Internet Security

Acknowledgements
HRD Division
Department of Information Technology
Ministry of Communications and Information Technology
Government of India
PREFACE
"Three people can keep a secret only if two of them are dead!"
Benjamin Franklin
It's quite common to have such quotes as its not easy to keep a secret. As per
human tendency, a secret is never kept as a secret when it's explicitly said that
it's secret. Human nature tends to boost it up immediately whispering it to
others. Thus a secret is never a secret. Maintaining secrecy is nothing but
securing ourselves or our data.
In early days, it was not a great deal of emphasis on security as the systems were
all closed. In simple terms, the data flow among the systems was persisting, but it
was not beyond the organization but was in a simple LAN. Much of the technical
details like protocols used for communication etc was not known to public.But
today that's not the scenario everything is public, everything is open to all. It was
Internet that has changed the whole computer paradigm and brought
tremendous change in the way the computers communicate with each other. The
secured information is also been exchanged through this open world of Internet.
Being a common man, we use Internet for our routine tasks. We should know
how to use all the features provided by Internet securely so that the optimum
usage of Internet can be done keeping ourselves safe, in terms of privacy and
maintaining secrecy.
Information Security Awareness should reach children and students who are the
actual users for Internet and are the future of tomorrow. The importance of
Security is identified and the initiation was taken by Department of Information
Technology, Government of India by starting the project Information Security
Education and Awareness. The main objective of this project is to spread
awareness on Information Security among people.
As part of this programme, material like handbooks, cartoon books for kids,
posters, brochures are all developed by C-DAC Hyderabad. Parents and Teachers
also play a vital role in this program as they are the people who teach children
and students. This book mainly targets the Parents and Teachers as it covers
topics related to security and also stressed on points of how to carry the same
information to children and others. With all of your help, this project would
reach the success point.
Our Sincere Acknowledgements for the support provided by Department of

Information Technology, Ministry of Communications and Information
Technology, Government of India.
- C-DAC Hyderabad
Table of Contents
1. Introduction..................................................................................................................
7
1.1 Information Security Awareness........................................................................

7
1.2 Importance of Cyber Security...........................................................................

7
2. Computer Ethics..........................................................................................................
8
2.1 Definition of Computer Ethics............................................................................

8
2.2 Internet Ethics for everyone................................................................................

8
2.3 Ethical rules for computer users.......................................................................

10
2.4 Scenarios..............................................................................................................
11
3. Understanding Internet............................................................................................
12
3.1 World Wide Web (WWW)..................................................................................

12
3.2 Usage of Internet................................................................................................

13
3.3 Features of Internet ...........................................................................................

13
3.4 Benefits of Internet ............................................................................................

14
3.5 Privacy Issues.......................................................................................................

15
3.6 Peer To Peer (P2P) Networking........................................................................

16
4. Search Engines and Web Browsers........................................................................

18
4.1 Usage of search engines..................................................................................

18
4.2 Internet Browser(s) Security .............................................................................

18
4.3. Risks towards web browser..............................................................................

20
4.4 How to secure your web browser?.................................................................

21
5. Filtering services.........................................................................................................
29
5.1 Filtering Services in web browser.....................................................................

29
5.2 Parental Control Bars.........................................................................................

31
5.3 Procedure for installing Parental control toolbar.........................................32
5.4 Changing the parental control settings in the parental control toolbar 39
5.5 Spam filter............................................................................................................
43
6. Internet Mediated Communication......................................................................

44
6.1 e-Mail Security ....................................................................................................

44
6.2 Instant Messaging..............................................................................................

48
7. Social Networking.....................................................................................................
50
7.1 Tips to avoid risks by social networking .........................................................

50
8. Online Games and Computer Games.................................................................

52
8.1 About online games..........................................................................................

52
8.2. Things to be noted while downloading the games...................................52
8.3. Risks Involved......................................................................................................

52
8.4 Guidelines............................................................................................................
53
9. Safe Downloading....................................................................................................
55
9.1 Safe Downloading and uploading.................................................................

55
9.2 Risks by insecure downloads...........................................................................

55
9.3 Tips for Safety downloads.................................................................................

56
10. Blogging....................................................................................................................
58
10.1Types of blogs....................................................................................................
58
10.2 Risks involved in blogging ..............................................................................

59
10.3 Tips to avoid risks by blogging ......................................................................

59
10.4 Guidance for Parents on Blogging...............................................................

59
11. Cyber Bullying..........................................................................................................

61
11.1 Harassment and bullying................................................................................

61
11.2 Cyber bullying can be done in the following ways..................................61
11.3 Tips and guidelines...........................................................................................

62
12. Online Threats and Tips .........................................................................................

64
12.1 Protect children from online threats.............................................................

64
12.2 Most common online Threats.........................................................................
65
12.3 Online Banking..................................................................................................

67
12. 4 Online Shopping..............................................................................................

69
12.5 Identity Theft......................................................................................................

70
13. Mobile Security........................................................................................................

71
13.1 Security Concerns............................................................................................

71
13.2 Guidelines for securing mobile devices.......................................................

73
14. Data Security............................................................................................................

75
14.1 Importance of securing data........................................................................

75
14.2 Securing data by disposal..............................................................................

77
15. Physical Security......................................................................................................

78
15.1 Computer locks................................................................................................

78
15.2 BIOS Security......................................................................................................

78
15.3 In Organizations................................................................................................
79
16. Safe Practices..........................................................................................................

81
16.1 Operating System Security.............................................................................

81
16.1.2 Guidelines for securing the operating System........................................81
16.2 Password Security Policy ................................................................................

83
17. Virus Protection and Cleaner Tools......................................................................

88
17.1 Windows Based Tools.......................................................................................

88
17.2 Linux Based Tools..............................................................................................

90
18 . Lockdown, Auditing and Intrusion Detection Tools.........................................91
18.1 OS Lockdown Tools..........................................................................................

91
18.2 URL Scan Based Tools......................................................................................

92
18.3 Web Server Lockdown Tools..........................................................................

94
19.Security Assessment Tools.......................................................................................

97
19.1 Assessment Of OS Security Levels.................................................................
97
19.2 Assessment Of Database Security Levels..................................................

103
19.3 Assessment Of Application Security...........................................................

104
20.1 Security Update Solution Tools (Windows)................................................106
20.2 Windows Desktop Firewall Settings.............................................................

106
21. Security Update Detection Tools.......................................................................

112
21.1 MBSA.................................................................................................................
112
21.2 Microsoft Office Visio 2007 Connector......................................................112

1. Introduction
1.1 Information Security Awareness
Information Security needs have to be addressed at all levels, from the individual
user to an organization and beyond that to the government and the nation.
Information Security is becoming synonymous with National Security as
Computer Networking, which is vulnerable to Cyber attack and forms the
backbone of critical infrastructure of the country's banking, power,
communication network, etc... It is, therefore, important to have secure
Computer Systems and Networks. Also, increased focus on outsourcing of IT and
other services from developed countries is bringing the issue of data security to
the fore. Furthermore, owing to the massive Internet boom, a lot of home users
with little or no prior knowledge of the threats and their countermeasures are
exposed to the Internet. This, the attackers, can exploit to expand their base of
malicious activity and use innocent people for their schemes. Consequently, we
aim to spread the education to school children, teachers, parents and senior
citizens and equip them with the knowledge needed to mitigate the threat.
Looking at the growing importance of the Information Security, Department of

Information Technology, Ministry of Communications and Information
Technology, Government of India has formulated and initiated the Information
Security Education and Awareness (ISEA) programme. One of the activities
under this programme is to widely generate information security awareness to
children, home users and non-IT professionals in a planned manner.
1.2 Importance of Cyber Security

Cyber security is important for the users because they have to protect
themselves against identity theft. Organizations including government also need
this security to protect their trade secrets, financial information, and some
sensitive or critical data. Since all sensitive information that is mostly stored on a
computer is connected to the Internet, there is a need for information assurance
and security. So, in order to have Cyber Security, everyone should follow the
Cyber Security standards that enable us to protect various Malware threats.
A poor cyber security practice arises

because of some of the following
reasons. Poor administrative guidelines
of application, poor software coding,
which may be vulnerable and improper
usage of Cyber Security practices.
2. Computer Ethics
2.1 Definition of Computer Ethics
Ethics are a set of moral principles that govern an individual or a group on what
is acceptable behaviour while using a computer. Computer ethics is a set of
moral principles that govern the usage of computers. One of the common issues
of computer ethics is violation of copyright issues.
Duplicating copyrighted content without the authors approval, accessing

personal information of others are some of the examples that violate ethical
principles.
2.2 Internet Ethics for everyone

Internet ethics means acceptable behaviour for using Internet. We should be
honest, respect the rights and property of others on the Internet.
2.2.1 Acceptance
One has to accept that Internet is not a value free-zone.It

means World Wide Web is not a waste wild web it is a place
where values are considered in the broadest sense so we must
take care while shaping content and services and we should
recognize that Internet is not apart from universal society but it
is a primary component of it.
2.2.2 Sensitivity to National and Local cultures
It belongs to all and there is no barrier of national and local

cultures. It cannot be subject to one set of values like the
local TV channel; or the local newspaper .We have to
accommodate multiplicity of usage.
2.2.3 While using e-Mail and chatting
Internet must be used for communication with family and

friends. Avoid chatting with strangers and forwarding e-
mails from unknown people/strangers. And we must teach
children about risks involved in chatting and forwarding e-
mails to strangers.
2.2.4 Pretending to be someone else

We must not use Internet to fool others by pretending to be
someone else. Hiding our own identity to fool others in the
Internet world is a crime and may also be arisk to others. Its our responsibility
to teach children the same.
2.2.5 Avoid Bad language
We must not use rude or bad language while using e-Mail,

chatting, blogging and social networking, we need to respect
their views and should not criticize anyone on the Internet and
the same should be taught to children.
2.2.5 Hide personal information
We should teach children not to give personal details like

home address, phone numbers, interests, passwords. No
photographs should be sent to strangers and they should
be asked to hide their personal details from strangers
because it might be misused and shared with others
without their knowledge.
2.2.6 While Downloading
Internet is used to listen and learn about music, It is also

used to watch videos and play games. We must not use it
to download them or share copyrighted material. The
same should be taught to children, and they must be
aware of the importance of copyrights and issues of
copyright.
2.2.7 Supervision
You should know what children are doing on the Internet and
the sites they visit on the Internet and should check with whom
they are communicating.Restrict them browsing inappropriate
sites. Parental involvement is essential when a child is using
the Internet in order to make him follow the rules.
2.2.8 Encourage children to use Internet
We must encourage children, students and others to gain the knowledge from
the Internet and use it wisely. Internet is a great tool where we can gather
information which can be used for learning.
2.2.9 Access to Internet

The Internet is a time-efficient tool for everyone that enlarges the possibilities
for curriculum growth. Learning depends on the ability to find relevant and
reliable information quickly and easily, and to select, understand and assess that
information. Searching for information on the Internet can help to develop these
skills. Classroom exercises and take-home assessment tasks, where students are
required to compare website content, are ideal for alerting students to the
requirements of writing for different audiences, the purpose of particular
content, identifying and judging accuracy and reliability. Since many sites adopt
particular views about issues, the Internet is a useful tool for developing the
skills of distinguishing fact from opinion and exploring subjectivity and
objectivity.
2.3 Ethical rules for computer users
Some of the rules that individuals should follow while using a computer are
listed below:
Do not use computers to harm other users.

Do not use computers to steal others information.
Do not access files without the permission of the owner.
Do not copy copyrighted software without the authors permission.
Always respect copyright laws and policies.
Respect the privacy of others, just as you expect the same from others.
Do not use other user's computer resources without their permission.
Use Internet ethically.
Complain about illegal communication and activities, if found, to Internet
service Providers and local law enforcement authorities.
Users are responsible for safeguarding their User Id and Passwords. They
should not write them on paper or anywhere else for remembrance.
Users should not intentionally use the computers to retrieve or modify
the information of others, which may include password information, files,
etc..
2.4 Scenarios
2.4.1 Scene 1
Ravi asked kishore if he could look at the essay written by him, He said sure and
didnt think much about it. After some days their essays were verified by the
class teacher who asked kishore to stay after class. The teacher pointed out that
their essays were similar and asked for an explanation.
So always teach and guide children not to copy content or information from
Internet or from classmates.
2.4.2 Scene 2
Vicky has stepped out from the computer lab without logging off. Bob sits on
Vickys computer, logs-in as Vicky, sends false e-mail messages to a number of
students and posts similar messages on the class newsgroup.
So teach children that they must never misuse others computers and e-mail IDs
to harm others and defame them.
3. Understanding Internet
There are different definitions for Internet but the meaning is the same as shown
below
Def 1: The series of interconnected network allowing communication of data

surrounded by millions of computers worldwide.
Def 2: A global communication network that allows computers worldwide to

connect and exchange information.
Def 3: A worldwide system of computer network, a network of networks in

which users at any one computer can get information from any other computer.
The word Internet exactly means network of networks. The Internet consists
of thousands of smaller regional networks spread throughout the world. It
connects approximately 80 million users in Asian countries on any given day.
The Internet is referred as a physical part of the

global network. It is a giant collection of cables and
computers. No one owns the Internet, though
there are companies that help out to manage
different parts of the networks that tie everything
together, there is no single governing body that
controls what happens on the Internet. The
networks within different countries sponsor the
finance and manage according to the local procedure.
3.1 World Wide Web (WWW)

Generally, everyone thinks that the Internet and web are same, but it is false.
The web is a software application or services that run on the Internet. It is a

collection of documents and resources. It is one of the fastest growing parts of
the Internet. It provides easy access to a huge range of information that is stored
on computers around the world
3.1.1 What is Web site?
Web site contains one to millions of inter connected pages, has hyperlinks to
connect and help to find your way around the web site. You can find different
kinds of information on the web- like games, health matters, holiday destination,
train timetables, weather forecast and many more. There are millions of web
sites available on the Internet, and you can find any thing that interests you.
3.1.2 A Web Address
Each Web site has its own unique address, which is called a Uniform Resource
Locator or URL. To visit a site, you need to type its address in the address bar of
your web browser.
3.2 Usage of Internet

The Internet is used mainly for communication, to gather information, education,
entertainment, current affairs, online learning, commerce, publishing, etc.
In the usage of Internet, publishing is not just used for organization or

businesses, anyone can create their own web sites and publish their information
or files on the Worldwide Web.
Through the Internet, thousands of people around the world are able to access
information from their homes, schools, Internet cafes and workplaces.
The Internet is a global collection of computer network, that help in exchanging

data using a common software standard. Internet users can share information in
a variety of forms.
The user can connect easily through ordinary personal computers and
share the knowledge, thoughts by making the use of an Internet.
We can send electronic mail (e-Mail) to family members and friends with
accounts on the Internet, which is similar to sending letters by post. The
E-mail can be sent within minutes no matter where they are without
postal stamps etc.
We can post information that can be accessed by others and can update it
frequently.
We can access multimedia information that includes video, audio, and
images.
We can learn through Web-Based Training and Distance Learning on the
Internet.
3.3 Features of Internet
3.3.1 Geographic sharing
The geographic sharing of the Internet continues to spread, around the world
and even beyond. A main feature of the Internet is that once you have connected
to any part of it, you can communicate with all of it.
3.3.2 Architecture
The architecture of Internet is most ever communication network designed. The

failure of individual computers or networks will not affect its overall reliability.
The information will not change or destroy over time or while transferring in
between sites.
3.3.3 Universal Access

It is easy to access and make the information like text, audio, video and also
accessible to a worldwide people at a very low price. Access to Internet is same
to everyone no matter where they are.One can connect to any computer in the
world, and you can go to many excited places without leaving your chairs.
3.4 Benefits of Internet

There are many advantages of Internet:
The Internet is data and information loaded, including a range of medium.

