Be aware, responsible secure!

Be aware, responsible secure!
Infocomm
Sec rity is
incomplete
without U
U
Be aw
responsare,
ible
secure!
Smack that
What you can do with these
five online security measures...
SCAMS
UPDATE
ANTI-VIRUS
PASSWORD
FIREWALL
HA
CK
ER
[2]
FASTEN UP!
FASTEN UP! is an acronym for a set of essential security
practices that can protect you when you surf the Internet.
Follow these 5 online security measures and protect
yourself from hackers and viruses that can enter your
computer to steal information or use it to attack other
computers.
Firewall
Install a personal firewall and use it correctly
Anti-virus Install anti-virus software and
update its signature regularly
Scams &
Spam
Beware of emails and websites with
great offers that sound too good to be true
T
E
N
Update
Update operating systems and
application software regularly
Password Create strong passwords and keep them safe
Remember to FASTEN UP! before you surf the Internet.
More details regarding these tips can be found at
www.gosafeonline.sg
[3]
Get burnt
ALL
FILES
DELETED!
[4]
Use A Personal
Firewall
A personal firewall is a piece of software designed to
block hackers from accessing your computer.
A firewall monitors the communications between your
computer and the network, and allows you to block
unauthorised connections to your computer.
A firewall can also block programs in your computer from
sending out information to the Internet without your
approval.
Security Tips
Install a personal firewall on your computer.
Configure your personal firewall to block other
computers on the Internet from accessing your
computer.
Configure your personal firewall to block
information in your computer from being
sent out to the Internet without your approval.
[5]
You have company
With the Internet,
you can get these...
ONLINE
SHOPPING
MP3s
EMAILS
...plus these!
HACKERS
VIRUSES
WORMS
[6]
Use An Anti-virus
Software
An anti-virus software helps to detect and remove
malicious software (e.g. virus, worm and Trojans) that can
perform harmful activities such as copying and deleting
your files without your permission.
An anti-virus software uses a virus signature file which
contains the identities of all known viruses.
A virus-infected file is detected if it matches one of the
patterns in the virus signature file.
The virus signature file has to be constantly updated in
order to detect new viruses that have been discovered.
Zero-day attacks are attacks by new viruses where their
signatures have yet to be created to detect them.
Security Tips
Install an anti-virus software on your computer.
Enable your anti-virus protection at all times.
Use the auto-update feature to update your antivirus software with the latest virus signature file.
Perform a scan of your computer after each update
of your anti-virus software.
[7]
Clickfest
K
CLIC
CLICK
CLICK
CLI
CK
CLICK
[8]
Use An Antispyware Software
Spyware is any software that is able to secretly gather
information about users or organisations without their
knowledge.
Typically, spywares will automatically install themselves when
you visit websites run by hackers or click on the “OK” button
from unsolicited pop-ups.
Make an informed decision when installing freeware or
shareware, as some of their license agreements support
auto-installation of spyware components.
An anti-spyware software helps to detect and remove spyware.
Security Tips
Install and update anti-spyware software regularly.
Enable your anti-spyware protection at all times.
Keep your anti-spyware software updated with the
latest spyware signature file.
When closing pop-ups, use the “X” button at the top
of the window instead of clicking on the “OK” or
“Cancel” buttons.
Read the license agreement or Terms & Conditions
before installing freewares or sharewares.
Do not allow the download and installation of
dynamic or interactive content (Active Contents)
from unknown websites.
[9]
Irresistible
[10]
Do Not Open
Suspicious Emails
Emails are commonly used to propagate malicious software such as viruses and trojans. Your computer can be
infected when you open infected email attachments or
visit compromised websites after clicking on links
provided in suspicious emails.
A common sign of a suspicious email is a strange or
enticing subject title such as “You have won a million
dollars”.
Unsolicited emails that proclaim to contain information
about recent major events (e.g. earth quakes, terrorist
attacks) may be used to trick you into clicking on the links
provided or opening its attachment.
Email attachments that look normal may contain viruses.
Common file types such as such as .exe, .vbs, .pif and .scr
are often used to transmit viruses.
Security Tips
Delete the email if the subject title is suspicious.
When unsure about the authenticity of the email
(content, attachments and links) always check with
the sender even when it appears to be from
someone you know.
Scan all email attachments for viruses before
opening them.
[11]
A windfall
[12]
Beware Of
Phishing
Phishing is a common form of scams on the Internet.
Phishing attacks use fake emails and “look-alike” websites to
deceive respondents into entering personal information.
This information may include financial data such as credit
card numbers, account user names and passwords.
Usually, the bogus e-mail looks as if it comes from a bank
or payment service, requesting confidential account
information for verification. Often, they may also threaten
to discontinue service if the information is not provided.
Security Tips
Do not click on links provided in suspicious e-mails
to access the website.
Do not provide personal information to request
received via email.
Look for tell-tale signs of a bogus websites:
Suspicious website address.
The address of the webpage where you submit information
does not start with “https://” and the lock symbol
is missing from the status bar.
Asking for more information than required
(e.g. credit card number, credit card security code).
Obvious spelling and grammatical errors.
[13]
Missed opportunity
[14]
Fight Spam
Spam refers to unsolicited commercial electronic messages,
often sent in bulk to a large group of recipients. Electronic
messages include both messages sent to mobile phone
numbers and emails.
Spam may try to trick you into verifying that your email
address is in use by asking you to unsubscribe from their
mailing list.
A spam control software or the spam filtering service
provided by your Internet Service Provider or email service
provider can help filter spam.
