1.

2 COMMUNICATION AND INTERNET TECHNOLOGIES AHMED THAKUR

1.2.2 Security Aspects

 Understanding of the security aspects of using the Internet and understand what methods are
available to help minimise the risks

Internet safety, or online safety, is the knowledge of maximizing the user's personal safety and security
risks to private information and property associated with using the internet, and the self-protection
from computer crime in general. As the number of internet users continues to grow worldwide,
internet safety is a growing concern for both children and adults. Common concerns regarding

R
safety on the internet include: malicious users (spam, phishing, cyberbullying, cyberstalking etc.),
websites and software (malware, computer viruses, etc.) and various types of obscene or offensive
content. Several crimes can be committed on the Internet such as stalking, identity theft and more

KU
Information security risks
Sensitive information such as personal information and identity, passwords are often associated with
personal property (for example, bank accounts) and privacy and may present security concerns if
leaked. Unauthorized access and usage of private information may result in consequence such as
identity theft, as well as theft of property. Common causes of information security breaches include:

A
 Cookies: Information that a website stores about a user on their hard disk; this enables the
website to remember details about the user when they next visit the website.

 Phishing: Sending an email that claims to be from a legitimate company; the recipient is then
TH
directed to a bogus website where their personal details will be collected

 Pharming: Malicious code installed on a PC or on a server. This code directs users to a fraudulent
website without their knowledge.

 Spam: Junk/ (unsolicited) electronic mail advertising products and services sent to a general
mailing list.

 War-driving: Act of locating and possibly exploiting a wireless network by touring an area. This
ED

requires a laptop with relevant software and an antenna.

 Internet scams
Internet scams are schemes that deceive the user in various ways in attempt to take advantage
of them. Internet scams often aim to cheat the victim of personal property directly rather than
HM

personal information through false promises, confidence tricks and more.

 Malware
Malware, particularly spyware, is malicious software disguised as legitimate software designed
to collect and transmit private information, such as passwords, without the user's consent or
knowledge.

They are often distributed through e-mail, software and files from unofficial locations. Malware is
one of the most prevalent security concerns as often it is impossible to determine whether a file
is infected, despite the source of the file.
A

 Spyware: Program installed on a PC to gather information about the user. It monitors every key
press and relays the information back to the home base.

Personal safety
The growth of the internet gave rise to many important services accessible to anyone with a
connection. One of these important services is digital communication. While this service allowed us
to communicate with others through the internet, this also allowed the communication with
malicious users. While malicious users often use the internet for personal gain, this may not be limited

COMPUTER SCIENCE https://www.facebook.com/groups/OAComputers/

[email protected], 0300-8268885 Page 1
2210
 1.2 COMMUNICATION AND INTERNET TECHNOLOGIES AHMED THAKUR

to financial/material gain. This is especially a concern to parents and children, as children are often
targets of these malicious users. Common threats to personal safety include:

 Cyberstalking
Cyberstalking is the use of the Internet or other electronic means to stalk or harass an individual,
a group of individuals, or an organization. It may include the making of false accusations or
statements of fact (as in defamation), monitoring, making threats, identity theft, damage to data
or equipment, the solicitation of minors for sex, or gathering information that may be used to
harass.

R
 Cyberbullying
Cyberbullying is often an extension of bullying outside the internet, and may take form in many
different ways. For example, the malicious user might release images of the user without his or

KU
her consent. Because cyberbullying often stems from real-life bullying, this is largely a social
concern, rather than internet safety. Cyberbullying occurs more frequently than real-life bullying
as the internet often provides means to carry out bullying while allowing the perpetrator to
remain anonymous and hidden, avoiding backlash in the process.

 Online predation
Online predation is the act of engaging an underage minor into inappropriate sexual

A
relationships through the internet. Online predators may attempt to initiate and seduce minors
into relationships through the use of chat rooms or internet forums. It is debated whether online
predators is actually a threat to internet safety, as many cases take a long time to develop the
relationship. As such, targets of online predators may see the relationship as a legitimate attempt
at romance.
TH
 Obscene/offensive content
Various websites on the internet contain material that some deem offensive, distasteful or
explicit, which may often be not of the user's liking. Such websites may include internet
pornography, shock sites, hate speech or otherwise inflammatory content. Such content may
manifest in many ways, such as pop-up ads and unsuspecting links.

Prevention – Securing information

ED

 Keep shared information at a minimum

Cyberstalking and identity theft often begins by malicious users identifying the user through
identifying information provided by the user himself. It is important to remember that information
posted online may be seen by more people than is originally intended. Social networks make it
simple to inadvertently share details about oneself (address, phone number, birthday, etc.), so
HM

as a precaution, it is best not to input this type of information onto these websites.

