to prevent sensitive information from reaching the wrong people while making sure
that authorized people can access it. It is common for data to be categorized according to the
amount and type of damage that could be done should it fall into unintended hands. More or less
stringent measures can then be implemented according to those categories.
• Sometimes safeguarding data confidentiality involves special training for those privy to sensitive
documents. Such training would typically include security risks that could threaten this
information. Training can help familiarize authorized people with risk factors and how to guard
against them. Further aspects of training may include strong passwords and password-related
best practices and information about social engineering methods, to prevent users from bending
data-handling rules with good intentions and potentially disastrous results.
• A good example of methods used to ensure confidentiality is an account number or routing
number when banking online. Data encryption is a common method of ensuring confidentiality.
User IDs and passwords constitute a standard procedure; two-factor authentication is becoming
the norm. Other options include biometric verification and security tokens. In addition, users can
take precautions to minimize the number of places where the information appears and the
number of times it is actually transmitted to complete a required transaction. Extra measures
might be taken in the case of extremely sensitive documents, such as storing only on air
gapped computers, disconnected storage devices or, for highly sensitive information, in hard
copy form only.
• A failure to maintain confidentiality means that someone who shouldn't have access has managed
to get access to private information. Through intentional behavior or by accident, a failure in
confidentiality can cause some serious devastation.
• Some measures to keep your information confidential are:
✔ Encryption
✔ Password
✔ Two-factor authentication
✔ Bio-metric
 • Integrity
• Integrity involves maintaining the consistency, accuracy, and trustworthiness of data
over its entire life cycle.
• Data must not be changed in transit, and steps must be taken to ensure that data
cannot be altered by unauthorized people (for example, in a breach of
confidentiality). These measures include file permissions and user access controls.
Version control may be used to prevent erroneous changes or accidental deletion by
authorized users from becoming a problem. In addition, some means must be in
place to detect any changes in data that might occur as a result of
non-human-caused events such as an electromagnetic pulse (EMP) or server crash.
• Some data might include checksums, even cryptographic checksums, for verification
of integrity. Backups or redundancies must be available to restore the affected data
to its correct state.
• Integrity, in the world of information security means maintaining the accuracy, and
completeness of data. It is about protecting data from being modified or misused by
an unauthorized party. Integrity involves maintaining the consistency and
trustworthiness of data over its entire life cycle. Data must not be changed in transit,
and precautionary steps must be taken to ensure that data cannot be altered by
unauthorized people.
• For example, in a breach of integrity, a hacker may seize data and modify it before
sending it on to the intended recipient.
• Measures to maintain the integrity of information include:
✔ Encryption
✔ User Access Controls
✔ Version Control
✔ Backups
 • Availability
• Availability is best ensured by rigorously maintaining all hardware, performing hardware repairs immediately when needed
and maintaining a correctly functioning operating system environment that is free of software conflicts. It’s also important
to keep current with all necessary system upgrades. Providing adequate communication bandwidth and preventing the
occurrence of bottlenecks are equally important. Redundancy, failover, RAID even high-availability clusters can mitigate
serious consequences when hardware issues do occur. Fast and adaptive disaster recovery is essential for the worst-case
scenarios; that capacity is reliant on the existence of a comprehensive disaster recovery plan (DRP). Safeguards against data
loss or interruptions in connections must include unpredictable events such as natural disasters and fire. To prevent data
loss from such occurrences, a backup copy may be stored in a geographically-isolated location, perhaps even in a fireproof,
waterproof safe. Extra security equipment or software such as firewalls and proxy servers can guard against downtime and
unreachable data blocked by malicious denial-of-service (DoS) attacks and network intrusions.
• Availability means that information is accessible to authorized users. It is basically an assurance that your system and data
are accessible by authorized users whenever it’s needed. Similar to confidentiality and integrity, availability also holds a
great value.
• Availability of information refers to ensuring that authorized parties are able to access the information when needed. You
might have been thinking of how you can ensure data availability? Well, Backup is the key.
• Your information is more vulnerable to availability threats than the other two components in the CIA model. Making regular
off-site backups can limit the damage caused to the hard drives by natural disasters. Information only has value if the right
people can access it at the right times.
• Your information is more vulnerable to availability threats than the other two components in the CIA model. Making regular
off-site backups can limit the damage caused to the hard drives by natural disasters. Information only has value if the right
people can access it at the right times.
• Measures to mitigate threats to availability include:
✔ Off-site backups (Off-site backup is a method of backing up data to a remote server or to media that is transported off site.
The two most common forms of off-site backup are cloud backup and tape backup. During cloud backup, also referred to
as online backup, a copy of the data is sent over a network to an off-site server.)
✔ Disaster recovery
✔ Redundancy
✔ Proper monitoring
✔ Environmental controls
✔ Virtualization (Virtualization is the process of creating a software-based, or virtual, representation of something, such as
virtual applications, servers, storage and networks. It is the single most effective way to reduce IT expenses while boosting
efficiency and agility for all size businesses.)
✔ Server clustering (Server clustering refers to a group of servers working together on one system to provide users with higher
availability. These clusters are used to reduce downtime and outages by allowing another server to take over in the event of
an outage. )
✔ Continuity of operations planning
• Authentication is the process of recognizing a
user’s identity. It is the mechanism of associating
an incoming request with a set of identifying
credentials. The credentials provided are
compared to those on a file in a database of the
authorized user’s information on a local operating
system or within an authentication server.
Three categories in which someone may be
authenticated are: something the user knows,
something the user is, and something the user
has.
• Confidentiality means that data, objects and resources
are protected from unauthorized viewing and other
access.
• Integrity means that data is protected from
unauthorized changes to ensure that it is reliable and
correct.
• Availability means that authorized users have access
to the systems and the resources they need.
• Nonrepudiation is the assurance that someone cannot
deny something. Typically, nonrepudiation refers to
the ability to ensure that a party to a contract or a
communication cannot deny the authenticity of their
signature on a document or the sending of a message
that they originated.
• Apart from this there is one more principle that governs information security
programs. This is Non repudiation.
• Non repudiation – means one party cannot deny receiving a message or a
transaction nor can the other party deny sending a message or a transaction. For
example in cryptography it is sufficient to show that message matches the digital
signature signed with sender’s private key and that sender could have a sent a
message and nobody else could have altered it in transit. Data Integrity and
Authenticity are pre-requisites for Non repudiation.
• Authenticity – means verifying that users are who they say they are and that each
input arriving at destination is from a trusted source. This principle if followed
guarantees the valid and genuine message received from a trusted source through a
valid transmission.
• Accountability – means that it should be possible to trace actions of an entity
uniquely to that entity. For example : Not every employee should be allowed to do
changes in other employees data. For this there is a separate department in an
organization that is responsible for making such changes and when they receive
request for a change then that letter must be signed by higher authority for example
Director of college and person that is allotted that change will be able to do change
after verifying his bio metrics, thus timestamp with the user(doing changes) details
get recorded. Thus we can say if a change goes like this then it will be possible to
trace the actions uniquely to an entity.
 Need Of Information Security
• Information system means to consider available countermeasures or controls stimulated through uncovered
vulnerabilities and identify an area where more work is needed. The purpose of data security management is to
make sure business continuity and scale back business injury by preventing and minimising the impact of security
incidents. The basic principle of Information Security is:
• Confidentially
• Authentiacation
• Non-Repudiation
• Intergrity

The need for Information security:

• Protecting the functionality of the organisation:
The decision maker in organisations must set policy and operates their organisation in compliance with the complex,
shifting legislation, efficient and capable applications.
• Enabling the safe operation of applications:
The organisation is under immense pressure to acquire and operates integrated, efficient and capable applications.
The modern organisation needs to create an environment that safeguards application using the organisations IT
systems, particularly those application that serves as important elements of the infrastructure of the organisation.
• Protecting the data that the organisation collect and use:
Data in the organisation can be in two forms that are either in rest or in motion, the motion of data signifies that
data is currently used or processed by the system. The values of the data motivated the attackers to seal or corrupts
the data. This is essential for the integrity and the values of the organisation’s data. Information security ensures
protection od both data in motion as well as data in rest.
• Safeguarding technology assets in organisations:
The organisation must add intrastate services based on the size and scope of the organisation. Organisational
growth could lead to the need for public key infrastructure, PKI an integrated system of the software, encryption
methodologies. The information security mechanism used by the large organisation is complex in comparison to a
small organisation. The small organisation generally prefers symmetric key encryption of data.
 Vulnerabilities in Information Security
Vulnerabilities are weaknesses in a system that gives threats the opportunity to compromise assets. All
systems have vulnerabilities. Even though the technologies are improving but the number of vulnerabilities
are increasing such as tens of millions of lines of code, many developers, human weaknesses, etc.
Vulnerabilities mostly happened because of Hardware, Software, Network and Procedural vulnerabilities.
1. Hardware Vulnerability:
A hardware vulnerability is a weakness which can used to attack the system hardware through physically or remotely.
For examples:
• Old version of systems or devices
• Unprotected storage
• Unencrypted devices, etc.
2. Software Vulnerability:
A software error happen in development or configuration such as the execution of it can violate the security policy. For examples:
• Lack of input validation
• Unverified uploads
• Cross-site scripting
• Unencrypted data, etc.
3. Network Vulnerability:
A weakness happen in network which can be hardware or software.
For examples:
• Unprotected communication
• Malware or malicious software (e.g.:Viruses, Keyloggers, Worms, etc)
• Social engineering attacks
• Misconfigured firewalls
4. Procedural Vulnerability:
A weakness happen in an organization operational methods.
For examples:
• Password procedure – Password should follow the standard password policy.
• Training procedure – Employees must know which actions should be taken and what to do to handle the security. Employees must never be
asked for user credentials online. Make the employees know social engineering and phishing threats.
 • Active and Passive attacks in Information
Security
• Active attacks: An Active attack attempts to alter system resources or
effect their operations. Active attack involve some modification of the
data stream or creation of false statement. Types of active attacks are as
following:
• Masquerade –
Masquerade attack takes place when one entity pretends to be different
entity. A Masquerade attack involves one of the other form of active
attacks.
• Modification of messages –
It means that some portion of a message is altered or that message is
delayed or reordered to produce an unauthorised effect. For example, a
message meaning “Allow JOHN to read confidential file X” is modified as
“Allow Smith to read confidential file X”.
• Repudiation –
This attack is done by either sender or receiver. The sender
or receiver can deny later that he/she has send or receive a
message. For example, customer ask his Bank “To transfer
an amount to someone” and later on the sender(customer)
deny that he had made such a request. This is repudiation.
• Replay –
It involves the passive capture of a message and its
subsequent the transmission to produce an authorized
effect.
• Denial of Service –
It prevents normal use of communication facilities. This attack may have a
specific target. For example, an entity may suppress all messages directed
to a particular destination. Another form of service denial is the disruption
of an entire network wither by disabling the network or by overloading it
by messages so as to degrade performance.
• Passive attacks: A Passive attack attempts to learn or make use of information from the system
but does not affect system resources. Passive Attacks are in the nature of eavesdropping on or
monitoring of transmission. The goal of the opponent is to obtain information is being
transmitted. Types of Passive attacks are as following:
• The release of message content –
Telephonic conversation, an electronic mail message or a transferred file may contain sensitive or
confidential information. We would like to prevent an opponent from learning the contents of
these transmissions.
• Traffic analysis –
Suppose that we had a way of masking (encryption) of
information, so that the attacker even if captured the message
could not extract any information from the message.
The opponent could determine the location and identity of
communicating host and could observe the frequency and length
of messages being exchanged. This information might be useful in
guessing the nature of the communication that was taking place.
Difference between Cyber Security and
Information Security
• The terms Cyber Security and Information Security are often used
interchangeably. As they both are responsible for security and
protecting the computer system from threats and information
breaches and often Cybersecurity and information security are so
closely linked that they may seem synonymous and unfortunately,
they are used synonymously.
• If we talk about data security it’s all about securing the data from
malicious user and threats. Now another question is that what is
the difference between Data and Information? So one important
point is that “not every data can be an information” data can be
informed if it is interpreted in a context and given meaning. for
example “100798” is data and if we know that it’s the date of birth
of a person then it is information because it has some meaning. so
information means data which has some meaning.
Diagram are given below to represent the difference between Information
Security and Cybersecurity.
What is computer security?
• Computer security basically is the protection of computer systems and information from harm,
theft, and unauthorized use.
• It is the process of preventing and detecting unauthorized use of your computer system.
• There are various types of computer security which is widely used to protect the valuable
information of an organization.

So, Computer security can be defined as controls that are put in place to provide confidentiality,
integrity, and availability for all components of computer systems.
Components of computer system:
The components of a computer system that needs to be protected are:
• Hardware, the physical part of the computer, like the system memory and disk drive
• Firmware, permanent software that is etched into a hardware device’s nonvolatile memory and is
mostly invisible to the user (Firmware is a software program or set of instructions programmed
on a hardware device. It provides the necessary instructions for how the device communicates
with the other computer hardware.)
• Software, the programming that offers services, like operating system, word processor, internet
browser to the user (Software is a set of instructions, data or programs used to operate
computers and execute specific tasks)
Why is Computer Security Important?
In this digital era, we all want to keep our computers and our personal information secure and
hence computer security is important to keep our personal information protected.
It is also important to maintain our computer security and its overall health by preventing viruses
and malware which would impact on the system performance.
Computer Security Practices
Computer security threats are becoming relentlessly inventive these days. There is much need for
one to arm oneself with information and resources to safeguard against these complex and
growing computer security threats and stay safe online.
Some preventive steps you can take include:
❑ Secure your computer physically by:
❑ Installing reliable, reputable security and anti-virus software
❑ Activating your firewall, because a firewall acts as a security guard between the internet and your local
area network
❑ Stay up-to-date on the latest software and news surrounding your devices and perform software
updates as soon as they become available
❑ Avoid clicking on email attachments unless you know the source
❑ Change passwords regularly, using a unique combination of numbers, letters and case types
❑ Use the internet with caution and ignore pop-ups, drive-by downloads while surfing
❑ Taking the time to research the basic aspects of computer security and educate yourself on
evolving cyber-threats
❑ Perform daily full system scans and create a periodic system backup schedule to ensure your data
is retrievable should something happen to your computer.
❑ Apart from these, there are many ways you can protect your computer system. Aspects such as
encryption and computer cleaners can assist in protecting your computers and its files.
 Internet Security
• Internet security is a branch of computer security which comprises
various security measures exercised for ensuring the security of
transactions done online.
• In the process, the internet security prevents attacks targeted at
browsers, network, operating systems, and other applications.
• Today, businesses and governments are more concerned about
safeguarding from Cyber attacks and malware programs that
originate from the internet.
• The main aim of Internet security is to set up precise rules and
regulations that can deflect attacks that arise from the Internet.
• Internet security relies on particular resources and criteria for
safeguarding the data that is communicated or transferred online.
• In today's digital landscape, many of our daily activities rely on the
internet.
• Various forms of communication, entertainment, and financial and
work-related tasks are accomplished online.
• This means that tons of data and sensitive information are
constantly being shared over the internet.
• The internet is mostly private and secure, but it can also be an
insecure channel for exchanging information.
• With a high risk of intrusion by hackers and cybercriminals,
internet security is a top priority for individuals and businesses
alike.
• Internet security is a branch of computer security that deals
specifically with internet-based threats.
• These include hacking, where unauthorized users gain access to
computer systems, email accounts or websites; viruses and other
malicious software (malware), which can damage data or make
systems vulnerable to other threats; and identity theft, where
hackers steal personal details such as credit card numbers and
bank account information. You can protect yourself from these
threats with strong internet security.
Malware and Anti-Malware
• Malware, meaning malicious software, includes
viruses, worms and Trojans.
• Install and use anti-malware internet protection
applications to protect your computer.
Internet Security: Firewalls
• Think of a firewall as a filter consisting of a device or
array of devices that allow or deny access to a
network. Firewalls, which can be hardware or software
devices, prevent sensitive information from being
uncovered and stolen from networks and also prevent
dangerous information — such as malicious code —
from being planted on networks. Firewalls apply a
specific set of rules to all information coming in or
going out of networks to determine whether it's
dangerous or benign.
• Browser Choice
• Browsers can have security flaws, which allow hackers and cyber-criminals to attack computers
and networks. You must choose a secure browser and keep it updated with new security patches
the developer releases. One example of a dangerously insecure browser is Microsoft's Internet
Explorer 6 (IE6). Although it's now largely out of use, IE6 has so many security flaws that even
Microsoft wants to stop people from using it.
• Email Security
• Electronic mail (email) offers many potential vulnerabilities. It's often used to send sensitive
information, which then becomes vulnerable to theft, and is also used to distribute malware. A
solid email security strategy includes both anti-malware applications and good practice by users,
such as not sending sensitive information via unsecured email and not opening suspicious
messages.
• Denial-of-Service Attack
• Denial of service (DoS) attacks are performed against computer resources such as websites. The
aim of a DoS attack is to make a resource unavailable to users. One example is when a website is
so overwhelmed by repeated communications requests that it cannot keep up with the demand.
When multiple systems are involved, it becomes a distributed denial of service attack (DDoS).
Methods for protecting against such attacks include firewalls and systems such as "clean pipes," in
which website traffic is routed through a proxy server (A proxy server is a computer on the web
that redirects your web browsing activity) that drops bad traffic, allowing only genuine requests.
• Social Engineering
• The strongest firewall and high security anti-virus suite won't protect your system if you give away
sensitive information such as passwords or security questions. Social engineering uses tricks to
make you hand over information to criminals.
• An example is phishing, in which an email appears to come from a reputable organization such as
a bank, tricking the recipient into entering their personal details. The phisher can then collect and
use them to log in to the victim's account. If you want excellent internet security, it's important to
remain aware of social engineering.
• Internet security requires a combination of several products and
technologies to properly safeguard data. It's important to consider several
types of internet security strategies when taking proper measures to help
keep your network secure. These tactics can include:
• Browser selection: Each browser has its own security measures in place,
but some can have serious flaws that allow hackers and cybercriminals to
exploit and invade. Ensure that you're using a secure browser to reduce
the risk of compromising your computer or network.
• Multi-factor authentication (MFA): MFA is a method of controlling
computer access by requiring several separate pieces of evidence to an
authentication mechanism. Websites and email accounts can be made
more secure by requiring at least two factors of authentication by a user.
• Email security: Email creates a wave of opportunity for viruses, worms,
Trojans, and other unwanted programs. Establishing a multi-layered and
comprehensive email security strategy will help significantly reduce
exposure to emerging threats. Email messages can also be protected by
using cryptography, such as signing an email, encrypting the body of an
email message, and encrypting the communication between mail servers.
• Firewalls: Firewalls act as filters that protect devices by allowing or
denying access to a network. By applying a specific set of rules to identify
if something is safe or harmful, firewalls can prevent sensitive information
from being stolen and keep malevolent code from being embedded onto
networks.
• Proxy Server
• A proxy server is a computer on the web that redirects your web browsing activity. Here's what that means.
• Normally, when you type in a website name (Amazon.com or any other), your Internet Service Provider (ISP) makes
the request for you and connects you with the destination—and reveals your real IP address, as mentioned before.
• When you use a proxy your online requests get rerouted.
• While using a proxy, your Internet request goes from your computer to your ISP as usual, but then gets sent to the
proxy server, and then to the website/destination. Along the way, the proxy uses the IP address you chose in your
setup, masking your real IP address.
Why you might want to use a proxy.
• Here why some people turn to using a proxy—and why you might be interested as well.
• A school or local library blocks access to certain websites and a student wants to get around that.
• You want to look at something online that interests you...but you would prefer it couldn't be traced back to your IP
address and your location.
• You're traveling abroad and the technology set up in the country you're in prevents you from connecting to a
website back home.
• You want to post comments on websites but you do not want your IP address to be identified or your identity
tracked down.
• Your employer blocks access to social media or other sites and you'd like to bypass those restrictions.
• Why you might not want to use one
• You should keep in mind that your employer, your ISP and other networks might object to your using a proxy. Just
because you can do it, doesn't mean you should. And in some cases, websites will blacklist IP addresses they suspect
or know are from a proxy.
 Malware
• The term malware is a contraction of malicious software. Put simply, malware is any piece of
software that was written with the intent of damaging devices, stealing data, and generally
causing a mess. Viruses, Trojans, spyware, and ransomware are among the different kinds of
malware.
• Malware is often created by teams of hackers: usually, they’re just looking to make money, either
by spreading the malware themselves or selling it to the highest bidder on the Dark Web (the
portion of the Internet that is intentionally hidden from search engines, uses masked IP
addresses, and is accessible only with a special web browser).
• However, there can be other reasons for creating malware too — it can be used as a tool for
protest, a way to test security, or even as weapons of war between governments.
• Malware is the collective name for a number of malicious software variants, including
viruses, ransomware and spyware. Shorthand for malicious software, malware typically consists
of code developed by cyberattackers, designed to cause extensive damage to data and systems or
to gain unauthorized access to a network.
• Malware is typically delivered in the form of a link or file over email and requires the user to
click on the link or open the file to execute the malware.
• Though varied in type and capabilities, malware usually has one of the following objectives:
❖ Provide remote control for an attacker to use an infected machine.
❖ Send spam from the infected machine to unsuspecting targets.
❖ Investigate the infected user’s local network.
❖ Steal sensitive data.
Malware is an inclusive term for all types of malicious software, such as:
• How to protect against malware
• When it comes to malware, prevention is better than a cure.
Fortunately, there are some common sense, easy behaviors that
minimize your chances of running into any nasty software.
• Don’t trust strangers online! “Social engineering”, which can
include strange emails, abrupt alerts, fake profiles, and
curiosity-tickling offers, are the #1 method of delivering malware.
If you don’t know exactly what it is, don’t click on it.
• Double-check your downloads! From pirating sites to official
storefronts, malware is often lurking just around the corner. So
before downloading, always double-check that the provider is
trustworthy by carefully reading reviews and comments.
• Get an ad-blocker! Malvertising – where hackers use infected
banners or pop-up ads to infect your device – is on the rise. You
can’t know which ads are bad: so it’s safer to just block them all
with a reliable ad-blocker.
• Careful where you browse! Malware can be found anywhere, but
it’s most common in websites with poor backend security, like
small, local websites. If you stick to large, reputable sites, you
severely reduce your risk of encountering malware.
 VIRUS
• Programs that copy themselves throughout a
computer or network.
• Viruses piggyback on existing programs and
can only be activated when a user opens the
program.
• At their worst, viruses can corrupt or delete
data, use the user’s email to spread, or erase
everything on a hard disk.
• a computer virus is “malware attached to another
program (such as a document), which can replicate
and spread after an initial execution on a target
system where human interaction is required. Many
viruses are harmful and can destroy data, slow down
system resources, and log keystrokes.”
• Most computer viruses target systems running
Microsoft Windows. Macs, on the other hand, enjoy a
reputation as virus-proof super machines.
• In reality, Macs are not inherently safer. There
are more Windows users in the world than Mac
users and cybercriminals simply choose to write
viruses for the operating system (OS) with the largest
amount of potential victims.
• The easiest way to differentiate computer viruses from other
forms of malware is to think about viruses in biological terms.
• Take the flu virus, for example. The flu requires some kind of
interaction between two people—like a hand shake, a kiss, or
touching something an infected person touched. Once the flu
virus gets inside a person’s system it attaches to healthy human
cells, using those cells to create more viral cells.
A computer virus works in much the same way:
• A computer virus requires a host program.
• A computer virus requires user action to transmit from one system
to another.
• A computer virus attaches bits of its own malicious code to other
files or replaces files outright with copies of itself.
• It’s that second virus trait that tends to confuse people. Viruses
can’t spread without some sort of action from a user, like opening
up an infected Word document. Worms, on the other hand, are
able to spread across systems and networks on their own, making
them much more prevalent and dangerous
How does a computer virus find me?
Even if you’re careful, you can pick up computer viruses through normal Web activities
like:
• Sharing music, files, or photos with other users
• Visiting an infected website
• Opening spam email or an email attachment
• Downloading free games, toolbars, media players and other system utilities
• Installing mainstream software applications without thoroughly reading license
agreements
What does a computer virus do?
• Some computer viruses are programmed to harm your computer by damaging
programs, deleting files, or reformatting the hard drive.
• Others simply replicate themselves or flood a network with traffic, making it
impossible to perform any internet activity.
• Even less harmful computer viruses can significantly disrupt your system’s
performance, sapping computer memory and causing frequent computer crashes.
What are the symptoms of a computer virus?
Your computer may be infected if you recognize any of these malware symptoms:
• Slow computer performance
• Erratic computer behavior
• Unexplained data loss
• Frequent computer crashes
How to protect against computer viruses
Take these steps to safeguard your PC with the best computer virus protection:
✔ Use antivirus protection and a firewall
✔ Get antispyware software
✔ Always keep your antivirus protection and antispyware software up-to-date
✔ Update your operating system regularly
✔ Increase your browser security settings
✔ Avoid questionable Web sites
✔ Only download software from sites you trust.
✔ Carefully evaluate free software and file-sharing applications before downloading them.
✔ Don't open messages from unknown senders
✔ Immediately delete messages you suspect to be spam

