This guest article, not directly-related to competitive exams but yet important for everyone who uses Internet. It’s authored by same Mr.Krapesh Bhatt, who had earlier wrote about the salient features of IT Act. (click me if you did not read it)
- Introduction
- Hardening Operating System:
- Use a good paid antivirus & Firewall:
- User Accounts:
- Securing Home network (wi-fi)
- How to secure our wi-fi network?
- Say a big NO to WEP encryption:
- Change all default router settings:
- Enable MAC filtering:
- Enable logs in router:
- Email Security:
- Net banking security/ Online payments transactions:
- Use a trusted computer for Netbanking:
- Net banking:Â 2 factor authentication
- The Padlock Sign
- Transact only on reliable websites:
- About Torrentz and cracked Softwares:
- Donot waste time in online money making schemes
- Conclusion
Introduction
Hello Everyone,
After my recent article of âIT ACTâ and its feedback from readers, I am very much motivated to write another article. This time, I am to write on how to secure ourselves against hacking. Well, I know anyone would raise flag that these all techniques can be available by simple search!
Well, the search would yield a lot of results which would be quite confusing at times and also the methods shown wont suit all of users. So, I would like to share most basic and effective ways to secure against daily threats.
I am trying to make it as simple as I can, so that computer users from all types of background can harden their systems and stay protected. Â As I believe that securing ourselves online is very important.
Here are some tips to stay protected:
Hardening Operating System:
Operating System (OS) serves as a backbone to our daily computing, most of OS that exist today, that are used by end users are windows based. And among windows based products, more than 95% are pirated copies and never updated. This is the root cause of many evils that we face. Updating our OS is of prime importance.
Many of us would ask WHY? The answer is, that whenever any software is written, it is written by humans, and there are bound have errors in the code. So, the guys working at Microsoft or any other software company work seamlessly to find the software bugs (Coding errors) which one way or in other might lead to security compromises and crashes. So, it is very necessary to download program updates and stay protected. This also applies to MACINTOSH of APPLE Inc.
If in case we have a pirated copy of OS then?
If it is Microsoft based product, then you wonât be able to download any updates.
ALTERNATIVES:
- Go for open source operating systems– linux & ubuntu are the best alternatives to windows.( I personally use UBUNTU, its Excellent OS) The best advantage is that they are totally free and the updates are free too. Also, u wonât have to install any antivirus to stay protected, as these OS are less used, their virus are very less. Also, u can get antivirus and firewall for these OSâs for free, if you need, just for mental assurance. (Just google it).
- If u use original Microsoft product, then update the OS regularly- once a month. This will secure some checkpoints and make u safe to an extent.
Use a good paid antivirus & Firewall:
- Using a good antivirus and a firewall will enhance the protection of your system. Keep them updated regularly. I would suggest you to keep the auto update ON for the antivirus program, and go for any antivirus that gives total security features rather than just internet security.
- Full scan your system at regular intervals and keep the auto update ON for antivirus.
- Most of antivirus are coupled with firewall; use the firewall, as it forms a shield between your computer and internet. A firewall will help u guard against unauthorized connection by any program inside your system â this is the main characteristic of malware that logs your keystrokes, your sensitive data and send out to remote computer. I have heard some foolish computer technicians tell that firewall wonât let you surf internet. I totally denounce that. Firewall is a MUST.
User Accounts:
Most of us directly use the main Administrative account to work daily, or as in our homes, everyone uses the same administrative account. This habit has a potential threat angle. Let me explain, any program be it good, bad or ugly needs administrative privileges to function properly. If u are using an admin account and any malware has sneaked in to your system by one way or the other, then for the malware to function properly, needs to have privileged access to perform its work. So, in a way, by fully working on an admin account we are indirectly making it easy for malwares to work out their magic.
So, what to do? :- I would suggest to 1st lockdown the admin account with a password and create other non-privileged account and carry on our daily surfing and regular works on that account.
You can do it in Microsoft XP by going to Start Menu > control Panel> User Accounts.
Use the admin account to add and remove programs and other maintenance work on it. Here, I would like to add that this trick will work 100% fine if your system is regularly patched, but if u use pirated version then it might help to an extent. But it is advisable to create separate account.
Securing Home network (wi-fi)
Most of us have internet at our homes; also, we also enjoy using Wi-Fi networks within our homes. So, do we take measures to secure networks? Probably not much. This is because of our unawareness in this regard. If by reading this one thing comes to mind, that âwe are having password protection for our routerâ then does anyone know that what sort of protection is needed?
Let me tell you my experience. I keep checking the wireless networks at my vicinity viz. my home, office and at client offices. Most of wireless networks have WEP encryption enabled. WEP is the least secure or say as good as no security for wireless networks. It can be practically cracked down in a matter of minutes. Bad guys can use this technique and piggyback your network and even steal data, intercept your packets and much more to create havoc. If you do not have any data in your network, then your connection can be misused to send illegal mails (the case of ahmedabad blasts and Mumbai attacks) where the attackers cracked the weak wireless networks and sent terror mails. The law enforcement then caught the innocent person whose wireless network was cracked. Thatâs painful. So, securing wireless networks is important. This technique used by hackers is called âwardrivingâ
How to secure our wi-fi network?