The Search engines that are available online are, fast and powerful.
The Internet is easy to use.
Students can become researchers because of easier access to data.
Students are motivated to share their work online with the world.
The Internet appeals to different learning styles.
Unlike paper the web can present dynamic data sources which change
over time.
The characters in an e-Mail don't get transposed or mixed up when they
are sent over long distances.
Student can access libraries around the world.
The Internet is a very big storeroom of learning material. As a result, it

significantly expands the resources available to students beyond the standard
print materials found in school libraries.Students can access the latest reports on
government and non-government websites, including research results, scientific
and artistic resources in museums and art galleries, and other organizations with
information applicable to student learning. At secondary schooling levels, the
Internet can be used for undertaking reasonably tricky research projects.
As Internet is a powerful resource for learning, and is an efficient means of

communication, it is very useful in education and provides a number of learning
benefits. It includes the development of independent learning and research skills,
by improving access to specific subject learning across a wide range of learning
areas, as well as in integrated or cross-curricular studies and communication and
collaboration, such as the ability to use learning technologies to access resources,
create resources and communicate with others.
3.4.1 Access to Internet
The Internet is a time-efficient tool for teachers that enlarges the possibilities for
curriculum growth. Learning depends on the ability to find relevant and reliable
information quickly and easily, and to select, understand and assess that
information. Searching for information on the Internet can help to develop these
skills. Classroom exercises and take-home assessment tasks, where students are
required to compare website content, are ideal for alerting students to the
requirements of writing for different audiences, the purpose of particular
content, identifying and judging accuracy and reliability. Since many sites adopt
particular views about issues, the Internet is a useful tool for developing the
skills of distinguishing fact from opinion and exploring subjectivity and
objectivity.
The Internet is a great tool for developing the communication and collaboration
skills of students and children. Above all, the Internet is an effective means of
building language skills. Through e-Mail, chat rooms and discussion groups,
students learn the basic principles of communication in the written form. This
gives teachers the opportunity to incorporate Internet-based activities into
normal literacy programs and bring variety to their teaching strategies.
Collaborative projects can be intended to improve students literacy skills,

generally through e-Mail messaging with their peers from other schools or even
other countries. Collaborative projects are also useful for engaging students and
providing significant learning experiences. In this way, the Internet becomes an
effective means of advancing intercultural understanding. Moderated chat rooms
and group projects can also provide students with opportunities for
collaborative learning.
3.5 Privacy Issues

Many children are skilled navigators of the Internet. They are comfortable using
computers and are fascinated by the information and images that can be
explored at the click of a mouse. Recent figures show that 90% of school-age
children have access to computers either at home or at school. The ability to
interact and communicate with others is one of the biggest attractions of the
Internet for children. We are watching about spending time with people in chat
rooms and instant messaging through mobiles, playing games, entering contests
and filling forms in popular online activities. Unfortunately, most parents don't
really understand how such activities can put their children's privacy at risk or
even threaten their safety. Surprisingly in India, most parents never know about
some of the activities that their child is participating on the Internet.
In todays Internet communications scenario, the personal data is valuable and
protecting the same has become a skill that the children need to understand and
learn.
The privacy of children can be compromised in certain online activities:
Filling forms for various surveys, contests, downloading games on

commercial or free web sites.
Giving details about personal information when registering for e-mail
access, Chat access.
Providing information when registering for free game downloads.
Providing information when registering for social networking web sites.
3.5.1 Privacy
Some websites prompt students to complete a form revealing their name, e-Mail
address, age and gender, and sometimes even their telephone number and postal
address, in order to access information. Some requests are legitimate: much
depends on the nature of the website requesting the information. Providing
personal information online can result in a student being targeted for spam
(unsolicited e-Mail), advertising materials and/or viruses. Privacy issues also
apply to students developing personal websites and publishing online. Personal
details, including photographs of themselves or other students, may lead to the
information being captured and reused by others for illicit purposes.
3.6 Peer To Peer (P2P) Networking

A peer to peer (or P2P) computer network uses diverse connectivity between
participants in a network and the cumulative bandwidth of network participants
rather than conventional centralized resources where a relatively low number of
servers provides the core services. Sharing content such as audio, video, data or
any form of digital data by connecting the nodes via largely ad hoc networks.
Risks in Peer to peer networking due to their unstructured networks and sharing
with unknown computers or persons may rise to affect or infect your computers
with viruses, spam's
3.6.1. Exposing your Computer to Unwanted Software

Usually, many peer-to-peer file sharing programs do not employ good security or
access control. If users are not familiar with the programs or if there is improper
configuration of the settings, it will be dangerous for all the contents stored in
user's hard disk to be exposed to other users.
3.6.2. Contracting Computer Viruses

Besides, the computers of P2P software users can easily contract computer
viruses especially when the file downloaded is from an unknown source.
Moreover, these P2P programs may also contain viruses and worms, which
prevent users computers from functioning properly.
3.6.3 Infringing Copyright

Many copyright laws infringing copies of entertainment files e.g. MP3 Music files,
VCD video files etc. and software are often shared by P2P software.
The act of unauthorized uploading of a copyright works for others to download
may attract civil or even criminal sanctions. Unauthorized downloading of
copyright works entails civil liability.
3.6.4 Slowing down your School Internet Speed

Last but not least, if you host a large amount of files for other people to download
through P2P software via the School campus network, the network traffic thus
created can slow down the entire campus network.
3.6.5. Tips for P2P Networks
Use filtering software you trust to filter the data communication from
your system.
Use file sharing program controls and adjust the P2P program to run
whenever required. Disable automatic starting.
Always update Operating System, Anti virus and Anti Spyware packages.
Do not use an administrative account. It may expose the whole system to
other users in P2P networks. Create separate account for normal
operations.
Treat all download files with suspicion.
Take back up of important files. This will help you in recovering the files.
Delete any pirated software, files, etc. Alternatively, do not download
them at all.
4. Search Engines and Web Browsers
Search engines can provide fast, easy access to any kind of material on the
Internet.Most search engines allow you to block search results that are
unsuitable for children.Blocking inappropriate search results greatly reduces the
chance that your children will stumble across dangerous or objectionable
material on the Internet.These search result filters are not foolproof.Some
unwanted content may still apear in the search results
4.1 Usage of search engines

You can search any individual web page using the CTRL-F command. Many
websites also offer search boxes that let you search all the pages in the site, or
records in its database. Searching is usually the most efficient way to find
information.
Words searched for in a search command are searched in any order. Use spaces
to separate keywords in a simple keyword searching. To search keywords
exactly as keyed Enclosing keywords in "double quotation marks" forms a
phrase in most search engines. Sometimes a phrase is called a "character string."
4.1.1 Use +REQUIRE or -REJECT A TERM OR PHRASE

Insert + immediately before a term with no space, to limit search to documents
containing a term. Insert - immediately before a term with no space, to exclude
documents containing a term.
4.2 Internet Browser(s) Security

Web browser is used to gain access to information and also resources on the
World Wide Web. It is a software application used to trace and display the web
pages .The main purpose of a web browser is to bring the information resources
to the user. The process begins with uniform resource identifier (URI) or
uniform resource locator.
4.2.1 Uniform Resource Locator (URL)
The URL represents http://www.infosecawareness.in
Each URL is divided into different sections as shown below
http:// In short, http means the hypertext transfer protocol and the file is a
web page and every time you dont need to type the http, it is automatically
inserted by the browser.
www World Wide Web
infosecawareness site name
.in It is one of the domains name, which is basically a country name.
Other domain names are .com (commercial organization), .net (network domain)
etc.
(The organization address and location of the organization address are known as
the domain name).
co.in suffix or global domain name shows the type of organization address and
the origin of the country like the suffix co.in indicates a company in India.
Generally a web browser connects to the web server and retrieves the
information.Each web server contains the IP address, and once you are
connected to the web server by using http, it reads the hyper text mark-up
language (HTML) which is a language used to create document on World Wide
Web in which the same document is displayed in the web browser .
In short, a browser is an application that provides a way to look at and interact

with all the information on the World Wide Web.
4.2.2. Understanding usage of Web browsers
A Web browser is a software application that runs on the Internet and allows
viewing the web pages, as well as content, technologies, videos, music, graphics,
animations and many more.
In other words, a browser is an application that offers a method to look at and

interact with the entire information on the World Wide Web.
4.2.3 Types of web browsers
There are different types of web browsers available

with different features. A web browser is a tool used not
only on the personal computers, but is also used on
mobile phones to access the information. There are
different technologies that support web browsers like
Java, frames, XHTML and many more. Web browsers are
also available in different languages like English,
German, Chinese, Arabic and many more .By knowing
all the web browsers and their uses, it will become easier to improve the Internet
usage.
4.2.4 Some of the popular web browsers
4.2.4.1 Internet Explorer
It is known as Microsoft Internet Explorer in short IE. It is one of the most

popular web browsers.The latest edition of IE is available with
some of the Windows operating system like Windows XP,
windows 2003 and Windows Vista.
4.2.4.2 Mozila Firefox
It is a free, open source web browser developed by Mozilla

corporation .The browser can be used in different operating systems
like windows, MAC, Linux, etc.
4.2.4.3 Google chrome
It is a web browser designed for a Windows operating system.

This browser works on windows XP and Windows Vista.
4.2.4.4 Safari
It is a web browser developed by Apple Corporation. It is a default

web browser of MAC OS X .This browser also works on Windows XP
and Windows Vista.
4.3. Risks towards web browser
There are increased threats from software attacks taking

advantage of vulnerable web browsers. The vulnerabilities
are exploited and directed at web browsers with the help
of compromised or malicious websites.Exploiting vulnerabilities in web
browsers have become a popular way for attackers to compromise computer
systems, as many users do not know how to configure their web browser
securely or are unwilling to enable or disable functionality as required to secure
their web browsers.
4.3.1. Secure web browser

By default, a Web browser comes with an operating system,
and it is set up with default configuration, which doesn't have
all secure features enabled in it. There are many web browsers
installed in computers like Internet explorer, Mozilla, Google Chrome, etc. That
are used frequently. Not securing a web browser leads to problems caused by
anything like spyware, malware, viruses, worms, etc. Being installed into a
computer this may cause intruders to take control over your computer.
There is an increased fear of threat from software attacks which may take
advantage of vulnerable web browsers. Some softwares of a web browser like
Javascript, Active X, etc may also cause vulnerabilities to the computer system. So
it is important to enable security features in the web browser you use which will
minimize the risk to the computer. Web browsers are frequently updated.
Depending upon the software, features and options may change. It is therefore
recommended to use the updated web browser.
4.3.2 Security zone

Security zone in an Internet web browser lets you secure the browser and offers
to trust the people and companies on the Internet. This helps to decide and adds
which sites to be allowed to run the application, scripts, add-ons, install a plug-in
on your computer .Security zone also contains other features like adding an
address of web sites under restricted sites. This feature is available in Internet
explorer and this blocks the un trusted sites or attack sites. This feature is
available in fire fox, which varies with different web browsers.
4.3.3 Trusted site

Internet is a network of people, with all kinds of stuff with
the different kind of people. Generally, you dont trust
everyone around you so why should all websites be trusted?
Moreover why do you allow everyone to come into your
computer without your authorization?
So use the feature of trusted sites in your web browser to

decide whom to trust.
4.4 How to secure your web browser?
4.4.1 Internet explorer (IE Version 8)

The following are some of the features and their settings of Internet explorer
From the menu select tools and choose the smart screen filter and click on
the turn on smart screen filter and enable the smart screen filter which is
recommended, this option is used to Avoid phishing scams and malware
.It alerts you if a site you are trying to open has been reported as unsafe.
In the Internet explorer, there is an option called Identify fake Web
addresses, this helps you to avoid false Web sites that are designed to
trap you with misleading addresses. The domain name in the address bar
is highlighted in black and the rest of the address is in grey to make it easy
to identify a Web site's true identity.
From the tools menu select the option, In private filtering settings, this
option is used for Browse privately. If you want to protect yourself
from fraud when you use a public computer, it's a good idea to erase your
tracks. In Private Browsing it is told to the Internet Explorer not to
record or save your browsing history, temporary Internet files, from data,
cookies, and user names and passwords?
There is one feature in Internet explorer that is Detect malicious

code. The new Cross Site Scripting (XXS) Filter helps detect malicious
code that's running on compromised Web sites. This type of code is used
in identity theft.
From the tools menu of Internet explorer select the Internet options and
then click on the security tab and check the current security settings and
change the settings of the security zone as per the necessisity.
To change the security setting under security level move the slider up to
increase the security level from a medium to high level.
Enable the protected mode using this option, all the websites are opened
in protected mode.
To add or remove trusted or restricted websites, click on the sites option

and then click on the add or remove button and enter your list of sites for
the selected zone.
Select the advanced tab and select the options as you want like enable
Use SSL 3.0, Use TLS 1.0.
For more settings and controls click on the custom level and then select
the options you want.
In the browser settings from the menu bar click tools select Pop-up
blocker Turn-on pop-up blockers. Alternatively In Internet Explorer
click Internet OptionsSelect Privacy Mark Turn on Pop-up Blocker
as shown below:
4.4.2. Firefox 3.5 Browser
The following are the features and their setting of Mozila firebox web browser :
Anti malware feature in a firebox protects you from viruses, worms, Trojan
horses and spyware. If you accidentally access a vulnerabile site, it will warn you
from the site and tell you why it is not safe to use. Firefox checks every part of a
Web page before loading it to make sure nothing harmful is sneaking through the
back door.
Security settings in a firebox control the level of examination youd like Firefox to
give a site and enter exceptionssites that dont need the third degree.
Customize settings for passwords, cookies, loading images and installing to add-
ons for a fully empowered Web experience as shown below
From the tools menu of the firebox browser select the options and then
click on the security tab.
Under security tab enable the options like warn me when sites try to
install the add-ons in and to add or remove the sites click on the
exceptions tab and add or remove the sites you want.
Enable the option tell me if the site Im visiting is a suspected attack site.
Enable the option tell me if the site I am using is a suspected forgery
Firefox gets a fresh update of web forgery sites 48 times in a day, so if you
try to visit a fraudulent site thats pretending to be a site you trust a
browser prompts you a message and will stop you.
Disable the option remember passwords for sites Firefox integrated the
feature into your surfing experience. Choose to remember site
passwords without intrusive pop-ups. Now youll see the remember
password notification integrated into your view at the top of the site
page, and if you choose the never remember passwords for sites it will
not show any notification.
Select the advanced tab and enable the encryption tab in order to have a
secure data transfer and use SSL 3.0 .
In Firefox web browser select Tools options select contentenable
Block pop-up windows as shown below
Antivirus software is a feature that integrates smartly with your antivirus
software. When you download a file, your computer antivirus program
automatically checks it to protect you against viruses and other malware,
which could otherwise attack your computer.
The other features are automated updates. This lets us to find the security
issues and fix updates and make the safe surfing and receive automatic
notification or wait until you are ready.
Privacy settings in a Firefox control the level of examination youd like

Firefox to give a site and enter exceptionssites that dont need the third
degree. Customize settings for, cookies, Remembering passwords,
downloads and History storage as shown below
4.4.3. Google Chrome 2.0
The following are the features and security settings of Google chrome web
browser:
From the setting menu select the Incognito window a new window
appears. Pages you view from this window wont appear in your web
browser history or search history.They wont leave any traces like cookies
after you close the incognito window any files you download or
bookmarks will be preserved.
Chrome there is a new feature that has an own Task Manager that
shows you how much memory and CPU usage each tab and plug-in is
using. You can open it by clicking Shift-Esc from within Chrome or place
the cursor on a window and right click and select the Task Manager. You
can get more details by clicking the Stats for nerds link, which is on the
Task Manager, and it will open a page with full details of memory and
CPU usage for each process within the browser. It is used to close a bad
process in one tab and wont kill your whole browser session.
One of the features of chrome is dynamic tabs.Here you can drag tabs
out of the browser to create new windows, gather multiple tabs into one
window or arrange your tabs. However, you wish and it becomes quick
and easy to login into the desired sites i.e. reopen the closed sites.
The safe browsing feature in the Google Chrome displays a warning if the
web address listed in the certificate doesn't match the address of the
website .The following are the steps for safe browsing setting in Google
Chrome.
From the settings tab select the options and select under the hood
under privacy enable the option show suggestions for navigation error.
Enable the option use a suggestion service to help complete searches and
URLS typed in the address bar.
Enable DNS pre-fetching to improve page load performance.
Enable the phishing and malware protection.
In Google Chrome web browser Select Tools options Select under the
hood Under cookies select the Restrict how third party cookies can be
used only first-party cookie information is sent to the website. Third-
party cookie information isn't sent back to the websites that originally set
the third-party cookies as shown below
Under minor tweaks enable the never save passwords.

Under computer wide SSL settings enable the option use SSL 2.0.
From the page menu select the create application shortcuts, this is used if
you want some websites to be viewed regularly, and you may want to
create application shortcuts for the desired websites that can be placed
on your desktop, Start menu or quick launch menu so you can choose any
one of these options .After creating, if you double-click on the shortcut
icon on the desktop or start menu, the websites open in a special window
that dont display tabs, buttons, address bar or menus.
Many of the browser functions are available instead in the drop-down
menu that appears when you click the page logo in the upper-right corner
of the window. If you click a link that takes you to a different website, the
link opens in a standard Google Chrome window so you won't lose track
of your website.
4.4.4 Safari 4 Browser
The following are the features of safari secure web browser
Phishing Protection
Safari protects you from fraudulent Internet sites. When you visit a suspicious
site, Safari warns you about its suspect nature and prevents the page from
loading.
Malware Protection
Safari recognizes websites that harbour malware before you visit them. If Safari
identifies a dangerous page, it warns you about the suspect nature of the site.
Antivirus Integration
Thanks to support for Windows Attachment Monitor, Safari notifies your

antivirus software whenever you download a file, image, application, or other
item. This allows the antivirus software to scan each download for viruses and
malware.
Secure Encryption
To prevent eavesdropping, forgery, and digital tampering, Safari uses encryption

technology to secure your web communications. Safari supports the very latest
security standards, including SSL versions 2 and 3, Transport Layer Security
(TLS), 40- and 128-bit SSL encryption, and signed Java applications.
Automatic Updates
Get quick, easy access to the latest security updates. Safari takes advantage of
Apple Software Update, which checks for the latest versions of Safari when
youre on the Internet.
Pop-Up Blocking
By default, Safari intelligently blocks all unprompted pop-up and pop-under

windows, so you can avoid distracting advertisements while you browse.
Cookie Blocking
Some companies track the cookies generated by the website you visit, so they
can gather and sell information about your web activity. Safari is the first
browser that blocks these tracking cookies by default, better protecting your
privacy. Safari accepts cookies only from your current domain.
5. Filtering services
5.1 Filtering Services in web browser
The content filtering over the Internet sometimes called parental controls, these
are used to block any access to offensive websites. It is not guaranteed but it can
be very helpful.
5.1.1 What is content filtering?
People find some inappropriate content like images of sex, violence or strong
language on the Internet.
As Internet is a free zone anyone can post anything and there is no effective
restriction on the Internet itself. As a result, many people use content filtering
software and set browser settings to block offensive websites.
5.1.2 How to enable content filtering?
In Internet Explorer, there is an option to restrict the web sites and access only
those web sites set by a user.
In Internet Explorer web browser select tools Internet optionsSelect

content Click enable
In Google search engine there is option for a safe search filtering Click on
preference or search preferences Safe search filtering Select desired option
In Yahoo search engine there is option for a safe search filtering Click on
Advanced Select desired option
Remember none of these filtering features are 100 % accurate- and some
unsuitable content may still slip through.
It is important to teach your children to surf the web safely and take time to
explore the Internet with them.
5.2 Parental Control Bars
Parental Control Bar is a simple, powerful tool to help shield your children from
explicit websites. Simply activate Child-Mode while your children surf the
Internet, and the toolbar will block access to adult-oriented websites. Ensure
that your child is safe while using the Internet .
Parental controls will provide you with the advantage of being able to do the
following
Enforce time limits to child Internet activity set by parent.

Block access to materials (pictures) identified as inappropriate for kids.
Monitor your childs activity on the Internet by storing names of sites
and/or snapshots of material seen by your child on the computer for you
to view later.
Set different restrictions for each family member.
Limit results of an Internet search to content appropriate for kids.
5.2.1 Parental control Bars in Web Browsers
5.2.1.1 Internet Explorer 8
The Parental Control Bar in Windows vista OS supports for Internet Explored by
default. For information on setting up parental controls in Windows Vista.
Open Parental Controls by clicking the start button, clicking Control Panel, under
User accounts, clicking Setup Parental Controls. If you are prompted for an
administrator password or confirmation, type the password or provide
confirmation.
Then click the standard user account for which to set Parental Controls
Under Parental Controls, Click On.
Once you've turned on Parental Controls for your child's standard user account,
you can adjust the individual settings that you want to control. You can control
the following areas like web restrictions, time limits , games, can block specific
programs.
Third party parental control bar tools can be downloaded from the following
links.
Go to following website and download

http://www.ieaddons.com/en/details/Security/ParentalControl_Bar/
5.2.1.2 Firefox Browser in Windows
There are many Firefox addons or extensions, which we can download from
https://addons.mozilla.org/en-US/firefox/search?q=parental+control&cat=all
Some of the products/addons for Firefox
5.2.1.3 Glubble for Families
Glubble allows you to create a private family page where you can monitor and
support your childrens online activities. Glubble provides games, chat, safe
surfing, and a Family Photo Timeline service for uploading, storing, and sharing
your photos online. Glubble integrates Ask for Kids, a safe search engine for
children.
https://addons.mozilla.org/firefox/addon/5881
5.2.1.4 ProCon filters
Web page content by using a list of inappropriate words and replacing them
with asterisks (***). Note that the bad word filter does not block websites
containing the words; you must add the website to a Blacklist. ProCon can also
block all traffic, making sure that only desired websites (set in the Whitelist) can
be accessed. You can manage "white" and "black" lists of sites and pages. ProCon
also has password protection in order to keep others from changing the settings
5.2.1.5 ProCon Latte
In addition to Firefox extensions, there are many third-party software packages

that can filter content through your operating system or at the point where your
network connects to the Internet.
Available: https://addons.mozilla.org/firefox/addon/1803
5.3 Procedure for installing Parental control toolbar.

1. Double click parental control setup downloaded from the website.
2. After double clicking, it will ask to close any other browser windows. Click OK
button.
3. Click I agree button to agree the license agreement..
4. The wizard asks for the parental control password which will be used to
manage parental control settings.
5. Type the password and enter a question which will be used as a hint when you
forget the password typed earlier. Be sure that your child doesnt know the
answer for the question.
6. Type the e-Mail address, to which the parental password will be sent and click
Next.
7. Next the installation starts by taking appropriate files from the website and
completes with in a few minutes.
8. The parental control bar will be added to the Internet Explorer browser as
shown above
9. Below shows the parent button showing that the browser is acting in parent
mode.
10. Type the website that you want to block for children and click the button
Block this site.
11. To block this site parental control bar asks password.

12. After entering the password and clicking OK. A window opens telling that the
site is blocked.
13. Whenever child wants to browse the website, the browser should be in child
mode. So click parent mode button, so that the browser is changed to child
mode. Then the parent control toolbar appears as shown below telling that child
safe mode is now active.
14. Click ok.
15. When the child wants to browse the blocked site, it asks for the password
to open the site which is shown as below.
16. Now if the child wants to view the website without entering password, an
error occurs like this.
5.4 Changing the parental control settings in the parental
control toolbar
1. To change settings for allowing and blocking websites, click the 'change
parental settings'.
2. After clicking change parental settings, a window opens and asks for the
parent control password.
3. Type the password and click ok. After that a window opens like this.
4. You can add sites in the allowed list by clicking the allowed site list tab.
5. Type the website that you want to allow and click allow button as shown
below.
6. You can also add sites in the blocked list by clicking blocked site list.
7. Type the website that you want to block and click block button as shown in
the below figure.
8. You can also filter some type of contents by clicking basic site filters tab.
9. The following window appears after click the Basic site filters tab.
10. By default, the following types of sites are filtered.

11. You can also block other types of sites by checking the block button.
5.5 Spam filter
Along with the content filter and website filter nowadays all the e-Mail services
providers are built with spam filter.
Click on the spam filter option and add e-Mail ID which you feel not a trusted ID
or e-Mail ID of an unknown user.
Example as shown below

6. Internet Mediated Communication
6.1 e-Mail Security
e-Mail is a short form of electronic mail. It is one of the widely used
services on the Internet. e-Mail is used for transmission of
messages in a text format over the Internet. The message can be
sent by using the receiver e-Mail address and vice versa. e-Mail
can be sent to any number of users at a time it takes only few
minutes to reach the destination. e-Mail consists of two components, the
message header contains control information, an originator's e-Mail address and
one or more recipient addresses and message body, which is the e-mail content.
Some e-Mail systems are confined to a single computer system or to a small

network, and they are connected to the other e-Mail systems through the
gateway, which enables the users to connect to anywhere in the world. Though
different electronic mail systems have different formats, there are some
emerging standards like MAPI, X.400 that enables the users to send messages in
between different electronic mail systems.
MAPI is a Mail Application Programming Interface, system built in Windows,

which allow different mail applications working together for distributing mails.
Until MAPI is enabled on both the applications the users can share mails with
each other.
X.400 is the universal protocol that provides a standard format for all e-Mail
messages. X.500 is an extension to X.400 standard, which provides standard
addressing formats for sending e-Mails so that all e-Mail systems are linked to
one another.
6.1.1 How an e-Mail works?
The working of e-Mail is as shown in the figure below. Each mail server consists
of two different servers running on a single machine. One is POP3 (Post Office
Protocol) or IMAP (Internet Mail Access Protocol) server which holds the
incoming mails and the other SMTP (Simple Message Transfer Protocol) server
which holds the outgoing mails. SMTP works on the port number 25 and POP
works on the port number 110 and IMAP works on the port number 143.
In the figure shown above, Client 1 has an account in the mail server 1 and
Client 2 has an account in mail server 2.
When Client 1 sends a mail to Client 2, first the mail goes to the SMTP
server of mail server 1. Here the SMTP server divides the receiver address
into two parts username and domain name.
For example, if SMTP server receives user1@example.com as the

receivers address.It will separate into user1, which is a mail account in
destination mail server and example.com which is the domain name of
destination mail server.
Now with the help of the domain name it will request particular IP
address of the recipients mail server, and then it will send the message to
mail server 2 by connecting to its SMTP server.
Than SMTP server of Mail Server 2 stores the message in Client2 mailbox
with the help of POP3 in mail server 2. When the client 2 opens his
mailbox, he can view the mail sent by client 1.
6.1.2 POP3 Server
POP3 server contains a collection of text files one for each mail account.
When a message has arrived to a particular user it will append that
message at the bottom of that particular user account text file.
When a user connects to the mail server for checking his mails, he
connects to POP3 server of that mail server through port 110. Here it
requires username and password to view his mailbox on the mail server.
IMAP is also similar to POP3 protocol.
6.1.3 Possible threats through e-Mail and guidelines for handling e-

Mails safely
e-Mails are just like postcards from which the information can be viewed by
anyone. When a mail is transferred from one mail server to another mail server
there are various stops at which there is a possibility of unauthorized users
trying to view the information or modify it.
Since a backup is maintained for an e-Mail server all the messages will be stored
in the form of clear text though it has been deleted from your mailbox. Hence
there is a chance of viewing the information by the people who are maintaining
backups. So it is not advisable to send personal information through e-Mails.
Say you have won a lottery of million dollars, Getting or receiving such kind of
mails is a great thing, and really its the happiest thing. However these mails may
not be true.By responding to such a kind of mails many people lost huge amount
of money. So ignore such kind of e-Mails, do not participate in it and consider it
as a scam.
Sometimes e-Mails offering free gifts and asking personal informa are received
from unknown addresses.This is one way to trap your personal information.
One way of stealing the password is standing behind an individual and

looking over their password while they are typing it or searching for the
papers where they have written the password.
Another way of stealing the password is by guessing. Hackers try all
possible combinations with the help of personal information of an
individual.
When there are large numbers of combinations of passwords the hackers
use fast processors and some software tools to crack the password. This
method of cracking password is known as Brute force attack.
Hackers also try all the possible words in a dictionary to crack the
password with the help of some software tools. This is called a dictionary
attack.
Generally spammers or hackers try to steal e-Mail address and send
malicious software or code through attachments, fake e-Mails, and spam
and also try to collect your personal information.
6.1.3.1 Attachments
Sometimes attachments come with e-mails and may contain executable code like
macros, .EXE files and ZIPPED files. Sometimes attachments come with double
extensions like attachment.exe.doc.By opening or executing such attachments
malicious code may downloaded into your system and can infect your system.
Tip: Always scan the attachments before you open them.

6.1.3.2 Fake e-Mails
Sometimes e-Mails are received with fake e-mail address like

services@facebook.com by an attachment named,
Facebook_Password_4cf91.zip and includes the file
Facebook_Password_4cf91exe" that, the e-mail claims,
contains the user's new Facebook password. When a user
downloads the file, it could cause a mess on their computer
and which can be infected with malicious software.
Tip: Always check and confirm from where the e-mail has been received,
generally service people will never ask or provide your password to change.
6.1.3.3 Spam e-Mails
Spam messages may trouble you by filling your inbox or your e-mail database.
Spam involves identical messages sent to various
recipients by e-Mail. Sometimes spam e-mails come with
advertisements and may contain a virus. By opening such
e-Mails, your system can be infected and your e-Mail ID is
listed in spammers list.
Tip: It is always recommended to ignore or delete spam e-mails.
6.1.3.4 e-Mails offering free gifts
Sometimes e-Mails are targeted at you by; unknown

users by offering gifts, lottery, prizes, which might
be free of cost, and this may ask your personal
information for accepting the free gift or may ask
money to claim lottery and prizes it is one way to trap your personal
information.
Tip: Always ignore free gifts offered from unknown users.
6.1.3.5 Hoaxes
Hoax is an attempt to make the person believe something which is false as true. It
is also defined as an attempt to deliberately spread fear, doubt among the users.
6.1.4 How to prevent?
6.1.4.1 Using filtering softwares
Use e-Mail filtering software to avoid Spam so that only messages from
authorized users are received. Most e-Mail providers offer filtering services.
6.1.4.2 Ignore e-mails from strangers
Avoid opening attachments coming from strangers, since they may contain a
virus along with the received message.
Be careful while downloading attachments from e-Mails into your hard disk. Scan
the attachment with updated antivirus software before saving it.
6.1.5 Guidelines for using e-Mail safely
Since the e-Mail messages are transferred in clear text, it is

advisable to use some encryption software like PGP (pretty
good privacy) to encrypt e-Mail messages before sending,
so that it can be decrypted only by the specified recipient only.
Use E-Mail filtering software to avoid Spam so that only messages from
authorized users are received. Most e-Mail providers offer filtering
services.
Do not open attachments coming from strangers, since they may contain a
virus along with the received message.
Be careful while downloading attachments from e-Mails into your hard

disk. Scan the attachment with updated antivirus software before saving
it.
Do not send messages with attachments that contain executable code like
Word documents with macros, .EXE files and ZIPPED files. We can use
Rich Text Format instead of the standard .DOC format. RTF will keep your
formatting, but will not include any macros. This may prevent you from
sending virus to others if you are already infected by it.
Avoid sending personal information through e-Mails.
Avoid filling forms that come via e-Mail asking for your personal
information. And do not click on links that come via e-Mail.
Do not click on the e-Mails that you receive from un trusted users as
clicking itself may execute some malicious code and spread into your
system.
6.2 Instant Messaging

Instant messaging (IM) is a real time text based
communication between two or more people connected
over the network like Internet. Instant message became
most popular with this you can interact with people in a
real time and you can keep the list of family and friends on
your contact list and can communicate until the person is online .There are many
instant service providers like AOL, Yahoo messenger, Google Talk and many
more.
6.2.1 Risks involved in IM

Hackers constantly access instant messages and try to deliver malicious codes
through the instant message and the code may contain a virus, Trojan, and
spyware and if you click on the file the code will enter your system and within
seconds it infects the system.
6.2.1.1 Spim
Spim is a short form of spam over instant messaging, it

uses IM platforms to send spam messages over IM. Like
e-mail spam messages, a spim message also contains
advertisements. It generally contains web links, by
clicking on those links malicious code enters into your
PC.
Generally, it happens in real time and we need to stop the work and deal with
spim as the IM window pop-ups, in the e-mail we have time to delete and we can
delete all spam at a time, or we can scan before opening any attachments. This
cannot be done in IM.
Tip: Avoid opening attachments and links in IM

7. Social Networking
Social networking means grouping of individuals into specific groups, like small
communities. Social networking is used to meet Internet users, to gather and
share information or experiences about any number of topics, developing
friendships, or to start a professional relationship. (Or)A simple Social
Networking site is where different people keeping different information related
to any particular thing at one place.For example Orkut, Facebook, etc.
Through social networking there are many advantages like we can get into any
kind of groups based on our hobbies, business, schools and many more, it is a
different communication tool to keep in touch with friends and colleagues.
Apart from all these advantages there are disadvantages like based on these
communication tools, sites can be trapped by scammers or any hackers so it is
very important to protect yourself.
These social networking sites are very popular with young people. They expose
them to risks they have always faced online but in a new forum: online bullying,
disclosure of private information, cyber-
stalking, access to age-inappropriate
content and, at the most extreme, online
grooming and child abuse.
For adults, who are also using these sites

in greater numbers, there are serious risks
too. They include loss of privacy and
identity theft. Adults too can be victims of
cyber-bullying and stalking.
7.1 Tips to avoid risks by social networking

