Cyber Security Awareness Handbook PDF

Cyber Security Awareness Handbook
Table of Contents
1. Introduction..................................................................................................................5
1.1 Cyber Security Awareness..................................................................................5
1.2 Importance of Cyber Security...........................................................................5
2. Computer Ethics..........................................................................................................6
2.1 Definition of Computer Ethics............................................................................6
2.2 Internet Ethics for everyone................................................................................6
2.3 Ethical rules for computer users.........................................................................8
2.4 Scenarios................................................................................................................8
3. Understanding Internet..............................................................................................9
3.1 World Wide Web (WWW)....................................................................................9
3.2 Usage of Internet................................................................................................10
3.3 Features of Internet ...........................................................................................10
3.4 Benefits of Internet ............................................................................................11
3.5 Privacy Issues.......................................................................................................12
3.6 Peer To Peer (P2P) Networking........................................................................13
4. Search Engines and Web Browsers........................................................................17
4.1 Usage of search engines..................................................................................17
4.2 Internet Browser(s) Security .............................................................................17
4.3. Risks towards web browser..............................................................................19
4.4 How to secure your web browser?.................................................................20
5. Filtering services.........................................................................................................27
5.1 Filtering Services in web browser.....................................................................27
5.2 Parental Control Bars.........................................................................................28
5.3 Procedure for installing Parental control toolbar.........................................30
5.4 Changing the parental control settings in the parental control toolbar 37
Cyber Security HandBook CDAC Hyderabad & NIELIT 1

5.5 k9 web protection..............................................................................................40
K9 also offers:.............................................................................................................40
5.6 Spam filter............................................................................................................42
6. Internet Mediated Communication......................................................................43
6.1 e-Mail Security ....................................................................................................43
6.2 Instant Messaging..............................................................................................47
7. Social Networking.....................................................................................................49
7.1 Tips to avoid risks by social networking .........................................................49
8. Social Engineering.....................................................................................................51
8.1 What is Social Engineering?.............................................................................51
8.2 How do they do this?.........................................................................................51
8.3 Social Engineering can be done in many ways..........................................52
8.4 How do you avoid being a victim?................................................................54
8.5 What do you do if you think you are a victim?............................................55
9. Online Games and Computer Games.................................................................56
9.1 About online games..........................................................................................56
9.2. Things to be noted while downloading the games...................................56
9.3. Risks Involved......................................................................................................56
9.4 Guidelines............................................................................................................57
10. Safe Downloading..................................................................................................59
10.1 Safe Downloading and uploading...............................................................59
10.2 Risks by insecure downloads.........................................................................59
10.3 Tips for Safety downloads...............................................................................60
11. Blogging....................................................................................................................62
11.1Types of blogs....................................................................................................62
11.2 Risks involved in blogging ..............................................................................63

11.3 Tips to avoid risks by blogging ......................................................................63
11.4 Guidance for Parents on Blogging...............................................................63
12. Cyber Bullying..........................................................................................................65
12.1 Harassment and bullying................................................................................65
12.2 Cyber bullying can be done in the following ways..................................65
12.3 Tips and guidelines...........................................................................................66
13. Online Threats and Tips .........................................................................................68
13.1 Protect children from online threats.............................................................68
13.2 Most common online Threats.........................................................................69
13.3 Online Banking..................................................................................................71
13. 4 Online Shopping..............................................................................................73
13.5 Identity Theft......................................................................................................74
13.6 Tab napping......................................................................................................74
13.7 Clickjacking ......................................................................................................76
14. Wireless Network......................................................................................................79
14.1 What is a Wireless Network?...........................................................................79
14.2 Risks of using Unsecured Wi-Fi Network........................................................80
14.3 Tips for Wireless Home Network Security......................................................80
15. Mobile Security........................................................................................................85
15.1 Security Concerns............................................................................................85
15.2 Guidelines for securing mobile devices.......................................................87
16. Data Security............................................................................................................89
16.1 Importance of securing data........................................................................89
16.2 Securing data by disposal..............................................................................91
17. Physical Security......................................................................................................92
17.1 Computer locks................................................................................................92

17.2 BIOS Security......................................................................................................92
17.3 In Organizations................................................................................................93
18. Safe Practices..........................................................................................................95
18.1 Operating System Security.............................................................................95
18.1.2 Guidelines for securing the operating System........................................95
18.2 Password Security Policy ................................................................................97
19. Virus Protection and Cleaner Tools....................................................................102
19.1 Windows Based Tools....................................................................................102
19.2 Linux Based Tools............................................................................................104
20 . Lockdown, Auditing and Intrusion Detection Tools.......................................105
20.1 OS Lockdown Tools........................................................................................105
20.2 URL Scan Based Tools....................................................................................106
20.3 Web Server Lockdown Tools........................................................................108
21.Security Assessment Tools.....................................................................................111
21.1 Assessment Of OS Security Levels...............................................................111
21.2 Assessment Of Database Security Levels..................................................117
21.3 Assessment of Application Security............................................................118
22.1 Security Update Solution Tools (Windows)................................................120
22.2 Windows Desktop Firewall Settings.............................................................120
23. Security Update Detection Tools.......................................................................126
23.1 MBSA.................................................................................................................126
23.2 Microsoft Office Visio 2007 Connector......................................................126
24. IT ACT ………………………………………………………………………………… 127
24.1 Salient Feature of IT Act 2000 ……………………………………………… 127
24.2 IT Act Section 67 (A,B,C) …………………………………………………….. 128
24.3 IT (Amendment Act) 2008 Act Section 66 (A,B,C,D,E,F).……………… 129

1. Introduction
1.1 Cyber Security Awareness
Cyber Security needs have to be addressed at all levels, from the individual user
to an organization and beyond that to the government and the nation. Cyber
Security is becoming synonymous with National Security as Computer
Networking, which is vulnerable to Cyber attack and forms the backbone of
critical infrastructure of the country's banking, power, communication network,
etc... It is, therefore, important to have secure Computer Systems and
Networks. Also, increased focus on outsourcing of IT and other services from
developed countries is bringing the issue of data security to the fore.
Furthermore, owing to the massive Internet boom, a lot of home users with little
or no prior knowledge of the threats and their countermeasures are exposed to
the Internet. This, the attackers, can exploit to expand their base of malicious
activity and use innocent people for their schemes. Consequently, we aim to
spread the education to school children, teachers, parents and senior citizens and
equip them with the knowledge needed to mitigate the threat.
Looking at the growing importance of the Cyber Security, Department of

Electronics and Information Technology, Ministry of Communications and
Information Technology, Government of India has formulated and initiated the
Information Security Education and Awareness (ISEA) programme. One of
the activities under this programme is to widely generate information security
awareness to children, home users and non-IT professionals in a planned manner.
1.2 Importance of Cyber Security

Cyber security is important for the users because they have to protect
themselves against identity theft. Organizations including government also need
this security to protect their trade secrets, financial information, and some
sensitive or critical data. Since all sensitive information that is mostly stored on a
computer is connected to the Internet, there is a need for information assurance
and security. So, in order to have Cyber Security, everyone should follow the
Cyber Security standards that enable us to protect various Malware threats.
A poor cyber security practice arises

because of some of the following
reasons. Poor administrative guidelines
of application, poor software coding,
which may be vulnerable and improper
usage of Cyber Security practices.

2. Computer Ethics
2.1 Definition of Computer Ethics
Ethics are a set of moral principles that govern an individual or a group on what
is acceptable behaviour while using a computer. Computer ethics is a set of
moral principles that govern the usage of computers. One of the common issues
of computer ethics is violation of copyright issues.
Duplicating copyrighted content without the author’s approval, accessing

personal information of others are some of the examples that violate ethical
principles.
2.2 Internet Ethics for everyone

Internet ethics means acceptable behaviour for using Internet. We should be
honest, respect the rights and property of others on the Internet.
2.2.1 Acceptance
One has to accept that Internet is not a value free-zone.It

means World Wide Web is not a waste wild web it is a place
where values are considered in the broadest sense so we must
take care while shaping content and services and we should
recognize that Internet is not apart from universal society but it
is a primary component of it.
2.2.2 Sensitivity to National and Local cultures
It belongs to all and there is no barrier of national and local

cultures. It cannot be subject to one set of values like the
local TV channel; or the local newspaper .We have to
accommodate multiplicity of usage.
2.2.3 While using e-Mail and chatting
Internet must be used for communication with family and

friends. Avoid chatting with strangers and forwarding e-
mails from unknown people/strangers. And we must teach
children about risks involved in chatting and forwarding e-
mails to strangers.
2.2.4 Pretending to be someone else

We must not use Internet to fool others by pretending to be
someone else. Hiding our own identity to fool others in the
Internet world is a crime and may also be arisk to others. It’s
our responsibility to teach children the same.

2.2.5 Avoid Bad language
We must not use rude or bad language while using e-Mail,

chatting, blogging and social networking, we need to respect
their views and should not criticize anyone on the Internet and
the same should be taught to children.
2.2.5 Hide personal information
We should teach children not to give personal details like

home address, phone numbers, interests, passwords. No
photographs should be sent to strangers and they should
be asked to hide their personal details from strangers
because it might be misused and shared with others
without their knowledge.
2.2.6 While Downloading
Internet is used to listen and learn about music, It is also

used to watch videos and play games. We must not use it
to download them or share copyrighted material. The
same should be taught to children, and they must be
aware of the importance of copyrights and issues of
copyright.
2.2.7 Supervision
You should know what children are doing on the Internet and
the sites they visit on the Internet and should check with whom
they are communicating.Restrict them browsing inappropriate
sites. Parental involvement is essential when a child is using
the Internet in order to make him follow the rules.
2.2.8 Encourage children to use Internet
We must encourage children, students and others to gain the knowledge from
the Internet and use it wisely. Internet is a great tool where we can gather
information which can be used for learning.
2.2.9 Access to Internet

The Internet is a time-efficient tool for everyone that enlarges the possibilities
for curriculum growth. Learning depends on the ability to find relevant and
reliable information quickly and easily, and to select, understand and assess that
information. Searching for information on the Internet can help to develop these
skills. Classroom exercises and take-home assessment tasks, where students are
required to compare website content, are ideal for alerting students to the

requirements of writing for different audiences, the purpose of particular
content, identifying and judging accuracy and reliability. Since many sites adopt
particular views about issues, the Internet is a useful tool for developing the
skills of distinguishing fact from opinion and exploring subjectivity and
objectivity.
2.3 Ethical rules for computer users

Some of the rules that individuals should follow while using a computer are
listed below:
Do not use computers to harm other users.

Do not use computers to steal others information.
Do not access files without the permission of the owner.
Do not copy copyrighted software without the author’s permission.
Always respect copyright laws and policies.
Respect the privacy of others, just as you expect the same from others.
Do not use other user's computer resources without their permission.
Use Internet ethically.
Complain about illegal communication and activities, if found, to Internet
service Providers and local law enforcement authorities.
Users are responsible for safeguarding their User Id and Passwords. They
should not write them on paper or anywhere else for remembrance.
Users should not intentionally use the computers to retrieve or modify
the information of others, which may include password information, files,
etc..
2.4 Scenarios
2.4.1 Scene 1
Ravi asked kishore if he could look at the essay written by him, He said sure and
didn’t think much about it. After some days their essays were verified by the
class teacher who asked kishore to stay after class. The teacher pointed out that
their essays were similar and asked for an explanation.
So always teach and guide children not to copy content or information from
Internet or from classmates.
2.4.2 Scene 2
Vicky has stepped out from the computer lab without logging off. Bob sits on
Vicky’s computer, logs-in as Vicky, sends false e-mail messages to a number of
students and posts similar messages on the class newsgroup.
So teach children that they must never misuse others computers and e-mail IDs
to harm others and defame them.

3. Understanding Internet
There are different definitions for Internet but the meaning is the same as shown
below
Def 1: The series of interconnected network allowing communication of data

surrounded by millions of computers worldwide.
Def 2: A global communication network that allows computers worldwide to

connect and exchange information.
Def 3: A worldwide system of computer network, a network of networks in

which users at any one computer can get information from any other computer.
The word “Internet” exactly means “network of networks”. The Internet consists
of thousands of smaller regional networks spread throughout the world. It
connects approximately 80 million users in Asian countries on any given day.
The Internet is referred as a physical part of the

global network. It is a giant collection of cables and
computers. No one “owns” the Internet, though
there are companies that help out to manage
different parts of the networks that tie everything
together, there is no single governing body that
controls what happens on the Internet. The
networks within different countries sponsor the
finance and manage according to the local procedure.
3.1 World Wide Web (WWW)

Generally, everyone thinks that the Internet and web are same, but it is false.
The web is a software application or services that run on the Internet. It is a

collection of documents and resources. It is one of the fastest growing parts of
the Internet. It provides easy access to a huge range of information that is stored
on computers around the world
3.1.1 What is Web site?
Web site contains one to millions of inter connected pages, has hyperlinks to
connect and help to find your way around the web site. You can find different
kinds of information on the web- like games, health matters, holiday destination,
train timetables, weather forecast and many more. There are millions of web
sites available on the Internet, and you can find any thing that interests you.

