# Getting Cyber Secure



## vineetind (May 1, 2006)

*Alert!!!Read This To Remain Safe Online*

*Getting Cyber Secure *

Here are few simple steps on how to become cyber secure :

*1. *Test and apply latest service packs/patches and hotfixes. Install the latest antivirus software on your computer and never ever turn it off; install a personal firewall and spyware checker (all are available for free on the Net). To find them just do a search on search engines like Google,Yahoo.,Info.Always keep updating your virus,spywares definations.

*2. *Don’t ever download or open attachments whose source you are not certain about. Even if the source is trusted, see if the content is relevant. If not, don't open attachment.Even non-executable  files like *.Doc files can contain macro viruses and Trojans.There are some special sort of programs called worms, which don’t need human interaction.You just open a mail or visit any website and that’s it so always stay alert. Avoid opening e-mail attachments that contain ".vbs," ".scr," ".exe," or ".pif" file extensions. Files that end in these extensions are most likely to contain some sort of virus.

*3.* Never respond to unsolicited email. To those who send spam, one response or "hit" from thousands of emails is enough to justify the practice. Additionally, it validates your email address as active, which makes it more valuable, and therefore opens the door to more spam.
An email may contain an image that is invisible to the recipient -- this is sometimes called an "invisible GIF" or "web beacon." Once the email is opened, the spammer is alerted that your address is "live."

*4. *Many of us receive chain letters that invite you to forward the message on to your friends. Sometimes it will say you will get lucky for every email or bad luck if you send to less than five people. These are hoaxes created to promote spam. Never forward these emails thinking you will receive luck for each recipient of their email.

Inserting random strings of text and characters:  To try and get through spam-control filters, spammers will insert random strings of text throughout the email to make the spam appear unique from other email. Sometimes they do this with email headers by adding spaces and characters like this: J_A_C_K_P_O_T. You can help fight this type of spam by not opening or responding to it and by reporting email abuse via the "Spam" button , “This is a Spam” or “Report Spam”button.Rediff,Yahoo etc.. offer these facilities.

*5. *Techniques used by Spammers :

The spammer today use the technique called email spoofing, It uses a fake email header  that makes an email message look like the message came from someone or somewhere other than the spammer. It's fairly easy to make an email appear that it's sent from your own address or a seemingly credible source. Spammers use spoofing to get you to open and respond to their mail. Remember, you should never respond to unsolicited email - instead, report it by clicking the "Spam" or “This is a Spam”button.Rediff,Yahoo etc.. offer these facilities 

Social engineering is another technique used by spammers  This ploy tricks users into opening the spam by pretending to know the person or trying to lure the person with a "personal" subject line. Typical subject lines include "Hey how are you?," "Urgent and   Confidential," "We need to meet," "I have money for you," or "Congrats you won a Jackpot" 
Beware of emails offering loans or credit, even if you have credit problems. Scammers take advantage of cash-strapped consumers during the holidays to offer personal loans or credit cards for a fee upfront. Avoid this trick by never responding to unsolicited email, reporting it by clicking the "Spam" button, and setting up blocked addresses.


*6**. *Check your credit card and bank statements carefully. Notify the bank immediately if there are unauthorized charges or debits, if you were charged more than you should have been, or if there are any other problems. Avoid checking mail or using credit card details online in cyber cafes. It is very unsafe. As a matter of fact, open an additional debit card with a limit if you do want to transact online . Banks such as HDFC have launched their services like Net Safe which is a very good  service offered by them to transact online. This way, in the worst case scenario your damages are limited.

*7. *Get into the habit of destroying documentation regarding credit cards, such as receipts, bills, invoices or any documents that contain personal details don’t just throw it off anywhere

*8. *Do not reveal your identity to any stranger easily.Don't disclose any kind of personal details to any  webpages which you don't trust. Do not give away your residence phone number or cellphone number. Be especially careful when you are filling in contest forms, coupons, free gift vouchers, etc. More often than not these are gimmicks  to obtain your personal details. Never trust them  when they say the data will not be given to others .

*9.* Don't  chat with strangers just for fun. Don’t ever accept any file specially executables  from a unknown person on chat .Don't click on any  links given to you by someone you don't know. . Someone has rightly said  "On the internet , you don't know if you are talking to a dog!!" 

*9.* Never enter your personal information in a pop-up screen. When you visit a Web site, an unauthorized pop-up screen created by an identity thief could appear, with blanks for you to provide your personal information. This makes it appear like the pop-up window is part of the legitimate site when, in reality, it is not. Legitimate companies don't ask for personal information via pop-up screens. Install pop-up blocking software to avoid this type of scam.

*10. *Keep your computer secure for safe shopping and other online activities. Protect your computer with spam filters, anti-virus and anti-spyware software, and a firewall, and keep them up to date. While purchasing online, Look for signs that online purchases are secure(SSL Secured Sites or 128 bit Encryption) like Ebay.co.in(Formerly known as Bazee.com). At the point that you are providing your payment information, the beginning of the Web site address should change from http to shttp or https, indicating that the information is being encrypted – turned into code that can only be read by the seller. Your browser may also signal that the information is secure with a symbol, such as a broken key that becomes whole or a padlock that closes. Keep documentation of your order. When you've completed the online order process, there may be a final confirmation page and/or you might receive confirmation by email. Print that information and keep it handy in case you need it later.


