19-02-2024
Introduction :
Chapter : 12
Cyber Safety
Made By :
SATISH MAMNANI
1 time with respect to security.
We should be aware of this and should always be
honest, respect the rights and intellectual
property of others on the web.
CYBER SAFETY :
“Cyber Safety” is the safe and responsible use of
information and communication technology. It is
not only about keeping information safe and
secure but also about being responsible with that
information, being respectful of other people
online, and using good ‘netiquette’ (internet
etiquette).
It is a branch of computer technology that is
applied to networks and corresponding
computers.
3
(2.) Protect our web browser :
We can adjust the settings in our web browser to
work in a more or less secure way. Some
functionality might be limited when using the most
secure settings, but they can provide the best
protection from malicious content.
Most web browsers give us warnings when they
detect us visiting a malicious website or possibly
being exposed to malicious content. Pay attention
to these warnings. They can help protect us from
malware, phishing and identity theft.
(3.) Observe safe online behaviour :
We should observe the following measures when
browsing the web to significantly reduce our risk
of being a victim of cyber crime : 5 relevant key terms in a web browser.
Internet is considered as the greatest platform and
technology in this century and has become an
integral part of our daily lives. It helps us as a
learning and communication tool and offers us a
wide range of opportunities. It is an invaluable
source of knowledge and encourages creativity
and imagination. Internet ethics imply our
behavior while using it for different purposes.
However, there is a flip side to everything. As
information infrastructure and internet become
more complex and larger, it has also become
critical to maintain systems up and running all the
2
Cyber Safety refers to the safe and responsible
use of internet to ensure safety and security of
personal information and not posing threat to
information available about others online.
To be cyber safe, there are several strategies
which can be adopted to prevent unwanted
computer behavior. These are as follows :
Safely Browsing the Web :
We can ensure our safety while browsing the web
by following the tips described below :
(1.) Before we start : Update the software :
Protect yourself before we start browsing the web
by making sure that our operating system, web
browser, security software and other applications
are up – to – date. 4
 Use strong unique passwords online.
 Only download files and applications from
websites that we trust, such as from official
app stores or legitimate organizations, such as
the banks etc.
 Pause and think before clicking on links in
emails, messages or on social networking
sites. Don’t click on links in messages if we
don’t know the sender or if the message is
unexpected.
 If a link looks suspicious or we can’t tell where
it leads to, before clicking, look over that link to
see the actual web address it will take us to. If
we do not trust the address, try searching for
6
1

 Beware of offers that seem too good to be true.
Leave websites that ask for our personal or
banking details in return for money since these
are scams.
(4.) Online transaction handling :
While making purchases online :
 Check if the site is reputed and has a refund
policy.
 While making payments, check that we are
using a secure connection. The URL of a
secure payment page will use ‘https’ instead of
‘http’ and a padlock icon will be displayed by
the browser.
7 visited which let them ‘remember’ things about us.8
Websites use cookies in order to gather
information about their visitors. Cookies may also
be used to store our preferences and settings for
particular websites which means our experience
can be customized based on our past behavior.
(6.) Bookmark important sites :
If there are sites we visit regularly, it’s good idea
to bookmark them in our browser. A mistyped
address could take us to a false site that mirrors
the site we intended to visit, but with malicious
code that can harm our computer and
compromise our information. Bookmarked
addresses take us to the same site every time.
9
Identity theft occurs when someone, without our
knowledge, acquire a piece of our personal
information and uses it to commit fraud.
Ways of tracking our identity :
Whenever we access or visit a website, our web
browser may reveal our location through our
device’s IP address. It can also provide our search
and browsing history which can be used by
people like advertisers or criminal who intend to
use it for some personal gains. In other words,
websites track us through various methods as
described below :
(1.) IP Address :
It is a unique address of our device when we
connect to the internet. 11
19-02-2024
 If the website looks suspicious or we have
doubts, do not proceed.
