Netiquette and Incident Countermeasures (IT1914) PDF

IT1914 Incident Countermeasure Netiquette Netiquette is a combination of the words “network” and “etiquette” and is defined as “a set of rules for acceptable online behavior.” Netiquette exists to help people to communicate more effectively while online, as well as to avoid unnecessary misunderstandings and potential conflicts. Similarly, online ethics focuses on the acceptable use of online resources in an online social environment. What Does Good Web Etiquette Look Like? SOCIETY Recognizing that the Internet is an extension of society – The Internet isn’t a new world in which anything goes, but rather, a new dimension of the world around us. Applying the same standards online as we do in public – In simple terms, this means that the values society has in place against hate speech, copyright violations, and other forms of theft remain intact. Values around courtesy, kindness, openness, and treating others with the same respect we wish to receive should also be adhered to. Refusing to empower abuse and harassment while online – Accepting that the laws which are currently in place to protect the rights and dignity of citizens apply online and that where needed, laws are updated to reflect these rights in the extended environment. Acknowledging cultural differences – Even when national boundaries no longer apply, cultural respect and tolerance should remain. This requires finding a way to accept that the social values and norms of some netizens will not be the social values and norms of all netizens. BUSINESS Respecting rights of privacy for offline employees – Information possessed by citizens in their offline interactions should be respected. Maintaining transparency in information policies. Netiquette Golden Rules Respect people’s If someone isn’t comfortable sharing information with you, try not to push or pressure them into doing so. privacy. Never share other people’s personal information, such as addresses, phone numbers, or e-mails, without permission as this can be considered doxing. Note: Doxing refers to the practice of gathering and publishing personal or private information about someone on the Internet. Be mindful of your Be aware of the language you use online. Although you might believe it to be funny or harmless, another language. person might take offense to it or find it upsetting. Don’t be sarcastic. Sarcasm doesn’t translate well on the Internet. Choose your Emojis or emoticons have now become a recognized language in their own right. Make sure that if you use emojis carefully. emoticons, you are using one that is appropriate for the emotion you are trying to convey as they can easily change the context of an entire conversation. Respect others’ The beauty of the Internet relies on varying and diverse opinions and beliefs. Allow others to share their views. views without the conversation becoming heated or turning into an argument. Table 1. Netiquette Golden Rules Firewall and Software A firewall is a software program or built-in hardware device with a specific purpose to defend one’s home or business against electronic threats by screening viruses, hackers, and works that infiltrate the computer through the Internet. It also serves as a gatekeeper between a company’s servers and the outside world. It keeps external threats out while alerting the user to more elusive problems by diverting outgoing data. Benefits of Using a Firewall Confidence in choices: There is a variety of business-class firewalls to choose from. Some network security devices include a broad range of features and services at a high cost, while others have basic services for a lower cost. 08 Handout 1 *Property of STI  [email protected] Page 1 of 3 IT1914 Functionality and usability: Many firewall models deliver tight security and offer GUI-friendly administration. Some of the benefits of having a GUI help prevent installation mistakes. Virtual Private Network (VPN) confirmation: A firewall’s purpose isn’t just to keep hackers and unauthorized traffic out of the network. A good firewall also establishes and monitors secure channels and enables remote connectivity. Warranty and technical support: Hardware fails. Just because a device is new and fresh from the factory doesn’t mean it will work properly. Check if there is a 24/7 technical support available and implement technical support contracts with the firewall’s manufacturer. Having a down firewall for a day or two can lead to complete failure inclusive of e-mail, Internet, and remote connectively. Integrity of hardware: The hardware’s integrity is critical. Having an outdated firewall in today’s fast-paced, ever-changing business environment can lead to slowness, Internet issues, and major security concerns. The older a firewall becomes, the more vulnerable it gets. Monitoring and reporting: Firewalls manage critical network tasks. Repeatedly, throughout just one (1) business day, a single router can block thousands of intrusion attempts, detect consolidated attacks, and log failing or failed network connections. Content filtering: Some firewall manufacturers offer Web filtering subscriptions. The benefit is that all the network services associated with a business, from gateway security services to content filtering, can be consolidated on a single device. Content filtering is the use of a program to screen and exclude from accessing the content to Web pages or e-mail that are deemed inappropriate. This type of filtering can help prevent malware from penetrating an infrastructure when the staff is surfing the Internet. Failover: Some organizations require a wide area network (WAN) failover or redundant Internet connections with automatic fault detection and correction. This is critical and recommended when using cloud services to run the entire or critical parts of a business and recommended when using cloud services to run the entire or the critical parts of a business. Many firewall models don’t have support for automatic failover. If that feature is critical to an organization, confirm that the selected model includes seamless failover. Feature-rich: Consider picking a firewall that has enhanced security features. Volume, performance, and capacity: Due to the network role of the firewall, this serves as an organization’s Internet gateway. Smaller offices may leverage a firewall in a dual capacity to serve as a security device and as a network switch. Expertise of installation: Installing a business class firewall properly is not as easy as it seems. Many things have to happen to set up a business-class firewall correctly. Best Security Software for 2019 Reviews AttackIQ FireDrill – This was created to watch the watchers. It is a penetration testing tool but is configured to operate from the inside, with the primary goal of identifying flaws, misconfigurations, and outright shortcomings in all other cybersecurity defenses. Bitglass – This is essentially an agentless and lightweight platform without any of the over-burdensome complexity or draconian rules those mobile management tools normally require. Bitglass is installed in the cloud, which technically makes it a cloud access security broker. Fidelis Deception – This software combats hackers by creating realistic living deception assets. GreatHorn – This takes a modern and highly effective approach to protecting enterprise e-mail that goes well beyond the capabilities of legacy mail scanners. JASK Autonomous Security Operations Center (ASOC) – This software helps in facilitating the link between the local console and the brains of the platform in the cloud. SlashNext – This software has taken the adage of doing one (1) thing very well to heart. There are two (2) products available to organizations. The first is a detailed and dedicated phishing threat feed that can be used to block phishing sites as they pop up. The second is an appliance that provides even more protection which can halt even targeted attacks aimed at a single organization that wouldn’t trigger other kinds of alert. 08 Handout 1 *Property of STI  [email protected] Page 2 of 3 IT1914 Authentication Mechanisms Authentication is the process of recognizing a user’s identity. It is the mechanism of associating an incoming request with a set of identifying credentials. The credentials provided are compared to those on a file in a database of the authorized user’s information on a local operating system or within an authentication server. These are the top six (6) authentication mechanisms that are a part of a step-up multi-factor architecture (Madsen, 2016): Passwords – A password is a shared secret known by the user and presented to the server to authenticate the user. Passwords are the default authentication mechanism on the Web today. However, poor usability and vulnerability to large scale breaches and phishing attacks make passwords unacceptable authentication mechanisms in isolation. To a large extent, additional authentication mechanisms serve to mitigate the risks associated with passwords. Hard Tokens – These are small hardware devices that the owner carries to authorize access to a network service. The device may be in the form of a smart card, or it may be embedded in an easily carried object such as a key fob or USB drive. Soft Tokens – These software-based security token applications typically run on a smartphone and generate a One Time Password (OTP) for signing in. Software tokens have some significant advantages over hardware tokens. Users are less likely to forget their phones at home than lose a single-use hardware token. When they lose a phone, users are more likely to report the loss, and the soft token can be disabled. Soft tokens are less expensive and easier to distribute than hardware tokens which need to be shipped. Biometric Authentication – Biometric authentication methods include retina, iris, fingerprint and finger vein scans, facial and voice recognition, and hand or even earlobe geometry. The latest phones are adding hardware support for biometrics, such as TouchID on the iPhone. Biometric factors may demand an explicit operation by the user. Contextual Authentication – Every time a user interacts with an authentication server, in addition to any explicit credentials they present, it implicitly presents several different signals. Contextual authentication collects signals like geolocation, IP address, and time of day to help establish assurance that the user is valid. In this authentication, the analysis can be one (1) of the following: o Contextual – comparing a given signal value to a prescribed list of allowed or prohibited values o Behavioral – comparing a given signal value to the expected value based on a previously established pattern o Correlative – comparing a given signal value to a different collected signal value and looking for inconsistencies in the data. Device Identification – A specific noteworthy example of contextual authentication is for the authentication server to be able to recognize a particular device over repeated interactions. Device identification establishes a fingerprint that is somewhat unique to that device. Over time, this fingerprint allows the authentication server to recognize and determine when the user associated with attempts to authenticate from a different device, which could indicate fraudulent activity. References: Breeden II., J. (2019). Best security software, 2019: Lab-tested reviews of today’s top tools. Retrieved from https://www.csoonline.com/article/3206685/best- security-software-how-cutting-edge-tools-tackle-todays-threats.html on May 22, 2019 Cybersecurity: What is a firewall and which type is for you? (2015). In Southridge Technology. Retrieved from https://www.southridgetech.com/picking-firewall- security/ on May 22, 2019 Madsen, P. (2016, February 4). The top 6 authentication mechanisms [Web log post]. Retrieved from https://www.pingidentity.com/content/ping/en/company/blog/posts/2016/the-top-6-authentication-mechanisms.html on May 22, 2019 Netiquette. (n.d). In Cybersmile. Retrieved from https://www.cybersmile.org/advice-help/category/netiquette on May 24, 2019 Netiquette. (n.d). In Digital Citizenship. Retrieved from https://www.auburn.edu/citizenship/netiquette.html on May 24, 2019 What is netiquette? A guide to online ethics and etiquette. (n.d). In Webroot. Retrieved from https://www.webroot.com/hk/en/resources/tips-articles/netiquette- and-online-ethics-what-are-they on May 22, 2019 The importance of having firewalls. (n.d). In Geeks On Site. Retrieved from https://www.geeksonsite.com/internet-security/the-importance-of-having-firewalls/ on May 24, 2019 08 Handout 1 *Property of STI  [email protected] Page 3 of 3

Netiquette and Incident Countermeasures (IT1914) PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue