Lesson 1 Cyber Security: Objectives
Lesson 1 Cyber Security: Objectives
Lesson 1 Cyber Security: Objectives
CYBER SECURITY
OBJECTIVES
Most people have heard the news stories about credit card numbers being stolen and email
viruses spreading. Some were even victims. The best defenses are to understand the risks, know
the basic terms mean, know the ways to protect oneself against them.
Everyone seems to rely on computers and the internet now- communication (email, mobile
phones), entertainment (digital cable, mp3s), transportation (car engine systems, airplane
navigation), shopping (online stores, credit cards), medicine (equipment, medical records), and
the list goes on. Now, what is cyber security?
Cyber Security involves protecting data and information in the computer by preventing,
detecting, and responding to attacks.
There are many risks, some more serious than others. Among these dangers are viruses erasing
an entire system, someone breaking into another system and altering files, some using computer
to attack others, or someone stealing another persons credit card information and making
unauthorized purchases. Unfortunately, theres no 100% guarantee that even with the best
precautions, some of these things will happen to a person, but there are steps that can be taken to
minimize the chances.
The first step in protecting oneself is to recognize the risks and become familiar with some of the
terminology associated with them.
Hacker, attacker, or intruder These terms are applied to the people who seek to
exploit weaknesses in software and computer systems for their own gain.
Although their intentions are sometimes fairly benign and motivated solely by curiosity,
their actions are typically in violation of the intended use of the systems they are
exploiting. The results can range from mere mischief (creating a virus with no
intentionally negative impact) to malicious activity (stealing or altering information).
IT 2 1
Malicious code Malicious code, sometimes called malware, is a broad category that
includes any code that could be used to attack computers. Malicious code can have the
following characteristics.
There are some simple habits that if can be adopted and performed consistently. Infect may
dramatically reduce the chances that the information in the computer will be lost or corrupted.
How can you minimize the access other people have to the information?
Users may be able to easily people who could, legitimately or not, gain physical access to the
computer-family members, roommates, classmates or may be others. Identifying the people who
could gain remote access to the computer becomes more difficult. As long as the computer and
connects it to a network, it is vulnerable to someone or something else accessing or corrupting
the information; however, you can develop habits that make it more difficult.
Lock computer when away from it. Even if the user is only few steps away from the
computer for a few minutes, it is enough time for someone else to destroy or corrupt
information. Locking the computer prevents another person from being able to simply
access information in the computer.
Disconnect the computer from the Internet when not in use. The developments of
technologies such as DSL and cable moderns have mode if possible for users to be online
all the time, but this convenience comes with risks. The likelihood that attackers or
viruses scanning the network for available computers will target ones computer becomes
much higher if it is always connected to the internet. Depending on what method is used
to connect to the internet, disconnecting may mean disabling a wireless connection,
turning off the computer or modern, or disconnecting cables. When connected, the user
must make sure that a firewall is enabled.
Evaluate security settings. Most software, including browsers and email programs,
offers a variety of features that can be tailored to meet the needs and requirements.
IT 2 2
Enabling certain features to increase convenience or functionality may leave the
information in the computer more vulnerable to being attacked. It is important to examine
the settings, particularly the security settings, and select options that meet the needs
without putting the users at increased risk.
Sometimes, the threats to information are not from other people but from natural or technological
causes. Although there is no way to control or prevent these problems, computer users can
prepare for them and try to minimize the damage.
Protect the Computer against power surges and brief outages. Aside from providing
outlets to plug in the computer and all of its peripherals, some power strips protect
computer against power surges. During a lightning storm or construction work that
increases the odds of power surges, consider shutting the computer down and
unplugging it from all power sources.
Bach up all data. Whether or not has taken steps to protect data, there will always be a
possibility that something will happen on the data. Users have probably already
experienced this at least oncelosing one or more files due to an accident, a virus or
worm, a natural event, or a problem with the equipment.
Regularly backing up the data on a CD or network reduces the hassle and other negative
consequences that result from losing important information. Determining how often to
back up data, he /she may find weekly backups to be the best alternative. If the content
is rarely changed, the user may decide that backing up data does not need to have backup
copies on CD or DVD because they can be reinstalled using the original media.