❖ An unprotected computer is like an open door for computer viruses. Firewalls monitor Internet
traffic in and out of your computer and hide your PC from online scammers looking for easy
targets.
❖ Products like Webroot Internet Security Complete and Webroot Antivirus provide complete
protection from the two most dangerous threats on the Internet – spyware and computer viruses.
They thwart threats before they can enter your computer, stand guard at every possible entrance
of your computer and fend off any computer virus that tries to open, even the most damaging
and devious strains.
❖ While free antivirus downloads are available, they just can't offer the computer virus help you
need to keep up with the continuous onslaught of new strains.
❖ Previously undetected forms of polymorphic malware can often do the most damage, so it’s
critical to have up-to-the-minute, guaranteed antivirus protection.
❖ EXAMPLES???????????? (I LOVE U, MELISSA, CODE RED)
 Worms
• Worms are a self-replicating type of malware (and a type of
virus) that enter networks by exploiting vulnerabilities,
moving quickly from one computer to another.
• Because of this, worms can propagate themselves and
spread very quickly – not only locally, but have the potential
to disrupt systems worldwide.
• Unlike a typical virus, worms don’t attach to a file or
program.
• Instead, they slither and enter computers through a
vulnerability in the network, self-replicating and spreading
before you’re able to remove the worm.
• But by then, they’ll already have consumed all the
bandwidth of the network, interrupting and arresting large
network and web servers.
• Definition: A computer worm is a malicious, self-replicating software program (popularly termed
as 'malware') which affects the functions of software and hardware programs.
Description: It fits the description of a computer virus in many ways. For example, it can also
self-replicate itself and spread across networks. That is why worms are often referred to as viruses
also.
• But computer worms are different from computer viruses in certain aspects.
• First, unlike viruses which need to cling on to files (host files) before they can diffuse themselves
inside a computer, worms exist as separate entities or standalone software.
• They do not need host files or programs.
• Secondly, unlike viruses, worms do not alter files but reside in active memory and duplicate
themselves.
• Worms use parts of the operating system that are automatic and usually invisible to the user.
• Their existence in the system becomes apparent only when their uncontrolled replication
consumes system resources, slowing or halting other tasks in the process.
• In order to spread, worms either exploit the vulnerability of the target system or use some kind
of social engineering method to trick users into executing them.
• Once they enter a system, they take advantage of file-transport or information-transport features
in the system that allows them to travel unaided.
• A computer worm called 'Stuxnet worm’ turned heads the world over recently when it attacked
the nuclear facilities of Iran. This worm reportedly destroyed roughly a fifth of Iran's nuclear
centrifuges by causing them to spin out of control by increasing the pressure on the spinning
centrifuges, while displaying that everything was under control. It managed this feat by replaying
the plant's protection system values in the control room while the attack was happening.
What damage can computer worms cause?
• It depends on the type of computer worm and the desires
of its creator. Some worms are used to spread other types
of malware for cybercrime like corporate espionage and
others are used to highlight particular
security vulnerabilities but do no real damage (minus
network congestion).
• Many of the first computer worms were proofs of concept
designed to do nothing more than infect computers and
reproduce themselves in the background. Often the only
way to identify an infection was when a worm made too
many copies of itself and caused the system to slow.
• But with time, worms are becoming a means to an end,
often carrying a payload that aims to steal sensitive data or
cause a data breach.
• It's common to use the worm to gain initial access to a
system and then use privilege escalation to gain further
access to a system.
How do computer worms spread?
1. Email
One of the most common ways for computer worms to spread is via email spam. In years gone by,
worms could hide in the main text of an email, but as modern email clients caught on and began
blocking direct embedding circa 2010, the risk for this type of attack is fairly low.
While embedded worms may be things of the past, email attachments remain popular hiding spots for
worms. What may appear to be a benign work document or personal photo can, in fact, be hiding
malicious code, waiting to be released when you click a link or open said attachment. Once a
machine has been infected, the worm may replicate itself by emailing itself to everyone in your
address book or automatically replying to emails in your inbox.
2. Operating system vulnerabilities
Every operating system has its vulnerabilities (yes, even macOS) and some worms are specifically
coded to take advantage of these weak points. Perhaps the most infamous example is Conficker, a
worm first identified in 2008 which exploited a vulnerability in a network service present in many
versions of Windows, including Windows 2000, Windows XP, Windows Vista, Windows Server
2003, Windows Server 2008, and Windows Server 2008 R2 Beta and Windows 7 Beta. At its peak,
Conficker infected as many as 15 million computers.
3. Instant messaging
Worms can take on similarly deceptive forms in instant messaging software and take advantage of
users who are probably not on high alert when using such services.
In the past, instant messaging software such as mIRC, MSN Messenger, Yahoo IM and ICQ proved to
be exceptionally fertile breeding grounds for worms. In today’s digital landscape, modern chat
systems are just as vulnerable, with Facebook Messenger a common infection point for worms
such as Dorkbot, which spreads via an executable file disguised as a JPG image.
• 4. Smartphones
• Globally, there were about 2.8 billion active
smartphones being used at the end of
2016, according to data collated by market
intelligence firm Newzoo. With these figures
in mind, it should come as little surprise that
worm creators are increasingly turning their
attention to mobile devices.
 Trojans
• A Trojan horse, or Trojan, is a type of malicious code or software that looks legitimate but can
take control of your computer. A Trojan is designed to damage, disrupt, steal, or in general inflict
some other harmful action on your data or network.
• A Trojan acts like a bona fide application or file to trick you. It seeks to deceive you into loading
and executing the malware on your device. Once installed, a Trojan can perform the action it was
designed for.
• A Trojan is sometimes called a Trojan virus or a Trojan horse virus, but that’s a misnomer. Viruses
can execute and replicate themselves. A Trojan cannot. A user has to execute Trojans. Even so,
Trojan malware and Trojan virus are often used interchangeably.
• It is a type of computer software that is camouflaged in the form of regular software such as
utilities, games and sometimes even antivirus programs. Once it runs on the computer, it causes
problems like killing background system processes, deleting hard drive data and corrupting file
allocation systems.
• A Trojan Horse or Trojan is a malware type which covertly attaches itself to a benign application
to perform atrocious actions after activation such as spying on you, gathering data, creating
backdoor access, disrupting performance etc. For sending the gathered information Trojan
connects themselves to the remote server also known as Command and Control server.
• Trojans outspread themselves through user interaction. No self replication and no self
reproduction by infecting files are the properties of Trojan.
• Trojans gain entry to the system through malicious email attachments, social engineering, and
execution of malicious files and so on.
• Trojans can take form of a backdoor which creates a channel to the remote server.
Some of the common actions that Trojans take are:
• Creating backdoors: Trojans typically make changes to your security system so that
other malware or even a hacker can get in. This is usually the first step in creating a
botnet.
• Spying: Some Trojans are essentially spyware designed to wait until you access your
online accounts or enter your credit card details, and then send your passwords and
other data back to their master.
• Turning your computer into a zombie: Sometimes, a hacker isn't interested in you,
but just wants to use your computer as a slave in a network under their control.
• Sending costly SMS messages: Even smartphones get Trojans, and a common way
for criminals to make money is by making your phone send costly SMS messages to
premium numbers.
What does a Trojan look like?
• Well, that’s just it: Trojans can look like just about anything. The computer game you
downloaded from a strange website. The "free" MP3 by that band you secretly like.
Even an advertisement might try to install something on your computer.
• Some Trojans are specifically designed to trick you into using them. They can use
misleading language or try to convince you they are a legitimate app. This is why it’s
so important to watch out for unsafe websites and never download things carelessly.
 Ransomware
• Ransomware is malicious software that infects your computer and displays
messages demanding a fee to be paid in order for your system to work again. This
class of malware is a criminal moneymaking scheme that can be installed through
deceptive links in an email message, instant message or website.
• There are a number of vectors ransomware can take to access a computer. One of
the most common delivery systems is phishing spam — attachments that come to
the victim in an email, masquerading as a file they should trust. Once they're
downloaded and opened, they can take over the victim's computer, especially if they
have built-in social engineering tools that trick users into allowing administrative
access.
• There are several things the malware might do once it’s taken over the victim's
computer, but by far the most common action is to encrypt some or all of the user's
files. If you want the technical details, the Infosec Institute has a great in-depth look
at how several flavors of ransomware encrypt files.
• But the most important thing to know is that at the end of the process, the files
cannot be decrypted without a mathematical key known only by the attacker. The
user is presented with a message explaining that their files are now are now
inaccessible and will only be decrypted if the victim sends an untraceable Bitcoin
payment (Digital money that's instant, private, and free from bank fees OR Bitcoin is
a digital or virtual currency created in 2009 that uses peer-to-peer technology to
facilitate instant payments.) to the attacker.
• Types of ransomware
• Ransomware attacks can be deployed in different forms. Some variants may be more harmful
than others, but they all have one thing in common: a ransom. Here are seven common types of
ransomware.
• Crypto malware. This form of ransomware can cause a lot of damage because it encrypts things
like your files, folders, and hard-drives. One of the most familiar examples is the destructive 2017
WannaCry ransomware attack. It targeted thousands of computer systems around the world that
were running Windows OS and spread itself within corporate networks globally. Victims were
asked to pay ransom in Bitcoin to retrieve their data.
• Lockers. Locker-ransomware is known for infecting your operating system to completely lock you
out of your computer or devices, making it impossible to access any of your files or applications.
This type of ransomware is most often Android-based.
• Scareware. Scareware is fake software that acts like an antivirus or a cleaning tool. Scareware
often claims to have found issues on your computer, demanding money to resolve the problems.
Some types of scareware lock your computer. Others flood your screen with annoying alerts and
pop-up messages.
• Doxware. Commonly referred to as leakware or extortionware, doxware threatens to publish your
stolen information online if you don’t pay the ransom. As more people store sensitive files and
personal photos on their computers, it’s understandable that some people panic and pay the
ransom when their files have been hijacked.
• Mac ransomware. Mac operating systems were infiltrated by their first ransomware in 2016.
Known as KeRanger, this malicious software infected Apple user systems through an app called
Transmission, which was able to encrypt its victims’ files after being launched.
• Ransomware on mobile devices. Ransomware began infiltrating mobile devices on a larger scale
in 2014. What happens? Mobile ransomware often is delivered via a malicious app, which leaves a
message on your device that says it has been locked due to illegal activity.
• Who are the targets of ransomware attacks?
• Ransomware can spread across the Internet without specific targets. But
the nature of this file-encrypting malware means that cybercriminals also
are able to choose their targets. This targeting ability enables
cybercriminals to go after those who can — and are more likely to — pay
larger ransoms.
• Here are four target groups and how each may be impacted.
• Groups that are perceived as having smaller security teams. Universities
fall into this category because they often have less security along with a
high level of file-sharing.
• Organizations that can and will pay quickly. Government agencies, banks,
medical facilities, and similar groups constitute this group, because they
need immediate access to their files — and may be willing to pay quickly
to get them.
• Firms that hold sensitive data. Law firms and similar organizations may be
targeted, because cybercriminals bank on the legal controversies that
could ensue if the data being held for ransom is leaked.
• Businesses in the Western markets. Cybercriminals go for the bigger
payouts, which means targeting corporate entities. Part of this involves
focusing on the United Kingdom, the United States, and Canada due to
greater wealth and personal-computer use.
Dos and don’ts of ransomware
• Ransomware is a profitable market for cybercriminals and can be difficult to stop. Prevention is the most important
aspect of protecting your personal data. To deter cybercriminals and help protect yourself from a ransomware
attack, keep in mind these eight dos and don’ts.
• 1. Do use security software. To help protect your data, install and use a trusted security suite that offers more than
just antivirus features. For instance, Norton 360 With LifeLock Select can help detect and protect against threats to
your identity and your devices, including your mobile phones.
• 2. Do keep your security software up to date. New ransomware variants continue to appear, so having up-to-date
internet security software will help protect you against cyberattacks.
• 3. Do update your operating system and other software. Software updates frequently include patches for newly
discovered security vulnerabilities that could be exploited by ransomware attackers.
• 4. Don’t automatically open email attachments. Email is one of the main methods for delivering ransomware. Avoid
opening emails and attachments from unfamiliar or untrusted sources. Phishing spam in particular can fool you into
clicking on a legitimate-looking link in an email that actually contains malicious code. The malware then prevents
you from accessing your data, holds that data hostage, and demands ransom.
• 5. Do be wary of any email attachment that advises you to enable macros to view its content. Once enabled,
macro malware can infect multiple files. Unless you are absolutely sure the email is genuine and from a trusted
source, delete the email.
• 6. Do back up important data to an external hard drive. Attackers can gain leverage over their victims by encrypting
valuable files and making them inaccessible. If the victim has backup copies, the cybercriminal loses some
advantage. Backup files allow victims to restore their files once the infection has been cleaned up. Ensure that
backups are protected or stored offline so that attackers can’t access them.
• 7. Do use cloud services. This can help mitigate a ransomware infection, since many cloud services retain previous
versions of files, allowing you to “roll back” to the unencrypted form.
• 8. Don’t pay the ransom. Keep in mind, you may not get your files back even if you pay a ransom. A cybercriminal
could ask you to pay again and again, extorting money from you but never releasing your data.
 Computer virus examples
• Sometimes to understand what something is, we have to examine what it isn’t. Keeping that in mind, let’s play: Is It a Virus?
• In the Is It a Virus game we’re going to take a look at examples of things people on the Internet commonly believe to be a virus and
explain why it is or isn’t. What fun!
• Is a Trojan a virus? Trojans can be viruses. A Trojan is a computer program pretending to be something it’s not for the purposes of
sneaking onto your computer and delivering some sort of malware. To put it another way, if a virus disguises itself then it’s a Trojan. A
Trojan could be a seemingly benign file downloaded off the web or a Word doc attached to an email. Think that movie you downloaded
from your favorite P2P sharing site is safe? What about that “important” tax document from your accountant? Think twice, because
they could contain a virus.
• Is a worm a virus? Worms are not viruses, though the terms are sometimes used interchangeably. Even worse, the terms are
sometimes used together in a strange and contradictory word salad; i.e. a “worm virus malware.” It’s either a worm or a virus, but it
can’t be both, because worms and viruses refer to two similar but different threats. As mentioned earlier, a virus needs a host system
to replicate and some sort of action from a user to spread from one system to the next. A worm, conversely, doesn’t need a host
system and is capable of spreading across a network and any systems connected to the network without user action. Once on a system,
worms are known to drop malware (often ransomware) or open a backdoor.
• Is ransomware a virus? Ransomware can be a virus. Does the virus prevent victims from accessing their system or personal files and
demands ransom payment in order to regain access à la ransomware? If so, then it’s a ransomware virus. In fact, the very first
ransomware was a virus (more on that later). Nowadays, most ransomware comes as a result of computer worm, capable of spreading
from one system to the next and across networks without user action (e.g. WannaCry).
• Is a rootkit a virus? Rootkits are not viruses. A rootkit is a software package designed to give attackers “root” access or admin access to
a given system. Crucially, rootkits cannot self-replicate and don’t spread across systems.
• Is a software bug a virus? Software bugs are not viruses. Even though we sometimes refer to a biological virus as a “bug” (e.g. “I caught
a stomach bug”), software bugs and viruses are not the same thing. A software bug refers to a flaw or mistake in the computer code
that a given software program is made up of. Software bugs can cause programs to behave in ways the software manufacturer never
intended. The Y2K bug famously caused programs to display the wrong date, because the programs could only manage dates through
the year 1999. After 1999 the year rolled over like the odometer on an old car to 1900. While the Y2K bug was relatively harmless, some
software bugs can pose a serious threat to consumers. Cybercriminals can take advantage of bugs in order to gain unauthorized access
to a system for the purposes of dropping malware, stealing private information, or opening up a backdoor. This is known as an exploit.
DDOS Attack
• A distributed denial-of-service (DDoS) attack is a malicious
attempt to disrupt normal traffic of a targeted server, service or
network by overwhelming the target or its surrounding
infrastructure with a flood of Internet traffic.
• In 2015 and 2016, a criminal group called the Armada Collective
repeatedly extorted banks, web host providers, and others in this
way.
• in 2016, Dyn, a major domain name system provider — or DNS —
was hit with a massive DDoS attack that took down major
websites and services, including AirBnB, CNN, Netflix, PayPal,
Spotify, Visa, Amazon, The New York Times, Reddit, and GitHub.
• The gaming industry has also been a target of DDoS attacks, along
with software and media companies.
• DDoS attacks are sometimes done to divert the attention of the
target organization. While the target organization focuses on the
DDoS attack, the cybercriminal may pursue a primary motivation
such as installing malicious software or stealing data.
 Social Engg.
• Social engineering is the term used for a broad range of malicious
activities accomplished through human interactions. It uses psychological
manipulation to trick users into making security mistakes or giving away
sensitive information.
• Social engineering attacks happen in one or more steps. A perpetrator first
investigates the intended victim to gather necessary background
information, such as potential points of entry and weak security protocols,
needed to proceed with the attack.
• Then, the attacker moves to gain the victim’s trust and provide stimuli for
subsequent actions that break security practices, such as revealing
sensitive information or granting access to critical resources.
• What makes social engineering especially dangerous is that it relies on
human error, rather than vulnerabilities in software and operating
systems.
• Mistakes made by legitimate users are much less predictable, making
them harder to identify and thwart than a malware-based intrusion.
How Does Social Engineering Happen?
• Social engineering happens because of the human instinct of trust. Cybercriminals
have learned that a carefully worded email, voicemail, or text message can convince
people to transfer money, provide confidential information, or download a file that
installs malware on the company network.
Consider this example of spear phishing that convinced an employee to transfer
$500,000 to a foreign investor:
• Thanks to careful spear phishing research, the cybercriminal knows the company
CEO is traveling.
• An email is sent to a company employee that looks like it came from the CEO. There
is a slight discrepancy in the email address – but the spelling of the CEO’s name is
correct.
• In the email, the employee is asked to help the CEO out by transferring $500,000 to
a new foreign investor. The email uses urgent yet friendly language, convincing the
employee that he will be helping both the CEO and the company.
• The email stresses that the CEO would do this transfer herself but since she is
travelling, she can’t make the fund transfer in time to secure the foreign investment
partnership.
• Without verifying the details, the employee decides to act. He truly believes that he
is helping the CEO, the company, and his colleagues by complying with the email
request.
• A few days later, the victimized employee, CEO, and company colleagues realize they
have been a victim of a social engineering attack and have lost $500,000.
• Examples of Social Engineering Attacks
• Savvy cybercriminals know that social engineering works best when focussing on human emotion and risk. Taking
advantage of human emotion is much easier than hacking a network or looking for security vulnerabilities.
• These examples of social engineering emphasize how emotion is used to commit cyber attacks:
Fear
• You receive a voicemail that says you’re under investigation for tax fraud and that you must call immediately to
prevent arrest and criminal investigation. This social engineering attack happens during tax season when people are
already stressed about their taxes. Cybercriminals prey on the stress and anxiety that comes with filing taxes and use
these fear emotions to trick people into complying with the voicemail.
Greed
• Imagine if you could simply transfer $10 to an investor and see this grow into $10,000 without any effort on your
behalf? Cybercriminals use the basic human emotions of trust and greed to convince victims that they really can get
something for nothing. A carefully worded baiting email tells victims to provide their bank account information and
the funds will be transferred the same day.
Curiosity
• Cybercriminals pay attention to events capturing a lot of news coverage and then take advantage of human curiosity
to trick social engineering victims into acting. For example, after the second Boeing MAX8 plane crash,
cybercriminals sent emails with attachments that claimed to include leaked data about the crash. In reality, the
attachment installed a version of the Hworm RAT on the victim’s computer.
Helpfulness
• Humans want to trust and help one another. After doing research into a company, cybercriminals target two or
three employees in the company with an email that looks like it comes from the targeted individuals’ manager. The
email asks them to send the manager the password for the accounting database – stressing that the manager needs
it to make sure everyone gets paid on time. The email tone is urgent, tricking the victims into believing that they are
helping out their manager by acting quickly.
Urgency
• You receive an email from customer support at an online shopping website that you frequently buy from telling you
that they need to confirm your credit card information to protect your account. The email language urges you to
respond quickly to ensure that your credit card information isn’t stolen by criminals. Without thinking twice and
because you trust the online store, you send not only your credit card information but also your mailing address and
phone number. A few days later, you receive a call from your credit card company telling you that your credit card
has been stolen and used for thousands of dollars of fraudulent purchases.
 Social engineering attack techniques

• Social engineering attacks come in many different forms and can be performed anywhere where human interaction
is involved. The following are the five most common forms of digital social engineering assaults.
• Baiting
• As its name implies, baiting attacks use a false promise to pique a victim’s greed or curiosity. They lure users into a
trap that steals their personal information or inflicts their systems with malware.
• The most reviled form of baiting uses physical media to disperse malware. For example, attackers leave the
bait—typically malware-infected flash drives—in conspicuous areas where potential victims are certain to see them
(e.g., bathrooms, elevators, the parking lot of a targeted company). The bait has an authentic look to it, such as a
label presenting it as the company’s payroll list.
• Victims pick up the bait out of curiosity and insert it into a work or home computer, resulting in automatic malware
installation on the system.
• Baiting scams don’t necessarily have to be carried out in the physical world. Online forms of baiting consist of
enticing ads that lead to malicious sites or that encourage users to download a malware-infected application.
• Scareware
• Scareware involves victims being bombarded with false alarms and fictitious threats. Users are deceived to think
their system is infected with malware, prompting them to install software that has no real benefit (other than for
the perpetrator) or is malware itself. Scareware is also referred to as deception software, rogue scanner software
and fraudware.
• A common scareware example is the legitimate-looking popup banners appearing in your browser while surfing the
web, displaying such text such as, “Your computer may be infected with harmful spyware programs.” It either offers
to install the tool (often malware-infected) for you, or will direct you to a malicious site where your computer
becomes infected.
• Scareware is also distributed via spam email that doles out bogus warnings, or makes offers for users to buy
worthless/harmful services.
• Pretexting
• Here an attacker obtains information through a series of cleverly crafted lies. The scam is often initiated by a
perpetrator pretending to need sensitive information from a victim so as to perform a critical task.
• The attacker usually starts by establishing trust with their victim by impersonating co-workers, police, bank and tax
officials, or other persons who have right-to-know authority. The pretexter asks questions that are ostensibly
required to confirm the victim’s identity, through which they gather important personal data.
• All sorts of pertinent information and records is gathered using this scam, such as social security numbers, personal
addresses and phone numbers, phone records, staff vacation dates, bank records and even security information
related to a physical plant.
• Phishing
• As one of the most popular social engineering attack types, phishing scams are email and text message campaigns
aimed at creating a sense of urgency, curiosity or fear in victims. It then prods them into revealing sensitive
information, clicking on links to malicious websites, or opening attachments that contain malware.
• An example is an email sent to users of an online service that alerts them of a policy violation requiring immediate
action on their part, such as a required password change. It includes a link to an illegitimate website—nearly
identical in appearance to its legitimate version—prompting the unsuspecting user to enter their current credentials
and new password. Upon form submittal the information is sent to the attacker.
• Given that identical, or near-identical, messages are sent to all users in phishing campaigns, detecting and blocking
them are much easier for mail servers having access to threat sharing platforms.
• Spear phishing
• This is a more targeted version of the phishing scam whereby an attacker chooses specific individuals or enterprises.
They then tailor their messages based on characteristics, job positions, and contacts belonging to their victims to
make their attack less conspicuous. Spear phishing requires much more effort on behalf of the perpetrator and may
take weeks and months to pull off. They’re much harder to detect and have better success rates if done skillfully.
• A spear phishing scenario might involve an attacker who, in impersonating an organization’s IT consultant, sends an
email to one or more employees. It’s worded and signed exactly as the consultant normally does, thereby deceiving
recipients into thinking it’s an authentic message. The message prompts recipients to change their password and
provides them with a link that redirects them to a malicious page where the attacker now captures their credentials.
Social engineering prevention
• Social engineers manipulate human feelings, such as curiosity or fear, to carry out schemes and
draw victims into their traps. Therefore, be wary whenever you feel alarmed by an email,
attracted to an offer displayed on a website, or when you come across stray digital media lying
about. Being alert can help you protect yourself against most social engineering attacks taking
place in the digital realm.
Moreover, the following tips can help improve your vigilance in relation to social engineering hacks.
• Don’t open emails and attachments from suspicious sources – If you don’t know the sender in
question, you don’t need to answer an email. Even if you do know them and are suspicious about
their message, cross-check and confirm the news from other sources, such as via telephone or
directly from a service provider’s site. Remember that email addresses are spoofed all of the time;
even an email purportedly coming from a trusted source may have actually been initiated by an
attacker.
• Use multifactor authentication – One of the most valuable pieces of information attackers seek
are user credentials. Using multifactor authentication helps ensure your account’s protection in
the event of system compromise. (Multi-factor authentication is an authentication method in
which a computer user is granted access only after successfully presenting two or more pieces of
evidence to an authentication mechanism: knowledge, possession, and inherence.)
• Be wary of tempting offers – If an offer sounds too enticing, think twice before accepting it as fact.
Googling the topic can help you quickly determine whether you’re dealing with a legitimate offer
or a trap.
• Keep your antivirus/antimalware software updated – Make sure automatic updates are engaged,
or make it a habit to download the latest signatures first thing each day. Periodically check to
make sure that the updates have been applied, and scan your system for possible infections.
 Man in the Middle attack
• What Is a Man-in-the-Middle Attack?
• A man-in-the-middle attack is a type of cyberattack where a malicious
actor inserts him/herself into a conversation between two parties,
impersonates both parties and gains access to information that the two
parties were trying to send to each other. A man-in-the-middle attack
allows a malicious actor to intercept, send and receive data meant for
someone else, or not meant to be sent at all, without either outside party
knowing until it is too late. Man-in-the-middle attacks can be abbreviated
in many ways, including MITM, MitM, MiM or MIM.
Key Concepts of a Man-in-the-Middle Attack
• Man-in-the-middle is a type of eavesdropping attack that occurs when a
malicious actor inserts himself as a relay/proxy into a communication
session between people or systems.
• A MITM attack exploits the real-time processing of transactions,
conversations or transfer of other data.
• Man-in-the-middle attacks allow attackers to intercept, send and receive
data never meant to be for them without either outside party knowing
until it is too late.
• In the image above, you will notice that the
attacker inserted him/herself in-between the
flow of traffic between client and server. Now
that the attacker has intruded into the
communication between the two endpoints,
he/she can inject false information and
intercept the data transferred between them.
• Below is another example of what might
happen once the man in the middle has
inserted him/herself.
• The hacker is impersonating both sides of the
conversation to gain access to funds. This example
holds true for a conversation with a client and
server as well as person-to-person conversations.
In the example above, the attacker intercepts a
public key and with that can transpose his own
credentials to trick the people on either end into
believing they are talking to one another securely.
• Man in the middle attack prevention
• Blocking MITM attacks requires several practical steps on the part of
users, as well as a combination of encryption and verification methods for
applications.
• For users, this means:
• Avoiding WiFi connections that aren’t password protected.
• Paying attention to browser notifications reporting a website as being
unsecured.
• Immediately logging out of a secure application when it’s not in use.
• Not using public networks (e.g., coffee shops, hotels) when conducting
sensitive transactions.
• For website operators, secure communication protocols, including TLS and
HTTPS, help mitigate spoofing attacks by robustly encrypting and
authenticating transmitted data. Doing so prevents the interception of site
traffic and blocks the decryption of sensitive data, such as authentication
tokens.
• It is considered best practice for applications to use SSL/TLS to secure
every page of their site and not just the pages that require users to log in.
Doing so helps decreases the chance of an attacker stealing session
cookies from a user browsing on an unsecured section of a website while
logged in.’
 Security Services
• Authentication: assures recipient that the message is from the
source that it claims to be from.
• Access Control: controls who can have access to resource under
what condition
• Availability: available to authorized entities for 24/7.
• Confidentiality: information is not made available to unauthorized
individual
• Integrity: assurance that the message is unaltered
• Non-Repudiation: protection against denial of sending or
receiving in the communication
AUTHENTICATION
• The assurance that the communicating entity is the one that it claims to be.
Peer Entity Authentication
• Used in association with a logical connection to provide confidence in the identity of the entities connected.
Data Origin Authentication
• In a connectionless transfer, provides assurance that the source of received data is as claimed.
ACCESS CONTROL
• The prevention of unauthorized use of a resource (i.e., this service controls who can have access to a resource, under what conditions access can
occur, and what those accessing the resource are allowed to do).
DATA CONFIDENTIALITY
• The protection of data from unauthorized disclosure.
Connection Confidentiality
• The protection of all user data on a connection.
Connectionless Confidentiality
• The protection of all user data in a single data block
Selective-Field Confidentiality
• The confidentiality of selected fields within the user data on a connection or in a single data block.
Traffic Flow Confidentiality
• The protection of the information that might be derived from observation of traffic flows.
DATA INTEGRITY
• The assurance that data received are exactly as sent by an authorized entity (i.e., contain no modification, insertion, deletion, or replay).
• Connection Integrity with Recovery
• Provides for the integrity of all user data on a connection and detects any modification, insertion, deletion, or replay of any data within an entire data
sequence, with recovery attempted.
• Connection Integrity without Recovery
• As above, but provides only detection without recovery.
• Selective-Field Connection Integrity
• Provides for the integrity of selected fields within the user data of a data block transferred over a connection and takes the form of determination of
whether the selected fields have been modified, inserted, deleted, or replayed.
• Connectionless Integrity
• Provides for the integrity of a single connectionless data block and may take the form of detection of data modification. Additionally, a limited form
of replay detection may be provided.
• Selective-Field Connectionless Integrity
• Provides for the integrity of selected fields within a single connectionless data block; takes the form of determination of whether the selected fields
have been modified.
NONREPUDIATION
• Provides protection against denial by one of the entities involved in a communication of having participated in all or part of the communication.
Nonrepudiation, Origin
• Proof that the message was sent by the specified party.
Nonrepudiation, Destination
• Proof that the message was received by the specified party.
 Spywares
• Spyware is a type of malicious software -- or malware -- that is installed on a
computing device without the end user's knowledge. It invades the device, steals
sensitive information and internet usage data, and relays it to advertisers, data firms
or external users. Any software can be classified as spyware if it is downloaded
without the user's authorization. Spyware is controversial because, even when it is
installed for relatively innocuous reasons, it can violate the end user's privacy and
has the potential to be abused.
• Spyware is one of the most common threats to internet users. Once installed, it
monitors internet activity, tracks login credentials and spies on sensitive
information. The primary goal of spyware is usually to obtain credit card numbers,
banking information and passwords.
• Spyware can be difficult to detect; often, the first indication a user has that a
computing device has been infected with spyware is a noticeable reduction in
processor or network connection speeds and -- in the case of mobile devices -- data
usage and battery life. Antispyware tools can be used to prevent or remove spyware.
Antispyware tools can either provide real-time protection by scanning network data
and blocking malicious data, or they can detect and remove spyware already on a
system by executing scans.
 How spyware works

• Spyware can affect any personal computer (PC) or Mac, as

well as iOS or Android devices. While the Windows
operating system (OS) is more likely to fall prey to an
infiltration, hackers are getting better at finding ways into
Apple's OS as well. Some of the most common ways for
computers to become infected include the following:
• pirating media, including games, videos and music;
• downloading materials from unreliable or unknown
sources;
• accepting a pop-up advertisement or prompt without
reading the content; and
• accepting and opening email attachments from
unrecognized senders.
• In its least damaging form, spyware exists as an application that
starts up as soon as the device is turned on and continues to run
in the background. Its presence will steal random access memory
(RAM) and processor power and could generate infinite pop-up
ads, effectively slowing down the web browser until it becomes
unusable.
• Spyware may also reset the browser's homepage to open to an ad
every time or redirect web searches and control the provided
results, making the search engine useless. Additionally, spyware
can change the computer's dynamically link libraries (DLLs) --
which are used to connect to the internet -- resulting in
connectivity failures that can be hard to diagnose.
• At its most damaging, spyware will track web browsing history and
record words, passwords and other private information, such as
credit card numbers or banking records. All of this information can
be gathered and used for identity theft.
• Spyware can also secretly make changes to a
device's firewall settings, reconfiguring the security settings to
allow in even more malware. Some forms of spyware can even
identify when the device is trying to remove it from the Windows
registry and will intercept all attempts to do so.
• Adware. Malicious adware is often bundled in with free software, shareware programs and
utilities downloaded from the internet or surreptitiously installed onto a user's device when the
user visits an infected website. Many internet users were first introduced to spyware in 1999
when a popular freeware game called Elf Bowling came bundled with tracking software. Adware is
often flagged by antimalware programs as whether the program in question is malicious or not.
• Cookies that track and record users' personally identifiable information (PII) and internet
browsing habits are one of the most common types of adware. An advertiser might use cookies to
track what webpages a user visits in order to target advertising in a contextual
marketing campaign. For example, an advertiser could track a user's browser history and
downloads with the intent to display pop-up or banner advertisements to lure the user to make a
purchase. Because data collected by spyware is often sold to third parties, regulations such as the
General Data Protection Regulation (GDPR) have been enacted to protect the PII of website
visitors.
• Keyboard loggers. Keyloggers are a type of system monitor that are often used by cybercriminals
to steal PII, login credentials and sensitive enterprise data. Keyloggers may also be used by
employers to observe employees' computer activities; parents to supervise their children's
internet usage; device owners to track possible unauthorized activity on their devices; or law
enforcement agencies to analyze incidents involving computer use.
• Hardware keyloggers resemble a Universal Serial Bus (USB) flash drive and serve as a physical
connector between the computer keyboard and the computer, while software keylogging
programs do not require physical access to the user's computer for installation. Software
keyloggers can be downloaded on purpose by someone who wants to monitor activity on a
particular computer, or they can be downloaded unwittingly and executed as part of a rootkit or
remote access Trojan (RAT).
• Trojans. Trojans are typically malicious software programs that are disguised as legitimate
programs. A victim of a Trojan could unknowingly install a file posing as an official program,
allowing the Trojan to have access to the computer. The Trojan can then delete files, encrypt files
for ransom or allow others to have access to the user's information.
• Mobile spyware. Mobile spyware is dangerous because it can be transferred through Short
Message Service (SMS) or Multimedia Messaging Service (MMS) text messages and typically does
not require user interaction to execute commands. When a smartphone or tablet gets infected
with mobile spyware that is sideloaded with a third-party app, the phone's camera and
microphone can be used to spy on nearby activity, record phone calls, and log browsing activity
and keystrokes. The device owner's location can also be monitored through the Global Positioning
System (GPS) or the mobile computing device's accelerometer.
How to prevent spyware
• Maintaining strict cybersecurity practices is the best way to prevent spyware. Some best practices
include the following:
• only downloading software from trusted sources;
• reading all disclosures when installing software;
• avoiding interaction with pop-up ads; and
• staying current with updates and patches for browser, OS and application software.
• In addition, users should install antispyware tools, use extensive and reputable antivirus software,
avoid opening emails from unrecognized senders and enable two-factor authentication (2FA)
whenever possible.
• IPhone users can activate 2FA at no additional cost, enabling them to protect all the data on their
smartphone and prevent mobile spyware attacks. Two-factor authentication can also be used in a
variety of other common services, including PayPal, Google, Dropbox and Microsoft Office 365, as
well as in social networking sites, such as Instagram, Snapchat, Facebook and Twitter. Most major
banks have also started implementing 2FA in their websites and mobile apps. Some services have
even increased their authentication process to three- and four-factor authentication
-- 3FA and 4FA, respectively.
• To further reduce the probability of infection, network administrators should practice the
principle of least privilege (POLP) and require remote workers to access network resources over
a virtual private network (VPN) that runs a security scan before granting access privileges.