 Malware can be delivered through malicious
advertising (known as malvertising). Using an
ad blocker can stop malware from being
delivered through the browser. Some browsers
include an Ad Block feature. Avoid using public
computers or Wi – Fi hotspots to access or
provide personal information. Don’t use online
banking or make payments with credit cards
using public computers or Wi – Fi.
(5.) Cookies and security :
Cookies are small text files i.e. bits of information
– left on our computer by websites we have
Identity Protection While Using Internet :
Identity theft is a type of fraud that involves using
someone else’s identity to steal money or gain
other benefits. Online identity theft refers to an act
of stealing someone’s personal information such
as name, login details, credit card details etc and
then posing as that person online. The intent is to
use that identity for personal gain, generally with
the intent to cheat others.
To be safe from this, we should follow “Private
Browsing” or “Anonymous Browsing” on internet.
A type of browsing wherein the browser opens in
incognito mode or through proxy or VPN (Virtual
Private Network), and does not store cookies, is
called private browsing. 10
When we share our IP address on network with
other device, a website can determine our
geographical location.
(2.) Cookies and Tracking Scripts :
Cookies are small text files on our computer
storing small piece of information related to our
online text. They can identify us and track our
browsing activity. Cookies are of two types :
(a.) First Party cookies :
These are cookies that store our own login id,
passwords and auto fill information etc for some
websites that we frequently visit.
12
2

(b.) Third Party cookies :
Cookies that websites store to know about our
search history and web browsing history so as to
place advertisements as per our interests are
known as third party cookies.
(3.) ‘http’ referrer :
It is an ‘http’ header field that identifies the
address of the web page ( i.e. the URL ) that links
to the resource being requested by the user. By
checking the referrer, the new web page can see
where the request originated and can pass our
details such as IP address, our email id,
passwords etc to these linked sites.
Ways of Tracking
our Identity
IP Cookies and HTTP Super
Address Tracking Scripts Referrer Cookies
Methods of Tracking Identity
Confidentiality of Information :
Confidentiality is the term used to prevent the
disclosure of information to unauthorized
individuals or systems.
Data should be kept secret. The owner of data has
to decide who can access the data and who can’t.15
5. Taking care while posting on Social media.
6. Ensuring safe sites while entering crucial
information.
7. Ensuring that the address contains HTTPs and
a padlock sign.
8. Carefully handling emails.
9. Not giving sensitive information on wireless
networks.
10. Avoiding use of public computers.
CYBERCRIME :
Cybercrime is defined as a crime in which a
computer is the object of the crime (hacking,
phishing, spamming) or is used as a tool to commit
an offence (child pornography, hate crimes).
19-02-2024
(4.) Super Cookies :
These are persistent cookies, i.e. they come back
even after being deleted. They store cookie data in
multiple places, for example : in flash cookies,
Silverlight storage, our browsing history and
HTML5 local storage etc.
(5.) User Agent :
Our browser also sends a user agent every time
we connect to a website. This tells websites about
our browser and operating system, providing
another piece of data that can be stored and used
to target ads.
13 14
One of the most common threats to confidentiality
nowadays is “Password Hacking” in online money
transaction systems.
NOTE :
User
Confidentiality of information ensures that only
Agent authorized users get access to sensitive and
protected data.
Confidentiality of our important information can
be maintained by observing the following points :
1.Prevention by encrypting the data and by
limiting the places where it might appear.
2.Using firewall wherever possible.
3.Controlling browser settings to block tracking.
4.Browsing privately wherever possible.
16
Cyber criminals may use computer technology to
access personal information, business trade secrets
or use the internet for exploitative or malicious
purposes. Criminals can also use computers for
communication and document or data storage.
Criminals who perform these illegal activities are
often referred to as hackers.
Cyber crime is also referred to as “Computer
Crime”.
NOTE :
Any criminal act that is facilitated by the use of
electronic gadgets such as computer, smartphone,
laptop etc. involving communications or information
systems through internet is referred to as
“Cybercrime”.
17 18
3

Types of CYBERCRIME :
(1.) Cyber Trolls :
A Cyber Troll is a person who starts quarrels or
upsets people by posing inflammatory and
digressive, extraneous or off – topic messages to an
online community (such as newsgroup, forum, chat
room, or blog) with the intent of provoking readers
into displaying emotional responses and
normalizing tangential discussion, whether for the
troll’s amusement or for a specific gain.
(2.) Cyber Bullying :
Cyber bullying is the attack upon an individual or
group through the use of electronic means such as
instant messaging, social media, email and other
forms of online communication with the intent to
19
abuse, intimidate or overpower.
It may include the making of false accusations or
statements of facts (as in defamation), monitoring,
making threats, identity theft, damage to data or
equipment, the solicitation of minors for
objectionable activities, or gathering information
that may be used to harass somebody.
(4.) Spreading Rumors Online :
With the widespread use of social networking
sites, people think that they can post anything and
everything on these sites by creating fake email
IDs and masking their actual identification and
believe that they will never be caught.
21
It is the primary law in India dealing with
cybercrime and electronic commerce.
The original Act contained 94 sections, divided
into 13 chapters and 4 schedules. The laws apply
to the whole of India. Persons of other
nationalities can also be indicted under the law if
the crime involves a computer or network located
in India.
A major amendment to this Act was made in 2008.
It introduced Section 66A which penalized sending
of “offensive messages”. It also introduced
Section 69, which gave authorities the power of
“interception or monitoring or decryption of any
information through any computer resource”. 23
19-02-2024
Types of Cyber Bullying :
• Posting any kind of humiliating content about
the victim.
• Hacking the victim’s account.
• Sending or posting vulgar messages online.
• Threatening to commit acts of violence.
• Stalking by means of calls, messages etc.
• Threats of child pornography.
(3.) Cyber Stalking :
Cyber stalking is the use of internet or other
electronic means to stalk or harass an individual,
a group of individuals, or an organization.
20
Through such fake profiles, they post false
information and spread rumors or comments which
may hurt others and result in quarrels and
sometimes even result in communal fights.
Cyber Forensics :
Cyber forensics is an electronic discovery technique
used to determine and reveal technical criminal
evidence. It often involves electronic data storage
extraction for legal purposes. Cyber forensics is
also known as “Computer forensics”.
IT ACT 2000 :
The Information Technology Act, 2000 (also known
as ITA – 2000 or the IT Act) is an Act of the Indian
Parliament (No. 21 of 2000) notified on 17 October
2000.
22
It also introduced penalties for child porn, cyber
terrorism and voyeurism. It was passed on 22
December 2008 without any debate in the Lok
Sabha.
Appropriate Usage of Social Media :
The term social media refers to web and mobile
technologies and practices that people use to
share content, opinion, experiences and
perspective online.
Social networking sites can support participation,
collaboration and community building and prove a
useful resource for team – based projects,
particularly those involving joint problem –
solving.
24
4

The use of social networking sites can extend to
peer mentoring, informal student interaction
around specific projects, online discussion and
collaboration, promotion of events, and pooling of
resources.
Some of the prominent social media platforms
are:
(a.) Facebook :
Facebook is a social networking website where
users can post comments, share photographs and
post links to news or other interesting content on
the web, chat live and watch short – form video.
Social network services are primarily used for
socializing with existing friends.
25
(d.) LinkedIn :
LinkedIn is a social network for the business
community. Founded in 2003, the online site is a
place for professionals to connect with past and
current colleagues, increase their number of
business connections, network within their
industry, discuss business ideas, search for jobs
and look for new hires.
(e.) BloggingSites :
A Blog (shortening of “weblog”) is an online
journal or informational website displaying
information in the reverse chronological order,
with latest posts appearing first. It is a platform
where a writer or even a group of writers share
their views on an individual subject. 27
• Privacy Matters : Regularly check your privacy
settings on social media and always think
before posting because it spreads all over the
internet.
