This document is intended to prescribe basic Countermeasures to the home computer users working with computer systems running Windows Operating System. The basic purpose of this document is to create awareness about Computer Security issues among home computer users and suggest them the tasks to be performed to secure their computer systems to protect their information assets.
Information security needs have to be addressed at all levels, from the individual user to an organization and beyond that to the government and the nation. Information Security is becoming synonymous with National Security as Computer Networking, which is vulnerable to Cyber attacks, forms the backbone of critical infrastructure of the country banking, power, communication network etc. It is, therefore, important to have secured Computer Systems and Networks. Also, increased focus on outsourcing of IT and other services from developed countries is bringing the issue of data security to the fore. Furthermore, owing to the massive Internet boom, a lot of home users with little or no prior knowledge with the threats and their countermeasures are exposed to the Internet. This, the attacker, can exploit to expand their base of malicious activity and use innocent people for their schemes. Our aim to spread the education to school children, teachers, parents, senior citizens & every Individual to equip them with the knowledge needed to mitigate the threat.
Why Home Computers?
Home computers are typically not very secure and are easy to break-in. When combined with high-speed Internet connections that are always turned on, intruders can quickly find and then attack home computers. While intruders also attack home computers connected to the Internet through dial-in connections, high-speed connections (cable modems and DSL modems) are a favorite target.There may not be important data stored on the home computers but they are targeted by the intruders for launching attack against other computer systems.
How attackers do it?
In general, attack vectors which attackers use are :
• Through E-mail
• Through Un-trusted Websites
• Through Internet Shares
In some cases, they send email with a virus. Reading that email activates the virus, creating an opening that intruders use to enter or access the computer. In other cases, they take advantage of a flaw or weakness in one of the computer program’s vulnerability – to gain access. Once they’re on the computer, they often install new programs that let them continue to use the computer – even after user plug the holes they used to get onto user’s computer in the first place. These are known as “backdoors” and are usually cleverly disguised so that they blend in with the other programs running on user’s computer.
In general, they steal the information saved by the user on his system or use the system to launch attack on other computer systems.
What is Information Security?
Information security can be explained by the help of following example. If company sells bottled water purified using the process of reverse osmosis, the process is well known, and therefore it does not make good business sense for management to protect that information. However, if that company has a revolutionary process that cuts the cost and time for water purification in half, it would make sense to secure that information. There is a limit to the value of implementing protection so user must combine his knowledge of value, threats, vulnerabilities, and risks to put together a feasible plan.
Information security involves the measures and controls that ensure confidentiality, integrity, and availability of the information processed by and stored in a computer or system.
Confidentiality: Ensures that information is accessed only by authorized personnel.
Integrity: Ensures that information is modified only by authorized personnel.
Availability: Ensures that information and systems can be accessed when needed by authorized personnel.
This practice include policies, procedures, hardware and software tools necessary to protect the computer systems and the information processed, stored, and transmitted by the systems.
When the user combines efforts to provide data confidentiality, data integrity, and data availability with physical security, then he can provide a very effective security solution.
Importance of Cyber Security
Cyber security is important for the users because they have to protect themselves against identity theft. Organizations including government also need this security to protect their trade secrets, financial information, and some sensitive or critical data. Since all sensitive information that is mostly stored on a computer that is connected to the Internet, there is a need for information assurance and security. So in order to have Cyber Security, everyone should follow the Cyber Security standards that enable us to protect various Malware threats. A poor Cyber security practice arises because of some of the following reasons. Poor administrative practices of application, poor software coding which may be vulnerable and improper usage of Cyber Security practices.
* Ethics is a set of moral principles that govern individual or a group on what is acceptable behaviour while using a computer.
* Computer ethics is set of moral principles that govern the usage of computers. One of the common issues of computer ethics is violation of copyright issues.
* Duplicating the copyrighted content without the authors approval, accessing personal information of others are some of the examples that violate ethical principles.
Ethical Rules for the Computer Users
Some of the rules that the individuals should follow while using computer are listed below:
* Do not use computer to harm other users.
* Do not use computers to steal other's information.
* Do not access files without the permission of owner.
* Do not copy copyrighted softwares without the author’s permission.
* Always respect copyright laws and policies.
* Respect the privacy of others, just as you expect the same from others.
* Do not use other user's computer resources with out their permission.
* Use Internet ethically.
* Complain about illegal communication and activities, if found, to Internet service
Providers and local law enforcement authorities.
* Users are responsible for safeguarding their User Id and passwords.
* They should not write them on paper or anywhere else for remembrance.
* Users should not intentionally use the computers to retrieve or modify the
information of others which may include password information, files etc.
§Copyright is the legal right granted to the author to exclusively modify, copy, distribute his work. Other people who want to use the author work to perform same actions have to get permission from the author.
§Copyright is given to the author according to the law, as soon as he completes his work.
Threats to the home computers
A threat, for information security, is any activity that represents possible danger to user’s information.
Intruders want the information stored by the users which are personal and sensitive, such as credit card numbers, PINs, passwords etc. By stealing this information the malicious intruders commonly referred to hackers may gain financially. The intruders also use the resources of the compromised systems for their own purposes and for attacking other computer systems connected to the Internet. Recent trends in computer security threats show that the attackers are compromising the home computers and installing malicious code such as Bots in these systems, which may then be used as Zombies to further launch large scale attacks on critical information systems. This type of attack is known as Distributed Denial of Service (DDOS).