Be careful about the information you put online , like if you put your
photo or video or your account details will stay for a long time and who
ever connected will see it. Generally, business people will see as part of
hiring process to know about everyone views and interests. However
hackers will use these sites to collect the personal information and may
misuse them.
Remember dont put anything personal like sensitive information about

your family details, addresses, personal photographs.
Most of the sites and services provide options for privacy settings and use
them to prevent attackers to view your information. You can also set the
privacy settings according to whom you want to allow seeing your
information.
Be careful if you want to meet a social networking friends in person, it

may not be true identity posted on a web site. Think before you meet. If
you are going to meet then do it in a public place during the day.
8. Online Games and Computer Games
8.1 About online games
An online game is a game played over a computer network via the Internet.
Online games range from normal text based to graphical based games.
Simultaneously Players can play the same game .The main advantage of online
games is the ability to connect to multiple games even though single player is
online. Based on technology the games are also become more complex the
technology related games like flash games and java games became more popular.
There are free online games and commercial games , most of the popular games
are enclosed with end user license agreements and limited to access by the
creators of games and the breaking of the agreement range from warning to
termination.
There are massively multi-player online games like real time strategy games, role
playing game, first person shooter games and many more.
8.2. Things to be noted while downloading the games

Carefully study the rating of an online game, frequently they will let
you know if it is suitable for your age.
Read the terms and conditions of the sites that you use and check if
there are special safety features for children.
It is important and make sure that game vendor is reputable and
download the game from trusted web sites.
Sometimes free download games conceal malicious software , this
includes plug-ins required to run a games, administrative mode to
open a game which is not advisable , by doing this you open yourself
to the risk that an attacker could gain complete control of your
computer, it is always safe to play in a user mode rather than the
administrative mode.
When playing an online game it is best to play it at the game site , this
may reduce the risk and end up with a malicious web site.
8.3. Risks Involved

Online games involve the technology risks to your computer system or
system of gamers with whom you interact.
If the software on the game server as been compromised, computers

that connect to it also compromised. Exploited Vulnerabilities codes in
games makes attackers to get into your system and read the files from
a gamer computer, crash the games during online play in order to get
the full control of the exploited computer.
Virus and worms may enter a system when you try to download or
install a game on your computer. These viruses or worms may be
hidden in the files you download.
Malicious software takes advantage of the websites associated with

online games that rely on chat, e-mail to entice you to visit the bogus
web sites that contain malicious software installs in your computer,
then they use the software for various criminal purpose.
Some times because of the insecure game coding, the game software
causes buggy behaviour on your computer and introduces unknown
vulnerabilities.
Sometimes strangers try to gain access to unprotected computers

connected to Internet while online play and contact the children by
pretending to be another child and trap to gather the personal
information .
Malicious individuals may try to trick you installing or downloading

the games that might be bogus web sites and offer software patches
for game downloading, in reality they are malicious software.
Malicious individual can gather information about you from the

profiles you create in online games and other gaming web sites, they
may be able to use it to establish accounts in your name, resell it, or
use it to access your existing accounts. Game accounts were created in
their name without their knowledge. There was speculation that
people were trying to make money selling virtual weapons and
abilities used in the game.
8.4 Guidelines
Create a family e-Mail address for signing up for online games.
Screenshots: If anything bad happens while playing online games, take

a screen shot using the "print screen" button on the keyboard of those
displayed things on the screen and report it to the concerned web site
ad use the screen shot as evidence.
Use antivirus and antispyware programs.
Be cautious about opening files attached to e-Mail messages or instant

messages.
Verify the authenticity and security of downloaded files and new

software.
Configure your web browsers securely.
Use a firewall.
Set up your user profile to include appropriate language and game

content for someone your age.
Set time limits for children.
Never download software and games from unknown websites.
Beware of clicking links, images and pop ups in the web sites as they
may contain a virus and harm the computer.
Never give personal information over the Internet while downloading

games.
Some free games may contain a virus, so be cautious and refer while
downloading them.
Create and use strong passwords.
Patch and update your application software

9. Safe Downloading
9.1 Safe Downloading and uploading
9.1.1 About Downloading

The term download is used to describe the process of copying a
file from an online service that is via an Internet to one owns a
computer. Downloading also refers to copying a file from
network server to a computer on the network. To download
means to receive data i.e. whatever offered for downloading can
be downloaded. You can download any kind of files from
Internet like documents, music, videos, images and software and
many more.
9.1.2 About uploading

The opposite of download is uploading this means copying a
file from your computer to another computer over the
network. Uploading means to transmit data. Whatever is
transferred can be uploaded. In short Uploading means
sending a file to a computer that is set up to receive it. You
can upload any kind of files like documents, music, videos,
images and software and many more.
9.2 Risks by insecure downloads

When you try to download a file from the Internet, it
includes installing a program, opening pictures, links from
different websites or from e-mails, downloading music
files and many more files on to a computer .These files
could be the same what they say are, but they can also be
involved with something like malicious software that can
harm your computer, which includes viruses, worms and many destructive
programs.
A virus can destroy data or give someone access to all

the information on your computer and destroy all the
confidential information on your PC.
Another threat is spyware. The spyware often

changes your computer's behaviour like PC becomes
slow, and even causes a computer crash. The spyware
can be used to track the browsing history, steal the
passwords and allow an attacker to grab complete
information of your system.
Malicious software can be installed without your knowledge, or it can be
bundled with a program, link or software you would like to download.
For example, you would like to download a game
from the untrusted website then with out your
knowledge malicious software can be downloaded.
Some time malware spreads itself by sending e-mail from an infected

computer to every e-mail address it finds.
Mostly these malware spread through e-mails
9.3 Tips for Safety downloads

While downloading any file close all the applications that are running on
your computer, let only one set-up file run at a time of downloading.
Close all the important applications in order to be safe if something goes

wrong while downloading.
Set firewalls,set antivirus to actively scan all the files you

download.
Scan all the files after you download whether from websites or links
received from e-mails.
Always use updated antivirus, spam filter and spyware to help detect and
remove virus, spyware from the application you want to download.
Never download any files like music, video, games and many more from
untrusted sites and dont go by the recommendations given by your
friends or made by any random website's comments.
Check that the URLs are same and always download games, music or
videos from the secure websites like which use HTTPS websites instead of
HTTP. In the web address, it replaces http to https. The https refers to
the hypertext transfer protocol secure.
Download anything only from thrust worthy websites. Dont click links to
download anything you see on unauthorized sites.
If any dirty words appear on the website just close the window no matter
how important it is, because spyware may be installed on your PC from
such websites.
Check the size of the file before you download, sometimes it shows a very
small size but after you click it increases the size of the file.
Never believe anything which says click on this link and your computer
settings will be changed and your PC can be turned into XBOX and can
play unlimited games on your computer.
Dont accept anything that offers you free download because that may
contain malicious software.
Dont click the link or file and let it start download automatically,
download the file and save where you want save and then run on the
application.
Set secure browser settings before you download anything.
Read carefully before you click on

install or run application. That
means read terms and conditions.
Dont download anything until you

know complete information of the
website and know whether it is an
original site of an original company.
Never download from the links that offer free

antivirus or anti spyware software, always download
from trusted sites, if you are not sure about the site
you are downloading, enter the site into favourite
search engine to see anyone posted or reported that
it contains unwanted technologies.
10. Blogging
A web blog is a Web site that consists of a series of entries arranged in reverse
chronological order, often updated on frequently with new information about
particular topics. The information can be written by the site owner, gathered
from other Web sites or other sources, or contributed by users. A web blog may
consist of the recorded ideas of an individual (a sort of diary)
10.1Types of blogs
There are many different types in content and the way content is delivered or
written
Personal blogs
Corporate and organizational blogs
Genre blogs
Media type blogs
By Device blogs
Different blog sites are used for a different purpose of communication.
10.1.1 Personal blog is an ongoing dairy or commentary by an individual. A

Site, such as Twitter, allows bloggers to share thoughts and feelings
instantaneously with friends and family and is much faster than e-mailing.
10.1.2 Corporate and organizational blogs (business, marketing) are used

by the employees who are working in the companies. They are internally used to
enhance the communication in a corporation or externally for marketing,
branding or public relations.
10.1.3 Genre blogs (causes, education, political, travel) are focused on a

particular subject like education, fashion, music, travel, political, personal
(home) blogs etc.
10.1.4 Media type blogs (vlog, linklog, photoblog) are used for sharing the
videos called vlogs, for sharing the links called linklogs and for sharing the
photos called photoblog.
10.1.5 By the device (mobile phone, PDA, wearable wireless webcam) are
used to write the blogs through the mobile device like mobile phones or PDA
called moblog.
10.2 Risks involved in blogging
If you give your personal information like your
name, location address, phone numbers, credit
card details in the blogging sites, your
information may be stolen by others (identity
theft) because everyone who is having login
account in the site which you are using can
access to your profile. The profile which you are
creating will be visible to everyone on the
blogsite. The persons like strangers can access
your profile and can view all your details.
For example, if you give your credit card number in the site, they may use that
number for their own business or shopping purpose and the bill will be sent to
you. Another example is if your children give their school name or location
addresses in the site, the strangers who access that data may take advantage of it
and may kidnap your children.
10.3 Tips to avoid risks by blogging

Never give away your personal information into the blogging sites
Put reliable information as it reaches entire world and assume what

you publish on the web is permanent.
Avoid competition with other bloggers.
State the terms of use, copy right in blog properly to viewers to

protect your blogs.
Guide them with other positive examples such as the children are
posting their related information.
10.4 Guidance for Parents on Blogging
Establish Rules for online use with children.

Monitor what your children plan to post before they post it.
Evaluate Blogging Service and their features like a password protected
secured blogs etc.
Review your children blogs regularly.
Guide them with other positive example such as reference to the
students who are posting their related information.
10.5 Scenario
Like many of her friends, Alice has a blog. However, unlike her friends, she
keeps its location secret. She doesnt link to anyone elses blog, and she doesnt
comment on other blogs using her blog identity. Somehow, though, Bob finds out
the URL for Alices blog and adds it to the friends list on his blog. Word spreads,
and soon everyone has read Alices blog. Unfortunately, she has used her blog to
criticize most everyone she knows, including other students, teachers, and her
parents. Everyone is furious with her.
So always guide your children not to blog anything related personal

information about family and guide them how to use the blogs and advantages
of blogs and make them understand that blogs are not used to criticize others.
11. Cyber Bullying
11.1 Harassment and bullying
Cyber bullying can be carried out through Internet services such as e-Mail, chat
rooms, discussion groups, instant messaging or web pages. It can also include
bullying through mobile phone technologies such as SMS. Cyber bullying can
include teasing and being made fun of, spreading rumours online, sending
unwanted messages and defamation.
11.2 Cyber bullying can be done in the following ways
11.2.1 Forwarding a private IM communication to others

A kid/teen may create a screen name that is very similar to another kid's name.
The name may have an additional "i" or one less "e". They may use this name to
say inappropriate things to other users while posing as the other person.
Children may forward the above private communication so others to spread

their private communication.
11.2.2 Impersonating to spread rumours

Forwarding gossip mails or spoofed mails to spread rumours or hurt another kid
or teen.
They may post a provocative message in a hate group's chat room posing as the
victim, inviting an attack against the victim, often giving the name, address and
telephone number of the victim to make the hate group's job easier.
11.2.3 Posting embarrassing photos or video

A picture or video of someone in a locker room, bathroom or dressing room may
be taken and posted online or sent to others on cell phones.
11.2.4 By using web sites or blogs

Children used to tease each other in the playground; now they do it on Web sites.
Kids sometimes create Web sites or blogs which may insult or endanger another
child. They create pages specifically designed to insult another kid or group of
people.
11.2.5 Humiliating text sent over cell phones

Text wars or text attacks are when kids gang up on the victim, sending thousands
of text-messages related to hatred messages to the victims cell phone or other
mobile phones.
11.2.6 Sending threatening e-mails and pictures through e-mail or
mobile to hurt another
Children may send hateful or threatening messages to other kids, without
realizing that while not said in real life, unkind or threatening messages are
hurtful and very serious.
11.2.7 Insulting other user in Interactive online games

Kids/Teens verbally abuse the other kids/teens, using threats and foul language
while playing online games or interactive games.
11.2.8 Stealing Passwords

A kid may steal another child's password and begin to chat with other people,
pretending to be the other kid or by changing actual user profile.
11.3 Tips and guidelines
Use Parental Control Bars, Desktop Firewalls, Browser Filters to avoid or

preventing children from cyber bullying others or accessing
inappropriate content.
Make sure your child's school has Internet Safety education
programming.
You may request school authorities to teach or guide students about how
to prevent and respond to online peer harassment, interact wisely
through social networking sites and responsible online users.
Form the rules of computer Labs, Internet labs.
Specify clear rules, Guidelines and policies regarding the use of the
Internet, Computers and Other Devices such as USB, CDROM at School for
Cyber Bullying.
Teach Students the impact of Cyber Bullying.
Teach students that all types of bullying are unacceptable and such
behaviour is subject to discipline.
Mentoring the students and establishment of peer Monitoring.
Teachers need to mentor or establishment mentorship with senior
students to guide information security awareness and monitoring
through peer students.
Implement Blocking/Filtering Software at Lab PCs in School.
Use Desktop Firewalls, Browser Filters to avoid or preventing children
from cyber bullying other or accessing inappropriate content. In
addition use monitoring with software tools for students online
activity.
Educate your students.
Educate students by conducting various workshops from an internal
or external expert to discuss related issues in cyber bullying, good
online behaviour and other information security issues. Moreover
keep related posters in school.
12. Online Threats and Tips
12.1 Protect children from online threats
Children may face different security risks when they use a computer or when
they are online. Not only do you have to keep them safe, you have to protect the
data on your computer. By taking some simple steps, and can reduce the risks.
12.1.1 What are the risks?
Exposure to inappropriate images or content

Solicitation by sexual predators in chat rooms and by e-Mail.
Online bullying or harassment.
Piracy of software, music or video.
Disclosure of personal information.
Spyware and viruses.
Excessive commercialism: advertising and product-related websites.
Illegal downloads, such as copyright-protected music files.
12.1.2 General safety tips
If you suspect a pedophile may be grooming or trying to befriend your

child or your child is being stalked or harassed, contact your local police.
Set ground rules for children.
Use Internet content filtering and spam filters to reduce the risk of
accidental exposure to unwanted content.
Set up shared computers properly to restrict what children can do.
Consider setting up a family e-mail account which can be used specifically
to register for websites, competitions, etc.
Be careful about peer-to-peer file sharing.
12.1.3 Monitor childrens use of the Internet
All the web browsers keep a record of recently visited sites and also make
temporary copies of web pages. To see recently visited sites, click on the History
button or press Ctrl and the H key.
To see temporary files, open Internet Explorer Select Internet Options,

on the General tab under Temporary Internet Files click the Settings
button and click View Files.
Understand the risks yourself and plan ahead before monitoring and
allowing children access to the Internet.
Discuss with children what they can and cannot do online.
Make a contract with children on usage of computer with signing.
Work out how you are going to monitor their Internet use.
The boundaries you set and the kind of conversations you have with your
children will depend on their age and technical ability as well as your
judgement as parents.
These factors will change as they grow up and should be reconsidered
regularly.
12.1.4 Monitoring childrens behavior online
If a child is too young to access computer always sit with them while they
are online.
Ask your children to share all their online user names and passwords
with you.
Set browser settings to limit the access to inappropriate content.
Put the computer in an open area in the home.
Consider installing Internet monitoring software to track what they do
online.
12.1.5 Create a user account for each user
Set up a separate user account for your child with a limited permission and can
give limited control over the computer.
For example, they wont be allowed to install new programs or change settings
without your permission. It also helps monitor and control what they do online.
12.2 Most common online Threats
12.2.1 Online Scam
Online scam is an attempt to trap you for obtaining money. There are many types
of online scams, this includes obtaining money with fake names, fake photos,
fake e-mails, forged documents, fake job offers and many more.
Generally, it happens by sending fake e-Mails for your personal details like online
banking details, credit card details. Sometimes e-Mails are sent from lottery
companies with fake notice, when ever you participate in online auction and e-
Mails received for fake gifts.
Phishing scam
Online scammers send you an e-mail and ask your account information or credit
card details along with a link to provide your information. Generally, the links
sent will be similar to your bank. So when ever you post your details in the link
then the details will be received by scammers and money is misused.
Lottery scam
Sometimes you receive an e-Mail like you won a lottery of million dollars
receiving such a kind of mails is a great thing, and really its a happiest thing. By
responding to such a kind of mails huge amount of money will be lost. Because
these e-Mails are not true, scammers try to fool and trap you to obtain money.
Online Auction
If you bid for a product you never get the product promised or dont match the
product, and the description given to you may be incomplete, wrong, or fake. The
scammer accepts the bid from one person and goes for some other sites where
they can get less than the winning bid so scammers may not send the product
you wanted.
Forwarding Product or Shipping Scam
When ever you answer an online advertisement for a letter or e-mail manager
like some US based corporation which lacks address or bank details and needs
someone to take goods and sent to their address or ship overseas, and you are
asked to accept the transfers into your bank.
Generally, it happens for products that are purchased using stolen credit cards
and shipped to your address and then you will be fooled and asked to reship the
product to others they might have deceived who reship the product overseas.
The stolen money will be transferred to your account.
E-Mail Scam Like --Congratulations you have won Webcam, Digital Camera,
etc.
Sometimes you get an e-mail with a message like -- you have won something
special like digital camera webcam , all you need to do is just visit our web site by
clicking the link given below and provide your debit or credit card details to
cover shipping and managing costs. However the item never arrives but after
some days the charges will be shown on your bank account and you will lose
money.
By e-mails
Generally, fraudsters send you an e-mail with tempting offers of easy access to a
large sum of money and ask you to send scanned copies of personal documents
like your address proof, passport details and ask you to deposit an advance fee
for a bank account. So once you deposit the funds, they take money and stop
further communication, leaving you with nothing in return.
Unscrupulous Websites for Income Tax Refund

