UNIT IV EVERYDAY SECURITY

1. Connecting your laptop, mobile devices, PDAs to Internet

 There are four main ways to connect a laptop to the Internet-wirelessly,
with an Ethernet cable, with a mobile broadband modem or networking
card, or by tethering to your cell phone.
 Each method requires a different process.
 For business owners that want to save money without sacrificing
Internet speed, wireless and Ethernet connections provide fast
connection speeds, requiring a service plan with an Internet service
provider such as a cable or DSL company. 
 Cell-phone connections provide an extra level of convenience, but you
may experience dropouts and you must have an Internet access plan
with your provider that includes tethering usually an extra fee.

Cable and DSL

 Plug your modem into the electrical outlet to power it on. If you have a
separate router, plug that in as well.
 Plug one end of the coaxial cable carrying the Internet signal into the
back of your modem firmly for a cable modem setup.
 Plug one end of the phone cord into the back of the modem for DSL
connections. 
 Connect another Ethernet cable between your router or combined
modem/router to the back of your laptop's Ethernet connection.
 If you have a wireless router, skip this step. Your laptop will have only
one Ethernet port that fits the Ethernet cable.

Bluetooth Cell Phone

 Activate Bluetooth on your cell phone. Locate the Settings menu and set
the device to "Discoverable" or "On" to make it discoverable.

 Navigate to "My Computer" and then click "Bluetooth Connections" on

your laptop.

 Click the option to "Add a New Connection or Device."

 When the phone appears in the list of devices, double-click on the name
of the phone to pair it with your computer.
  Write down the PIN number that appears on your computer and enter it
into the phone when prompted.

Wireless Broadband

 Plug the wireless network card or modem into the PCMCIA port,
Express Card slot or USB port of your computer, depending on the type
of network device you received from your service provider.

 Enter a username and password in the browser window that

automatically starts to connect to the Internet.

 Confirm that you accept the terms and conditions and begin browsing
the Internet.

PDA

 Personal digital Assistant also known as a handheld PC, or personal data

assistant, is a mobile device that functions as a personal information
manager.

 Most PDAs can access the Internet, intranets or extranets via Wi-Fi or

Wireless Wide Area Networks.

 Personal digital assistant is a term for a small, mobile, handheld device

that provides computing and information storage and retrieval capabilities
for personal or business use, often for keeping schedules, calendars and
address book information handy.

2. Managing your browser

1. Use a strong anti-virus software

 Browser protection should be included within your anti-virus product.
 The top anti-virus products should prevent a malicious page from
loading.
 Make sure you have a suitable anti-virus product installed on all
machines and keep it up to date.
2. Actively manage cookies
 Cookies aren’t necessarily all bad. Some websites need cookies to be
downloaded to your local device in order to function correctly.
 However, cookies do present a risk.
  Even if the cookies are legitimate, malware can steal the information they
contain. And how do you determine which cookies are legitimate and
which are malware?
 Reduce the number of cookies stored on your computer.
 Websites now need your permission to store cookies.
 Make it your standard practice not to give this permission.
 You can also opt to block cookies in your browser settings.
 In Microsoft Edge, go to Settings > Site Permissions. Select “off” for
“Allow sites to save and read cookie data” and turn on “Block third-party
cookies”. You also have the option to delete certain cookies or block
specific sites.
 From time to time, you might also delete all cookies stored on your
computer.
 Deletion makes sense here because the fewer cookies installed, the lower
the risk.
3. Remove extensions
 Extensions can be exploited by malware.
 Google recently removed a number of extensions from its store because
they were involved in information theft.
 To reduce risk, you can turn off extensions.
 In Microsoft Edge, click on the “…” icon at the top right of the browser
window to open the Settings and More menu. From here, you can select
the extensions you wish to remove.
4. Turn off save passwords and autofill
 While the autofill of information on forms and passwords is incredibly
useful and timesaving, it clearly presents a security risk.
 Having this information stored in your browser isn’t secure, so it makes
sense to turn off these features.
 In Microsoft Edge, go to the settings and more menu > Settings >
Passwords & autofill. Then turn off “Save passwords”, turn off “Save
form data” and turn off “Save cards”.
 If users need help with passwords, offer them an approved encrypted
password vault solution to use instead.
5. Follow principle of least privilege
 The core principle of a least privilege approach is to deny users and
applications access to files, folders, systems, applications and areas of the
network unless they need to access them for their job.
  For those users with high-privilege user accounts, we recommend that
you set them up with a primary account without high-level access rights
which they use for their everyday tasks and web browsing.
 This way, you keep their activities on the Internet separate from their
high-privilege network access.
 This is important because many vulnerability exploits (such as viruses
and Trojan exploits) are executed with the privileges of the user that
executes them.
6. Use a sandbox
 Another extension to the least privilege approach is to use a sandbox for
applications, so they run only in the sandbox and cannot access the hard
disk.
 The application is wiped from the memory as soon as the sandbox is
closed.
 In this way, you can block malicious disk writes.
 Windows Sandbox is included in Windows 10 Pro and Enterprise
licencing bundles and can be enabled in the Control Panel.
3.Facebook Security
1. Listen to users

Facebook needs to spend more time listening to its users. Although the
company realizes that it can’t always give in to users’ demands, it also needs to
realize that the users need to be happy with the way things are going. They
don’t want to have to deal with complicated privacy settings. They also don’t
want to have to worry about security when talking to friends. If Facebook
started listening to its users more often, it would have a much easier time
running its business.