• Respect privacy of others : Ask your friends’
permission before uploading their photos and
videos.
• Keep everything updated : Most security
breaches on the internet happen as the software
is not up – to – date. Be vigilant about updating
software like apps, anti – viruses and the
browsers.
• Keep your friends close and strangers at arm’s
length : Never accept friend requests from
strangers. 29
19-02-2024
(b.) Twitter :
Twitter is an online news and social networking
site where people communicate in short
messages called “tweets”. Tweeting is sending
short messages to anyone who follows us on
Twitter, with the hope that our messages are
useful and interesting to someone in our
audience.
(c.) YouTube :
YouTube is a video – sharing service where users
can watch, like, share, comment and upload their
own videos. The video service can be accessed
on PCs, laptops, tablets and via mobile phones.
26
• Don’t give or post any personal information.
• Never give out your password to anyone except
your parent or guardian.
• When you are choosing a social networking
site, privacy issues should be considered.
• Only add people as friends to your page if you
know them in real life.
• Delete any unwanted messages, inappropriate
comments and immediately report those
comments to the networking site.
• Care about the share : Social media wants us to
share as much as we can, but “but never share
your passwords, private / personal information,
your location, etc.”. Always use strong
passwords that are difficult to guess. 28
• Be aware of Spams : It is the modern version of
junk mails. Learn the difference between real
mails and messages and dodgy things with
dodgy links. Always be suspicious of emails
with hyperlinks.
• Cyber Bullying and harassment : If you are
targeted by this kind of behavior, you must
know what to do and where to get help. Visit
“National Centre Against Bullying Website” and
“Office of Safety”.
• Control the troll within : Don’t feed the trolls
what they want, i.e. an angry response. Block /
Report the trolls. 30
5

Network Security Threats :
A threat refers to anything that has the potential to
cause serious harm to a computer system. A
threat is something that may or may not happen,
but has the potential to cause serious damage.
Threats are potentials for vulnerabilities to turn
into attacks on computer systems, network and
more. They can put individuals, computer systems
and business computers at risk. Therefore,
vulnerabilities have to be fixed so that attackers
cannot infiltrate the system and cause damage.
Network security measures are needed to protect
data during their transmission and to guarantee
that data transmissions are authentic. 31
 Denial of Access to Resources : Blocking a
resource, may be a printer or scanner or USB port
of a computer, preventing the computer from
working properly.
 Denial of Access to a Website : Continuously
sending bulk requests to a website so that it is not
available to any other users.
(2.) Malware :
Malware (short for “malicious software”) is a file
or code, typically delivered over a network, that
infects, explores, steals or conducts virtually any
behavior an attacker wants.
33
• Stranger Danger : Stranger danger is the danger
to children and adults, presented by stranger.
• Digital Footprint : This is used to describe the
trail, traces or “footprints” that people leave
online.
(3.) Viruses :
Program that copy themselves throughout a
computer or network. Viruses can only be
activated when a user opens the program.
At their worst, viruses can corrupt or delete data,
use the user’s email to spread or erase everything
on the hard – disk.
35
19-02-2024
(1.) Denial of Service ( DoS ) Attack :
DoS attacks are those attacks that prevent the
legitimate users from accessing or using
resources and information. These types of attacks
may eat up all the resources of the system and the
computer attains a halt state. The various “Denial
of Service” attacks are :
 Denial of Access to Information : Corrupting,
encrypting or changing the status of information
so that it is not accessible to its legitimate user.
 Denial of Access to Application : Forced
shutting of an application as soon as the user
opens it. 32
Though varied in type and capabilities, malware
usually has one of the following objectives :
• Provide remote control for an attacker to use an
infected machine.
• Send spam from the infected machine to
unsuspecting targets.
• Investigate the infected user’s local network.