Generally, websites feel like official websites and seek the details of credit card,
CVV PIN of ATM and other personal details of the taxpayers in the name of
crediting income tax refund through electronic mode.
12.2.2 Tips to prevent online scams
Confirm whether e-Mail is received from bank or not
Be cautious while providing bank details online, before proceeding further

confirm with the bank about the e-Mail you received. Think that if something is
important or urgent why doesnt the bank call me instead of sending e-Mail?
Confirm the shipping
Beware of shipping scam.Make sure you get authorized signed document via fax
before proceeding further and make sure you received it from an authorized
company.
Be cautious during online auction
Dont be trapped with discounts and think wisely before you proceed with online
auction. Think why $200 product would be $ 20.
Be aware about the product you received via e-Mail
Be aware about the products you get for a discounted-price.Think why you
received e-Mail for products when you never enter any online shopping or
contest.
Dont be trapped by lottery scam
Dont get trapped by scammers and e-Mails with a subject line you won some
$10000 just think why only you received the e-Mail without your participation.
12.3 Online Banking

Online Banking can also be referred as Internet
Banking. It is the practice of making bank transactions
or paying bills through the Internet. We can do all
financial transactions by sitting at home or office. Online
banking can be used for making deposits, withdrawals
or we can even use it for paying bills online. The benefit of it is the convenience
for customers to do banking transactions .The customers need not wait for bank
statements, which arrive by e-mail to check their account balance. They can
check their balance each and every day by just logging into their account. They
can catch the discrepancies in the account and can act on it immediately.
Link Manipulation
Most methods of phishing use some form of technical deception designed to

make a link in an e-mail (and the spoofed website it leads to) appear to belong to
the spoofed organization. Misspelled URLs or the use of sub domains are
common tricks used by phishers. In the following example URL,
http://www.yourbank.example.com/, it appears as though the URL will take you
to the Attacker Database of the your bank website; actually this URL points to the
"yourbank" (i.e. phishing) section of the Attacker Database website.
Filter Evasion
Phishers have used images instead of text to make it harder for anti-phishing
filters to detect text commonly used in phishing e-mails.
Malware attacks
Example:
Clampi Virus Targets Users at Banks and Credit Card Sites
Keeping up with the latest Web security threats is a daunting task, because
viruses and Trojans emerge, evolve, and spread at an alarming rate. While some
infections like Nine Ball, Conficker, and Gumblar have hit the scene and
immediately become the scourge of the cyber security world, others take their
time -- quietly infiltrating more and more computers before revealing the true
depth of the danger they pose.
One such slow grower is Clampi, a Trojan that made its debut as early as 2007
(depending on who you ask) but is only now raising hairs outside professional
security circles. Clampi primarily spreads via malicious sites designed to
dispense malware, but it's also been spotted on legitimate sites that have been
hacked to host malicious links and ads. Using these methods, Clampi has infected
as many as half a million computers, Joe Stewart, of Secure Works, told a crowd
at the Black Hat Security Conference in July, USA Today reports.
Once installed on a PC, the Trojan quietly waits for you to visit a credit card or
banking Web site. When it detects you're on one of the roughly 4,600 financial
Web sites it's trained to watch, it records your username and password, and
feeds that information back to the criminals. Clampi can even watch for network
login information, allowing it to spread quickly through networked PCs (e.g.,
those in an office). In fact, it seems that businesses have been the primary target
of Clampi so far. According to the Times Online, in July, an auto parts shop in
Georgia was robbed of $75,000 when criminals stole online banking information
using Clampi. The Trojan was also used to infiltrate computers for a public
school district in Oklahoma and submit $150,000 in fake payroll payments.
12. 4 Online Shopping
Online shopping has become very popular to purchase all things without leaving
your home, and it is a convenient way to buy things like electronic appliances,
furniture, cosmetics, and many more. We can avoid the traffic and crowds. There
is no particular time to buy things we can buy at any time instead of waiting for
the store to open. Apart from all these advantages risks are involved and there
are unique Internet risks so it is very important to take some safety measures
before you go for online shopping.
12.4.1 Tips for safe online shopping
Before you go for online shopping make sure your PC is secured with
all core protections like an antivirus, anti spyware, firewall, system
updated with all patches and web browser security with the trusted
sites and security level at high.
Before you buy things online research about the web site that you
want to buy things from, since attackers try to trap with websites that
appear to be legitimate, but they are not. So make a note of the
telephone numbers physical address of the vendor and confirm that
the website is a trusted site. Search for different web sites and
compare the prices. Check the reviews of consumers and media of that
particular web site or merchants.
If you are ready to buy something online check, whether the site is
secure like https or padlock on the browser address bar or at the
status bar and then proceed with financial transactions.
After finishing the transaction take a print or screenshot of the
transaction records and details of product like price, confirmation
receipt, terms and conditions of the sale.
Immediately check the credit card statements as soon as you finish
and get them to know about the charges you paid were same, and if
you find any changes immediately report to concerned authorities.
After finishing your online shopping clear all the web browser cookies
and turn off your PC since spammers and phishers will be looking for
the system connected to the Internet and try to send spam e-Mails and
try to install the malicious software that may collect your personal
information.
Beware of the e-Mails like please confirm of your payment, purchase
and account detail for the product. Remember legitimate business
people never send such e-Mails. If you receive such e-Mails
immediately call the merchant and inform the same.
12.5 Identity Theft
Identity Theft occurs when someone, without your knowledge, acquires a piece
of your personal information and uses it to commit fraud.
Identity theft is a crime used to refer to fraud that involves someone pretending
to be someone else in order to steal money or get other benefits. The term is
relatively new and is actually a misnomer, since it is not inherently possible to
steal an identity, only to use it. The person whose identity is used can suffer
various consequences when he or she is held responsible for the perpetrator's
actions. In many countries specific laws make it a crime to use another person's
identity for personal gain. Identity theft is somewhat different from identity
fraud, which is related to the usage of a false identity' to commit fraud.
Identity theft can be divided into two broad categories:
Application fraud
Account takeover
Application fraud happens when a criminal uses stolen or fake documents to

open an account in someone else's name. Criminals may try to steal documents
such as utility bills and bank statements to build up useful personal information.
On the other hand they may create counterfeit documents.
Account takeover happens when a criminal tries to take over another person's
account, first by gathering information about the intended victim, then
contacting their card issuer masquerading as the genuine cardholder, and asking
for mail to be redirected to a new address. The criminal then reports the card
lost and asks for a replacement to be sent.
13. Mobile Security
Providing mobile PC or mobiles to access Internet for

official purposes remote access to all business
applications may put a personal or organizations
vital information at risk. For professionals or
individual users, using mobile or mobile PC, there are
plenty of benefits such as work from anywhere,
etc...The mobile devices have their own characteristics but also with security
concerns such as sensitive information access with mobiles.
There are various threats, which can affect the mobile users in several ways. For
example, sending multimedia messages and text messages to the toll free
numbers, unknowingly clicking for a message received through the mobile
phone. Now-a-days many malicious programs have come which will try to get
access over mobile phones and laptops and steal the personal information inside
it.
13.1 Security Concerns
13.1.1 Exposure of critical information
Small amounts of WLAN signals can travel significant

distance, and its possible to peep into these signals using a
wireless sniffer. A wireless intruder could expose critical
information if sufficient security isnt implemented.
13.1.2 Lost or Stolen devices
Even if sufficient security is implemented in wireless Virtual

Private Networks (VPNs), if a device is lost or stolen. The entire
corporate intranet could be threatened if those devices arent
protected by a password and other user-level security measures.
13.1.3 Mobile Viruses

Mobile Viruses can be major threat, particularly with devices
that have significant computational capabilities. Mobile
devices, in general are susceptible to Viruses in several ways.
Viruses can take advantage of security holes in applications or
in applications or in the underlying Operating System and cause damage.
Applications downloaded to a mobile device can be as Virus-prone as desktop
applications. In some mobile OS, malformed SMS messages can crash the device.
13.1.3.1 Bluejacking
Bluejacking is sending nameless, unwanted messages to other users with

Bluetooth-enabled mobile phones or laptops.
Bluejacking depends on the capability of Bluetooth phones to detect and contact
another Bluetooth enabled device. The Bluejacker uses a feature originally
proposed for exchanging contact details or electronic business cards. He or she
adds a new entry in the phones address book, types in a message, and chooses to
send it via Bluetooth.The phone searches for other Bluetooth phones and, if it
finds one, sends the message. Despite its name, Bluejacking is essentially
harmless. The Bluejacker does not steal personal information or take control of
your phone.
Bluejacking can be a problem if it is used to send obscene or threatening

messages or images, or to send advertising. If you want to avoid such messages,
you can turn off Bluetooth, or set it to undiscoverable.
13.1.3.2 Bluesnarfing
Bluesnarfing is the theft of data from a Bluetooth phone. Like Bluejacking,

Bluesnarfing depends on the ability of Bluetooth-enabled devices to detect and
contact others nearby.
In theory, a Bluetooth user running the right software on a laptop can discover a
near by phone, connect to it without your confirmation, and download your
phonebook, pictures of contacts and calendar. Your mobile phones serial
number can also be downloaded and used to clone the phone.
You should turn off Bluetooth or set it to undiscoverable. The undiscoverable

setting allows you to continue using Bluetooth products like headsets, but means
that your phone is not visible to others.
13.1.4 E-mail Viruses
E-mail Viruses affect PDAs in much the same way

regular e-mail Viruses affect PCs. These Viruses are
costly to enterprises and interrupt normal business
too. PalmOS / LibertyCrack is an example of a PDA e-
mail virus. Its a known Trojan horse that can delete all
applications on a Palm PDA.
13.1.5 Malicious soft wares like Worms, Spywares and Trojans
Worms may disturb the phone network by spreading from one mobile to other
mobile through Bluetooth transfer, Infrared transfer
or through MMS attachments. Spyware that has
entered into the mobile phone through Bluetooth may transfer the personal
information to the outside network. The Trojan which got installed along with
the game application in the mobile may send SMS messages to expansible
members and may increase the phone bill.
13.2 Guidelines for securing mobile devices
Be careful while downloading applications through Bluetooth or as MMS

attachments. They may contain some harmful software, which will affect
the mobile phone.
Keep the Bluetooth connection in an invisible mode, unless you need
some user to access your mobile phone or laptops. If an unknown user
tries to access the mobile phone or laptop through blue tooth, move away
from the coverage area of blue tooth so that it automatically gets
disconnected.
Avoid downloading the content into mobile phone or laptop from an
untrusted source.
Delete the MMS message received from an unknown user without
opening it.
Read the mobile phone's operating instructions carefully mainly
regarding the security settings, pin code settings, Bluetooth settings,
infrared settings and procedure to download an application. This will help
in making your mobile phone secure from malicious programs.
Activate the pin code request for mobile phone access. Choose a pin,
which is unpredictable and which is easy to remember for you.
Use the call barring and restriction services provided by operators, to
prevent the applications that are not used by you or by your family
members.
Don't make you mobile phone as a source for your personal data, which is
dangerous if it falls in to the hands of strangers. It is advisable not to store
important information like credit card and bank cards passwords, etc in a
mobile phone.
Note the IMEI code of your cell phone and keep it in a safe place. This
helps the owner to prevent access to the stolen mobile. The operator can
block a phone using the IMEI code.
Regularly, backup important data in the mobile phone or laptop by
following the instructions in the manual.
Define your own trusted devices that can be connected to mobile phone
or laptop through Bluetooth.
Use free cleansing tools, which are available in the Internet to make your
mobile work normally, when ever it is affected by malicious soft wares.
NOTE:
IMEI stands for International Mobile Equipment Identifier which is of around

15 or 17 digit number, which is unique from each and every mobile device.
When a mobile is lost the owner of the mobile can ask the operator to block
the mobile from working by giving the IMEI number of that mobile phone to
the operator.
14. Data Security
14.1 Importance of securing data
Data Security means ensuring that the data is free from
any type of fraud and the access to this data is controlled
in such a way that only authorized users can access the
data. Data refers to personal information regarding the
individuals, bank details, etc. Data in transfer, across and
between company networks, are usually the focus of
extensive security efforts.
However, organizations typically regard data residing on internal storage

devices as secure enough. Hence, there is a need for everyone to secure the data
so that it does not fall into the hands of unauthorized users.
14.1.1 Different methods of securing data

There are different types of data to be secured. The procedure regarding how to
secure different types of data is given below.
14.1.2 Shared Information

Make sure that the shared information is accessed by the authorized users and
also specify the data that should be shared and data that should not be shared by
the public.
Many people on the Internet keep their personal and confidential information in
the shared form. So these people have to be provide training for not to share
their information to the unauthorized users. This information will be kept as safe
and secure as possible, used for the purpose given and not shared with or passed
on to others.
14.1.3 Securing data during transmission

Securing the data while transmitting it includes
encryption and authentication and also the end-
to-end users are authorized.
Authentication is secret information that is

shared between two computers before the actual
communication starts.
Public key encryption is another means of authentication, which authenticates
only the receiver and not the sender with the help of the keys, which are
possessed by the two systems by other means.
Encrypted data without a key can be easily accessed by modern computer users
by 27 performing brute force attack. So in order to protect the encrypted data
the key length should be long so that it is not easy to guess it. Encrypting the data
only ensures that the data cannot be read by the third party in an
understandable format when the data has been received by them.
14.1.4 Web browser

Ensure that the data being sent using browser application is secured by seeing
the URL. Ensure that it is using HTTPS instead of HTTP in the URL for
authentication.
14.1.5 Secure e-Mail programs
Secure e-Mail programs use public key encryption for

sending and receiving messages. This works well when both
the users are using secure e-Mail programs otherwise the
user should send e-Mails without using secure e-Mail
programs.
14 .1.6 Secure Shell

Previously, computer users used telnet application to connect to remote systems.
However telnet transfers the information in clear text. To avoid this problem
'Secure shell' has been introduced, which sends the data in the encrypted form.
It uses public key cryptography for encryption and also ensures confidentiality
and data integrity.
14.1.7 Data backup

Losing an important file is the worst thing that could ever happen to a person
today.Another method of securing the data is by taking the backup of the original
data into another disk or tape. This backup helps the users to retrieve the
original data in case of hard disk failures.
Still we are largely using CDs and DVDs to backup our

important files. What happens when that CD/DVD is
corrupted?? Here is a solution to recover all those files.
Recovery Toolbox, which probably could help you to
recover some, damaged data that you might have thought
to be permanently lost.
14.2 Securing data by disposal
When the data which the user does not require any more is deleted, care should
be taken while deleting the data so that the data cannot be reconstructed by an
unauthorized person. Deleting the information and formatting does not ensure
that the data is safely deleted.
In order to delete the data permanently, some software tools are available, which
will prevent the data from being reconstructed. Some operating systems allow
formatting command in such a way that it not only formats but also adds zero
into that place. The easiest way of deleting the data is by using wiping program
which not only formats the disk but also adds some garbage data into it.
There are several algorithms available for secure disposal.
Single pass
Here the data is overwritten with 1's and 0's for only one time.
DoD 5520.22-M Standard
This standard overwrites the addressable locations with characters and

complements and compares it with other.
Guttmann method
This method overwrites the data for nearly 35 times and this will be done by
taking in to the account various encoding algorithms used by various disk
manufacturers. Linux and UNIX systems implement a file destruction command
to protect files that contain sensitive content from being recovered by someone
else. The 'shared' command overwrites the specified files repeatedly, in order to
make it harder for even very expensive hardware probing to recover the data. It
additionally provides the feature to shared and then delete a file from the hard
disk. Another Linux/Unix command that can be used to format a disk drive
completely is the 'dd' command. When certain switches to this command are
used, the entire disk is rewritten to zeros.
15. Physical Security
The first step in security is considering the physical security of the PC.
Maintenance of physical security depends on the location and the budget.
The second step is the factors related to physical stability that include the power
supply, physical location of the computer, room temperature, etc. Failure of
anyone of the above said factors leads the computer into risks.
There is a good chance that your home PC is one of the most expensive things in
your home, or if you have got a laptop, it is likely to be the most expensive thing
you carry in a bag.
Although your insurance policy may cover the costs of replacing hardware if its
stolen, there is nothing that money can do to retrieve precious or personal data.
So physical security is as important as software security.
Some of the methods by which physical security is provided to the computers.
15.1 Computer locks

Nowadays PCs are available with a locking feature, which
contains a socket in front of the case to unlock and lock the
case. This helps us to prevent unauthorized users from gaining
access to the hardware of the PC, and also it prevents them
from booting the system with their own floppy or hardware.
15.2 BIOS Security

BIOS (Basic Input Output System) are built in software, which
describes what a computer can do without accessing the programs on
the disk. It contains a code which can control the keyboards, monitor,
serial and parallel communications and some other functions. BIOS
comes with a ROM chip in the computer which ensures that it will not
be affected in case of disk failures.
Setting BIOS password prevents the unauthorized users from
rebooting and manipulating the system. This provides a low level of
security as someone can disconnect the batteries and access the BIOS
with manufacturer default passwords. However it takes some time for
unauthorized users to open case and accessing BIOS, which leaves
some traces of tampering.
15.3 In Organizations
Many organizations provide tracking and recovery services. These work with the
help of software agents in the computer. Whenever a thief connects to the
Internet, automatically without his knowledge IP address of the system or the
phone number through which he is connecting is sent to the recovery service
centre.
15.3.1A Continuous uninterruptible power supply should be provided

to the systems in order to prevent loss of unsaved data during power
failures
UPS (uninterruptible power supply) is used to protect against sudden loss

of power.
Sometimes sudden surges or drops in supply can also cause physical
damage to computer components.
The computers are plugged into the UPS, and if the mains power cuts out,
the UPS provides enough power for the computers to shut themselves
down and save all their information.
Complete loss of power can cause the obvious problems of lost data and
hardware damage.
It is necessary to consider the size of the load that is to be connected to
the UPS. The load may consist of a specific type of computer, workstation,
mini-mainframe, hard disk drive, or test equipment.
Once the equipment requiring a continuous power source is identified,
the necessary rating of the UPS system can be determined by adding the
volt-ampere (VA) rating on the nameplate of the equipment to be served
by the UPS.
15.4 Tips for keeping your PC physically secure
Always maintain a redundant power supply and also make sure that only
authorized users access the computers.
Use systems screen locking functionality to protect against physical
access, such as a screen saver that wont deactivate without a password,
or just log out of everything so anyone that wants access has to log in
again.
Enable the option chassis intrusion in the BIOS settings to be aware of
unauthorized users.
A continuous interruptible power supply should be provided to the
systems in order to prevent loss of unsaved data during power failures.
The systems should be placed in a room which is dust free and has a good
ventilation to avoid overheating of CPU.
The PC keys should be secured and not left unattended.
Do not plug the computer directly to the wall outlet as power surges may
destroy computer. Instead use a genuine surge protector to plug a
computer.
Check the system input power supply and grounding at least annually to
ensure that it meet the manufacturers specification.
Static electricity may affect the integrity and reliability of data and
programs processed and stored on equipment, hence antistatic devices
should be installed.
Use gentle touches on the keyboard.
Dont eat food or drink by the PC.
There should be no magnets near to you PC.
Keep your PC clean.
Lock the room properly in which PC is kept before leaving the home.
Buy lockable CPU cabinets and keep them, locked.
16. Safe Practices
Whether youre a parent, a student, an online gamer or businessman or woman,

the Internet offers you opportunities like never before. The ability to expand
your knowledge, play games, movies or music, share family pictures and videos,
chat with friends or collaborate with business associates are all exciting changes
to the way we live our lives today. However with those opportunities come
serious challenges. The good news is that there are steps you can take to protect
your family and your data.
16.1 Operating System Security
Operating System is the important program that runs on the computer. It

performs basic tasks like recognizing the input from the keyboard, controlling
various files and directories in the hard disk and also various peripheral devices
like printers, scanners etc...
It will control the program in such a way that they do not interfere with
one another.
It is responsible for securing the system by not allowing the unauthorized

users to access the system.
16.1.1 Need for securing the operating system
The security of the operating system running on various PCs and servers plays
an important role in the security of the network as a whole. Not updating one
system in the network may affect the security of the other systems in the
network. Today we have a highly sophisticated operating system with lots of
features, but it may be vulnerable if they are not administered, configured and
monitored properly. Sometimes updating the operating system with latest
patches may lead to interoperability issues with other operating systems. Hence
proper care should be taken while updating the operating system.
16.1.2 Guidelines for securing the operating System
Whether youre using your computer at home or travelling with your notebook
PC, the following are basic guidelines for securing System.
16.1.2.1 Install an antivirus product and keep up to date
Viruses, worms and other malware are some

of the most prolific problems on the Internet
today.But the same time, there are some good
antivirus applications that provide a great deal more protection than just
searching for viruses. However, any antivirus product is only as good as you are
about keeping it up-to-date and scanning your system regularly.
Difference between Spyware, Virus, Worms and Trojans
Spyware: Spyware is a generic term for malicious software which ends up on

your computer, and is used to gather information about you and other files on
your computer and passes it over Internet to others.
Virus: A computer virus is a program which is able to replicate and attach itself
to a program or files infecting the system without our knowledge.
Worm: Worms can replicate themselves from one machine to another without
the need of downloading them from the Internet. They often send themselves as
attachments in e-Mails they generate from their infected host computer.
Trojan: Trojans are backdoors in to your computer in which access is gained by

hackers on the Internet to either gather information from your computer or to
use your computer
16.1.2.2 Install and enable Firewall
Like antivirus products, Firewall products are

designed to protect your system from Internet
threats like hackers, viruses, and worms by filtering
out any suspicious communications sent to your
computer.
16.1.2.3 Use Strong passwords
The fundation of computer security for your

business and home is a strong password policy.
Passwords control access to files, programs,
computers, hard drives and networks. They also
deny access to unauthorized users. Poorly chosen
passwords make it easier to break into your
computer systems and expose your business and home to malicious attacks. In
general, set up passwords and keep them secret; never share it with others.
16.1.2.4 Back up your personal data :Youve invested a lot of time, and
sometimes money, creating those files for work,
pictures of your grandchildren or other
entertainment. Losing those files would mean a lot
to you. Take the time to invest in additional storage
media and a software backup application. Then, set
up an automatic schedule to periodically backup
and save the files that are so important to you.
16.1.2.5 Keep your private information private : Just as

you would never think of displaying your bank account
number, providing personal information about yourself, your
family or others that you would not want to be publicly known
should always be avoided.
Always use your proxy name as your login or online name.

Never give out your name, phone number, address, passwords, etc...
Never share photos of yourself or family with strangers online.
Encrypt sensitive information.
Never enter personal or financial information into pop-up windows.
16.2 Password Security Policy
Password is a key or a Secret word or a string of characters which is used to

protect your information from bad people in the cyber world. It is used for
authentication, to prove your identity or to gain access to resources. It should be
kept secret to prevent access by unauthorized users.
In social networking sites like Facebook, Orkut, and LinkedIn each of which is
studded with answers to commonly used security questions such as favourite
place, school, college, etc..
16.2.1 Possible Vulnerabilities are
Passwords could be shared with other persons and might be misused.

Passwords can be forgotten.
Stolen password can be used by an unauthorized user who may collect
your personal information.
16.2.2 Importance of Passwords
Password represents the identity of an individual for a system.

This helps individuals in protecting personal information from being
viewed by unauthorized users. Hence it is important to secure passwords.
Password acts like a barrier between the users and his personal
information.
16.2.3 Various Techniques used by hackers to retrieve Passwords
16.2.3.1 Shoulder Surfing
One way of stealing the password is standing behind

an individual and look over their shoulder to read
their password while they are typing it. Shoulder
Surfing is a direct observation technique, such as
looking over someone's shoulder to get passwords,
PINs, other sensitive personal information and even
overhearing your conversation when you give your
credit-card number over the phone.
Shoulder surfing is easily done in crowded places. Its comparatively easy to

stand next to someone and watch as they fill out a form, enter a PIN number at
an ATM, or use a calling card at a public pay phone. It can also be done long
distance with the help of binoculars or other vision-enhancing devices.
Your confidential information will be at risk if your passwords are observed by

Shoulder Surfers. They can use your password information for logging into your
account and they may do harm to your information.
Tip: Explain to your children to be aware of Shoulder Surfers at public places or

schools while they are entering their passwords into the login accounts. Ask
them to not to reveal their passwords in front of others or not to type their
usernames and passwords before unauthorized persons. Ask them to cover the
keyboard with paper or hand or something else to prevent then from being
viewed by unauthorized users.
16.2.3.2 Writing your passwords on papers or storing it on hard disk
Strangers search for papers or the disk for passwords where they have been
written.
Tip: Tell your children not to write the passwords on any paper or on any disk
drive to store it. Explain to them that memorising is the best way to store them.
16.2.3.3 Brute force attacks
Another way of stealing the password is through

guesses. Hackers try all the possible combinations with
the help of personal information of an individual. They
will try with the persons name, pet name (nickname),
numbers (date of birth, phone numbers), school name
etc.. When there are large numbers of combinations of passwords the hackers
use fast processors and some software tools to crack the password. This method
of cracking password is known as "Brute force attack".
Tip: Explain to your children not to use a password that represents their
personal information like nicknames, phone numbers, date of birth, etc..
16.2.3.4 Dictionary attacks
Hackers also try with all possible dictionary words to crack

your password with the help of some software tools. This
is called a "Dictionary attack".
Tip: Teach your children not to use dictionary words (like animal, plants, birds
or meanings) while creating the passwords for login accounts.
16.2.3.5 Sending your password information through network
The Hackers even get the password information by sniffing the network traffic
which is travelling on the network or even can get the password information
by listening to your phone call conversation with others.
Tip: Teach your children not to give their passwords to their friends or to
anyone through online chatting, e-mails or even through phone conversations.
16.2.3.6 Sharing your passwords with strangers
Sharing the passwords with unknown persons (strangers)

may also lead to loss of your personal information. They
can use your login information and can get access to your
information. The operating system does not know who is
logging into the system, it will just allow any person who enters the credential
information into the login page. Strangers, after getting access to your
information, can do anything with it. They can copy, modify or delete it.
Tip: Explain to your children not to share their passwords with unknown
persons (strangers).
16.2.3.7 Using weak Passwords or blank passwords
Weak and blank passwords are one of the easiest

ways for attackers to crack your system.
Tip: Explain to your children that their

information can be easily stolen or accessed by
strangers if they use weak passwords. Ask them to
Use Strong Passwords.
16.2.3.8 Strong and easiest to remember Password
A strong Password should have combinations of Alphabets, Numbers and

Characters such as c.!@*^&)(~@. Remembering these passwords are very
difficult. So can be made as shown below,
Consider the following pass phrase
16.2.3.9 Things to be remembered while creating Strong Passwords
Use at least 8 characters or more to create a password. The more number

of characters we use, the more secure is our password.
Use various combinations of characters while creating a password. For
example, create a password consisting of a combination of lowercase,
uppercase, numbers and special characters etc..
Avoid using the words from dictionary. They can be cracked easily.
Create a password such that it can be remembered. This avoids the need
to write passwords somewhere, which is not advisable.
A password must be difficult to guess.
Change the password frequently.
16.2.3.10 Guidelines for maintaining a good password

Change the password once in two weeks or when you suspect someone
knows the password.
Do not use a password that was used earlier.
Be careful while entering a password when someone is sitting beside you.
Store the passwords on computer with the help of an encryption utility.
Do not use the name of things located around you as passwords for your
account.
17. Virus Protection and Cleaner Tools
17.1 Windows Based Tools
17.1.1 Avast Home Edition

Standard Shield Real-time protection
IM shield Instant Messenger protection
P2P shield P2P protection
Internet Mail E-mail protection
Outlook/Exchange Microsoft Outlook/Exchange protection
Web Shield HTTP protection (local transparent proxy)
Script blocker script checker (Pro version only)
Network Shield basic protection against well-known network worms.
Acts as a lightweight Intrusion Detection System
Audible alarms vocal warnings such as "Caution, a virus has been
detected!"
Boot-time scan through the program interface, a user can schedule a
boot-time scan to remove viruses that load during Windows startup and
are therefore difficult to remove.
Avast! Antivirus normally updates itself freely for the first 14 months of usage as
long as the using computer is connected to the Internet. After each 14 month
period, the user of the software must re-register to receive a new license key.
Unless upgradied to the pay version, registration currently remains free.
http://www.avast.com/eng/download-avast-home.html
17.1.2 AVG free edition

According to Grisoft, over 60 million users have AVG Anti-Virus protection,
including users of the Free Edition.
The AVG Anti-Virus Free Edition is similar to the AVG Anti-Virus Professional
Edition product, but does not have all the features. It lacks the fine-grained
control over how scans are conducted. In addition, the free versions do not
receive technical support from Grisoft, and English is the only available language.
Grisoft announced that support for AVG Anti-Virus Free Edition version 7.1
ended on February 18, 2007. Users were required to upgrade to AVG Anti-Virus
Free Edition version 7.5.
http://free.grisoft.com/doc/5390/us/frt/0
17.1.3 Avira Antivirus Personal Edition Classic

AntiVir Personal Edition Classic (Windows, Linux) is freeware. This application is
for personal usage only. Like most antivirus software, it scans disk for viruses
and also runs as a background process, checking each opened and closed file. It
can detect and possibly remove root kits. It also performs Internet updates (daily
by default) in which it opens a window, with an advertisement suggesting the
user to purchase AntiVir Personal Edition Premium.
AntiVir PersonalEdition Premium costs 20 yearly. It has several improvements

over the free version, most notable:
Detection of adware and spyware

Exclusive download server
E-Mail scanning
http://www.free-av.com/antivirus/allinonen.html
17.1.4 Bit defender 10 free edition

Bit Defender is an antivirus software suite developed by Bucharest-based
software company SOFTWIN. It was launched in November 2001, and currently
tenth version of it is available. Bit Defender placed SOFT Wins earlier AVX
(Antivirus express) product range. The Bit Defender range includes antivirus
products for home users, business, enterprise users and Internet service
providers.
http://www.bitdefender.com/PRODUCT-14-en--BitDefender-Free-Edition.html
17.1.5 Mcafee Virus Scan Plus

Virus protection guards your whole PC
Spyware Protection blocks potentially unwanted programs
Firewall helps keep hackers out
http://home.mcafee.com/store/package.aspx?pkgid=276&ctst=1
17.1.6 Comodo Antivirus

Comodo Antivirus 2.0 beta has been specifically engineered to deliver the
highest protection against all known viruses, Trojans and Worms. Easy to install,
configure and use Comodo antivirus boasts an industry leading feature list thats
packed with the latest and most sophisticated technologies.
http://antivirus.comodo.com/download.html
17.1.7 Calmav (Open source)

Clam Antivirus (ClamAV), is a free open source antivirus software toolkit for
Windows and Unix-like operating systems. One of its main uses is with mail
exchange servers as a server-side e-Mail virus scanner. ClamAV is distributed
under the terms of the GNU,General Public License (GPL). Both ClamAV and its
updates are made available free of charge.
http://www.clamwin.com/content/view/18/46/
17.1.8 Win pooch (Open source)

Win pooch is a free and open source program that detects and blocks spyware
from computers running Microsoft Windows. It also detects Trojans and can
associate with the Clam Win and Bit Defender antivirus software to provide real-
time protection. As of version 0.6.0, kernel-mode hooking has been implemented
through a kernel-mode driver, allowing Win pooch to monitor the Windows
kernel and system services. It was, however, notorious for causing Blue Screens
of Death.
http://sourceforge.net/project/showfiles.php?group_id=122629
17.2 Linux Based Tools
17.2.1 Avast Home Edition

