Cyber Security Guide Part- 5: Secure Yourself from Social Engineering and Phishing Attacks

Do not give sensitive information to anyone unless you are sure that they are indeed who they claim to be and that they should have access to the information.

What is a social engineering attack?

In a social engineering attack, an attacker uses human interaction (social skills) to obtain or compromise information about an organization or its computer systems. An attacker may seem unassuming and respectable, possibly claiming to be a new employee, repair person, or researcher and even offering credentials to support that identity. However, by asking questions, he or she may be able to piece together enough information to infiltrate an organization’s network. If an attacker is not able to gather enough information from one source, he or she may contact another source within the same organization and rely on the information from the first source to add to his or her credibility.

What is a phishing attack?

Phishing is a form of social engineering. Phishing attacks use email or malicious websites to solicit personal information by posing as a trustworthy organization. For example, an attacker may send email seemingly from a reputable credit card company or financial institution that requests account information, often suggesting that there is a problem. When users respond with the requested information, attackers can use it to gain access to the accounts.

Phishing attacks may also appear to come from other types of organizations, such as charities. Attackers often take advantage of current events and certain times of the year, such as

• natural disasters (e.g., Hurricane Katrina, Indonesian tsunami)
• epidemics and health scares (e.g., H1N1)
• economic concerns (e.g., IRS scams)
• major political elections
• holidays

How do you avoid being a victim?

• Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about employees or other internal information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company.
• Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person’s authority to have the information.
• Do not reveal personal or financial information in email, and do not respond to email solicitations for this information. This includes following links sent in email.
• Don’t send sensitive information over the Internet before checking a website’s security.
• Pay attention to the URL of a website. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net).
• If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a website connected to the request; instead, check previous statements for contact information. Information about known phishing attacks is also available online from groups such as the Anti-Phishing Working Group (http://www.antiphishing.org).
• Install and maintain anti-virus software, firewalls, and email filters to reduce some of this traffic .
• Take advantage of any anti-phishing features offered by your email client and web browser.

What do you do if you think you are a victim?

• If you believe you might have revealed sensitive information about your organization, report it to the appropriate people within the organization, including network administrators. They can be alert for any suspicious or unusual activity.
• If you believe your financial accounts may be compromised, contact your financial institution immediately and close any accounts that may have been compromised. Watch for any unexplainable charges to your account.
• Immediately change any passwords you might have revealed. If you used the same password for multiple resources, make sure to change it for each account, and do not use that password in the future.
• Watch for other signs of identity theft.

 

Cyber Security Guide Part 4: Shopping Safely Online

Online shopping has become a popular way to purchase items without the hassles of traffic and crowds. However, the internet has unique risks, so it is important to take steps to protect yourself when shopping online.

Why do online shoppers have to take special precautions?

The internet offers a convenience that is not available from any other shopping outlet. From the comfort of your home, you can search for items from countless vendors, compare prices with a few simple mouse clicks, and make purchases without waiting in line. However, the internet is also convenient for attackers, giving them multiple ways to access the personal and financial information of unsuspecting shoppers. Attackers who are able to obtain this information may use it for their own financial gain, either by making purchases themselves or by selling the information to someone else.

How do attackers target online shoppers?

There are three common ways that attackers can take advantage of online shoppers:

• Targeting vulnerable computers – If you do not take steps to protect your computer from viruses or other malicious code, an attacker may be able to gain access to your computer and all of the information on it. It is also important for vendors to protect their computers to prevent attackers from accessing customer databases.
• Creating fraudulent sites and email messages – Unlike traditional shopping, where you know that a store is actually the store it claims to be, attackers can create malicious websites that appear to be legitimate or email messages that appear to have been sent from a legitimate source. Charities may also be misrepresented in this way, especially after natural disasters or during holiday seasons. Attackers create these malicious sites and email messages to try to convince you to supply personal and financial information.
• Intercepting insecure transactions – If a vendor does not use encryption, an attacker may be able to intercept your information as it is being transmitted.

