Getting Cyber Secure

Discussion in 'Tutorials' started by vineetind, May 1, 2006.

Thread Status:
Not open for further replies.
  1. vineetind

    vineetind New Member

    Joined:
    May 1, 2006
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    0
    Alert!!!Read This To Remain Safe Online

    Getting Cyber Secure

    Here are few simple steps on how to become cyber secure :

    1. Test and apply latest service packs/patches and hotfixes. Install the latest antivirus software on your computer and never ever turn it off; install a personal firewall and spyware checker (all are available for free on the Net). To find them just do a search on search engines like Google,Yahoo.,Info.Always keep updating your virus,spywares definations.

    2. Don’t ever download or open attachments whose source you are not certain about. Even if the source is trusted, see if the content is relevant. If not, don't open attachment.Even non-executable files like *.Doc files can contain macro viruses and Trojans.There are some special sort of programs called worms, which don’t need human interaction.You just open a mail or visit any website and that’s it so always stay alert. Avoid opening e-mail attachments that contain ".vbs," ".scr," ".exe," or ".pif" file extensions. Files that end in these extensions are most likely to contain some sort of virus.

    3. Never respond to unsolicited email. To those who send spam, one response or "hit" from thousands of emails is enough to justify the practice. Additionally, it validates your email address as active, which makes it more valuable, and therefore opens the door to more spam.
    An email may contain an image that is invisible to the recipient -- this is sometimes called an "invisible GIF" or "web beacon." Once the email is opened, the spammer is alerted that your address is "live."

    4. Many of us receive chain letters that invite you to forward the message on to your friends. Sometimes it will say you will get lucky for every email or bad luck if you send to less than five people. These are hoaxes created to promote spam. Never forward these emails thinking you will receive luck for each recipient of their email.

    Inserting random strings of text and characters: To try and get through spam-control filters, spammers will insert random strings of text throughout the email to make the spam appear unique from other email. Sometimes they do this with email headers by adding spaces and characters like this: J_A_C_K_P_O_T. You can help fight this type of spam by not opening or responding to it and by reporting email abuse via the "Spam" button , “This is a Spam” or “Report Spam”button.Rediff,Yahoo etc.. offer these facilities.

    5. Techniques used by Spammers :

    The spammer today use the technique called email spoofing, It uses a fake email header that makes an email message look like the message came from someone or somewhere other than the spammer. It's fairly easy to make an email appear that it's sent from your own address or a seemingly credible source. Spammers use spoofing to get you to open and respond to their mail. Remember, you should never respond to unsolicited email - instead, report it by clicking the "Spam" or “This is a Spam”button.Rediff,Yahoo etc.. offer these facilities

    Social engineering is another technique used by spammers This ploy tricks users into opening the spam by pretending to know the person or trying to lure the person with a "personal" subject line. Typical subject lines include "Hey how are you?," "Urgent and Confidential," "We need to meet," "I have money for you," or "Congrats you won a Jackpot"
    Beware of emails offering loans or credit, even if you have credit problems. Scammers take advantage of cash-strapped consumers during the holidays to offer personal loans or credit cards for a fee upfront. Avoid this trick by never responding to unsolicited email, reporting it by clicking the "Spam" button, and setting up blocked addresses.


    6
    . Check your credit card and bank statements carefully. Notify the bank immediately if there are unauthorized charges or debits, if you were charged more than you should have been, or if there are any other problems. Avoid checking mail or using credit card details online in cyber cafes. It is very unsafe. As a matter of fact, open an additional debit card with a limit if you do want to transact online . Banks such as HDFC have launched their services like Net Safe which is a very good service offered by them to transact online. This way, in the worst case scenario your damages are limited.

    7. Get into the habit of destroying documentation regarding credit cards, such as receipts, bills, invoices or any documents that contain personal details don’t just throw it off anywhere

    8. Do not reveal your identity to any stranger easily.Don't disclose any kind of personal details to any webpages which you don't trust. Do not give away your residence phone number or cellphone number. Be especially careful when you are filling in contest forms, coupons, free gift vouchers, etc. More often than not these are gimmicks to obtain your personal details. Never trust them when they say the data will not be given to others .