When there are multiple people using the computer. It is especially important to take extra
security precautions.
Use and maintain anti-virus software and a farewell Protect the computer against
viruses and Trojan horses that may steal or modify the data on the computer and leave the
user vulnerable by using anti-virus software and a firewall. The virus definitions must be
up-to date.
Regulator scan the computer for spyware Spyware or adware hidden in software
programs may affect the performance of the computer and give attackers access to the
data. Users must acquire a legitimate anti-spyware program to scan the computer and
remove any of these files. Many anti-virus products have incorporated spyware detection.
Keep software up-to-date Install software patches so that attackers cannot take
advantage of known problems or vulnerabilities. May operating systems offer automatic
updates. If this option is available, the user should turn it on.
IT 2 3
Evaluate the softwares setting The default settings of most software enable all
available functionality. However, attackers may be able to take advantage of this
functionality to access the computer. It is especially important to check the settings for
software that connects to the internet (browsers, email clients, etc.). Apply the highest
level of security available that gives the needed functionality.
Avoid unused software programs Do not clutter the computer with unnecessary
software programs. If there are computer programs that are not in use, it e better to
consider uninstalling them. In addition to consuming system resources, these programs
may contain vulnerable that, if not patched, may allow an attacker to access the
computer.
Consider creating separate user accounts- If there are other people using the computer,
one may be worried that someone else may accidentally access, modify, and/or delete the
files. Most operating systems (including Windows XP and Vista, Mac OS X, and Linux)
give the option of creating a different using account for each user, and the user can set the
amount of access and privileges for each account.
Establish guidelines for computer use- If there are multiple people a computer,
especially, children, make sure they understand how to use the computer and internet
safely. Setting boundaries and guidelines will help to protect data in the computer.
Use passwords and encrypt sensitive files Passwords and other security features add
layers of protection if used appropriately. By encrypting files, the user ensures that
unauthorized people cannot view data even if they can physically access it.
Follow computer laboratory policies for handling and storing information These
policies are likely established to protect proprietary information and data, as well as the
user and the school from liability.
Dispose of sensitive information properly- Simply deleting a file does not completely
erase it. To ensure that an attacker cannot access these files, make sure that sensitive files
are erased adequately.
One has to remember that the internet is a public resource. Avoid putting anything online that is
not wanted to be viewed by public or can be retracted.
Because the internet is accessible and contains a wealth of information, it has become a popular
resource for communicating, for researching topics, and finding information about people. It may
seem less intimidating than actually interacting with other people because there is a sense of
anonymity.
However, people are not really anonymous when they are online, and it is just as easy for people
to find information about a certain person. Unfortunately, many people have become so familiar
and comfortable with the internet that they may adopt practices that make them vulnerable. For
example, although people are typically wary of sharing personal information with strangers they
meet on the street, they may not hesitate to post that same information online. Once it is online, it
can be accessed by a world of strangers, and they have no idea w others might do with that
information.
IT 2 4
What guidelines can you follow when publishing information on the internet?
View the internet as a novel, not a diary- internet users must be comfortable with
anyone seeing the information they put online. It is expected that other internet users will
find the page of an online journal or blog no matter how privacy was set. It has been a
notation that a written article posted online is available for public consumption. Some
sites may use passwords of other security restrictions to protect the information, but these
methods are not usually used for most websites. If a person wants the information to be
private or restricted to a small, selected group of people, the internet is probably not the
best forum.
Be careful with what is to be advertised in the past, it was difficult to find
information about people other than their phone numbers or address. Now, an increasing
amount of personal information is available online, especially because people are creating
personal web pages with information about themselves. When deciding how much
information to reveal, one has to realize that it is broadcasted it to the world. Supplying
the email address may increase the amount of spam received. Providing details about the
hobbies, the job, the family and friends, and the past may give attackers enough
information to perform a successful social engineering attack.