3.1.2 A Web Address
Each Web site has its own unique address, which is called a Uniform Resource
Locator or URL. To visit a site, you need to type its address in the address bar of
your web browser.
3.2 Usage of Internet

The Internet is used mainly for communication, to gather information, education,
entertainment, current affairs, online learning, commerce, publishing, etc.
In the usage of Internet, publishing is not just used for organization or

businesses, anyone can create their own web sites and publish their information
or files on the Worldwide Web.
Through the Internet, thousands of people around the world are able to access
information from their homes, schools, Internet cafes and workplaces.
The Internet is a global collection of computer network, that help in exchanging

data using a common software standard. Internet users can share information in
a variety of forms.
The user can connect easily through ordinary personal computers and
share the knowledge, thoughts by making the use of an Internet.
We can send electronic mail (e-Mail) to family members and friends with
accounts on the Internet, which is similar to sending letters by post. The
E-mail can be sent within minutes no matter where they are without
postal stamps etc.
We can post information that can be accessed by others and can update it
frequently.
We can access multimedia information that includes video, audio, and
images.
We can learn through Web-Based Training and Distance Learning on the
Internet.
3.3 Features of Internet
3.3.1 Geographic sharing
The geographic sharing of the Internet continues to spread, around the world
and even beyond. A main feature of the Internet is that once you have connected
to any part of it, you can communicate with all of it.
Cyber Security HandBook CDAC Hyderabad & NIELITT 10

3.3.2 Architecture
The architecture of Internet is most ever communication network designed. The

failure of individual computers or networks will not affect its overall reliability.
The information will not change or destroy over time or while transferring in
between sites.
3.3.3 Universal Access

It is easy to access and make the information like text, audio, video and also
accessible to a worldwide people at a very low price. Access to Internet is same
to everyone no matter where they are.One can connect to any computer in the
world, and you can go to many excited places without leaving your chairs.
3.4 Benefits of Internet

There are many advantages of Internet:
The Internet is data and information loaded, including a range of medium.

The Search engines that are available online are, fast and powerful.
The Internet is easy to use.
Students can become researchers because of easier access to data.
Students are motivated to share their work online with the world.
The Internet appeals to different learning styles.
Unlike paper the web can present dynamic data sources which change
over time.
The characters in an e-Mail don't get transposed or mixed up when they
are sent over long distances.
Student can access libraries around the world.
The Internet is a very big storeroom of learning material. As a result, it

significantly expands the resources available to students beyond the standard
print materials found in school libraries.Students can access the latest reports on
government and non-government websites, including research results, scientific
and artistic resources in museums and art galleries, and other organizations with
information applicable to student learning. At secondary schooling levels, the
Internet can be used for undertaking reasonably tricky research projects.
As Internet is a powerful resource for learning, and is an efficient means of

communication, it is very useful in education and provides a number of learning
benefits. It includes the development of independent learning and research skills,
by improving access to specific subject learning across a wide range of learning
areas, as well as in integrated or cross-curricular studies and communication and
collaboration, such as the ability to use learning technologies to access resources,
create resources and communicate with others.

3.4.1 Access to Internet
The Internet is a time-efficient tool for teachers that enlarges the possibilities for
curriculum growth. Learning depends on the ability to find relevant and reliable
information quickly and easily, and to select, understand and assess that
information. Searching for information on the Internet can help to develop these
skills. Classroom exercises and take-home assessment tasks, where students are
required to compare website content, are ideal for alerting students to the
requirements of writing for different audiences, the purpose of particular
content, identifying and judging accuracy and reliability. Since many sites adopt
particular views about issues, the Internet is a useful tool for developing the
skills of distinguishing fact from opinion and exploring subjectivity and
objectivity.
The Internet is a great tool for developing the communication and collaboration
skills of students and children. Above all, the Internet is an effective means of
building language skills. Through e-Mail, chat rooms and discussion groups,
students learn the basic principles of communication in the written form. This
gives teachers the opportunity to incorporate Internet-based activities into
normal literacy programs and bring variety to their teaching strategies.
Collaborative projects can be intended to improve students’ literacy skills,

generally through e-Mail messaging with their peers from other schools or even
other countries. Collaborative projects are also useful for engaging students and
providing significant learning experiences. In this way, the Internet becomes an
effective means of advancing intercultural understanding. Moderated chat rooms
and group projects can also provide students with opportunities for
collaborative learning.
3.5 Privacy Issues

Many children are skilled navigators of the Internet. They are comfortable using
computers and are fascinated by the information and images that can be
explored at the click of a mouse. Recent figures show that 90% of school-age
children have access to computers either at home or at school. The ability to
interact and communicate with others is one of the biggest attractions of the
Internet for children. We are watching about spending time with people in chat
rooms and instant messaging through mobiles, playing games, entering contests
and filling forms in popular online activities. Unfortunately, most parents don't
really understand how such activities can put their children's privacy at risk or
even threaten their safety. Surprisingly in India, most parents never know about
some of the activities that their child is participating on the Internet.

In today’s Internet communications scenario, the personal data is valuable and
protecting the same has become a skill that the children need to understand and
learn.
The privacy of children can be compromised in certain online activities:
Filling forms for various surveys, contests, downloading games on

commercial or free web sites.
Giving details about personal information when registering for e-mail
access, Chat access.
Providing information when registering for free game downloads.
Providing information when registering for social networking web sites.
3.5.1 Privacy
Some websites prompt students to complete a form revealing their name, e-Mail
address, age and gender, and sometimes even their telephone number and postal
address, in order to access information. Some requests are legitimate: much
depends on the nature of the website requesting the information. Providing
personal information online can result in a student being targeted for spam
(unsolicited e-Mail), advertising materials and/or viruses. Privacy issues also
apply to students developing personal websites and publishing online. Personal
details, including photographs of themselves or other students, may lead to the
information being captured and reused by others for illicit purposes.
3.6 Peer To Peer (P2P) Networking

A peer to peer (or P2P) computer network uses diverse connectivity between
participants in a network and the cumulative bandwidth of network participants
rather than conventional centralized resources where a relatively low number of
servers provides the core services. Sharing content such as audio, video, data or
any form of digital data by connecting the nodes via largely ad hoc networks.
Risks in Peer to peer networking due to their unstructured networks and sharing
with unknown computers or persons may rise to affect or infect your computers
with viruses, spam's
3.6.1. Exposing your Computer to Unwanted Software

Usually, many peer-to-peer file sharing programs do not employ good security or
access control. If users are not familiar with the programs or if there is improper
configuration of the settings, it will be dangerous for all the contents stored in
user's hard disk to be exposed to other users.
3.6.2. Contracting Computer Viruses

Besides, the computers of P2P software users can easily contract computer
viruses especially when the file downloaded is from an unknown source.

Moreover, these P2P programs may also contain viruses and worms, which
prevent users’ computers from functioning properly.
3.6.3 Infringing Copyright

Many copyright laws infringing copies of entertainment files e.g. MP3 Music files,
VCD video files etc. and software are often shared by P2P software.
The act of unauthorized uploading of a copyright works for others to download
may attract civil or even criminal sanctions. Unauthorized downloading of
copyright works entails civil liability.
3.6.4 Slowing down your School Internet Speed

Last but not least, if you host a large amount of files for other people to download
through P2P software via the School campus network, the network traffic thus
created can slow down the entire campus network.
3.6.5. Tips for P2P Networks
Use filtering software you trust to filter the data communication from
your system.
Use file sharing program controls and adjust the P2P program to run
whenever required. Disable automatic starting.
Always update Operating System, Anti virus and Anti Spyware
packages.
Do not use an administrative account. It may expose the whole system
to other users in P2P networks. Create separate account for normal
operations.
Treat all download files with suspicion.
Take back up of important files. This will help you in recovering the
files.
Delete any pirated software, files, etc. Alternatively, do not download
them at all.
The main advantage of peer to peer network is that it is easier to set up
In peer-to-peer networks all nodes are act as server as well as client therefore no
need of dedicated server.
The peer to peer network is less expensive.
Peer to peer network is easier to set up and use this means that you can spend
less time in the configuration and implementation of peer to peer network.
It is not require for the peer to peer network to use the dedicated server
computer. Any computer on the network can function as both a network server
and a user workstation.

Disadvantages:
A computer can be accessed anytime.

Network security has to be applied to each computer separately.
Backup has to be performed on each computer separately.
No centralized server is available to manage and control the access of data.
Users have to use separate passwords on each computer in the network.
As with most network systems, unsecure and unsigned codes may allow remote
access to files on a victim's computer or even compromise the entire network
Example of Peer to peer networks is torrents
There are a LOT of risks involved with torrent downloads.

The most dangerous being:
Virus, Trojan, Worm, Keylogger program attachments.
IP signature tattlers
Torrents have become an increasingly popular way to download files. No matter what
you are looking for, from audio to video to applications, torrents are an easy way to find
and download. However, most torrents are illegal and nature and you are breaking the
law by downloading them.
Peer-to-peer file sharing pretty much began with torrents. They are a type of file sharing
protocol specializing in larger file downloads. The way torrents are encoded make it
easier to download a large file, and even reputable resources are beginning to use them
to make downloading files easier for users.
Torrent downloads are basically downloading from multiple personal computer

systems, simultaneously, and combining data at the end to form the file you were
looking for. Problem is, that it's WAY too easy to attach things to these files, and they
just get swept into this whirlwind of information, broken apart and can easily invade
your system after they're reconstructed INSIDE YOUR COMPUTER, behind your firewall.
After that it's just whether or not you have a good virus scanner that can detect it.
IP tattlers are a pain too, in that once you download something and activate it for the
first time, it sends information to the watcher program containing the IP address of the
computer you were using and where it was downloaded from. These watchers are paid
by software development companies to bust people downloading non-free-to-play
software.
3 things you should always do before opening ANYTHING you download from torrent:
1) Download from a remote source. Like a cyber cafe or another free wifi zone. Watchers
can't find you if you download remotely, it will only send information of the place you
downloaded from.

2) Download the file to a safe area of your computer, something not highly active, or into
a quarantine file monitored by your antivirus program.
3) Wait 48hrs before opening any program you download from torrent, and run
antivirus software scans on it before you do. Most viruses are discovered within the first
48hrs of it's release, and you need to wait till your antivirus program receives definition
updates, so that you can combat it before it attacks you. Better to let it happen to
someone else first.
Source:
http://hubpages.com/hub/torrent-sites-overview
https://torrentprivacy.com/
http://www.techfuels.com/general-networking/10266-advantages-peer-peer-
networks.html
http://www.ucertify.com/article/what-are-the-advantages-and-disadvantages-of-a-
peer-to-peer-network.html
http://www.techsoup.org/learningcenter/networks/page4774.cfm

4. Search Engines and Web Browsers
Search engines can provide fast, easy access to any kind of material on the
Internet. Most search engines allow you to block search results that are
unsuitable for children. Blocking inappropriate search results greatly reduces
the chance that your children will stumble across dangerous or objectionable
material on the Internet. These search result filters are not fool proof. Some
unwanted content may still a pear in the search results
4.1 Usage of search engines

You can search any individual web page using the CTRL-F command. Many
websites also offer search boxes that let you search all the pages in the site, or
records in its database. Searching is usually the most efficient way to find
information.
Words searched for in a search command are searched in any order. Use spaces
to separate keywords in a simple keyword searching. To search keywords
exactly as keyed Enclosing keywords in "double quotation marks" forms a
phrase in most search engines. Sometimes a phrase is called a "character string."
4.1.1 Use +REQUIRE or -REJECT A TERM OR PHRASE

Insert + immediately before a term with no space, to limit search to documents
containing a term. Insert - immediately before a term with no space, to exclude
documents containing a term.
4.2 Internet Browser(s) Security

Web browser is used to gain access to information and also resources on the
World Wide Web. It is a software application used to trace and display the web
pages .The main purpose of a web browser is to bring the information resources
to the user. The process begins with uniform resource identifier (URI) or uniform
resource locator.
4.2.1 Uniform Resource Locator (URL)
The URL represents http://www.infosecawareness.in
Each URL is divided into different sections as shown below
http:// In short, http means the hypertext transfer protocol and the file is a
web page and every time you don’t need to type the http, it is automatically
inserted by the browser.

www –World Wide Web
infosecawareness – site name
.in –It is one of the domains name, which is basically a country name.
Other domain names are .com (commercial organization), .net (network domain)
etc.
(The organization address and location of the organization address are known as
the domain name).
co.in –suffix or global domain name shows the type of organization address and
the origin of the country like the suffix co.in indicates a company in India.
Generally a web browser connects to the web server and retrieves the
information.Each web server contains the IP address, and once you are
connected to the web server by using http, it reads the hyper text mark-up
language (HTML) which is a language used to create document on World Wide
Web in which the same document is displayed in the web browser .
In short, a browser is an application that provides a way to look at and interact

with all the information on the World Wide Web.
4.2.2. Understanding usage of Web browsers
A Web browser is a software application that runs on the Internet and allows
viewing the web pages, as well as content, technologies, videos, music, graphics,
animations and many more.
In other words, a browser is an application that offers a method to look at and

interact with the entire information on the World Wide Web.
4.2.3 Types of web browsers
There are different types of web browsers available

with different features. A web browser is a tool used not
only on the personal computers, but is also used on
mobile phones to access the information. There are
different technologies that support web browsers like
Java, frames, XHTML and many more. Web browsers are
also available in different languages like English,
German, Chinese, Arabic and many more .By knowing
all the web browsers and their uses, it will become easier to improve the Internet
usage.