*11. *Read about information security breaches by subscribing to some newsletters from Websites related to Security issues . In the case of many  breaches, the only defense is knowledge.There has been a lot of  phishing attacks.
* What is a "phishing" scam?*

Phishing is a type of online fraud where the crackers attempt to acquire personal, financial, and/or other account information (such as user IDs, passwords, credit card numbers, PINs, etc.) from unsuspecting victims. This type of fraud is typically initiated by sending an unsolicited but official-looking email claiming to be from a reputable company, such as a bank, a credit card firm, or an online establishment. The fraudulent email usually contains an urgent message that tries to lure the recipient into providing sensitive information. 
For example few days back there was a case wherein victims got mails seemingly from legitimate banks asking  them to confirm their passwords and IDs,Their had been cases of crackers using Fake Pages (like a Fake page of Yahoo is exactly the same as the  page which is displayed on www.yahoo.com) to steal passwords and other sensitive informations.  Most phishing emails contain a link that leads to an official-looking web page which requires the recipient to log in or enter some personal information. Though the web page may contain official logos and look exactly the same as the legitimate company's web site, any information submitted via these spoofed web page(s) will be sent to the crackers Always keep in mind that while reading any mail or clicking on any link ,read the senders email address and the target website address carefully.Do not respond to any such mails and be cautious when clicking on links within a suspicious email. Below are a few signs indicative of phishing emails: 


Urgent account notifications that are not addressed to you personally but which require action on your part relating to your account(s). 
Customer notifications that contain incorrect spelling or poor grammar. 
Account/billing email notifications from credit card firms or other financial institutions that do not reference the last few digits of your account number, or that contain no specific details pertaining to your account/billing information or activity. 
Account notifications that are delivered to your Bulk Mail folder. 

*12. *Do not accept links or downloads from strangers even if it is tempting. There have cases where  spywares like Trojans, keyloggers etc. have been  hidden in simple picture files with JPG extensions. You never really know what is contained inside a file which looks attractive.Today the people use binders to club two different files and send you the mixture.Once you click on the file both file gets executed.

*13. *Use two different passwords. One for mail, work and other important access and the other  for routine proposes such as subscribing to websites etc. But remember to switch between them when you start doing transactions after mere browsing. Create  another email ID which you use exclusively for subscription to sites. That will prevent spam from coming to your main ID. 

*14. *Create a difficult-to-guess password by taking the first alphabet from each word of a phrase. What is a good password?  It is a password which is at least 6 characters
 long, not easily guessable, contains mixture of  uppercase and lowercase letters as well as numbers, and preferably contains special characters like $,  * %,!,* etc. Some example password :  &(^1234*Crack&^).  Always use alphanumeric with special characters and try to adopt phrasing technique to construct passwords which are easy to remember,hard to guess and impossible to crack.Never use a dictionary based passwords like love,fortune etc..It takes hardly 3 hrs. for a good cracker to crack the password.

*15. *Read the installation agreements carefully when you download something from the Internet. Pay attention to the Terms and Conditions or EULA of the program being installed. Reference to third party installation should be given more attention.

*16.*  Back up your computer data on a regular basis, at least weekly. Copy your important documents and files onto a floppy disk or a CD for safekeeping .Don’t wait for the disaster to happen.

*17. *Educate your children about the dangers of cyber crime. Children with their unbound curiosity and unmonitored access are the single most common victims of cyber crime apart from the enterprises. Ensure that the home PC is kept in a common place so that you can monitor what is going on. Install parental control software that helps you choose what they see on the Internet.

Stay updated on Security websites like  www.nag.co.in (National Anti-Hack Group)   and      www.igniteds.net  (Global Forum of NAG)

*BY :*

*Vineet Kumar*

*National Anti-Hack Group*

*Suggestions and feedbacks welcome at contact@nag.co.in *


----------



## anandk (May 1, 2006)

welcome vineet, ur 1st post ? 
an early riser (and poster), ar'nt you ! nice info.
nice links too ... though nag.co.in takes some time to load.


----------



## rajas700 (May 1, 2006)

Nice info ...But what i say is nothing is 100% safe....


----------



## vineetind (May 1, 2006)

rajas700 said:
			
		

> Nice info ...But what i say is nothing is 100% safe....


 
Agreed friend.But at least it will create awareness and help reducing cyber crimes in our country.


----------



## FatBeing (May 1, 2006)

Really good post. I've moved it to the Tutorials section, where it'll find a more fitting home.


----------



## vineetind (May 2, 2006)

fatbeing said:
			
		

> Really good post. I've moved it to the Tutorials section, where it'll find a more fitting home.


 
Thanks a lot friend.This will really help us to achieve our dreams to make India Cyber Secure.If digit publishes it in the magazine then it will have great impact on the ppl. since a large percentage of ppl. don't use to visit forums.


----------



## vineetind (May 5, 2006)

Hello fatbeing! Can u please make it sticky so that everyone has access to it?


----------



## vineetind (May 11, 2006)

Thanx Fatbeing for making this article sticky.


----------



## the deconstructionist (Jun 2, 2006)

Sorry to spoil the euphoria , once connected to the net you are prone to attack.Although the tutorial is good but never be under the illusion that you are cent percent safe. It is the best first post by any member.


----------



## vineetind (Jun 2, 2006)

Thanks a lot friend for your reply but the thing is people can atleast remain a little safe by following these steps.Even i feel nothing is secure in this world!This is just to create awareness.


----------



## vivek283 (Jul 13, 2006)

A very nice post Vineet. Sure is high time to make India Cyber Secure.

I would like to add that as some of you have pointed out "Nothing is Secure" and if you are using your PC for online shopping/Banking etc. then it would be good to have a control over your registry and buffer.

Any spyware would first try to tamper the registry. Hence installing something like Spybot's resident would ensure that all attempts to change the registry are first reffered to the user.

This would be annoying when you are installing something but worth the pain.

Also using a GOOD firewall like Cisco Security Agent (or even Zone Alarm) would be nice. CSA checks for buffer usuage, new files on the system trying to install something apart from normal firewall stuff.


----------