Its not rocket science to secure wireless networks. I suggest some basic and effective steps:
Say a big NO to WEP encryption:
This setting can be done in the homepage of your router and use WPA or most better WPA2 encryption with a âpassphraseâ of min.12 characters of upper, lower, numeric, and special characters (donât include names and phrases of found in English dictionary, password crackers can crack your password)
Change all default router settings:
when a router is shipped to you, it has some basic settings for access, eg. Login credentials i.e user id, password. The internal IP range, SSID broadcast beacon eg. If u have an iBall product, it displays âiBall Batonâ âbelkinâ âLinksysâ ânetgearâ etc. change it to other names as u like. The internal IP range i.e 192.xxx.xx.x that is default in router must be changed, so as to make it difficult for an attacker to guess your internal IP range. Disable âremote administrationâ option in router, this can help an attacker to take control of your router remotely and hijack your router.
Enable MAC filtering:
What is MAC? For those who do not know about this term I will make it simple to understand. MAC is a unique id for your systemâs hardware. Just as you have your mobile phoneâs IMEI number, A MAC address is your hardwareâs physical address. MAC address is your computer hardware identification code. You can view it as follows go to START>RUN>type cmd> ipconfig/all and hit enter, u will see a list of numbers, among the list u will see the alpha numerical that corresponds to physical address, that is your computerâs MAC address. Filter the routerâs access list accordingly so that any devices other than those on the router list are rejected.
Enable logs in router:
logs are events that a networking device like router that keeps a track of events, the IP addresses, and destination address and various other info that can help in times of urgency; it is a step to keep track of activities on device.
Email Security:
- Like everyone has a mobile number today, this is same with email, all of us have email id as they are free and full of functionality. If in case some might use mail clients like outlook, thunderbird, etc. it is of utmost importance that these clients must be regularly updated as I discussed in previous section. The updates are supplied along with OS updates.
- Now getting to the point, the most important aspect is that always use the HTTPS:// protocol when using email eg. HTTPS://WWW.MAIL.YAHOO.COM rather than any other like HTTP://WWW.MAIL.YAHOO.COM the difference is of a small S but it makes a big difference. Â A small spelling mistake can drive you to a phishing site.
- HTTPS is an encrypted protocol between us and yahoo, the info that we send-receive canât be intercepted by other entity. This same concept applies to all the websites we surf, be it net banking, online shopping, even in some cases browsing in HTTPS mode.
- Also, as we too know that we should never ever click on any link that is mailed to us, no matter where it is from, even from our friends. The best way is to manually type the link in another window and use the link rather than clicking.
- Internet is an insecure medium, so we must think twice before we fill any online form or give away our information. If in case we get a mail claiming from our bank or any bank, we must not reply to that link. If the mail is from our bank then we should better confirm the same from our bank and then go ahead. A bank can never mail us and ask for our details and login credentials, if u get such mails then simply delete them, no matter of the urgency the mail shows us, this technique is called phishing and is one of the most successful tricks among cyber criminals.
Net banking security/ Online payments transactions:
Everyone in this age enjoys shopping online, it is really a boon to everyone who wants to save time and get best deals on consumables we need. This has also some inherent risks, but if we look onto some basic security measures, then we can shop online without any fear of being cheated.
Use a trusted computer for Netbanking:
- a trusted computer means a system for which we are 100% sure that it is free of any malware and is up-to-date in all aspects of security. Lets make it simple, this concept will be properly applicable if we have 2 computers with us (many of us have this nowadays) keep one computer just for browsing and downloading music, videos, etc. and other strictly for the use of our net banking, shopping, website management, and other that we consider important.
- Presumably, the system must be properly updated, scanned and free from malwares. Also to add, always prefer to use virtual keyboard that is given by bank site for punching user id and passwords.
Net banking:Â 2 factor authentication
nowadays banks are applying 2 factor authentications for any of transaction we wish to do via net. It is one of the most secure techniques exist today. The one time password that is sent to our registered mobile is to be punched before any transaction to process. If you are using net banking and have not opted (it is compulsory though) then, you should register your mobile number with bank.
In case you feel that you have by mistake revealed your net banking credentials, credit card/ debit card number to any one, then without delay rush to your bank and inform ASAP, the bank can initiate proper steps in the direction. Also keep eye on your bank statements for any unusual activities, if u find some then get in touch with bank and ask for details. And in case you discover that the account is compromised, immediately notify bank and if necessary, lodge a police complain, this will certainly help.