Realize that once released it cannot be taken back once the user publishes something
online, it is available to other people and to search engines. The user can change or
remove information after something has been published, but it is possible that someone
has already seen the original version. Even if a person is trying to remove the page(s)
from the internet, someone may have saved a copy of the page or used excerpts in
another source. Some search engines cache copies of web page has been deleted or
altered. Some web browsers may also maintain a cache of the pages a user has visited, so
the original version may be stored in a temporary file on the users computer. These
implications must be thought about before publishing information-once something is out
there, it is not a guarantee that was completely removed.
As a general practice, let the common sense guide the decisions about what to post
online. Before publishing something on the internet, determine what value it provides and
consider the implications of having the information available to the public. Identify theft
is an increasing problem, and the more information an attacker can gather about his/her
victim, the easier it is to pretend to be the latter. Behaving online is as a necessary as
behaving in the daily life, especially when it involves safety issues.
LESSON 2
DISCOVERING NETIQUETTE
OBJECTIVES
IT 2 5
What is Netiquette?
Netiquette, portmanteau of net etiquette is a set of social conventions that facilitate interaction
over networks, ranging from Usenet and mailing lists to blogs and forums. However, like many
internet phenomena, the concept and its application remain in a state of flux, and vary from
community to community. The points most strongly emphasized about USENET netiquette often
include using simple electronic signatures, and avoiding multi-posting, cross-posting, off-topic
posting, hijacking a discussion thread, and other techniques used to minimize the effort required
to read a post or a thread.
Netiquette began before the 1989 start of the World Wide Web. Text-based email, Telnet,
Usenet, Gopher, Wais, and FTP dominated Internet traffic, which was used mainly by
educational and research bodies. At that time, it was considered somewhat
indecent to make commercial public postings and limitations of insecure, text-only
communications demanded that the community have a common set of rules. The term
netiquette has been in use since 1988, as evidenced by early posts of the satirical Dear Emily
Post news column.
When immersing in any new culture-such as a cyberspace has its own culture-one is liable to m a
few social blunders. An internet user might offend people unintentionally. Or a person might
misunderstand what others say and take offense when it is not intended. To make matters worse,
something about cyberspace makes it easy to forget that people are interacting with other real
peoplenot just ASCII characters on a screen, but live human characters. So, partly as a result
of forgetting that people online is still real, and partly because they do not know the conventions,
well-meaning especially new ones, make all kinds of mistakes.
The book Netiquette has a dual purpose: to help net newbies minimize their mistakes, and to help
experienced cyberspace travelers help the newbies.
The premise of the book is that most people would rather make friends than enemies. And when
following few basic rules, that person is less likely to make the kind of mistakes that will prevent
him/her from making friends.
The list of core rules below, and the explanations that follow, are excerpts from the book. They
are offered here as a set of general guidelines for cyberspace behavior. They will not answer the
Netiquette questions. But they should give you some basic principles to use in solving the own
Netiquette dilemmas.
The golden rule the parents and the kindergarten teacher taught was pretty simple: Do unto
others as you would feel if you were in the other persons shoes. Stand up for his/her self, but try
not to hurt other peoples feelings.
IT 2 6
In cyberspace, we state this in an even more basic manner: Remember the human.
When communicating electronically, everyone sees a computer screen, users do not have the
opportunity to show facial expressions, gestures, and tone of voice to communicate the meaning;
everything is written in words. Choosing the right words to convey a message is very important
since some emotional factors are not felt when suing online media. Consequently, receivers
also should not take online messages too personal considering again the removal of the
emotional factors. Objectivity and neutrality are always a primary consideration when reading
or sending communications online.
Writer and Macintosh evangelist Guy Kawasaki tells a story about getting email from some
fellow he has never met. Online, this fellow tells Guy that he was a bad writer with nothing
interesting to say.
Maybe it is the awesome power of being able to send mail directly to a well-known writer like
Guy. Maybe it is a fact that a person cannot see his face crumple in misery as he reads the cruel
words. Whatever the reason, it is incredibly common.
Guy proposes a useful test for anything that is about to be posted or mailed by asking ones self,
Can I say this person when I meet him face to face? the answer is no, then there is a need to
rewrite and reread. Repeating the process is important until the communication sender is
comfortable in saying these words in person as sent through cyberspace.