Visit www.spamcontrol.org.sg for more information
Security Tips
Be careful where you post or who you give your
email address/mobile phone number to (e.g. social
networking sites, forums, blogs).
Establish multiple email addresses for different
purposes.
Read the privacy policy that accompanies online
registration forms and surveys to check if your
contact information will be shared with others.
Use spam control software or spam filtering service
provided by your email service provider.
Unsubscribe to spam only if you are confident that
the sender is responsible and trustworthy.
Do not unsubscribe to spam with misleading title,
or which advertises illicit material such as
pornography and unapproved drugs.
[15]
Power down
[16]
Install
Software Updates
Software companies usually issue software patches
(updates) to fix problems found in their software.
Software you recently purchased may also contain
problems as the software could have been programmed
some time ago.
The automatic update feature that comes with your
software allows you to install software patches as soon as
the patches become available.
Software companies may also release information
regarding the latest patches on their websites.
Security Tips
Keep your computer software updated with the
latest software patches.
Check and install available patches when you first
install your newly purchased software.
Use the automatic update or notification feature
from the software company to keep abreast of
software patches.
[17]
Saved
[18]
Backup
Important Data
Backing up your data allows you to recover the
information if you lose your data on your computer
e.g. due to a hard disk failure or virus infection.
Store a copy of your important data in a storage device
other than your hard disk e.g. USB thumb drive, external
hard disk or CD/DVD-RW disk.
Frequently updated information should be backed up
regularly (e.g. weekly) to ensure that the latest
information is saved.
Backup software can help you to automate the backup
process.
Security Tips
Keep a backup copy of your data on a separate
media such as USB thumb drive, external hard disk
or CD/DVD-RW disk.
Backup your data regularly.
[19]
Ghost writer
[20]
Safeguard
Your Password
A password is commonly used by a computer system to verify
your identity. Someone with your password can masquerade
as you to access your personal information.
A password should be easy for you to remember but difficult
for others to guess.
The passphrase method can be used to create a strong
password. For example, the password “mla3ca7d”
is derived from the first characters of the phrase
“Mary looks after 3 cats and 7 dogs”.
Using the “log out” feature and clearing the Internet cache
after you log out, can prevent others from using your password
to access your information.
Security Tips
Use the passphrase method to create a password
that is difficult for others to guess.
Your password should comprise at least
8 alphanumeric characters with a mix of upper
and lower case letters.
Do not choose a dictionary word as your password.
Do not reveal your password to anyone.
Do not store your passwords on your computer or
write them down.
Log out and clear the Internet cache after all
transactions.
[21]
Easy money
HAC
KER
[22]
Surf Safely
As You Go Wireless
The same wireless network that provides you convenient
access to the Internet also makes your computer and
information vulnerable to people with malicious intent.
A danger of using wireless is the possibility of losing
personal and sensitive data to someone who is spying on
the wireless network.
People with malicious intent may also set up an
a rogue wireless network to the Internet.
Unsuspecting wireless users may connect to the
rogue network and send their information to these
un-trusted parties.
Security Tips
Practise the FASTEN UP! tips to secure your mobile
devices (e.g. laptops, mobile phones and PDAs)
before you surf wirelessly.
Only connect to authorised wireless networks and
disable the auto-connect feature in your wireless
setting.
Use passwords and encryption to protect your
information before sending them over the wireless
network.
[23]
Poison letter
[24]
Secure Your
Wireless Network
An unsecured wireless network may be used for malicious
activities such as hacking or stealing personal information.
The Access Point (AP) is a device which your mobile devices
and desktop computers connect to via the wireless network.
The AP can come in many forms; one of which is your wireless
router at home.
Security controls should be put in place to “lock” the AP to
minimise unauthorised access to your wireless network.
The procedures for securing your AP can be found in the
manual that comes with your AP.
Security Tips
Change the default name or Server Set ID (SSID) of
your wireless network and disable the broadcasting
of the SSID.
Change the default administrator username &
password on your AP.
Enable network encryption such as WPA/WPA2 and
use a strong password.
Allow only authorised users to access your wireless
network.
Turn off the AP when they are not in-use.
Turn off Remote Administration of your AP.
[25]
Heart-stopper
HARD
DI
ERASSK
ED!
[26]
Report Virus Infections
& Hacking Incidents
Your computer may behave abnormally when it has been
infected by malicious software.
Hard disks starting up when you are not working at
your computer and unexpected connections by your
computer to the Internet are some examples of
abnormal behaviour.
Perform a thorough check of your computer when you
suspect it has been infected.
If your computer has been hacked or infected, you should
contact SingCERT to report the incident and for further
advice on what to do.
SingCERT’s
contact details
Hotline: (65) 6211 0911
Email: [email protected]
Website: www.singcert.org.sg
Operating Hours:
Mon – Fri 8:30am – 6:00pm
[27]
FASTEN UP!
Firewall
Anti-virus Install anti-virus software and
update its signature regularly
Scams &
Spam
Beware of emails and
websites with great offers
that sound too good to be true
T
E
N
Update
HACKER
Install a personal firewall
and use it correctly
Update operating systems and
application software regularly
Password Create strong passwords
and keep them safe
F
A
S
T
E
N
U
P
BE AWARE, RESPONSIBLE
AND SECURE!
IDA shall not be liable for any inaccuracy, error or
omission in this publication or for any loss of income,
arising or resulting from the contents of this publication
or the use therefore for any purpose whatsoever.
COPYRIGHT © 2010 – Infocomm Development Authority of Singapore.
All rights reserved. Reproduction without permission is prohibited.
[28]
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement