Lesson 2:

ONLINE
SAFETY,
SECURITY AND
RULES OF
NETIQUETTE
ETECH – LESSON 2
PROF.JOHN R. GARCIA, MSIT
INTERNET SAFETY
● it refers to the online security or
safety of people and their
information when using
internet.
NETIQUETTE
● is network etiquette, the do’s
and don’ts of online
communication.
TEN RULES OF
NETIQUETTE

4
Rule No. 1: Remember the human

⬡ You need to remember that you are talking

to a real person when you are online.
⬡ The internet brings people together who
would otherwise never meet.
⬡ Remember this saying when sending an
email: Would I say this to the person’s face.

5
 Rule No. 2: Adhere to the same
standards online that you follow in
real life.
⬡ You need to behave the same way online
that you do in real life.
⬡ You need to remember that you can get
caught doing things you should not be
doing online just like you can in real life.
⬡ You are still talking to a real person with
feelings even though you can’t see
them.

6
Rule no. 3: Know where you are in
cyberspace.

⬡ Always take a look around when you enter a

new domain when surfing the web.
⬡ Get a sense of what the discussion group is
about before you join it.

7
Rule no. 4: Respect other people’s
time and bandwidth.
⬡ Remember people have other things to do
besides read your email. You are not the
center of their world.
⬡ Keep your post and emails to minimum by
saying what you want to say.
⬡ Remember everyone won’t answer your
questions.

8
Rule no. 5: Make yourself look good
online.
⬡ Be polite and pleasant to everyone.
⬡ Always check your spelling and grammar
before posting.
⬡ Know what you are talking about and make
sense saying it.

9
Rule no. 6: Share expert knowledge

⬡ Ask questions online

⬡ Share what you know online.
⬡ Post the answers to your questions online
because someone may have the same
question you do.

10
Rule no. 7: Help keep flame wars
under control
⬡ Netiquette does not forgive flaming.
⬡ Netiquette does however forbid people who
are flaming to hurt discussion groups by
putting the group down.

11
Rule no. 8: Respect other people’s
privacy.
⬡ Do not read other people’s mail without
their permission.
⬡ Going through other people’s things could
cost you, your job or you could even go to
jail.
⬡ Not respecting other people’s privacy is a
bad netiquette.

12
Rule no. 9: Don’t abuse your power.

⬡ Do not take advantage of other people just

because you have more knowledge or power
than them.
⬡ Treat others as you would want them to treat
you if the roles were reversed.

13
Rule no. 10: Be forgiving of other
people’s mistake.
⬡ Do not point out mistakes to people
online.
⬡ Remember that you were once the new
kid on the block.
⬡ You still need to have a good manners
even though you are online and cannot
see the person face to face.

14
SECURITY TRAID
Also known as CIA Triad, are three
principles form the cornerstone of
any organization's security
infrastructure; in fact, they (should)
function as goals and objectives for
every security program.
CONFIDENTIALITY (PRIVACY)
● Company policies should restrict access to
the information to authorized personnel
and ensure that only those authorized
individuals view this data.

INTEGRITY (ACCURACY)
● Data must be unaltered during transit and
not changed by unauthorized entities.

AVAILABILITY
● creating backups ensure the availability of
the network and data to the authorized
users.
Threat Consequences and
Type of Attacks that cause
each consequence

17
THREAT THREAT ACTION
CONSEQUENCE (ATTACK)
Exposure: Sensitive data are directly released
Unauthorized Disclosure to an unauthorized entity.
⬡ A circumstance or event Interception: An unauthorized entity directly
whereby an entity gains accesses sensitive data traveling between
authorized sources and destinations.
access to data for which
Inference: A threat action whereby an
the entity is not unauthorized entity indirectly accesses
authorized. sensitive data by reasoning from
characteristics or byproducts of
communications.
Intrusion: an unauthorized entity gains
access to sensitive data by circumventing a
system’s security protections.
18
THREAT THREAT ACTION
CONSEQUENCE (ATTACK)
Incapacitation: prevents or interrupts
Disruption
system operation by disabling a system
⬡ A circumstances or even component.
that interrupts or prevents
Corruption: Undesirably alters system
the correct operation of
operation by adversely modifying
system services and system functions or data.
functions.
Obstruction: A threat action that
interrupts delivery of system services
by hindering system operation.

