2.

1 Cyber Crime and Types of Cyber Attack Cyber Crime Cyber-crime is a term used to broadly describe criminal activity in which computers or computer networks are a tool, a target, or a place of criminal activity and include everything from electronic cracking to denial of service attacks. It is also used to include traditional crimes in which computers or networks are used to enable the illicit activity. Computer crime mainly consists of unauthorized access to computer systems data alteration, data destruction, theft of intellectual properly. Cyber-crime in the context of national security may involve hacktivism, traditional espionage, or information. Unlike in traditional crimes, the Information Technology infrastructure is not only used to commit the crime but very often is itself the target of the crime. Pornography, threatening email, assuming someone's identity, sexual harassment, defamation, SPAM and Phishing are some examples where computers are used to commit crime, whereas viruses, worms and industrial espionage, software piracy and hacking are examples where computers become target of crime Emergence for cyber crime Phenomenal growth of internet usage. Sophistication of Computer security tools. Hesitation of victims to reveal attacks. Increase of E-commerce based transactions. Classification of Cyber Crime The subject of cyber-crime may be broadly classified under the following three groups. They are Against Individual(Harassment via e-mails, Cyber-stalking, Dissemination of obscene material, Defamation, Unauthorized control/access over computer system, Indecent exposure, Email spoofing, Cheating & Fraud, Computer vandalism, Transmitting virus, Netrespass, Intellectual Property crimes, Internet time thefts) Against Organization (Unauthorized control/access over computer system, Possession of unauthorized information, Cyber terrorism against the government organization, Distribution of pirated software etc.) Against Society at large (Pornography (basically child pornography),Polluting the youth through indecent exposure, Trafficking, Financial crimes, Sale of illegal articles, Online gambling, Forgery)

NIELIT | Information Security Awareness

Some of the types of Cyber Attack are Social Engineering Social Engineering is an approach to gain access to information through misrepresentation. It is the conscious manipulation of people to obtain information without realizing that a security breach is occurring. It may take the form of impersonation via telephone or in person and through email. Some emails entice the recipient into opening an attachment that activates a virus or malicious program in to your computer.

NIELIT | Information Security Awareness

Information Security Awareness Information Security needs have to be addressed at all levels, from the individual user to an organization and beyond that to the government and the nation. Information Security is becoming synonymous with National Security as Computer Networking, which is vulnerable to Cyber-attack and forms the backbone of critical infrastructure of the country's banking, power, communication network, etc... It is, therefore, important to have secure Computer Systems and Networks. Also, increased focus on outsourcing of IT and other services from developed countries is bringing the issue of data security to the fore. Importance of Cyber Security Cyber security is important for the users because they have to protect themselves against identity theft. Organizations including government also need this security to protect their trade secrets, financial information, and some sensitive or critical data. Since all sensitive information that is mostly stored on a computer is connected to the Internet, there is a need for information assurance and security. So, in order to have Cyber Security, everyone should follow the Cyber Security standards that enable us to protect various Malware threats. A poor cyber security practice arises because of some of the following reasons. Poor administrative guidelines of application, poor software coding, which may be vulnerable and improper usage of Cyber Security practices. Automated Teller Machine The Automated Teller Machine (ATM) was first commercially introduced in the 1960s. By 2005, there were over 1.5 million ATMs installed worldwide. The introduction of the ATM proved to be an important technology development that enabled financial institutions to provide services to their customers in a 24X7 environment. The ATM has enabled the convenience of customers by enabling them to access their cash whenever required from the nearest ATM.

NIELIT | Information Security Awareness

ATM Frauds The fraudster inserts a folder piece of plastic film into ATM card slot so it will hold of the card and not allow it to be expelled by the machine. The victim believes his or her card to be caught in the machine and doesnt notice the card slot has been tampered with. Once an inserted card is struck a fraudster pretending as a genuine cardholder will suggest that the intended victim re-enter his or her security code. When the cardholder ultimately leaves in despair, the fraudster retrieves the card and enters the code that he has watched clandestinely. Another method involves use of fake cards using data collected from tiny cameras and devices called skimmers that capture and record bank account information. This is lesser risky as it does not involve any fraudster-victim interaction and the absence of any fraudster makes the cardholder more relaxed and lesser conscious about the safety of the password. Another interesting method of ATM frauds involves the use of duplicate ATMs by the fraudsters that uses software which records the passwords typed on those machines. Thereafter, duplicate cards are manufactured and money is withdrawn with the use of stolen passwords. Sometimes such frauds are an inside job with the collusion of the employees of the company issuing those cards. Whatever the mode of these frauds but it is definitely illegal and punishable as per the law of the concerned country. The punishment may, however, not bring back the money lost in the process. Thus, the punishment of an offender will through prove deterrent to other offenders yet it may not be the best method of restoration of the stolen property. Thus, preventive safeguards and insuring the ATM fraud risks seems to be the right approach. Tips for ATM Users Be wary of anything about the ATM machine that looks out of the ordinary, such as odd-looking equipment or wires attached to the device. Look for a no tampering sign. Crooks often place these to stop anyone curious about a new piece of equipment. Steer clear of a jammed ATM machine that forces customers to use another ATM that has a shimmer attached. Often, the criminal will disable other ATMs in the area to draw users to the one that has the skimming device on it. Customers should check their bank accounts regularly to make sure there are no unusual or unauthorized transactions. Federal law limits loss from ATM fraud any many banks offer additional protection. Consumers should check with their financial institution for details. If you see anything unusual or suspicious around an ATM, or if you find unauthorized ATM transactions on your bank account, immediately notify local law enforcement where the ATM is located. Always protect your PIN: Dont give the number to anyone, and cover the keypad while you are entering your PIN.
NIELIT | Information Security Awareness 4

Banking Tips Enable your mobile phone number and e-mail with your banking transactions for timely SMS and e-mail alerts. Your Financial Institution or Bank will never send you an e-mail asking you to enter your Banking details online. Check regularly your credit card or bank account details and keep track of your transactions. Update your details such as change of address for receipt of cheque books, statements and debit/credit cards at the right address. For protecting phishing attacks, your browser should be enabled with phishing filters and never click links in your e-mail for updating and transactions. Keep a strong and easy to remember password and change it regularly. Vishing is a form of phishing, where instead of people receiving an email trying to lure them into giving personal information, the criminal uses a phone call, either live or automated, to attack the bank or credit union customer and get critical information. Try to restrict yourself from giving personal information when you receive a call from a Bank or Credit Card provider.