Of course, it is possible that there are people who would feel great about saying something
extremely rude right in front the persons face. In that case, Netiquette cannot help.
unforgettable story is the famous email Oliver North. Ollie was a great devotee of the White
House email system, PROFS. He diligently deleted all incriminating notes sent or received. What
he did not realize was that, somewhere else in the White House, computer room staff was equally
diligently backing up the main frame where his messages were stored. When he went on trial, all
those handy backup tapes were readily available as evidence against him.
Anyone must not engage in any prohibited activity. Any message sent could be saved or
forwarded by its recipient. The user may not have control where it goes.
Rule 2: Adhere to the Same Standards of Behavior Online that you follow in Real Life
IT 2 7
In real life, most people are fairly law-abiding, either by disposition or because of the fear of
getting caught. In cyberspace, the chances of getting caught seem slim. And, perhaps because
people sometimes forget that there is a human being on the other side of the computer, being
unethical or having an unruly personal behavior is acceptable in cyberspace.
Be Ethical
A person must not believe anyone who says, The only ethics out there are what you can get
away with, This is a book about manners, not about ethics. But whenever an ethical dilemma in
cyberspace is encountered, one has to consult his/her real code of conduct.
What is perfectly acceptable in one area may be dreadfully rude in another. For example, in most
TV discussion groups or passing on idle gossip is perfectly permissible. But throwing around
unsubstantiated rumors in a journalists mailing list will give a person a bad reputation.
And because Netiquette is varies in different places, it is important to know the culture that
recipients follow. Thus, the next corollary.
When entering a domain a cyberspace that is new to that user, he /she must take a look around;
spend a while listening to the chat or reading the archives and get a sense of how the people who
are already there act. Then, he can participate.
It is a clich that people today seem to have less time than ever before, even though (or perhaps
because) they sleep less and have more labor-saving devices than their grandparents did. When
sending an email or posting a discussion group, the sender is taking up other peoples time (or
hoping to). It is the senders responsibility to ensure that the time recipients spent in reading the
post in not wasted.
The word Bandwidth is sometimes used synonymously with time, but it is really a different
thing. Bandwidth is the information-carrying capacity of the wires and channels that connect
IT 2 8
everyone in cyberspace. There is a limit to the amount of data that any piece of wiring can carry
at any given moment even a state-of the art fiber-optic cable. The word bandwidth is also
sometimes used to refer to the storage capacity of a host system. When you accidentally post the
same note to the same newsgroup five times, you are wasting both time (of the people who check
all five copies of the posting) and bandwidth (by sending repetitive information over the wires
and requiring it to be stored somewhere).
Presumably, this reminder will be superfluous to most readers. When youre working hard on a
project and deeply involved in it, it is easy to forget that other people have concerns other than
this. So, instant responses are not expected to all the questions, and assume not expected to all
readers will agree withor care about the passionate arguments.
Rule 4 has a number of implications for discussion group users. Most discussion group readers
are already spending too much time sitting at the computer; their significant others, families, and
roommates are drumming their fingers, wondering when to serve dinner, while those network
maniacs are catching up on the latest way to housebreak a puppy or cook zucchini.
And many news-reading programs are slow, so just opening a posted note or article can take a
while. Then the reader has to wade through all the header information to get to the meat of the
message. No one is pleased when it turns out not to be worth the trouble.
As in the world at large, most people communicate online just want to be liked. Networks
particularly discussion groupslet a person reach out to people who he/she would otherwise
never meet. And none of them can see that person. He / she will not be judged by the color of the
skin, eyes, or hair, the weight, the age, or even clothing.
Pay attention to the context of the writing. Be sure you know what you are talking aboutwhen
you see ones self writing It is my understanding that or I believe it is the case, ask ones self
whether you really want to post this note before checking the facts. Bad information propagates
like wildlife on the net. And once it has been through two or three iterations, you get the same
distortion effect as in the party game Operator. Whatever you are originally said may be
unrecognizable. (Of course, you could take this as a reason not to worry about the accuracy of
the postings. But youre only responsible for what you post ones self, not for what anyone else
does with it)
IT 2 9
Finally, users must be pleasant and polite. They should not use offensive language, or be
confrontational for the sake of confrontation.