19
THREAT
CONSEQUENCE
Deception
⬡ A circumstance or event
that may result in an
authorized entity receiving
false data and believing it
to be true.
THREAT ACTION
(ATTACK)
Masquerade: An unauthorized entity
gains access to a system or performs a
malicious act by posing as an
authorized entity.
Falsification: False data deceive an
authorized entity.
Repudiation: An entity deceives
another by falsely denying
responsibility for an act.
20
THREAT THREAT ACTION
CONSEQUENCE (ATTACK)

Usurpation
⬡ A circumstances or
Misappropriation: An entity
event that results in
assumes unauthorized logical
control of system
or physical control of a
services or functions by
system resource.
an unauthorized entity.

21
MISUSE
Causes a system component
to perform a function or
service that is detrimental to
system security.

22
TYPES OF SYSTEM
INTRUDERS

23
MASQUERADER

Unauthorized user who

penetrates a system
exploiting a legitimate
user’s account (outside)

24
 HACKERS
is a computer expert who
uses their technical
knowledge to achieve a
goal or overcome an
obstacle, within a
computerized system by
non-standard means.
25
CLANDESTINE USER

Seizes supervisory
control to evade auditing
and access controls or
suppress audit collection
(inside|outside)

26
WHAT IS MALWARE AND
ITS TYPES?

27
MALWARE
● stands for malicious software.
VIRUS
● a malicious program designed
to transfer from one computer
to another in any means
possible.
Parts of Virus and its
Stages

30
 PARTS OF VIRUS
INFECTION MECHANISM
This is how the virus spreads or propagates. A virus typically has a
search routine, which locates new files or new disks for infection.

TRIGGER
A dormant virus moves into this phase when it is activated, and will
now perform the function for which it was intended.

PAYLOAD
a payload is malware that the threat actor intends to deliver to the
victim.
31
 STAGES OF VIRUS
Dormant phase Propagation Triggering Execution
⬡ Virus is idle. phase phase phase
⬡ Virus places ⬡ Virus is activated ⬡ Function is
an identical to perform the
performed
function for
copy of itself
which it was
into other intended.
programs or
Caused by a variety
into certain of system events
system areas
on the disk.
32
WORMS
● a malicious program designed
to replicate itself and transfer
from one file folder to another
and also transfer to other
computers.
TROJAN
● a malicious program designed
that is disguised as a useful
program but once downloaded
or installed, leaves your PC
unprotected and allows hacker
to get your information.
SPYWARE
● a program that runs in the
background without you
knowing it. It has the ability to
monitor what you are currently
doing and typing through key
logging.
ADWARE
● a program designed to send
you advertisement, mostly pop-
ups.
SPAM
● unwanted email mostly from
bots or advertisers.
PHISHING
● acquires sensitive personal
information like passwords and
credits card details.
PHARMING
● a more complicated way of
phishing where it exploits the
DNS system.
Rogue security
softwares
● is a form of malicious software
and internet fraud that misleads
users into believing there is a
virus on their computer, and
manipulates them into paying
money for a fake malware
removal tool.
Cyber crime - a crime committed
or assisted through the use of the
Internet.
Privacy Policy/Terms of
Services (ToS) – tells the user how
the website will handle its data.
Copyright- a part of law, wherein
you have the rights to work, anyone
who uses it w/o your consent is
punishable by law.
Fair Use- means that an intellectual
property may be used w/o consent as
long as it is used in commentaries,
criticism, parodies, research and etc.
41