• Steal sensitive data.
Rules to be followed while working on social
networking sites :
• Cyber Bullying : Cyber bullying is the use of
technology to tease, humiliate, threaten and
harass someone.
34
(4.) Worms : Self – replicating viruses that
exploit security vulnerabilities to automatically
spread themselves across computers and
networks. Unlike many viruses, worms do not
attach to existing programs or alter files. They
typically go unnoticed until replication reaches
a scale that consumes significant system
resources or network bandwidth.
(5.) Trojans : Malware disguised in what
appears to be legitimate software. Once
activated, Trojans will conduct whatever action
they have been programmed to carry out. Unlike
viruses and worms, Trojans do not replicate or
reproduce through infection. 36
6

(6.) Zombie Computers and Botnets :
In Computer Science, a “zombie” is a computer
connected to the internet that has been
compromised by a hacker, computer virus or
trojan horse and can be used to perform malicious
tasks under remote direction.
Zeus, Koobface, TidServe, Monkif, Hamweq,
Swizzor, Gammima etc. are a few examples of
Zombie computers that have been used for
Distributed Denial – of – Service ( DDoS ) Attacks,
Spam, Phishing, Information Theft and distributing
other malware.
37
Phishing often occurs through emails and instant
messaging and may contain links to websites that
direct the user to enter their private information.
These fake websites are often designed to look
identical to their legitimate counterparts to avoid
suspicion.
(9.) Eavesdropping :
An eavesdropping attack, which is also known as
“sniffing” or “snooping” attack, is an incursion
where someone tries to steal information that
computers, smartphones, or other devices
transmit over a network. An eavesdropping attack
takes advantage of unsecured network
communications in order to access data being
sent and received. 39
Safeguards for students :
1.Never give address to people who you do not
know.
2.Never publish your personal information on
public sites / social networking sites.
3.The best safety option on facebook is the “only
friends” option.
4.Do not open suspicious emails.
Tips for parents :
1.Talk with your children about the importance of
keeping personal information private.
2.Inform them about identity theft and how they
can prevent it from occurring. 41
19-02-2024
“Botnets” (short for “robot network”) are often
used to spread email spam and launch Denial – of
– Service attacks. Most owners of zombie
computers are unaware that their system is being
used in this way.
(7.) Spyware :
Malware that collects information about the usage
of the infected computer and communicates it
back to the attacker.
(8.) Phishing :
Phishing is the attempt to acquire sensitive
information such as usernames, passwords and
credit card details ( and sometimes, indirectly ,
money) by masquerading as a trustworthy entity
in an electronic communication. 38
Eavesdropping attacks are difficult to detect
because they do not cause network transmission
to appear to be operating abnormally.
(10.) Child Pornography :
Child Pornography is publishing and transmitting
obscene material about children in electronic
form. In recent years, child pornography has
increased due to easy access to the internet and
easily availability of videos on the internet. Child
pornography is the most heinous crime which
occurs and has led to various other crimes such
as sex tourism, child abuse etc.
Child pornography laws provide severe penalties
for producers and distributors in all the countries.
40
3. Set some internet rules pertaining to websites
a child is allowed to access.
4. For a cost, obtain an identity theft program that
protects your computer’s privacy.
Tips for educators :
1. Teach students the importance of keeping their
personal information private.
2. Monitor the websites that students have
access to.
3. Teach students the dangers of viruses and
opening suspicious emails.
42
7

Network Security Solutions :
1.Never open or download a file from an
unsolicited email / website.
2.Keep your operating system updated.
3.Use an authentic antivirus program.
4.Enable two – factor authentications whenever
available.
5.Confirm the authenticity of a website prior to
entering login credentials.
6.Look for HTTPS in the address bar when you
enter any sensitive personal information on a
website to make sure your data will be encrypted.
43
3 Protect information from being viewed or
altered by unknown parties.
Firewalls and Anti – Virus software may also serve
in creating secure connections in some form.
