All of us widely use web and internet for business, communication, entertainment, online transactions, social networking and likewise. But the web and internet are prone to many threats like viruses, content hijacking (mimics of well known sites), spam, revealing private information on server…the list is endless. The purpose of this article is to make you aware of the web vulnerabilities and to make web security understandable to some extent.
Web Security involves protecting information by preventing, detecting, and responding to attacks. Ineffective web security may lead to many web threats.
Common web threats:
1. Viruses – Viruses require your intervention before they infect your system. This intervention could be downloading a file or opening an attachment which has come through email
2. Worms – Transmission of worms takes place without user activity. After infecting the victim computer the worms try to transmit to other computers too
3. Trojan horses – It is a software program which seems to be a genuine one however in the background it leads to malfunctioning of the system. Similar to viruses it can propagate to a system through internet or mail attachments.
System infected by virus or Trojan horse has symptoms as under:
– Automatic changing of desktop settings like background and wallpapers.
– Unusual windows warnings and error messages.
– Hanging of programs being used and auto rebooting of machine.
– Usage of internet bandwidth to a greater extent than usual and without user intervention.
– High CPU usage (slowing down of computer as a result)
– Ctrl + Alt + Del keys don’t respond
4. KeyLoggers – They are software or hardware and they keep a watch on user activities such as keys being typed using keyboard and mouse movements. They record keys hit on keyboard, mouse clicks and movements and the data such monitored and recorded can be used by Hackers to penetrate computer systems to gain knowledge about the system and personal data.
Even snapshots of the desktop screen can be taken within specified duration to be reproduced later for any malicious use
5. Phishing – This is a way of tempting a trusted user into giving out crucial information like their username and password for a trusted website, for instance a bank account. This is mostly done by creating a replica website identical to the original secured authorized site. Thereafter user is sent an email requesting them to log in, and providing a link to the replica (non genuine) site. When user logs in, password is stored and used to access the account by the attacker.
For example:
An email is sent by a bank server to verify the customer’s E-mail address. They state in the mail that this is done for customer protection – email verification is being done by the bank for security purposes since some data loss has occurred and re-verification being done. In the mail they also provide a link and request the customer to enter their bank Credit Card/Debit Card number and the password or the PIN no. being used for accessing the Credit or Debit account on the page that opens through that link.
Unaware users submit those details, and the data is captured by frauds and the money in their account gets transferred or stolen away
6. Spam – It is an unsolicited e-mail on the Internet. It leads to loss of productivity, loss of legitimate email messages, cost of bandwidth taken by spam etc.
Preventive and Corrective actions:
– Use Anti-virus and update it on regular basis.
– Avoid downloading any files from the Internet unless you are sure that the source is not sending out a virus to you.
– Do not plug in any external device (like pendrives) that has been used in another computer.
– Report spam to your SPAM filter.
– Avoid using insecure connections (like shared computers in cyber café) to perform crucial transactions.