NIELIT | Information Security Awareness

Safe Downloading About Downloading and uploading The term download is used to describe the process of copying a file from an online service that is via an Internet to one owns a computer. Downloading also refers to copying a file from network server to a computer on the network. To download means to receive data i.e. whatever offered for downloading can be downloaded. You can download any kind of files from Internet like documents, music, videos, images and software and many more. The opposite of download is uploading this means copying a file from your computer to another computer over the network. Uploading means to transmit data. Whatever is transferred can be uploaded. In short Uploading means sending a file to a computer that is set up to receive it. You can upload any kind of files like documents, music, videos, images and software and many more. Risks by insecure downloads When you try to download a file from the Internet, it includes installing a program, opening pictures, links from different websites or from e-mails, downloading music files and many more files on to a computer .These files could be the same what they say are, but they can also be involved with something like malicious software that can harm your computer, which includes viruses, worms and many destructive programs. A virus can destroy data or give someone access to all the information on your computer and destroy all the confidential information on your PC. Another threat is spyware. The spyware often changes your computer's behaviour like PC becomes slow, and even causes a computer crash. The spyware can be used to track the browsing history, steal the passwords and allow an attacker to grab complete information of your system. Malicious software can be installed without your knowledge, or it can be bundled with a program, link or software you would like to download. For example, you would like to download a game from the untrusted website then without your knowledge malicious software can be downloaded. Sometime malware spreads itself by sending email from an infected computer to every e-mail address it finds. Mostly these malware spread through e-mails

NIELIT | Information Security Awareness

Tips for Safety downloads While downloading any file close all the applications that are running on your computer, let only one set-up file run at a time of downloading. Close all the important applications in order to be safe if something goes wrong while downloading. Set firewalls, set antivirus to actively scan all the files you download. Scan all the files after you download whether from websites or links received from e-mails. Always use updated antivirus, spam filter and spyware to help detect and remove virus, spyware from the application you want to download. Never download any files like music, video, games and many more from untrusted sites and dont go by the recommendations given by your friends or made by any random website's comments. Check that the URLs are same and always download games, music or videos from the secure websites like which use HTTPS websites instead of HTTP. In the web address, it replaces http to https. The https refers to the hypertext transfer protocol secure. Download anything only from thrust worthy websites. Dont click links to download anything you see on unauthorized sites. If any dirty words appear on the website just close the window no matter how important it is, because spyware may be installed on your PC from such websites. Check the size of the file before you download, sometimes it shows a very small size but after you click it increases the size of the file. Never believe anything which says click on this link and your computer settings will be changed and your PC can be turned into XBOX and can play unlimited games on your computer. Dont accept anything that offers you free download because that may contain malicious software. Dont click the link or file and let it start download automatically, download the file and save where you want save and then run on the application. Set secure browser settings before you download anything. Read carefully before you click on install or run application. That means read terms and conditions. Dont download anything until you know complete information of the website and know whether it is an original site of an original company. Never download from the links that offer free antivirus or anti spyware software, always download from trusted sites, if you are not sure about the site you are downloading, enter the site into favourite search engine to see anyone posted or reported that it contains unwanted technologies.

NIELIT | Information Security Awareness

Malware Malware in short known for malicious software. It is software designed to infiltrate a computer system without the owners informed consent. Malware includes computer viruses, worms, Trojan horses, rootkits, spyware, dishonest adware, crimeware and other malicious and unwanted software. Around 80% of the malware today is designed to find and steal confidential information stored on your computer. This type of a malware is sometimes called crimeware. Malware can invade your machine through infected email attachment, bolts that crawl the internet looking for unprotected computers, and visits to hostile Websites. Virus A computer virus is a program which is able to replicate and attach itself to a program or files infecting the system without our knowledge. The software programs that hide on your computer and cause mischief or damage. Spyware Spyware is a generic term for malicious software which ends up on your computer, and is used to gather information about you and other files on your computer and passes it over internet to others. Generally speaking, spyware is software that hides on your computer, tracts what youre doing online, and then sends that information over the Internet. Some types of spyware, called keystroke loggers actually record and send everything you type on your computer. Spyware software can sneak onto your computer when you download unsafe software and files or even visit a hostile web page. One major source of spyware is the peer-to-peer file sharing software commonly used to share music and video online. Worm Worms can replicate themselves from one machine to another without the need of downloading them from the internet. They often send themselves as attachments in emails they generate from their infected host computer and it may do so without any user intervention. This is due to security shortcomings on the target computer or by exploiting vulnerabilities in operating systems. Worms almost always cause at least some harm to the network. Trojan It is a non-self-replicating malware that appears to perform a desirable function for the user but instead facilitates unauthorized access to the users computer system. Trojans are backdoors in to your computer in which access is gained by hackers and gain remote access to a target computer system to perform various operations. NB: Virus can be installed in a computer by downloading applications from un-trusted sites, by removable medium like USB, CD, DVDs and sharing files from one infected computer to another also virus comes through attachments with e-mails.
NIELIT | Information Security Awareness 8

Tips to prevent from Malware Check for extension of files and always scan the attached files before you download Set the browser to open web pages only from trusted web sites Always scan the removable medium before you open Always scan the file before and after sharing a file and downloading from another computer Scan the file before share a file Always check the attachments by scanning before you open them and make sure that the attachments are received from the known user Always check the file extension before you download and avoid downloading the files with double extension. Always set the browser settings to allow the sites only from trusted websites. Avoid downloading the files from unknown user, and it is always better to ignore or delete the files from unknown users. Always use antivirus software and update with latest patches and scan the files before you download.

NIELIT | Information Security Awareness

Mobile Security Providing mobile PC or mobiles to access Internet for official purposes remote access to all business applications may put a personal or organizations vital information at risk. For professionals or individual users, using mobile or mobile PC, there are plenty of benefits such as work from anywhere, etc...The mobile devices have their own characteristics but also with security concerns such as sensitive information access with mobiles. There are various threats, which can affect the mobile users in several ways. For example, sending multimedia messages and text messages to the toll free numbers, unknowingly clicking for a message received through the mobile phone. Now-a-days many malicious programs have come which will try to get access over mobile phones and laptops and steal the personal information inside it. Security Concerns Exposure of critical information Small amounts of WLAN signals can travel significant distance, and its possible to peep into these signals using a wireless sniffer. A wireless intruder could expose critical information if sufficient security isnt implemented. Lost or Stolen devices Even if sufficient security is implemented in wireless Virtual Private Networks (VPNs), if a device is lost or stolen. The entire corporate intranet could be threatened if those devices arent protected by a password and other user-level security measures. Mobile Viruses Mobile Viruses can be major threat, particularly with devices that have significant computational capabilities. Mobile devices, in general are susceptible to Viruses in several ways. Viruses can take advantage of security holes in applications or in applications or in the underlying Operating System and cause damage. Applications downloaded to a mobile device can be as Virusprone as desktop applications. In some mobile OS, malformed SMS messages can crash the device. Bluejacking Bluejacking is sending nameless, unwanted messages to other users with Bluetooth-enabled mobile phones or laptops. Bluejacking depends on the capability of Bluetooth phones to detect and contact another Bluetooth enabled device. The Bluejacker uses a feature
NIELIT | Information Security Awareness 10

originally proposed for exchanging contact details or electronic business cards. He or she adds a new entry in the phones address book, types in a message, and chooses to send it via Bluetooth. The phone searches for other Bluetooth phones and, if it finds one, sends the message. Despite its name, Bluejacking is essentially harmless. The Bluejacker does not steal personal information or take control of your phone. Bluejacking can be a problem if it is used to send obscene or threatening messages or images, or to send advertising. If you want to avoid such messages, you can turn off Bluetooth, or set it to undiscoverable. Bluesnarfing Bluesnarfing is the theft of data from a Bluetooth phone. Like Bluejacking, Bluesnarfing depends on the ability of Bluetooth-enabled devices to detect and contact others nearby. In theory, a Bluetooth user running the right software on a laptop can discover a nearby phone, connect to it without your confirmation, and download your phonebook, pictures of contacts and calendar. Your mobile phones serial number can also be downloaded and used to clone the phone. You should turn off Bluetooth or set it to undiscoverable. The undiscoverable setting allows you to continue using Bluetooth products like headsets, but means that your phone is not visible to others. E-mail Viruses E-mail Viruses affect PDAs in much the same way regular email Viruses affect PCs. These Viruses are costly to enterprises and interrupt normal business too. PalmOS / LibertyCrack are an example of a PDA email virus. Its a known Trojan horse that can delete all applications on a Palm PDA. Malicious soft wares like Worms, Spywares and Trojans Worms may disturb the phone network by spreading from one mobile to other mobile through Bluetooth transfer, Infrared transfer or through MMS attachments. Spyware that has entered into the mobile phone through Bluetooth may transfer the personal information to the outside network. The Trojan which got installed along with the game application in the mobile may send SMS messages to expansible members and may increase the phone bill.
NIELIT | Information Security Awareness 11

Guidelines for securing mobile devices Be careful while downloading applications through Bluetooth or as MMS attachments. They may contain some harmful software, which will affect the mobile phone. Keep the Bluetooth connection in an invisible mode, unless you need some user to access your mobile phone or laptops. If an unknown user tries to access the mobile phone or laptop through blue tooth, move away from the coverage area of blue tooth so that it automatically gets disconnected. Avoid downloading the content into mobile phone or laptop from an untrusted source. Delete the MMS message received from an unknown user without opening it. Read the mobile phone's operating instructions carefully mainly regarding the security settings, pin code settings, Bluetooth settings, infrared settings and procedure to download an application. This will help in making your mobile phone secure from malicious programs. Activate the pin code request for mobile phone access. Choose a pin, which is unpredictable and which is easy to remember for you. Use the call barring and restriction services provided by operators, to prevent the applications that are not used by you or by your family members. Don't make you mobile phone as a source for your personal data, which is dangerous if it falls in to the hands of strangers. It is advisable not to store important information like credit card and bank cards passwords, etc. in a mobile phone. Note the IMEI code of your cell phone and keep it in a safe place. This helps the owner to prevent access to the stolen mobile. The operator can block a phone using the IMEI code. Regularly, backup important data in the mobile phone or laptop by following the instructions in the manual. Define your own trusted devices that can be connected to mobile phone or laptop through Bluetooth. Use free cleansing tools, which are available in the Internet to make your mobile work normally, whenever it is affected by malicious soft wares. NOTE: IMEI stands for International Mobile Equipment Identifier which is of around 15 or 17 digit number, which is unique from each and every mobile device. When a mobile is lost the owner of the mobile can ask the operator to block the mobile from working by giving the IMEI number of that mobile phone to the operator.

NIELIT | Information Security Awareness

12

Online Banking Online Banking can also be referred as Internet Banking. It is the practice of making bank transactions or paying bills through the Internet. We can do all financial transactions by sitting at home or office. Online banking can be used for making deposits, withdrawals or we can even use it for paying bills online. The benefit of it is the convenience for customers to do banking transactions .The customers need not wait for bank statements, which arrive by e-mail to check their account balance. They can check their balance each and every day by just logging into their account. They can catch the discrepancies in the account and can act on it immediately. Link Manipulation Most methods of phishing use some form of technical deception designed to make a link in an e-mail (and the spoofed website it leads to) appear to belong to the spoofed organization. Misspelled URLs or the use of sub domains are common tricks used by phishers. In the following example URL, http://www.yourbank.example.com/, it appears as though the URL will take you to the Attacker Database of the bank website; actually this URL points to the "yourbank" (i.e. phishing) section of the Attacker Database website. Filter Evasion Phishers have used images instead of text to make it harder for anti-phishing filters to detect text commonly used in phishing e-mails. Malware attacks Attackers try to send the malware through attachments, try to trap you by sending false emails with attachments saying to update your account information Online Banking Tips Never click web links in your e-mail and no bank will ask you to update the accounts through online. Never provide personal information including your passwords, credit card information and account numbers to unknown persons. Never keep username, account name and password at one place. Always try to remember passwords. Always use phishing filters at your Internet browser. Do not click any images in the web sites if you are unsure. Confirm whether email is received from bank or not. Be cautions while providing bank details via online, before proceed further confirm with bank about the email you received. Think that if something is important or urgent why dont bank calling me instead of sending email? Delete all cookies and history file before you perform online transactions. Always use virtual keyboard while accessing online banking. Delete all the history and cookies once you are done with online transaction. Avoid accessing online banking in cybercafs.
NIELIT | Information Security Awareness 13

Online Scam Online scam is an attempt to trap you for obtaining money. There are many types of online scams; this includes obtaining money with fake names, fake photos, fake e-mails, forged documents, fake job offers and many more. Generally, it happens by sending fake eMails for your personal details like online banking details, credit card details. Sometimes e-Mails are sent from lottery companies with fake notice, whenever you participate in online auction and e- Mails received for fake gifts. Phishing scam Online scammers send you an e-mail and ask your account information or credit card details along with a link to provide your information. Generally, the links sent will be similar to your bank. So whenever you post your details in the link then the details will be received by scammers and money is misused. Lottery scam Sometimes you receive an e-Mail like you won a lottery of million dollars receiving such a kind of mails is a great thing, and really its a happiest thing. By responding to such a kind of mails huge amount of money will be lost. Because these e-Mails are not true, scammers try to fool and trap you to obtain money. E-Mail Scam Like --Congratulations you have won Webcam, Digital Camera, etc. Sometimes you get an e-mail with a message like -- you have won something special like digital camera webcam , all you need to do is just visit our web site by clicking the link given below and provide your debit or credit card details to cover shipping and managing costs. However the item never arrives but after some days the charges will be shown on your bank account and you will lose money. By e-mails Generally, fraudsters send you an e-mail with tempting offers of easy access to a large sum of money and ask you to send scanned copies of personal documents like your address proof, passport details and ask you to deposit an advance fee for a bank account. So once you deposit the funds, they take money and stop further communication, leaving you with nothing in return. Unscrupulous Websites for Income Tax Refund Generally, websites feel like official websites and seek the details of credit card, CVV PIN of ATM and other personal details of the taxpayers in the name of crediting income tax refund through electronic mode.
NIELIT | Information Security Awareness 14

Tips to prevent online scams Confirm whether e-Mail is received from bank or not Be cautious while providing bank details online, before proceeding further confirm with the bank about the e-Mail you received. Think that if something is important or urgent why doesnt the bank call me instead of sending e-Mail? Confirm the shipping Beware of shipping scam. Make sure you get authorized signed document via fax before proceeding further and make sure you received it from an authorized company. Be cautious during online auction Dont be trapped with discounts and think wisely before you proceed with online auction. Think why $200 product would be $ 20. Be aware about the product you received via e-Mail Be aware about the products you get for a discounted-price. Think why you received e-Mail for products when you never enter any online shopping or contest. Dont be trapped by lottery scam Dont get trapped by scammers and e-Mails with a subject line you won some $10000 just think why only you received the e-Mail without your participation.

NIELIT | Information Security Awareness

15

Data Security Importance of securing data Data Security means ensuring that the data is free from any type of fraud and the access to this data is controlled in such a way that only authorized users can access the data. Data refers to personal information regarding the individuals, bank details, etc. Data in transfer, across and between company networks, are usually the focus of extensive security efforts. However, organizations typically regard data residing on internal storage devices as secure enough. Hence, there is a need for everyone to secure the data so that it does not fall into the hands of unauthorized users. Different methods of securing data There are different types of data to be secured. The procedure regarding how to secure different types of data is given below. Shared Information Make sure that the shared information is accessed by the authorized users and also specify the data that should be shared and data that should not be shared by the public. Many people on the Internet keep their personal and confidential information in the shared form. So these people have to be provide training for not to share their information to the unauthorized users. This information will be kept as safe and secure as possible, used for the purpose given and not shared with or passed on to others. Securing data during transmission Securing the data while transmitting it includes encryption and authentication and also the end to-end users are authorized. Authentication is secret information that is shared between two computers before the actual communication starts. Public key encryption is another means of authentication, which authenticates only the receiver and not the sender with the help of the keys, which are possessed by the two systems by other means. Encrypted data without a key can be easily accessed by modern computer users by 27 performing brute force attack. So in order to protect the encrypted data the key length should be long so that it is not easy to guess it. Encrypting the data only ensures that the data cannot be read by the third party in an understandable format when the data has been received by them.

NIELIT | Information Security Awareness

16

Identity Theft Identity Theft occurs when someone, without your knowledge, acquires a piece of your personal information and uses it to commit fraud. Identity theft is a crime used to refer to fraud that involves someone pretending to be someone else in order to steal money or get other benefits. The term is relatively new and is actually a misnomer, since it is not inherently possible to steal an identity, only to use it. The person whose identity is used can suffer various consequences when he or she is held responsible for the perpetrator's actions. In many countries specific laws make it a crime to use another person's identity for personal gain. Identity theft is somewhat different from identity fraud, which is related to the usage of a false identity' to commit fraud. Identity theft can be divided into two broad categories: Application fraud Account takeover Application fraud happens when a criminal uses stolen or fake documents to open an account in someone else's name. Criminals may try to steal documents such as utility bills and bank statements to build up useful personal information. On the other hand they may create counterfeit documents. Account takeover happens when a criminal tries to take over another person's account, first by gathering information about the intended victim, then contacting their card issuer masquerading as the genuine cardholder, and asking for mail to be redirected to a new address. The criminal then reports the card lost and asks for a replacement to be sent. How to Prevent/avoid Identity Theft? Never provide personal financial information including your passwords, credit card information, and account numbers to unknown persons. Close accounts that have been tampered with fraudulent methods. Never click web links in your mail, chat box. It may contain malicious code that can enter into your computer and retrieve the valuable information. Dont participate in peer to peer network, if you are not well known to the peer to peer network. Shred any sensitive documents before you throw them in to trash. Review your credit card information regularly to make sure there have not been new issue cards or accounts. Review your credit card bill every month to make sure that there has not been an extra charge.
NIELIT | Information Security Awareness 17

If it happens to you The first thing to do is to report the crime to the police and get a copy of your police report or case number. Immediately contact your credit card issuing bank, close your existing account and get replacements cards with new accounts numbers. Close any accounts which were opened without your initiation Report all suspicious contacts, emails to the concerned authorities. When you are in Internet Use Phishing filters in your internet browser. Dont use obvious passwords like birth date, family name etc. Look for digital certificates when you use credit card on internet also see that your CVV number is typed in non-clear text.

NIELIT | Information Security Awareness

18

Tab napping Tab napping is a new online phishing scam to attack your computer and your finances. As internet users were all vulnerable to online scams. Unluckily for us, as soon as we become pretty good as spotting one type of attack, another more sophisticated version comes along in its place. Until now phishing has involved sending hoax emails in an attempt to steal your usernames, passwords and bank details. Often the sender will claim to be from your bank and will ask you to verify your bank details by clicking on a link contained in the email. The link actually directs you to a fake website which looks like your banks own website. Once you have typed in your login details they can be accessed by the criminals who set the fake site up. But were beginning to wise up to phishing attacks like this, and many of us know we should be very wary of clicking URLs even if they appear to be in a legitimate email. With awareness of phishing on the up, making it more difficult for scammers to succeed, tab napping could be the scam to watch out for next. Tab napping is more sophisticated than the phishing scams weve seen so far, and it no longer relies on persuading you to click on a dodgy link. Instead it targets internet users who open lots of tabs on their browser at the same time (for example, by pressing CTRL + T). Tips to protect against tap napping Make sure you always check the URL in the browser address page is correct you enter any login details. A fake tabbed page will take a different URL to the website you think youre using. Always check the URL has a secure https://address even if you dont have tabs open on the browser. If the URL looks suspicious in any way, close the tab and reopen it by entering the correct URL again. Avoid leaving tabs open which require you to type in secure login details. Dont open any tabs while doing online banking open new windows instead (CTRL + N).