4.2.4 Some of the popular web browsers
4.2.4.1 Internet Explorer
It is known as Microsoft Internet Explorer in short IE. It is one of the most

popular web browsers.The latest edition of IE is available with
some of the Windows operating system like Windows XP,
windows 2003 and Windows Vista.
4.2.4.2 Mozila Firefox
It is a free, open source web browser developed by Mozilla

corporation .The browser can be used in different operating systems
like windows, MAC, Linux, etc.
4.2.4.3 Google chrome
It is a web browser designed for a Windows operating system.

This browser works on windows XP and Windows Vista.
4.2.4.4 Safari
It is a web browser developed by Apple Corporation. It is a default

web browser of MAC OS X .This browser also works on Windows XP
and Windows Vista.
4.3. Risks towards web browser
There are increased threats from software attacks taking

advantage of vulnerable web browsers. The vulnerabilities
are exploited and directed at web browsers with the help
of compromised or malicious websites. Exploiting
vulnerabilities in web browsers have become a popular way for attackers to
compromise computer systems, as many users do not know how to configure
their web browser securely or are unwilling to enable or disable functionality as
required to secure their web browsers.
4.3.1. Secure web browser

By default, a Web browser comes with an operating system,
and it is set up with default configuration, which doesn't have
all secure features enabled in it. There are many web browsers
installed in computers like Internet explorer, Mozilla, Google Chrome, etc. That
are used frequently. Not securing a web browser leads to problems caused by
anything like spyware, malware, viruses, worms, etc. Being installed into a
computer this may cause intruders to take control over your computer.

There is an increased fear of threat from software attacks which may take
advantage of vulnerable web browsers. Some softwares of a web browser like
Javascript, Active X, etc may also cause vulnerabilities to the computer system. So
it is important to enable security features in the web browser you use which will
minimize the risk to the computer. Web browsers are frequently updated.
Depending upon the software, features and options may change. It is therefore
recommended to use the updated web browser.
4.3.2 Security zone

Security zone in an Internet web browser lets you secure the browser and offers
to trust the people and companies on the Internet. This helps to decide and adds
which sites to be allowed to run the application, scripts, add-ons, install a plug-in
on your computer .Security zone also contains other features like adding an
address of web sites under restricted sites. This feature is available in Internet
explorer and this blocks the un trusted sites or attack sites. This feature is
available in fire fox, which varies with different web browsers.
4.3.3 Trusted site

Internet is a network of people, with all kinds of stuff with
the different kind of people. Generally, you don’t trust
everyone around you so why should all websites be trusted?
Moreover why do you allow everyone to come into your
computer without your authorization?
So use the feature of trusted sites in your web browser to

decide whom to trust.
4.4 How to secure your web browser?
4.4.1 Internet explorer (IE Version 9)

The following are some of the features and their settings of Internet explorer
The following are the some of the features and their settings of Internet explorer.
From the settings/tools tab Safety you will find the following
options like
Tracking Protection
Smart Screen Fileter
In private Browsing
Active X filtering
Report unsafe website
Cross Site Scripting

Tracking Protection: which limits the browser's communication with
certain websites—determined by a Tracking Protection List—to help
keep your information private.
SmartScreen Filter: It can help protect you from online phishing
attacks, fraud, and spoofed or malicious websites. It also scans
download, and then warns you about possible malware (malicious
software).
InPrivate Browsing: You can use to browse the web without saving
related data, such as cookies and temporary Internet files.
ActiveX Filtering option of Internet Explorer 9 I used to protect your

computer from risky and unreliable ActiveX Control.
Report unsafe website: A reported unsafe website has been

confirmed by reputable sources as fraudulent or linking to malicious
software and has been reported to Microsoft. Microsoft recommends
you do not give any information to such websites.
Cross site scripting (XSS) filter: It can help to prevent attacks from
fraudulent websites that might attempt to steal your personal and
financial information.
To block all cookies
1. In Internet Explorer, click the Tools button, click Internet

Options, and then click the Privacy tab.
2. Move the slider up to Block All Cookies. On this setting, websites

will not be able to store cookies on your computer.
4.4.2 Firefox 6.0.2 Browser

The following are the features and their setting of Mozilla Firefox web browser.
Anti Phishing will shop and do business safely on the Internet.

Firefox gets a fresh update of forgery sites a whopping 48 times a day,
so if you try to visit a fraudulent site that’s pretending to be someone
you trust (like your bank), a warning message will stop you before any
harm is done.
Security settings in a firefox control the level of examination you’d

like Firefox to give a site and enter exceptions—sites that don’t need
the third degree. Customize settings for passwords, cookies, loading
images and installing add-ons for a fully empowered Web experience
as shown below

From the tools menu of the firefox browser select the options and
then click on the security tab.
Under security tab enable the options like warn me when sites try
to install the add-ons in and to add or remove the sites click on the
exception tab and add or remove the sites you want.
Enable the option tell me if the site I’m visiting is a suspected
attack site.
Enable the option tell me if the site I am using is a suspected
forgery Firefox gets a fresh update of web forgery sites 48 times in a
day, so if you try to visit a fraudulent site that’s pretending to be a site
you trust a browser prompts you message and will stop you.
Disable the option remember passwords for sites Firefox
integrated the feature into your surfing experience. Choose to
“remember” site passwords without intrusive pop-ups. Now you’ll see
the “remember password” notification integrated into your view at the
top of the site page and if you choose the never remember passwords
for sites it will not show any notification.
In Firefox web browser select Tools options select content enable

Block pop-up windows as shown below
Anti-Virus Software Firefox integrates elegantly with your Windows

anti-virus software. When you download a file, your computer’s anti-
virus program automatically checks it to protect you against viruses
and other malware, which could otherwise attack your computer. The
other feature is automated updates this lets us to find the security

issues and fix updates and make the safe surfing and receive
automatic notification or wait until you are ready.
Firefox protects you from viruses, worms, trojan horses, and spyware
delivered over the Web. If you accidentally access an attack site, it will
warn you away from the site and tell you why it isn’t safe to use.
Site Identity Button: The Site Identity Button is in the Location bar to
the left of the web address.
When viewing a website, the Site Identity Button will

display in one of three colors - gray, blue, or green. Clicking on the
Site Identity Button will display security information about the
website, with a matching gray, blue, or green "Passport Officer"
icon.
Gray: No Identity Information Blue:
Basic Identity Information Green:
Complete Identity Information
Privacy settings in a firefox control the level of examination you’d like

Firefox to give a site and enter exceptions—sites that don’t need the
third degree. Customize settings for, cookies, Remembering
passwords, downloads and History storage as shown below
4.4.3 Google Chrome

The following are the features and security settings of Google chrome web
browser
From the setting menu select the Incognito window a new

window appears and pages you view from this window won’t appear
in your web browser history or search history and they won’t leave

any traces like cookies after you close the incognito window any files
you download or bookmarks will be preserved.
Chrome there is a new feature that it has an own Task Manager

that shows you how much memory and CPU usage each tab and plug-
in is using. You can open it by clicking Shift-Esc from within Chrome
or place the cursor on window and right click and select the Task
Manager. You can get more details by clicking the “Stats for nerds”
link which is on the Task Manager and it will open a page with full
details of memory and CPU usage for each process within the
browser. It is used to close a bad process in one tab and won’t kill
your whole browser session.
The one of the feature of chrome is dynamic tabs here you can
drag tabs out of the browser to create new windows, gather multiple
tabs into one window or arrange your tabs however you wish and it
becomes quickly and easily to login into the desired sites i.e. reopen
the closed sites.
The safe browsing feature in the Google Chrome displays the
warning if the web address listed in the certificate doesn't match the
address of the website .The following are the steps for a safe browsing
setting in a Google Chorme.
From the settings tab select the options and click on the under the
hood.
Under privacy enable the option show suggestions for navigation
error.

Enable the option use a suggestion service to help complete
searches and URLS typed in the address bar.
Enable DNS pre-fetching to improve page load performance.
Enable the phishing and malware protection.
In Google Chrome web browser Select Tools options Select
under the hood Under cookies select the “Restrict how third party
cookies can be used” only first-party cookie information is sent to the
website. Third-party cookie information isn't sent back to the
websites that originally set the third-party cookies as shown below
Under minor tweaks enable the enable the never save passwords.
Under computer wide SSL settings enable the option use SSL 2.0
From the page menu select the create application shortcuts, this is
used if you want some websites to be viewed regularly and you may
want to create applications shortcuts for the desired web sites that
can be placed on your desktop, start menu or quick launch menu so
you can choose any one of these options after creating if you double
click on the shortcut icon on the desktop or start menu, the websites
opens in a special window that doesn’t display tabs, buttons, address
bar or menus.
Many of the browser functions are available instead in the drop-
down menu that appears when you click the page logo in the upper-
right corner of the window. If you click a link that takes you to a
different website, the link opens in a standard Google Chrome window
so you won't lose track of your website.

4.4.4 Safari 5 Browser
The following are the features of safari secure web browser
Phishing Protection
Safari protects you from fraudulent Internet sites. When you visit a suspicious
site, Safari warns you about its suspect nature and prevents the page from
loading.
Malware Protection
Safari recognizes websites that harbor malware before you visit them. If Safari
identifies a dangerous page, it warns you about the suspect nature of the site.
Antivirus Integration
Safari notifies your antivirus software whenever you download a file, image,
application, or other item. This allows the antivirus software to scan each
download for viruses and malware.
Secure Encryption
To prevent eavesdropping, forgery, and digital tampering, Safari uses encryption

technology to secure your web communications. Safari supports the very latest
security standards, including SSL versions 2 and 3, Transport Layer Security
(TLS), 40- and 128-bit SSL encryption, and signed Java applications.
Automatic Updates
Get quick, easy access to the latest security updates. Safari takes advantage of
Apple Software Update, which checks for the latest versions of Safari when
you’re on the Internet.
Pop-Up Blocking
By default, Safari intelligently blocks all unprompted pop-up and pop-under

windows, so you can avoid distracting advertisements while you browse.
Cookie Blocking
Some companies track the cookies generated by the websites you visit, so they
can gather and sell information about your web activity. Safari is the first
browser that blocks these tracking cookies by default, better protecting your
privacy. Safari accepts cookies only from the current domain.