Finally, after all that permission, positive advices come. The strength of cyberspace is in its
numbers. The reason asking questions online works is that a lot of knowledgeable people are
reading the questions. And if even a few of them offer intelligent answers, the sum total of world
knowledge increases. The internet itself was founded and grew because scientists wanted to
share information. Gradually, the rest got in on the act.
So, everyone must do his/her part. Despite the long lists of no-nos in this book, one does have
something to offer. One has to be assertive to share what he/she knows. It is especially polite to
share the results of the questions with others.
Flaming is what people do when they express a strongly held opinion without holding back any
emotion. It is the kind of message that makes people respond, Oh come on, tell us how you
really fell, Tact is not its objective. Does Netiquette forbid flaming? Not all. Flaming is a long-
standing network tradition (and Netiquette never messes with tradition). Writing or reading
flames can be fun. And the recipients of flames sometimes deserve the heat.
But Netiquette does forbid the perpetuation of flame warsseries of angry letters, most of them
from two or three people directed toward each other can dominate the tone and destroy the
camaraderie of a discussion group. It is unfair to the other members of the group. An while flame
wars can initially be amusing they get boring very quickly to people who are not involved. They
are an unfair monopolization of bandwidth.
Of course, a person had never dreamed of going through the colleagues desk drawers. So, he/she
would not read their email either. Unfortunately, a lot of people would.
In 1993, a highly regarded foreign correspondent in the Moscow bureau of the Los Angeles
Times was caught reading hi co-workers email. His colleagues became suspicious when system
records showed that someone had logged in to check their email at times when they knew they
had not been near the computer. So, they set up a sting operation. They planted false information
in messages from another one of the papers foreign bureaus. The reporters read the notes and
IT 2 10
later ask colleagues about the false information. Bingo! As a disciplinary measure, he was
immediately reassigned to another position at the papers Los Angeles bureau. The Moral:
Failing to respect other peoples privacy is not just bad Netiquette. It could also cost the job.
Some people in cyberspace have more power than other. There are wizards in MUDs (multi-user
dungeons), experts in every school and system administrators in every system. Knowing people
more than of others know, or having more power than they do, does not give anyone the right to
take advantage of them. For example, system administrators should never read private email.
Everyone was a network newbie once. And not everyone has had the benefit of reading this
book. So when someone makes a mistakewhether it is a spelling error or a spelling flame, a
stupid question or unnecessarily long answerbe kind about it. If it is a minor error, one may
not need to say anything, even if you feel strongly about it, think twice before reacting. Having
good manners does not give anyone a license to correct everyone else. If you do decide to inform
someone of a mistake, point it out politely and preferably by private email rather than in public.
Give people the benefit of the doubt; assume they just do not know any better. And users should
never be arrogant or self-righteous about it.
UNIT REVIEW
Before driving into the tasks you need to do to secure the home computer, lets first think
about the problem by relating it to something you already know how to do. In this way,
you can apply the experience to this new area.
Human beings are trusting by nature. We trust much of what we hear on the radio, see on
television, and read in the newspaper.
The internet was built on trust. Back in the mid 1960s, computers were very expensive
and slow by todays standards, but still quite useful.
Securing the home computer is not a trivial task. There are many topics to consider and
many steps to follow.
Anti-virus programs work much the same way. These programs look at the contents of
each file, searching for specific patterns that match a profile-called a virus signature- of
something known to be harmful.
The Update test: Can you update the virus signature automatically? Daily is best.
Program vendors also provide a recall-like service. You can receive patch notices through
email by subscribing to mailing lists operated by the programs vendors.
The KRESV tests help you focus on the most important issues when sending and
receiving email with attachments.
On a computer, the firewall acts much like a guard when it looks at network traffic
destined for or received from another computer.
Firewalls can also recognize and record when a computer-to-computer connection ends.
IT 2 11
You should use passwords not only on the home computer but also for services you use
elsewhere on the internet.
IT 2 12