NIELIT | Information Security Awareness

19

Web Browser Web browser is used to gain access to information and also resources on the World Wide Web. It is a software application used to trace and display the web pages .The main purpose of a web browser is to bring the information resources to the user. The process begins with uniform resource identifier (URI) or uniform resource locator.

Uniform Resource Locator (URL) The URL represents http://www.infosecawareness.in Each URL is divided into different sections as shown below http:// - In short, http means the hypertext transfer protocol and the file is a web page and every time you dont need to type the http, it is automatically inserted by the browser. www World Wide Web infosecawareness site name .in It is one of the domains name, which is basically a country name. Other domain names are .com (commercial organization), .net (network domain) etc. (The organization address and location of the organization address are known as the domain name). co.in suffix or global domain name shows the type of organization address and the origin of the country like the suffix co.in indicates a company in India. Generally a web browser connects to the web server and retrieves the information. Each web server contains the IP address, and once you are connected to the web server by using http, it reads the hypertext mark-up language (HTML) which is a language used to create document on World Wide Web in which the same document is displayed in the web browser. In short, a browser is an application that provides a way to look at and interact with all the information on the World Wide Web. Understanding usage of Web browsers A Web browser is a software application that runs on the Internet and allows viewing the web pages, as well as content, technologies, videos, music, graphics, animations and many more. In other words, a browser is an application that offers a method to look at and interact with the entire information on the World Wide Web. Types of web browsers There are different types of web browsers available with different features. A web browser is a tool used not only on the personal computers, but is also used on mobile phones to access the information. There are different technologies that support web browsers like Java, frames,
NIELIT | Information Security Awareness 20

XHTML and many more. Web browsers are also available in different languages like English, German, Chinese, Arabic and many more .By knowing all the web browsers and their uses; it will become easier to improve the Internet usage. Risks towards web browser There are increased threats from software attacks taking advantage of vulnerable web browsers. The vulnerabilities are exploited and directed at web browsers with the help of compromised or malicious websites. Exploiting vulnerabilities in web browsers have become a popular way for attackers to compromise computer systems, as many users do not know how to configure their web browser securely or are unwilling to enable or disable functionality as required to secure their web browsers. Secure web browser By default, a Web browser comes with an operating system, and it is set up with default configuration, which doesn't have all secure features enabled in it. There are many web browsers installed in computers like Internet explorer, Mozilla, Google Chrome, etc. That is used frequently. Not securing a web browser leads to problems caused by anything like spyware, malware, viruses, worms, etc. Being installed into a computer this may cause intruders to take control over your computer. There is an increased fear of threat from software attacks which may take advantage of vulnerable web browsers. Some softwares of a web browser like JavaScript, Active X, etc. may also cause vulnerabilities to the computer system. So it is important to enable security features in the web browser you use which will minimize the risk to the computer. Web browsers are frequently updated. Depending upon the software, features and options may change. It is therefore recommended to use the updated web browser. Tips to prevent browser risks Set your browser security to high Use updates web browser Add safe web sites to trusted sites Read E-mail messages in plain text Block pop-up windows in your browser Disable the login and remembering password information Warm the user when websites try to install extensions or themes Check visiting site(s) is/are suspected forgery

NIELIT | Information Security Awareness

21

Email and its usage E-Mail is a short form of electronic mail. It is one of the widely used services on the Internet. E-Mail is used for transmission of messages in a text format over the Internet. The message can be sent by using the receiver E-Mail address and vice versa. E-Mail can be sent to any number of users at a time it takes only few minutes to reach the destination. E-Mail consists of two components; the message header contains control information, an originator's e-Mail address and one or more recipient addresses and message body, which is the e-mail content. Some E-Mail systems are confined to a single computer system or to a small network, and they are connected to the other E-Mail systems through the gateway, which enables the users to connect to anywhere in the world. Though different electronic mail systems have different formats, there are some emerging standards like MAPI, X.400 that enables the users to send messages in between different electronic mail systems. MAPI is a Mail Application Programming Interface, system built in Windows, which allow different mail applications working together for distributing mails. Until MAPI is enabled on both the applications the users can share mails with each other. X.400 is the universal protocol that provides a standard format for all e-Mail messages. X.500 is an extension to X.400 standard, which provides standard addressing formats for sending e-Mails so that all e-Mail systems are linked to one another. How an e-Mail works? The working of e-Mail is as shown in the figure below. Each mail server consists of two different servers running on a single machine. One is POP3 (Post Office Protocol) or IMAP (Internet Mail Access Protocol) server which holds the incoming mails and the other SMTP (Simple Message Transfer Protocol) server which holds the outgoing mails. SMTP works on

NIELIT | Information Security Awareness

22

the port number 25 and POP works on the port number 110 and IMAP works on the port number 143. In the figure shown above, Client 1 has an account in the mail server 1 and Client 2 has an account in mail server 2. When Client 1 sends a mail to Client 2, first the mail goes to the SMTP server of mail server 1. Here the SMTP server divides the receiver address into two parts username and domain name. For example, if SM TP server receives user1@example.com as the receivers address. It will separate into user1, which is a mail account in destination mail server and example.com which is the domain name of destination mail server. Now with the help of the domain name it will request particular IP address of the recipients mail server, and then it will send the message to mail server 2 by connecting to its SMTP server. Than SMTP server of Mail Server 2 stores the message in Client2 mailbox with the help of POP3 in mail server 2. When the client 2 opens his mailbox, he can view the mail sent by client 1. POP3 Server POP3 server contains a collection of text files one for each mail account. When a message has arrived to a particular user it will append that message at the bottom of that particular user account text file. When a user connects to the mail server for checking his mails, he connects to POP3 server of that mail server through port 110. Here it requires username and password to view his mailbox on the mail server. IMAP is also similar to POP3 protocol. Possible threats through e-Mail and guidelines for handling e-Mails safely E-Mails are just like postcards from which the information can be viewed by anyone. When a mail is transferred from one mail server to another mail server there are various stops at which there is a possibility of unauthorized users trying to view the information or modify it. Since a backup is maintained for an eMail server all the messages will be stored in the form of clear text though it has been deleted from your mailbox. Hence there is a chance of viewing the information by the people who are maintaining backups. So it is not advisable to send personal information through e-Mails. Say you have won a lottery of million dollars, Getting or receiving such kind of mails is a great thing, and really its the happiest thing. However these mails may not be true. By
NIELIT | Information Security Awareness 23

responding to such a kind of mails many people lost huge amount of money. So ignore such kind of e-Mails, do not participate in it and consider it as a scam. Sometimes E-Mails offering free gifts and asking personal information from unknown addresses. This is one way to trap your personal information. One way of stealing the password is standing behind an individual and looking over their password while they are typing it or searching for the papers where they have written the password. Another way of stealing the password is by guessing. Hackers try all possible combinations with the help of personal information of an individual. When there are large numbers of combinations of passwords the hackers use fast processors and some software tools to crack the password. This method of cracking password is known as Brute force attack. Hackers also try all the possible words in a dictionary to crack the password with the help of some software tools. This is called a dictionary attack. Generally spammers or hackers try to steal e-Mail address and send malicious software or code through attachments, fake e-Mails, and spam and also try to collect your personal information. Attachments Sometimes attachments come with E-mails and may contain executable code like macros, .EXE files and ZIPPED files. Sometimes attachments come with double extensions like attachment.exe.doc. By opening or executing such attachments malicious code may download into your system and can infect your system. Tips: Always scan the attachments before you open them.

Fake e-Mails Sometimes e-Mails are received with fake e-mail address like services@facebook.com by an attachment named, Facebook_Password_4cf91.zip and includes the file Facebook_Password_4cf91exe" that, the e-mail claims, contains the user's new Facebook password. When a user downloads the file, it could cause a mess on their computer and which can be infected with malicious software. Tips: Always check and confirm from where the e-mail has been received, generally service people will never ask or provide your password to change.

Spam E-Mails Spam messages may trouble you by filling your inbox or your e-mail database. Spam involves identical messages sent to various recipients by e-Mail. Sometimes spam e-mails come with advertisements and may contain a virus. By opening such e-Mails, your system can be infected and your e-Mail ID is listed in spammers list. Tips: It is always recommended to ignore or delete spam e-mails.
NIELIT | Information Security Awareness 24

E-Mails offering free gifts Sometimes e-Mails are targeted at you by; unknown users by offering gifts, lottery, prizes, which might be free of cost, and this may ask your personal information for accepting the free gift or may ask money to claim lottery and prizes it is one way to trap your personal information. Tips: Always ignore free gifts offered from unknown users.

Hoaxes Hoax is an attempt to make the person believe something which is false as true. It is also defined as an attempt to deliberately spread fear, doubt among the users. How to prevent? Using filtering softwares Use e-Mail filtering software to avoid Spam so that only messages from authorized users are received. Most e-Mail providers offer filtering services. Ignore e-mails from strangers Avoid opening attachments coming from strangers, since they may contain a virus along with the received message. Be careful while downloading attachments from eMails into your hard disk. Scan the attachment with updated antivirus software before saving it. Guidelines for using e-Mail safely Since the e-Mail messages are transferred in clear text, it is advisable to use some encryption software like PGP (pretty good privacy) to encrypt e-Mail messages before sending, so that it can be decrypted only by the specified recipient only. Use E-Mail filtering software to avoid Spam so that only messages from authorized users are received. Most e-Mail providers offer filtering services. Do not open attachments coming from strangers, since they may contain a virus along with the received message. Be careful while downloading attachments from e-Mails into your hard disk. Scan the attachment with updated antivirus software before saving it. Do not send messages with attachments that contain executable code like Word documents with macros, .EXE files and ZIPPED files. We can use Rich Text Format instead of the standard .DOC format. RTF will keep your formatting, but will not include any macros. This may prevent you from sending virus to others if you are already infected by it. Avoid sending personal information through e-Mails. Avoid filling forms that come via e-Mail asking for your personal information. And do not click on links that come via e-Mail. Do not click on the e-Mails that you receive from untrusted users as clicking itself may execute some malicious code and spread into your system.

NIELIT | Information Security Awareness

25

Instant Messaging Instant messaging (IM) is a real time text based communication between two or more people connected over the network like Internet. Instant message became most popular with this you can interact with people in a real time and you can keep the list of family and friends on your contact list and can communicate until the person is online .There are many instant service providers like AOL, Yahoo messenger, Google Talk and many more. Risks involved in IM Crackers (malicious hacker or blackhat hacker) have consistently used IM networks as vectors for delivering phishing attempts, poison URLs, and virus-laden file attachments. For example IM used to infect computers with spyware, viruses, Trojans, worms compliance risks. In addition to the malicious code threat, the use of instant messaging at work also creates a risk of non-compliance to laws and regulations governing the use of electronic communications in businesses. Organizations of all types must protect themselves from the liability of their employees inappropriate use of IM. The informal, immediate, and ostensibly anonymous nature of instant messaging makes it a candidate for abuse in the workplace. Cyber criminals or strangers hide their identity through false name and age. Even grown up people may pretend to be a child/teenager. Spim Spim is a short form of spam over instant messaging; it uses IM platforms to send spam messages over IM. Like e-mail spam messages, a spim message also contains advertisements. It generally contains web links, by clicking on those links malicious code enters into your PC. Generally, it happens in real time and we need to stop the work and deal with spim as the IM window pop-ups, in the e-mail we have time to delete and we can delete all spam at a time, or we can scan before opening any attachments. This cannot be done in IM. Tips: Avoid opening attachments and links in IM
NIELIT | Information Security Awareness 26

Tips for Chatting Be care full before choosing an online friend. Try not to reveal all your personal details to which you meet online. Use nickname for yourself and hide your personal details from strangers. Take your time and make sure that you are sending it to right address. Also cross check if you are chatting with the right person who is responsible enough to access those details. Do not open the spim messages as it might inject malicious code into your PC. Always use updated IM and Firewall versions. Be conscious before clicking on the link, because it may contain spyware or malicious code. You should be aware that they should not give out information about themselves on net.