Avast! Linux Home Edition represents an antivirus solution for the increasingly
popular Linux platform. This software is designed exclusively for home users
and non-commercial use.
17.2.2 AVG Free Edition

AVG 7.5 Free for Linux provides comprehensive and reliable protection against
viruses for Linux powered machines. It offers many features, such as scheduled
and on-demand scanning of folders, files, and common archive types for possible
virus infection. You can also perform a scheduled or on demand update of your
AVG either from the Internet or from local updates Sources.
17.2.3 Calmtk
ClamTk is a GUI front-end for Clam Antivirus using gtk2-perl. It is designed to be
an easy-to-use, lightweight, point-and-click desktop virus scanner for Linux.
http://sourceforge.net/projects/clamtk/
18 . Lockdown, Auditing and Intrusion Detection Tools
18.1 OS Lockdown Tools
18.1.1 Windows based
18.1.1.1 Secure It Pro 4.70.0117
Use Secure It Pro to lock your computer when you're not there. The program
comes with a ton of features: Disabling the main Windows key functions, like
Ctrl+Alt+Del, Alt+Tab, the Windows key, and the Ctrl+Esc key combination.
Secure It Pro can also disable the Windows boot keys, detect for cold boots, allow
other people to leave messages, log incorrect password attempts, or even hide
itself every few seconds. The program also includes password reminder options,
which can assist you if you ever forget your password, as well as several
advanced configuration options as well as a locking screen saver.
http://www.cleansofts.com/get/945/17903/SecureIT_Pro_470.html
18.1.1.2 PC Locker Pro
PC Locker Pro is a Freeware that locks and protects your computer when you
leave.
http://pc-locker-pro.en.softonic.com/
18.1.1.3 Steady state
It's simple to create, modify, and remove user profiles with Windows Steady
State. There's no need to log in to the user account, edit the registry, or
manipulate files or folders on the hard drive. You control all user restrictions
directly from the main console. Rapidly assign high, medium, or low security
defaults to each user profile. Then fine tune the profiles precisely, using the many
available options in Windows Steady State.
http://www.microsoft.com/windows/products/winfamily/sharedaccess/default.mspx
18.1.2 Linux based
18.1.2.1 Pessulus Version 2.16.0
Pessulus enables the system administrator to set mandatory settings in GConf,

which apply to all users, restricting what they can do, which may be of particular
usefulness for kiosks (Internet cafes, for example).
Examples of what can be locked down are the panels (no changes in the panel
configuration are allowed, locking their position and their contents), some of
their functions individually (disabling screen locking and log out), the web
browser (disabling specific protocols, arbitrary URLs, forcing the user to be in
full screen mode), among many others.
http://linuxappfinder.com/package/pessulus
18.1.2.2 Bastille Linux
The Bastille Hardening program "locks down" an operating system, proactively

configuring the system for increased security and decreasing its susceptibility to
compromise. Bastille can also assess a system's current state of hardening,
granularly reporting on each of the security settings with which it works.
http://bastille-linux.sourceforge.net/running_bastille_on.htm
18.1.2.3 Kiosk
System administrators typically spend a lot of their time fixing trivial problems
for users who have accidently changed their settings in some way. When an
inexperienced user moves a desktop icon into the waste bin or sets a mime type
to open with the wrong program they may be unable to reset their changes. Calls
to the system administrator for help are a poor use of everyone's time. It would
be better if the user had never been able to make undesirable changes.
Start the Kiosk tool (as your normal user, there's no need to run as root) by
selecting Kmenu-> System -> Kiosk Admin Tool, or with the kiosk tool command,
and click AddNew Profile. Give this profile a name such as 'locked-down' and
click OK to save. You will be asked for your root password to save the new
profile. Now click Manage Users and add a user policy to link a user to your new
locked-down profile. It is also possible to link a whole group to the policy, you
can see and change which users are in which groups by looking at the file
/etc/group.
http://extragear.kde.org/apps/kiosktool.php
18.2 URL Scan Based Tools
18.2.1 Phishing Scans
18.2.1.1 Reasonable Anti-phishing Toolbar

Protects your financial accountsfrom fraudulent e-Mail and compromising web
sites. Unlike typical anti phishing software using phishing report mechanism,
Reasonable Anti phishing toolbar proactively detect possible fake web sites by
visual similarity to protect your bank account, credit card information and online
account like PayPal, eBay, Citibank and HSBC. Reasonable Anti phishing also
detects fraudulent web site in e-Mails and web pages. Version 2.0.21 adds
Windows Vista and IE 7 support.
http://www.download.com/Reasonable-Anti-phishing-Toolbar/3000-12768_4-
10634323.html
18.2.1.2 Phishing Detector 1.0
With this Anti-phishing tool you can detect Phishing, E-Mail Frauds and Spoofed
e-Mails immediately at your INBOX with one click.
http://www.scanwith.com/download/Phishing_Detector.htm
18.2.1.3 Garlic wrap
GralicWrap is a remote control that slows down the Internet performance on the
system because the application maintains a constant connection with its central
server. It also blocks the fraudulent websites. Garlic Wrap checks every website
visited by the user against the information stored at its central database.
http://gralicwrap.com/WebDownloadClient.php
18.2.1.4 McAfee Site Advisor for Firefox
McAfee Site Advisor for Firefox - adds safety ratings to sites and search results to
protect you against adware, spam, and online scams.
http://www.siteadvisor.com/download/ff_preinstall.html
18.2.1.5 Spoof stick
Spoof Stick is a simple browser extension that helps users detect spoofed (fake)
websites. A spoofed website is typically made to look like a well known, branded
site (like ebay.com or citibank.com) with a slightly different or confusing URL.
The attacker then tries to trick people into going to the spoofed site by sending
out fake e-Mail messages or posting links in public places - hoping that some
percentage of users won't notice the incorrect URL and give away important
information. This practice is sometimes known as phishing".
http://www.spoofstick.com/Internet_explorer.html
http://www.spoofstick.com/firefox.html
18.3 Web Server Lockdown Tools
18.3.1 Microsoft IIS Lockdown Tool 2.1

Microsoft has released an updated version of the Internet Information Services
(IIS) Lockdown Tool 2.1, which provides templates for the major IIS-dependent
Microsoft products. IIS Lockdown Tool functions by turning off unnecessary
features, thereby reducing attack surface available to attackers. To provide in-
depth defense or multiple layers of protection against attackers, URLscan, with
customized templates for each supported server role, has been integrated into
the IIS Lockdown Tool.
http://www.microsoft.com/technet/security/tools/locktool.mspx
http://www.microsoft.com/downloads/details.aspx?FamilyID=DDE9EFC0-BB30-47EB-
9A61-FD755D23CDEC&displaylang=en
18.3.2 URL Scan security tool

UrlScan version 2.5 is a security tool that restricts the types of HTTP requests
that Internet Information Services (IIS) will process. By blocking specific HTTP
requests, the UrlScan security tool helps prevent potentially harmful requests
from reaching the server. UrlScan 2.5 will now install as a clean installation on
servers running IIS 4.0 and later.
http://technet.microsoft.com/en-in/security/cc242650(en-us).aspx
18.4 Detection Tools

18.4.1 Linux based
18.4.1.1 Tiger (Intrusion Detection tool)
Tiger is a security tool that can be use both as a security audit and intrusion
detection system. It supports multiple UNIX platforms and it is free and provided
under a GPL license. Unlike other tools, Tiger needs only POSIX tools and is
written entirely in shell language.
http://download.savannah.nongnu.org/releases/tiger/
18.4.1.2 Tripwire (Monitors Directory for any changes)

Open Source Tripwire software is a security and data integrity tool useful for
monitoring and alerting on specific file change(s) on a range of systems.
http://sourceforge.net/projects/tripwire/
18.4.1.3 SWATCH (Actively monitors log files)
The purpose of this program is to scan the system log files to report security-
related events or other events of interest. Swatch can be configured to send
alerts to system administrators. The program uses a resource file to scan for
certain events and generate alerts. The resource file consists of directives that
specify patterns, actions to take when the pattern is found, and the recurrence of
the pattern. The swatch program provides a call pager Perl utility with the
distribution. As the name implies, this utility sends alert pages to systems
personnel. Listing 3 displays a typical swatch resource file. By default, the swatch
program expects the swatch resource file by name to be ~/.swatchrc and
willmonitor the /var/log/syslog file. These defaults can also be specified via
command-line options. Before using this utility, make sure you understand the
syslog configuration information typically located in /etc/syslog.conf
http://safari.java.net/0321194438/ch08lev2sec2
18.4.1.4 LIDS (Linux Intrusion Detection tool)
LIDS is an enhancement for the Linux kernel written by Xie Huagang and
Philippe Biondi. It implements several security features that are not in the Linux
kernel natively. Some of these include: mandatory access controls (MAC), a port
scan detector, file protection (even from root), and process protection.
http://www.lids.jp/wiki/index.php?cmd=read&page=Development&word=LIDS
18.4.1.5 Snort (Intrusion Detection tool)
Snort is an open source network intrusion prevention and detection system

utilizing a rule-driven language, which combines the benefits of signature,
protocol and anomaly based inspection methods. With millions of downloads to
date, Snort is the most widely deployed intrusion detection and prevention
technology worldwide and has become the de facto standard for the industry.
http://www.snort.org/
18.4.1.6 BRO (Network Intrusion Detection System)
Bro is a network IDS developed by the Lawrence Berkeley National Laboratory of

the Department of Energy and is used quite heavily in federal, military and
research labs. Bro is an open source, Unix-based NIDS that passively monitors
network traffic and looks for anomalous traffic behavior.
This tool works by first extracting the application layer of packets and then
executes event-oriented analyzers comparing the patterns with signatures that
have been identified as malicious data. Although Bro is a signature-based
detection engine, it can detect attacks through changes in traffic patterns and
predefined activities.
http://www.bro-ids.org/download.html
18.4.1.7 Prelude (Intrusion Detection tool)
Prelude benefits from its ability to find traces of malicious activity from different
sensors (Snort, honeyd, Nessus Vulnerability Scanner, Samhain, over 30 types of
systems logs, and many others) in order to better verify an attack and in the end
to perform automatic correlation between the various events.
Prelude is committed to providing an Hybrid IDS that offers the ability to unify
currently available tools into one, powerful, and distributed application.
http://www.prelude-ids.org/spip.php?rubrique6
18.4.1.8 OSSEC (Host based Intrusion Detection System)
OSSEC is an Open Source Host-based intrusion detection system. It performs log

analysis, integrity checking, Windows registry monitoring, root kit detection,
time-based alerting and active response. It runs on most operating systems,
including Linux, OpenBSD, FreeBSD, Mac OS, Solaris and Windows. It has a
centralized, cross-platform architecture allowing multiple systems to be easily
monitored and managed.
http://www.ossec.net/main/downloads/
19.Security Assessment Tools
19.1 Assessment Of OS Security Levels
19.1.1 Microsoft security assessment tool (Windows)

The Microsoft Security Assessment Tool (MSAT) is a risk-assessment application
designed to provide information and recommendations about best practices for
security within an information technology (IT) infrastructure.
http://www.microsoft.com/downloads/details.aspx?FamilyID=6d79df9c-c6d1-4e8f-
8000-0be72b430212&displaylang=en
19.1.2 Nessus ($, Linux, Windows)

The Nessus vulnerability scanner, is the world-leader in active scanners,
featuring high speed discovery, configuration auditing, asset profiling, sensitive
data discovery and vulnerability analysis of your security posture. Nessus
scanners can be distributed throughout an entire enterprise, inside DMZs, and
across physically separate networks.
http://www.nessus.org/download/
19.1.3 Retina ( Windows)

Retina Network Security Scanner, the industry and government standard for
multiplatform vulnerability management, identifies known and zero day
vulnerabilities plus provides security risk assessment, enabling security best
practices, policy enforcement, and regulatory audits.
http://www.eeye.com/html/products/retina/download/index.html
19.1.4 IBM Internet scanner

Internet Scanner can identify more than 1,300 types of networked devices on
your network, including desktops, servers, routers/switches, firewalls, security
devices and application routers. Once all of your networked devices are
identified, Internet Scanner analyzes the configurations, patch levels, operating
systems and installed applications to find vulnerabilities that could be exploited
by hackers trying to gain unauthorized access.
https://www.iss.net/issEn/MYISS/login.jhtml?action=download
19.1.5 Patch link vulnerability assessment tool

Reduce corporate risk through the timely, proactive elimination of operating
system and application vulnerabilities.
Decrease IT costs and improve productivity with a highly automated,
subscription-based patch management solution.
Eliminate recurring risks through 'patch drift'
Demonstrate compliance with security policies and government
regulations through continuous patch monitoring and comprehensive
reporting.
http://www.lumension.com/patch-management.jsp
19.1.6 Qualys guard ( Linux & Windows)

Free Scan allows you to quickly and accurately scan your server for thousands of
vulnerabilities that could be exploited by an attacker. If vulnerabilities exist on
the IP address provided, Free Scan will find them and provide detailed
information on each risk - including its severity, associated threat, and potential
impact. It even provides links to give you more information about the
vulnerability and how to correct it.
http://www.qualys.com/forms/trials/freescan/matrix/?lsid=6960
19.1.7 GFI LAN guard (Windows)

GFI LAN guard Network Security Scanner (N.S.S.) is an award-winning solution
that allows you to scan, detect, assess and rectify any security vulnerabilities on
your network. As an administrator, you often have to deal separately with
problems related to vulnerability issues, patch management and network
auditing, at times using multiple products. However, with GFI LAN guard N.S.S.,
these three pillars of vulnerability management are addressed in one package.
Using a single console with extensive reporting functionality, GFI LAN guard
N.S.S.s integrated solution helps you address these issues faster and more
effectively.
http://www.gfi.com/downloads/downloads.aspx?pid=lanss&lid=EN
19.1.8 Core Impact (Windows)

Core Impact is commercial penetration testing application developed by Core
Security Technologies which allows the user to probe for and exploit security
vulnerabilities in a computer network. The interface is designed to be usable by
individuals without specialized training in computer security, and includes
functions for generating reports from the gathered information. It is used by
over 600 companies and government entities.
http://www.coresecurity.com/?module=ContentMod&action=item&id=535
19.1.9 ISS Internet scanner ( Windows)

Minimum purchase quantity, 10 IP's. ISS Internet Scanner is installed on one
computer on the network, and scans computers and routers for security
vulnerabilities in the operating system, key applications and configuration, using
ISS's database of known vulnerabilities. The perpetual license requires annual
support and maintenance. This version includes Site Protector Management for
licenses up to 500 IP's.
https://www.securehq.com/group.wml&storeid=1&deptid=75&groupid=928&ds=wps
hop_store&SessionID=20091285321932563
19.1.10 Nikto (Linux)

A more comprehensive web scanner Nikto is an open source (GPL) web server
scanner which performs comprehensive tests against web servers for multiple
items, including over 3200 potentially dangerous files/CGIs, versions on over
625 servers, and version specific problems on over 230 servers. Scan items and
plugins are frequently updated and can be automatically updated (if desired). It
uses Whisker/libwhisker for much of its underlying functionality. It is a great
tool, but the value is limited by its infrequent updates. The newest and most
critical vulnerabilities are often not detected.
http://linux.softpedia.com/get/System/Networking/Nikto-10271.shtml
19.1.11 X-scan (Windows)

X-Scan is a basic network vulnerability scanner utilizing a multi-threading scan
approach. The scanner can be utilized both at the command line and has an easy
to use GUI front-end. The following items can be scanned:
Remote OS type and version detection,

Standard port status and banner information,
SNMP information,
CGI vulnerability detection,
IIS vulnerability detection,
RPC vulnerability detection,
SSL vulnerability detection,
SQL-server,
FTP-server,
SMTP-server,
POP3-server,
NT-server weak user/password pairs authentication module,
NT server NETBIOS information,
Remote Register information, etc.
http://www.xfocus.org/programs/200507/18.html
http://www.vulnerabilityassessment.co.uk/xscan.htm
19.1.12 Sara (Linux, Windows, Open source)
In its simplest (and default) mode, it gathers as much information about remote
hosts and networks as possible by examining such network services as finger,
NFS, NIS, ftp and tftp, rexd, and other services. The information gathered
includes the presence of various network information services as well as
potential security flaws -- usually in the form of incorrectly setup or configured
network services, well-known bugs in system or network utilities, or poor or
ignorant policy decisions. It can then either report on this data or use a simple
rule-based system to investigate any potential security problems. Users can then
examine, query, and analyze the output with an HTML browser, such as Mosaic
or Netscape. While the program is primarily geared towards analyzing the
security implications of the results, a great deal of general network information
can be gained when using the tool - network topology, network services running,
types of hardware and software being used on the network, etc.
http://www-arc.com/sara/
19.1.13 SAINT ((Linux & Open source)

SAINT, or the Security Administrator's Integrated Network Tool, uncovers areas
of weakness and recommends fixes. With SAINT vulnerability assessment tool,
you can:
Detect and fix possible weaknesses in your networks security before

they can be exploited by intruders.
Anticipate and prevent common system vulnerabilities.
Demonstrate compliance with current government regulations such as
FISMA,SOX, GLBA, HIPAA, and COPPA and with industry regulations
such as PCIDSS.
The SAINT scanning engine is the ideal cornerstone for your
vulnerability assessmentprogram. SAINT features a graphical user
interface that is intuitive and easy to use.
http://download.saintcorporation.com/downloads/freetrial/saint-install-6.7.2.gz
19.1.14 MBSA (Windows)

Microsoft Baseline Security Analyzer (MBSA) is an easy-to-use tool designed for
the IT professional that helps small and medium-sized businesses determine
their security state in accordance with Microsoft security recommendations and
offers specific remediation guidance. Built on the Windows Update Agent and
Microsoft Update infrastructure, MBSA ensures consistency with other Microsoft
management products including Microsoft Update (MU), Windows Server
Update Services (WSUS), Systems Management Server (SMS) and Microsoft
Operations Manager (MOM). Apparently MBSA on average scans over 3 million
computers each week.
19.1.15 Paros Proxy (Linux, Windows, Open source)
We wrote a program called "Paros" for people who need to evaluate the security
of their web applications. It is free of charge and completely written in Java.
Through Paros's proxy nature, all HTTP and HTTPS data between server and
client, including cookies and form fields, can be intercepted and modified.
http://www.parosproxy.org/download.shtml
19.1.16 Web Scarab (Linux, Windows, Open source)

Web Scarab is a framework for analyzing applications that communicate using
the HTTP and HTTPS protocols. It is written in Java, and is thus portable to many
platforms. Web Scarab has several modes of operation, implemented by a
number of plug-ins.
In its most common usage, Web Scarab operates as an intercepting proxy,

allowing the operator to review and modify requests created by the browser
before they are sent to the server, and to review and modify responses returned
from the server before they are received by the browser.
http://www.net-security.org/software.php?id=504
19.1.17 Web Inspect ( Windows)

Web Inspect application security assessment tool ensures your organizations
web security and the security of your most critical information by identifying
known and unknown vulnerabilities within the Web application layer. Web
Inspect also helps you ensure Web server security by including checks that
validate that the Web server is configured properly. With Web Inspect, auditors,
compliance officers, and security experts can perform security assessments on
Web applications and Web services.
https://h10078.www1.hp.com/cda/hpms/display/main/hpms_content.jsp?zn=bto&cp
=1-11-201-200%5e9570_4000_100__
19.1.18 Whisker/Libwhisker (Linux, Windows, Open source)

Libwhisker is a Perl module geared towards HTTP testing. It provides functions
for testing HTTP servers for many known security holes, particularly the
presence of dangerous CGIs. Whisker is a scanner that used libwhisker but is
now deprecated in favour of Nikto which also uses libwhisker.
http://www.wiretrip.net/rfp/
19.1.19 Burp suite (Linux, Windows, Open source)

Burp Suite is an integrated platform for attacking web applications. It contains
the entire Burp tools with numerous interfaces between them designed to
facilitate and speed up the process of attacking an application. All tools share the
same robust framework for handling HTTP requests, authentication,
downstream proxies, logging, alerting and extensibility.
Burp Suite allows you to combine manual and automated techniques to

enumerate, analyze, attack and exploit web applications. The various Burp tools
work together effectively to share information and allow findings identified
within one tool to form the basis of an attack using another.
http://portswigger.net/suite/download.html
19.1.20 Wikto (Windows, Open source)

Wikto is a tool that checks for flaws in web servers. It provides much the same
functionality as Nikto but adds various interesting pieces of functionality, such as
a Back-End miner and close Google integration. Wikto is written for the MS .NET
environment and registration is required to download the binary and/or source
code.
http://www.sensepost.com/research/wikto/
19.1.21 Acunetix Web Vulnerability Scanner ( Windows)

Out of the 100,000 websites scanned by Acunetix WVS, 42% were found to be
vulnerable to Cross Site Scripting. XSS is extremely dangerous and the number of
the attacks is on the rise. Hackers are manipulating these vulnerabilities to steal
organizations sensitive data. Can you afford to be next? Cross Site Scripting
allows an attacker to embed malicious JavaScript, VBScript, ActiveX, HTML, or
Flash into a vulnerable dynamic page to fool the user, executing the script on his
machine in order to gather data. Exploited Cross Site Scripting is commonly used
to achieve the following malicious results:
Identity theft
Accessing sensitive or restricted information
Gaining free access to otherwise paid for content
Spying on users web browsing habits
Altering browser functionality
Public defamation of an individual or corporation
Web application defacement
Denial of Service attacks
http://www.acunetix.com/cross-site-scripting/scanner.htm
19.1.22 Watchfire AppScan ( Windows)

Watchfire AppScan automates web application security audits to help ensure the
security and compliance of websites. Named the worldwide market-share leader
according to Gartner and IDC, our AppScan product suite offers a solution for all
types of web application security testing needs - outsourced, individual scans
and enterprise-wide analysis - and for all types of users - application developers,
quality assurance teams, penetration testers, security auditors and senior
management.
https://www.watchfire.com/securearea/appscan.aspx
19.1.23 N-Stealth (Windows)

N-Stealth is a comprehensive web server security-auditing tool that scans for
over 30,000 vulnerabilities. It is ideal for system administrators, security
consultant and IT professionals.
http://www.nstalker.com/products/free/
19.2 Assessment Of Database Security Levels
19.2.1 IPLocks
IPLocks Armour provides the industrys most robust solution for detecting and
repairing database weaknesses. No other vendor can match the combination of
scalability, customizability, and cost-effectiveness of IPLocks. Companies around
the world use IPLocks Armour to support critical initiatives such as:
User Privilege Reporting

Internal Security
SOX Compliance
PCI Compliance
Risk Management
http://www.iplocks.com/products/iplocks_armour.html
19.2.2 App Detective

A network-based, vulnerability assessment scanner, App Detective Pro discovers
database applications within your infrastructure and assesses their security
strength. In contrast to piecemeal solutions, App Detective Pro modules allow
enterprises to assess two primary application tiers - application / middleware,
and back-end databases - through a single interface. Backed by a proven security
methodology and extensive knowledge of application-level vulnerabilities, App
Detective Pro locates, examines, reports, and fixes security holes and
misconfigurations. As a result, enterprises can proactively harden their database
applications while at the same time improving and simplifying routine audits.
https://www.appsecinc.com/downloads/appdetectivepro/
19.3 Assessment Of Application Security
19.3.1 Browser security levels
19.3.1.1 Watch fire
Watch fire App Scan automates web application security audits to help
ensure the security and compliance of websites. Named the worldwide market-
share leader according to Gartner and IDC, our App Scan product suite offers a
solution for all types of web application security testing needs - outsourced,
individual scans and enterprisewide analysis - and for all types of users -
application developers, quality assurance teams, penetration testers, security
auditors and senior management.
https://www.watchfire.com/securearea/appscan.aspx
19.3.1.2 N-stalker
N-Stalker Web Application Security Scanner 2006 is a web security assessment

solution developed by N-Stalker. By incorporating the well-known N-Stealth
HTTP Security Scanner and its 35,000 Web Attack Signature database, along with
a patent-pending Component-oriented Web Application Security Assessment
technology, N-Stalker is capable of sweeping your Web Application for a large
number of vulnerabilities common to this environment, including Cross-site
Scripting and SQL injection, Buffer Overflow and Parameter Tampering attacks
and much more.
http://www.nstalker.com/products/free/download-free-edition
19.3.1.3 Sprajax (for AJAX)
Sprajax is an open source black box security scanner used to assess the security
of AJAX-enabled applications. By detecting the specific AJAX frameworks in use,
Sprajax is able to better formulate test requests and identify potential
vulnerabilities.
http://www.owasp.org/index.php/Category:OWASP_Sprajax_Project
19.3.1.4 Pixy (for PHP)

Pixy is an Open-Source Vulnerability Scanner that identifies SQL, XSS problems
in PHPapplications.
http://pixybox.seclab.tuwien.ac.at/pixy/download.php
19.3.2 Peer to peer networking levels
19.3.2.1 Prevx
However, in order to share files on your computer and sometimes in order for
you to access files on other computers within a P2P network such as Bit Torrent,
you must open a specific TCP port through the firewall for the P2P software to
communicate. In effect, once you open the port you are no longer protected from
malicious traffic coming through it.It may cause confusion for novice users in
much the same way personal firewall software such as Zone Alarm does because
simply allowing or banning actions wholesale would result in either allowing a
large amount of suspicious activity to go undetected or banning a large amount
of benign actions such as the user trying to install their own software, so Prevx
asks the user how it should treat the activity.Any time that an application
attempts to access system memory or critical files or alter the registry the Prevx
Home software detects the activity and either blocks it completely or asks the
user how to proceed. According to Prevx the software will detect and prevent
buffer overflows and overruns, modification of critical files and directories,
unauthorized changes to critical areas of the system registry and more.I removed
my antivirus and firewall software for an entire week during my test and still ran
into no viruses or other malicious code or spyware. A scan with Ad-Aware found
a handful of tracking cookies, but nothing malicious.
http://info.prevx.com/downloadprevx2.asp
19.3.2.2 Honey trap
Honey trap is a network security tool written to observe attacks against network
services. As a low-interactive honey pot, it collects information regarding known
or unknown network-based attacks and thus can provide early-warning
information.
http://honeytrap.mwcollect.org/download-Download%20Honeytrap
20. Operating system Updates and Patches
20.1 Security Update Solution Tools (Windows)
20.1.1 Updates
20.1.1.1 Microsoft Update
Latest bug fixes for Microsoft Windows, including fixes for some possible DoS
attacks.
Windowsupdate.microsoft.com
20.1.1.2 WSUS
Microsoft Windows Server Update Services (WSUS) enables information

technology administrators to deploy the latest Microsoft product updates to
computers running the Windows operating system. By using WSUS,
administrators can fully manage the distribution of updates that are released
through Microsoft Update to computers in their network.
http://technet.microsoft.com/en-us/wsus/default.aspx
20.1.1.3 Microsoft Office Update
Latest bug fixes for Microsoft Windows, including fixes for some possible DoS
attacks
http://office.microsoft.com/en-us/downloads/default.aspx
20.2 Windows Desktop Firewall Settings
20.2.1 Firewall
Firewall is a software or hardware systems that controls the access to or from a
private network. It works by checking and logging the data packets and block the
data packets that does not meet the predefined security criteria. It helps in
keeping your system more secure.
20.2.1.2 Procedure to Configure Windows Firewall
To access Windows firewall in Windows XP, go to Start and click on Run.

In the Open box type wscui.cpl and click Ok.
Now we can view a window as shown below
Under Manage security settings, click on Windows Firewall.
Now we can view a window as shown below.

Under the General Tab, ensure that the firewall is On. Selecting Don't allow
exceptions option, programs that are added under Exception tab are blocked by
the Windows firewall.
To unblock any desired program or a service, click on the Exceptions

Tab and Click Add Program.
Select the desired program or service from the list shown below and click OK. We
can open the desired ports by clicking add port under Exceptions tab.
To view the successful connections allowed by the firewall, Click on the

Advanced Tab as shown below
Under Advanced tab, Click on settings under Security Logging section as shown
below.
Under Log settings, check the option Log successful connections and specify the
path of the log file under Log File Options section.
To view the open ports in the system or established connections in the command
prompt type netstat -ano.
Note: If a third party firewall has been installed in the system, ensure that the
default firewall that comes along with your system is turned off.
21. Security Update Detection Tools
21.1 MBSA
Microsoft Baseline Security Analyzer (MBSA) is an easy-to-use tool designed for
the IT professional that helps small and medium-sized businesses determine
their security state in accordance with Microsoft security recommendations and
offers specific remediation guidance. Built on the Windows Update Agent and
Microsoft Update infrastructure, MBSA ensures consistency with other Microsoft
management products including Microsoft Update (MU), Windows Server
Update Services (WSUS), Systems Management Server (SMS) and Microsoft
Operations Manager (MOM). Apparently MBSA on average scans over 3 million
computers each week.
http://www.microsoft.com/technet/security/tools/mbsahome.mspx
21.2 Microsoft Office Visio 2007 Connector

Do you know the security status of your network? Get a visual. The Visio 2007
Connector for Microsoft Baseline Security Analyzer (MBSA) lets you view the
results of an MBSA scan in a clear, comprehensive Microsoft Office Visio 2007
network diagram.
You must have both Visio 2007 Professional and MBSA 2.1, a free security tool
from Microsoft, for this connector to work properly.
References:
http://www.microsoft.com/india/windows/products/windowsvista/features/details/
parentalcontrols.mspx
www.switched.com
www.us-cert.gov
www.occ.treas.gov
http://www.getsafeonline.org/nqcontent.cfm?a_id=1157
http://www.google.com/support/websearch/bin/answer.py?hl=en&answer=35892
www.staysafeonline.info
www.yahoo.com
http://www.uni.illinois.edu/library/computerlit/scenarios.php
http://www.getsafeonline.org/
http://dban.sourceforge.net/
http://www.heidi.ie/eraser/
http://micro2000.com/erasedisk/
http://www.apple.com/safari/features.html#security

Internet Security

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Internet Security

Uploaded by

Copyright:

Available Formats

Acknowledgements

Department of Information Technology

Ministry of Communications and Information Technology

Our Sincere Acknowledgements for the support provided by Department of

1.1 Information Security Awareness........................................................................

1.2 Importance of Cyber Security...........................................................................

2.1 Definition of Computer Ethics............................................................................

2.2 Internet Ethics for everyone................................................................................

2.3 Ethical rules for computer users.......................................................................

3.1 World Wide Web (WWW)..................................................................................

3.2 Usage of Internet................................................................................................

3.3 Features of Internet ...........................................................................................

3.4 Benefits of Internet ............................................................................................

3.5 Privacy Issues.......................................................................................................

3.6 Peer To Peer (P2P) Networking........................................................................

4. Search Engines and Web Browsers........................................................................

4.1 Usage of search engines..................................................................................

4.2 Internet Browser(s) Security .............................................................................

4.3. Risks towards web browser..............................................................................

4.4 How to secure your web browser?.................................................................

5.1 Filtering Services in web browser.....................................................................

5.2 Parental Control Bars.........................................................................................

5.3 Procedure for installing Parental control toolbar.........................................32

6. Internet Mediated Communication......................................................................

6.1 e-Mail Security ....................................................................................................

6.2 Instant Messaging..............................................................................................

7.1 Tips to avoid risks by social networking .........................................................

8. Online Games and Computer Games.................................................................

8.1 About online games..........................................................................................

8.2. Things to be noted while downloading the games...................................52

8.3. Risks Involved......................................................................................................

9.1 Safe Downloading and uploading.................................................................

9.2 Risks by insecure downloads...........................................................................

9.3 Tips for Safety downloads.................................................................................

10.2 Risks involved in blogging ..............................................................................

10.3 Tips to avoid risks by blogging ......................................................................

10.4 Guidance for Parents on Blogging...............................................................

11. Cyber Bullying..........................................................................................................

11.1 Harassment and bullying................................................................................

11.2 Cyber bullying can be done in the following ways..................................61

11.3 Tips and guidelines...........................................................................................

12. Online Threats and Tips .........................................................................................

12.1 Protect children from online threats.............................................................

12.3 Online Banking..................................................................................................

12. 4 Online Shopping..............................................................................................

12.5 Identity Theft......................................................................................................

13. Mobile Security........................................................................................................

13.1 Security Concerns............................................................................................

13.2 Guidelines for securing mobile devices.......................................................

14. Data Security............................................................................................................

14.1 Importance of securing data........................................................................

14.2 Securing data by disposal..............................................................................

15. Physical Security......................................................................................................

15.1 Computer locks................................................................................................

15.2 BIOS Security......................................................................................................

16. Safe Practices..........................................................................................................

16.1 Operating System Security.............................................................................

16.1.2 Guidelines for securing the operating System........................................81

16.2 Password Security Policy ................................................................................

17. Virus Protection and Cleaner Tools......................................................................

17.1 Windows Based Tools.......................................................................................

17.2 Linux Based Tools..............................................................................................

18 . Lockdown, Auditing and Intrusion Detection Tools.........................................91

18.1 OS Lockdown Tools..........................................................................................