It is also a common occurrence for users to make the mistake of sharing small bits of information
occasionally, and through the use of search engines and some research it is possible to piece
these information together to identify the user. As such, avoid sharing personal information and
personal history whenever possible.

When creating usernames, websites, or e-mail addresses, avoiding using anything that reveals
any useful information such as a year of birth. Passwords and PINs should never be shared under
any circumstances.
A

 Passwords
Passwords are often created to keep personal information and property secure.[5] If a password
is compromised, it may lead to consequences such as financial theft from online services such
as bank accounts. One common way that passwords may be compromised is through repeated
guessing. Weak passwords make this process easier, so it is important that passwords be strong.
Creating strong passwords is a way of keeping information secure. A strong password may
contain the following:

 At least 10 characters

COMPUTER SCIENCE https://www.facebook.com/groups/OAComputers/

[email protected], 0300-8268885 Page 2
2210
 1.2 COMMUNICATION AND INTERNET TECHNOLOGIES AHMED THAKUR

 Both upper and lower case letters

 Numbers
 Symbols (if allowed)
 Does not contain dictionary words

It is recommended that one avoids using simple passwords such as: “password”, “123456”,
“qwerty”, “abc123”, names, birthdates, etc. Besides having a strong password, it is considered
important to use different passwords for different accounts. This prevents access to all internet
accounts, should someone get hold of a password. It is also recommended to regularly change
your passwords.

R
 PINs
PINs, like passwords, are means of keeping information secure. A PIN may consist of at least 4

KU
digits. Birthdays, birth-years, consecutive numbers, repeating numbers, and banking PINs should
not be used as PINs for your internet accounts.

 Social network websites

Profiles on social network websites may be seen by people you may not know. These websites
often have privacy settings that you can alter so you can control who sees your profile and what
information they are allowed to see. Do not accept friend requests from people you don't know.

A
 Security software
Through the use of antivirus software, the user can automatically detect, prevent and remove
computer viruses and various types of malware. Very often it is impossible for the user alone to
identify infected files and software until it is too late, especially if the infected file or software is
TH
well disguised as legitimate files. Because of this, it is important that the user keeps antivirus
software running on the computer whenever accessing the internet so that the user can filter
and block infected files.

 Firewalls
A firewall is a program that controls incoming and outgoing internet traffic. Most operating
systems come with firewalls. In order to keep your computer and information safe, it is important
to keep the firewall on at all times when accessing the internet to prevent unauthorized access.
ED

Users are also able to control which specific programs are allowed through the firewall as well as
those that are not.

 Keeping up-to-date
Many computer software, such as operating systems, are not without flaws. Computer viruses
often take advantage of these flaws to gain unauthorized access to a user's computer. When
HM

these security vulnerabilities are discovered they are often patched with security updates to
eliminate the vulnerability. Operating systems, anti-viruses, and any other programs should be
kept up-to-date with the newest security updates in order to keep viruses and harmful software
from taking advantage of exploits that have been fixed with updates.[original research?]

 Avoid scams
Be cautious of the internet. Avoid misleading ads, strangers with offers, strange e-mails, and
questionable websites. Do research to verify the validity of these offers. If someone you know is
sending you messages that don’t seem like themselves, their account may have been taken
over by somebody trying to get information out of you.
A

 Encryption
Encryption is the process of encoding messages or information in such a way that only authorized
parties can read it. Encryption does not of itself prevent interception, but denies the message
content to the interceptor.

In an encryption scheme, the message or information, referred to as plaintext, is encrypted using

an encryption algorithm, generating cipher text that can only be read if decrypted. For technical
reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an
algorithm.

COMPUTER SCIENCE https://www.facebook.com/groups/OAComputers/

[email protected], 0300-8268885 Page 3
2210
 1.2 COMMUNICATION AND INTERNET TECHNOLOGIES AHMED THAKUR

It is in principle possible to decrypt the message without possessing the key, but, for a well-
designed encryption scheme, large computational resources and skill are required. An
authorized recipient can easily decrypt the message with the key provided by the originator to
recipients, but not to unauthorised interceptors.

 Understanding of the Internet risks associated with malware, including viruses, spyware and
hacking

Viruses: A virus is a small piece of software that piggybacks on real programs. For example, a virus

R
might attach itself to a program such as a spreadsheet program. Each time the spreadsheet
program runs, the virus runs, too, and it has the chance to reproduce (by attaching to other
programs) or wreak havoc.

KU
E-mail viruses: An e-mail virus travels as an attachment to e-mail messages, and usually replicates
itself by automatically mailing itself to dozens of people in the victim's e-mail address book. Some
e-mail viruses don't even require a double-click -- they launch when you view the infected message
in the preview pane of your e-mail software.

Trojan horses: A Trojan horse is simply a computer program. The program claims to do one thing (it

A
may claim to be a game) but instead does damage when you run it (it may erase your hard disk).
Trojan horses have no way to replicate automatically.

Worms: A worm is a small piece of software that uses computer networks and security holes to
TH
replicate itself. A copy of the worm scans the network for another machine that has a specific
security hole. It copies itself to the new machine using the security hole, and then starts replicating
from there, as well.

How Hackers Work

The main resource hackers rely upon, apart from their own ingenuity, is computer code. While there
is a large community of hackers on the Internet, only a relatively small number of hackers actually
program code. Many hackers seek out and download code written by other people. There are
thousands of different programs hackers use to explore computers and networks. These programs
ED

give hackers a lot of power over innocent users and organizations -- once a skilled hacker knows
how a system works, he can design programs that exploit it.

Malicious hackers use programs to:

 Log keystrokes: Some programs allow hackers to review every keystroke a computer user
HM

makes. Once installed on a victim's computer, the programs record each keystroke, giving the
hacker everything he needs to infiltrate a system or even steal someone's identity.

 Hack passwords: There are many ways to hack someone's password, from educated guesses
to simple algorithms that generate combinations of letters, numbers and symbols. The trial and
error method of hacking passwords is called a brute force attack, meaning the hacker tries to
generate every possible combination to gain access. Another way to hack passwords is to use
a dictionary attack, a program that inserts common words into password fields.

 Infect a computer or system with a virus: Computer viruses are programs designed to duplicate
A

themselves and cause problems ranging from crashing a computer to wiping out everything on
a system's hard drive. A hacker might install a virus by infiltrating a system, but it's much more
common for hackers to create simple viruses and send them out to potential victims via email,
instant messages, Web sites with downloadable content or peer-to-peer networks.

 Gain backdoor access: Similar to hacking passwords, some hackers create programs that
search for unprotected pathways into network systems and computers. In the early days of the
Internet, many computer systems had limited security, making it possible for a hacker to find a
pathway into the system without a username or password. Another way a hacker might gain
backdoor access is to infect a computer or system with a Trojan horse.

COMPUTER SCIENCE https://www.facebook.com/groups/OAComputers/

[email protected], 0300-8268885 Page 4
2210
 1.2 COMMUNICATION AND INTERNET TECHNOLOGIES AHMED THAKUR

 Create zombie computers: A zombie computer, or bot, is a computer that a hacker can use to
send spam or commit Distributed Denial of Service (DDoS) attacks. After a victim executes
seemingly innocent code, a connection opens between his computer and the hacker's system.
The hacker can secretly control the victim's computer, using it to commit crimes or spread spam.

 Spy on e-mail: Hackers have created code that lets them intercept and read e-mail messages
-- the Internet's equivalent to wiretapping. Today, most e-mail programs use encryption formulas
so complex that even if a hacker intercepts the message, he won't be able to read it.

R
Firewall
A firewall is simply a program or hardware device that filters the information coming through the
Internet connection into your private network or computer system. If an incoming packet of

KU
information is flagged by the filters, it is not allowed through.

Firewalls use one or more of three methods to control traffic flowing in and out of the network:

 Packet filtering: Packets (small chunks of data) are analyzed against a set of filters. Packets that
make it through the filters are sent to the requesting system and all others are discarded.

A
 Proxy service: Information from the Internet is retrieved by the firewall and then sent to the
requesting system and vice versa.

 Stateful inspection: A newer method that doesn't examine the contents of each packet but
instead compares certain key parts of the packet to a database of trusted information.
TH
Information traveling from inside the firewall to the outside is monitored for specific defining
characteristics, then incoming information is compared to these characteristics. If the
comparison yields a reasonable match, the information is allowed through. Otherwise it is
discarded.

 Masquerading as anti-spyware: This is one of the cruelest tricks in the book. This type of software
convinces you that it's a tool to detect and remove spyware. When you run the tool, it tells you
your computer is clean while it installs additional spyware of its own.
ED

Spyware
Spyware is a category of computer programs that attach themselves to your operating system in
nefarious ways.

Some people mistake spyware for a computer virus. A computer virus is a piece of code designed
HM

to replicate itself as many times as possible, spreading from one host computer to any other
computers connected to it. It usually has a payload that may damage your personal files or even
your operating system.

Spyware, on the other hand, generally isn't designed to damage your computer. Spyware is defined
broadly as “any program that gets into your computer without your permission and hides in the
background while it makes unwanted changes to your user experience. The damage it does is more
a by-product of its main mission, which is to serve you targeted advertisements or make your
browser display certain sites or search results”.
A

At present, most spyware targets only the Windows operating system. Some of the more notorious
spyware threats include Trymedia, Nuvens, Estalive, Hotbar and New.Net.Domain.Plugin

Here are some of the general ways in which spyware finds its way into your computer:

 Drive-by download - This is when a Web site or pop-up window automatically tries to download
and install spyware on your machine. The only warning you might get would be your browser's
standard message telling you the name of the software and asking if it's okay to install it. If your
security settings are set low enough, you won't even get the warning.

COMPUTER SCIENCE https://www.facebook.com/groups/OAComputers/

[email protected], 0300-8268885 Page 5
2210
 1.2 COMMUNICATION AND INTERNET TECHNOLOGIES AHMED THAKUR

 Piggybacked software installation - Some applications -- particularly peer-to-peer file-sharing

clients -- will install spyware as a part of their standard installation procedure. If you don't read
the installation list closely, you might not notice that you're getting more than the file-sharing
application you want. This is especially true of the "free" versions that are advertised as
alternatives to software you have to buy. As the old saying goes, there's no such thing as a free
lunch.

 Browser add-ons - These are pieces of software that add enhancements to your Web browser,
like a toolbar, animated pal or additional search box. Sometimes, these really do what they say
they'll do but also include elements of spyware as part of the deal. Or sometimes they are

R
nothing more than thinly veiled spyware themselves. Particularly nasty add-ons are
considered browser hijackers -- these embed themselves deeply in your machine and take
quite a bit of work to get rid of.

KU
What Spyware Can Do
Spyware can do any number of things once it's installed on your computer.

 At a minimum, most spyware runs as an application in the background as soon as you start your
computer up, hogging RAM and processor power. It can generate endless pop-up ads that

A
make your Web browser so slow it becomes unusable. It can reset your browser's home page to
display an ad every time you open it. Some spyware redirects your Web searches, controlling the
results you see and making your search engine practically useless. It can also modify the
dynamically linked libraries (DLLs) your computer uses to connect to the Internet, causing
connectivity failures that are hard to diagnose. At its very worst, spyware can record the words
TH
you type, your Web browsing history, passwords and other private information.

 Certain types of spyware can modify your Internet settings so that if you connect through dial-
up service, your modem dials out to expensive, pay telephone numbers. Like a bad guest, some
spyware changes your firewall settings, inviting in more unwanted pieces of software. There are
even some forms that are smart enough to know when you try to remove them in the Windows
registry and intercept your attempts to do so.
ED

 The point of all this from the spyware makers' perspective isn't always clear. One reason it's used
is to pad advertisers' Web traffic statistics. If they can force your computer to show you tons of
pop-up ads and fake search results, they can claim credit for displaying that ad to you over and
over again. And each time you click the ad by accident, they can count that as someone
expressing interest in the advertised product.
HM

 Another use of spyware is to steal affiliate credits. Major shopping sites

like Amazon and eBay offer credit to a Web site that successfully directs traffic to their item
pages. Certain spyware applications capture your requests to view sites like Amazon and eBay
and then take the credit for sending you there

Malware: Short for malicious software, malware is a catch-all phrase used to define any program
that runs on a computer without the user's knowledge and performs predetermined functions that
cause harm. In that sense, spyware can also be malware.

Adware: Similar to spyware and malware, in that it resides on a computer without the user's
A

knowledge, adware specifically refers to programs that display pop-up advertisements. The subject
matter of the ads is often based on surfing habits, but may also be tied to a specific advertiser.

Cookie: While cookies aren't really malware, they can be used in similar ways. Cookies are small data
files used by Web sites to store information on your computer. For example, a shopping site may want
to identify items you've looked at, but not purchased, or store data on current purchases until you
head for the checkout. A less scrupulous site, however, may decide to look through your cookies for
personal information, such as recent sites you have visited.

COMPUTER SCIENCE https://www.facebook.com/groups/OAComputers/

[email protected], 0300-8268885 Page 6
2210
 1.2 COMMUNICATION AND INTERNET TECHNOLOGIES AHMED THAKUR

 How anti-virus and other protection software helps to protect the user from security risks

This section is discussed in detail in Section 1.4 – Security

R
KU
A
TH
ED
HM
A

COMPUTER SCIENCE https://www.facebook.com/groups/OAComputers/

[email protected], 0300-8268885 Page 7
2210