How can you protect yourself?

• Use and maintain anti-virus software, a firewall, and anti-spyware software – Protect yourself against viruses and Trojan horses that may steal or modify the data on your own computer and leave you vulnerable by using anti-virus software and a firewall. Make sure to keep your virus definitions up to date. Spyware or adware hidden in software programs may also give attackers access to your data, so use a legitimate anti-spyware program to scan your computer and remove any of these files.
• Keep software, particularly your web browser, up to date – Install software updates so that attackers cannot take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. If this option is available, you should enable it.
• Evaluate your software’s settings – The default settings of most software enable all available functionality. However, attackers may be able to take advantage of this functionality to access your computer. It is especially important to check the settings for software that connects to the internet (browsers, email clients, etc.). Apply the highest level of security available that still gives you the functionality you need.
• Do business with reputable vendors – Before providing any personal or financial information, make sure that you are interacting with a reputable, established vendor. Some attackers may try to trick you by creating malicious websites that appear to be legitimate, so you should verify the legitimacy before supplying any information. Attackers may obtain a site certificate for a malicious website to appear more authentic, so review the certificate information, particularly the “issued to” information. Locate and note phone numbers and physical addresses of vendors in case there is a problem with your transaction or your bill.
• Take advantage of security features – Passwords and other security features add layers of protection if used appropriately.
• Beware of emails requesting information – Attackers may attempt to gather information by sending emails requesting that you confirm purchase or account information. Legitimate businesses will not solicit this type of information through email. Do not provide sensitive information through email, and use caution when clicking on links in email messages.
• Check privacy policies – Before providing personal or financial information, check the website’s privacy policy. Make sure you understand how your information will be stored and used.
• Make sure your information is being encrypted – Many sites use SSL, or secure sockets layer, to encrypt information. Indications that your information will be encrypted include a URL that begins with “https:” instead of “http:” and a padlock icon. If the padlock is closed, the information is encrypted. The location of the icon varies by browser; for example, it may be to the right of the address bar or at the bottom of the window. Some attackers try to trick users by adding a fake padlock icon, so make sure that the icon is in the appropriate location for your browser.
• Use a credit card – There are laws to limit your liability for fraudulent credit card charges, and you may not have the same level of protection for your debit card. Additionally, because a debit card draws money directly from your bank account, unauthorized charges could leave you with insufficient funds to pay other bills. You can further minimize damage by using a single credit card with a low credit line for all of your online purchases.

Check your statements – Keep a record of your purchases and copies of confirmation pages, and compare them to your bank statements. If there is a discrepancy, report it immediately.

Cyber Security Guide Part- 3: How Does Antivirus Software Works

Anti-virus software can identify and block many viruses before they can infect your computer. Once you install anti-virus software, it is important to keep it up to date.

What does anti-virus software do?

Although details may vary between packages, anti-virus software scans files or your computer’s memory for certain patterns that may indicate an infection. The patterns it looks for are based on the signatures, or definitions, of known viruses. Virus authors are continually releasing new and updated viruses, so it is important that you have the latest definitions installed on your computer.

Once you have installed an anti-virus package, you should scan your entire computer periodically.

• Automatic scans – Depending what software you choose, you may be able to configure it to automatically scan specific files or directories and prompt you at set intervals to perform complete scans.
• Manual scans – It is also a good idea to manually scan files you receive from an outside source before opening them. This includes
• saving and scanning email attachments or web downloads rather than selecting the option to open them directly from the source
• scanning media, including CDs and DVDs, for viruses before opening any of the files

What happens if the software finds a virus?

Each package has its own method of response when it locates a virus, and the response may differ according to whether the software locates the virus during an automatic or a manual scan. Sometimes the software will produce a dialog box alerting you that it has found a virus and asking whether you want it to “clean” the file (to remove the virus). In other cases, the software may attempt to remove the virus without asking you first. When you select an anti-virus package, familiarize yourself with its features so you know what to expect.

Which software should you use?

There are many vendors who produce anti-virus software, and deciding which one to choose can be confusing. All anti-virus software performs the same function, so your decision may be driven by recommendations, particular features, availability, or price.

Installing any anti-virus software, regardless of which package you choose, increases your level of protection. Be careful, though, of email messages claiming to include anti-virus software. These messages, supposedly from your ISP’s technical support department, contain an attachment that claims to be anti-virus software. However, the attachment itself is in fact a virus, so you could become infected by opening it.

How do you get the current virus information?

This process may differ depending what product you choose, so find out what your anti-virus software requires. Many anti-virus packages include an option to automatically receive updated virus definitions. Because new information is added frequently, it is a good idea to take advantage of this option. Resist believing email chain letters that claim that a well-known anti-virus vendor has recently detected the “worst virus in history” that will destroy your computer’s hard drive. These emails are usually hoaxes. You can confirm virus information through your anti-virus vendor or through resources offered by other anti-virus vendors.

While installing anti-virus software is one of the easiest and most effective ways to protect your computer, it has its limitations. Because it relies on signatures, anti-virus software can only detect viruses that have signatures installed on your computer, so it is important to keep these signatures up to date. You will still be susceptible to viruses that circulate before the anti-virus vendors add their signatures, so continue to take other safety precautions as well.

Cyber Security Guide Part 2: Know about Firewall

When anyone or anything can access your computer at any time, your computer is more susceptible to being attacked. You can restrict outside access to your computer and the information on it with a firewall.

What do firewalls do?

Firewalls provide protection against outside attackers by shielding your computer or network from malicious or unnecessary Internet traffic. Firewalls can be configured to block data from certain locations while allowing the relevant and necessary data through. They are especially important for users who rely on “always on” connections such as cable or DSL modems.

What type of firewall is best?

Firewalls are offered in two forms: hardware (external) and software (internal). While both have their advantages and disadvantages, the decision to use a firewall is far more important than deciding which type you use.

• Hardware – Typically called network firewalls, these external devices are positioned between your computer or network and your cable or DSL modem. Many vendors and some Internet service providers (ISPs) offer devices called “routers” that also include firewall features. Hardware-based firewalls are particularly useful for protecting multiple computers but also offer a high degree of protection for a single computer. If you only have one computer behind the firewall, or if you are certain that all of the other computers on the network are up to date on patches and are free from viruses, worms, or other malicious code, you may not need the extra protection of a software firewall. Hardware-based firewalls have the advantage of being separate devices running their own operating systems, so they provide an additional line of defense against attacks.

 

• Software – Some operating systems include a built-in firewall; if yours does, consider enabling it to add another layer of protection even if you have an external firewall. If you don’t have a built-in firewall, you can obtain a software firewall for relatively little or no cost from your local computer store, software vendors, or ISP. Because of the risks associated with downloading software from the Internet onto an unprotected computer, it is best to install the firewall from a CD or DVD. If you do download software from the Internet, make sure it is a reputable, secure website. Although relying on a software firewall alone does provide some protection, realize that having the firewall on the same computer as the information you’re trying to protect may hinder the firewall’s ability to catch malicious traffic before it enters your system.

How do you know what configuration settings to apply?

Most commercially available firewall products, both hardware- and software-based, come configured in a manner that is acceptably secure for most users. Since each firewall is different, you’ll need to read and understand the documentation that comes with it to determine whether or not the default settings on your firewall are sufficient for your needs. Additional assistance may be available from your firewall vendor or your ISP (either from tech support or a website).

Unfortunately, while properly configured firewalls may be effective at blocking some attacks, don’t be lulled into a false sense of security. Although they do offer a certain amount of protection, firewalls do not guarantee that your computer will not be attacked. In particular, a firewall offers little to no protection against viruses that work by having you run the infected program on your computer, as many email-borne viruses do. However, using a firewall in conjunction with other protective measures (such as anti-virus software and “safe” computing practices) will strengthen your resistance to attacks

Cyber Security Guide Part- 1: How to Choose a Strong Password

Passwords are a common form of authentication and are often the only barrier between a user and your personal information. There are several programs attackers can use to help guess or “crack” passwords, but by choosing good passwords and keeping them confidential, you can make it more difficult for an unauthorized person to access your information.

Why do you need a password?

Think about the number of personal identification numbers (PINs), passwords, or pass phrases you use every day: getting money from the ATM or using your debit card in a store, logging on to your computer or email, signing in to an online bank account or shopping cart. The list seems to just keep getting longer. Keeping track of all of the number, letter, and word combinations may be frustrating at times, and maybe you’ve wondered if all of the fuss is worth it. After all, what attacker cares about your personal email account, right? Or why would someone bother with your practically empty bank account when there are others with much more money? Often, an attack is not specifically about your account but about using the access to your information to launch a larger attack. And while having someone gain access to your personal email might not seem like much more than an inconvenience and threat to your privacy, think of the implications of an attacker gaining access to your social security number or your medical records.

Passwords are the most common means of authentication, but if you don’t choose good passwords or keep them confidential, they’re almost as ineffective as not having any password at all. Many systems and services have been successfully broken into due to the use of insecure and inadequate passwords, and some viruses and worms have exploited systems by guessing weak passwords.

How do you choose a good password?

Most people use passwords that are based on personal information and are easy to remember. However, that also makes it easier for an attacker to guess or “crack” them. Consider a four-digit PIN number. Is yours a combination of the month, day, or year of your birthday?  Or your address or phone number? Think about how easily it is to find this information out about somebody. What about your email password—is it a word that can be found in the dictionary? If so, it may be susceptible to “dictionary” attacks, which attempt to guess passwords based on words in the dictionary.

Although intentionally misspelling a word (“daytt” instead of “date”) may offer some protection against dictionary attacks, an even better method is to rely on a series of words and use memory techniques, or mnemonics, to help you remember how to decode it. For example, instead of the password “hoops,” use “IlTpbb” for “[I] [l]ike [T]o [p]lay [b]asket[b]all.” Using both lowercase and capital letters adds another layer of obscurity. Your best defense, though, is to use a combination of numbers, special characters, and both lowercase and capital letters. Change the same example we used above to “Il!2pBb.” and see how much more complicated it has become just by adding numbers and special characters.

Longer passwords are more secure than shorter ones because there are more characters to guess, so consider using pass phrases when you can. For example, “This passwd is 4 my email!” would be a strong password because it has many characters and includes lowercase and capital letters, numbers, and special characters. You may need to try different variations of a passphrase—many applications limit the length of passwords, and some do not accept spaces. Avoid common phrases, famous quotations, and song lyrics.

Don’t assume that now that you’ve developed a strong password you should use it for every system or program you log into. If an attacker does guess it, he would have access to all of your accounts. You should use these techniques to develop unique passwords for each of your accounts.

Here is a review of tactics to use when choosing a password:

• Don’t use passwords that are based on personal information that can be easily accessed or guessed.
• Don’t use words that can be found in any dictionary of any language.
• Develop a mnemonic for remembering complex passwords.
• Use both lowercase and capital letters.
• Use a combination of letters, numbers, and special characters.
• Use passphrases when you can.
• Use different passwords on different systems.

How can you protect your password?

Now that you’ve chosen a password that’s difficult to guess, you have to make sure not to leave it someplace for people to find. Writing it down and leaving it in your desk, next to your computer, or, worse, taped to your computer, is just making it easy for someone who has physical access to your office. Don’t tell anyone your passwords, and watch for attackers trying to trick you through phone calls or email messages requesting that you reveal your passwords .

How to convert word & excel files to PDF efficiently , Also use OCR technology to produce texts from scanned documents.

Many times you want to convert a word or excel file to PDF for email attachment purposes and found that it has crosses the limit of attachments . Many Microsoft exchange servers uses inside office allow you to attach a 15-20 mb file at once. So how to convert a PDF in smaller size here is some of guidelines regarding this:

1. In Office 2007 & 2010 there is a option in file menu that is save as pdf , if this is not coming in your file then download this from here: http://www.microsoft.com/download/en/details.aspx?id=9943 and install.

2. Now click on save as tab

now check pdf option, and also check minimum size(publishing online) option, you can also done various things in option tab e.g. page selection and other things. see these snap shot:

Now if you check the size of your approx 200 page word file then after converting pdf it comes out only 1-2 mb only(size depends on picture and graphics inside the file).

3. If you dont have office 2007 or 2010 then you can use various option to create pdf, One option is that install PDF printer from internet. There are many software available on internet e.g. cutepdf, primo pdf, doPdf, Foxit PDF creator etc. dopdf is free and very simple pdf printer.

After installing go to your desired file and press ctrl+p and select dopdf and select paper size as A4 (most common) you can adjust the output file resolution to adjust your output file size requirement. The default settings are either 200 or 300 dpi, if you decrease this the output file size will become small but the quality of output file will also degrade. So choose wisely .See the snapshots below:

You can also print from webpage directly using pdf printers no any printer in actual required. When you got the availability of printer at office or market you can print via pen drive. This is very useful for many online forms requirement for recruitment or for bill invoice printing.

4. You can also merge various pdf files using “simple pdf merger” this is a very small and lightweight software serve the purpose efficiently .

5. Many times when you want to edit the pdf file you are faced total inability to edit the pdf file . It is possible using Foxit PDF editor or Adobe acrobat professional, but these are paid versions . If you want in free you can install open office it is totally free , open any new file and in open dialogue choose the pdf file  manually and open for editing after you save your changes saved into that file. using linux you can also edit a pdf file freely.

6. You may have known about OCR technology it is a Optical Character Recognition technique by which you can not only make a scanned documents searchable but also cut copy paste as like normal pdf file.

For this you have to purchase either Adobe Acrobat Professional or Foxit Phantom PDF software. The document you want to scan should be clear from any spots, and you should choose scan resolution 300dpi or higher. After scanning save as PDF or directly scan into PDF. and thereafter run OCR it will recognize the texts as per software’s inbuilt library and available fonts and made the file searchable and text copying .

After running OCR save the file and copy paste into a word file as your requirement. It is so simple If you got a document that is not having its original word or excel file you have to do too much typing. But using OCR you can do it in few seconds. It is very useful isn’t it.

OPGW- A technology for high rate data and voice transmission through Etectrical Transmission Lines

OPGW- Optical Ground Wire is technology by which high data rate transmission is possible through electrical transmission lines.

OPGW is a composite wire which serves as a conventional overhead ground wire, with the added benefit of providing high capacity and reliable Fiber Optic communication to serve current and future needs. OPGW has fibres inside the tube surrounded by several metallic strands. The number, size and material of strands depend on the mechanical and electrical requirement. OPGW cable is normally at the top of the overhead line support structure.

Every transmission lines having two types of conductors one that serves to transmit the electrical power viz. phase conductors. And another one is called earth wire or ground wire that is used to protect the transmission lines from lightning  surges and also serves to protect people or animals from shock in case any insulator has failed and tower short circuited . It simply pass the current to earth.

Nowadays this earth wire is used by various transmission companies to serve  communication needs with high reliable optical fibres housed by this OPGW cable.

This cable serves both the work earth wire as well as optical fibre communication. OPGW cable looks like this:

the outer aluminium strands used to serve as earth wire and inner side there are fibres that used for communication. There are many type of OPGW cable available as per requirement and design we can ordered as per our requirement and manufacturer bulild them. No. of  Fibres are ranging  like this 6,12,24,48 & 96.

