M_5(A) Mitigating Risk When Connecting to the Internet

Threats and Risks on the Internet

  • Categories of risk:
    • Hackers
    • Malware (viruses, Trojan horses, worms)
    • Personal attacks (harassment, fraud, identity theft, data theft)
    • Email attacks (phishing, spam, email viruses)
  • Hackers and predators:
    • Objective: Gain access to a computer system or network to cause harm or steal data.
    • Methods:
      • Malware
      • Exploiting vulnerabilities in system and application software
      • Exploiting poorly configured and insecure networks
      • Gaining private credentials through social engineering
  • Hacker motivations:
    • White hat hackers: Ethical hackers who aim to improve security.
    • Black hat hackers: Malicious hackers with criminal intent.
    • Grey hat hackers: Hackers who sometimes violate laws but without malicious intent.
    • Cyberterrorists: Hackers with political or ideological motivations.
    • Sponsored hackers: Hackers funded by organizations or governments.
    • Hacktivists: Hackers promoting a political agenda.
    • Script kiddies: Inexperienced hackers using pre-made tools.
    • Hobbyists: Hackers who hack for fun or challenge.
  • Common motivations for hackers:
    • Personal agenda
    • Financial gain
    • Sponsored or cyberwarfare
    • Corporate espionage
    • Organizational agendas
    • Resource theft
  • Hacker attacks:
    • Motivation and technology determine the attack choice.
    • Attack method fits vulnerabilities of the targeted system.
    • Types of attack methods:
      • Password attacks (brute force, dictionary, hash injection)
      • Backdoor attack
      • Man-in-the-middle (MitM) attack
      • Denial of service (DoS) attack (ping flood, Distributed DoS attack)
  • Malware:
    • Umbrella term covering many types of harmful software.
    • Developed for the purpose of causing harm.
    • May remain dormant before activating.
    • Early forms included hoaxes and pranks.
  • Common forms of malware:
    • Viruses:
      • Malicious programs that spread by attaching to files, often requiring macros to execute.
    • Worms:
      • Self-sufficient programs that replicate themselves from one computer to another without aid.
      • Exploit operating system or system software vulnerabilities.
    • Trojans:
      • Disguised malware that appears desirable to trick users into downloading.
      • Not technically viruses.
    • Rootkits:
      • Hidden malware placed on a target computer to perform malicious activities undetected, like stealing data or keylogging.
    • Spyware:
      • Malware that collects and transmits information about user activities, such as browsing habits and personal data (PII).
    • Ransomware:
      • Malware that disables access to a computer's data until a ransom is paid.
  • Malware Types:
    • Virus:
      • Replicates: Able to self-replicate
      • Host Required: Needs a host program to propagate
      • User Intervention: Needs to be activated or executed by a user
    • Trojan Horse:
      • Replicates: Does not replicate itself
      • Host Required: Does not need a host program
      • User Intervention: User must execute program in which the Trojan horse is hidden
    • Worms:
      • Replicates: Self-replicate without user intervention
      • Host Required: Self-contained and does not need a host
      • User Intervention: Replicates and activates without requiring user intervention
  • Common malware delivery types:
    • Peer-to-peer (P2P) sharing networks
    • Network shares
    • Email
    • Web browsing
  • Protecting a network from hackers and malware:
    • Ensure software is current with all patches and service packs.
    • Install a trusted anti-malware package.

Vulnerabilities and Exploits

  • To defend systems and networks, administrators and users should know about:
    • Software vulnerabilities
    • Hardware vulnerabilities
    • Malware threats
    • Port vulnerabilities
    • End-user vulnerabilities
    • Physical security vulnerabilities
  • Personal attacks:
    • Protecting against personal attacks and data theft depends on personal browsing habits.
  • Fraud:
    • Primary trap on bad e-commerce sites.
    • Ways to spot fraudulent sites:
      • Browser alerts
      • Suspicious domain name
      • No contact information
  • Cyberstalking:
    • Harassment via repeated electronic communication.
    • Includes offensive emails, spamming, impersonation, hate sites, false dating ads, and physical tracking.
    • To prevent cyberstalking:
      • Don’t give out personal information except to known contacts.
      • Use filtering features in email and firewalls.
      • Contact the police if it becomes a serious problem.
      • Stop all communication with the harasser.
      • Block the cyberstalker from social networking sites and only add trusted friends.
  • Identity theft:
    • Occurs when a thief assumes all or some of a victim’s identity.
    • Uses personal or financial information without permission.
    • Use caution regarding to whom and why personal information is given.
    • Keep documents containing PII locked up.

Email Attacks

  • Email provides a gateway into a network through user accounts.
  • Personal methods to prevent email attacks include not:
    • Opening unsolicited emails or attachments
    • Sending personal information
    • Giving your email address to strangers
    • Replying to spam
    • Forwarding chain letters
  • Technical methods of preventing email attacks:
    • Email checkers or filters for:
      • Email tracking
      • Keyword filtering
      • Legal disclaimers
      • Email blocking
      • Message priority
      • Message archiving
  • Online risks and threats:
    • Keep applications and operating systems updated.
    • Use trusted antivirus/anti-spyware applications and keep them updated.
    • Protect portable devices from theft with passwords and data encryption.
    • Secure wireless access points and gateway devices.
    • Use properly configured firewalls, intrusion detection systems (IDS), intrusion prevention systems (IPS), and routers.
    • Encrypt data at rest and in transit.

Website Hosting

  • External web hosting:
    • Offered by web hosting providers:
      • Disk storage space
      • Available bandwidth
      • Technical support
      • Post Office Protocol version 3 (POP3) email accounts
      • Email forwarding
      • Email auto-responders
      • Email aliases
      • File Transfer Protocol (FTP) access
      • Password protection
  • Internal web hosting:
    • Web server with redundant drives and hardware to ensure uptime
    • High-speed internet connection to handle bandwidth requirements
    • Adequate disk storage to hold the site
    • Physical and logical security measures
    • IT personnel who can manage the programming, maintenance, and security of the site
    • Strong backup procedures including considerations for offsite backup storage
  • Whois (private or public)
    • When signing up for a domain, you use an authorized domain registrar.
    • Internet Corporation of Assigned Names and Numbers (ICANN) is the governing body for all domain names.
    • Keeps a record of every domain name, who owns it, and how and where it is being used.
    • Often referred to as Whois data because you can search for a domain owner and contact information from ICANN registration records
    • Registrars offer private settings to provide more protection of personal data.

Domain Name Server

  • Domain Name System (DNS):
    • Standard name resolution strategy used on networks today.
    • Works on all operating system platforms.
    • Function of DNS is to resolve host names.
    • Most internal networks and the internet use DNS naming.
    • You need to plan and design the DNS namespace to be used.
    • First, choose the top-level domain name that will be used to host the organization’s name on the internet.
    • Second, choose the second-level domain name that identifies the actual organization (google.com, for example). Referred to as parent domain name and is the domain name used on the internet.
  • Common DNS attacks:
    • DoS attacks
    • Footprinting
    • Address spoofing
    • Redirection

Best Practices for Connecting to the Internet

  • Keep all applications current.
  • Use trusted anti-malware software and keep it current.
  • Use perimeter security, including firewalls, intrusion detection systems (IDS), and intrusion prevention systems (IPS).
  • Secure backups on removable media.
  • Use secure passwords.
  • Report cybercrime to the police.
  • Protect personal information on social networking sites.
  • Use data encryption.