I have come across cases in which the bank employee is stealing small amounts money from customers account and it goes unnoticed as the amount is small eg. Ranging from some 1 paisa to 5 rupees this amount doesnât alarm customer and goes unnoticed. Just imagine, if such small amount is stolen from 1000 customers once in 15 days then what will be the profit margin of that thief? (This type of attack is called Salami attack) It is advisable to be alert!!!!!!!!
Always look out for HTTPS protocol when you shop online. The iconic padlock must be visible on the browser and look carefully the address that is written in the address bar; any unusual spellings or sign might be a phishing site, just close the window and leave the page.
The Padlock Sign
Also, the padlock sign must be in the address bar, not on the page. Phishers use this padlock randomly in the page to lure victims. To check the authenticity of padlock, just click on the icon, u will see the details of the SSL certificate by clicking on it. (See this screenshot to understand why Iâm saying)
It is advisable to never pass any information without HTTPS protocol channel.
Transact only on reliable websites:
Guys, itâs our hard earned money, I suggest you to do online shopping only on reliable websites that can connect us to secure payment gateways. If u want to check the details and feedback then just make a google search with âreviewâ e.g lets review. www freecharge.in then type in google as âfreecharge.in reviewsâ.
Mrunal Edit:
There is a huge site called Mouthshut.com where you can get reviews of online shopping sites and products.
About Torrentz and cracked Softwares:
- Most of us become overwhelmingly happy when we download some paid softwares for free at torrentz and consider ourselves as king of world. But STOP!!! Let me tell you the story behind it. Ok, so any software that is not free and anyone gets its hand on it and cracks it. This process is called âReverse Engineeringâ and in this trick, the cracker opens up the software and modifies the code and makes free to use.
- Now one thing that very less people think, that if someone is successful in cracking the code then the has the power to even add some of his own tricky coding that might work as a âbackdoorâ and the cracker can gain access to your system without your permission. He can then do anything with your system. Send mail using your IP address, make modification in your system, steal data/ passwords, or even delete whatever he likes.
- And yes, even your antivirus canât do anything about this… it can become a mute spectator in this scene, because you have already told your antivirus ânot to interfereâ when the antivirus has raised ALERT for probable malware.
- This also goes parallel for movies and songs that we illegally download- there are risks. In case u downloaded a movie and when you play it might give you a message âplugin missing download it now?â then most of us would proceed with this, thatâs a big mistake because the virus inside the system is trying to download itâs another remaining part and then create havoc in your system.
- So, I would advise you to please do not jump for those pirated softwares including Operating Systems, antiviruses, any sort of utility softwares.
Donot waste time in online money making schemes
(Added by Mrunal)
- In the local newspapers and during random google search, sometimes you see ads like âearn 10,000 rupees at home, by doing simple data entry.â  While it sounds very seductive, but they are scamsters, when you visit them, they sell you a âtrainingâ CD for 100-200 rupees and then give you some work, but payment is rarely  given, and they come up with impossible payout limits example âyes youâve earned $10 per day but we pay only when you cross $1000â but by the time you cross $1000, they ban your account or shut down the site! Or they stop giving you the work just when youâre about the cross the payment limit. So you cannot cross the payment threshold anyways!
- Same advice for all the other online earning techniques like âget paid to fill up the survey formâ, âget paid to upload filesâ and everything. In past, Iâve wasted enough of my time in such activities without getting a penny in my hands.
- Itâs not worth all the trouble, you can earn more and regular income by doing tuitions of class 10 and 12.
- Many of you, may have  left the job (or not doing any job after graduation) to prepare for UPSC/CAT etc. so It is natural to think that âif I can make a little side income, it can be used to fund the monthly magazines, books or coaching and Iâll be less of a burden to my parents.â
- But keep in mind that there is no easy money online. If you need money, then better find a part time job in real life.
Conclusion
These were some of basic and user friendly tips for readers, who strive hard to become our future Class-I officers. I hope that these tips can be useful to u all and please share these tips in you groups so that we can have safe cyber practices and reduce the rising rates of cyber crime, as we are advancing in a technological âroad rollerâ- we have only 2 options, (i) either ride along with it (ii) get under its wheels. Letâs create a safe, aware and healthy cyber space for ourselves and our coming future.
The comments, suggestions, compliments from all of the readers are most welcome with open heart. Readers can contact us on eMail: contact@evolutioninfosecure.in
Web: www.evolutioninfosecure.in
Twitter: @EVOLUTIONSEC
excellent article..
au contraire, i have never had any problem with pirated software.
moral of this article is more along the lines of: don’t do it if you don’t know what you are doing. which is good advice.
best regards.
nice article. just wanna add one more thing – to avoid phishing and visiting harmful website one can use WOT (web of trust) add-on/extension. WOT is available for both Firefox as well as for Chrome.
https://chrome.google.com/webstore/search/WOT?utm_source=chrome-ntp-icon
Good informative article.. kudos to mrunal and Me.Krapesh bhatt :)
Good informative article.. kudos to mrunal and Mr.Krapesh bhatt
Can someone help me to download auto notemaker for unbuntu just like the one the site has for windows users?