Antispyware tools
• When choosing an antispyware tool, it is important to know that some only perform when the
scan is manually started, while others are continuously running and monitoring computer activity
to ensure spyware can't record the user's information. Furthermore, users should apply caution
when downloading antispyware tools. Reviews can be read to determine which tools are safest,
and it is recommended that the user only download tools from reputable sites.
• Some antispyware tools include the following:
• Malwarebytes is an antimalware/spyware tool that can remove spyware from
Windows, macOS, Android and iOS. Malwarebytes can scan through registry files,
running programs, hard drives and individual files. Once a spyware program is
detected, a user can quarantine and delete it. However, users can't set up automatic
scanning schedules.
• Trend Micro HouseCall is another antispyware tool that doesn't require user
installation. Because it doesn't require installation, HouseCall uses minimal
processor and memory resources, as well as disk space. However, like
Malwarebytes, users cannot set automatic scans.
• Windows Defender is an antimalware Microsoft product included in the Windows
10 OS under Windows Defender Security Center. The software is a lightweight
antimalware tool that protects against threats such as spyware, adware and
viruses. Windows Defender includes multiple features, such as Application Guard,
Exploit Guard, Advanced Threat Protection and Analytics. Windows Defender users
can set automatic Quick and Full scans, as well as set alerts for low, medium, high
and severe priority items.
• How to remove spyware
• In order to remove spyware, device users must first identify that the spyware exists
in their system. There are several symptoms to look for that can signify the presence
of an attack. They include the following:
• The device runs at a much slower speed than normal.
• The device consistently crashes unexpectedly.
• Pop-up ads appear whether the user is online or offline.
• The device starts running out of hard drive space.
• If it is determined that spyware has infected the system, then the user should
perform the following steps:
• Disconnect the internet connection.
• Check the device's programs list to see if the unwanted software is listed. If it is,
choose to remove it from the device. After uninstalling the program, reboot the
entire system.
• If the above step does not work, then run a scan of the system using reputable
antivirus The scan will find suspicious programs and ask the user to either clean,
quarantine or delete the software.
• The user can also download a virus removal tool or antispyware tool and allow it to
run through the system.
• If none of the above steps work, then the user will have to access the device's hard
drive in safe mode. However, this requires a tool that will enable the user to access
the spyware folders and manually delete them. While this sounds complicated, the
process should only take a few minutes.
Spyware examples
• The best-known examples of spyware are the following:
• Zlob -- or Zlob Trojan -- downloads itself onto a computer and records
keystrokes, as well as search and browsing history.
• Gator -- commonly found in file sharing software -- monitors victims' web
surfing habits in order to present them with better targeted ads.
• TIBS Dialer disconnects the user's computer from a local phone line and
instead connects it to a toll number that is designed for accessing
pornographic websites.
• CoolWebSearch takes advantage of security vulnerabilities found in the
Internet Explorer web browser in order to take control, change settings
and send browsing information to its authors.
• Internet Optimizer -- more popular in the days of dial-up connections --
initially promises to increase internet speeds but instead replaces all error
and login pages with ads.
• In addition, spy apps have been designed for smartphone users that allow
different people to track the phone user's activity. While most were
created with the intent of letting parents monitor their child's phone use,
their abilities have been grossly abused. These apps act as mobile spyware
and allow external users to access the phone's microphone and camera to
view the surroundings, listen in on phone calls and access the phone's GPS
location, passwords and mobile apps. Some popular spy apps include
Spyera, FlexiSPY and TheOneSpy.
UNIT 2
 Securing PC
• Keeping your PC secure is critical to protecting the
personal, business, and financial information it
contains. Fortunately, securing your computer is easy
if you take the proper precautions.
• Using secure passwords and verification processes will
make it more difficult for another person or program
to impersonate you and access your information.
• Using protective software will make it harder for a
hacker, virus, or malicious software to penetrate your
PC. In addition to protective programs, using
encryptions and safe practices will help keep your data
secure when you’re using the Internet.

Source: https://www.wikihow.com/Secure-Your-PC
Method 1: Encrypting Your Data
Method 2: Setting up Secure
Password Protection
 Method 3: Using Protective Software
• 1. Install antivirus software to protect your PC. Antivirus software is a security
utility designed to keep your PC safe against viruses, spyware, malware, and other
online threats. Quality antivirus software needs to be purchased and installed onto
your PC.Popular antivirus software include Avast, AVG, McAfee, and Symantec.
• Set your software setting to automatically scan for viruses and malware so you can
keep your PC clear of them.
• Many programs can also block ads and spam from websites to keep your PC safer
while you’re browsing the internet.
2. Enable your firewall to filter information from the internet. A firewall is a program
that monitors information coming through the internet connection to your PC to
block harmful programs. Go to your PC’s control panel and open up the “System and
Security” menu. Click on the Windows Firewall shortcut and make sure it’s turned
on. Your built-in Windows firewall is just as good as any antivirus program’s firewall.
• Make sure you’re connected to the internet when you turn your firewall on so it
connects.
• If you can’t find the shortcut, type in “firewall” in the search bar of the System and
Security menu.
• 3. Clean up your PC using malware-removal
products.
• Firewalls and antivirus software are designed to
prevent your computer from becoming infected,
but they can’t remove viruses or malware once
they infect your computer. Use an anti-malware
program to clean up your system after an attack
or infection. Download the software and run
periodic scans to check for harmful programs.
• Popular malware-removal products include
Spybot Search & Destroy and Malwarebytes
Anti-Malware.
• Schedule regular scans to check for spyware,
malware, and viruses.
Method 4: Following Safe Practices
 8 easy steps to secure your computer
• 1. Keep up with system and software security updates
• While software and security updates can often seem like an annoyance, it really is important to
stay on top of them. Aside from adding extra features, they often cover security holes. This means
the provider of the operating system (OS) or software has found vulnerabilities which give hackers
the opportunity to compromise the program or even your entire computer.
• Typically if an update is available for your OS, you’ll get a notification. You can often opt to update
immediately or set it to run at a later time. While it can be inconvenient to stop what you’re doing
for half an hour for an update to take place, it’s often best to just get it done out of the way.
• It’s not just your OS that should be kept up-to-date. All software that you run on your computer
could potentially have flaws. When updates are available, you might see a popup when you open
the software.
• Even though they are usually a good thing, it’s prudent to be wary of updates. Sometimes
software companies will offer pre-release versions to try. These may be unstable and should be
used at your own risk. Even with stable release versions, you may want to wait a day or two in
case there are any obvious bugs. Just remember to go back to it when you’re ready.
• Another thing to watch out for is a fake update. These might be used by hackers to persuade you
to click a link or enter credentials. You can avoid falling prey to these by doing a little research into
the latest updates from the software company. Simply search for the latest version to see if the
alert you received makes sense. Alternatively, you can plug the popup text in a search engine to
find out if it’s a known scam.
• 2. Have your wits about you
• It should go without saying, being suspicious is one of the best things you can do to keep your
computer secure. Admittedly, with hacker techniques becoming increasingly sophisticated, it can
be difficult to tell when you’re under attack. All it takes is one email open or link click and your
computer could be compromised.
• Make sure you have your wits about you and think twice about opening or clicking on anything
that doesn’t look legit. Don’t rely on spam filters to always catch sketchy emails. Criminals are
constantly trying to outsmart these settings and now and again they’ll get through.
• 3. Enable a firewall
• A firewall acts as a barrier between your computer or network and the internet. It effectively
closes the computer ports that prevent communication with your device. This protects your
computer by stopping threats from entering the system and spreading between devices. It can
also help prevent your data leaving your computer.
• If your computer ports are open, anything coming into them could be processed. This is bad if it’s
a malicious program sent by a hacker. While it’s possible to close ports manually, a firewall acts as
a simple defence to close all ports. The firewall will open the ports only to trusted applications
and external devices on an as needed basis.
• If your operating system comes with a firewall (e.g. Windows XP onward), you can simply enable
the built-in firewall. In Windows, this can be found by navigating to Control
Panel>System and Security. You might choose to install an additional firewall as an extra layer of
defense or if your OS doesn’t already have one. A couple of free options
are Comodo and TinyWall. Antivirus software often comes with a built-in firewall too.
• The firewalls discussed above are software firewalls. There is a second type known as a hardware
firewall. While these can be purchased separately, they often come built into home routers. It
could just be a simple case of checking if yours is turned on.
• 4. Adjust your browser settings
• Most browsers have options that enable you to adjust the level of privacy and security while you
browse. These can help lower the risk of malware infections reaching your computer and
malicious hackers attacking your device. Some browsers even enable you to tell websites not to
track your movements by blocking cookies.
• However, many of the options are disabled by default, so you could unwittingly be exposing far
more than you need to each time you browse. Thankfully, it should only take a few minutes to go
into your browser settings and make the necessary adjustments. Chrome, Firefox, Safari,
and Edge all provide detailed instructions to help. While using these browsers you can add an
additional layer of protection by installing an anti-tracking browser extension
like Disconnect or uBlock Origin.
• On the topic of browsers, you should choose yours carefully. The ones mentioned above are
generally considered safe. But since updates and patches occur all the time, you never know when
a new hole could appear and how big it will be. If you want more privacy, you can consider
steering away from traditional options and look at privacy-focused alternatives like Epic Privacy
Browser, Comodo Dragon, or Tor Browser.
• 5. Install antivirus and anti spyware software
• Any machine connected to the internet is inherently vulnerable to viruses and other threats,
including malware, ransomware, and Trojan attacks. An antivirus software isn’t a completely
foolproof option but it can definitely help. There are free options out there, but they’re limited,
and besides, the paid programs won’t set you back a whole lot. Bitdefender, is a popular option
that I recommend. For alternatives take a look at this data backed comparison of antivirus.
• Spyware is a specific type of malware that is designed to secretly infect a computer. It then sits in
the system, gathers information, and sends it to a third party. The information is typically of a
sensitive nature, such as credentials or banking information. This can ultimately lead to identity
theft, a multi-billion dollar industry.
• In the spyware category, you have adware (often causing popups), Trojans (posing as a harmless
software), and system monitors (such as keyloggers), all of which pose a pretty serious threat.
Other forms of spyware like tracking cookies are typically harmless alebit annoying. Thankfully,
many antivirus programs have anti spyware built in, but there are some dedicated solutions.
• If spyware has found its way onto your computer, then it’s very possible you can remove it. There
are a ton of options for spyware removal, including many free offerings and some paid single use
tools.
• 6. Password protect your software and lock your device
• Most web-connected software that you install on your system requires login credentials. The
most important thing here is not to use the same password across all applications. This makes it
far too easy for someone to hack into all of your accounts and possibly steal your identity.
• If you’re having trouble remembering a whole bunch of passwords, then you could try a password
manager. This will keep all of your passwords safe and you only have to remember one. A
password can be combined with an email or SMS as part of a two-step verification (2SV) method
for extra security. 2SV usually kicks in when you log into a website or app from a new or
unrecognized device requiring you to verify your identity with a PIN code.
• While many security steps relate to intangible threats, there is always the possibility that
someone could get their hands on your actual computer. A simple line of defence here is to have
a strong computer password to at least make it more difficult for them to enter.
• Other forms of verification include biometric methods like a fingerprint or retina scan. Alternative
physical verification methods might involve key cards and fobs, such as those offered by Yubico.
Any of these can be combined with each other and/or a password as part of a two-step
authentication (2FA) process.
• If you’re concerned about someone actually walking away with your computer, another option is
a physical lock. This is an ideal solution for laptops but can also be used on home or work
computers. Kensington locks and other similar brands are small locks that insert into a special
hole in the device. Some require a physical key while others work using a code.
There are solutions for tablets, although these tend to be more cumbersome and more suitable
for things like point-of-sale.
• 7. Encrypt your data
• Whether your computer houses your life’s work or a load of files with sentimental value like
photos and videos, it’s likely worth protecting that information. One way to ensure it doesn’t fall
into the wrong hands is to encrypt your data. Encrypted data will require resources to decrypt it;
this alone might be enough to deter a hacker from pursuing action.
• There are a plethora of tools out there to help you encrypt things like online traffic and accounts,
communication, and files stored on your computer. For full disk encryption, some popular tools
are VeraCrypt and BitLocker. You can find separate tools to help you encrypt your mobile device,
with various apps available for both Android and iOS.
• 8. Use a VPN
• A Virtual Private Network (VPN) is an excellent way to step up your
security, especially when browsing online. While using a VPN, all of your
internet traffic is encrypted and tunneled through an intermediary server
in a separate location. This masks your IP, replacing it with a different one,
so that your ISP can no longer monitor your activity.
• What’s more, you can typically choose the server location based on your
needs, such as getting the fastest speeds or unblocking geo-locked
content. Additionally, a VPN can help you browse securely while using
open wifi networks and access censored material (e.g. Facebook in China).
• When it comes to choosing a provider, there are some okay free offerings
out there, but monthly rates for paid services can be pretty low, even as
little at $3 per month. The free ones are typically limited in features but
can be good for getting a feel for what’s available. Some paid options have
free trial periods for the full service and most offer generous money-back
guarantee periods.
• No matter what you store on your computer, it’s simply prudent to
protect its content from criminals and snoopers. Although nothing is ever
completely secure, following the steps above will provide most people
with ample protection and safeguard their data.
 Securing Smart Phone

• In addition to storing sensitive information on laptops

and desktops, today's small businesses rely heavily on
mobile devices, like smartphones, to get work done.
Business smartphones, either provided by the business
or the employee, are used for a range of commercial
operations: inventory control, customer relations,
advertising and marketing, banking and more.
• As such, they become repositories for valuable data
that can be targeted by hackers and malware. Taking
the appropriate precautions to protect data is much
like investing in an insurance policy, and most of it
comes down to instilling best practices across your
business, not investing in expensive products.
• 1. Update your OS and apps promptly.
• Most people are guilty of postponing or ignoring operating system updates and app updates, but
doing so on a regular basis can open you up to a data breach. Hackers know how to identify and
exploit vulnerabilities in systems; as those vulnerabilities are made known to the company,
improvements are made to increase security and eliminate weaknesses. The longer you wait to
update your phone or laptop, the more out of date your systems are, making you an easier target
for hackers.
• If your small business utilizes a BYOD (bring your own device) policy, establish a training and
awareness program for your employees. Make sure your staff understands that they are expected
to take reasonable security precautions when using their smartphones and tablets, including
running regular updates and being discerning about app downloads.
• 2. Lock your devices.
• Sure, it's a lot easier to keep your phone unlocked all the time because you can get to your email,
camera, texts, and other features more quickly, but just think how you would feel if a stranger
found your phone on a bus seat or in a coffee shop and could just tap on your business apps,
contacts, and even banking information. If your phone contains client information, you could even
end up in the embarrassing position of informing your clients that their data has been
compromised, essentially due to negligence.
• To prevent that from happening, always engage the four- or six-digit passcode – or set up a longer
alphanumeric code – so that if you ever lose track of your phone, it won't open your entire
business to a stranger. Utilizing fingerprint scanning and facial identification is also an excellent
option, as it's faster and easier than memorizing an unlock code. Also, be sure to
password-protect all mobile apps that contain personal data, such as banking, email and your
Amazon account. Don't use the same password for all your accounts, and change your passwords
occasionally for good measure.
• 3. Utilize mobile device management, small business style.
• If a work phone gets lost or stolen, you can contain the damage using basic smartphone features. Both Apple and
Google offer find device services, such as Find My iPhone and Android's Find My Device, that can locate your phone
on a map and automatically disable it. These services can also make your phone ring, either alarming the thief or just
locating a phone you have temporarily lost track of. You can even arrange for the phone to delete all information
after five to 10 false passcode tries.
• For small business owners who want more control, affordable mobile device management software is a good option.
If your business currently uses Microsoft Office 365, you should already have access to MDM features
through Mobile Device Management for Office 365. There are also stand-alone MDM products like
AirWatch's Workspace ONE (a VMware product) and Hexnode, but despite offering SMB solutions, Office 365's
MDM is far more suitable for most small business owners.
• 4. Use Wi-Fi and Bluetooth wisely.
• Most people don't think twice about jumping on a free public Wi-Fi connection, but people operating devices with
sensitive business information on them should exercise caution. Business travelers often use hotel or conference
center Wi-Fi. In general, this is an OK practice as businesses like reputable hotels and event venues have a vested
interest in maintaining the security of their Wi-Fi users. However, free public Wi-Fi in areas like shopping centers,
cafes, airports, parks or gyms, is often far less secure.
• Try to use only your private cell connection whenever possible and switch off Wi-Fi on your mobile phone whenever
you are in a public place. And, of course, do not sign on to unencrypted open networks. If that is not possible,
consider using a VPN, but choose carefully, as all are not created equal. A VPN tunnels your network traffic through
an encrypted connection to a server based in another location. Unless you are wearing a smartwatch that requires a
Bluetooth connection for functionality, it's also a good idea to disable Bluetooth when you're out and about.
• 5. Use two-factor authentication wherever possible.
• Two-factor authentication (2FA) is one of the least-favorite security options around because, as
the name implies, it requires an extra step. However, it offers another solid barrier to accessing
your private information, and two-factor authentication is much easier to use now (thanks to
biometric scanners and save-password features) than it used to be.
• 6. Manage app permissions.
• Check the apps on your phone to determine whether they have more privileges than they need to
get the job done. You can grant apps permissions like access to the camera, the microphone, your
contacts and your location. Keep track of which permissions you've given to which apps, and
revoke permissions that are not needed.
• For iPhones, go to Settings and tap on Privacy, where you'll see a list of all permissions and the
apps you've granted them to. Android users can find app permissions in the Application Manager
under Device > Application in some Android versions.
• 7. Ignore spam and phishing emails.
• One of the easiest ways for hackers to access your company's information is through your
employee's email inboxes. Even major corporations have suffered breaches due to phishing
scams. Incorporate email security training as part of your basic onboarding procedure, and make
sure employees are aware that they shouldn't click on links in promotional emails, open
suspicious attachments or run updates that are prompted through email (including those that say
they come directly from a company, like Microsoft).
• Make sure employees understand company policy. For example, let them know that your business
will never ask them for personal information or send them links regarding their 401(k) accounts
and that if they see such emails, they should assume they are fraudulent. If they want to
cross-check their accounts, to make sure their 401(k) or other sensitive information is OK, tell
them to go directly to the financial institution's website and log into their accounts directly, rather
than clicking on a link in an email.
• 8. Back up your data.
• Bad stuff happens, but don't compound the problem by not being prepared. Always back up your
data. This is a general good practice, and it protects your important documents and images in case
of any loss.
• For an Android phone, make sure "Back up my data" and "Automatic restore" are enabled in the
settings and then sync your data with Google. For an iPhone, choose your device in the settings
and then back up to iCloud.
• 9. Use an antivirus app.
• Hackers typically use malware to steal passwords and account information. There are plenty of
smartphone antivirus apps — some of which are linked to companion desktop apps. These
provide enhanced security by ensuring apps, PDFs, images and other files you download aren't
infected with malware before you open them. Antivirus apps like Avast, McAfee and Panda can
halt such threats.
• 10. Know where your apps come from.
• Don't just download any app to your phone. While iPhones only run apps from Apple's App Store,
which vets all apps sold from the platform, standards are not quite as high on Android. The
Google Play Store has made progress in ensuring its apps aren't running malware, but the Android
platform allows installation from various, less-regulated environments. The best way to avoid
malware on Android is to stick with the Google Play Store, unless you are sure you can trust an
independent app from somewhere else.
 Securing Laptops/Tabs
• More employees with more laptops can mean greater exposure of
your network to roaming security threats. And, in a worst-case
scenario, a stolen laptop with sensitive customer data or
proprietary company information can also expose the company to
liabilities, legal or otherwise. Lost customer data can lead to
identity theft and open the company to lawsuits. Lost proprietary
information can damage the company's competitive edge, if not
its business altogether.
• Large organizations have sophisticated network defenses and
firewalls to block malware from compromised laptops. For
outbound threats, they may also employ complex content control
systems to prevent the loss of customer data or company
information. Not so for small and medium-sized businesses
(SMBs), which may operate simple firewall networks on a
shoestring and don't have the cash to spend on expensive content
filtering systems and software.
• There are three parts to laptop security: physical security, administrative
access and technical controls.
• Physical security: A laptop should never be left unattended. If you have to
get up, for any reason, power down the laptop and take it with you.
Unattended laptops have been targets of thieves in airport lounges and at
Starbucks.
• If it's absolutely necessary to leave the laptop, use a good lock. The Defcon
SCL cable lock from Targus Inc. is especially designed for laptops. It
consists of a cable with a combination lock that plugs into the locking port
of any laptop. The cable can be used to lock the laptop to a table, if you
have to step away for a minute.
• Other physical security measures for laptops include carrying them in
nondescript briefcases rather than laptop bags, especially those
emblazoned with big logos from the laptop manufacturer. Another thing
to watch out for is shoulder surfing. Working on a laptop in a public place
leaves you open to let people see everything you're doing. Try to work
away from crowds in a secluded area like an empty gate at an airport or a
table facing a wall -- not a window -- in a coffee shop. Shoulder surfers
have been known to even peer through windows.
• Privacy filters also protect against unwanted wandering eyes. Privacy
filters are screens that stick to a laptop monitor with adhesive tape. Only
someone looking directly at the screen can see it, but to others it looks
dark. Privacy filters range in price from $50 to $90 and are available from
3M Co. and Fellowes Inc.
• Administrative access: The best administrative controls are an inventory system for
keeping track of who has a company laptop, and what they're doing with it. Every
employee allowed a laptop should be required to sign it out, whether it's given for
temporary or long-term purposes. The laptop's make, model and serial number
should be recorded along with the name and signature of the employee using it. The
records should be kept by your IT staff, which is already probably managing the
issuing and maintenance of your company's laptops.
• Personal laptops should never be allowed on a company network. You never know
what's on a personal laptop that could infect your network.
• Technical controls: Technical controls include encryption, personal firewalls and
antiviral software and virtual private network (VPN) connections. Also, all laptops
should have a standard build and be required to authenticate to your network like
any workstation. In fact, look at a laptop as an extension of your company network,
not something separate from it.
• Encryption is vital for making sure data on the laptop doesn't fall into the wrong
hands, in case the laptop is lost or stolen. Full disk encryption makes the laptop
unusable to anyone who doesn't have the encryption key. Even if the disk is foisted
out of the machine and installed on a test bed, the data is gibberish.
• Products such as SafeBoot Device Encryption provide full disk encryption and are
designed specifically for laptops. SafeBoot N.V.'s product requires the user to
authenticate with a user ID and password before the operating system loads.
Because it loads before the operating system, it can't be defeated by Linux boot
disks, such as Knoppix, which bypass operating system logons to access machines.
• SafeBoot works behind the scenes, continually encrypting the hard drive
while the user is working. Similar products are offered by PGP Corp. and
GuardianEdge Technologies Inc.
• All laptops, like their stationary desktop counterparts, should be outfitted
with personal firewalls and antiviral software. They should be up-to-date
with the latest security patches. If you use Active Directory for
authentication, laptops can be further locked down using Group Policy
Objects, again like the desktops that are also connected to the network.
• Consider a VPN for secure communication back to the office for those on
the road. A Secure Sockets Layer VPN doesn't require any software
installed on the laptop but could cost more than an IT professional at an
SMB is willing to spend. Products include those from Aventail Corp. and
Juniper Networks Inc., and the open source OpenVPN.
• If the worst happens, and a laptop is lost or stolen, a theft should be
reported to the police and to the incident response team, if you have one,
in your IT department. Even without a dedicated information security
team, an SMB's IT staff should be informed of what happened. Free tools,
like LaptopLock, can be used to register your laptops and can then
remotely delete files or encrypt and disable the machine.
• With these options, laptop security can be part of an SMB's overall IT
security program with existing staff at minimal cost.
• Turn on your firewall. When you’re on an open Wi-Fi network,
make sure you have your laptop’s firewall on and blocking
unwanted incoming connections. In Windows’ Control Panel, click
on Windows Firewall. On your Mac, in System Preferences, go to
Security and click on the Firewall tab to turn it on.
• Password protect — or unshare — shared folders. When you’re
at home, sharing a document folder with other computers behind
your firewall is a fine idea. But when you’re out and about, you
may not want everyone to be able to see your collection of family
vacation photos. Make sure your shared folders are password
protected when you’re not on a safe network. Even better, turn
off all sharing when you’re on a public network.
• Use https (secure connections to web sites) whenever
possible. When you’re checking your webmail like Gmail or Yahoo
Mail, or visiting any site with the option, make sure you’re using
the https:// (instead of http://) connection to encrypt any
information you submit there, like your password. Most modern
webmail and calendar programs like Gmail and Google Calendar
offer an https:// option.
• Don’t save your web site passwords in your browser without
encrypting them. Sure, if you save your web site passwords inside
your browser, you save a whole lot of time. However, if a thief,
co-worker, or relative uses your computer, it’s also dead simple
for that person to log into your accounts. Three weeks ago I ran
down how to secure your browser’s saved passwords with an
encrypted master password — do it.
• Lock down your laptop with an actual lock. If you work in a public
place often and tend to leave your laptop unattended, invest $15
to $30 on a physical laptop lock to anchor your notebook to the
desk. It’s a simple way to deter thieves.
• Always have a current backup of your important data. Backing up
your computer will help you restore things in the event of theft or
a hard drive crash or coffee spill. When your laptop is docked back
at home or the office, use an external hard drive to back up your
documents. If you’re constantly on the go, a remote backup
service like Mozy or Carbonite works over the internet in the
background, and can restore your files from anywhere.
• Run anti-virus and malware protection software. Like a backup
system, this is a best practice for all computers, not just your
laptop. Just last week Microsoft released their new and
free Security Essentials software. Download that and scan your
notebook on a regular basis.
Advanced Security
The super-paranoid and technically-inclined can use hacker-level
techniques for locking down files and disks. Those include:
• Encrypting folders and disks. Using free tools you can encrypt an
entire hard drive or just a folder full of files. When you encrypt
data, you use a secret key to scramble it into an unreadable
format, which foils any thieves’ attempts to read your private files.
To decrypt it, you need a master password. On a Mac, you can
create an encrypted disk image by using the Disk Utility
application. Macs also come with File Vault (in System
Preferences, Security), which encrypts your home folders’
contents keeping unwanted eyes out. Windows Vista and the
upcoming Windows 7 offers BitLocker, a data encryption
application. Alternately, you can use a free utility
called TrueCrypt to encrypt a folder or drive.
• Securing your network traffic via an SSH tunnel. Another
common technique among the tech elite is the use of an SSH
tunnel, or a secure connection to an outside computer (like your
home server or office computer) to connect to the internet. From
the network you’re already on, it looks like you’re sending
encrypted information to a single destination; in reality, you’re
using a trusted remote server as a proxy for all your network
activity. Here’s more on how to encrypt your web browsing
 Securing Pen Drives
• How do most corporate data breaches happen? Lost laptops and USB drives.
• Now many businesses have some kind of security practice in place for lost corporate computers,
whetherit's encrypted drives with remote wipe, or a call lost-and-reporting procedure. But how
many have USB drive best practices on the books? Not many.
• Yet USBs, because of their size, are more likely to be lost than laptops or smartphones. And
loaded with sophisticated malware and virus, USB drives have been used to penetrate some of
the world’s most sensitive networks, from the Department of Defense on down.
• So how do you prevent against lost data or network intrusions associated with USB storage
devices or thumb drives? Here are the best practices for designing your company’s USB drive
policy:
• 1. Enable USB functionality on a need-to-have basis. Disable storage devices on computers with
access to sensitive information. It will limit exposure and reduce the risk of unauthorized data
being transferred away from your organization.
• 2. If your business needs USB drives, issue devices that provide whole drive encryption and are
passphrase protected.
• 3. Make sure those drives have remote management options, such as remote wipe or remote
lock. Drives like those from Iron Key have remote administration tools that also enforce strong
passwords, have strict re-entry limits, disable portable applications and, believe it or not, even
self-destruct.
• 4. Look for drives that provide event logging and geotagging, so information on what computer,
and where, is retained on every use.
• 5. Enforce USB scanning on all corporate computers whenever a thumb drive is plugged in. This
can help ensure no malware or malicious programs are on the drive. Allow only corporate signed
and approved applications to be run from the drive.
• 6. Regularly audit USB devices to ensure that only documents in compliance with acceptable
usage are being stored. This is a snatch and scan. It only takes of few of these kinds of trips
around the office before everyone is very aware of the seriousness of the new USB policy.
• 7. Perform regular backups of USB devices internally, including encryption keys, for data
recovery purposes. Ensure that backups are properly safeguarded, and have separate procedures
and security controls for backup of encryption keys. It's also another excellent way to monitor
what information is being moved to and from the device.
• 8. Test data recovery procedures to ensure that the corporate security office can unlock and
access any USB drive, even if an end user or malware maliciously disables the USB drive.
• 9. Ensure that mobile devices with USB storage cards—such as digital cameras and SD Card
readers—have the same controls as any USB drive.
• 10. If possible, issue USB devices with unique serial numbers tagged in the firmware, as well as
etched on the outside cover.
• 11. Know your assets. Have a precise count of the USB devices at your organization. List them by
owner and use. Ban use of all personal USB devices, without question, on any work computers or
for any work use.
• 12. If a USB device is lost, take a look at that latest secure backup to review what was lost and
the potential risk. Consider recovering the drive through those geotagging features or wiping, or
destroying the device with remote administration tools.
• Portable and mobile storage devices are significant players in most corporate offices. Ensuring
proper protection with a best practices policy and strict enforcement offers significant risk
reduction—and can prevent long nights on data breach investigations.
Situations in Which USB Flash Drives Pose a Security Risk:
• When employees unknowingly share USB sticks that carry malware
infections
• When employees pick up unknown thumb drives and plug them into their
computers (Dropping USB flash drives with malware on them is a common
tactic used by black hat developers).
• When employees leave the organization and still retain a USB holding
sensitive information
• When USB flash drives are lost or stolen and information is leaked
• But knowing that USB flash drives can pose a threat to your organization
isn’t enough. You need to put proactive steps in place to ensure that
potential security risks are identified and addressed quickly.
3 Steps to Secure USB Flash Drives
• Only allow employees to download company information onto hardware-
and/or software- encrypted USB flash drives.
• Issue warnings to employees about using USB flash drives that they are
unsure about.
• Deploy software or leverage corporate that only allows company-owned
and/or recognized USB flash drives.
1. Use an Encrypted USB Drive
• There is a very simple solution to the problem, and it only costs a few dollars more
than the drive you may be using now. Everyone should seriously consider an
encrypted USB drive with strong password protection so that if you do lose your USB
drive, the data cannot be accessed. Although your drive is gone, you’ll have the
peace of mind knowing your private information remains safe and sound, locked
away on the USB drive.
2. Educate Yourself
• If you are not paying attention to what is going on and how to protect yourself, your
information, quite frankly, is more prone to be compromised. In other words,
educate yourself on the benefits/differences of using a quality USB flash drive as
opposed to a cheap handout.
3. Encrypt Confidential Data
• Encryption is the most trustworthy means of protecting your confidential or
sensitive data. Encrypted USB drives combine the mobility advantages of using a USB
while protecting the information on the drive. Be sure to check that the user storage
space is 100-percent encrypted; no non-secured storage space should be provided.
• Encrypted USB drives are powerful tools in closing security gaps and helping ensure
security by offering complex password protection, data wiping when password
attempts are exceeded, anti-tampering technology to protect against hackers
accessing the drive’s internal components, and availability in a wide range of
capacities.
4. Know the Best USB Flash Drive Available for
Your Unique Needs
• A simple analysis of what you are using the
USB drive for and the data stored on it, along
with knowing there is a range of easy-to-use,
cost-effective, encrypted USB flash-drive
solutions can go a long way toward managing
your security risks and, quite possibly, saving
yourself some cash and loads of stress. Don’t
overpay for your needs.
5. Confirm Anti-Virus/Malware Protection is Present at Every Entry Point
• Let’s face it, new threats emerge at anytime and from anywhere – email,
websites, and removable media like USB drives and CDs. Up-to-date
anti-virus software is critical in keeping your valuable data safe from
known and unknown threats. Ensure that all endpoint-host computer
systems (i.e., any device outside your personal firewall) are equipped with
up-to-date anti-virus software. Likewise, give consideration to software
programs that extend protection against malware on USB devices when
used in a computer other than your own.
6. Require Hardware-based Encrypted USB Drives
• A USB drive with hardware-based encryption is an excellent,
non-complicated, and simple solution to protect your data from breaches.
Such devices meet tough industry security standards and offer the
ultimate security in data protection to confidently manage threats and
reduce risks. They are self-contained and do not require a software
element on the host computer. No software vulnerability eliminates the
possibility of brute-force, sniffing, and memory hash attacks. Software
encryption is no longer considered a best practice and the new norm is
hardware encryption.
• Hardware-centric/software-free encryption eliminates the most
commonly used attack routes. This same software-free method also
provides complete cross-platform compatibility with any OS or embedded
equipment possessing a USB port and file storage system.
 Physical Security of Devices
1. Password-protect your computing devices.
• While it sounds obvious, if anyone steals your device they will
have to defeat your password to get at your data and accounts,
which will significantly slow attackers. Although it is not
impossible to defeat password protection on a digital device, it
adds a useful layer of protection, buying you time to locate and
recover the device.
2. Always backup your files.
• Why? Even if you can’t recover a stolen device that does not mean
you have to lose all your information and software. Regular
backups are the ultimate defense against theft of your files. There
are plenty of options for backup these days including online
backup. (Here’s an example of an online backup service.)
3. Use tracking software to help get your stolen device back.
• Why? Getting your stolen device back is not impossible,
particularly if the device itself can tell you where it is and you can
communicate with it using a sort of “remote control” via SMS or
other methods. You may even be able to communicate with the
person who has it. (Here’s an example of how one piece
of anti-theft software for PCs.)
4. Don’t tempt thieves with unattended mobile devices, particularly
in public places.
• Why? Leaving your computer or mobile device unattended in a
car, airport or restaurant is akin to asking for it to be stolen. In
a recent survey we found that 1 in 5 stolen devices were taken
from a car, 12% from an airport, train, bus, or other public
transportation, and 11% from a restaurant or coffee shop. (Here’s
an example of anti-theft software for Android devices.)
5. Encrypt sensitive data.
• Why? Storing sensitive data in encrypted files prevents anyone
exploiting your data if your computer is stolen. Note: File
encryption is available free on recent version of both the
Microsoft Windows and apple Mac OS X operating systems. This
step is a lot easier than it used to be, so the pain level is low these
days (unlike in years past).
Physical Controls
• Physical control is the implementation of security measures in a defined structure
used to deter or prevent unauthorized access to sensitive material. Examples of
physical controls are:
• Closed-circuit surveillance cameras
• Motion or thermal alarm systems
• Security guards
• Picture IDs
• Locked and dead-bolted steel doors
• Biometrics (includes fingerprint, voice, face, iris, handwriting, and other automated
methods used to recognize individuals)
Physical controls describe anything tangible that’s used to prevent or detect
unauthorized access to physical areas, systems, or assets. This includes things like
fences, gates, guards, security badges and access cards, biometric access controls,
security lighting, CCTVs, surveillance cameras, motion sensors, fire suppression, as
well as environmental controls like HVAC and humidity controls.