2. Ads aren’t everything

Part of the reason Facebook is facing all this trouble today is its desire to
increase its bottom line through advertising. The company fully understands
that the more open profile information is, the easier it is to attract advertisers
that want to target a specific portion of its user base. Advertising revenue can
still be a key component in its revenue, but it can’t dedicate its operation to
that. 

3. Third-party partners can’t always be trusted

Facebook has started sharing profile information with some of its third-party
partners. Several privacy advocates have railed against this policy, saying that
type of transfer of personal information isn’t helping users in any way. If
Facebook is truly dedicated to increasing the privacy of its social network, it
can’t simply trust that the information it shares with third parties will be
handled responsibly. That’s not to say that third parties can never be trusted.
But as consumers have learned time and again, the more companies that have
their hands on a user’s information, the worse it could potentially be for that
user.

4. No users means no money

Facebook is in a dangerous position. Recently, a group was formed that plans to

“quit” Facebook by the end of May if things don’t get better on the site. So far,
more than 10,000 folks have signed up. Granted, that’s not a huge number,
considering Facebook has 400 million active users. But it could be the start of
something much bigger. Facebook should be concerned about its future. And it
needs to realize that making users happy should be its first step.

5. Make things easier for users

Currently, Facebook’s privacy features are quite good. They allow users to
control almost every facet of their profiles, including who can see the content
they or others share with friends. But they’re too difficult for the average,
novice Web user to find. And when they finally find those settings, there isn’t
enough information to help users adequately determine what to do with each
setting. That could be a serious problem. 

6. Establish a quick-response security team

One of the first things Facebook should do is establish a quick-response security

team. Although the company currently has security teams in place, it needs to
come up with a top-notch team of professionals that are constantly sniffing out
issues across the social network, such as searching for phishing scams and for
malware that has found its way onto the site. If Facebook can demonstrate to
users that it’s serious about security and has a quick-response team in place to
limit the impact of potential privacy breaches, it could significantly improve its
chances of regaining user trust.

7. Start educating users

This one won’t be easy, but it’s necessary. Facebook needs to do a better job of
educating people on the dangers of using social networks. It also needs to help
users understand how they can improve their own security and privacy.
Educating users is an extremely important step for a company that’s trying
desperately to look like the good guy in the security and privacy battle. If it can
make the point that it’s attempting to educate users to help them find problems
before they wreak havoc on their own computers, it might be able to keep from
alienating its core base.

8. Make privacy and security controls more business-friendly

Consumers might not care about how Facebook’s privacy and security controls
affect corporations, but the enterprise certainly does. Nowadays, more and more
people are accessing social networking sites from the office. Although they
don’t see the dangers of that, the IT staff does. It’s a constant struggle for IT
professionals to stay ahead of social network use. But if Facebook added
security controls designed specifically for IT administrators to use in their
operations, that would change everything. Not only would it make users who
want to be able to access social networks at work happy, it would make it easier
for companies to safeguard their networks if trouble erupts on the site.

9. Make security a community project

Facebook should tap into the knowledge of its international community to

improve the site’s security. As Linux, Google and other open-source advocates
have shown throughout the years, relying on the intelligence of the community
is a smart strategy. Typically, folks across the globe can contribute more to a
solid security strategy than a handful of so-called experts sitting in a room
somewhere discussing how to improve a platform. By drawing on its users,
Facebook can not only improve its security, it can give the community a vested
interest in making the site more secure.

10. Always remember the responsibility

In recent months, Facebook might have lost its way. It became too complacent,
believing that its success would continue indefinitely. It also figured that its
users wouldn’t care nearly as much about privacy as they actually do. It was a
mistake. Going forward, Facebook needs to remember that it has a
responsibility to keep its site secure. It also has a responsibility to keep its users’
privacy intact. If it can achieve both of those goals, everything will be fine.

4. E-mail security
  Email security is a term for describing different procedures and
techniques for protecting email accounts, content, and communication
against unauthorized access, loss or compromise.
 Email security is the process of ensuring the availability, integrity and
authenticity of email communications by protecting against the risk of
email threats.
 Email is often used to spread malware, spam and phishing attacks.
 Some of the proactive email security measures, from an end user’s
standpoint, include:
1. Strong passwords
2. Password rotations
3. Spam filters
4. Desktop-based anti-virus or anti-spam application
Email security best practices
While email is not secure by default, there are proactive best practices that
individuals and organizations can take to significantly improve email security,
including the following:

Enforce encrypted connections. All connections to and from an email

platform should occur over an SSL/TLS connection that encrypts the data as it
transits the public internet.
Encrypt email. While perhaps not an ideal option for every user at every
organization, encrypting email messages provides an additional layer of privacy
that can help to protect against unauthorized information disclosure.
Create strong passwords. For users, it is important that any passwords are
complex and not easy to guess. It's often recommended that users have
passwords with a combination of letter, numbers and symbols.
Implement 2FA or MFA. While strong passwords are helpful, they often aren't
enough. Implementing two-factor authentication (2FA) or multifactor
authentication (MFA) provides an additional layer of access control that can
help to improve email security.
Train on anti-phishing. Phishing is a common email threat. It's important to
train users to avoid risky behaviours and spot phishing attacks that get through
to their inbox.
Use domain authentication. The use of domain authentication protocols and
techniques, including Domain-based Message Authentication, Reporting and
Conformance, can help to reduce the risk of domain spoofing.
5. Safe guarding from Viruses: Antiviruses– Best practices and guidelines

 A virus is code that can damage your computer, system, and data by
copying itself.
 Malware is used as a catch-all term for malicious software such as
spyware, ransomware, trojans, adware, worms, and viruses.
 Malware is ever evolving whereas viruses have been around for a long
time and continue to stay generally the same. 

Protecting Through Anti-Virus Tools

Bitdefender – Bitdefender has enterprise security solutions for all business
sizes that helps you manage your security from endpoint, to network, to cloud
all of which can include anti-virus and anti-malware software.

Kaspersky – Kaspersky has solutions to predict, prevent, detect, and respond to

cyber threats through a number of adaptive security services.

AVG Business – AVG Business offers security tools geared to small business
security needs with software that automatically updates to keep your security up
to date always.

McAfee – McAfee offers security solutions designed around your business

outcomes – transformation, risk management, or automation and efficacy. All of
these solutions come with protection against viruses and malware.

Norton – Norton Small Business provides a single solution security service to

protect all your devices according to your specific security needs, including
malware protection and anti-virus software implementation.

Keep your device secure

Make sure to download recommended updates from your device's manufacturer

or operating system provider, especially for important software such as your
internet browser. Antivirus software, antispyware software, and firewalls are
also important tools to thwart attacks on your device.

Keep up-to-date

Update your system, browser, and important apps regularly, taking advantage of
automatic updating when it's available. These updates can eliminate software
flaws that allow hackers to view your activity or steal information. Windows
Update is a service offered by Microsoft. It will download and install software
updates to the Microsoft Windows Operating System, Internet Explorer,
Outlook Express, and will also deliver security updates to you.

Antivirus software

Antivirus software protects your device from viruses that can destroy your data,
slow down or crash your device, or allow spammers to send email through your
account. Antivirus protection scans your files and your incoming email for
viruses, and then deletes anything malicious. You must keep your antivirus
software updated to cope with the latest "bugs" circulating the internet.

Antispyware software

Spyware is software installed without your knowledge or consent that can

monitor your online activities and collect personal information while you're
online. Some kinds of spyware, called keyloggers, record everything you key in
including your passwords and financial information.

Spyware protection is included in some antivirus software programs. Check

your antivirus software documentation for instructions on how to activate the
spyware protection features.

Firewalls

A firewall is a software program or piece of hardware that blocks hackers from

entering and using your computer. Hackers search the internet the way some
telemarketers automatically dial random phone numbers. They send out pings
(calls) to thousands of computers and wait for responses. Firewalls prevent your
computer from responding to these random calls.

Some operating systems have built-in firewalls that may be shipped in the "off"
mode. Be sure to turn your firewall on. To be effective, your firewall must be
set up properly and updated regularly. Check your online "Help" feature for
specific instructions.

Use strong protection

Making use of complex passwords and strong methods of authentication can

help keep your personal information secure.

Choose strong passwords

Protect your devices and accounts from intruders by choosing passwords that
are hard to guess. Use strong passwords with at least eight characters, a
combination of letters, numbers and special characters.

Choose unique passwords for each online account you use: financial institution,
social media, or email. If you have too many passwords to remember, consider
using password manager software, which can help you create strong individual
passwords and keep them secure.

Use stronger authentication

Many social media, email, and financial accounts allow the use of stronger
authentication methods. These methods can include using a fingerprint, one-
time codes sent to a mobile device, or other features that ensure a user is
supposed to have access to the account.

Protect your private information

While checking email, visiting websites, posting to social media, or shopping,

pay attention to where you click and who you give your information to.
Unscrupulous websites or data thieves can attempt to trick you into giving them
your personal data.

Be careful what you click

Phishing attacks where hackers send seemingly genuine messages to trick you
to hand over personal information are becoming more sophisticated. For
instance, you may receive an urgent message stating that your bank account has
been locked and requiring you to enter your password and Social Security
number to unlock it. Think twice before clicking on links in messages such as
this. Most genuine messages from financial institutions will not ask for personal
information directly, but will instead instruct you to call or visit a website
directly. You can also verify the email address that sent the message to ensure it
came from the expected sender.

Shop safely

When shopping online, check out the website before entering your credit card
number or other personal information. Read the privacy policy and look for
opportunities to opt out of information sharing.

Be careful what you share

Social media allows sharing of all aspects of life, but it's important to control
who has access to the information you share. Information thieves can use social
media postings to gather information and then use the information to hack into
other accounts or for identity theft.