Type of Optical Fibres

There are two types of fibres used for Fibre Optic cable.

• Multimode
• Single Mode

Multimode Fibre: Multimode fibre has light traveling in the core in many rays, called modes. It is made of glass fibers, with common diameters in the 50-to-100 micrometers range for the light carry component (the most common size is 62.5).  Typical multimode fiber core diameters are 50, 62.5, and 100 micrometers. The main application for multimode fiber is for short-reach optical transmission systems such as Local Area Network (LAN) application. However, in long cable runs (greater than I km), multiple paths of light can cause signal distortion at the receiving end, resulting in an unclear and incomplete data transmission.   The attenuation parameter for multimode fiber is typically 0.8 dB/km at 1310 nm. This fiber is optimized for use in the 1300-nm band. It can also operate in the 850-nm band. This type of fibre is suitable for short distance communication.

Single Mode Fibre : Single mode fibre has a much smaller core, only about 9 microns, so that the light travels in only one ray. Single-mode fiber gives a higher transmission rate and more distance than multimode. The small core and single light-wave virtually eliminate any distortion that could result from overlapping light pulses, providing the least signal attenuation and the highest transmission speeds of any fiber cable type.  The attenuation parameter for single mode fiber is typically 0.35 dB/km at 1310 nm and 0.23 dB/km at 1550 nm. This fiber is optimized for use in the 1300-nm & 1550 nm band.  This type of fibre is used for long distance communication requirement.

These OPGW cables can be used for telecommunication purpose by telecom companies. Can be used for video conferencing , High data rate internet connection, CCTV camera surveillance, can be used for data uses e.g. SCADA.

The benefits of OPGW cable are that there is no need of Right of Way, No fear of theft because these are over live electrical wires, Layman thieves even not know about this, It is secure from accidental cutting due to some construction work. No need of digging and refiling, no any outer housing pipe (cement or iron etc.) required.

One day with the Smart Phone – How technology changed your life

I am sharing with you my one day experience with the smart phone, this is a way to express that how technology changed your lives.

I wake up in the morning with the alarm of my mobile phone with my favorite Jagjeet Singh’s Ghajal. When I turn off my alarm I get to know from reminder that today is a birthday of my 4 friends. I sms my friends and wish them birthday greetings.

Now I am ready to go to office and at the time of breakfast I got an email of my boss that today is an urgent meeting at 10:30 so be prepared with all documents. I rushed to office and prepared all the documents.

                                                                                       In the office I need to convert some of the units of engineering formula and also solve some engg. equations , but I found that in due to hurry I forgot my scientific calculator at home. Now what , I remembered that in my mobile I am having unit converter and scientific calculator apps,  I opened them and finished my calculations.

                                                                                                                                                At 10:15 am I get the news that meeting is reschedule at 12:00                                              pm at a hotel in somewhere in New Delhi. I have to reach the location, but I don’t know much about this location so I opened my mobiles Google maps and sygic navigator apps and reached the destination on time as per the route told by sygic navigator.

In the meeting there were some of Chinese                     personnel, then I use translator application of  my phone to communicate them.

At 2PM meeting was finished and I was very hungry ,       but I don’t know any restaurants in that location so use Google maps places service and found a very famous restaurant by walking distance and also found a ATM nearby. I went to ATM and withdraw some of cash then took my Lunch at restaurant ant leave for office again.

After finishing all works of office I came back my home at 7:00 PM and after refreshing I start you tube and watched my favorite serial that I have missed .

Now I have done some of call to my friends and relatives     using Skype application over the WiFi.

                                                                                              Thats how I spend my a day with my smart phone , besides these there are a lot of countless applications available those you can use as per your requirement.

Technology made your life simpler and easier  and much more productive this is an example of this.