Internet Safety PDF
Document Details
Tags
Summary
This document provides information on improving online security and discusses various aspects, including administrative security, technological security, safe browsing, and preventing online threats. It serves as a guide to online safety, covering topics like securing websites via HTTPS, using strong passwords, and practicing safe online behavior. The document also touches upon techniques to detect malicious code, such as using antivirus software to mitigate malware and phishing attacks.
Full Transcript
INTERNET SAFETY IMPROVING SECURITY Given the trends in security threats and attack technologies, a robust defense requires a flexible strategy that allows adaptation to the changing environment, well- defined policies and procedures, the use of appropriate security technologies, and constant vigila...
INTERNET SAFETY IMPROVING SECURITY Given the trends in security threats and attack technologies, a robust defense requires a flexible strategy that allows adaptation to the changing environment, well- defined policies and procedures, the use of appropriate security technologies, and constant vigilance. Administrative security Administrative security consists of an information security strategy, policy and guidelines. An information security strategy sets the direction for all information security activities. An information security policy is a documented high-level plan for organization-wide information security. It provides a framework for making specific decisions, such as an administrative and physical security plan. Because an information security policy should have a long-term point of view, it should avoid technology-specific content and include effective business continuity planning development. Information security guidelines should be established according to the information security strategy and policy. The guidelines should specify regulations for each area related to information security. And because the guidelines must be comprehensive and national in scope, they must be developed and delivered by the government for observance by organizations. Information security standards must be specialized and specific so that they can be applied to all security information areas. A country’s information security strategy, policy and guidelines should be in compliance with related law. Their scope should be within the boundaries of national and international laws. Information security operation and process 1.Information security education and training programme – There are many methods to improve an organization’s level of information security, but education and training are the basic activities. The members of an organization must appreciate the need for information security and acquire related skills through education and training. 2.Strengthening promotion through a variety of events – Employee participation is important in the successful implementation of information security strategy, policy and guidelines. Information security should be promoted among employees through various daily activities. 3.Securing sponsorship – While there may be high levels of information security awareness among employees and they have a strong will to maintain information security, support of the executive officers should be obtained. Technological security Prevention technologies protect against intruders and threats at the storage or system level. These technologies include the following: 1. Cryptography – Also referred to as encryption, cryptography is a process of translating information from its original form (called plaintext) into an encoded, incomprehensible form (called ciphertext). Decryption refers to the process of taking ciphertext and translating it back into plaintext. 2. One-time passwords (OTPs) 3. Firewalls 4. Vulnerability analysis tool – In computer security, a vulnerability is a weakness that allows an attacker to violate a system. Vulnerabilities may result from weak passwords, software bugs, a computer virus, a script code injection, an SQL injection or malware. Detection technology is used to detect and trace abnormal states and intrusion in networks or important systems. Detection technology includes the following: 1. Antivirus – An antivirus software is a computer program for identifying, neutralizing or eliminating malicious code, including worms, phishing attacks, rootkits, Trojan horses and other malware. 2. Malware sand box system – A "malware sandbox" is a security system that separates execution of programs, usually in an effort to mitigate malware from spreading. SAFE BROWSING A secure website creates a safe connection between the website and the web browser so that entered data, such as personal information, credit card details, banking information, etc, is not accessible to unauthorized entities. When the browser opens a secured connection, "https" can be seen in the URL instead of just http. To know if a website is secure or not, look for the locked yellow colour padlock symbol on the lower right corner of the browser window. How do I know if a website is secure? To know if your browser is viewing a secure web site, you can look in the lower right part of the window. There is a small box in the frame of the window to the left of the area that describes which zone you are in (usually the Internet zone, with a globe icon). If you see a yellow padlock icon, the web site you are viewing is a "secure web site." If the box is empty, the web site does not have a secure connection with your browser. TIPS FOR BUYING ONLINE I. Pay securely: Don‟t make any payment unless: You are on a secure website, and You can make a secure payment. This will protect you against fraud and unauthorised credit card transactions. A secure website address will always: begin with „https://‟, not „http://‟ display the image of a closed padlock (usually in the bottom right corner of your browser window). Only make a payment if you can see both of these things. Never give out your bank account details, credit card number or other personal details if you are not certain that the business is a reputable trader. TIPS FOR BUYING ONLINE II. Know the business: Only buy from websites you know and trust. Check that the company has a physical street address and landline phone number. If the company operates from overseas, you might have trouble getting a refund or repair. III. Know the product: Make sure you check whether: the product is legal the product will work in your country any warranties or guarantees offered are valid within your country the product has an authorized repairer nearby. TIPS FOR BUYING ONLINE IV. Check the contract: Make sure you read and understand: the terms and conditions of sale the refund policy the delivery details returns and repairs policies, including any associated costs. V. Check the full cost: Be aware of the full cost of your purchase. Additional costs may include: currency conversion taxes postage and delivery fees packaging TIPS FOR BUYING ONLINE VI. Protect your privacy: Only buy online if you are comfortable with a business‟s privacy policy. Do not give out information unless they require it to complete the sale. Remember, if a deal sounds too good to be true, it probably is. VII. Keep records: Always write down any reference numbers and print out copies of: the order form (both before and after you confirm the order) receipts (can come by email or in a pop-up window). TIPS FOR BUYING ONLINE VIII. Online auction sites: Most online auction sites (like eBay) offer a dispute resolution process for buyers and sellers. This should be your first step to resolve a dispute if: you did not receive the items you bought you did not receive payment for items you sold you received items that were significantly different from their description. The eBay website has an example of this facility. CLEARING CACHE FOR BROWSERS Your internet browser's cache stores certain information (snapshots) of webpages you visit on your computer or mobile device so that they'll load more quickly upon future visits and while navigating through websites that use the same images on multiple pages so that you do not download the same image multiple times. SAFE BROWSING GUIDELINES FOR SOCIAL NETWORKING SITES Remember that social networking sites are owned by private businesses, and that they make their money by collecting data about individuals and selling that data on, particularly to third party advertisers. When you enter a social networking site, you are leaving the freedoms of the internet behind and are entering a network that is governed and ruled by the owners of the site. SAFE BROWSING GUIDELINES FOR SOCIAL NETWORKING SITES Remember that social networking sites are owned by private businesses, and that they make their money by collecting data about individuals and selling that data on, particularly to third party advertisers. When you enter a social networking site, you are leaving the freedoms of the internet behind and are entering a network that is governed and ruled by the owners of the site. SAFE BROWSING GUIDELINES FOR SOCIAL NETWORKING SITES Privacy settings are only meant to protect you from other members of the social network, but they do not shield your data from the owners of the service. Essentially you are giving all your data over to the owners and trusting them with it. If you work with sensitive information and topics, and are interested in using social networking services, it is important to be very aware of the privacy and security issues that they raise. GENERAL TIPS ON USING SOCIAL NETWORKING PLATFORMS SAFELY Always ask the questions: Who can access the information I am putting online? Who controls and owns the information I put into a social networking site? What information about me are my contacts passing on to other people? Will my contacts mind if I share information about them with other people? Do I trust everyone with whom I'm connected? GENERAL TIPS ON USING SOCIAL NETWORKING PLATFORMS SAFELY Always make sure you use secure passwords to access social networks. If anyone else does get into your account, they are gaining access to a lot of information about you and about anyone else you are connected to via that social network. Change your passwords regularly as a matter of routine. Make sure you understand the default privacy settings offered by the social networking site, and how to change them. GENERAL TIPS ON USING SOCIAL NETWORKING PLATFORMS SAFELY Consider using separate accounts/identities, or maybe different pseudonyms, for different campaigns and activities. Remember that the key to using a network safely is being able to trust its members. Separate accounts may be a good way to ensure that such trust is possible. Be careful when accessing your social network account in public internet spaces. Delete your password and browsing history when using a browser on a public machine. GENERAL TIPS ON USING SOCIAL NETWORKING PLATFORMS SAFELY Be careful about putting too much information into your status updates – even if you trust the people in your networks. It is easy for someone to copy your information. Be particularly careful when integrating your social network accounts! You may be anonymous on one site, but exposed when using another. Never rely on a social networking site as a primary host for your content or information. It is very easy for governments to block access to a social networking site within their boundaries if they suddenly find its content objectionable. Posting Personal Details Social networking sites ask you for a good deal of data about yourself to Ask yourself: is it necessary to post the make it easier for other users to find following information and connect to you. Perhaps the online? biggest vulnerability this creates for ⚬ birth dates users of these sites is the possibility of ⚬ contact phone identity fraud, which is increasingly numbers common. ⚬ addresses ⚬ details of family The more information about yourself members you reveal online, the easier it ⚬ sexual orientation becomes for the authorities to ⚬ education and identify you and monitor your employment history activities. Friends, Followers and Contacts The most important thing to understand is what information you are allowing this online community to have. When using a social network account such as Facebook, where a lot of information about yourself is held, consider only connecting to people you know and trust not to misuse the information you post. How many friends do you have in FB? or followers in IG or X? Status Updates On Twitter and Facebook and similar networks, the status update answers the questions: What am I doing right now? What's happening? The most important thing to understand about the status update is who can actually see it. There have been many incidents in which information included in status updates has been used against people. Teachers in the US have been fired after posting updates about how they felt about their students; other employees have lost their jobs for posting about their employers. How many friends do you have in FB? or followers in IG or X? Sharing Online Content If you share (or "like") a site that opposes some position taken by your government, for example, agents of that government very might well take an interest and target you for additional surveillance or direct persecution. If you want your contacts (and of course the administrators of the social networking platform you use) to be the only ones who can see the things you share or mark as interesting, be sure to check your privacy settings. Revealing your Location Most social networking sites will display your location if that data is available. This function is generally provided when you use a GPS-enabled phone to interact with a social network, but don't assume that it's not possible if you aren't connecting from a mobile. Be particularly mindful of location settings on photo and video sharing sites. Don't just assume that they're not sharing your location: double-check your settings to be sure. Sharing Videos and Photos Photos and videos can reveal people's identities very easily. It's important that you have the consent of the subject/s of any photo or video that you post. If you are posting an image of someone else, be aware of how you may be compromising their privacy. Never post a video or photo of anyone without getting their consent first. Photos and videos can also reveal a lot of information unintentionally. Many cameras will embed hidden data (metadata tags), that reveal the date, time and location of the photo, camera type, etc. Instant Chats Many social networking sites have tools that allow you to have discussions with your friends in real time. These operate like Instant Messaging and are one of the most insecure ways to communicate on the internet, both because they may reveal who you are communicating with, and what you are communicating about. It is more secure to use a specific application for your chats, which uses encryption. Joining and Creating Groups, Events and Communities What information are you giving to people if you join a group or community? What does it say about you? Alternatively, what are people announcing to the world if they join a group or community that you have created? How are you putting people at risk? When you join a community or group online it is revealing something about you to others. On the whole, people may assume that you support or agree with what the group is saying or doing, which could make you vulnerable if you are seen to align yourself with particular political groups, for example. RESOURCES 1.Pande, J. (2017) Introduction to Cyber Security 2.Academy of ICT Essentials for Government Leaders. (2021). Information Security and Privacy