5. Filtering services
5.1 Filtering Services in web browser
The content filtering over the Internet sometimes called parental controls, these
are used to block any access to offensive websites. It is not guaranteed but it can
be very helpful.
5.1.1 What is content filtering?
People find some inappropriate content like images of sex, violence or strong
language on the Internet.
As Internet is a free zone anyone can post anything and there is no effective
restriction on the Internet itself. As a result, many people use content filtering
software and set browser settings to block offensive websites.
5.1.2 How to enable content filtering?
In Internet Explorer, there is an option to restrict the web sites and access only
those web sites set by a user.
In Internet Explorer web browser select tools Internet options Select

content Click enable

In Google search engine there is option for a safe search filtering Click on
preference or search preferences Safe search filtering Select desired option
In Yahoo search engine there is option for a safe search filtering Click on
Advanced Select desired option
Remember none of these filtering features are 100 % accurate- and some
unsuitable content may still slip through.
It is important to teach your children to surf the web safely and take time to
explore the Internet with them.
5.2 Parental Control Bars

Parental Control Bar is a simple, powerful tool to help shield your children from
explicit websites. Simply activate Child-Mode while your children surf the
Internet, and the toolbar will block access to adult-oriented websites. Ensure
that your child is safe while using the Internet .
Parental controls will provide you with the advantage of being able to do the
following

Enforce time limits to child Internet activity set by parent.
Block access to materials (pictures) identified as inappropriate for kids.
Monitor your child’s activity on the Internet by storing names of sites
and/or snapshots of material seen by your child on the computer for you
to view later.
Set different restrictions for each family member.
Limit results of an Internet search to content appropriate for kids.
5.2.1 Parental control Bars in Web Browsers
5.2.1.1 Internet Explorer 8
The Parental Control Bar in Windows vista OS supports for Internet Explored by
default. For information on setting up parental controls in Windows Vista.
Open Parental Controls by clicking the start button, clicking Control Panel, under
User accounts, clicking Setup Parental Controls. If you are prompted for an
administrator password or confirmation, type the password or provide
confirmation.
Then click the standard user account for which to set Parental Controls
Under Parental Controls, Click On.
Once you've turned on Parental Controls for your child's standard user account,
you can adjust the individual settings that you want to control. You can control
the following areas like web restrictions, time limits , games, can block specific
programs.
Third party parental control bar tools can be downloaded from the following
links.
Go to following website and download

http://www.ieaddons.com/en/details/Security/ParentalControl_Bar/
5.2.1.2 Firefox Browser in Windows
There are many Firefox addons or extensions, which we can download from
https://addons.mozilla.org/en-US/firefox/search?q=parental+control&cat=all
Some of the products/addons for Firefox
5.2.1.3 Glubble for Families
Glubble allows you to create a private family page where you can monitor and
support your children’s online activities. Glubble provides games, chat, safe
surfing, and a Family Photo Timeline service for uploading, storing, and sharing
your photos online. Glubble integrates Ask for Kids, a safe search engine for
children.

https://addons.mozilla.org/firefox/addon/5881
5.2.1.4 ProCon filters
Web page content by using a list of inappropriate words and replacing them
with asterisks (***). Note that the bad word filter does not block websites
containing the words; you must add the website to a Blacklist. ProCon can also
block all traffic, making sure that only desired websites (set in the Whitelist) can
be accessed. You can manage "white" and "black" lists of sites and pages. ProCon
also has password protection in order to keep others from changing the settings
5.2.1.5 ProCon Latte
In addition to Firefox extensions, there are many third-party software packages

that can filter content through your operating system or at the point where your
network connects to the Internet.
Available: https://addons.mozilla.org/firefox/addon/1803
5.3 Procedure for installing Parental control toolbar.

1. Double “click parental control setup downloaded” from the website.
2. After double clicking, it will ask to close any other browser windows. Click ‘OK’
button.

3. Click ‘I agree’ button to agree the license agreement..
4. The wizard asks for the parental control password which will be used to
manage parental control settings.
5. Type the password and enter a question which will be used as a hint when you
forget the password typed earlier. Be sure that your child doesn’t know the
answer for the question.

.
6. Type the e-Mail address, to which the parental password will be sent and click
‘Next’.
7. Next the installation starts by taking appropriate files from the website and
completes with in a few minutes.

8. The parental control bar will be added to the Internet Explorer browser as
shown above
9. Below shows the ‘parent’ button showing that the browser is acting in ‘parent’
mode.
10. Type the website that you want to block for children and click the button
‘Block this site’.

11. To block this site parental control bar asks password.
12. After entering the password and clicking OK. A window opens telling that the
site is blocked.

13. Whenever child wants to browse the website, the browser should be in child
mode. So click ‘parent mode’ button, so that the browser is changed to child
mode. Then the parent control toolbar appears as shown below telling that child
safe mode is now active.
14. Click ‘ok’.
15. When the child wants to browse the blocked site, it asks for the password
to open the site which is shown as below.

16. Now if the child wants to view the website without entering password, an
error occurs like this.

5.4 Changing the parental control settings in the parental
control toolbar
1. To change settings for allowing and blocking websites, click the 'change
parental settings'.
2. After clicking change parental settings, a window opens and asks for the
‘parent control password’.
3. Type the password and click ‘ok’. After that a window opens like this.
4. You can add sites in the allowed list by clicking the ‘allowed site list’ tab.

5. Type the website that you want to allow and click ‘allow’ button as shown
below.
6. You can also add sites in the blocked list by clicking ‘blocked site list’.
7. Type the website that you want to block and click ‘block’ button as shown in
the below figure.
8. You can also filter some type of contents by clicking ‘basic site filters’ tab.

9. The following window appears after click the ‘Basic site filters’ tab.
10. By default, the following types of sites are filtered.

11. You can also block other types of sites by checking the ‘block’ button.
5.5 k9 web protection

It is a Free, enterprise-class security software designed for home computers.
To protect your home computer from online threats of all kinds, you need a robust
security solution that’s updated in real time.
With Blue Coat K9 Web Protection, you don’t have to wait for the latest security patch or
upgrade, which can leave your computer vulnerable to new and evolving Web threats.
K9 delivers the comprehensive protection you need automatically. With K9, you get the
same advanced Web filtering technology used by enterprise and government
institutions worldwide — all with a user-friendly interface that allows you to control
Internet use in your home.
K9 also offers:
Real-time malware protection — Blue Coat WebFilter helps identify and block
illegal or undesirable content in real time, including malware-infected sites. You
also benefit from the WebPulse cloud service, a growing community of more
than 62 million users who provide more than six billion real-time Web content
ratings per day.
Automatic content ratings — New Web sites and pages are created every

minute, and no one person can possibly rate or categorize all of them. To ensure
protection against new or previously unrated Web sites, Blue Coat’s patent-
pending Dynamic Real-Time Rating™ (DRTR) technology automatically
determines the category of an unrated Web page, and allows or blocks it
according to your specifications.
Continuous protection that won’t slow down your computer — Caching is
the method your Web browser uses to save frequently used data, which
increases efficiency by reducing the amount of information requested over the
Internet. K9 uses Blue Coat’s unique caching technology, so your Internet
experience is always as fast as possible.
More on:
http://www1.k9webprotection.com/

5.6 Spam filter
Along with the content filter and website filter nowadays all the e-Mail services
providers are built with spam filter.
Click on the spam filter option and add e-Mail ID which you feel not a trusted ID
or e-Mail ID of an unknown user.
Example as shown below

6. Internet Mediated Communication
6.1 e-Mail Security
e-Mail is a short form of electronic mail. It is one of the widely used
services on the Internet. e-Mail is used for transmission of
messages in a text format over the Internet. The message can be
sent by using the receiver e-Mail address and vice versa. e-Mail
can be sent to any number of users at a time it takes only few
minutes to reach the destination. e-Mail consists of two components, the
message header contains control information, an originator's e-Mail address and
one or more recipient addresses and message body, which is the e-mail content.
Some e-Mail systems are confined to a single computer system or to a small

network, and they are connected to the other e-Mail systems through the
gateway, which enables the users to connect to anywhere in the world. Though
different electronic mail systems have different formats, there are some
emerging standards like MAPI, X.400 that enables the users to send messages in
between different electronic mail systems.
MAPI is a Mail Application Programming Interface, system built in Windows,

which allow different mail applications working together for distributing mails.
Until MAPI is enabled on both the application’s the users can share mails with
each other.
X.400 is the universal protocol that provides a standard format for all e-Mail
messages. X.500 is an extension to X.400 standard, which provides standard
addressing formats for sending e-Mails so that all e-Mail systems are linked to
one another.
6.1.1 How an e-Mail works?
The working of e-Mail is as shown in the figure below. Each mail server consists
of two different servers running on a single machine. One is POP3 (Post Office
Protocol) or IMAP (Internet Mail Access Protocol) server which holds the
incoming mails and the other SMTP (Simple Message Transfer Protocol) server
which holds the outgoing mails. SMTP works on the port number 25 and POP
works on the port number 110 and IMAP works on the port number 143.

In the figure shown above, Client 1 has an account in the mail server 1 and
Client 2 has an account in mail server 2.
When Client 1 sends a mail to Client 2, first the mail goes to the SMTP
server of mail server 1. Here the SMTP server divides the receiver address
into two parts username and domain name.
For example, if SMTP server receives user1@example.com as the

receivers address.It will separate into user1, which is a mail account in
destination mail server and example.com which is the domain name of
destination mail server.
Now with the help of the domain name it will request particular IP
address of the recipient’s mail server, and then it will send the message to
mail server 2 by connecting to its SMTP server.
Than SMTP server of Mail Server 2 stores the message in Client2 mailbox
with the help of POP3 in mail server 2. When the client 2 opens his
mailbox, he can view the mail sent by client 1.
6.1.2 POP3 Server
POP3 server contains a collection of text files one for each mail account.
When a message has arrived to a particular user it will append that
message at the bottom of that particular user account text file.
When a user connects to the mail server for checking his mails, he
connects to POP3 server of that mail server through port 110. Here it
requires username and password to view his mailbox on the mail server.

IMAP is also similar to POP3 protocol.
6.1.3 Possible threats through e-Mail and guidelines for handling e-

Mails safely
e-Mails are just like postcards from which the information can be viewed by
anyone. When a mail is transferred from one mail server to another mail server
there are various stops at which there is a possibility of unauthorized users
trying to view the information or modify it.
Since a backup is maintained for an e-Mail server all the messages will be stored
in the form of clear text though it has been deleted from your mailbox. Hence
there is a chance of viewing the information by the people who are maintaining
backups. So it is not advisable to send personal information through e-Mails.
Say you have won a lottery of million dollars, Getting or receiving such kind of
mails is a great thing, and really it’s the happiest thing. However these mails may
not be true.By responding to such a kind of mails many people lost huge amount
of money. So ignore such kind of e-Mails, do not participate in it and consider it
as a scam.
Sometimes e-Mails offering free gifts and asking personal informa are received
from unknown addresses.This is one way to trap your personal information.
One way of stealing the password is standing behind an individual and

looking over their password while they are typing it or searching for the
papers where they have written the password.
Another way of stealing the password is by guessing. Hackers try all
possible combinations with the help of personal information of an
individual.
When there are large numbers of combinations of passwords the hackers
use fast processors and some software tools to crack the password. This
method of cracking password is known as “Brute force attack”.
Hackers also try all the possible words in a dictionary to crack the
password with the help of some software tools. This is called a “dictionary
attack”.
Generally spammers or hackers try to steal e-Mail address and send
malicious software or code through attachments, fake e-Mails, and spam
and also try to collect your personal information.
6.1.3.1 Attachments
Sometimes attachments come with e-mails and may contain executable code like
macros, .EXE files and ZIPPED files. Sometimes attachments come with double
extensions like “attachment.exe.doc”.By opening or executing such attachments
malicious code may downloaded into your system and can infect your system.
Tip: Always scan the attachments before you open them.

6.1.3.2 Fake e-Mails
Sometimes e-Mails are received with fake e-mail address like

services@facebook.com by an attachment named,
“Facebook_Password_4cf91.zip and includes the file
Facebook_Password_4cf91exe" that, the e-mail claims,
contains the user's new Facebook password. When a user
downloads the file, it could cause a mess on their computer
and which can be infected with malicious software.
Tip: Always check and confirm from where the e-mail has been received,
generally service people will never ask or provide your password to change.
6.1.3.3 Spam e-Mails
Spam messages may trouble you by filling your inbox or your e-mail database.
Spam involves identical messages sent to various
recipients by e-Mail. Sometimes spam e-mails come with
advertisements and may contain a virus. By opening such
e-Mails, your system can be infected and your e-Mail ID is
listed in spammers list.
Tip: It is always recommended to ignore or delete spam e-mails.
6.1.3.4 e-Mails offering free gifts
Sometimes e-Mails are targeted at you by; unknown

users by offering gifts, lottery, prizes, which might
be free of cost, and this may ask your personal
information for accepting the free gift or may ask
money to claim lottery and prizes it is one way to trap your personal
information.
Tip: Always ignore free gifts offered from unknown users.
6.1.3.5 Hoaxes
Hoax is an attempt to make the person believe something which is false as true. It
is also defined as an attempt to deliberately spread fear, doubt among the users.
6.1.4 How to prevent?
6.1.4.1 Using filtering software’s
Use e-Mail filtering software to avoid Spam so that only messages from
authorized users are received. Most e-Mail providers offer filtering services.

6.1.4.2 Ignore e-mails from strangers
Avoid opening attachments coming from strangers, since they may contain a
virus along with the received message.
Be careful while downloading attachments from e-Mails into your hard disk. Scan
the attachment with updated antivirus software before saving it.
6.1.5 Guidelines for using e-Mail safely
Since the e-Mail messages are transferred in clear text, it is

advisable to use some encryption software like PGP (pretty
good privacy) to encrypt e-Mail messages before sending,
so that it can be decrypted only by the specified recipient only.
Use E-Mail filtering software to avoid Spam so that only messages from
authorized users are received. Most e-Mail providers offer filtering
services.
Do not open attachments coming from strangers, since they may contain a
virus along with the received message.
Be careful while downloading attachments from e-Mails into your hard

disk. Scan the attachment with updated antivirus software before saving
it.
Do not send messages with attachments that contain executable code like
Word documents with macros, .EXE files and ZIPPED files. We can use
Rich Text Format instead of the standard .DOC format. RTF will keep your
formatting, but will not include any macros. This may prevent you from
sending virus to others if you are already infected by it.
Avoid sending personal information through e-Mails.
Avoid filling forms that come via e-Mail asking for your personal
information. And do not click on links that come via e-Mail.
Do not click on the e-Mails that you receive from un trusted users as
clicking itself may execute some malicious code and spread into your
system.
6.2 Instant Messaging

Instant messaging (IM) is a real time text based
communication between two or more people connected
over the network like Internet. Instant message became
most popular with this you can interact with people in a
real time and you can keep the list of family and friends on

your contact list and can communicate until the person is online .There are many
instant service providers like AOL, Yahoo messenger, Google Talk and many
more.
6.2.1 Risks involved in IM

Hackers constantly access instant messages and try to deliver malicious codes
through the instant message and the code may contain a virus, Trojan, and
spyware and if you click on the file the code will enter your system and within
seconds it infects the system.
6.2.1.1 Spim
Spim is a short form of spam over instant messaging, it

uses IM platforms to send spam messages over IM. Like
e-mail spam messages, a spim message also contains
advertisements. It generally contains web links, by
clicking on those links malicious code enters into your
PC.
Generally, it happens in real time and we need to stop the work and deal with
spim as the IM window pop-ups, in the e-mail we have time to delete and we can
delete all spam at a time, or we can scan before opening any attachments. This
cannot be done in IM.
Tip: Avoid opening attachments and links in IM

7. Social Networking
Social networking means grouping of individuals into specific groups, like small
communities. Social networking is used to meet Internet users, to gather and
share information or experiences about any number of topics, developing
friendships, or to start a professional relationship. (Or)A simple Social
Networking site is where different people keeping different information related
to any particular thing at one place.For example Orkut, Facebook, etc.
Through social networking there are many advantages like we can get into any
kind of groups based on our hobbies, business, schools and many more, it is a
different communication tool to keep in touch with friends and colleagues.
Apart from all these advantages there are disadvantages like based on these
communication tools, sites can be trapped by scammers or any hackers so it is
very important to protect yourself.
These social networking sites are very popular with young people. They expose
them to risks they have always faced online but in a new forum: online bullying,
disclosure of private information, cyber-
stalking, access to age-inappropriate
content and, at the most extreme, online
grooming and child abuse.
For adults, who are also using these sites

in greater numbers, there are serious risks
too. They include loss of privacy and
identity theft. Adults too can be victims of
cyber-bullying and stalking.
7.1 Tips to avoid risks by social networking

Be careful about the information you put online , like if you put your
photo or video or your account details will stay for a long time and who
ever connected will see it. Generally, business people will see as part of
hiring process to know about everyone views and interests. However
hackers will use these sites to collect the personal information and may
misuse them.
Remember don’t put anything personal like sensitive information about

your family details, addresses, personal photographs.
Most of the sites and services provide options for privacy settings and use
them to prevent attackers to view your information. You can also set the

privacy settings according to whom you want to allow seeing your
information.
Be careful if you want to meet social networking friends in person, it may

not be true identity posted on a web site. Think before you meet. If you
are going to meet then do it in a public place during the day.

8. Social Engineering
8.1 What is Social Engineering?
Social Engineering is an approach to gain access to information through
misrepresentation. It is the conscious manipulation of people to obtain
information without realizing that a security breach is occurring. It may take the
form of impersonation via telephone or in person and through email. Some
emails entice the recipient into opening an attachment that activates a virus or
malicious program in to your computer.
Careless talking is one of the reasons for social engineering
Careless talking about business, the office, home, personal and the people and
discussing with those who not authorized to talk, and also gives the sensitive
information indirectly to someone who may use it for a specific reason such as
breaking into your computer, your organization details etc.
8.2 How do they do this?

A Social Engineer may approach you either a telephone or e-mail and pose as a
person from your Information Technology Department or Help Desk and may
ask for user id, password and other details like systems and network
information.
A Social Engineer may meet you outside of your work place or organization and
may ask you about your work or how your organization does the things.
A Social Engineer may come to your organization to present business needs and
may ask for network connectivity to know about network information or any
sensitive information.
A Social engineer may ask your identity card to know about your personal
information about your School, organization etc.
The basic goals of social engineering are the same as hacking in general: to gain
unauthorized access to systems or information to commit fraud, network
intrusion, identity theft or simply disrupt the system and network.

8.3 Social Engineering can be done in many ways
8.3.1 Non-Technical
Public Places
Social Engineering can be done through public places like cafes, pubs, movie
theatres. You may release or give some sensitive information to the public or a
social engineer or someone may overhear you.
Gossips
You may talk about some gossip with colleague and may give some information
to other colleague who might be a social engineer.
Personal Pride or Confidence
You may give sensitive information of your family or organization to boast your
achievements, pride, and confidence to unknown persons.
Online
Social engineers may obtain information on-line by pretending to be the

Network Administrator, sending e-mail through the network and asking for a
user's password or any sensitive information indirectly.
8.3.2 Technical
Vishing
It is one of the methods of social engineering over the telephone system, most
often using features facilitated by Voice over IP (VoIP), to gain access to private
personal and financial information from the public for the purpose of financial
reward. The term is a combination of "voice" and phishing.
Tip: Don’t give any financial information to unknown people over phone,
confirm to whom you are speaking and cross check with the concern company or
bank before giving any information
Phishing
Phishing is a type of deception designed to steal your valuable personal data,

such as credit card numbers, passwords, account data and or other information.
The attackers have become more sophisticated and also their phishing e-mail

messages and pop-up windows. They often include official looking logos from
real organizations and other identifying information taken directly from
legitimate Web sites.
Tip: If you think you've received a phishing email message, do not respond to it.
And don’t even click on the links you received from the unknown users.
8.3.3 Other Techniques
Baiting
It is one of the methods of social engineering which uses physical media and
relies on the curiosity or greed of the victim. Here the attacker leaves the
malware inserted or infected USB or pen Drive, CD/DVD ROM in a location that
to be found and gives a legitimate looking and makes victim curiosity and waits
for them to use the device.
Tip: Don’t get tempted in accessing the devices which left unattended or found at
sidewalk, elevator, parking lot etc.
Persuasion
Influence someone to give you confidential information either by convincing

them you are someone who can be trusted or by just asking for it.
Tip: Be suspicious don’t get influenced by the unknown person and don’t give
away the confidential information to them.
8.3.4 Non –Technical
Dumpster diving
Dumpster diving, also known as trashing is another popular method of Social

Engineering. A huge amount of information can be collected through company
dumpsters or wastage from home.
Tip: Don’t dump any confidential papers into trash, before dumping make sure
you don’t have any important information in it.

Hoaxing
A Hoax is an attempt to trap people into believing that something false is real.
This is usually aimed at a single victim and is made for illicit financial or material
gain a hoax is often perpetrated as a practical joke, to cause embarrassment.
Tip: Beware don’t believe the e-mails received from unknown and don’t ever
give the financial information.
Pretexting
Pretexting is the act of creating and using an imaginary scenario to engage a

targeted victim in a manner that increases the chance the victim will reveal
information or do actions that would be unlikely in ordinary circumstances. It is
more than a simple lie.
Tip: Be cautious because strangers try to fool you by creating false situation and
make you to believe in order to collect the confidential information.
8.4 How do you avoid being a victim?

Be suspicious of unsolicited phone calls, visits, or email messages from
individuals asking about employees or other internal information. If an unknown
individual claims to be from a legitimate organization, try to verify his or her
identity directly with the company.
Do not provide personal information or information about your

organization, including its structure or networks, unless you are certain of
a person's authority to have the information.
Do not reveal personal or financial information in email, and do not

respond to email solicitations for this information. This includes following
links sent in email.
Don't send sensitive information over the Internet before checking a

website's security. Pay attention to the URL of a website. Malicious
websites may look identical to a legitimate site, but the URL may use a
variation in spelling or a different domain (e.g., .com vs. .net).
If you are unsure whether an email request is legitimate, try to verify it

by contacting the company directly. Do not use contact information
provided on a website connected to the request; instead, check previous
statements for contact information. Information about known phishing
attacks is also available online from groups such as the Anti-Phishing
Working Group

Install and maintain anti-virus software, firewalls, and email filters to
reduce some of this traffic.
Take advantage of any anti-phishing features offered by your email client

and web browser.
8.5 What do you do if you think you are a victim?

If you believe you might have revealed sensitive information about your
organization, report it to the appropriate people within the organization,
including network administrators. They can be alert for any suspicious or
unusual activity.
If you believe your financial accounts may be compromised, contact your

financial institution immediately and close any accounts that may have
been compromised. Watch for any unexplainable charges to your account.
Immediately change any passwords you might have revealed. If you used
the same password for multiple resources, make sure to change it for each
account, and do not use that password in the future.
Watch for other signs of identity theft .
Consider reporting the attack to the police, and file a report with the
Federal trade commission.

9. Online Games and Computer Games
9.1 About online games
An online game is a game played over a computer network via the Internet.
Online games range from normal text based to graphical based games.
Simultaneously Players can play the same game .The main advantage of online
games is the ability to connect to multiple games even though single player is
online. Based on technology the games are also become more complex the
technology related games like flash games and java games became more popular.
There are free online games and commercial games , most of the popular games
are enclosed with end user license agreements and limited to access by the
creators of games and the breaking of the agreement range from warning to
termination.
There are massively multi-player online games like real time strategy games, role
playing game, first person shooter games and many more.
9.2. Things to be noted while downloading the games

Carefully study the rating of an online game, frequently they will let you
know if it is suitable for your age.
Read the terms and conditions of the sites that you use and check if there
are special safety features for children.
It is important and make sure that game vendor is reputable and
download the game from trusted web sites.
Sometimes free download games conceal malicious software , this
includes plug-ins required to run a games, administrative mode to open a
game which is not advisable , by doing this you open yourself to the risk
that an attacker could gain complete control of your computer, it is always
safe to play in a user mode rather than the administrative mode.
When playing an online game it is best to play it at the game site , this may
reduce the risk and end up with a malicious web site.
9.3. Risks Involved

Online games involve the technology risks to your computer system or system of
gamers with whom you interact.
If the software on the game server as been compromised, computers that

connect to it also compromised. Exploited Vulnerabilities codes in games makes
attackers to get into your system and read the files from a gamer computer,
crash the games during online play in order to get the full control of the
exploited computer.

Virus and worms may enter a system when you try to download or install a
game on your computer. These viruses or worms may be hidden in the files you
download.
Malicious software takes advantage of the websites associated with online

games that rely on chat, e-mail to entice you to visit the bogus web sites that
contain malicious software installs in your computer, then they use the software
for various criminal purpose.
Some times because of the insecure game coding, the game software causes
buggy behaviour on your computer and introduces unknown vulnerabilities.
Sometimes strangers try to gain access to unprotected computers connected to

Internet while online play and contact the children by pretending to be another
child and trap to gather the personal information .
Malicious individuals may try to trick you installing or downloading the games
that might be bogus web sites and offer software patches for game downloading,
in reality they are malicious software.
Malicious individual can gather information about you from the profiles you
create in online games and other gaming web sites, they may be able to use it to
establish accounts in your name, resell it, or use it to access your existing
accounts. Game accounts were created in their name without their knowledge.
There was speculation that people were trying to make money selling virtual
weapons and abilities used in the game.
9.4 Guidelines
Create a family e-Mail address for signing up for online games.
Screenshots: If anything bad happens while playing online games, take

a screen shot using the "print screen" button on the keyboard of those
displayed things on the screen and report it to the concerned web site
ad use the screen shot as evidence.
Use antivirus and antispyware programs.
Be cautious about opening files attached to e-Mail messages or instant

messages.
Verify the authenticity and security of downloaded files and new

software.
Configure your web browsers securely.
Use a firewall.

Set up your user profile to include appropriate language and game
content for someone your age.
Set time limits for children.
Never download software and games from unknown websites.
Beware of clicking links, images and pop ups in the web sites as they
may contain a virus and harm the computer.
Never give personal information over the Internet while downloading

games.
Some free games may contain a virus, so be cautious and refer while
downloading them.
Create and use strong passwords.
Patch and update your application software

10. Safe Downloading
10.1 Safe Downloading and uploading
10.1.1 About Downloading

The term download is used to describe the process of copying a
file from an online service that is via an Internet to one owns a
computer. Downloading also refers to copying a file from
network server to a computer on the network. To download
means to receive data i.e. whatever offered for downloading can
be downloaded. You can download any kind of files from
Internet like documents, music, videos, images and software and
many more.
10.1.2 About uploading

The opposite of download is uploading this means copying a
file from your computer to another computer over the
network. Uploading means to transmit data. Whatever is
transferred can be uploaded. In short “Uploading means
sending a file to a computer that is set up to receive it”. You
can upload any kind of files like documents, music, videos,
images and software and many more.
10.2 Risks by insecure downloads

When you try to download a file from the Internet, it
includes installing a program, opening pictures, links from
different websites or from e-mails, downloading music
files and many more files on to a computer .These files
could be the same what they say are, but they can also be
involved with something like malicious software that can
harm your computer, which includes viruses, worms and
many destructive programs.
A virus can destroy data or give someone access to all

the information on your computer and destroy all the
confidential information on your PC.
Another threat is spyware. The spyware often

changes your computer's behaviour like PC becomes
slow, and even causes a computer crash. The spyware
can be used to track the browsing history, steal the
passwords and allow an attacker to grab complete
information of your system.

Malicious software can be installed without your knowledge, or it can be
bundled with a program, link or software you would like to download.
For example, you would like to download a game from the untrusted
website then with out your knowledge malicious software can be
downloaded.
Some time malware spreads itself by sending e-mail from an infected
computer to every e-mail address it finds.
Mostly these malware spread through e-mails
10.3 Tips for Safety downloads

While downloading any file close all the applications that are running on
your computer, let only one set-up file run at a time of downloading.
Close all the important applications in order to be safe if something goes

wrong while downloading.
Set firewalls,set antivirus to actively scan all the files you

download.
Scan all the files after you download whether from websites or links
received from e-mails.
Always use updated antivirus, spam filter and spyware to help detect and
remove virus, spyware from the application you want to download.
Never download any files like music, video, games and many more from
untrusted sites and don’t go by the recommendations given by your
friends or made by any random website's comments.
Check that the URLs are same and always download games, music or
videos from the secure websites like which use HTTPS websites instead of
HTTP. In the web address, it replaces “http” to https”. The https refers to
the hypertext transfer protocol secure.
Download anything only from thrust worthy websites. Don’t click links to
download anything you see on unauthorized sites.

If any dirty words appear on the website just close the window no matter
how important it is, because spyware may be installed on your PC from
such websites.
Check the size of the file before you download, sometimes it shows a very
small size but after you click it increases the size of the file.
Never believe anything which says click on this link and your computer
settings will be changed and your PC can be turned into XBOX and can
play unlimited games on your computer.
Don’t accept anything that offers you free download because that may
contain malicious software.
Don’t click the link or file and let it start download automatically,
download the file and save where you want save and then run on the
application.
Set secure browser settings before you download anything.
Read carefully before you click on

install or run application. That
means read terms and conditions.
Don’t download anything until you

know complete information of the
website and know whether it is an
original site of an original company.
Never download from the links that offer free

antivirus or anti spyware software, always download
from trusted sites, if you are not sure about the site
you are downloading, enter the site into favourite
search engine to see anyone posted or reported that
it contains unwanted technologies.

11. Blogging
A web blog is a Web site that consists of a series of entries arranged in reverse
chronological order, often updated on frequently with new information about
particular topics. The information can be written by the site owner, gathered
from other Web sites or other sources, or contributed by users. A web blog may
consist of the recorded ideas of an individual (a sort of diary)
11.1Types of blogs
There are many different types in content and the way content is delivered or
written
Personal blogs
Corporate and organizational blogs
Genre blogs
Media type blogs
By Device blogs
Different blog sites are used for a different purpose of communication.
11.1.1 Personal blog is an ongoing dairy or commentary by an individual. A

Site, such as Twitter, allows bloggers to share thoughts and feelings
instantaneously with friends and family and is much faster than e-mailing.
11.1.2 Corporate and organizational blogs (business, marketing) are used

by the employees who are working in the companies. They are internally used to
enhance the communication in a corporation or externally for marketing,
branding or public relations.
11.1.3 Genre blogs (causes, education, political, travel) are focused on a

particular subject like education, fashion, music, travel, political, personal
(home) blogs …etc.
11.1.4 Media type blogs (vlog, linklog, photoblog) are used for sharing the
videos called vlogs, for sharing the links called linklogs and for sharing the
photos called photoblog.
11.1.5 By the device (mobile phone, PDA, wearable wireless webcam) are
used to write the blogs through the mobile device like mobile phones or PDA
called moblog.

11.2 Risks involved in blogging
If you give your personal information like your
name, location address, phone numbers, credit
card details in the blogging sites, your
information may be stolen by others (identity
theft) because everyone who is having login
account in the site which you are using can
access to your profile. The profile which you are
creating will be visible to everyone on the
blogsite. The persons like strangers can access
your profile and can view all your details.
For example, if you give your credit card number in the site, they may use that
number for their own business or shopping purpose and the bill will be sent to
you. Another example is if your children give their school name or location
addresses in the site, the strangers who access that data may take advantage of it
and may kidnap your children.
11.3 Tips to avoid risks by blogging

Never give away your personal information into the blogging sites
Put reliable information as it reaches entire world and assume what

you publish on the web is permanent.
Avoid competition with other bloggers.
State the terms of use, copy right in blog properly to viewers to

protect your blogs.
Guide them with other positive examples such as the children are
posting their related information.
11.4 Guidance for Parents on Blogging
Establish Rules for online use with children.

Monitor what your children plan to post before they post it.
Evaluate Blogging Service and their features like a password protected
secured blogs etc.
Review your children blogs regularly.
Guide them with other positive example such as reference to the
students who are posting their related information.

11.5 Scenario
Like many of her friends, Alice has a blog. However, unlike her friends, she
keeps its location secret. She doesn’t link to anyone else’s blog, and she doesn’t
comment on other blogs using her blog identity. Somehow, though, Bob finds out
the URL for Alice’s blog and adds it to the “friends” list on his blog. Word spreads,
and soon everyone has read Alice’s blog. Unfortunately, she has used her blog to
criticize most everyone she knows, including other students, teachers, and her
parents. Everyone is furious with her.
So always guide your children not to blog anything related personal

information about family and guide them how to use the blogs and advantages
of blogs and make them understand that blogs are not used to criticize others.

12. Cyber Bullying
12.1 Harassment and bullying
Cyber bullying can be carried out through Internet services such as e-Mail, chat
rooms, discussion groups, instant messaging or web pages. It can also include
bullying through mobile phone technologies such as SMS. Cyber bullying can
include teasing and being made fun of, spreading rumours online, sending
unwanted messages and defamation.
12.2 Cyber bullying can be done in the following ways
12.2.1 Forwarding a private IM communication to others

A kid/teen may create a screen name that is very similar to another kid's name.
The name may have an additional "i" or one less "e". They may use this name to
say inappropriate things to other users while posing as the other person.
Children may forward the above private communication so others to spread

their private communication.
12.2.2 Impersonating to spread rumours

Forwarding gossip mails or spoofed mails to spread rumours or hurt another kid
or teen.
They may post a provocative message in a hate group's chat room posing as the
victim, inviting an attack against the victim, often giving the name, address and
telephone number of the victim to make the hate group's job easier.
12.2.3 Posting embarrassing photos or video

A picture or video of someone in a locker room, bathroom or dressing room may
be taken and posted online or sent to others on cell phones.
12.2.4 By using web sites or blogs

Children used to tease each other in the playground; now they do it on Web sites.
Kids sometimes create Web sites or blogs which may insult or endanger another
child. They create pages specifically designed to insult another kid or group of
people.
12.2.5 Humiliating text sent over cell phones

Text wars or text attacks are when kids gang up on the victim, sending thousands
of text-messages related to hatred messages to the victim’s cell phone or other
mobile phones.

12.2.6 Sending threatening e-mails and pictures through e-mail or
mobile to hurt another
Children may send hateful or threatening messages to other kids, without
realizing that while not said in real life, unkind or threatening messages are
hurtful and very serious.
12.2.7 Insulting other user in Interactive online games

Kids/Teens verbally abuse the other kids/teens, using threats and foul language
while playing online games or interactive games.
12.2.8 Stealing Passwords

A kid may steal another child's password and begin to chat with other people,
pretending to be the other kid or by changing actual user profile.
12.3 Tips and guidelines
Use Parental Control Bars, Desktop Firewalls, Browser Filters to avoid or

preventing children from cyber bullying others or accessing
inappropriate content.
Make sure your child's school has Internet Safety education
programming.
You may request school authorities to teach or guide students about how
to prevent and respond to online peer harassment, interact wisely
through social networking sites and responsible online users.
Form the rules of computer Labs, Internet labs.
Specify clear rules, Guidelines and policies regarding the use of the
Internet, Computers and Other Devices such as USB, CDROM at School for
Cyber Bullying.
Teach Students the impact of Cyber Bullying.
Teach students that all types of bullying are unacceptable and such
behaviour is subject to discipline.
 Mentoring the students and establishment of peer Monitoring.
Teachers need to mentor or establishment mentorship with senior
students to guide information security awareness and monitoring
through peer students.
Implement Blocking/Filtering Software at Lab PCs in School.
Use Desktop Firewalls, Browser Filters to avoid or preventing
children from cyber bullying other or accessing inappropriate
content. In addition use monitoring with software tools for
students online activity.
Educate your students.

Educate students by conducting various workshops from an internal
or external expert to discuss related issues in cyber bullying, good
online behaviour and other information security issues. Moreover
keep related posters in school.

13. Online Threats and Tips
13.1 Protect children from online threats
Children may face different security risks when they use a computer or when
they are online. Not only do you have to keep them safe, you have to protect the
data on your computer. By taking some simple steps, and can reduce the risks.
13.1.1 What are the risks?
Exposure to inappropriate images or content

Solicitation by sexual predators in chat rooms and by e-Mail.
Online bullying or harassment.
Piracy of software, music or video.
Disclosure of personal information.
Spyware and viruses.
Excessive commercialism: advertising and product-related websites.
Illegal downloads, such as copyright-protected music files.
13.1.2 General safety tips
If you suspect a pedophile may be grooming or trying to befriend your

child or your child is being stalked or harassed, contact your local police.
Set ground rules for children.
Use Internet content filtering and spam filters to reduce the risk of
accidental exposure to unwanted content.
Set up shared computers properly to restrict what children can do.
Consider setting up a family e-mail account which can be used specifically
to register for websites, competitions, etc.
Be careful about peer-to-peer file sharing.
13.1.3 Monitor children’s use of the Internet
All the web browsers keep a record of recently visited sites and also make
temporary copies of web pages. To see recently visited sites, click on the History
button or press Ctrl and the H key.
To see temporary files, open Internet Explorer Select Internet Options,

on the General tab under Temporary Internet Files click the Settings
button and click View Files.
Understand the risks yourself and plan ahead before monitoring and
allowing children access to the Internet.
Discuss with children what they can and cannot do online.
Make a contract with children on usage of computer with signing.
Work out how you are going to monitor their Internet use.

The boundaries you set and the kind of conversations you have with your
children will depend on their age and technical ability as well as your
judgement as parents.
These factors will change as they grow up and should be reconsidered
regularly.
13.1.4 Monitoring children’s behavior online
If a child is too young to access computer always sit with them while they
are online.
Ask your children to share all their online user names and passwords
with you.
Set browser settings to limit the access to inappropriate content.
Put the computer in an open area in the home.
Consider installing Internet monitoring software to track what they do
online.
13.1.5 Create a user account for each user
Set up a separate user account for your child with a limited permission and can
give limited control over the computer.
For example, they won’t be allowed to install new programs or change settings
without your permission. It also helps monitor and control what they do online.
13.2 Most common online Threats
13.2.1 Online Scam
Online scam is an attempt to trap you for obtaining money. There are many types
of online scams, this includes obtaining money with fake names, fake photos,
fake e-mails, forged documents, fake job offers and many more.
Generally, it happens by sending fake e-Mails for your personal details like online
banking details, credit card details. Sometimes e-Mails are sent from lottery
companies with fake notice, when ever you participate in online auction and e-
Mails received for fake gifts.
Phishing scam
Online scammers send you an e-mail and ask your account information or credit
card details along with a link to provide your information. Generally, the links
sent will be similar to your bank. So when ever you post your details in the link
then the details will be received by scammers and money is misused.
Lottery scam

Sometimes you receive an e-Mail like “you won a lottery of million dollars”
receiving such a kind of mails is a great thing, and really it’s a happiest thing. By
responding to such a kind of mails huge amount of money will be lost. Because
these e-Mails are not true, scammers try to fool and trap you to obtain money.
Online Auction
If you bid for a product you never get the product promised or don’t match the
product, and the description given to you may be incomplete, wrong, or fake. The
scammer accepts the bid from one person and goes for some other sites where
they can get less than the winning bid so scammers may not send the product
you wanted.
Forwarding Product or Shipping Scam
When ever you answer an online advertisement for a letter or e-mail manager
like some US based corporation which lacks address or bank details and needs
someone to take goods and sent to their address or ship overseas, and you are
asked to accept the transfers into your bank.
Generally, it happens for products that are purchased using stolen credit cards
and shipped to your address and then you will be fooled and asked to reship the
product to others they might have deceived who reship the product overseas.
The stolen money will be transferred to your account.
E-Mail Scam Like --Congratulations you have won Webcam, Digital Camera,
etc.
Sometimes you get an e-mail with a message like -- you have won something
special like digital camera webcam , all you need to do is just visit our web site by
clicking the link given below and provide your debit or credit card details to
cover shipping and managing costs. However the item never arrives but after
some days the charges will be shown on your bank account and you will lose
money.
By e-mails
Generally, fraudsters send you an e-mail with tempting offers of easy access to a
large sum of money and ask you to send scanned copies of personal documents
like your address proof, passport details and ask you to deposit an advance fee
for a bank account. So once you deposit the funds, they take money and stop
further communication, leaving you with nothing in return.

Unscrupulous Websites for Income Tax Refund
Generally, websites feel like official websites and seek the details of credit card,
CVV PIN of ATM and other personal details of the taxpayers in the name of
crediting income tax refund through electronic mode.
13.2.2 Tips to prevent online scams
Confirm whether e-Mail is received from bank or not
Be cautious while providing bank details online, before proceeding further

confirm with the bank about the e-Mail you received. Think that if something is
important or urgent why doesn’t the bank call me instead of sending e-Mail?
Confirm the shipping
Beware of shipping scam.Make sure you get authorized signed document via fax
before proceeding further and make sure you received it from an authorized
company.
Be cautious during online auction
Don’t be trapped with discounts and think wisely before you proceed with online
auction. Think why $200 product would be $ 20.
Be aware about the product you received via e-Mail
Be aware about the products you get for a discounted-price.Think why you
received e-Mail for products when you never enter any online shopping or
contest.
Don’t be trapped by lottery scam
Don’t get trapped by scammers and e-Mails with a subject line you won some
$10000 just think why only you received the e-Mail without your participation.
13.3 Online Banking

Online Banking can also be referred as Internet
Banking. It is the practice of making bank transactions
or paying bills through the Internet. We can do all
financial transactions by sitting at home or office. Online
banking can be used for making deposits, withdrawals
or we can even use it for paying bills online. The benefit of it is the convenience
for customers to do banking transactions .The customers need not wait for bank
statements, which arrive by e-mail to check their account balance. They can

check their balance each and every day by just logging into their account. They
can catch the discrepancies in the account and can act on it immediately.
Link Manipulation
Most methods of phishing use some form of technical deception designed to

make a link in an e-mail (and the spoofed website it leads to) appear to belong to
the spoofed organization. Misspelled URLs or the use of sub domains are
common tricks used by phishers. In the following example URL,
http://www.yourbank.example.com/, it appears as though the URL will take you
to the Attacker Database of the your bank website; actually this URL points to the
"yourbank" (i.e. phishing) section of the Attacker Database website.
Filter Evasion
Phishers have used images instead of text to make it harder for anti-phishing
filters to detect text commonly used in phishing e-mails.
Malware attacks
Example:
Clampi Virus Targets Users at Banks and Credit Card Sites
Keeping up with the latest Web security threats is a daunting task, because
viruses and Trojans emerge, evolve, and spread at an alarming rate. While some
infections like Nine Ball, Conficker, and Gumblar have hit the scene and
immediately become the scourge of the cyber security world, others take their
time -- quietly infiltrating more and more computers before revealing the true
depth of the danger they pose.
One such slow grower is Clampi, a Trojan that made its debut as early as 2007
(depending on who you ask) but is only now raising hairs outside professional
security circles. Clampi primarily spreads via malicious sites designed to dispense
malware, but it's also been spotted on legitimate sites that have been hacked to
host malicious links and ads. Using these methods, Clampi has infected as many
as half a million computers, Joe Stewart, of Secure Works, told a crowd
at the Black Hat Security Conference in July, USA Today reports.
Once installed on a PC, the Trojan quietly waits for you to visit a credit card or
banking Web site. When it detects you're on one of the roughly 4,600 financial
Web sites it's trained to watch, it records your username and password, and
feeds that information back to the criminals. Clampi can even watch for network
login information, allowing it to spread quickly through networked PCs (e.g.,

those in an office). In fact, it seems that businesses have been the primary target
of Clampi so far. According to the Times Online, in July, an auto parts shop in
Georgia was robbed of $75,000 when criminals stole online banking information
using Clampi. The Trojan was also used to infiltrate computers for a public
school district in Oklahoma and submit $150,000 in fake payroll payments.
13. 4 Online Shopping
Online shopping has become very popular to purchase all things without leaving
your home, and it is a convenient way to buy things like electronic appliances,
furniture, cosmetics, and many more. We can avoid the traffic and crowds. There
is no particular time to buy things we can buy at any time instead of waiting for
the store to open. Apart from all these advantages risks are involved and there
are unique Internet risks so it is very important to take some safety measures
before you go for online shopping.
13.4.1 Tips for safe online shopping
Before you go for online shopping make sure your PC is secured with
all core protections like an antivirus, anti spyware, firewall, system
updated with all patches and web browser security with the trusted
sites and security level at high.
Before you buy things online research about the web site that you
want to buy things from, since attackers try to trap with websites that
appear to be legitimate, but they are not. So make a note of the
telephone number’s physical address of the vendor and confirm that
the website is a trusted site. Search for different web sites and
compare the prices. Check the reviews of consumers and media of that
particular web site or merchants.
If you are ready to buy something online check, whether the site is
secure like https or padlock on the browser address bar or at the
status bar and then proceed with financial transactions.
After finishing the transaction take a print or screenshot of the
transaction records and details of product like price, confirmation
receipt, terms and conditions of the sale.
Immediately check the credit card statements as soon as you finish
and get them to know about the charges you paid were same, and if
you find any changes immediately report to concerned authorities.
After finishing your online shopping clear all the web browser cookies
and turn off your PC since spammers and phishers will be looking for
the system connected to the Internet and try to send spam e-Mails and
try to install the malicious software that may collect your personal
information.
Beware of the e-Mails like “please confirm of your payment, purchase
and account detail for the product.” Remember legitimate business

people never send such e-Mails. If you receive such e-Mails
immediately call the merchant and inform the same.
13.5 Identity Theft

Identity Theft occurs when someone, without your knowledge, acquires a piece
of your personal information and uses it to commit fraud.
Identity theft is a crime used to refer to fraud that involves someone pretending
to be someone else in order to steal money or get other benefits. The term is
relatively new and is actually a misnomer, since it is not inherently possible to
steal an identity, only to use it. The person whose identity is used can suffer
various consequences when he or she is held responsible for the perpetrator's
actions. In many countries specific laws make it a crime to use another person's
identity for personal gain. Identity theft is somewhat different from identity
fraud, which is related to the usage of a false identity' to commit fraud.
Identity theft can be divided into two broad categories:
Application fraud
Account takeover
Application fraud happens when a criminal uses stolen or fake documents to

open an account in someone else's name. Criminals may try to steal documents
such as utility bills and bank statements to build up useful personal information.
On the other hand they may create counterfeit documents.
Account takeover happens when a criminal tries to take over another person's
account, first by gathering information about the intended victim, then
contacting their card issuer masquerading as the genuine cardholder, and asking
for mail to be redirected to a new address. The criminal then reports the card
lost and asks for a replacement to be sent.
13.6 Tab napping

Tab napping is a new online phishing scam to attack your computer and your
finances.
As internet users we’re all vulnerable to online scams. Unluckily for us, as soon as we
become pretty good as spotting one type of attack, another more sophisticated version
comes along in its place.

Until now phishing has involved sending hoax emails in an attempt to steal your
usernames, passwords and bank details. Often the sender will claim to be from your
bank and will ask you to verify your bank details by clicking on a link contained in the
email.
The link actually directs you to a fake website which looks just like your bank's own
website. Once you have typed in your login details they can be accessed by the criminals
who set the fake site up.
But we’re beginning to wise up to phishing attacks like this, and many of us know we
should be very wary of clicking URLs even if they appear to be in a legitimate email.
With awareness of phishing on the up, making it more difficult for scammers to succeed,
tab napping could be the scam to watch out for next.
Tab napping is more sophisticated than the phishing scams we’ve seen so far, and it no
longer relies on persuading you to click on a dodgy link. Instead it targets internet users
who open lots of tabs on their browser at the same time (for example, by pressing CTRL
+ T).
13.6.1 How does it work?

By replacing an inactive browser tab with a fake page set up specifically to obtain your
personal data - without you even realizing it has happened.
Believe it or not, fraudsters can actually detect when a tab has been left inactive for a
while, and spy on your browser history to find out which websites you regularly visit,
and therefore which pages to fake.
So don't assume that after you have opened a new tab and visited a webpage, that web
page will stay the same even if you don’t return to it for a time while you use other
windows and tabs. Malicious code can replace the web page you opened with a fake
version which looks virtually identical to the legitimate page you originally visited.
13.6.2 How might tab napping work in practice?

Imagine you open the login page for your online bank account, but then you open a new
tab to visit another website for a few minutes, leaving the first tab unattended. When
you return to your bank’s site the login page looks exactly how you left it. What you
haven’t realised is that a fake page has taken its place, so when you type in your
username and password, you have inadvertently given the fraudster easy access to your
account.

Even if you have already logged into your bank account before opening another tab,
when you return you might find you’re being asked to login again. This may not
necessarily rouse any suspicion since you might simply assume your bank has logged
you out because you left your account inactive for too long. You probably won’t even
think twice before logging in for a second time. But this time round you have accidently
inputted your security details into a fraudster’s fake page which have been sent back to
their server.
Once you have done so, you can then be easily redirected to your bank’s genuine website
since you never actually logged out in the first place,giving you the impression that all is
well.
13.6.3 Tips to protect you against tab napping

Make sure you always check the URL in the browser address page is correct
before you enter any login details. A fake tabbed page will have a different URL
to the website you think you’re using.
Always check the URL has a secure https:// address even if you don’t have tabs
open on the browser.
If the URL looks suspicious in any way, close the tab and reopen it by entering
the correct URL again.
Avoid leaving tabs open which require you to type in secure login details. Don't
open any tabs while doing online banking - open new windows instead (CTL +
N).
13.7 Clickjacking
Clickjacking is a malicious technique of tricking Web users into revealing confidential
information or taking control of their computer while clicking on seemingly innocuous
Web pages. A vulnerability across a variety of browsers and platforms, a clickjacking
takes the form of embedded code or script that can execute without the user's
knowledge, such as clicking on a button that appears to perform another function.
Clickjacking is possible because seemingly harmless features of HTML Web pages can be
employed to perform unexpected actions.

A clickjacked page tricks a user into performing undesired actions by clicking on a
concealed link. On a clickjacked page, the attackers show a set of dummy buttons, then
load another page over it in a transparent layer. The users think that they are clicking
the visible buttons, while they are actually performing actions on the hidden page. The
hidden page may be an authentic page, and therefore the attackers can trick users into
performing actions which the users never intended to do and there is no way of tracing
such actions later, as the user was genuinely authenticated on the other page.
More on :
http://en.wikipedia.org/wiki/Clickjacking
13.7.1 Some of the ISSUES

Issue #1 STATUS: Clickjacking allows attackers to subvert clicks and send the victim’s
clicks to web-pages that allow themselves to be framed with or without JavaScript. One-
click submission buttons or links are the most vulnerable. It has been known since at
least 2002 and has seen at least three different PoC exploits (Google Desktop MITM
attack, Google Gadgets auto-add and click fraud). All major browsers appear to be
affected.
Issue #2 STATUS: ActiveX controls are potentially susceptible to clickjacking if they

don’t use traditional modal dialogs, but rather rely on on-page prompting. This requires
no cross domain access, necessarily, which means iframes/frames are not a prerequisite
on an attacker controlled page.
More on :
http://ha.ckers.org/blog/20081007/clickjacking-details/
13.7.2 Tips:
Never click on the links received from the unknown users.
If necessary cross check the target of the link by placing mouse at the given
link and check the details at bottom left corner before clicking. Take the help of
the picture below to understand.

Always type URL in browser

14. Wireless Network
14.1 What is a Wireless Network?

Wireless network refers to any type of computer network that is not connected
by cables of any kind. It is a method by which telecommunications networks and
enterprise (business), installations avoid the costly process of introducing cables
into a building, or as a connection between various equipment locations.
Wireless networks are generally imple-mented and administered using a
transmission system called radio waves to provide wireless high speed Internet
and network connections.
What is Wi-Fi?
Wi-Fi is a branded standard for wirelessly connecting electronic devices. "Wi-Fi"

is a trademark of the Wi-Fi Alliance and the brand name for products using the
IEEE 802.11 family of standards. Wi-Fi is used by over 700 million people, there
are over 4 million hot-spots (places with Wi-Fi Internet connectivity) around the
world, and about 800 million new Wi-Fi devices every year. Wi-Fi products that
complete the Wi-Fi Alliance interoperability certification testing successfully can
use the Wi-Fi CERTIFIED designation and trademark.
The radios used for Wi-Fi communication are very similar to the radios used for
walkie-talkies, cell phones and other devices. They can transmit and receive
radio waves, and they can convert 1s and 0s into radio waves and convert the
radio waves back into 1s and 0s.
They transmit at frequencies of 2.4 GHz or 5 GHz. This frequency is considerably

higher than the frequencies used for cell phones, walkie-talkies and televisions.
The higher frequency allows the signal to carry more data.
They use 802.11 networking standards, which come in several flavors:
802.11a transmits at 5 GHz and can move up to 54 megabits of

data per second.
802.11b is the slowest and least expen-sive standard. 802.11b

transmits in the 2.4 GHz frequency band of the radio spectrum.
802.11g transmits at 2.4 GHz like 802.11b, but it's a lot faster -- it
can handle up to 54 megabits of data per second.
802.11n is the newest standard that is widely available. This

standard signifi-cantly improves speed and range.

14.2 Risks of using Unsecured Wi-Fi Network
Anyone within the geographical net-work range of an open, unencrypted
wireless network can sniff or capture or record the traffic, gain unauthorized ac-
cess to internal network resources as well as to the internet, and then possibly
send spam or do other illegal actions using the wireless network's IP address.
One of the risks in wireless security is that an intruder can use the victim's
broadband connection to get online without paying just to surf the web, to
download pirated music or software. There may be no direct harm, but can slow
down the Internet or network ac-cess of the legitimate user of the net-work.
An intruder can use the victim's connection for malicious purposes like
distributing illegal material, launching DoS attack or hacking. The intruder
remains anonymous as the connection used by the intruder is the victim's
connection. The origin will be traced back to the victim's connection in case of
any criminal activity is discovered and investigated.
And a wireless network could also be an indirect backdoor into a corporate net-
work. An employee or a company can be a target to get confidential information.
There is a risk involved in using unsecured wireless networks. And most of the
people and organizations still use unsecured wireless networks. But the
knowledge required to attack a wireless network is becoming easier. One has the
need to secure the unsecured wireless network and be protected from
unauthorized usage of the network.
14.3 Tips for Wireless Home Network Security

1. Change Default Administrator Pass-words (and Usernames)
Access Point or router is the core of most Wi-Fi networks. To set up these
devices, manufacturers provide web pages to con-figure the settings that allow
owners to en-ter their network address and account in-formation. To configure
these settings by the right owner, the web pages are pro-tected and need to be
authenticated with username and password. All manufacturers provide default
usernames and passwords combination with the wireless router or ac-cess point.
These default usernames and passwords are available on the Internet. It is easy
to get these credentials from the Internet. Most of the users do not change these
usernames and passwords combina-tion. As an alert user, these settings need to
be changed.

2. Turn on (Compatible) WPA / WEP En-cryption
All Wi-Fi equipment supports some form of encryption. Encryption is the

conversion of data into a scrambled form that cannot be easily understood by
unauthorized people. Several encryption technologies exist for Wi-Fi today.
Wired Equivalent Encryption (WEP), an old encryption standard is claimed to be

broken within few seconds, even using a complex passphrase. It is a weak
encryption means that it can be easily broken within manage-able time i.e., few
seconds or minutes.
Enabling Wires Equivalent Privacy (WEP)
Since there are security issues in using WEP, Wi-Fi Alliance introduced a standard for
network authentication and encryption. WPA (Wi-Fi protected Access) is one of the
several popular standards for wireless security. WPA delivers a higher level of security
that further beyond anything that WEP can offer.
Enabling Wi-Fi Protected Access (WPA)

3. Disable SSID Broadcast
In Wi-Fi networking, the SSID is broadcasted by the wireless access points or routers at
regular intervals. This feature was designed for businesses and mobile devices where
Wi-Fi clients may roam from one place to other. SSID broadcast feature is not so useful
in home Wi-Fi network. To improve the security, SSID broadcast security feature should
be disabled. Configuring the wireless clients manually to the access point with right
SSID, they no longer require these broadcast messages.
4. Change the Default SSID
Service Set Identifier (SSID) is a network name that is used by access point and routers.
The same SSID set is used by the manufacturers for shipping their products. For
example, the SSID for Linksys devices in general is “Linksys”. Knowing the SSID may not
be the cause to hack into network, but the default SSID suggests that the network is
poorly configured and much more likely to attack it. When configuring wireless network
security, change the default SSID.
5. Enable MAC Address Filtering

Every Wi-Fi device possesses a unique identifier known as Media Access Control (MAC)
Address or physical address. Routers or Access points maintains MAC addresses of all
devices that connect to them. To restrict the network access to allow only connections
from the devices, many of the products offer the administrator of the access point or
router to store the MAC addresses of their devices. But this is not as powerful as hackers
and their software programs can fake MAC addresses.
6. Enable Firewalls on Each Computer and the Router
Make sure that the router’s firewall is turned on. Most of the network routers have built
in firewall capability. It is an option to enable or disable the feature. Along with the
firewall at the router side, also install and configure personal firewall software on each
computer connected to the router.
The security features in the firewall include blocking anonymous internet requests,
browsing unwanted websites, protecting from malware and spyware. And also define
the security policies so that the unwanted and anonymous connections are restricted.
7. Turn off the Network during Extended Periods of Non-Use
An access point or a router keeps on emitting signals if it powered on. To restrict the
network to full extent, the ultimate in wireless security measures is to shut down the
access point or router. While impractical to turn off and on the devices frequently, at
least consider doing so during travel or extended periods offline. Computer disk drives
have been known to suffer from power cycle wear-and-tear, but this is a secondary
concern for broadband modems and routers.
8. Position the Router or Access Point Safely
Wireless signals are not bound to physical boundaries. The signals from the wireless
router can go beyond office building or cross the gate of one's house and can enter into
neighbor's house. Most wireless routers have a signal range of 100 feet. If this signal
range can be imagined as a sphere with wireless router as center, the signal can be
accessed form any direction up to 100 feet. It becomes easier to others to find the
wireless network and attempt to access it.

When installing a wireless home network, the position of the access point or router
determines its reach. Try to position these devices near the center of the home rather
than near windows to minimize leakage. Signal becomes weak depending upon the
distance it travels and the material it passes through such as walls, metal, etc. Aluminum
foil can also be used at the windows or doors to reduce the strength of signal.
9. Do Not Auto-Connect to Open Wi-Fi Networks
To automatically connect a computer to any available open wireless network without

any notification, most computers or devices provide a setting that will connect a
computer automatically. But the risk involved is that there may be some dummy access
points designed to catch unsuspected users and hack the connected computers.
And configuring access point to accept credentials are must, otherwise any
unauthorized persons can access access-point without username and password.
10. Assign Static IP Addresses to Devices
DHCP (Dynamic Host Configuration Protocol) is used to assign network configuration

information to the connecting devices dynamically. So there is no need to configure the
networks settings manually because of DHCP. This is used for convenience as the
manual configuration of the network settings is reduced. But at the same time, the
attackers can use this feature to automatically connect to the network by getting the
network settings readily configured and can access the network. To avoid this use the
static IP addresses to the devices to connect to the wireless network.
References:
http://computer.howstuffworks.com/wireless-network1.htm
http://en.wikipedia.org/wiki/Wireless_network
http://en.wikipedia.org/wiki/Wi-Fi
http://compnetworking.about.com/od/wirelesssecurity/tp/wifisecurity.htm
http://www.thegeekpub.com/773/why-wpa-is-better-than-wep/
http://pcnineoneone.com/howto/80211bsecurity1/

15. Mobile Security
Providing mobile PC or mobiles to access Internet for

official purpose’s remote access to all business
applications may put a personal or organization’s
vital information at risk. For professionals or
individual users, using mobile or mobile PC, there are
plenty of benefits such as work from anywhere,
etc...The mobile devices have their own characteristics but also with security
concerns such as sensitive information access with mobiles.
There are various threats, which can affect the mobile users in several ways. For
example, sending multimedia messages and text messages to the toll free
numbers, unknowingly clicking for a message received through the mobile
phone. Now-a-days many malicious programs have come which will try to get
access over mobile phones and laptops and steal the personal information inside
it.
15.1 Security Concerns
15.1.1 Exposure of critical information
Small amounts of WLAN signals can travel significant

distance, and it’s possible to peep into these signals using a
wireless sniffer. A wireless intruder could expose critical
information if sufficient security isn’t implemented.
15.1.2 Lost or Stolen devices
Even if sufficient security is implemented in wireless Virtual

Private Networks (VPNs), if a device is lost or stolen. The entire
corporate intranet could be threatened if those devices aren’t
protected by a password and other user-level security measures.
15.1.3 Mobile Viruses

Mobile Viruses can be major threat, particularly with devices
that have significant computational capabilities. Mobile
devices, in general are susceptible to Viruses in several ways.
Viruses can take advantage of security holes in applications or
in applications or in the underlying Operating System and cause damage.
Applications downloaded to a mobile device can be as Virus-prone as desktop
applications. In some mobile OS, malformed SMS messages can crash the device.

Cyber Security Awareness Handbook PDF

Diunggah oleh

Informasi Dokumen

Judul Asli

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

Cyber Security Awareness Handbook PDF

Diunggah oleh

Hak Cipta:

Format Tersedia

Cyber Security Awareness Handbook

1.1 Cyber Security Awareness..................................................................................5

1.2 Importance of Cyber Security...........................................................................5

2.1 Definition of Computer Ethics............................................................................6

2.2 Internet Ethics for everyone................................................................................6

2.3 Ethical rules for computer users.........................................................................8

3.1 World Wide Web (WWW)....................................................................................9

3.2 Usage of Internet................................................................................................10

3.3 Features of Internet ...........................................................................................10

3.4 Benefits of Internet ............................................................................................11

3.5 Privacy Issues.......................................................................................................12

3.6 Peer To Peer (P2P) Networking........................................................................13

4. Search Engines and Web Browsers........................................................................17

4.1 Usage of search engines..................................................................................17

4.2 Internet Browser(s) Security .............................................................................17

4.3. Risks towards web browser..............................................................................19

4.4 How to secure your web browser?.................................................................20

5.1 Filtering Services in web browser.....................................................................27

5.2 Parental Control Bars.........................................................................................28

5.3 Procedure for installing Parental control toolbar.........................................30

Cyber Security HandBook CDAC Hyderabad & NIELIT 1

5.6 Spam filter............................................................................................................42

6. Internet Mediated Communication......................................................................43

6.1 e-Mail Security ....................................................................................................43

6.2 Instant Messaging..............................................................................................47

7.1 Tips to avoid risks by social networking .........................................................49

8.1 What is Social Engineering?.............................................................................51

8.2 How do they do this?.........................................................................................51

8.3 Social Engineering can be done in many ways..........................................52

8.4 How do you avoid being a victim?................................................................54

8.5 What do you do if you think you are a victim?............................................55

9. Online Games and Computer Games.................................................................56

9.1 About online games..........................................................................................56

9.2. Things to be noted while downloading the games...................................56

9.3. Risks Involved......................................................................................................56

10. Safe Downloading..................................................................................................59

10.1 Safe Downloading and uploading...............................................................59

10.2 Risks by insecure downloads.........................................................................59

10.3 Tips for Safety downloads...............................................................................60

11.2 Risks involved in blogging ..............................................................................63

Cyber Security HandBook CDAC Hyderabad & NIELIT 2

11.4 Guidance for Parents on Blogging...............................................................63

12. Cyber Bullying..........................................................................................................65

12.1 Harassment and bullying................................................................................65

12.2 Cyber bullying can be done in the following ways..................................65

12.3 Tips and guidelines...........................................................................................66

13. Online Threats and Tips .........................................................................................68

13.1 Protect children from online threats.............................................................68

13.2 Most common online Threats.........................................................................69

13.3 Online Banking..................................................................................................71

13. 4 Online Shopping..............................................................................................73

13.5 Identity Theft......................................................................................................74

13.6 Tab napping......................................................................................................74

13.7 Clickjacking ......................................................................................................76

14. Wireless Network......................................................................................................79

14.1 What is a Wireless Network?...........................................................................79

14.2 Risks of using Unsecured Wi-Fi Network........................................................80

14.3 Tips for Wireless Home Network Security......................................................80

15. Mobile Security........................................................................................................85

15.1 Security Concerns............................................................................................85

15.2 Guidelines for securing mobile devices.......................................................87

16. Data Security............................................................................................................89

16.1 Importance of securing data........................................................................89