 Who needs secure connection ?
The various stakeholders for secure connection
are all those who are involved with some sort of
online transaction processing such as :
(1.) Business Industry :
The three main reasons for securing business
communications are : 45
The client information that banks store is also
of interest because it could be used to commit
identity theft and fraud. To counter these
threats, the banking industry needs to secure
its communications.
One of the most extensively used mechanism is
to access websites only with “HTTPS” as prefix
for online transaction processing.
HTTP v/s HTTPS :
When we request an HTTPS connection to a web
page, the website will initially send its SSL
certificate to our browser. This certificate contains
the public key needed to begin the secure
session.
47
19-02-2024
Safely Communicating Data – Secure Connection:
A secure connection is a connection that is
encrypted by one or more security protocols to
ensure the security of data flowing between two or
more nodes. When a connection is not encrypted,
it can be easily listened to by anyone and is even
prone to threats by malicious software and rogue
and unexpected events.
Secure connections, as they are supposed to
protect data being transferred from one computer
to another, must be able to do three main tasks :
1.Prevent third parties from getting hold of
confidential data.
2.Validate the identification of the person first who
wishes to access and exchange data. 44
• To protect customer data – health – care
companies, business in the legal and financial
sectors, tax advisors and private banking.
• To protect intellectual property amidst fears
of growing industrial espionage, in particular
with companies from the pharmaceutical,
automotive and industrial sectors.
• To protect internal communication –
government institutions and large corporate
houses.
(1.) The financial and banking industry :
The financial and banking industry is among
the primary targets of any crime, including
cyber. It is literally where the money is. 46
Based on this initial exchange, our browser and
the website then initiate the ‘SSL (Secure Socket
Layer) handshake’. The SSL handshake involves
the generation of shared secrets to establish a
uniquely secure connection between ourselves
and the website.
When a trusted SSL Digital Certificate is used
during an HTTPS connection, users will see a
padlock icon in the browser address bar. When an
Extended Validation Certificate is installed on a
website, the address bar will turn green.
All communications sent over regular HTTP
connections are in ‘plain text’ and can be read by
any hacker that manages to break into the
connection between our browser and the website.48
8

This presents a clear danger if the
‘communication’ is on an order form and includes
our credit card details or social security number.
With an HTTPS connection, all communications
are securely encrypted. This means that even if
somebody manages to break into the connection,
they would not be able to decrypt any of the data
which passes between us and the website.
Steps to check if a site’s connection is secure :
To see whether a website is safe to visit, we can
check for security info about the site. Our browser
will alert us if we can’t visit the site safely or
privately.
For example, if we are browsing using chrome :
49
More messaging apps like WhatsApp are Signal,
Viber, Telegram, Dust which are available on
platforms like ios, Android, Windows, macOS and
Linux. These are available free of cost.
Identity Verification :
An identity verification service is used to ensure
that users or customers provide information that
is associated with the identity of a real person.
The service may verify the authenticity of physical
identity documents such as a driver’s licence or
passport, called documentary verification, or may
verify identity information against authoritative
sources such as a credit bureau or government
data, called non – documentary verification.
51
53
19-02-2024
1. In Chrome, open a page.
2. To check a sit’s security, to the left of the web
address, look at the security status :
• Secure
• Info or Not Secure
• Not Secure or Dangerous
Some more facts about secured communication :
In recent years, WhatsApp has also added end –
to – end encryption, which means only the sender
and the recipient of the message can read it, due
to special software keys that unlock the
encryption.
End – to – end encryption is when our service
provider doesn’t keep copies of the messages we 50
send on their servers.
Identity verification service is used both online
and in person to verify identity. These services are
used by some social networking sites, internet
forums and wikis to stop sock puppetry, underage
signups, spamming and illegal activities like
harassment, scams and money laundering. These
services are required to establish bank accounts
and other financial accounts in many
jurisdictions.
52