    9. Don't chat with strangers just for fun. Don’t ever accept any file specially executables from a unknown person on chat .Don't click on any links given to you by someone you don't know. . Someone has rightly said "On the internet , you don't know if you are talking to a dog!!"

    9. Never enter your personal information in a pop-up screen. When you visit a Web site, an unauthorized pop-up screen created by an identity thief could appear, with blanks for you to provide your personal information. This makes it appear like the pop-up window is part of the legitimate site when, in reality, it is not. Legitimate companies don't ask for personal information via pop-up screens. Install pop-up blocking software to avoid this type of scam.

    10. Keep your computer secure for safe shopping and other online activities. Protect your computer with spam filters, anti-virus and anti-spyware software, and a firewall, and keep them up to date. While purchasing online, Look for signs that online purchases are secure(SSL Secured Sites or 128 bit Encryption) like Ebay.co.in(Formerly known as Bazee.com). At the point that you are providing your payment information, the beginning of the Web site address should change from http to shttp or https, indicating that the information is being encrypted – turned into code that can only be read by the seller. Your browser may also signal that the information is secure with a symbol, such as a broken key that becomes whole or a padlock that closes. Keep documentation of your order. When you've completed the online order process, there may be a final confirmation page and/or you might receive confirmation by email. Print that information and keep it handy in case you need it later.


    11. Read about information security breaches by subscribing to some newsletters from Websites related to Security issues . In the case of many breaches, the only defense is knowledge.There has been a lot of phishing attacks.
    What is a "phishing" scam?

    Phishing is a type of online fraud where the crackers attempt to acquire personal, financial, and/or other account information (such as user IDs, passwords, credit card numbers, PINs, etc.) from unsuspecting victims. This type of fraud is typically initiated by sending an unsolicited but official-looking email claiming to be from a reputable company, such as a bank, a credit card firm, or an online establishment. The fraudulent email usually contains an urgent message that tries to lure the recipient into providing sensitive information.
    For example few days back there was a case wherein victims got mails seemingly from legitimate banks asking them to confirm their passwords and IDs,Their had been cases of crackers using Fake Pages (like a Fake page of Yahoo is exactly the same as the page which is displayed on www.yahoo.com) to steal passwords and other sensitive informations. Most phishing emails contain a link that leads to an official-looking web page which requires the recipient to log in or enter some personal information. Though the web page may contain official logos and look exactly the same as the legitimate company's web site, any information submitted via these spoofed web page(s) will be sent to the crackers Always keep in mind that while reading any mail or clicking on any link ,read the senders email address and the target website address carefully.Do not respond to any such mails and be cautious when clicking on links within a suspicious email. Below are a few signs indicative of phishing emails:
      • Urgent account notifications that are not addressed to you personally but which require action on your part relating to your account(s).
      • Customer notifications that contain incorrect spelling or poor grammar.
      • Account/billing email notifications from credit card firms or other financial institutions that do not reference the last few digits of your account number, or that contain no specific details pertaining to your account/billing information or activity.
      • Account notifications that are delivered to your Bulk Mail folder.
    12. Do not accept links or downloads from strangers even if it is tempting. There have cases where spywares like Trojans, keyloggers etc. have been hidden in simple picture files with JPG extensions. You never really know what is contained inside a file which looks attractive.Today the people use binders to club two different files and send you the mixture.Once you click on the file both file gets executed.

    13. Use two different passwords. One for mail, work and other important access and the other for routine proposes such as subscribing to websites etc. But remember to switch between them when you start doing transactions after mere browsing. Create another email ID which you use exclusively for subscription to sites. That will prevent spam from coming to your main ID.

    14. Create a difficult-to-guess password by taking the first alphabet from each word of a phrase. What is a good password? It is a password which is at least 6 characters
    long, not easily guessable, contains mixture of uppercase and lowercase letters as well as numbers, and preferably contains special characters like $, * %,!,* etc. Some example password : &(^1234*Crack&^). Always use alphanumeric with special characters and try to adopt phrasing technique to construct passwords which are easy to remember,hard to guess and impossible to crack.Never use a dictionary based passwords like love,fortune etc..It takes hardly 3 hrs. for a good cracker to crack the password.


    15. Read the installation agreements carefully when you download something from the Internet. Pay attention to the Terms and Conditions or EULA of the program being installed. Reference to third party installation should be given more attention.

    16. Back up your computer data on a regular basis, at least weekly. Copy your important documents and files onto a floppy disk or a CD for safekeeping .Don’t wait for the disaster to happen.

    17. Educate your children about the dangers of cyber crime. Children with their unbound curiosity and unmonitored access are the single most common victims of cyber crime apart from the enterprises. Ensure that the home PC is kept in a common place so that you can monitor what is going on. Install parental control software that helps you choose what they see on the Internet.

    Stay updated on Security websites like www.nag.co.in (National Anti-Hack Group) and www.igniteds.net (Global Forum of NAG)

    BY :

    Vineet Kumar

    National Anti-Hack Group

    Suggestions and feedbacks welcome at contact@nag.co.in
     
    Last edited: May 7, 2006
  2. anandk

    anandk Distinguished Member

    Joined:
    Mar 8, 2005
    Messages:
    3,786
    Likes Received:
    106
    Trophy Points:
    0
    Location:
    Pune
    welcome vineet, ur 1st post ?
    an early riser (and poster), ar'nt you ! nice info.
    nice links too ... though nag.co.in takes some time to load.
     
  3. rajas700

    rajas700 New Member

    Joined:
    May 2, 2005
    Messages:
    687
    Likes Received:
    0
    Trophy Points:
    0
    Nice info ...But what i say is nothing is 100% safe....
     
  4. OP
    OP
    vineetind

    vineetind New Member

    Joined:
    May 1, 2006
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    0
    Agreed friend.But at least it will create awareness and help reducing cyber crimes in our country.
     
  5. FatBeing

    FatBeing Administratus Rotundus

    Joined:
    Jan 26, 2006
    Messages:
    385
    Likes Received:
    5
    Trophy Points:
    0
    Location:
    Pittsburgh, PA
    Really good post. I've moved it to the Tutorials section, where it'll find a more fitting home.
     
  6. OP
    OP
    vineetind

    vineetind New Member

    Joined:
    May 1, 2006
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    0
    Thanks a lot friend.This will really help us to achieve our dreams to make India Cyber Secure.If digit publishes it in the magazine then it will have great impact on the ppl. since a large percentage of ppl. don't use to visit forums.
     
  7. OP
    OP
    vineetind

    vineetind New Member

    Joined:
    May 1, 2006
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    0
    Hello fatbeing! Can u please make it sticky so that everyone has access to it?
     
  8. OP
    OP
    vineetind

    vineetind New Member

    Joined:
    May 1, 2006
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    0
    Thanx Fatbeing for making this article sticky.
     
  9. the deconstructionist

    the deconstructionist New Member

    Joined:
    Mar 30, 2006
    Messages:
    161
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    chasing new ideas
    Sorry to spoil the euphoria , once connected to the net you are prone to attack.Although the tutorial is good but never be under the illusion that you are cent percent safe. It is the best first post by any member.
     
  10. OP
    OP
    vineetind

    vineetind New Member

    Joined:
    May 1, 2006
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    0
    Thanks a lot friend for your reply but the thing is people can atleast remain a little safe by following these steps.Even i feel nothing is secure in this world!This is just to create awareness.
     
  11. vivek283

    vivek283 New Member

    Joined:
    May 16, 2005
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Gurgaon
    A very nice post Vineet. Sure is high time to make India Cyber Secure.

    I would like to add that as some of you have pointed out "Nothing is Secure" and if you are using your PC for online shopping/Banking etc. then it would be good to have a control over your registry and buffer.

    Any spyware would first try to tamper the registry. Hence installing something like Spybot's resident would ensure that all attempts to change the registry are first reffered to the user.

    This would be annoying when you are installing something but worth the pain.

    Also using a GOOD firewall like Cisco Security Agent (or even Zone Alarm) would be nice. CSA checks for buffer usuage, new files on the system trying to install something apart from normal firewall stuff.
     
Thread Status:
Not open for further replies.

Share This Page