NIELIT | Information Security Awareness

27

Social Networking and its usage Social networking means grouping of individuals into specific groups, like small communities. Social networking is used to meet Internet users, to gather and share information or experiences about any number of topics, developing friendships, or to start a professional relationship. (Or)A simple Social Networking site is where different people keeping different information related to any particular thing at one place. For example Orkut, Facebook etc. Through social networking there are many advantages like we can get into any kind of groups based on our hobbies, business, schools and many more, it is a different communication tool to keep in touch with friends and colleagues. Apart from all these advantages there are disadvantages like based on these communication tools, sites can be trapped by scammers or any hackers so it is very important to protect yourself. These social networking sites are very popular with young people. They expose them to risks they have always faced online but in a new forum: online bullying, disclosure of private information, cyberstalking, access to age-inappropriate content and, at the most extreme, online grooming and child abuse. For adults, who are also using these sites in greater numbers, there are serious risks too. They include loss of privacy and identity theft. Adults too can be victims of cyber-bullying and stalking. Vulnerability of Social Networking Sites Risks: Once information is posted to a social networking site, it is no longer private. The more information you post, the more vulnerable you may become. Even when using high security settings, friends or websites may inadvertently leak your information. Personal information you share could be used to conduct attacks against you or your associates. The more information shared, the more likely someone could impersonate you
NIELIT | Information Security Awareness

28

and trick one of your friends into sharing personal information, downloading malware, or providing access to restricted sites. Predators, hackers, business competitors, and foreign state actors troll social networking sites looking for information or people to target for exploitation. Information gleaned from social networking sites may be used to design a specific attack that does not come by way of the social networking site. Tactics: Click-jacking It is the method of hiding hyper-links under legitimate buttons. The hyper-links when used trigger either a malware download or sends your ID to a nefarious site. An example of this would be either a "like" button often used on social networking sites or "share." Possible Safeguard solution: Disable scripting (which is a type of web programming allowing interaction to be built between the web page and the user) and I-frame in web browser. Doxing This is when a hacker releases all private information about a person to the public such as full name, birthday, address, and so on gained from over-informed social network profile pages. Safeguard solution: Start by not releasing detailed information onto social networks and using security measures offered by social networking sites.

Elicitation The method of gaining personal information through casual conversations, over a social networking site, without giving the person any indication they are being farmed for information. Elicitation is also called social engineering. Safeguard solution: Be aware of situations where a person on the other end of a conversation may be asking too many personal or intrusive questions about you and your life. Pharming The redirecting users from real websites to bogus ones. For the purpose of retrieving personal information about the user. An example would be on-line banking. Safeguard solution: Watch the spelling of URL's and domain names or use the .com tags. It is suggested the user type out the site address rather than clicking a link button.

NIELIT | Information Security Awareness

29

Phreaking Gaining unauthorized access to telecommunication systems. Do not provide secure phone numbers that provide direct access to a Private Branch Exchange or through the Public Branch Exchange to the public phone network. Tips to avoid risks by social networking Be careful about the information you put online, like if you put your photo or video or your account details will stay for a long time and whoever connected will see it. Generally, business people will see as part of hiring process to know about everyone views and interests. However hackers will use these sites to collect the personal information and may misuse them. Remember dont put anything personal like sensitive information about your family details, addresses, personal photographs. Most of the sites and services provide options for privacy settings and use them to prevent attackers to view your information. You can also set the privacy settings according to whom you want to allow seeing your information. Be careful if you want to meet social networking friends in person, it may not be true identity posted on a web site. Think before you meet. If you are going to meet then do it in a public place during the day.

NIELIT | Information Security Awareness

30

Online Predators Online predators are internet users who exploit children and teens for sexual and violent purposes. This may include child grooming, engage in sexual activities, unwanted exposure of materials and pictures, online harassment, threats to cause fear or embarrassment. It is online harassment. Communication tools used by online predators Online predators use communication tools like social networking, email, chat rooms, instant messaging and also use grooming process for personal meetings. By using social networking web sites Social networking web sites are popular for expressing user's views, to post and share photos, and videos over websites. Online predators take advantage of these web sites and pretend to be a child and make online friendship and try to collect your personal details and gradually introduce sexual communications and engage you in sexual activities. Tips: Always take security measures like privacy settings and set the limited view of your profile.

By using e-mail address An online predator collect the email addresses of children and starts sending them photographs, links related to porn sites and try to abuse the children and insist child to involve in sexual communication by threats and makes children feel uncomfortable. Tips: Ignore or delete the mails from unknown users.

Through Chat rooms Online predators join into chat rooms and start chatting with children and try to pretend as a child to collect the personal information, build trust and try to be a good friend by asking about childs interests, hobbies, personal photographs, ask for private chats, offers gifts. Sometimes the predators will be very kind and affectionate toward a child and gradually introduce the sexual content in their conversation and ask a child to maintain secrecy by not informing parents. If a child doesnt agree they may threaten and abuse them into submission. Tips: It is suggested to hide personal information like interests, hobbies and family details to online friends.

NIELIT | Information Security Awareness

31

By Grooming Process An online predator builds a false trust, relationships and breaks childs resistance and tries for face to face meeting. Tips: Do not get lead by any strangers into changing your habits and thoughts, Take your parents if you want to meet your online friend. Threats by online predators Online Predators make threats when you no longer want to chat with them and start forcing you for in person meeting by issuing threats to harm your family members and friends. Tips: Dont be scared of threats inform your parents and report to police. How to prevent online predators? If someone offers you gifts or without any reason wants to meet you and try to be very affectionate these may be signs of an online predator If someone offers gifts and if some stranger for no reason asks you to meet personally and tries to be very affectionate, be aware that these are the tactics of online predators, they are trying to mislead you. Make sure to choose the user names without using your real names. Dont post your personal details in social networking where everyone can see your details. Set rules like time limit and use Internet under guidance of parents and make sure the computer is placed in the common room. Always avoid the topics related to your gender, age, location, and dont share problems at home and school. If you are threatened Be cool, stop chatting and get out of the chat room or log off. If you are not willing to do things asked by predator dont be scared to say no. If someone threatens you, immediately inform your parents. If someone uses bad language or threatens, take a screen shot of your conversation and tell them that you would report to police. If someone tries to abuse you dont logoff immediately, inform parents and inform the law enforcement. If something goes to the extreme like threatening to harm family members, immediately contact cyber police.

NIELIT | Information Security Awareness

32

Password Password is a key or a Secret word or a string of characters which is used to protect your information from bad people in the cyber world. It is used for authentication, to prove your identity or to gain access to resources. It should be kept secret to prevent access by unauthorized users. In social networking sites like Facebook, Orkut, and LinkedIn each of which is studded with answers to commonly used security questions such as favorite place, school, college, etc. Possible Vulnerabilities Passwords could be shared with other persons and might be misused. Passwords can be forgotten. Stolen password can be used by an unauthorized user who may collect your personal information. Importance of Passwords Password represents the identity of an individual for a system. This helps individuals in protecting personal information from being viewed by unauthorized users. Hence it is important to secure passwords. Password acts like a barrier between the users and his personal information. Various Techniques used by hackers to retrieve Passwords Shoulder Surfing One way of stealing the password is standing behind an individual and look over their shoulder to read their password while they are typing it. Shoulder Surfing is a direct observation technique, such as looking over someone's shoulder to get passwords, PINs, other sensitive personal information and even overhearing your conversation when you give your credit-card number over the phone. Shoulder surfing is easily done in crowded places. Its comparatively easy to stand next to someone and watch as they fill out a form, enter a PIN number at an ATM, or use a calling card at a public pay phone. It can also be done long distance with the help of binoculars or other visionenhancing devices. Your confidential information will be at risk if your passwords are observed by Shoulder Surfers. They can use your password information for logging into your account and they may do harm to your information. How to prevent it? 1. Do not reveal your passwords in front of others or type your usernames and passwords before the unauthorized persons. 2. Cover the keyboard with paper or hand or something else from viewed by unauthorized users.
NIELIT | Information Security Awareness 33

Writing your passwords on papers or storing it on hard disk Strangers search for papers or the disk for passwords where they have been written. Tips: You should not write the passwords on the paper or on any disk drive to store it. Brute force attacks Another way of stealing the password is through guesses. Hackers try all the possible combinations with the help of personal information of an individual. They will try with the persons name, pet name (nickname), numbers (date of birth, phone numbers), school name etc. When there are large numbers of combinations of passwords the hackers use fast processors and some software tools to crack the password. This method of cracking password is known as "Brute force attack". Tips: You should not use a password that represents their personal information like
nicknames, phone numbers, date of birth etc.

Dictionary attacks Hackers also try with all possible dictionary words to crack your password with the help of some software tools. This is called a "Dictionary attack". Tips: You should not use dictionary words (like
animal, plants, birds or meanings) while creating the passwords for login accounts.

Sharing your passwords with strangers Sharing the passwords with unknown persons may also lead to loss of your personal information. They can use your login information and can get access to your information. The operating system does not know who is logging into the system; it will just allow any person who enters the credential information into the login page. Strangers, after getting access to your information, can do anything with it. They can copy, modify or delete it. Tips: You must not share passwords with unknown persons (strangers) Using weak Passwords or blank passwords Weak and blank passwords are one of the easiest ways for attackers to crack your system. Tips: Always you need to Use Strong Passwords.

NIELIT | Information Security Awareness

34

Strong and easiest to remember Password A strong Password should have combinations of Alphabets, Numbers and Characters such as c.!@*^&)(~@. Remembering these passwords are very difficult. So can be made as shown below, Things to be remembered while creating Strong Passwords Use at least 8 characters or more to create a password. The more number of characters we use, the more secure is our password. Use various combinations of characters while creating a password. For example, create a password consisting of a combination of lowercase, uppercase, numbers and special characters etc. Avoid using the words from dictionary. They can be cracked easily. Create a password such that it can be remembered. This avoids the need to write passwords somewhere, which is not advisable. A password must be difficult to guess. Change the password frequently. Guidelines for maintaining a good password Change the password once in two weeks or when you suspect someone knows the password. Do not use a password that was used earlier. Be careful while entering a password when someone is sitting beside you. Store the passwords on computer with the help of an encryption utility. Do not use the name of things located around you as passwords for your account.

NIELIT | Information Security Awareness

35

Wi-Fi It is a wireless standard for connecting devices. A Wi-Fi enable device such as a personal computer, video game console, smartphone, and digital audio player can connect to the Internet when within range of a wireless network connected to the Internet. A single access point (or hotspot) has a range of about 20 meters indoors. Wi-Fi has a greater range outdoors and multiple overlapping access points can cover large areas.
Using Unsecured Wi-Fi Network

A wireless network is unsecured if you can access the internet using the network without entering a password or network key. For example, a hotspot is a wireless network that is open and available for the public to use. They can be found in restaurants, airports, coffee shops, bookstores, hotels, libraries and just about any place that the public gathers. They are often unsecured so anyone in range can use them. In some cases like at hotels or even universities, the networks are secured because they require a network key. However, so many people that you dont know have the key that it is just like using a completely open network. Risks of using an unsecured wireless network RISK 1 Leaving your home wireless network unsecured It is extremely risky to leave your home wireless network unsecured. It is like leaving the front door open and going for a walk in the neighborhood!

A neighbor or even someone parked outside in a car can use your connection undetected and for free. The result can be as simple as slowing down your surfing because the intruder is using up your bandwidth. (This can cost money if your provider charges by the bandwidth you use.) But, if the intruder is illegally downloading music, movies or child pornography, the result could be more serious. A criminal who does not want to be caught can use your unsecured internet connection to commit crimes because when it is traced back to the source, your connection will be reported as the scene of the crime. While you might not be guilty, you will be the prime suspect and will have to defend yourself. In fact, many internet service providers include a clause in your contract that holds you responsible for any illegal activities that occur on your connection. Also, once an intruder has access to your home network, they have access to everything you have stored on any computers on that network and anything you do online. And if you think you do not have anything worth stealing, think again. An intruder, once inside can access your tax documents, financial records, online banking information, credit card numbers, emails, usernames and passwords, and even where you are going online. More sophisticated intruders can install software that records your every keystroke and every site you visit.

NIELIT | Information Security Awareness

36

RISK 2 Using Public Unsecured Networks or Hotspots It is very convenient to use the internet in coffee shops or the library but it is important to do so with care. These locations are perfect for students to meet and work on group projects. Criminals know this too. Sometimes, they watch the online traffic looking for valuable information such as credit card numbers, usernames and passwords, or online banking information. Other times, they can even set up hotspots or unsecured internet connections to bait you into sending your personal information over their network so they can steal it. Online shopping on an unsecured network is particularly risky because not only do you send your credit card numbers, but you also normally login or create and account sending usernames, passwords and even answers to security questions over the unsecured connection. Remember, the answers to security questions are designed to be things only you know so if someone else tries to access your account, they cannot answer the personal questions. But, if you send the answers over an unsecured network, anyone watching will have those answers too! Tips for wireless home network security 1. Secure your home network. Some simple steps are below: Click the Router Click on Settings Change the Default SSID (a unique identifier used to name wireless networks) Disable the SSID Broadcast (hides the network so it isnt visible for all in range to see) Change the default password 2. When you are on an unsecured wireless network, never shop online, transmit password information, credit card numbers or login to online banking, email, social media sites or any site that requires you send personal or private information. 3. Before you send anything private on a secured network make sure it is a network you trust; where you know and trust everyone else on the network. 4. Communicate the risks of using an unsecured wireless network to children and emphasize the importance of keeping their passwords and private information private.

NIELIT | Information Security Awareness

37