The traffic lights are always at amber on the Internet, because there are always risks, so here are some tips for reducing your exposure to attacks from cybercriminals. Of course, I can't cover all bases in a short document for every kind of cybercrime, not to mention the more traditional crimes committed via computer systems and networks. So we plan on a series of supplementary documents on "Staying Safe on the Internet", each of which will cover just one risk area in more depth.
Staying Safe
on the Internet
David Harley BA CISSP FBCS CITP
On the Information Superhighway, the traffi c lights are always at amber.Here are some suggestions for reducing the risk from collisions and carjacks.Table of Contents
Introduction 3Avoiding Malware 3Anti-Social Networks 3Maintaining a Healthy System 4Protecting Your Passwords 4(Don't Be) Burned on a Wire 4Backups Not Crackups 4Don't Be Phish-Phingered 5Please Adjust Your Mindset 5ESET Resources 6Other Resources 6
2 Amber Alert White Paper - September 2009 Introduction Anti-Social NetworksThe traffic lights are always at amber on the Internet, because Compressed URLs that use services like tinyURL.com, bit.ly and there are always risks, so here are some tips for reducing your tr.im are convenient in tweets and texts and even in email, but exposure to attacks from cybercriminals. Of course, I can't cover they're very commonly used to disguise malicious Web sites with all bases in a short document for every kind of cybercrime, not to links to malware or to fake login screens. Treat very short URLs mention the more traditional crimes committed via computer with suspicion. While we like to think that our Web pages are systems and networks. So we plan on a series of supplementary pretty secure, we prefer to use services that allow us to force you documents on "Staying Safe on the Internet", each of which will to view a preview of the real target URL before opening it. You cover just one risk area in more depth. can set an option on TinyURL's page in your own browser that does the same thing. "Web 2.0" sites are often fun but subject to worm attacks like Koobface, spam, and denial of service attacks.Avoiding Malware Be careful not to post sensitive personal data on social network Well, you'd expect ESET to start here.... Make sure that your sites like LinkedIn, Facebook and Myspace: while such sites are security software is updated regularly and automatically, but getting better at restricting access to your profile, some of them don't assume it will protect you from everything, and don't rely have a long way to go, and you'd be surprised at what damage purely on antivirus software: multiple threats need multilayered the bad guys can do with information you wouldn't think of as protection like a full-blown security suite. (We can suggest a important. Take a birthday from one site, your home address good one!) Keeping programs patched and updated also reduces from another, and some clever guesswork, and your identity the risks from "zero-day" attacks. Be suspicious of program files could be as good as gone. and Web links from any unexpected source, and be aware that even Microsoft Office documents, PDFs, image files and so on can sometimes conceal unpleasant surprises. Watch out also for fake anti-malware packages that detect imaginary viruses and spyware and are intended purely to cheat you out of your money.
3 Amber Alert White Paper - September 2009 Maintaining a Healthy (Don't Be) Burned on a WireSystem Create a specific user profile without administrator rights for surfing from public hotspots, and avoid connecting to Web sites Keep your system and applications updated: make use of that involve the transfer of sensitive information, such as online Windows Update and similar mechanisms for automatic banking. If you must access Webmail, use HTTPS. Even your updating, where possible. And while there are plenty of home wireless network might be open to interception of your malicious sites that use drive-by browser exploits, don't forget data by "Man in the Middle" attacks. WEP encryption, as used on that a lot of current malware reaches its target via PDFs, many Wi-Fi networks, is weak and easy to crack: later protocols Microsoft Office documents and so on. So you need to keep (WPA and WPA2) are better, but you shouldn't assume that applications like Adobe Reader and Office up-to-date with they'll protect you from all kinds of attacks: wireless networks patches, as well as system updates. Don't use an administrative are intrinsically less secure. Avoid file/folder sharing and weak account for day-to-day work and play: using a profile that passwords for network shares. doesn't have administrator privileges is likely to restrict the amount of damage an attacker or malware can do if it does get access to your system Backups Not CrackupsDon't just back up to another folder or partition or ... [download for more]
