InfoSecurity India's First Magazine on Comprehensive IT Security
Menu Bar
InfoSecurity Dec 2009
Internet Security
Internet Security:
A Comprehensive Security Approach

As the web world has been infected with various malicious codes, the Internet security risks have been on the rise exponentially. As a general user, it often becomes tedious to have thorough knowledge on Internet security. This article addresses the various components of security in a comprehensive manner.

You do it every day, log into your computer, send e-mails, open attachments, shop online, transfer money using your bank's secure payment gateway, chat, and upload personal information on social networking and job websites. Here's a thought—what if someone was watching everything you were doing?

Just like someone who hacked into Ken Haywood's Wi-Fi connection was and sent threat mail just a few minutes before the first of many bombs went up in Ahmedabad. Given the lax security that users as well as internet service providers have cyber-criminals are always on the watch out for vulnerable people whose computers could be at risks. There's a worryingly large possibility that someone could be keeping a close watch on all your online activities. From any corner of the world, someone could get inside your computer every day, and could have access to one of the most important resources of the information age: Your Personal Data.

Personal Data can be abused to make online purchases, carry out attacks against all those on your contact list and an innumerable list of things that can harm your everyday life. Welcome to the age of hackers (these are people who try to gain access to your computer using various hacking tools and misuse your personal data) and spies lurking on the vast Internet highway.

If that got you worked up, breathe. There are many ways in which you can defend yourself against hackers—even though when it comes to security, prevention is better than cure. A host of new tools and exploits are developed every single day, so updating the knowledgebase to counter them must be a regular process.

In this article, we shall address all the components of security from a common user perspective. Some of the components which we address here are general computer security, online shopping security, password selection, wireless security and network security.

General Computer Security

The following are some of the general computer security measures that could be taken to protect your computer:

  • Install the latest Antivirus Software on all your computers and never disable them. Some of the antivirus softwares include Kaspersky, Bit Defender, Nod32, Antivir, Grisoft AVG and Quickheal. Also install a personal firewall and an anti-spyware solution. Some of the firewalls include Antivir, Grisoft AVG, Quickheal, 3Com and Sonicwall.

  • Update antivirus/anti-spyware/firewall at least every week. Carry out a complete system scan with your anti-virus at least once a week, or better, auto-schedule it to run every Friday.

  • There are a few free online antivirus scanners available at Trend-Micro, Kaspersky and F-Secure.

  • Don't download or open attachments from unknown senders. Even if the sender is trusted, ensure that the content is relevant. Even non-executable files like *.doc files can contain macro viruses and Trojans. There are some dangerous programmes called worms, which don't need human interaction. You can be infected by simply opening an e-mail or by visiting a Web site and that's it. So always stay alert. Avoid opening e-mail attachments that contain .vbs, .scr, .exe, or .pif file extensions. Files that end in these extensions are most likely to contain some sort of viruses.

  • Latest Web browsers such as Firefox, IE 8 & Opera offer innovative new security features, so it is necessary to update old browsers to their latest versions.

  • Never download any files especially executable files over P2P sharing networks (peer-to-peer), as you can never be absolutely certain as to what they really are. P2P file sharing programmes can lead to the installation of a lot of adware and spyware. Try downloading executables from authentic and well-known websites; don't download files from any random website.

  • Try not to visit warez, websites that provide cracks and serials because most of them have a lot of spyware, trojans and viruses. A single visit and you are most likely infected with hundreds of malicious programmes.

  • Be familiar with the programmes installed on your computer. If you notice that a new programme is installed without your permission, possibilities are that it might be something malicious.

  • Read the installation agreements carefully when you download something from the Internet. Pay attention to the terms and conditions or EULA (end-user license agreements) of the programme being installed. Reference to third party installation should be given more attention. Some EULA's tell you that, if you install the programme, you have to also agree to install some spyware with the software. Check the independent sources, because some EULA's do not mention about the spyware.

  • Back-up your computer on a regular basis, at least weekly. Copy your important documents and files onto a USB drive, CD or a DVD for safekeeping. Don't wait for the disaster to happen, take the precautions beforehand. Create system restore points periodically.

  • Never respond to unsolicited e-mail. To those who send spam, one response or 'hit' from thousands of e-mails is enough to justify the practice. Additionally, it validates your email address as active, which makes it more valuable, and therefore opens the door to more spam.

  • Beware of phishing attacks. Websites like AntiPhishing offer latest updates on phishing along with some good security tips.

  • Don't chat with strangers or accept any file, especially executables from an unknown person on chat. Don't click on any links given by someone you don't know.

  • Do not accept links or downloads from strangers even if it is tempting. There have been cases where spyware like trojans and key-loggers have been hidden in simple picture files with .jpg extensions. You never really know what is contained inside a file which looks attractive.

  • Be cautious while displaying your profile, especially your personal details, photographs, videos and contacts on social networking sites. Your profiles and contacts may be misused by other people.

  • Install parental-control or filtering softwares like those from websense that helps you choose what can be seen on the Internet and monitor the activities of any users.

Online Shopping Security

The following are some of the many measures that could be taken to protect your online assets while shopping online:

  • While purchasing online, look for signs that these are secure (SSL secured sites or 128 bit encryption) like ebay.in. At the point when you are providing your payment information, a golden-coloured lock appears (for SSL secured sites) on the right hand side corner of the browser or the beginning of the Web site address should change from http to https, indicating that the information is being encrypted ie turned into code that can only be read by the seller.

  • Your browser may also signal that the information is secure with a symbol, such as a broken key that becomes whole or a padlock that closes.

  • Carefully use credit-cards and online banking for online shopping. Check your credit card and bank statements at regular intervals. Notify the bank immediately if there are unauthorised charges or debits. Avoid using credit card details and online banking on public computers and in cyber cafes. It is very unsafe because most of them are infected with viruses, trojans and key loggers.

  • Some banks have launched their services like Net Safe to create temporary credit cards with a limited value to transact online. Paypal is also a secure way to do the transactions .This way, in the worst case scenario you can minimise the impact.

Selecting Passwords

Whether it is offline or online security, selecting a strong password which cannot be easily guessed by others or cracked by hackers is important. Following are some of the steps to ensure that your password is not compromised easily by others:

  • Use different passwords for different websites. Maintain separate passwords for e-mail, work and other important websites and routine web-surfing.

  • Use difficult-to-guess password by taking the first alphabet from each word of a phrase. What is a good password? It is a password which is at least 8 characters long, not easily guessable, contains mixture of uppercase and lowercase letters as well as numbers, and preferably contains special characters like $, *, %, !, * etc. Some examples of a good password are: &(^.3235*cRack&.^).

  • Always use alphanumeric passwords with special characters and try to adopt phrasing technique to construct passwords which are easy to remember, hard to guess and impossible to crack. Create a unique acronym. Never use a dictionary based password like guest, home etc. It takes little time for a good cracker to crack the password.

Wireless and Network Security

If you have a wireless network, turn on the security features: Use MAC filtering, turn off SSID broadcast, and even use WEP/WPA/WPA2 with the biggest key you can get.

Coming to the network security, intruders (also referred to as hackers, attackers, or crackers) may not care about your identity. Often they want to gain control of your computer so they can use it to launch attacks on other computer systems. Having control of your computer gives them the ability to hide their true location as and when they launch attacks, often against high-profile computer systems such as government or financial systems. Even if you have a computer connected to the Internet only to play the latest games or to send email to friends and family, your computer may be a target.

In most cases, it takes less than a few minutes for an attacker to compromise a network and professional hackers can compromise thousands of computers every hour. These computers are then used to send spam and to carry out further attacks.

Some of the steps to prevent your network from being compromised are:

  • Keep all applications, including your operating system, patched.

  • Turn off your computer or disconnect from the network when not in use.

  • Disable Java, JavaScript, and ActiveX from running by default if possible.

  • Disable scripting features in e-mail programmes.

  • Make a boot disk/CD/DVD in case your computer is damaged or compromised.

  • Ensure strong passwords across all your computers and devices.

  • Change router and firewall passwords from default.

  • Disable file and printer sharing across networks.

A Brief Conclusion

As online users, we should have an overall knowledge on the security aspects of computers and Internet usage. As there is no single silver bullet solution to various online risks and vulnerability, we should ensure that all precautionary methods are used to secure our computer and online transactions. Here prevention is better than cure is the keyword for overall security needs.

—By: R. Manoj. The author is an Assistant Editor at Fanatic Media, Bangalore. He is also an Independent Researcher, specializing in Systems Security. He has an active interest in designing security algorithms for securing mission critical systems. He can reached at infosecurity@fanaticmedia.com


Home   |   Current Issue   |   Archives   |   Subscription   |   Advertisement   |   Contacts

© 2006-07 'InfoSecurity' magazine. All rights reserved.
Website designed, developed and maintained by Fanatic Media