"I just use my computer for checking my orkut, facebook. I use it for making transactions. I have no business with whatever cybercrimes occur out there." Common words by a common internet user. There seems no much awareness in the community about their safety online until their PCs turn damn slow or forced to format. The underground hackers community is increasing day by day and so the number of malicious programs like viruses. So, why cyber security a topic at stake? The answer lies in the title of this article. Your computer can be used as a platform from perpetrators to commit cyber crime. As I said, the underground world is increasing fastly. Any script kiddie (a person who doesn't know programming but downloads the tools and runs them without knowing the mechanism of it) is just a download away from taking access to your computer. Even these days there has been mechanisms to bypass the antiviruses and believe me, with plenty of readymade tutorials and tools available on the bay of internet, it is just a game of few hours for somebody to damage your computer unless you follow security measures.
Okay, what if anybody takes access to my system, whats the big deal he can do? There has been endless possibilities what an attacker can do with access to your system. For an instance, they can delete or modify your data. They can get your login credentials to your email or social networking accounts. They can install nasty programs on your computer, can even send them to all your contacts, making propagation. Slow down your system speed. Worst of all, can use your computer to attack other major government or military systems, and erase their evidences, which can land you behind bars. As it is said, the next world war is going to happen on cables of internet and like any other war, it will attack on common man because he is a soft target and others do know it will make great impact. Thats why we need our community ready to face these forthcoming challenges. There has been many campaigns on increasing the awareness in common people about cyber security. Taking into consideration all these security risks, I am explaining below how we can avoid getting into trouble. Here I will cover how to be secure for a common user and will discuss money frauds and scams into nitty-gritty in next article. I'll try not to make these guidelines cumbersome to follow. But at last, your security is in your hands.
1. Use strong passwords:
Okay, so what do u mean by a strong password. How many of you have your name, birth date, mobile number, your lover's name, parent's name, name of your area where you live, similar to your username, your company name, favorite colour, or simple numbers (1,2,3,4,5,6 etc), the word "password", "password123" as your password? This is what hackers exploit. If a close one knows the above details about you (many of them do know), then they have actually nothing to do, but with a couple of failed attempts, they can gain access to your account. Which even a person with 0 hacking knowledge can do. Moreever, how many of you have a word appearing in dictionary as your password? What hackers do, they actually try all the words in dictionary as your password credential with automated programs (plenty of them are out there). While scanning the internet, my friend came across some systems sitting naked on internet. As they were asking for password, he tried a simple username password combination "admin-admin" and it actually worked! We had whole access to that particular system. It was a wireless router. This is not the only case. There has been thousands of computers, routers, servers accessible from net which have weak or no passwords. So, what are good passwords to keep? Following are some guidelines in making your password:
1. It should NOT be very common as mentioned above, it should not be any word in dictionary.
2. It should be long one (but only in the limits of your memory!)
3. It SHOULD contain both letters and numbers in random manner, even special characters are recommended.
4. It should not make any meaning.
5. It should be uppercase as well as lowercase if possible.
So, according to these rules, the word "password12" stands a bad password. "54235" stands a bad password as it contains only numbers and very less number of characters. "nomenclature" stands a bad password as it appears in dictionary. "whskw36" also stands a bad password as it contains only 7 characters. "love143" is a bad password as it makes some meaning. "um6ogisC11bgF" is a strong password as it satisfies all the conditions and becomes very difficult to crack. Further, following are some tips for the safety of passwords:
1. Don't write your password anywhere as any experienced person looking that block of letters can conclude that this might be your password.
2. Don't share it with anyone. I guess no need to explain this!
3. Do not use same password at all the places. Also consider how many passwords you can remember at a time.
4. Change your password at least once in a month. I know its cumbersome to follow but it can be checked if you implement the next things...
2. ALWAYS HAVE A LICENSED AND UPDATED ANTIVIRUS:
Get a good and licensed antivirus. They automatically update themselves on connecting to internet. Purchase it from trusted dealer only. This is one investment which you have to do. Dont download it from torrents or from other sites which comes with cracks. From outside, they might seem running well, but from inside, any trojan virus must be planted behind them! So, get them running by purchasing only. Also if the validity expires, it is necessary to renew them as soon as possible because antiviruses can avoid most of the ways in which your security could be compromised. It is recommended to scan your computer once in a week. Having a firewall is also advised. Firewall is a software which blocks illegal connections or attempts a hacker makes from internet. I recommend quick heal antivirus which comes with firewall and further, it is one of the top antiviruses of the world.
3. CAREFUL ABOUT WHAT YOU DOWNLOAD:
On downloading something, get it scanned with antivirus and confirm that there are no viruses in that before running it. Confirm that it is from a trusted source. Be alert when you download something from warez or torrents. Same is the case with email attachments. Also beware of unknown ".exe" files. They are most likely to be having a virus. Just one mantra, Get them scanned first!
4. EMAILS:
There is nothing going to happen you if you don't forward any message! You must be getting many of such emails like, this is an image of god, the person who didn't forward this, died on the next day, the one who forwarded, got 10000$ in the next day. Believe me, all those are hoax. They are nonsense mails just to force the user in spreading the mail more and more. I recommend that you delete them without reading. Some of such hoax emails have some malicious programs even in the images inside them. These images actually track where the mail is being received and forwarded to their maker. So, do not fall prey to these traps.
5. PHISHING:
Phishing is an act of impersonating to be something legitimate and tricking the user into giving their credentials. Basically its a login page looking similar to original one but when you enter the credentials, it has gone to the hacker. Have you ever received any mail asking you to click on any link to verify your account? beware, it might be phishing attempt. What are the countermeasure to phishing?
1. Always check from where you got the mail. webmail@icicibank.com or mailinglist@icicibank.com are legitimate one but admin@icicbanks.com (note the spelling difference) or icicibank@gmail.com are not.
2. Whenever you are logging in to trusted websites, check the URL... If it is https://.... then you can be sure that it is secure (https stands for secure), but if it is http://.... then go on checking further...
3. Check if it is actual website address. i.e. www.icicibank.com/.... is correct, but 209.88.232.34/... or icicibank.110hosts.com/.... or www.bankicici.com/.... are not legitimate!!
One more example.. http://orkut.xp.com/ , http://new.0rkut.com/ are fake ones.
Generally legitimate websites will not ask you to click on any link (unless in case of registering your account). Mostly they will ask you to visit their websites directly. One more thing, avoid copy pasting codes in address bars and hitting enter. You might have seen this stuff on orkut. Actually those javascript codes will give the attacker access to your account. For more information about phishing, go through my phishing article.
6. SCAMS:
There is nothing free in this world. Have you ever got any lottery for which you never applied for? Actually these are scams to get money from you. These days, such sms have also started circulating. Once again, do not respond to emails which claim that you have won a lucky draw and asking you to follow the procedure. People falling prey to these have ended up in losing their money itself. I wont go in much details of this kind of fraud. I will cover money frauds in next article.
7. Never reveal your personal information to strangers:
Okay, this is little bit off topic. but for your personal safety.
Following can make up this:
1. don't give your phone number to any unknown person unless you are sure they are verified.
2. Same thing for address, avoid sharing it.
3. Be careful about sending your photos to ones whom you don't know well.
4. Not necessary that any person would be similar to the depiction done by their profile or photos. So, be cautious about meeting any online friend in personal.
5. Don't get forced into disputes or any offensive matter, just remove and ignore the person who has been offensive or asking you for help in any bad or personal matter. Misspells from offenders are their daily business but could hurt you a lot. So, learn to simply ignore them.
8. Get the softwares updated. There may have been some security risks with previous versions. So, it is necessary to update them whenever new update has been released. Also its advisable to use the latest operating system such as windows 7 over XP.
9. Always clear all sort of internet browsing history. You can use firefox for web browsing. After your work is finished, you can simply delete all the history by going under Tools menu. During browsing, many unwanted programs, malicious scripts and pieces of code gets downloaded to your computer. It is harmful if they are kept for long as they can eventually gain whole access to your computer. Clearing the history before shutting down the computer is a good habit to follow.
10. Always scan external drives before exploring them as they might possess a threat.
Okay, that's it for the user security. Hope you like it. Don't forget to comment. In next article, I will cover money frauds. Enjoy!