NOTE: (SHOULD READ IN DETAIL ON INTERNET)

https://www.sans.org/reading-room/whitepapers/physical/physical-se
curity-important-37120
 Wi-Fi Security
• Wi-Fi is one entry-point hackers can use to get into
your network without setting foot inside your building
because wireless is much more open to eavesdroppers
than wired networks, which means you have to be
more diligent about security.
• But there’s a lot more to Wi-Fi security than just
setting a simple password. Investing time in learning
about and applying enhanced security measures can
go a long way toward better protecting your network.
Here are six tips to betters secure your Wi-Fi network.
• Step 1. Change the name of your default home network
• If you want to better secure your home network, the first thing
you should do is to change the name of your Wi-Fi network, also
known as the SSID (Service Set Identifier).
• While giving your Wi-Fi a somewhat provocative name such as
“Can’t hack this” may backfire at times, other names such as “this
is not a wifi” or “too fly for a wifi” are perfectly acceptable.
• Changing your Wi-Fi’s default name makes it harder for malicious
attackers to know what type of router you have. If a cybercriminal
knows the manufacturer name of your router, they will know
what vulnerabilities that model has and then try to exploit them.
• We strongly advise not to call your home network something like
“John’s Wi-Fi”. You don’t want them to know at first glance which
wireless network is yours when there are probably three or four
other neighboring Wi-Fis.
• Also, remember that disclosing too much personal information
on a wireless network name may expose you to an identity theft
operation.
• Step 2. Make sure you set a strong and unique
password to secure your wireless network
• You probably know that every wireless
router comes pre-set with a default username
and password, which is needed in the first place
to install and connect your router. The worst part:
it’s easy for hackers to guess it, especially if they
know the manufacturer.
• So, make sure you change them both
immediately.
• A good wireless password should be at least 20
characters long and include numbers, letters, and
various symbols.
Step 3. Increase your Wi-Fi security by activating network encryption
• Wireless networks come with multiple encryption languages, such as WEP, WPA or WPA2.
• To better understand this terminology, WPA2 stands for Wi-Fi Protected Access 2 and is both
a security protocol and a current standard in the industry (WPA2 networks are almost
everywhere) and encrypts traffic on Wi-Fi networks. It also replaces the older and less secure WEP
(Wired Equivalent Privacy) and is an upgrade of the original WPA (Wi-Fi Protected Access)
technology. Since 2006, all Wi-Fi certified products should use WPA2 security.
• WPA2 AES is also a standard security system now, so all wireless networks are compatible with it.
If you want to enable WPA2 encryption on your Wireless router, use these six steps. If you are
using a TP-Link wireless router, here’s how to secure your wireless network.
• The good news is that the WPA3 is already here and will replace WPA2. The Wi-Fi Alliance
recently announced its next-generation wireless network security standard which aims to solve a
common security issue: open Wi-Fi networks. More than that, it comes with security
enhancements and includes a suite of features to simplify Wi-fi security configuration for users
and service providers.
Step 4. Turn off the wireless home network when you’re not at home
• In order to secure your network, we strongly recommend you to disable the wireless home
network, in case of extended periods of non-use. You should do the same thing with all your
devices that are using Ethernet cables or when you won’t be at home.
• By doing this, you are closing any windows of opportunity malicious hackers might attempt to get
access to it while you are away.
• Here are a few advantages of disabling your wireless network:
• Security reasons – Turning off your network devices, it minimizes the chances of becoming a
target for hackers.
• Surge protection – When you power off your network device, you also lower the possibility of
being damaged by electric power surges;
• Noise reduction – Although the modern home networks are much quieter these days, disabling
your wireless home network can add calmness to your home.
• Step 5. Where is the router located in your home?
• You probably haven’t thought about this in the first, but where is your Wi-Fi place in
your home can also have an impact on your security.
• Place the wireless router as close as possible to the middle of your house. Why?
First of all, it will provide equal access to the Internet to all the rooms in your home.
Secondly, you don’t want to have your wireless signal range reach too much outside
your home, where it can be easily intercepted by malicious persons.
• For this reason, we recommend not to place your wireless router close to a window
since there’s nothing to block the signal going outside your home.
• Step 6. Use a strong network administrator password to increase Wi-Fi security
• To set up your wireless router, you usually need to access an online platform or site,
where you can make several changes to your network settings.
• Most Wi-fi routers come with default credentials such as “admin” and
“password” which are such an easy for malicious hackers to break into.
• Did you know that the number of wireless networks has increased dramatically over
the last 8 years? In 2010 there were 20 million Wi-Fi networks around the globe,
and in 8 years, that number increased to 400 million. Smartphones, laptops, tablets
and other devices have driven this growth, and because of how expensive data plans
are, most people choose to connect their device to wireless Internet connections.
• Step 7. Change your default IP address on the Wireless router
• Changing the default IP address to a less common one is another thing you should consider doing
to better secure your home network and make it more difficult for hackers to track it.
• To change the IP address of a router, you should follow these steps:
• Log into your router’s console as an administrator. These basic steps will teach you how to easily
connect to your home network as an admin. Usually, the address bar type looks like
http://192.168.1.1 or http://192.168.0.1
• Once you are there, insert the username and password on the login page;
• Then select Network > LAN which is in the menu of the left side;
• Change the IP address to preference, then click Save.
• Note: After you’ve changed the IP address, you’ll need to type the new IP address into the web
browser bar.
• You can also change the DNS server that your Wireless router is using to filter the Internet traffic
and this guide will show how to do it.
• Step 8. Turn off the DHCP functionality on the router
• To enhance the wireless network security, you should turn off the Dynamic Host Configuration
Protocol (DHCP) server in your router which is what IP addresses are assigned to each device on a
network. Instead, you should make use of a static address and enter your network settings.
• This means that you should enter into your device and assign it an IP address that is suitable to
your router.
• Step 9. Disable Remote Access
• Most routers allow you to access their interface only from a connected device. However, some of
them allow access even from remote systems.
• Once you turned off the remote access, malicious actors won’t be able to access your router’s
privacy settings from a device not connected to your wireless network.
• To make this change, access the web interface and search for “Remote access” or “Remote
Administration“.
• Step 10. Always keep your router’s software up-to-date
• The software is an essential part of your wireless network security. The
wireless router’s firmware, like any other software, contains flaws which
can become major vulnerabilities and be ruthlessly exploited by hackers,
as this unfortunate family would find out.
• Unfortunately, many wireless routers don’t come with the option to
auto-update their software, so you have to go through the hassle of doing
this manually.
• And even for those Wi-Fi networks that can auto-update, it still requires
you to switch on this setting. But, we remind you about the importance of
software patching and how neglecting to do this can leave open doors for
cybercriminals to exploit various vulnerabilities.
• Step 11. A firewall can help secure your Wi-fi network
• Firewalls aren’t just software programs used on your PC, they also come
in the hardware variety.
• A hardware firewall does pretty much the same thing as a software one,
but its biggest advantage is that it adds one extra layer of security.
• The best part about hardware firewalls is that most of the best wireless
routers have a built-in firewall that should protect your network from
potential cyber attacks.
• Step 12. Enhance protection for the devices most frequently connected
to your home network
• Important: Do not leave any exposed vulnerabilities for online criminals
to pick on!
• Even though you’ve increased protection for your router and home
network, you need to make sure you don’t have any security holes that
can be exploited by online criminals.
• Here’s what we recommend you to do:
• Remember to always keep your devices up to date with the most recent
software available;
• Always apply the latest security patches to ensure no security hole is left
open to malicious actors.
• check which devices connect most often to your home network and make
sure they have antivirus and/or an anti-malware security software
installed. If you don’t know which one should you choose, this guide will
be very useful.
• Make sure to protect your devices using multiple security
layers consisting of specialized security software such as updated
antivirus programs and traffic filtering software. You may consider using
an antimalware software program like our Thor Foresight or
Malwarebytes.
 Email Security
• Email security refers to the collective measures used to secure the access and
content of an email account or service. It allows an individual or organization to
protect the overall access to one or more email addresses/accounts.
• An email service provider implements email security to secure subscriber email
accounts and data from hackers - at rest and in transit.
• Email security is a broad term that encompasses multiple techniques used to secure
an email service. From an individual/end user standpoint, proactive email security
measures include:
❑ Strong passwords
❑ Password rotations
❑ Spam filters
❑ Desktop-based anti-virus/anti-spam applications
• Similarly, a service provider ensures email security by using strong password and
access control mechanisms on an email server; encrypting and digitally signing email
messages when in the inbox or in transit to or from a subscriber email address. It
also implements firewall and software-based spam filtering applications to restrict
unsolicited, untrustworthy and malicious email messages from delivery to a user’s
inbox.
How can email messages be compromised?
• While many cybersecurity professionals are aware of common
email security threats like phishing, ransomware, business email
compromise, and other inbound threats, it's important to also
consider data protection and securing outbound traffic. That is,
putting measures in place to prevent users from sending sensitive
data via email to external parties. There are four main
components of an email message that can be compromised or
manipulated:
• The body of the email
• The attachments of the email
• URLs contained within the email
• The sender's email address
What are email security best practices?
• Email security best practices include the use of a robust email
security posture that contains layers of security measures,
including effective security intelligence across your entire
architecture, retrospective remediation, and encryption to
prevent data leakage among other features.
Run regular phishing exercises
• Your employees are your greatest defense against phishing, especially the most
tailored phishing attempts. Employees who can learn to recognize a phishing
attempt outright can stop the number one source of endpoint compromise.
Use multifactor authentication
• In the event that a corporate email account's credentials are successfully stolen,
multifactor authentication can prevent an attacker from gaining access to the
account and wreaking havoc.
Ensure you can quarantine and remediate
• Message quarantine functionality is useful to hold a message while a file attachment
is analyzed prior to either releasing the message to the recipient, removing the
malicious attachment, or removing the message completely. Email remediation
helps if a file is detected as malicious after delivery to the recipient. It allows you to
go back and quarantine the message with a malicious attachment from within a
mailbox.
Harness threat intelligence
• External email threat feeds in Structured Threat Information Expression (STIX) are
now commonly used by email security products, which is helpful should an
organization want to use a vertical-focused threat feed beyond the native threat
intelligence in the product.
Consider an integrated cybersecurity solution
• Integration of email security with broader security portfolios is also becoming
common to determine if advanced malware or messages in an environment may
have been delivered to particular users or inboxes.
1. Familiarize Yourself with Common Phishing Schemes
• Phishing is a common scamming practice that is quite sneaky. Scammers pose as well known
companies and request private information about its recipients.
• Since these emails often seem to come from reputable sources, such as PayPal, banks and other
large companies, they often are effective in their data collection. Many people don’t think twice
before entering their information in order to continue their subscriptions or collect a prize or
payment.
• One of the telltale signs of a phishing email is poor spelling, improper grammar and an
uncomfortable or robot-like writing style.
• There are a few major phishing practices that you should look out for so that you can avoid
jeopardizing your email security.
• 5 Common Phishing Practices
•
• Deceptive Phishing: Deceptive fishing is when a scammer sends an email under the guise of a
reliable company.
• Spear Phishing: Spear phishing uses information about the target in order to build trust and
increase the chances of the scam working.
• Whaling: This type of phishing targets CEOs so that hackers can penetrate the company from the
top.
• Pharming: Pharming is when scammers redirect safe domains to unsafe ones by toying with IP
addresses.
• Google Drive/Dropbox Phishing: This type of phishing is among the most difficult to detect. It
duplicates cloud folder login pages and requests your login info. When scammers have these login
credentials, it usually opens access to a plethora of sensitive information.
2. Protect Your Account with an Unbeatable Password
• The days of using “password123” as your password are long gone. (Yes, some people actually
used passwords like these because they are easy to remember).
• Many sites have upped the password requirements to include a number, special symbol and both
uppercase and lowercase letters.
• It is suggested that you don’t use your name, phone number, address or company name in your
password. You do not want something that is easy to guess.
3. Prohibit Personal Use of Company Emails
• Let your employees know that their company email addresses should be used for business and
nothing more.
• If people list their work email addresses on personal accounts, more mail is being sent and
received. This greatens the chances of a bad apple spoiling the whole account.
• Minimizing personal use of the company emails makes for a more secure email.
4. Implement Two-Factor Authentication
• Two-step authentication is a major tool against phishing. This way you can be sure that your login
information is being used to log you into your intended site or portal, not a phony form used to
steal your precious data.
• The extra step may take a little bit more time, but it puts up an extra wall of protection around
your accounts.
5. Avoid Opening Unfamiliar Attachments
• Never ever open an attachment from an unfamiliar sender. Unsafe links, malware and viruses are
often hidden in unsuspecting attachments.
• If you are unsure about an attachment, you should run a virus and malware scan to see if it’s safe
or not.
• Take note that dangerous attachments can come in any format, but .HTML attachments are a
commonly used phishing tactic.
6. Run Malware and Virus Scans
• Malware and virus scans are essential since many unsafe links and attachments are hidden quite carefully.
• Some of the best virus and malware scans include McAfee Total Protection, Kaspersky Anti-Virus, Bitdefender Total
Security and Check Point ZoneAlarm Anti-Ransomware.
• This sort of software is worth investing in. It could save you quite a bit of pain and hassle in the long run.
7. Don’t Open Your Inbox When Connected to Public Wifi
• Connecting to public WiFi networks makes all of the sensitive information on your computer vulnerable to anybody
else connected to the same network. Your email is no exception.
• Avoid checking your email on the internet at coffee shops or internet cafes at all costs. Predators like to hack people
who are working in these places.
• If you are checking your email while you’re out and about, the best bet is to open it using your internet data on your
phone or using your connecting your laptop to your phone’s wireless hotspot.
8. Use a Powerful Spam Filter
• Most email platforms, including Google and Office 365, have built-in spam filters. Often times, you have the ability
to turn the spam filter on and off.
• Users also have the ability to customize their spam filters to weed out emails that include certain words or come
from certain senders.
• This helps to protect your email from scammers and phishers.
9. Avoid Clicking the “Unsubscribe” Button in Unsafe Emails
• Unsubscribing when you get an email that you wish you hadn’t received may seem like the most logical action, and
that is why many phishers disguise their unsafe links as an “Unsubscribe” buttons.
• While hitting the “Unsubscribe” button may be tempting, resist the urge. Instead of unsubscribing, mark unwanted
emails as junk and delete them promptly.
• The best way to unsubscribe from an email that you believe you’ve signed up for is heading directly to the website
and logging in a secure portal. You’ll likely have the ability to change your communication options. Do not follow the
link from the email.
10. Educate Your Entire Company
• Unless your entire company gets on board with the best email security practices, your inboxes may still be at risk.
After all, you’re only as strong as your weakest link.
• Include email security lessons in your company’s new member orientation and employee handbooks. Make sure
that the whole team is well-informed. This is certainly the most important part of ensuring your email security.
 Browser Security
• Web browsers are designed to store information for your
convenience, but that information can also fall into the wrong
hands.
• The web browser is inarguably the most common portal for users
to access the internet for any given array of consumer or business
purposes. Innovative advances have allowed many traditional
"thick client" apps to be replaced by the browser, enhancing its
usability and ubiquity. User-friendly features such as recording
browsing history, saving credentials and enhancing visitor
engagement through the use of cookies have all helped the
browser become a "one stop shopping" experience.
• However, the browser also has the potential to betray the user
through the very same options which are intended to make life
easier since it serves as a ripe target for the theft of confidential
data because it holds so many proverbial eggs in its basket.
Here is a summary of their findings along with some other tips for protection:
1. Accessing browser history
• Your browser history is a veritable map of where you go on the internet and for what purpose. And it's not only possible to tell where
you've been, but when you've been there, establishing your behavioral patterns.
• Knowing you access certain sites can lead to phishing attacks against you to obtain your credentials for those sites (assuming you
haven't stored this information in the browser), establishing your purchasing habits (for instance if you are a football fan and visit NFL
sites, your credit card company isn't likely to raise an eyebrow if a slew of charges for football merchandise start showing up on your
compromised credit card) or even blackmail if the site(s) in question prove illegal or unethical, or allegations thereof can be made.
• Recommendations:
• Clearing the browser cache is a good way to flush potentially damaging information, especially after engaging in confidential activities
such as conducting online banking. This can be performed manually or set to do so automatically such as when closing the browser
(Google the details for your browser version and operating system to carry out this and the other recommendations as the steps
involved may be subject to change).
• Use incognito mode (private browsing) since no harvestable data is stored (if you must use a public system, always make sure to do so
with incognito mode).
2. Harvesting saved login credentials
• Saved logins paired with bookmarks for the associated sites you visit are a deadly combination. Two mouse clicks might be all it takes
for a criminal to have access to your banking/credit card website. Some sites do use two-factor authentication, such as texting access
codes to your mobile phone, but many of them utilize this on a one-time basis so you can confirm your identity on the system you're
connecting from. Unfortunately, that system is then deemed trusted, so subsequent access may go entirely unchallenged.
• Saved credentials associated with your email account is basically like Kryptonite to Superman in a scenario like this. An attacker who
can get into your email can reset your password on almost any other website you access. And keep in mind they might not need to be
on your system to do so - if they obtain your email address and password they can work at leisure from any other system they choose.
• Just taking a series of screenshots (or even utilizing the camera on a mobile phone) can allow an attacker on your system to record all of
your saved passwords. Firefox lets you view these quite easily. While Chrome at least requests your logon password to do so, as stated
resetting this is quite easy with administrative access (which can be simple to obtain thanks to password reset utilities such as Offline
NT Password and Registry Editor).
• Recommendations:
• Don't save credentials in the browser. Instead, take advantage of free password managers such as KeePass or Password Safe to store
passwords (never write them down) via a central master password. These password managers can securely store all your website
passwords. A password manager can even access a saved URL and login for you, adding to the convenience and security of your
information.
3. Obtaining autofill information
• Autofill information can also be deadly. Chrome can save your home address information to make it easier to shop online, but what if
your device fell into the wrong hands? Now an attacker knows where you live - and probably whether you're home.
• Recommendations:
• Turn off autofill for any confidential or personal details.
• 4. Analyzing cookies
• Cookies (files stored locally which identify users/link them to sites) are another potential attack
vector. Like the browsing history, they can reveal where you go and what your account name
might be.
• As with #1, incognito mode can also come in handy here.
• Recommendations:
• Disabling cookies is touted as a potential solution, but this has been a problematic "fix" for years
since many sites depend on cookies or at least severely limit your functionality (or possibly annoy
you with nagging prompts) if these are turned off.
• Instead, purging cookies periodically can help protect you, though be prepared to enter
information repeatedly as prompted by websites.
• 5. Exploring the browser cache
• The browser cache involves storing sections of web pages for easier access/loading on subsequent
visits, which can outline where you've been and what you've seen. Malware can be tailored to
prey upon cache data as well.
• Exabeam also considered location history and device discovery to be risky elements in their blog
post, stating these could expose user location and other devices used.
• Recommendations:
• As with #1 and #4, incognito mode can also come in handy here, or manually clear the cache as
needed, particularly after sensitive operations.
 Browser Security
• Don't rely on your browser to protect you from malicious Websites. Browsers only warn
you about sites but cannot stop you from going there. Even if you have high security settings
and anti-virus software, visiting a risky Web site can result in viruses, spyware or worse.
• Keep your browser software up-to-date. New patches are often released to fix existing
vulnerabilities in browser software, so having the most up-to-date versions is critical.
• Run anti-virus software and scan files before downloading. Anti-virus software provides
protection by scanning for and removing malicious files on your computer and avoid
downloading anything until you’re confident that it is secure. If you have any suspicion that a
file may not be legitimate or may be infected, scan it with anti-virus software before
downloading.
• Use HTTPS. The “s” in “https” stands for secure, meaning that the Website is employing SSL
encryption. Check for an “https:” or a padlock icon in your browser’s URL bar to verify that a
site is secure before entering any personal information.
• Don’t reuse passwords. Using the same password for multiple sites only makes it easier for
attackers to compromise your sensitive information. Instead, keep track of your different
passwords with a handwritten list that you keep in a safe place or come up with your own
algorithm for creating unique passwords that only you would know. It is also recommended
that you change your passwords every 90 days.
• Disable auto-complete for forms or remember your
passwords features. Nearly all browsers and many websites in general
offer to remember your passwords for future use and Web sites can use
hidden fields to steal the data from forms. Enabling these features make
them easier for an attacker to discover if your system gets compromised.
Also, criminals can hijack your browsing session and steal your information
if you stay logged-in to a site. If you have these features enabled, disable
them and clear your stored passwords.
• Read privacy policies. Websites’ privacy policies and user agreements
should provide details as to how your information is being collected and
protected as well as how that site tracks your online activity. Websites
that don’t provide this information in their policies should generally be
avoided.
• Regularly monitor your bank statements. Keeping an eye on your online
statements will allow you to react quickly in the event that your account
has been compromised.
• Avoid public or free Wi-Fi. Attackers often use wireless sniffers to steal
users’ information as it is sent over unprotected networks. The best way
to protect yourself from this is to avoid using these networks altogether.
• Turn on your browser’s popup blocker. Popup blocking is now a standard
browser feature and should be enabled any time you are surfing the Web.
If it must be disabled for a specific program, turn it back on as soon as that
activity is complete.
 Email Architecture
• The E-mail or Electronic mail is the type of service or a system provided by various
companies such as google (Gmail), Microsoft (outlook), etc in which distribution of
massage by electronic means from one user to other user/users’ recipients occurs
via a network.
• The main components of e-mail system that facilitate sending and receiving of e-mail
on internet are:
An e-mail client
An e-mail server
Some protocols like SMTP (Simple Mail Transfer Protocol), POP (Post Office
Protocol), IMAP (Internet Massage Access Protocol)
Working:-
• For transferring an e-mail from one user to another first the massage/mail goes to
user agent (UA) which provides services to make the process of sending and
receiving the e-mail easy on both ends then the message/mail is composed and sent
to Message Transfer Agent (MTA), it follows some protocols for travelling from one
server to other over internet which are SMTP (Simple Mail Transfer Protocol), POP
(Post Office Protocol {now a days POP3(the new version of POP)}), IMAP (Internet
Massage Access Protocol) and then the message/mail is received at another terminal
by Massage Access Agent (MAA) then the e-mail is further goes to User Agent (UA)
which receives it and provides it to end user.
 • Most widely used application on the Internet.
• For sending mails:
❑ Simple Mail Transfer Protocol (SMTP)
❑ Multi-purpose Internet Mail Extension (MIME)
• For receiving mails:
❑ Post office protocol version 3 (POP3)
❑ Internet mail access protocol (IMAP)
• E-mail system normally consists of two sub systems
• 1. the user agents
• 2. the message transfer agents
• The user agents allow people to read and send
e-mails. The message transfer agents move the
messages from source to destination. The user
agents are local programs that provide a command
based, menu-based, or graphical method for
interacting with e-mail system. The message
transfer agents are daemons, which are processes
that run in background. Their job is to move
datagram e-mail through system.
• A key idea in e-mail system is the distinction between the envelope and its contents.
The envelope encapsulates the message. It contains all the information needed for
transporting the message like destinations address, priority, and security level, all of
which are distinct from the message itself.
• The message transport agents use the envelope for routing. The message inside the
envelope consists of two major sections:
•
• The Header:
• The header contains control information for the user agents. It is structured into
fields such as summary, sender, receiver, and other information about the e-mail.
• · Body:
• The body is entirely for human recipient. The message itself as unstructured text;
sometimes containing a signature block at the end
• 2 Header format
• The header is separated from the body by a blank line.
• consists of following fields
• · From: The e-mail address, and optionally name, of the sender of the message.
• · To: one or more e-mail addresses, and optionally name, of the receiver’s of the
message.
• · Subject: A brief summary of the contents of the message.
• · Date: The local time and date when the message was originally sent
• 3 User agents:
• It is normally a program and sometimes called a mail reader. It accepts a
variety of commands for composing, receiving, replying messages as well
as manipulating the mail boxes. Some user agents have a fancy menu or
icon driven interfaced that require a mouse where as others are one
character commands from keyboard. Functionally these are same. Some
systems are menu or icon driven but also have keyboard shortcuts.
• To send an e-mail, user provides the message, the destination address and
possibly some other parameters. Most e-mail system supports mailing
lists.
• Example: Reading e-mail
• When a user is started up, it looks at the user’s mailbox for incoming
e-mail before displaying anything on the screen. Then it announces the
number of messages in the mailbox or displays a one-line summary of
each e-mail and wait for a command.
• 4 E-mail Services
• Basic services:
• E-mail systems support five basic functions. These basic functions are:
• 1. Composition:
• It refers to the process of creating messages and answers. Any text editor can be used for the
body of the message, the system itself can provide assistance with addressing and the numerous
header fields attached to each message.
• For example: when answering a message, the e-mail system can extract the originator’s address
from the incoming e-mail and automatically insert it into the proper place in the reply.
• 2. Transfer:
• It refers to moving messages from the originator to the recipient. This requires establishing a
connection to the destination or some intermediate machine, outputting the message, and finally
releasing the connection. E-mail does it automatically without bothering the user.
• 3. Reporting:
• It refers to acknowledging or telling the originator what happened to the message. Was the
message delivered? Was it rejected? Numerous applications exist in which confirmation of
delivery is important and may even have a legal significance. E-mail system is not very reliable.
• 4. Displaying
• The incoming message has to be displayed so that people can read their e-mail. Sometimes
conversation is required or a special viewer must be invoked. For example: if message is a
postscript file or digitized voice. Simple conversations and formatting are sometimes attempted.
• 5. Disposition
• It is the final step and concerns what the recipient does with the message after receiving it.
Possibilities include throwing it away before reading, throwing it away after reading, saving it, and
so on. It should be possible to retrieve and reread saved messages, forward them or process them
in other ways.
•
• Advanced services:
• In addition to these basic services, some e-mail systems provide a variety of advanced features.
• · When people move or when they are away for some period of time, they want their e-mail to be
forwarded, so the system should do it automatically.
• · Most systems allow user to create mailboxes to store incoming e-mails. Commands are needed
to create and destroy mailboxes, inspect the contents of mailboxes, insert and delete messages
from the mailboxes.
• · Corporate managers often need to send messages to each of their subordinates, customers, or
suppliers. This gives rise to the idea of mailing list, which is a list of e-mail addresses. When a
message is sent to the mailing list, identical copies are delivered to everyone on the list.
• · Carbon copies, blind Carbon copies, high priority e-mail, secret e-mail, alternative recipient’s if
primary one is not currently available, and the ability for secretaries to read and answer their
bosses e-mail.
• · E-mail is now widely used within an industry for intra company communication. It allows
far-flung employees to cooperate on projects.

• https://devyanibajadeja.wordpress.com/electronic-mail-smtp-popimap-and-mime/
 Email Tracing
• EmailTracer is a tool to track email sender’s identity. It analyzes the email
header and gives the complete details of the sender like IP address, which
is key point to find the culprit and the route followed by the mail, the Mail
Server, details of Service Provider etc. EmailTracer traces up to Internet
Service Provider level only. Further tracing can be done with the help of
ISP and law enforcement agencies. The message-id will be useful for
analyzing the mail logs at ISP.
• What email provider do you use?
• To find the IP address of a received email you're curious about, open the
email and look for the header details. How you find that email's header
depends on the email program you use. Do you use Gmail or Yahoo?
Hotmail or Outlook?
• For example, if you're a Gmail user, here are the steps you'd take:
• Open the message you want to view
• Click the down arrow next to the "Reply" link
• Select "Show Original" to open a new window with the full headers
• The first thing you do when you hear that email notification is
check the sender, right? It is the quickest way to figure out who
the email is from, as well as the likely content.
Why Trace An Email Address?
• Before learning how to trace an email address, let's consider why
you would do it in the first place.
• In this day and age, malicious emails are all too frequent. Scams,
spam, malware, and phishing emails are a common inbox sight. If
you trace an email back to its source, you have a slight chance of
discovering who (or where!) the email comes from.
• In other cases, you can trace the origin of an email to block a
persistent source of spam or abusive content, permanently
removing it from your inbox; server administrators trace emails
for the same reason.
• How To Trace An Email Address
• You can trace an email address to its sender by looking at the full email header. The
email header contains routing information and email metadata---information you
don't normally care about. But that information is vital to tracing the source of the
email.
• Most email clients don't display the full email header as standard because it is full of
technical data and somewhat useless to an untrained eye. However, most email
clients do offer a way of checking out the full email header. You just need to know
where to look, as well as what you're looking at.
• Gmail Full Email Header: Open your Gmail account, then open the email you want
to trace. Select the drop-down menu in the top-right corner, then Show
original from the menu.
• Outlook Full Email Header: Double-click the email you want to trace, the head
to File > Properties. The information appears in the internet headers
• Apple Mail Full Email Header: Open the email you wish to trace, then head to View
> Message > Raw Source.
• 3 Free Tools To Trace Emails And IP Addresses
• Of course, there are some handy tools out there
that automate this process for you. It is handy to
learn about full email headers and their contents,
but sometimes you need quick information.
• Check out the following header analyzers:
• GSuite Toolbox Messageheader
• MX Toolbox Email Header Analyzer
• IP-Address Email Header Trace(email header
analyzer + IP address tracer)
• What Is an Email Header
• Each email you receive comes with headers. The headers contain
information about the routing of the message and the originating
Internet Protocol address of the message. Not all electronic
messeges you receive will allow you to track them back to the
originating point and depending on how you send messages
determines whether or not they can trace an email address back
to you. The headers don't contain any personal information. At
most, the results of the trace will show you the origination IP and
the computer name that sent the email. After viewing the trace
information, the initiating IP can be looked up to determine from
where the message was sent. IP address location information
DOES NOT contain your street name, house number, or phone
number. The trace will most likely determine the city and the ISP
the sender used.
• NOTE: EMAIL TRACKING and EMAIL TRACING are Different
• Email tracking is a method for monitoring the delivery of email
messages to the intended recipient. Most tracking technologies
use some form of digitally time-stamped record to reveal the
exact time and date that an email was received or opened, as well
the IP address of the recipient.
• https://www.youtube.com/watch?v=3XqJ3l4tpuU
 Secure Download
• The Secure Download Manager (SDM) is a program for downloading files
securely from a web store. When you download software from a web
store that uses the SDM, you will be prompted to download and install the
SDM to your computer. The SDM provides for secure, effective and
efficient file downloads, especially for files that are too large for some
browsers to download. You receive the software that you ordered safely
and completely.
Features
• Resumes unfinished or interrupted downloads from where they left off
• Simple installation wizard
• Multiple files can be downloaded at the same time
• You decide when to download
• Easily handles large files (larger than 2 GB)
• Ensures your files are secure by using encrypted data
• Easy downloading with one click
• Scared that you might download the virus that's
going to destroy your computer? Wondering
whether the file you're downloading is safe or
not?
 Secure Apps
• What is Application Security???
• Application security is the discipline of processes, tools
and practices aiming to protect applications from
threats throughout the entire application lifecycle.
Cyber criminals are organized, specialized, and
motivated to find and exploit vulnerabilities in
enterprise applications to steal data, intellectual
property, and sensitive information. Application
security can help organizations protect all kinds of
applications (such as legacy, desktop, web, mobile,
micro services) used by internal and external
stakeholders including customers, business partners
and employees.
• What is application security?
• Application security describes security measures at the application level
that aim to prevent data or code within the app from being stolen or
hijacked. It encompasses the security considerations that happen during
application development and design, but it also involves systems and
approaches to protect apps after they get deployed.
• Application security may include hardware, software, and procedures that
identify or minimize security vulnerabilities. A router that prevents anyone
from viewing a computer’s IP address from the Internet is a form of
hardware application security. But security measures at the application
level are also typically built into the software, such as an application
firewall that strictly defines what activities are allowed and prohibited.
Procedures can entail things like an application security routine that
includes protocols such as regular testing.
• Application security definition
• Application security is the process of developing, adding, and testing
security features within applications to prevent security vulnerabilities
against threats such as unauthorized access and modification.
Why application security is important
• Application security is important because today’s applications are often available over various networks and
connected to the cloud, increasing vulnerabilities to security threats and breaches. There is increasing pressure and
incentive to not only ensure security at the network level but also within applications themselves. One reason for
this is because hackers are going after apps with their attacks more today than in the past. Application security
testing can reveal weaknesses at the application level, helping to prevent these attacks.

Types of application security

• Different types of application security features include authentication, authorization, encryption, logging, and
application security testing. Developers can also code applications to reduce security vulnerabilities.
• Authentication: When software developers build procedures into an application to ensure that only authorized
users gain access to it. Authentication procedures ensure that a user is who they say they are. This can be
accomplished by requiring the user to provide a user name and password when logging in to an application.
Multi-factor authentication requires more than one form of authentication—the factors might include something
you know (a password), something you have (a mobile device), and something you are (a thumb print or facial
recognition).
• Authorization: After a user has been authenticated, the user may be authorized to access and use the application.
The system can validate that a user has permission to access the application by comparing the user’s identity with a
list of authorized users. Authentication must happen before authorization so that the application matches only
validated user credentials to the authorized user list.
• Encryption: After a user has been authenticated and is using the application, other security measures can protect
sensitive data from being seen or even used by a cybercriminal. In cloud-based applications, where traffic containing
sensitive data travels between the end user and the cloud, that traffic can be encrypted to keep the data safe.
• Logging: If there is a security breach in an application, logging can help identify who got access to the data and how.
Application log files provide a time-stamped record of which aspects of the application were accessed and by
whom.
• Application security testing: A necessary process to ensure that all of these security controls work properly.
• Application security in the cloud
• Application security in the cloud poses some extra challenges. Because cloud
environments provide shared resources, special care must be taken to ensure that
users only have access to the data they are authorized to view in their cloud-based
applications. Sensitive data is also more vulnerable in cloud-based applications
because that data is transmitted across the Internet from the user to the application
and back.

• Mobile application security

• Mobile devices also transmit and receive information across the Internet, as
opposed to a private network, making them vulnerable to attack. Enterprises can
use virtual private networks (VPNs) to add a layer of mobile application security for
employees who log in to applications remotely. IT departments may also decide to
vet mobile apps and make sure they conform to company security policies before
allowing employees to use them on mobile devices that connect to the corporate
network.
• Web application security
• Web application security applies to web applications—apps or services that users
access through a browser interface over the Internet. Because web applications live
on remote servers, not locally on user machines, information must be transmitted to
and from the user over the Internet. Web application security is of special concern to
businesses that host web applications or provide web services. These businesses
often choose to protect their network from intrusion with a web application firewall.
A web application firewall works by inspecting and, if necessary, blocking data
packets that are considered harmful.
• What are application security controls?
• Application security controls are techniques to enhance the security of an
application at the coding level, making it less vulnerable to threats. Many of these
controls deal with how the application responds to unexpected inputs that a
cybercriminal might use to exploit a weakness. A programmer can write code for an
application in such a way that the programmer has more control over the outcome
of these unexpected inputs. Fuzzing is a type of application security testing where
developers test the results of unexpected values or inputs to discover which ones
cause the application to act in an unexpected way that might open a security hole.

• What is application security testing?

• Application developers perform application security testing as part of the software
development process to ensure there are no security vulnerabilities in a new or
updated version of a software application. A security audit can make sure the
application is in compliance with a specific set of security criteria. After the
application passes the audit, developers must ensure that only authorized users can
access it. In penetration testing, a developer thinks like a cybercriminal and looks for
ways to break into the application. Penetration testing may include social
engineering or trying to fool users into allowing unauthorized access. Testers
commonly administer both unauthenticated security scans and authenticated
security scans (as logged-in users) to detect security vulnerabilities that may not
show up in both states.
 Spam Mails
• Spam email is unsolicited and unwanted junk email sent out in bulk to an indiscriminate recipient
list. Typically, spam is sent for commercial purposes. It can be sent in massive volume by botnets,
networks of infected computers.
• Why do people send out spam email?
• Often, spam email is sent for commercial purposes. While some people view it as unethical, many
businesses still use spam. The cost per email is incredibly low, and businesses can send out mass
quantities consistently. Spam email can also be a malicious attempt to gain access to your
computer.
• How do you stop spam email?
• Spam email can be difficult to stop, as it can be sent from botnets. Botnets are a network of
previously infected computers. As a result, the original spammer can be difficult to trace and stop.
• If you receive a message that appears to be spam--for example, if you don’t recognize the
sender--mark the message as spam in your email application. Don't click any links or attached
files, including opt-out or unsubscribe links. Spammers sometimes include these links to confirm
that your email address is legitimate, or the links may trigger malicious webpages or downloads.
• Is spam email dangerous?
• Spam email can be dangerous. It can include malicious links that can infect your computer with
malware (see What is malware?). Do not click links in spam. Dangerous spam emails often sound
urgent, so you feel the need to act. Keep reading to learn about some of the basic spam types.
• Why do I get spam emails?
• Your email address was exposed during a data leakage. This is the main reason behind spam
email spreading, which happens even to the large organizations like Adobe, LinkedIn, Last.FM. It is
a security threat because it may include names, passwords, and email addresses. Spammers use
this data for illegal activities knowing that the majority of emails are active.
• Your email was harvested by a specialized tool. If you ever published your email address on the
internet, spammers may steal it using tools for crawling the internet for an @ symbol, which is
mostly used at the beginning of the email domain — for example, [email protected].
• Your email was stolen from someone’s contact list. If spammers figure out an email address and
password of your friend, they scan the contact list to get new addresses and send more spam.
• Your email was randomly generated. Cybercriminals combine common user names with popular
domain names like @gmail.com or @yahoo.com. They send spam emails to all generated email
addresses, and if the email was delivered and opened, it signals that the email address is real.
• A dishonest company sold your email. Some dirty players on the email market sell their mailing
list to spammers.
• How can I stop spam?
• Don’t respond to spam. Our first tip for stopping spam is: stop responding to spam. Have you ever read a comically bad spam email and wondered “Who actually clicks or responds to
these things?” Well, wonder no more. In a spam survey conducted by the Messaging, Malware and Mobile Anti-Abuse Working Group, 46% of respondents said they clicked or replied to
spam out of curiosity, to unsubscribe, or to learn more about the products/services being offered. Don’t be one of these people. By responding to spam you demonstrate to spammers
that your email is valid and they will send you more spam.
• The same advice applies to mobile phone spam. Just hang up and add the caller to your smartphone’s blocked numbers list. If it’s a text message you can copy and forward it to the
number 7726 (SPAM), doing so improves your phone carrier’s ability to filter out spam messages.
• By pressing “one” to opt-out or engaging with scammers in any way, you’re demonstrating that your phone number is valid and that you will respond. Moreover, by speaking, scammers
can record your voice and use audio samples of you saying “yes” to authorize charges for things and services you don’t want.
• Turn your spam filter on. The email providers do the hard work when it comes to stopping spam. Most bulk email never even makes it past our email filters and into our inbox. Granted,
legitimate emails sometimes make their way, erroneously, into the spam folder, but you can prevent this from happening in the future by flagging these emails as “not spam,” and adding
legitimate senders to your contacts list.
• Turn macros off. Definitely don’t enable macros by default. And if someone emails you an attachment and the document asks you to “enable macros,” click “no”—especially if you don’t
know the sender. If you suspect it may be a legitimate attachment, double check with the sender, and confirm that they, indeed, sent you the file.
• Learn how to spot phishing emails. Here are the five red flags for spotting a phishing email. If you see any of these, then you’re probably looking at a phishing email.
• The sender’s address isn’t correct. If it’s a legitimate email the sender’s address should match the domain for the company they claim to represent. In other words, emails from PayPal
always come from [email protected] and emails from Microsoft always come from [email protected].
• The sender doesn’t seem to actually know who you are. Legitimate emails from companies and people you know will be addressed to you by name. Phishing emails often use generic
salutations like “customer” or “friend.”
• Embedded links have unusual URLs. Vet the URL before clicking by hovering over it with your cursor. If the link looks suspicious, navigate to the website directly via your browser. Same for
any call-to-action buttons. Hover over them with your mouse before clicking. If you’re on a mobile device, navigate to the site directly or via the dedicated app. Text message spam often
includes links to spoofed sites designed to capture your login.
• Typos, bad grammar, and unusual syntax. Does it look like the email was translated back and forth through Google Translate several times? It probably was.
• The email is too good to be true. Advance-fee scams work because they offer a huge reward in exchange for very little work. But if you take some time to actually think about the email,
the content is beyond reason.
• There are attachments. In the world of email communication and marketing, attachments are a big no-no, and businesses generally don’t send emails with attachments.
• Use multi-factor authentication. With two-factor or multi-factor authentication, even if your username and password are compromised via a phishing attack, cybercriminals won’t be able
to get around the additional authentication requirements tied to your account. Additional authentication factors include secret questions or verification codes sent to your phone via text
message.
• Install cybersecurity. In the event that you click a bad link or download malware sent to you via spam, good cybersecurity software will recognize the malware and shut it down before it
can do any damage to your system or network. With products for home and business, Malwarebytes has got you covered wherever technology takes you. Not to mention threat
protection on the go—Malwarebytes for iOS blocks all unwanted calls and text messages. And if you click a malicious link in a spam text, Malwarebytes will stop the bad site from loading.
 Identity theft
• What Is Identity Theft?
• Identity theft is the crime of obtaining the personal or
financial information of another person for the sole
purpose of assuming that person's name or identity to
make transactions or purchases. Identity theft is
committed in many different ways. Some identity
thieves sift through trash bins looking for bank
account and credit card statements; other more
high-tech methods involve accessing corporate
databases to steal lists of customer information. Once
they have the information they are looking for,
identity thieves can ruin a person's credit rating and
the standing of other personal information.
• Types of identity theft
• Identity theft is categorized in two ways: true name and account takeover. True-name identity theft means the thief uses personal information
to open new accounts. The thief might open a new credit card account, establish cellular phone service or open a new checking account to
obtain blank checks.
• Account-takeover identity theft is when the imposter uses personal information to gain access to the person's existing accounts. Typically, the
thief will change the mailing address on an account and run up a huge bill before the victim realizes there is a problem. The internet has made
it easier for identity thieves to use the information they've stolen since transactions can be made without any personal interaction.
• There are many different examples of identity theft, including:
• Financial identity theft. This is the most common type of identity theft. Financial identity theft seeks economic benefits by using a stolen
identity.
• Tax-related identity theft. In this type of exploit, the criminal files a false tax return with the Internal Revenue Service (IRS). Done by using a
stolen Social Security number.
• Medical identity theft. Where, the thief steals information like health insurance member numbers, to receive medical services. The victim's
health insurance provider may get the fraudulent bills. This will be reflected in the victim's account as services they received.
• Criminal identity theft. In this example, a person under arrest gives stolen identity information to the police. Criminals sometimes back this up
with a containing stolen credentials. If this type of exploit is successful, the victim is charged instead of the thief.
• Child identity theft. In this exploit, a child's Social Security number is misused to apply for government benefits, opening bank accounts and
other services. Children's information is often sought after by criminals because the damage may go unnoticed for a long time.
• Senior identity theft. This type of exploit targets people over the age of 60. Because senior citizens are often identified as theft targets, it is
especially important for this seniors to stay on top of the evolving methods thieves use to steal information.
• Identity cloning for concealment. In this type of exploit, a thief impersonates someone else in order to hide from law enforcement or creditors.
Because this type isn't explicitly financially motivated, it's harder to track, and there often isn't a paper trail for law enforcement to follow.
• Synthetic identity theft. In this type of exploit, a thief partially or completely fabricates an identity by combining different pieces of PII from
different sources. For example, the thief may combine one stolen Social Security number with an unrelated birthdate. Usually, this type of theft
is difficult to track because the activities of the thief are recorded files that do not belong to a real person.
• Identity theft techniques
• Although an identity thief might hack into a database to obtain personal
information, experts say it's more likely the thief will obtain information by
using social engineering techniques. These techniques includes the following:
• Mail theft. This is stealing credit card bills and junk mail directly from a victim's
mailbox or from public mailboxes on the street.
• Dumpster diving. Retrieving personal paperwork and discarded mail from trash
dumpsters is an easy way for an identity thief to get information. Recipients of
preapproved credit card applications often discard them without shredding them
first, which greatly increases the risk of credit card theft.
• Shoulder surfing. This happens when the thief gleans information as the victim fills
out personal information on a form, enter a passcode on a keypad or provide a
credit card number over the telephone.
• Phishing. This involves using email to trick people into offering up their personal
information. Phishing emails may contain attachments bearing malware designed to
steal personal data or links to fraudulent websites where people are prompted to
enter their information.
• How Identity Theft Occurs
• There are many other specific, clever methods for thieves to steal
your identity or personal information, such as:
• Stealing — Beware of leaving your wallet or unopened mail
around the house or in your car. Grab-and-go can happen in a
heartbeat.
• Dumpster Diving — Some thieves go through garbage cans to find
information, such as unopened pre-approved credit cards.
• Change Of Address — Thieves can fill out change-of-address
request forms. Once your mail is sent to them, they can access
your personal information.
• Cloning Credit Card Information — An employee of, say, a
restaurant, gas station or retail store, can swipe your credit card
through a device that copies the magnetic strip information. It can
be transferred to a counterfeit credit card, which can make
purchases.
• Some warning signs of being an identity theft victim include:
• Victims notice withdrawals from their bank account that weren't
made by them.
• An impacted credit score.
• Victims don't receive bills or other important pieces of mail
containing sensitive information.
• Victims find false accounts and charges on their credit report.
• Victims are rejected from a health plan because their medical
records reflect a condition they don't have.
• Victims receive an IRS notification that another tax return was
filed under their name.
• Victims are notified of a data breach at a company that stores
their personal information.
• Other Types of Identity Theft
• There are less common types of identity theft — and you should know them:
• Child ID Theft — Children’s IDs are extremely vulnerable. The theft could go
undetected for several years. By the time they become adults, the damage already
has been done.
• Tax ID Theft — Thieves can use your Social Security number to falsely file tax returns
with the IRS or state government.
• Medical ID Theft — Someone could steal your Medicare ID or health insurance
member number to receive medical services. It could also trigger fraudulent billing
to your health insurance provider.
• Senior ID Theft — Typically, ID theft schemes will target seniors, who are in frequent
contact with medical professionals or caregivers who have access to personal
information or financial documents.
• Social ID Theft — Whatever is on your social media platforms — your name, photos
and other personal information — can be used to create a phony account.
• Impact and prevention
• In addition to the immediate impact of losing money and running up debt, individual
victims of identity theft can incur severe intangible costs. Some costs include
damage to reputation and credit report, which can prevent victims from getting
credit or even finding a job. Depending on the circumstances, identity theft can take
years to recover from.
• To protect yourself from identity theft, experts recommend that individuals regularly
check credit reports with major credit bureaus, pay attention to billing cycles and
follow up with creditors if bills do not arrive on time.
• Additionally, people should:
• destroy unsolicited credit applications;
• watch out for unauthorized transactions on account statements;
• avoid carrying Social Security cards or numbers around;
• avoid giving out personal information in response to unsolicited emails; and
• shred discarded financial documents.
 Dark Web
What Is the Dark Web?
• The dark web refers to encrypted online content that is not indexed by
conventional search engines. Sometimes, the dark web is also called
the dark net. The dark web is a component of the deep web that describes
the wider breadth of content that does not appear through regular
Internet browsing activities.
• Specific browsers, such as Tor Browser, are required to reach the dark
web.
• Using the dark web often provides considerably more privacy than just
using Tor to access the web. Many dark web sites simply provide standard
web services with more secrecy, which benefits political dissidents and
people trying to keep medical conditions private. Unfortunately, online
marketplaces for drugs, exchanges for stolen data, and other illegal
activities get most of the attention.
• Through the dark web, private commuter networks can communicate and
conduct business anonymously without divulging identifying information,
like location.
• The darknets which constitute the dark web include
small, friend-to-friend peer-to-peer networks, as well as
large, popular networks such as Tor, Freenet, I2P,
and Riffle operated by public organizations and individuals.
• Users of the dark web refer to the regular web
as Clearnet due to its unencrypted nature.
The dark web itself: Illegal or not?
• The simple answer? The dark web itself is not illegal*.
What’s illegal is some of the activity that occurs on the dark
web. There are sites, for instance, that sell illegal drugs and
others that allow you buy firearms illegally. There are also
sites that distribute child pornography.
• The dark web itself, though, is not illegal. It offers plenty of
sites that, while often objectionable, violate no laws. You
can find, for instance, forums, blogs, and social media sites
that cover a host of topics such as politics and sports which
are not illegal.
Is it illegal to access and browse the dark web?
• Using Tor to access and browse the dark web is not illegal*.
You will, though, have to be cautious. Surfing the dark web
might not be illegal. But visiting certain sites, or making
certain purchases, through the dark web is illegal.
• If you use the dark web to purchase illegal drugs or
firearms, that’s illegal. You won’t be committing criminal
acts, though, if you use the dark web to participate in
forums or to read hidden blog posts anonymously. There
are exceptions. You could potentially be participating in
illegal behavior if you participate in certain forums,
especially if it includes threats, hate speech, or inciting or
encouraging criminal behavior.
• The key here is to use common sense. If something is illegal
outside of the dark web, it will be illegal in this hidden
section of the internet, too.
Is it safe to access and browse the dark web?
• If you’re careful, you can safely access and browse the dark
web. First, download the Tor browser, which will give you
access to dark web sites and keep you anonymous while
searching the sometimes-seedier corners of the internet.
• Tor will allow you to visit websites that have the .onion
extension. That’s why Tor’s full name is The Onion Router.
• You might consider investing in a VPN, or virtual private
network, too, when accessing and searching the dark web.
A VPN helps keeps you anonymous when searching the
internet, whether you are scanning the surface web or the
dark web. When using a VPN, most likely only you and your
VPN provider will know what sites you have visited. While it
is legal to use a VPN in the U.S., it is always the user’s
responsibility to familiarize themselves with other
countries’ laws before using a VPN outside the U.S.
• Regular browsers can’t access dark web websites. Instead, the dark web uses what’s called The
Onion Router hidden service protocol. “Tor” servers — derived from “The Onion Router” — are
undetectable from search engines and offer users complete anonymity while surfing the web. At
the same time, dark web website publishers are also anonymous thanks to special encryptions
provided by the protocol.
• When you access the dark web, you’re not surfing the interconnected servers you regularly
interact with. Instead, everything stays internal on the Tor network, which provides security and
privacy to everyone equally.

• Worth noting: Dark web website addresses end with .onion instead of the surface web’s .com,
.org, or .gov, for example.
• What’s on the dark web?
• The dark web operates with a high degree of anonymity. It hosts harmless activities and content,
as well as criminal ones.
• For instance, one dark web website might provide complex riddles. Another might be a kind of
book club that makes eBooks look more professional. Yet another might offer a forum for people
who believe free speech is threatened.

• But the dark web is better known for dark content — meaning, illegal and sometimes disturbing
content. For instance, here’s a sample of illegal things you can find on the dark web.
• Stolen information. When there’s been a data breach, there’s a chance the accessed information
— from Social Security numbers to bank card numbers — will end up for sale on the dark web.
You can also buy things like log-in credentials, hacked Netflix accounts, and more.
• Illicit substances. Illegal drugs — and prescription drugs — are peddled on the dark web. You
might also find toxic chemicals that can cause other types of damage.
• Disturbing and dangerous items and services. It can get ugly fast. Things like gore,
murderers-for-hire, human trafficking, child pornography, body parts, counterfeit goods, and guns
for sale can be found on the dark web.
• In short, you can buy just about anything you can imagine — including things you’d probably be
better off not imagining.
• What makes it possible to do business on the dark web? Financial transactions use Bitcoin, the
cryptocurrency that helps assure buyers and sellers anonymity.
Is the dark web safe?
• The dark web may be safe in some cases — think, legitimate content —
but not in others.
• Here are a few safety issues to consider.
• Criminal element. There’s a chance you will find websites run by criminals.
Beyond selling illegal goods and services, they may seek to exploit you and
steal from you.
• Breaking the law. You can be prosecuted for things you do on the dark
web. It’s important to behave in an appropriate and legal manner.
• Suspicious links. If you click on any links, you may be taken to material you
might not want to see. It’s also possible that clicking a link or downloading
a file could infect your device with malware.
• Law enforcement. Law enforcement officials operate on the dark web to
catch people engaged in criminal activity. Like others on the dark web, law
enforcement can do their work under a cloak of anonymity.
• If you decide to venture to the dark web, it’s smart to be selective about
the websites you access.
Accessing the dark web with Tor browser
• Getting to the dark web is actually a lot easier than you
might think. All you have to do is download a dark web
browser, like the Tor browser.
• Once you install a dark web browser on your device, it
functions just like a regular browser: type in a URL, and off
you go.

• However, finding the material you’re looking for on the dark

web is more difficult than using a search engine like Google.
The dark web doesn’t have an index or ranking system to
help you find what you need.
• There are such things as dark web search engines. One
called the Uncensored Hidden Wiki offers some guidance to
content on the dark web, but it may include illegal websites.
• Advantages of the Dark Web
• The dark web helps people to maintain privacy and freely express
their views. Privacy is essential for many innocent people
terrorized by stalkers and other criminals. The increasing tendency
of potential employers to track posts on social media can also
make it difficult to engage in honest discussions publicly. Finally,
the popularity of the dark web with criminals makes it a perfect
way for undercover police officers to communicate.
• Disadvantages of the Dark Web
• The dark web empowers ordinary people, but some people will
inevitably abuse that power. The dark web can make it easier to
commit some of the worst crimes. For example, the combination
of the dark web and cryptocurrencies theoretically makes it much
easier to hire someone to commit a murder. While the dark web
promises privacy to its users, it can also be used to violate the
privacy of others. Private photos, medical records, and financial
information have all been stolen and shared on the dark web.
• Browsing the dark web can be dangerous
• There are people and things on the dark web that you’ll want to avoid. Here are a few of them:
• Viruses. Some websites could infect your devices with viruses, and there are a lot of different
types of viruses to watch out for. Remember to never download anything from websites you don’t
trust.
• Hackers. You can find hacker forums on the dark web. You can hire computer hackers to do illegal
activities. Not surprisingly, a lot of these people would be willing to hack your devices.
• Webcam hijacking. A website on the dark web may try to get a remote administration tool — also
known as a “RAT” — onto your device. That can lead to someone hijacking your webcam —
essentially, letting them see what you’re up to through your device’s camera lens. It’s a smart
practice to cover your webcam with a piece of paper or tape if you’re not using it.
• Dark web content may be illegal
• Anytime you’re in the company of illegal drugs, illegal content, and other sordid online activities,
you could risk landing in legal trouble.
• A mistaken keystroke or simple curiosity might not be a reliable defense. Here are two examples
of dark web content and activities that would raise legal concerns.
• Sharing pictures and videos of child pornography. In one FBI arrest, the perpetrator traded
material on a website with more than 100,000 registered users. The FBI busted him.
• Purchasing illegal goods or services. If you buy illegal drugs or hire a hit man, you can be arrested
for committing an illegal act. But browsing a website that offers those two things would not be
illegal.
• Dos and don’ts on the dark web
• Law enforcement officials have an interest in stopping illegal activity on
the dark web. When they do, there are legal consequences.
• Here are some notable cases where law enforcement took down criminals
doing business on the dark web.
• Silk Road. This online black market sold illegal drugs. It was launched in
2011. Total revenue was estimated at US$1.2 billion. Founder Ross
Ulbricht was convicted and sentenced to life in prison.
• AlphaBay. This was another online black market, launched in 2014. It grew
to an estimated 10 times the size of Silk Road. Merchandise ranged from
drugs to breached data. Alleged founder Alexandre Cazes was arrested. He
was found dead in a Thai jail cell, apparently by suicide, several days later.
Hansa. This online black market expanded after AlphaBay was shut down
and vendors moved to the platform. But Dutch police had already
infiltrated the marketplace and seized information tied to its operation.
Police shut down Hansa in 2017.
• Why dothe dark web exist?
• The dark web operates on the principle of total anonymity. What you do there is
your business. With certain precautions, what you do there can’t be tracked or
traced to you.
• For some people, privacy is a big concern on the internet. They might want control
over the personal information that standard internet service providers and websites
collect on them.
• Freedom of speech also is an issue, and some people would make an argument for
privacy and anonymity based on the First Amendment. That’s one reason why
law-abiding citizens might value the privacy of Tor and other dark web browsers.
• Anonymity can have positive effects — like being able to express views that are
unpopular, but not illegal. And the dark web helps make things like that possible.

•
 Virtual Private Network (VPN)
• A VPN, or virtual private network, is a secure tunnel
between your device and the internet. VPNs protect
your online traffic from snooping, interference, and
censorship.
• A virtual private network (VPN) gives you online
privacy and anonymity by creating a private network
from a public internet connection.
• VPNs mask your internet protocol (IP) address so your
online actions are virtually untraceable.
• Most important, VPN services establish secure and
encrypted connections to provide greater privacy than
even a secured Wi-Fi hotspot.
• A VPN (virtual private network) is the easiest and
most effective way for people to protect their
internet traffic and hide their identities online. As
you connect to a secure VPN server, your internet
traffic goes through an encrypted tunnel that
nobody can see into, including hackers,
governments, and your internet service provider.
• Consumers use VPNs to keep their online activity
private and ensure access to sites and services
that might otherwise be restricted.
• Companies use VPNs to connect far-flung
employees as if they were all using the same local
network at a central office, but with fewer
benefits for individuals than a personal VPN.
Why do you need a VPN service?
• Surfing the web or transacting on an unsecured Wi-Fi network
means you could be exposing your private information and
browsing habits. That’s why a virtual private network, better
known as a VPN, should be a must for anyone concerned about
their online security and privacy.
• Think about all the times you’ve been on the go, reading emails
while in line at the coffee shop, or checking your bank account
while waiting at the doctor’s office. Unless you were logged into a
private Wi-Fi network that requires a password, any data
transmitted during your online session could be vulnerable to
eavesdropping by strangers using the same network.
• The encryption and anonymity that a VPN provides helps protect
your online activities: sending emails, shopping online, or paying
bills. VPNs also help keep your web browsing anonymous.
• Benefits and advantages of VPN
• Change your location
• Using a VPN changes your IP address, the unique number that identifies
you and your location in the world. With a new IP address, you can browse
the internet as if you were in the UK, Germany, Canada, Japan, or virtually
any country, if the VPN service has servers there.
• Protect your privacy
• Changing your IP address with a VPN helps hide your identity from
websites, apps, and services that want to track you. Good VPNs also hide
your activity from your internet provider, mobile carrier, and anyone else
who may be listening, thanks to a layer of strong encryption.
• Increase your security
• Using a VPN protects you from hacking in many forms, including packet
sniffing, rogue Wi-Fi networks, and man-in-the-middle attacks. Travelers,
remote workers, and all kinds of on-the-go individuals use a VPN
whenever they’re on an untrusted network like free public Wi-Fi.
• Unblock websites
• If you’re in a part of the world that restricts access to Google, Wikipedia,
YouTube, or other sites and services, using a VPN will let you regain access
to the free internet. You can also use a VPN to break through firewalls on
school or office networks.
• When should I use a VPN?
• If privacy is important to you, you should use a VPN every time you connect to the internet. A VPN app runs in the
background of your device so it won’t get in the way while you use other apps, stream content, and browse the
internet. And you’ll have peace of mind knowing your privacy is always protected.
• But here are some situations in which a VPN is especially useful:
• While traveling
• Exploring the world doesn’t mean you have to change the way you use the internet. A VPN lets you use the internet
as if you were still in your home country, no matter how far you travel.
• While streaming
• Using a VPN lets you watch movies and TV on streaming services like Netflix, Hulu, Amazon, and HBO with freedom
from ISP throttling or blocking by your ISP or local Wi-Fi network.
• While on public Wi-Fi
• Public Wi-Fi hotspots like those in cafes, airports, and parks are common hunting grounds for cybercriminals. Using a
VPN on your devices stops hackers in their tracks.
• While gaming
• Using a VPN unlocks games, maps, skins, and other add-ons that might be restricted on your network. It also shields
you from DDoS attacks and reduces ping and overall lag.
• While torrenting
• P2P file sharing usually means that strangers can see your IP address and possibly track your downloads. A VPN
hides your IP address, letting you torrent safely and anonymously.
• While shopping
• Some online stores show different prices to people in different countries. With a VPN, you can find the best deals in
the world no matter where you’re shopping from.
How does a VPN work?
• To understand how a VPN works, it helps to first understand how your internet connection works without one.
• Without a VPN
• When you access a website without a VPN, you are being connected to that site through your internet service
provider, or ISP. The ISP assigns you a unique IP address that can be used to identify you to the website. Because
your ISP is handling and directing all your traffic, it can see which websites you visit. And your activity can be linked
to you by that unique IP address.
• With a VPN
• When you connect to the internet with a VPN, the VPN app on your device (also called a VPN client) establishes a
secure connection with a VPN server. Your traffic still passes through your ISP, but your ISP can no longer read it or
see its final destination. The websites you visit can no longer see your original IP address, only the IP address of the
VPN server, which is shared by many other users and changes regularly.

Here are several key concepts related to VPN that will help you understand how a VPN works and the benefits it provides:
• Proxying
• The VPN server acts like a proxy, or stand-in, for your web activity: Instead of your real IP address and location,
websites you visit will only see the IP address and location of the VPN server.
• This makes you more anonymous on the internet.
• Authentication
• Establishing a secure connection is a tricky problem solved by clever mathematics in a process called authentication.
• Once authenticated, the VPN client and VPN server can be sure they are talking to each other and no one else.
• Tunneling
• VPNs also protect the connection between client and server with tunneling and encryption.
• Tunneling is a process by which each data packet is encapsulated inside another data packet. This makes it harder
for third parties to read in transit.
• Encryption
• Data inside the tunnel is also encrypted in such a way that only the intended recipient can decrypt it. This keeps the
contents of your internet traffic completely hidden, even from your internet service provider.
• VPN protocols
• VPN protocols are the methods by which your device
connects to the VPN server. Some protocols are better
for speed, some are better for security, and some simply
work better under certain network conditions.
• ExpressVPN automatically chooses the best protocol for
your network, but you can also choose one manually.
• Popular VPN protocols in use today include:
• Lightway
• OpenVPN
• IKEv2
• L2TP / IPsec
• PPTP
• WireGuard*
• SSTP**
• Types of VPN
• Commercial VPN
• A commercial VPN, also called a personal VPN or a consumer VPN,
is a private service offered directly to individuals, usually for a fee.
• ExpressVPN is such a VPN service because it directly caters to the
privacy needs of its customers.
• Corporate VPN
• A corporate VPN, also called a business VPN, allows an
organization’s remote employees to connect securely to the
internet as if they were physically present in the office.
• Unlike commercial VPNs, however, corporate VPNs are meant to
protect the privacy of the company and not necessarily the
individual.
• Self-setup VPN
• Some tech experts and DIY hobbyists choose to set up their own
VPN using their own equipment.
• Self-setup VPNs, however, do not provide the protection of shared
IP addresses, server locations in multiple countries, or many other
features enjoyed by commercial VPN users.
• Alternatives to VPN
• A VPN isn’t the only tool that can increase your privacy, security, and/or
freedom online.
• Tor
• Tor (short for The Onion Router) is a free network of servers, or “nodes,”
that randomly route internet traffic between each other in order to
obfuscate the origin of the data.
• Using Tor can significantly increase your anonymity, and using Tor in
conjunction with a VPN creates the best possible protection from
surveillance.
• The biggest drawback of Tor, however, is speed. Because your traffic is
relayed through several hops, you will probably find it inconvenient to
stream, download, or torrent with Tor.
• Proxy services
• A proxy server is any intermediary between your device and the internet.
Unlike a VPN, however, most “proxy services” you’ll find are quite slow
and don’t offer any privacy or security benefits.
• So-called “free proxy services” are especially dangerous, as many will find
other ways to monetize your data, like selling it to third parties.
• Neither Tor nor a proxy service can replace the benefits of a VPN. A
trustworthy VPN is still the best privacy solution for most people.
 Proxy Server
• What’s a Proxy Server?
• A proxy server acts as a gateway between you and the internet. It’s an intermediary
server separating end users from the websites they browse. Proxy servers provide
varying levels of functionality, security, and privacy depending on your use case,
needs, or company policy.
• If you’re using a proxy server, internet traffic flows through the proxy server on its
way to the address you requested. The request then comes back through that same
proxy server (there are exceptions to this rule), and then the proxy server forwards
the data received from the website to you.
• If that’s all it does, why bother with a proxy server? Why not just go straight from to
the website and back?
• Modern proxy servers do much more than forwarding web requests, all in the name
of data security and network performance. Proxy servers act as a firewall and web
filter, provide shared network connections, and cache data to speed up common
requests. A good proxy server keeps users and the internal network protected from
the bad stuff that lives out in the wild internet. Lastly, proxy servers can provide a
high level of privacy.
• How Does a Proxy Server Operate?
• Every computer on the internet needs to have a unique Internet
Protocol (IP) Address. Think of this IP address as your computer’s
street address. Just as the post office knows to deliver your mail to
your street address, the internet knows how to send the correct
data to the correct computer by the IP address.
• A proxy server is basically a computer on the internet with its own
IP address that your computer knows. When you send a web
request, your request goes to the proxy server first. The proxy
server then makes your web request on your behalf, collects the
response from the web server, and forwards you the web page
data so you can see the page in your browser.
• When the proxy server forwards your web requests, it can make
changes to the data you send and still get you the information that
you expect to see. A proxy server can change your IP address, so
the web server doesn’t know exactly where you are in the world.
It can encrypt your data, so your data is unreadable in transit. And
lastly, a proxy server can block access to certain web pages, based
on IP address.
• Why Should You Use a Proxy Server?
• There are several reasons organizations and individuals use a proxy server.
• To control internet usage of employees and children: Organizations and parents set up proxy
servers to control and monitor how their employees or kids use the internet. Most organizations
don’t want you looking at specific websites on company time, and they can configure the proxy
server to deny access to specific sites, instead redirecting you with a nice note asking you to
refrain from looking at said sites on the company network. They can also monitor and log all web
requests, so even though they might not block the site, they know how much time you spend
cyberloafing.
• Bandwidth savings and improved speeds: Organizations can also get better overall network
performance with a good proxy server. Proxy servers can cache (save a copy of the website
locally) popular websites – so when you ask for www.varonis.com, the proxy server will check to
see if it has the most recent copy of the site, and then send you the saved copy. What this means
is that when hundreds of people hit www.varonis.com at the same time from the same proxy
server, the proxy server only sends one request to varonis.com. This saves bandwidth for the
company and improves the network performance.
• Privacy benefits: Individuals and organizations alike use proxy servers to browse the internet
more privately. Some proxy servers will change the IP address and other identifying information
the web request contains. This means the destination server doesn’t know who actually made the
original request, which helps keeps your personal information and browsing habits more private.
• Improved security: Proxy servers provide security benefits on top of the privacy benefits. You can
configure your proxy server to encrypt your web requests to keep prying eyes from reading your
transactions. You can also prevent known malware sites from any access through the proxy
server. Additionally, organizations can couple their proxy server with a Virtual Private Network
(VPN), so remote users always access the internet through the company proxy. A VPN is a direct
connection to the company network that companies provide to external or remote users. By using
a VPN, the company can control and verify that their users have access to the resources (email,
internal data) they need, while also providing a secure connection for the user to protect the
company data.
• Get access to blocked resources: Proxy servers
allow users to circumvent content restrictions
imposed by companies or governments. Is the
local sportsball team’s game blacked out online?
Log into a proxy server on the other side of the
country and watch from there. The proxy server
makes it look like you are in California, but you
actually live in North Carolina. Several
governments around the world closely monitor
and restrict access to the internet, and proxy
servers offer their citizens access to an
uncensored internet.
• Proxy Server Risks
• You do need to be cautious when you choose a proxy server: a few common risks
can negate any of the potential benefits:
• Free proxy server risks
– You know the old saying “you get what you pay for?” Well, using one of the many free
proxy server services can be quite risky, even the services using ad-based revenue models.
– Free usually means they aren’t investing heavily in backend hardware or encryption. You’ll
likely see performance issues and potential data security issues. If you ever find a
completely “free” proxy server, tread very carefully. Some of those are just looking to steal
your credit card numbers.
• Browsing history log
– The proxy server has your original IP address and web request information possibly
unencrypted, saved locally. Make sure to check if your proxy server logs and saves that data
– and what kind of retention or law enforcement cooperation policies they follow.
– If you expect to use a proxy server for privacy, but the vendor is just logging and selling your
data you might not be receiving the expected value for the service.
• No encryption
– If you use a proxy server without encryption, you might as well not use a proxy server. No
encryption means you are sending your requests as plain text. Anyone who is listening will
be able to pull usernames and passwords and account information really easily. Make sure
whatever proxy server you use provides full encryption capability.
UNIT 3
 What is Cloud
• The cloud is a virtual space that exists on the
internet. It is a storage space where people
can place their digital resources such as
software, applications and files. So in
simplified terms, we can say that the cloud is
a virtual storage space on the internet.
• A lot of people do get the cloud mixed up with
the internet. However, the cloud is only one
part of the internet and not the whole thing.
• "The cloud" refers to servers that are accessed over the Internet, and the
software and databases that run on those servers. Cloud servers are
located in data centers all over the world. By using cloud computing, users
and companies don't have to manage physical servers themselves or run
software applications on their own machines.
• The cloud enables users to access the same files and applications from
almost any device, because the computing and storage takes place on
servers in a data center, instead of locally on the user device. This is why a
user can log into their Instagram account on a new phone after their old
phone breaks and still find their old account in place, with all their photos,
videos, and conversation history. It works the same way with cloud email
providers like Gmail or Microsoft Office 365, and with cloud storage
providers like Dropbox or Google Drive.
• For businesses, switching to cloud computing removes some IT costs and
overhead: for instance, they no longer need to update and maintain their
own servers, as the cloud vendor they are using will do that. This
especially makes an impact for small businesses that may not have been
able to afford their own internal infrastructure but can outsource their
infrastructure needs affordably via the cloud. The cloud can also make it
easier for companies to operate internationally, because employees and
customers can access the same files and applications from any location.
• The technologies that work behind the cloud
computing platform to make it flexible,
reliable and usable are:

1) Virtualization
2) Service-Oriented Architecture (SOA)
3) Grid Computing
4) Utility Computing
• 1) Virtualization
• Virtualization is the "creation of a virtual (rather than actual) version of
something, such as a server, a desktop, a storage device, an operating
system or network resources".
• Virtualization is a technique that allows sharing of one physical instance of
an application or resource between multiple customers or organization.
• The main use of this technology is to provide the applications with
standard versions to their cloud users.
For example, if the latest version of application is released then cloud
provider should provide the latest version to their users.
• With virtualization, software called a hypervisor sits on top of physical
hardware and abstracts the machine's resources, which are then made
available to virtual environments called virtual machines. These resources
can be raw processing power, storage, or cloud-based applications
containing all the runtime code and resources required to deploy it.
• Types of Virtualization
• Following are types of virtualization:
1.Application Virtualization:
Application virtualization helps a user to have a remote access of an application from a server. The
server stores all personal information and other characteristics of the application but can still run
on a local workstation through internet. Example of this would be a user who needs to run two
different versions of the same software. Technologies that use application virtualization are
hosted applications and packaged applications.
• 2.Network Virtualization:
The ability to run multiple virtual networks with each has a separate control and data plan. It
co-exists together on top of one physical network. It can be managed by individual parties that
potentially confidential to each other.
Network virtualization provides a facility to create and provision virtual networks—logical
switches, routers, firewalls, load balancer, Virtual Private Network (VPN), and workload security
within days or even in weeks.
• 3.Desktop Virtualization:
Desktop virtualization allows the users’ OS to be remotely stored on a server in the data center.It
allows the user to access their desktop virtually, from any location by different machine. Users
who wants specific operating systems other than Windows Server will need to have a virtual
desktop.Main benefits of desktop virtualization are user mobility,portability, easy management of
software installation, updates and patches.
• 4.Storage Virtualization:
Storage virtualization is an array of servers that are managed by a virtual storage system. The
servers aren’t aware of exactly where their data is stored, and instead function more like worker
bees in a hive. It makes managing storage from multiple sources to be managed and utilized as a
single repository. storage virtualization software maintains smooth operations, consistent
performance and a continuous suite of advanced functions despite changes, break down and
differences in the underlying equipment.
• 2) Service-Oriented Architecture (SOA)
• SOA is an application framework which takes
everyday business applications and divides
them into separate business functions and
processes called Services. Service-Oriented
Architecture (SOA) allows organizations to
access on-demand cloud-based computing
solutions according to the change of business
needs. It can work without or with cloud
computing. The advantages of using SOA is
that it is easy to maintain, platform
independent, and highly scalable.
• Service Provider and Service consumer are the
two major roles within SOA.
• Applications of Service-Oriented Architecture
• There are the following applications of
Service-Oriented Architecture -
• It is used in the healthcare industry.
• It is used to create many mobile applications
and games.
• In the air force, SOA infrastructure is used to
deploy situational awareness systems.
• 3) Grid Computing
• Grid computing is the structure of distributed computing, in which a group of computer resources
from various locations are connected to each other to obtain a common objective.
• The computer resources are different and geographically spread.
• Grid system are designed for sharing of resources through distributed and large-scale cluster
computing.
• Grid computing breaks the composite tasks into smaller pieces, that are distributed to CPUs and
consist in the grid. Grid computing is also known as distributed computing. It is a processor
architecture that combines various different computing resources from multiple locations to
achieve a common goal. In grid computing, the grid is connected by parallel nodes to form a
computer cluster. These computer clusters are in different sizes and can run on any operating
system.
• Grid computing contains the following three types of machines -
• Control Node: It is a group of server which administrates the whole network.
• Provider: It is a computer which contributes its resources in the network resource pool.
• User: It is a computer which uses the resources on the network.
• Mainly, grid computing is used in the ATMs, back-end infrastructures, and marketing research.
•
• At least one computer, usually a server, which handles all the
administrative duties for the system. Many people refer to this kind
of computer as a control node. Other application and Web servers (both
physical and virtual) provide specific services to the system.
• A network of computers running special grid computing network
software. These computers act both as a point of interface for the user
and as the resources the system will tap into for different applications.
Grid computing systems can either include several computers of the same
make running on the same operating system (called a homogeneous
system) or a hodgepodge of different computers running on every
operating system imaginable (a heterogeneous system). The network can
be anything from a hardwired system where every computer connects to
the system with physical wires to an open system where computers
connect with each other over the Internet.
• A collection of computer software called middleware. The purpose of
middleware is to allow different computers to run a process or application
across the entire network of machines. Middleware is the workhorse of
the grid computing system. Without it, communication across the system
would be impossible. Like software in general, there's no single format for
middleware.
• Grid computing systems work on the principle of pooled resources. Let's say you and
a couple of friends decide to go on a camping trip. You own a large tent, so you've
volunteered to share it with the others. One of your friends offers to bring food and
another says he'll drive the whole group up in his SUV. Once on the trip, the three of
you share your knowledge and skills to make the trip fun and comfortable. If you had
made the trip on your own, you would need more time to assemble the resources
you'd need and you probably would have had to work a lot harder on the trip itself.
• A grid computing system uses that same concept: share the load across
multiple computers to complete tasks more efficiently and quickly.
• Central processing unit (CPU): A CPU is a microprocessor that performs
mathematical operations and directs data to different memory locations. Computers
can have more than one CPU.
• Memory: In general, a computer's memory is a kind of temporary electronic storage.
Memory keeps relevant data close at hand for the microprocessor. Without
memory, the microprocessor would have to search and retrieve data from a more
permanent storage device such as a hard disk drive.
• Storage: In grid computing terms, storage refers to permanent data storage devices
like hard disk drives or databases.
• Normally, a computer can only operate within the limitations of its own resources.
There's an upper limit to how fast it can complete an operation or how much
information it can store. Most computers are upgradeable, which means it's possible
to add more power or capacity to a single computer, but that's still just an
incremental increase in performance.
• Grid computing systems link computer resources together in a way that lets
someone use one computer to access and leverage the collected power of all the
computers in the system. To the individual user, it's as if the user's computer has
transformed into a supercomputer.
• 4) Utility Computing
• Utility computing is based on Pay-per-Use model.
• It provides computational resources on demand as a metered service.
• All the managed IT services, Grid computing, cloud computing are based on the concept of grid computing.
• Utility computing is the most trending IT service model. It provides on-demand computing resources (computation,
storage, and programming services via API) and infrastructure based on the pay per use method. It minimizes the
associated costs and maximizes the efficient use of resources. The advantage of utility computing is that it reduced
the IT cost, provides greater flexibility, and easier to manage.
• Large organizations such as Google and Amazon established their own utility services for computing storage and
application.
•
Components of Utility Computing
• The few components that included in the package of utility computing is computer hardware component, software
applications, internet access, and cloud systems.
• The computer hardware such as monitors, input devices, servers, CPU and network cables.
• The browsing software and web servers provide internet access.
• The software applications that execute the huge amount of computer mandatory programs such as communication
tools, mailbox, report generation, CRM and other project and process-oriented applications and everything that lies
in between the client, company and the end-users. The experts from the industries call this process as software as a
service.
• What is Cloud Security?
• Cloud computing is the delivery of hosted
services, including software, hardware, and
storage, over the Internet. The benefits of rapid
deployment, flexibility, low up-front costs, and
scalability, have made cloud computing virtually
universal among organizations of all sizes, often as
part of a hybrid/multi-cloud infrastructure
architecture.
• Cloud security refers to the technologies, policies,
controls, and services that protect cloud data,
applications, and infrastructure from threats.
• Cloud security is the protection of data stored
online via cloud computing platforms from
theft, leakage, and deletion. Methods of
providing cloud security include firewalls,
penetration testing, obfuscation, tokenization,
virtual private networks (VPN), and avoiding
public internet connections. Cloud security is a
form of cybersecurity.
 • Cloud security is a set of control-based safeguards and technology
protection designed to protect resources stored online from
leakage, theft, or data loss.
• Protection encompasses cloud infrastructure, applications, and
data from threats. Security applications operate as software in the
cloud using a Software as a Service (SaaS) model.
• Topics that fall under the umbrella of security in the cloud include:
❑ Data center security
❑ Access control
❑ Threat prevention
❑ Threat detection
❑ Threat mitigation
❑ Redundancy
❑ Legal compliance
❑ Security policy
• How Do You Manage Security in the Cloud?
• Cloud service providers use a combination of methods to protect your data.
• Firewalls are a mainstay of cloud architecture. Firewalls protect the perimeter of your network
security and your end-users. Firewalls also safeguard traffic between different apps stored in the
cloud.
• Access controls protect data by allowing you to set access lists for different assets. For instance,
you might allow specific employees application access, while restricting others. A general rule is to
provide employees’ access to only the tools they need to do their job. By maintaining strict access
control, you can keep critical documents from malicious insiders or hackers with stolen
credentials.
• Cloud providers take steps to protect data that’s in transit. Data Security methods include virtual
private networks, encryption, or masking. Virtual private networks (VPNs) allow remote
employees to connect to corporate networks. VPNs accommodate tablets and smartphones for
remote access.
• Data masking encrypts identifiable information, such as names. This maintains data integrity by
keeping important information private. With data masking, a medical company can share data
without violating HIPAA laws, for example.
• Threat intelligence spots security threats and ranks them in order of importance. This feature
helps you protect mission-critical assets from threats.
• Disaster recovery is key to security since it helps you recover data that are lost or stolen.
• While not a security component per se, your cloud services provider may need to comply with
data storage regulations. Some countries require that data must be stored within their country. If
your country has this requirement, you need to verify that a cloud provider has data centers in
your country.
• What are the Benefits of a Cloud Security
System?
• Now that you understand how cloud computing
security operates, explore the ways it benefits
your business.
• Cloud-based security systems benefit your
business through:
• Protecting your business from threats
• Guarding against internal threats
• Preventing data loss
• Top threats to systems
include malware, ransomware, and DDos.
• Malware and Ransomware Breaches
• Malware poses a severe threat to businesses.
• Over 90 percent of malware comes via email. It is often so convincing that employees download
malware without realizing it. Once downloaded, the malicious software installs itself on your
network, where it may steal files or damage content.
• Ransomware is a form of malware that hijacks your data and demands a financial ransom.
Companies wind up paying the ransom because they need their data back.
• Data redundancy provided by the cloud offers an alternative to paying ransom for your data. You
can get back what was stolen with minimal service interruption.
• Many cloud data security solutions identify malware and ransomware. Firewalls, spam filters, and
identity management help with this. This keeps malicious email out of employee inboxes.
• DDoS Protection
• In a DDoS or distributed denial of service attack, your system is flooded with requests. Your
website becomes slow to load until it crashes when the number of requests is too much to
handle.
• DDoS attacks come with serious side effects. Every minute your website is inaccessible, you lose
money.
• Half of the companies that suffer DDoS attacks lose $10,000 to $100,000. Many businesses suffer
from reputation damage when customers lose faith in the brand. If confidential customer data is
lost in a DDoS attack, you could face legal challenges.
• Given the severity of these side effects, it’s no wonder that some companies close after DDoS
attacks. Consider that one recent DDoS attack lasted for 12 days and you sense the importance of
protection.
• Cloud security services actively monitor the cloud to identify and defend against attacks. By
alerting your cloud provider of the attack in real-time, they can take steps to secure your systems.
• Threat Detection
• Security for cloud computing provides advanced threat detection using endpoint scanning for
threats at the device level. Endpoint scanning increases security for devices that access your
network.
 Security Issues of Smart Phones
• http://publications.lib.chalmers.se/records/fulltext/128680.pdf
• Smartphones are more at risk in certain areas — hotels, coffee
shops, airports, cars, trains, etc. And home Wi-Fi connections can
be potential risk areas if users don't properly secure them. An
attacker could easily access confidential personally identifiable
information (PII) and data, such as:
❖ Personal or professional data (emails, documents, contacts,
calendar, call history, SMS, MMS).
❖ User identification and passwords (to emails, social networks,
etc.).
❖ Mobile applications that record PII.
❖ Geolocation data about the smartphone user.
❖ READ:
https://www.kaspersky.co.in/resource-center/threats/top-seven-
mobile-security-threats-smart-phones-tablets-and-mobile-interne
t-devices-what-the-future-has-in-store (IMPORTANT)
10 major risks for smartphone users:
✔ Data leakage resulting from device loss or theft.
✔ Unintentional disclosure of data.
✔ Attacks on decommissioned smartphones.
✔ Phishing attacks.
✔ Spyware attacks.
✔ Network spoofing attacks.
✔ Surveillance attacks.
✔ Diallerware attacks: an attacker steals money from the
user by means of malware that makes hidden use of
premium short message services or numbers.
✔ Financial malware attacks.
✔ Network congestion.
Here are various measures that can help reduce the risks associated with mobile devices:
Encrypt mobile devices.
Regularly update mobile devices' applications and operating systems.
Set strong passwords. Each personal identification number (PIN) should be at least eight digits
long because a four-digit PIN can be easily broken. Alphanumeric passwords should be at least
eight characters long and shouldn't use common names or words. An easy way to help create a
memorable password is to use a favorite sentence. For example, you can create a password from
"The ACFE is reducing business fraud worldwide and inspiring public confidence." Use the first
letters of each word and replace "a" and "i" with "@" and "1," respectively. Following this
method, the password would be: "t@1rbfw@1pc."
Also avoid using a password that you've used for another account (a Yahoo! or Google email
account, for example). Change your passwords (to access your phone and your various accounts)
after a trip, especially if you used it in high-risk areas such as public hotspots in hotels, coffee
shops and airports.
Here are a few more steps to better protect smartphones:
Consider deactivating smartphone functionalities such as Siri on iPhone, "Ok Google" on Android
or Cortana on Windows Phone as they could be used to gain PII or control over your phone or
computer.
Activate an immediate automatic lock of your smartphone screen when you're not using it.
Deactivate any smartphone features that display messages on a locked screen.
Don't ignore error messages about the validity of certificates, for example, when you try
connecting to a Wi-Fi hotspot. You should always ensure that the website you're visiting or the
hotspot you're connecting to is legitimate. They could be malicious Wi-Fi connections pretending
to be legitimate hotspots. Hackers can plan and deliver these attacks at a relatively low cost.
• Staying diligent helps decrease risk
• Smartphone antivirus protection applications can provide a
false sense of security because their effectiveness varies
greatly. Thus, you have to be responsible to ensure the
safety of your professional and personal smartphones and
possibly those your organization supplies to its employees.
• organizations must train all employees — including
high-level employees who have access to sensitive company
information — in smartphone security.
• Your organization can conduct online training in social
engineering, smartphone specificities, malware and
passwords.
• Smartphone instructions often are outdated. Stay current
about security risks and remedies because smartphone
attack schemes are always evolving. You can do this by
checking specialized websites and blogs or by doing a
simple web search.
SMARTPHONE THREATS AND ATTACKS
• In a smartphone threat model, a malicious
user publishes malware disguised as a normal
application through an app store or website.
• Users will unintentionally download the
malware to a smartphone, which carries a
large amount of sensitive data.
• After infiltrating a smartphone, the malware
attempts to control its resources, collect data,
or redirect the smartphone to a premium
account or malicious website.
Affected services
• Malware’s impact can range from minor issues, such as
degraded performance, spam messages, and slow
operation, to more significant challenges, such as the user
not being able to receive and make phone calls or incurring
financial loss.
• The impact to any one smartphone user might be
completely different from that experienced by other
subscribers.
Jeopardized resources
Resources containing sensitive data are attractive to hackers.
Once malware finds a way into the smartphone, it will try to
gain privileges to access and control these resources.
• Threats and attacks Smartphone threats and attacks include
sniffing, spam, attacker spoofing, phishing, pharming,
vishing, and data leakage.
For various reasons, smartphones are also vulnerable to
DoS attacks:
• • Because they are based on radio communication
technology, smartphones can incur an attack in which
a jamming device is used to disrupt the
communication between the smartphone and its base
station.
• • Flooding attacks can generate hundreds of text
messages or incoming calls, thus disabling a
smartphone.
• • A battery exhaustion attack on a smartphone causes
more battery discharge than is typically necessary.
• • A malicious user could use a smartphone’s blocking
features to start a DoS attack. If a malicious user keeps
calling a smartphone from a blocked phone number,
the subscriber cannot use any of the smartphone’s
functions.
Limited battery life
• A smartphone is a resource-constrained device that is powered by
a battery with a limited life and that must be recharged when
drained. Any security solution must consider this limitation as
enhanced security cannot sacrifice battery life.
Vulnerability to theft and loss
• Among all potential security issues, loss and theft are two primary
concerns for smartphone users. Losing control of a smartphone,
even temporarily—say, by loaning it to someone—can have
catastrophic consequences. With some simple setup, a malicious
user can reprogram a smartphone’s firmware and flash memory,
physically clone the memory card, or install spyware. Some simple
techniques can help protect against smartphone theft and loss.
For example, the user can add a password or enable auto-lock.
Antitheft technology that remotely deletes sensitive data when a
smartphone leaves a secure zone is also available through
third-party applications
Multiple-entrance open system
• Smartphones are multiple-entrance open systems, and
each entrance is a potential back door for malware
access.
• Each smartphone communication channel is a
potential path for malware disguised as an application.
Because smartphones offer multiple entrances, an
attack loop can consist of many combinations, but an
attack loop cannot be formed if malware is detected,
prevented, and removed from the smartphone.
• Securing a smartphone requires using one of many
possible approaches to break the attack loop. For
example, resource control could break the attack loop
by preventing the malware from gaining access to the
smartphone’s resources to manipulate its data
DESIRED SECURITY FEATURES
• Confidentiality, integrity, and authentication are three of
the most desirable security features in a smartphone.
• Most smartphones support synchronization between the
device and a computer. This function makes it possible for
another user to access the smartphone file system. Thus, to
keep data confidential, users should employ encryption
techniques and avoid storing sensitive information in
plaintext on a smartphone.
• Integrity applies to both data and the system. App stores
should verify software integration to avoid malicious
modification. Further, smartphones should provide
mechanisms to protect system integrity. They should also
block unauthorized data access requests.
• A smartphone authentication service could protect
smartphone users against malware attacks that spoof caller
IDs and MMS.
Security issues of Smart Phones, digital
tablets and smart Devices
• When it comes to security, most mobile devices are a target waiting to be
attacked. That's pretty much the conclusion of a report to Congress on the
status of the security of mobile devices this week by watchdogs at the
Government Accountability Office.
• Combine the lack of security with the fact that mobile devices are being
targeted by cybercriminals and you have a bad situation.
• Mobile devices face an array of threats that take advantage of numerous
vulnerabilities commonly found in such devices. These vulnerabilities can
be the result of inadequate technical controls, but they can also result
from the poor security practices of consumers. Private [companies] and
relevant federal agencies have taken steps to improve the security of
mobile devices, including making certain controls available for consumers
to use if they wish and promulgating information about recommended
mobile security practices. However, security controls are not always
consistently implemented on mobile devices, and it is unclear whether
consumers are aware of the importance of enabling security controls on
their devices and adopting recommended practices.
• Problems
1. Mobile devices often do not have passwords enabled. Mobile devices often lack passwords to
authenticate users and control access to data stored on the devices. Many devices have the
technical capability to support passwords, personal identification numbers (PIN), or pattern
screen locks for authentication. Some mobile devices also include a biometric reader to scan a
fingerprint for authentication. However, anecdotal information indicates that consumers seldom
employ these mechanisms. Additionally, if users do use a password or PIN they often choose
passwords or PINs that can be easily determined or bypassed, such as 1234 or 0000. Without
passwords or PINs to lock the device, there is increased risk that stolen or lost phones'
information could be accessed by unauthorized users who could view sensitive information and
misuse mobile devices.
2. Two-factor authentication is not always used when conducting sensitive transactions on mobile
devices. According to studies, consumers generally use static passwords instead of two-factor
authentication when conducting online sensitive transactions while using mobile devices. Using
static passwords for authentication has security drawbacks: passwords can be guessed, forgotten,
written down and stolen, or eavesdropped. Two-factor authentication generally provides a higher
level of security than traditional passwords and PINs, and this higher level may be important for
sensitive transactions. Two-factor refers to an authentication system in which users are required
to authenticate using at least two different "factors" something you know, something you have,
or something you are before being granted access. Mobile devices can be used as a second factor
in some two-factor authentication schemes. The mobile device can generate pass codes, or the
codes can be sent via a text message to the phone. Without two-factor authentication, increased
risk exists that unauthorized users could gain access to sensitive information and misuse mobile
devices.
• 3. Wireless transmissions are not always encrypted. Information such as e-mails sent
by a mobile device is usually not encrypted while in transit. In addition, many
applications do not encrypt the data they transmit and receive over the network,
making it easy for the data to be intercepted. For example, if an application is
transmitting data over an unencrypted WiFi network using http (rather than secure
http), the data can be easily intercepted. When a wireless transmission is not
encrypted, data can be easily intercepted.
• 4. Mobile devices may contain malware. Consumers may download applications that
contain malware. Consumers download malware unknowingly because it can be
disguised as a game, security patch, utility, or other useful application. It is difficult
for users to tell the difference between a legitimate application and one containing
malware. For example, an application could be repackaged with malware and a
consumer could inadvertently download it onto a mobile device. the data can be
easily intercepted. When a wireless transmission is not encrypted, data can be easily
intercepted by eavesdroppers, who may gain unauthorized access to sensitive
information.
• 5. Mobile devices often do not use security software. Many mobile devices do not
come preinstalled with security software to protect against malicious applications,
spyware, and malware-based attacks. Further, users do not always install security
software, in part because mobile devices often do not come preloaded with such
software. While such software may slow operations and affect battery life on some
mobile devices, without it, the risk may be increased that an attacker could
successfully distribute malware such as viruses, Trojans, spyware, and spam to lure
users into revealing passwords or other confidential information.
• 6. Operating systems may be out-of-date. Security patches or fixes for mobile devices' operating
systems are not always installed on mobile devices in a timely manner. It can take weeks to
months before security updates are provided to consumers' devices. Depending on the nature of
the vulnerability, the patching process may be complex and involve many parties. For example,
Google develops updates to fix security vulnerabilities in the Android OS, but it is up to device
manufacturers to produce a device-specific update incorporating the vulnerability fix, which can
take time if there are proprietary modifications to the device's software. Once a manufacturer
produces an update, it is up to each carrier to test it and transmit the updates to consumers'
devices. However, carriers can be delayed in providing the updates because they need time to
test whether they interfere with other aspects of the device or the software installed on it.
• In addition, mobile devices that are older than two years may not receive security updates
because manufacturers may no longer support these devices. Many manufacturers stop
supporting smartphones as soon as 12 to 18 months after their release. Such devices may face
increased risk if manufacturers do not develop patches for newly discovered vulnerabilities.
• 7. Software on mobile devices may be out-of-date. Security patches for third-party applications
are not always developed and released in a timely manner. In addition, mobile third-party
applications, including web browsers, do not always notify consumers when updates are
available. Unlike traditional web browsers, mobile browsers rarely get updates. Using outdated
software increases the risk that an attacker may exploit vulnerabilities associated with these
devices.
• 8. Mobile devices often do not limit Internet connections. Many mobile devices do not have
firewalls to limit connections. When the device is connected to a wide area network it uses
communications ports to connect with other devices and the Internet. A hacker could access the
mobile device through a port that is not secured. A firewall secures these ports and allows the
user to choose what connections he wants to allow into the mobile device. Without a firewall, the
mobile device may be open to intrusion through an unsecured communications port, and an
intruder may be able to obtain sensitive information on the device and misuse it.
• 9. Mobile devices may have unauthorized modifications. The process of modifying a mobile device
to remove its limitations so consumers can add features (known as "jailbreaking" or "rooting")
changes how security for the device is managed and could increase security risks. Jailbreaking
allows users to gain access to the operating system of a device so as to permit the installation of
unauthorized software functions and applications and/or to not be tied to a particular wireless
carrier. While some users may jailbreak or root their mobile devices specifically to install security
enhancements such as firewalls, others may simply be looking for a less expensive or easier way
to install desirable applications. In the latter case, users face increased security risks, because they
are bypassing the application vetting process established by the manufacturer and thus have less
protection against inadvertently installing malware. Further, jailbroken devices may not receive
notifications of security updates from the manufacturer and may require extra effort from the
user to maintain up-to-date software.
• 10. Connecting to an unsecured WiFi network could let an attacker access personal information
from a device, putting users at risk for data and identity theft. One type of attack that exploits the
WiFi network is known as man-in-the-middle, where an attacker inserts himself in the middle of
the communication stream and steals information.9. Communication channels may be poorly
secured. Having communication channels, such as Bluetooth communications, "open" or in
"discovery" mode (which allows the device to be seen by other Bluetooth-enabled devices so that
connections can be made) could allow an attacker to install malware through that connection, or
surreptitiously activate a microphone or camera to eavesdrop on the user. In addition, using
unsecured public wireless Internet networks or WiFi spots could allow an attacker to connect to
the device and view sensitive information.
Fight Back
• A number of ideas including:
• Enable user authentication: Devices can be configured to require passwords or PINs
to gain access. In addition, the password field can be masked to prevent it from
being observed, and the devices can activate idle-time screen locking to prevent
unauthorized access.
• Verify the authenticity of downloaded applications: Procedures can be implemented
for assessing the digital signatures of downloaded applications to ensure that they
have not been tampered with.Enable two-factor authentication for sensitive
transactions: Two-factor authentication can be used when conducting sensitive
transactions on mobile devices. Two-factor authentication provides a higher level of
security than traditional passwords. Two-factor refers to an authentication system in
which users are required to authenticate using at least two different "factors"
something you know, something you have, or something you are before being
granted access. Mobile devices themselves can be used as a second factor in some
two-factor authentication schemes used for remote access. The mobile device can
generate pass codes, or the codes can be sent via a text message to the phone.
Two-factor authentication may be important when sensitive transactions occur, such
as for mobile banking or conducting financial transactions.
• Install antimalware capability: Antimalware protection can be installed to protect
against malicious applications, viruses, spyware, infected secure digital cards, b and
malware-based attacks. In addition, such capabilities can protect against unwanted
(spam) voice messages, text messages, and e-mail attachments.
• Install a firewall: A personal firewall can protect against unauthorized connections by intercepting both incoming
and outgoing connection attempts and blocking or permitting them based on a list of rules.
• Install security updates: Software updates can be automatically transferred from the manufacturer or carrier directly
to a mobile device. Procedures can be implemented to ensure these updates are transmitted promptly.
• Remotely disable lost or stolen devices: Remote disabling is a feature for lost or stolen devices that either locks the
device or completely erases its contents remotely. Locked devices can be unlocked subsequently by the user if they
are recovered.
• Enable encryption for data stored on device or memory card: File encryption protects sensitive data stored on
mobile devices and memory cards. Devices can have built-in encryption capabilities or use commercially available
encryption tools.
• Enable whitelisting: Whitelisting is a software control that permits only known safe applications to execute
commands.
• Establish a mobile device security policy: Security policies define the rules, principles, and practices that determine
how an organization treats mobile devices, whether they are issued by the organization or owned by individuals.
Policies should cover areas such as roles and responsibilities, infrastructure security, device security, and security
assessments. By establishing policies that address these areas, agencies can create a framework for applying
practices, tools, and training to help support the security of wireless networks.
• Provide mobile device security training: Training employees in an organization's mobile security policies can help to
ensure that mobile devices are configured, operated, and used in a secure and appropriate manner.
• Establish a deployment plan: Following a well-designed deployment plan helps to ensure that security objectives are
met.
• Perform risk assessments: Risk analysis identifies vulnerabilities and threats, enumerates potential attacks, assesses
their likelihood of success, and estimates the potential damage from successful attacks on mobile devices.
• Perform configuration control and management: Configuration management ensures that mobile devices are
protected against the introduction of improper modifications before, during, and after deployment.
 SOCIAL NETWORKING SAFETY
• Social networking is a method of communication with people through online
platforms such as Facebook, LinkedIn, and Twitter. Over the years, social networking
has become an important part of life for both adults and teens. The popularity is due
to the ability of meeting the needs and interests of a vast majority of people.
• For teens it is a way to socialize with friends, by sharing the latest events, photos and
videos. Adults use social platforms for the same reason as teens, while also utilizing
each platform in a professional manner as well. It is a valuable tool for businesses in
that it allows them to interact with like-minded professionals, customers and other
businesses.
• With all the benefits social networking offers, it is easy to overlook the risks that are
involved. Said risks include threats of criminal activity, such as, stalking, bullying,
identity theft, and hacking. Also, users may fall prey to impersonators who can cause
damage to their reputation and standing with the very people they are trying to
network with. To make the best use of social networking while avoiding the risks,
users will need to understand and follow a set of basic safety tips that are easy to
remember and highly effective.
• 1. Be Cautious of Sharing Too Much
• When utilizing a social networking website, people have the option of sharing
personal details with friends and followers. While sharing some information is okay,
other facts can reveal too much about who a person is. For the sake of personal
safety, one should never reveal their date and place of birth, home address or phone
number, as this could put them at serious risk for identity theft and fraud. In
addition, it is extremely important that a person never reveal their credit card
numbers, banking information, passwords, or social security number on any
networking site. If such information is shared it would be very easy to fall victim to
crimes ranging from stalking to identity theft.
•
• 2. Adjust Privacy Settings
• Nearly all social networking sites have pre-set or default privacy settings. People
often feel that these setting are sufficient enough and never put forth the effort to
make changes. Altering one's privacy settings can allow the account holder to block
strangers and people who are not friends with them from viewing his or her private
information. These settings also limit what information is available in search results;
for example, Facebook allows the account holder to modify their settings so only
their friends, friends and networks, specific groups, or no one can see their status,
photos, videos, likes, etc.. Privacy settings can be adjusted at any time; however, the
account holder must log in to make adjustments.
• 3. Limit Details About Work History
• On some social networking sites, such as LinkedIn, people are able to post resumes and other
information that pertains to their work history. Work related information can reveal too much
about a person's personal life and can give criminals such as hackers personal information which
may help them to hack into one's account. The information that is found on resumes can also be
used in identity theft.
•
• 4. Verify Who You're Connecting With
• There are a number of reasons why a person may put up a false account. If there is ever
uncertainty about the authenticity of an account that claims to belong to a friend, is important to
check with the individual for verification. These accounts may be setup in efforts to misrepresent
themselves as another person in order to make false statements. This may be done to embarrass
someone or to create problems that either of a legal or personal nature. False accounts may also
be set up to for the purpose of sending people to malicious sites or with the intent of committing
fraud.
•
• 5. Keep Control of Comments – Be Aware of Impersonators
• Impersonation can be a problem when it comes to comments on networking websites. Typically,
people who are misrepresented online only need to ask that the impersonator be removed. This
can be a hassle, however, networking sites are beginning to require commenter's to go through
an authentication process in which they are identified as registered users or not.
•
• 6. Don't Share Personal Details
• Microblogging websites encourage people to share in the moment activities and slices of life. For
people who enjoy this sort of social interaction, they may find that they are revealing too much
about what is happening and as a result making themselves the ideal victim for thieves and other
criminals. Because these networks are visible to practically everyone, a person should not reveal
information that alerts criminals to their whereabouts or other actions. For example, a person
should never reveal where they are vacationing, shopping, or traveling. It should also never be
revealed when they expect to leave or return home.
• 7. Check Out Your Own Account
• In order to ensure the security of one's account, it is wise to search for their profile from the prospective of
someone who is conducting a search. This step will let the account holder know what others are able to view. When
using a search engine to look for one's profile they will also be able to see if there are any false accounts set up in his
or her name.
•
• 8. Know Employer Boundaries or Acceptable Use Policies
• More and more frequently there are reports of people who have lost their jobs as a result of their activities on social
networking sites. This can easily be avoided when employees review what policies their employer has in place. These
policies may affect what a person can share in terms of pictures and/or writing. This is done to not only protect their
reputation, but to also prevent data loss or loss of intellectual property.
•
• 9. Control What Information is Shared with Outside Sources
• When a person joins a social networking site, they should understand how that site uses their private information. A
user's personal details may be shared with partners, advertisers, or other outside companies. Reading the privacy
policy of the social networking platform will explain exactly how private information is used. Unfortunately, people
do not fully read these policies before agreeing to them. The privacy terms should be rechecked in the event that a
company is sold as these policies may change.
•
• 10. Be Careful of Over-Friending
• As a member of a social networking group, it can be exciting to gain new "friends" or followers. Looking through the
network it is easy to find members with high numbers of friends, which can inspire a competitive streak in some. A
high number of friends, however, is not always positive. Some "friends" can be problematic by introducing spam into
one's timeline or some may even have criminal intentions. When accepting friends, choose people who are actual
friends.
•
• 11. Consider Forming a New Social Network
• Respected networking sites like Facebook and Twitter, are not the only social networking platforms available. The
popularity of these sites make them larger than life and attract a large assortment of people with various agendas.
However, people who are interested in interacting with a smaller, more intimate group of people should look into
joining MeetUp, Ning, or FamilyLeaf. In some cases people are able to go through MeetUp to create a niche social
network that will attract like-minded individuals within one's own community.
•
• 12. Single Sign-On: Open ID
• Using a single sign-on for multiple platforms is one way people can reduce the likelihood of their
passwords getting into the hands of identity thieves and hackers. OpenID is the most common
single sing-on to manage various accounts.
•
• 13. What Goes Online Stays Online
• When sharing information online it is important for people to realize the permanence of what
they type or download. Once information goes on the Internet, through social networking,
microblogging, etc., it is difficult, if not impossible to remove. In some instances, the information
may even be captured via screen shot and used on blogs or news sites. Depending on what was
originally submitted, the information can prove detrimental for future job prospects,
relationships, and may even leave a person vulnerable to crimes.
•
• 14. Know How to Block Unfriendly Followers
• Nearly every social networking platforms gives users a way to protect themselves from
harassment or unwanted contact. When joining a social network one should familiarize themself
with how to block another member. Once a person has been blocked, he or she will no longer
have the ability to interact with the individual who has done the blocking.
•
• 15. Keep Passwords Strong
• Security is as important for one's social network account as it is for their computer or any other
account. Creating a strong password will prevent hackers from gaining access to one's account
and using it to post spam or malicious attacks. When creating a password it is important to choose
one that consists of no less than eight characters. The characters should consist of both letters
and numbers and should be changed approximately every three months.
Here are our top 10 tips to stay safe on social media:
• Use a strong password. The longer it is, the more secure it will be.
• Use a different password for each of your social media accounts.
• Set up your security answers. This option is available for most social media sites.
• If you have social media apps on your phone, be sure to password protect your
device.
• Be selective with friend requests. If you don’t know the person, don’t accept their
request. It could be a fake account.
• Click links with caution. Social media accounts are regularly hacked. Look out for
language or content that does not sound like something your friend would post.
• Be careful about what you share. Don’t reveal sensitive personal information ie:
home address, financial information, phone number. The more you post the easier
it is to have your identity stolen.
• Become familiar with the privacy policies of the social media channels you use and
customize your privacy settings to control who sees what.
• Protect your computer by installing antivirus software to safeguard. Also ensure
that your browser, operating system, and software are kept up to date.
• Remember to log off when you’re done.
• Social networking websites likeMySpace, Facebook, Twitter, andWindows Live Spaces are services people can use to connect with
others to share information like photos, videos, and personal messages.
• As the popularity of these social sites grows, so do the risks of using them. Hackers, spammers, virus writers, identity thieves, and other
criminals follow the traffic.
• Read these tips to help protect yourself when you use social networks.
• Use caution when you click links that you receive in messages from your friends on your social website. Treat links in messages on
these sites as you would links in e-mail messages.
• Know what you’ve posted about yourself. A common way that hackers break into financial or other accounts is by clicking the “Forgot
your password?” link on the account login page. To break into your account, they search for the answers to your security questions,
such as your birthday, hometown, high school class, father’s middle name, on your social networking site. If the site allows, make up
your own password questions, and don’t draw them from material anyone could find with a quick search.
• Don’t trust that a message really is from whom it says it’s from. Hackers can break into accounts and send messages that look like
they’re from your friends, but aren’t. If you suspect that a message is fraudulent, use an alternate method to contact your friend to find
out. This includes invitations to join new social networks.
• To avoid giving away e-mail addresses of your friends, do not allow social networking services to scan your e-mail address
book. When you join a new social network, you might receive an offer to enter your e-mail address and password to find out if your
contacts are on the network. The site might use this information to send e-mail messages to everyone in your contact list or even
everyone you’ve ever sent an e-mail message to with that e-mail address. Social networking sites should explain that they’re going to
do this, but some do not.
• Type the address of your social networking site directly into your browser or use your personal bookmarks. If you click a link to your
site through e-mail or another website, you might be entering your account name and password into a fake site where your personal
information could be stolen.
• Be selective about who you accept as a friend on a social network. Identity thieves might create fake profiles in order to get
information from you.
• Choose your social network carefully. Evaluate the site that you plan to use and make sure you understand the privacy policy. Find out
if the site monitors content that people post. You will be providing personal information to this website, so use the same criteria that
you would to select a site where you enter your credit card.
• Assume that everything you put on a social networking site is permanent.Even if you can delete your account, anyone on the Internet
can easily print photos or text or save images and videos to a computer.
• Be careful about installing extras on your site. Many social networking sites allow you to download third-party applications that let you
do more with your personal page. Criminals sometimes use these applications to steal your personal information. To download and use
third-party applications safely, take the same safety precautions that you take with any other program or file you download from the
Web.
• Think twice before you use social networking sites at work.
• Talk to your kids about social networking.
• The four major dangers of using social networking websites are
• Over sharing information. When creating a profile page, most websites will ask for personal information such as
home addresses, birthdays, and phone numbers. Giving this information can be very dangerous and will be made
public to anyone who visits a user’s profile page, especially if privacy settings are not set correctly. Even if account
settings are set to private, users are still at risk of their accounts being hacked. If someone hacks into an account he
or she will be able to view and use the information. Sharing simple things like your favorite color can tip off a hacker
to try to see if you used that as a password on your account. The biggest threat of over sharing information is
identity theft. Identity theft is not uncommon in the world of online social networking. Online computer criminals
look to steal identities in obvious and not so obvious ways. An obvious way would be someone asking for your social
security number. A not so obvious way is luring a user to click on a link that will allow the criminal to download all of
the user’s personal information. The anonymity provided online makes it easier for computer criminals to go
undetected.
• He’s not who you think he is. Social networking sites make it very easy to pretend to be someone else. Even if an
individual may be friends with someone on the site, anyone can take control of a user’s account if he or she can
obtain the user’s password. As a result, someone who is a “Friend” can ask for money or gain personal information
that can be used to hack into other accounts. For example, you may get a message from a relative asking you for
your banking information because he or she would like to wire you some money for your birthday. You may think
you’re talking to your relative, but in fact the information is being requested by someone who has hacked into your
relative’s account.
• Location-based services. Location-based services can be one of the most dangerous features provided by social
networking sites. It exposes the profile user’s location and whereabouts. The service also has a feature that allows
users to tag who they are with at any given time. While it can be fun to share your location with friends and family, it
can also increase your vulnerability, potentially opening you up to being robbed, sexually assaulted, or worse.
Predators can use this tool to track your movements and determine when you are alone or when you are not at
home.
• Posting photos. One of the features of online social networking that many teens enjoy is the photo-sharing feature.
This feature allows you to post photos 24 hours a day. Whether it is from your computer or mobile device, posting
photos can be done in seconds. The Internet makes it easy to obtain photos and use the images in any way a person
may choose. Posting inappropriate photos that may be deemed as fun, cute, or sexy, can end up where one least
expects it. Photo tampering is a big threat when it comes to posting photos online. The use of photo editing tools
allows people to manipulate online images in any way they choose, whether it’s used for good or bad purposes.
While posting pictures and sharing them with friends can be fun, it can also be risky.
• Teaching Your Teen Three Simple Steps To Increase Safety
• Don’t give optional information-When creating a profile, you do
not need to enter all of the information that is requested. The
set-up page usually requires you to fill out basic information, such
as your name and email. Everything else is optional. Do not feel
obligated to put your address and telephone number.
• Third level of privacy- There are three levels of privacy settings to
choose from for your profile. There is “open to everyone,” “open
to friends of friends” and “friends only.” The best setting to use is
the “friends only” setting on all of your privacy choices. “Friends
only” is the strictest level of security; it only allows people that
you have accepted as a friend to view information about you.
• Accept only people you know- Accepting only people you know
and trust is a great way to ensure safety when using social
networking sites. Doing this can protect you from spammers,
pedophiles, and other people who use social networking sites to
commit crimes.
• When discussing social networking safety with your child, encourage him
or her to always use discretion when posting any type of photo, location
status, and message. Tell your teen to ask him or herself these four
questions before posting to the world:
"Think Before They Post”
• Should I share this? Will the information you share put yourself or
someone else in danger?
• Do people really need to know where I am and who I am with? - Is it a
good idea to let everyone know my exact location?
• Am I selecting friends online that I can trust? –Always keep in mind that
it's not just about what you post, but how others may use that content.
• Is the information I am sharing transparent? - Before sharing information
to the public, does your post give out too much personal information?
• Having a discussion with your teen about social networking sites can ease
some anxiety about your child’s safety. Social networking sites help us stay
connected to family and friends. However, it’s important to make sure
your child knows how to be safe while online. Encourage them to enjoy
the sites but to be safe at all times.
 Privacy issues on Social Network sites
• Social media is possibly the most vital sector of the Internet, but, being open and social creates legitimate concerns
about privacy and safety. Headlines warning of online security breaches are just one reminder of the vulnerability of
all websites, including social media outlets.
• Despite these justifiable security concerns about the Web, some of the reasons a person's social media account is
compromised are self-induced. Five common mistakes that can expose an account include:
• 1. Forgetting to Log Out
• Increase the security of your social media account by always logging out when you step away from your laptop or
computer. It's best to go one step further and close down the browser you were using to view your account. If you
leave your account logged in, you set yourself up to be hacked because anyone who can get to your computer can
access your account, change the password or even post items and communicate with your friends as if they are you.
Logging out and shutting down the browser is even more important if you use a public computer.
• 2. Clicking on Enticing Ads
• Viruses and malware often find their way onto your computer through those annoying, but sometimes enticing ads.
However, on the Web, just like in real life, if an offer seems to good to be true, then it probably is. Save yourself a
potential security headache - don't click.
• 3. Connecting With Strangers
• Be careful of who you accept invitations from when building your online network. Connecting and sharing
information with people you don't know can be dangerous. If you receive friend requests from strangers, it's best to
stay away.
• Further, if you receive friend requests from people you do know, but are already connected with via the same site,
it's possible that someone has set up a fake account. Avoid accepting duplicate requests, instead checking in with
the 'real' person to see if the request is legitimate.
• You should also be careful when connecting with a celebrity's account, as scammers sometimes pose as famous
people. Make sure it is their official, legitimate account and not a stranger pretending to be them before you accept
their 'friend' invitation.
• 4. Using Third Party Apps
• Part of the appeal of social media sites are all the various games and apps. Even though a
significant number of them are safe, you do grant the app a certain level of permission
concerning your information. Make sure you know what the app is viewing and sharing
before agreeing to the terms.
• 4. Exposing Too Much Information
• Make sure you understand the level of privacy - or lack of privacy - you are agreeing to when
volunteering personal information. Do you really want an app badly enough to allow it to
announce where you are?
• Also, participating in seemingly innocent games, like posting answers to a list of 20 questions,
may actual also allow cyber-criminals gather important personal information. For example,
the question, "What is your most embarrassing moment?" is probably fine to answer, but
answering questions like, "What is your pet's name?" or "Where did you and your significant
other meet?" may expose answers you gave to security questions for legitimate sites like
Amazon or your bank.
• 5. Failing to Utilize Security Settings
• Social media sites provide you with the ability to restrict who has access to your information.
For example, Facebook (like others) lets you decide who your friends are and what content
they can view. One practice to increase your account's security is to disable most of the
options and then re-open them once you understand what the settings specifically mean to
your account.
• In reality, you probably want different types of content to be displayed to different people,
with the most being available to known friends and the least to acquaintances.
• What to Do if Your Account Is Hacked
• Regardless whether your account is compromised because the social networking site was hacked
or just your individual account was infected, you need to take several steps to resolve the issue.
• Clean Your Device
The aforementioned hack that compromised Facebook and Google was caused by malware on
users machines. In cases like this, use well-known quality malware removal software to scan your
machine. The software will contain and/or destroy known and suspicious files. You may even
consider reformatting your computer.
• Once your machine is clean, the best way to prevent it from becoming infected again is to keep
your antivirus software and browsers current. Set them to automatically install updates.
• Change Your Passwords
• Once an account has been compromised, it is best to presume all your passwords are
compromised. Some security experts advise using a different, strong password for each site.
• Get a Password Manager
• Since security is dependent on multiple strong passwords, it can become difficult to remember
them all -- although there are tricks to make it possible. Consider using a password manager to
reduce your vulnerability. You can use the program's password generator to create strong,
hard-to-break passwords and you only need to remember one password to access the manager.
• Report It
• Make sure you report the situation to the social network site. This is especially true if you have
been locked out of your account. If this happens, you may have to prove to the social networking
site the account belongs to you, but be persistent and follow through. If you don't, someone could
potentially post information as if they are you - which, at the very least, can damage your online
reputation.
• If a crime has been committed, such as banking information stolen, also report the incident to
local authorities and appropriate federal law enforcement agencies.
• Use Two-Step Verification
• If the social media site offers a two-step
verification process, use it. The added layer of
security makes it much harder for a would-be
hacker to access your account. The extra
log-in steps will save you time and headaches
in the long run.
 PASSWORD HACKING

• What Is Password Hacking?

• A password can be a secret word, phrase or string of characters used to gain access to secured
data. An individual with no knowledge of a password may still determine it through password
hacking.
• Definition
• Password hacking, sometimes referred to as password cracking, is a method of recovering
passwords from data transmitted by or stored on a computer.
• Purpose
• Password hacking can help a legitimate user retrieve a forgotten password. System administrators
may use password hacking as a preventive tactic, to check for easily hacked passwords in order to
modify them for increased security. Unauthorized users hack passwords to gain access to a secure
system.
• Methods
• Guessing and brute force are two methods used to hack passwords. Individuals with knowledge of
the password owner’s personal information may guess at the password and choose possibilities
based on that owner’s date of birth, pet, relative or other information. The brute force method
involves attempting to input every possible password combination to retrieve a password. This is
most effective if the hacker knows the password hash function, or algorithm, or mathematical
computation, used to encrypt, or code, password data.
• How to Defend against Password Hacking
• Any way you look at it: your secret passwords are under attack.
Computer hackers love to successfully defeat cryptography
systems. Cybercriminals enjoy getting access to your online
accounts. Fraudsters want to steal your identity. Some hackers
just want the publicity of embarrassing a prominent online brand
by pilfering their account data.
• Now while the average user can do little to stop wholesale theft of
Internet account credentials from major social media networks,
ISPs or online banks – we can all do our part to lock the front door
to our personal information better. This means selecting a
stronger password in the first place. Too many people are still
choosing lame combinations and making the hacker’s job all too
easy. (Some of the most popular remain “password”, “123456”,
“abc123” and “welcome”!)1
• Password hacking is ongoing and growing. Let’s examine some of
the methods computer hackers employ to obtain your online
credentials.
• How hackers crack passwords:
• Social Engineering. The easiest way for a hacker or criminal to gain access to your
online account information is simply to ask. They can pose either as you or as the
online service provider and get one or the other to give up your password. When
posing as you, they contact the site’s customer support department and use stolen
information about you to “prove” that they are you. Then the password is simply
reset and the hacker is in. When posing as the bank or ISP, they use phishing
techniques to trick you into sharing your credentials, such as setting up spoof login
screens that pretend to be the official website.
• Spyware. Hackers can use keylogging malware that secretly installs itself on your
computer, logs your keystrokes, and then transmits account credentials. Practicing
safe computing techniques – which include regularly scanning computers for viruses,
never sending login information over email, and ignoring popup windows – can go a
long way toward protecting your personal information.
• Cracking. Cracking is the process of recovering passwords from data that has been
stored in or transmitted by a computer system. A common approach is to repeatedly
try guesses for the password. Another common approach is to say that you have
"forgotten" the password and then change it.
• Guessing. If all else fails, hackers can crack (essentially guess) your password in a few
different ways. They use special programs armed with dictionaries or known
information about you to try combinations such as hobbies, pet names, date of
birth, loved ones, birthplace and other associated words. As a last resort, they can
use “brute force” automated programs that try every possible combination.
• Building a better password:
• To do your part to thwart the password thieves, rely on these simple tips for constructing a
hack-proof password.
• Longer is usually stronger. Passwords featuring 10 or more characters are better than those with 8
or less. Try experimenting with login phrases instead of single words.
• Use uppercase and lowercase letters. Try a combination of big and small letters, and in random
combination not always initial letter capitalization.
• Insert numbers and special characters. Substituting a zero “0” for the letter “O” is one common
method, but also try 1 for I, 3 for E, and 5 for S. Add characters like @#$%^&* for variety.
• Experiment with clues. Think of a random childhood attraction, or a place you love, or a specific
car, a vacation spot, or a favorite restaurant. These will be easy to remember but hard to crack
using what may be already known about you.
• Use a personal algorithm. You can create your own cryptographic method to obscure your
passwords. Try thinking of a long phrase and then using just the initial letters of that phrase.
Combine unrelated words. Always substitute the same numbers for certain letters. Type the
password one row higher on the keyboard.
• Change often. Changing your passwords monthly, even occasionally, is a good practice.
• One study has shown that adding just a single capital letter and one asterisk would change the
processing time for an 8-character password from 2.4 days to 2.1 centuries.
• Our last piece of advice may be the hardest to follow. You really need to have different username
/ password combinations for every website you visit, email account or computing device.
Otherwise if a hacker can figure out your standard password on one site, then everything else will
be compromised. Don’t use the same password everywhere. Password management programs
such as Password Gorilla (Free) or 1 Password (Paid) can encrypt and store all of your passwords
with master access to all of them. Many of these packages feature automated form completion
and mobile versions for smartphone use. Ongoing vigilance is key to avoid becoming a victim of
password hacking.
 What Is Spamming?

• Spamming is the sending of an unsolicited email. What this means is that you send an email,
generally an ad of some sort, to someone who has not requested to receive that information from
you.
Electronic spamming is the use of electronic messaging systems to send an unsolicited message
(spam), especially advertising, as well as sending messages repeatedly on the same site. While the
most widely recognized form of spam is email spam, the term is applied to similar abuses in other
media: instant messaging spam, Usenet newsgroup spam, Web search engine spam, spam in
blogs, wiki spam,online classified ads spam, mobile phone messaging spam, Internet forum
spam, junk fax transmissions, social spam, spam mobile apps, television advertising and file
sharing spam. It is named after Spam, a luncheon meat, by way of a Monty Python sketch about a
menu that includes Spam in every dish. The food is stereotypically disliked/unwanted, so the word
came to be transferred by analogy.
• Spamming remains economically viable because advertisers have no operating costs beyond the
management of their mailing lists, servers, infrastructures, IP ranges, and domain names, and it is
difficult to hold senders accountable for their mass mailings. Because thebarrier to entry is so low,
spammers are numerous, and the volume of unsolicited mail has become very high. In the year
2011, the estimated figure for spam messages is around seven trillion. The costs, such as lost
productivity and fraud, are borne by the public and by Internet service providers, which have
been forced to add extra capacity to cope with the deluge. Spamming has been the subject of
legislation in many jurisdictions.
• A person who creates electronic spam is called a spammer.
 Spamming In different media
• Email
• Email spam, also known as unsolicited bulk email (UBE), junk mail, or unsolicited commercial
email (UCE), is the practice of sending unwanted email messages, frequently with commercial
content, in large quantities to an indiscriminate set of recipients. Spam in email started to become
a problem when the Internet was opened up to the general public in the mid-1990s. It grew
exponentially over the following years, and today composes some 80 to 85 percent of all the
e-mail in the World, by a "conservative estimate". Pressure to make email spam illegal has been
successful in some jurisdictions, but less so in others. The efforts taken by governing bodies,
security systems and email service providers seem to be helping to reduce the onslaught of email
spam. According to "2014 Internet Security Threat Report, Volume 19" published by Symantec
Corporation, spam volume dropped to 66% of all email traffic. Spammers take advantage of this
fact, and frequently outsource parts of their operations to countries where spamming will not get
them into legal trouble.
• Increasingly, e-mail spam today is sent via "zombie networks", networks of virus-
or worm-infected personal computers in homes and offices around the globe. Many modern
worms install a backdoor that allows the spammer to access the computer and use it for malicious
purposes. This complicates attempts to control the spread of spam, as in many cases the spam
does not obviously originate from the spammer.
• Instant messaging
• Instant messaging spam makes use of instant messaging systems. Although less ubiquitous than
its e-mail counterpart, according to a report from Ferris Research, 500 million spam IMs were sent
in 2003, twice the level of 2002. As instant messaging tends to not be blocked by firewalls, it is an
especially useful channel for spammers. This is very common on many instant messaging systems
such as Skype
• Newsgroup and forum
• Newsgroup spam is a type of spam where the targets are Usenet newsgroups. Spamming of Usenet newsgroups actually
pre-dates e-mail spam. Usenet convention defines spamming as excessive multiple posting, that is, the repeated posting of a
message (or substantially similar messages). Forum spam is the creation of advertising messages on Internet forums. It is
generally done by automated spambots. Most forum spam consists of links to external sites, with the dual goals of
increasing search engine visibility in highly competitive areas such as weight loss, pharmaceuticals, gambling, pornography,
real estate or loans, and generating more traffic for these commercial websites. Some of these links contain code to track
the spambot's identity; if a sale goes through, the spammer behind the spambot works on commission.
• Mobile phone
• Mobile phone spam is directed at the text messaging service of a mobile phone. This can be especially irritating to
customers not only for the inconvenience, but also because of the fee they may be charged per text message received in
some markets. The term "SpaSMS" was coined at the adnews website Adland in 2000 to describe spam SMS. To comply with
CAN-SPAM regulations in the US, SMS messages now must provide options of HELP and STOP, the latter to end
communication with the advertiser via SMS altogether.
• Despite the high number of phone users, there has not been so much phone spam, because there is a charge for sending
SMS, and installing trojans into other's phones that send spam (common for e-mail spam) is hard
because applications normally must be downloaded from a central database.
• Social networking spam
• Facebook and Twitter are not immune to messages containing spam links. Most insidiously, spammers hack into accounts
and send false links under the guise of a user's trusted contacts such as friends and family. As for Twitter, spammers gain
credibility by following verified accounts such as that of Lady Gaga; when that account owner follows the spammer back, it
legitimizes the spammer and allows him or her to proliferate. Twitter has studied what interest structures allow their users
to receive interesting tweets and avoid spam, despite the site using the broadcast model, in which all tweets from a user are
broadcast to all followers of the user.
• Social spam
• Spreading beyond the centrally managed social networking platforms, user-generated content increasingly appears on
business, government, and nonprofit websites worldwide. Fake accounts and comments planted by computers programmed
to issue social spam can infiltrate these websites. Well-meaning and malicious human users can break websites' policies by
submitting profanity, insults,hate speech, and violent messages.
• Newsgroup and forum
• Newsgroup spam is a type of spam where the targets are Usenet newsgroups. Spamming of
Usenet newsgroups actually pre-dates e-mail spam. Usenet convention defines spamming as
excessive multiple posting, that is, the repeated posting of a message (or substantially similar
messages). Forum spam is the creation of advertising messages on Internet forums. It is generally
done by automated spambots. Most forum spam consists of links to external sites, with the dual
goals of increasing search engine visibility in highly competitive areas such as weight loss,
pharmaceuticals, gambling, pornography, real estate or loans, and generating more traffic for
these commercial websites. Some of these links contain code to track the spambot's identity; if a
sale goes through, the spammer behind the spambot works on commission.
• Mobile phone
• Mobile phone spam is directed at the text messaging service of a mobile phone. This can be
especially irritating to customers not only for the inconvenience, but also because of the fee they
may be charged per text message received in some markets. The term "SpaSMS" was coined at
the adnews website Adland in 2000 to describe spam SMS. To comply with CAN-SPAM regulations
in the US, SMS messages now must provide options of HELP and STOP, the latter to end
communication with the advertiser via SMS altogether.
• Despite the high number of phone users, there has not been so much phone spam, because there
is a charge for sending SMS, and installing trojans into other's phones that send spam (common
for e-mail spam) is hard because applications normally must be downloaded from a central
database.
• Social networking spam
• Facebook and Twitter are not immune to messages containing spam links.
Most insidiously, spammers hack into accounts and send false links under
the guise of a user's trusted contacts such as friends and family. As for
Twitter, spammers gain credibility by following verified accounts such as
that of Lady Gaga; when that account owner follows the spammer back, it
legitimizes the spammer and allows him or her to proliferate. Twitter has
studied what interest structures allow their users to receive interesting
tweets and avoid spam, despite the site using the broadcast model, in
which all tweets from a user are broadcast to all followers of the user.
• Social spam
• Spreading beyond the centrally managed social networking platforms,
user-generated content increasingly appears on business, government,
and nonprofit websites worldwide. Fake accounts and comments planted
by computers programmed to issue social spam can infiltrate these
websites. Well-meaning and malicious human users can break websites'
policies by submitting profanity, insults,hate speech, and violent
messages.
 Social network Account Attack

• The following are ways to hack any online account, not just social networking sites, in order of difficulty.
• Guessing Passwords (Bruteforce Attack):
• This is arguable the most common and easiest type of attack, because it can be launched against any website.
• The attacker would try to login by trying different passwords.
• There are tools/utilities that automate this process, so the attacker would just need to give said tool/utility a list of
words/passwords to try.
• Phishing Attack:
• This is when at attacker tries to obtain sensitive information (eg username, password, DoB, security questions &
answers ...etc) from the victim by posing as a legitimate entity. Phishing attacks encompasses other attack types,
such as social engineering and/or cross-site scripting attacks.
• The simplest form of phishing is cloning the targetted website and sending the URL to the victim. The unsuspecting
victim would then type in the sensitive information in the cloned website.
• Social Engineering:
• This type of attack requires some creativity and due-diligence from the attacker.
• In this type of attack, an attacker would try to get the victim to do something the victim otherwise would not be
willing to do.
• In the context of trying to hack an account, the attacker could pose as a Security Engineer/Analyst from the
website's corporate office informing you that your account has been compromised and asking you to "confirm your
identity" by asking you a series of questions for your name, DoB, username, address ...etc.
• In this context, the attacker could use email, phone, or instant massaging to carry out their attack, but in other
contexts, the attacker could even try to carry social engineering attacks out in person.
• Cross-Site Scripting Attack:
• This type of attack can be carried out against any website. The website must meet certain
conditions in order for this attack to work. Specifically, the website must not sanitize user inputs.
• Once the attacker confirms that the site is susceptible, the attacker would typically send a URL to
the victim. Upon clicking on the URL, some malicious code runs in the victim's browser that
extracts and sends sensitive information from victim to the attacker.
•
•
• Man-in-the-Middle Attack:
• This is a highly sophisticated attack and could be carried out in many different ways. Essentially,
this is when the attacker embeds themselves between the victim and the website.
• If the attacker is in the same network as the victim, then the attacker could fool the victim's
machine into thinking that the attacker's machine is the access point/router, or hacking the router
to forward all traffic to attacker's machine (ARP spoofing). Once this is established, the victim's
traffic goes through the attacker's machine before it goes to the final destination and goes
through the attacker's machine first before reaching your machine on its way back. This means
the hacker could, at the very least, passively sniff your packets or, at most, intercept your packets
and alter them before forwarding them along. This could lead to the attacker obtaining more than
just username/password, but potentially anything else that is being transmitted over the Internet.
 Hacking of social network account
using password cracking
• Password cracking is one of the most enjoyable hacks for the bad guys. It fuels their sense of exploration and desire to figure out a problem. A
hacker can use low-tech methods to crack passwords. These methods include using social engineering techniques, shoulder surfing, and simply
guessing passwords from information that he knows about the user.
•
• SOCIAL ENGINEERING
• The most popular low-tech method for gathering passwords is social engineering. Social engineering takes advantage of the trusting nature of
human beings to gain information that later can be used maliciously. A common social engineering technique is simply to con people into
divulging their passwords. It sounds ridiculous, but it happens all the time.
•
• TECHNIQUES
• To obtain a password through social engineering, you just ask for it. For example, you can simply call a user and tell him that he has some
important-looking e-mails stuck in the mail queue, and you need his password to log in and free them up. This is often how hackers and rogue
insiders try to get the information!
• A common weakness that can facilitate such social engineering is when staff members’ names, phone numbers, and e-mail addresses are
posted on your company websites. Social media sites such as LinkedIn, Facebook, and Twitter can also be used against a company because
these sites can reveal employees’ names and contact information.
•
• COUNTERMEASURES
• User awareness and consistent security training are great defenses against social engineering. Security tools are a good fail-safe if they monitor
for such e-mails and web browsing at the host-level, network perimeter, or in the cloud.
• Train users to spot attacks and respond effectively. Their best response is not to give out any information and to alert the appropriate
information security manager in the organization to see whether the inquiry is legitimate and whether a response is necessary. Oh, and take
that staff directory off your website or at least remove IT staff members’ information.
• SHOULDER SURFING
• Shoulder surfing (the act of looking over someone’s shoulder to see what the person is typing) is
an effective, low-tech password hack.
• TECHNIQUES
• To mount this attack, the bad guys must be near their victims and not look obvious. They simply
collect the password by watching either the user’s keyboard or screen when the person logs in.
• An attacker with a good eye might even watch whether the user is glancing around his desk for
either a reminder of the password or the password itself. Security cameras or a webcam can even
be used for such attacks. Coffee shops and airplanes provide the ideal scenarios for shoulder
surfing.
• You can try shoulder surfing yourself. Simply walk around the office and perform random spot
checks. Go to users’ desks and ask them to log in to their computers, the network, or even their
e-mail applications. Just don’t tell them what you’re doing beforehand, or they might attempt to
hide what they’re typing or where they’re looking for their password. Just be careful doing this
and respect other people’s privacy.
• COUNTERMEASURES
• Encourage users to be aware of their surroundings and not to enter their passwords when they
suspect that someone is looking over their shoulders. Instruct users that if they suspect someone
is looking over their shoulders while they’re logging in, they should politely ask the person to look
away or, when necessary, hurl an appropriate epithet to show the offender that the user is
serious.
• It’s often easiest to just lean into the shoulder surfer’s line of sight to keep them from seeing any
typing and/or the computer screen. 3M Privacy Filters work great as well.
• INFERENCE
• Inference is simply guessing passwords from information you know about users — such as their date of birth,
favorite television show, or phone numbers. It sounds silly, but criminals often determine their victims’ passwords
simply by guessing them!
• The best defense against an inference attack is to educate users about creating secure passwords that don’t include
information that can be associated with them. Outside of certain password complexity filters, it’s often not easy to
enforce this practice with technical controls. So, you need a sound security policy and ongoing security awareness
and training to remind users of the importance of secure password creation.
• WEAK AUTHENTICATION
• External attackers and malicious insiders can obtain — or simply avoid having to use — passwords by taking
advantage of older or unsecured operating systems that don’t require passwords to log in. The same goes for a
phone or tablet that isn’t configured to use passwords.
• BYPASSING AUTHENTICATION
• On older operating systems that prompt for a password, you can press Esc on the keyboard to get right in. Okay, it’s
hard to find any Windows 9x systems these days, but the same goes for any operating system — old or new — that’s
configured to bypass the login screen.
• After you’re in, you can find other passwords stored in such places as dialup and VPN connections and screen savers.
Such passwords can be cracked very easily using Elcomsoft’s Proactive System Password Recovery tool and Cain &
Abel. These weak systems can serve as trusted machines — meaning that people assume they’re secure — and
provide good launching pads for network-based password attacks as well.
• COUNTERMEASURES
• The only true defense against weak authentication is to ensure your operating systems require a password upon
boot. To eliminate this vulnerability, at leastupgrade to Windows 7 or 8 or use the most recent versions of Linux or
one of the various flavors of UNIX, including Mac OS X.