Computer Security, Cyber Security & Online Privacy
AVLP is Industry Leader in Computer Security, Cyber Security, and Online Privacy
The Internet has transformed our lives in many good ways. Unfortunately, this vast network and its associated technologies also have brought in their wake, the increasing number of security threats. The most effective way to protect yourself from these threats and attacks is to be aware of standard cybersecurity practices. Below is an introduction to computer security and its key concepts.
What is computer security?
Computer security is the protection of computer systems and information from harm, theft, and unauthorized use. It is the process of preventing and detecting unauthorized use of your computer system.
There are various types of computer security which is widely used to protect the valuable information of an organization.
Types of Computer Security:
One way to ascertain the similarities and differences in Computer Security is by asking what is being secured. For example,
Information security is securing information from unauthorized access, modification & deletion
Application Security is securing an application by building security features to prevent Cyber Threats such as SQL injection, DoS attacks, data breaches and etc.
Computer Security means securing a standalone machine by keeping it updated and patched
Network Security is by securing both the software and hardware technologies
Cybersecurity is defined as protecting computer systems, which communicate over the computer networks
It’s important to understand the distinction between these words, though there isn’t necessarily a clear consensus on the meanings and the degree to which they overlap or are interchangeable.
Computer security can be defined as controls that are put in place to provide confidentiality, integrity, and availability for all components of computer systems. Let’s elaborate on the definition.
Components of computer system
The components of a computer system that needs to be protected are:
Hardware, the physical part of the computer, like the system memory and disk drive
Firmware, permanent software that is etched into a hardware device’s nonvolatile memory and is mostly invisible to the user
Software, the programming that offers services, like operating systems, word processors, and internet browsers to the user
Computer security threats
Computer security threats are possible dangers that can possibly hamper the normal functioning of your computer. In the present age, cyber threats are constantly increasing as the world is going digital. The most harmful types of computer security are:
Viruses
A computer virus is a malicious program which is loaded into the user’s computer without user’s knowledge. It replicates itself and infects the files and programs on the user’s PC. The ultimate goal of a virus is to ensure that the victim’s computer will never be able to operate properly or even at all.
Computer Worm
A computer worm is a software program that can copy itself from one computer to another, without human interaction. The potential risk here is that it will use up your computer hard disk space because a worm can replicate in greate volume and with great speed.
Ransomware
A Ransomware is a malware designed to deny a user or organization access to files on their computer. By encrypting these files and demanding a ransom payment for the decryption key, cyberattackers place organizations in a position where paying the ransom is the easiest and cheapest way to regain access to their files. Some variants have added additional functionality – such as data theft – to provide further incentive for ransomware victims to pay the ransom.
Ransomware has quickly become the most prominent and visible type of malware. Recent ransomware attacks have impacted hospitals’ ability to provide crucial services, crippled public services in cities, and caused significant damage to various organizations.
Man in the Middle
A man-in-the-middle (MITM) attack occurs when hackers insert themselves into a two-party transaction. After interrupting the traffic, they can filter and steal data, according to Cisco. MITM attacks often occur when a visitor uses an unsecured public Wi-Fi network. Attackers insert themselves between the visitor and the network, and then use malware to install software and use data maliciously.
Phishing
Disguising as a trustworthy person or business, phishers attempt to steal sensitive financial or personal information through fraudulent email or instant messages. Phishing in unfortunately very easy to execute. You are deluded into thinking it’s the legitimate mail and you may enter your personal information.
Botnet
A botnet is a group of computers connected to the internet, that have been compromised by a hacker using a computer virus. An individual computer is called ‘zombie computer’. The result of this threat is the victim’s computer, which is the bot will be used for malicious activities and for a larger scale attack like DDoS.
Rootkit
A rootkit is a computer program designed to provide continued privileged access to a computer while actively hiding its presence. Once a rootkit has been installed, the controller of the rootkit will be able to remotely execute files and change system configurations on the host machine.
Browser Hijack
Browser hijacking occurs when unwanted software on an internet browser alters the activity of the browser. Internet browsers serve as the "window" to the internet, and people use them to search for information and either view it or interact with it. Sometimes these will route your search, internet traffic through their servers logging your browsing activities to sell you ads to trying to steal your personal and financial information.
More nefarious individuals will use exploits (which hasn't been patched yet, via security updates) to lockdown mouse input of your browser, "giving you an illusion" of being locked out of the computer. Giving you a fake prompt and number for you to call. Do not fall for these traps.
Browser Hijack Scam
Fake Microsoft Support Scam / Browser Hijack Scam
Your mouse clicking may not work as they block your mouse.
Do not panic. Do not Call the number!
Shut Down/ Restart your computer immediately.
Use [ Alt + F4 ] keys combination to terminate/exit that frozen screen or browser. If that doesn't work hold your power button for 10 seconds (could be upto 30 seconds) to completely shutdown your PC.
AVLP can help! Give us a call @ 307 223 2230.
Scam Calls
This is often done by people from India and other South Eastern Asia region. They call you from a "spoofed" local number or from reputable company numbers (Amazon, Apple, Google, TV Provider, or Tech Support etc.). They pretend to be representative of the company and try to get you to divulge personal information that they then use to steal your identity. Sometimes they will ask you to download software on your PC or Mac giving them access to your computer, personal data, bank information and more. Beware of these scam calls! No reputable company person will ask for your social security number or other personal info. If you are unsure, hang-up and call AVLP 307-223-2230.
Spoofed Number
AVLP Computers is not affiliated with any VPN Service commercial that is played by the YouTuber and do not recommend viewers to subscribe to any services.
Spam Emails
Be Careful What You Open in Your Spam Folder! You ever gone through your spam folder and actually tried responding to some of that stuff? I did! And this video tells you what I learned. If you want a great website that will scan URL's for you, check out http://www.urlscan.io
If you want a great tool to grab people's IP addresses, check out http://www.grabify.link
Beware of these spam emails! No reputable company person will send you unsolicited spam email or ask for your social security number or other personal info. If you are unsure, delete the email and call AVLP 307-223-2230.
Password Attacks
With the right password, a cyber attacker has access to a wealth of information. Social engineering is a type of password attack that Data Insider defines as “a strategy cyber attackers use that relies heavily on human interaction and often involves tricking people into breaking standard security practices.” Other types of password attacks include accessing a password database or outright guessing.
Keylogger
Also known as a keystroke logger, keyloggers can track the real-time activity of a user on his computer. It keeps a record of all the keystrokes made by user keyboard. Keylogger is also a very powerful threat to steal people’s login credential such as username and password.
Browser Session Token attack - Session hijacking attack
The Session Hijacking attack consists of the exploitation of the web session control mechanism, which is normally managed for a session token.
Because http communication uses many different TCP connections, the web server needs a method to recognize every user’s connections. The most useful method depends on a token that the Web Server sends to the client browser after a successful client authentication. A session token is normally composed of a string of variable width and it could be used in different ways, like in the URL, in the header of the http requisition as a cookie, in other parts of the header of the http request, or yet in the body of the http requisition.
The Session Hijacking attack compromises the session token by stealing or predicting a valid session token to gain unauthorized access to the Web Server.
The session token could be compromised in different ways; the most common are:
Predictable session token;
Session Sniffing;
Client-side attacks (XSS, malicious JavaScript Codes, Trojans, etc);
Examples
Example 1
Session Sniffing
In the example, as we can see, first the attacker uses a sniffer to capture a valid token session called “Session ID”, then they use the valid token session to gain unauthorized access to the Web Server.
Figure 1. Manipulating the token session executing the session hijacking attack.
Example 2
Cross-site script attack
The attacker can compromise the session token by using malicious code or programs running at the client-side. The example shows how the attacker could use an XSS attack to steal the session token. If an attacker sends a crafted link to the victim with the malicious JavaScript, when the victim clicks on the link, the JavaScript will run and complete the instructions made by the attacker. The example in figure 3 uses an XSS attack to show the cookie value of the current session; using the same technique it’s possible to create a specific JavaScript code that will send the cookie to the attacker.
Figure 2. Code injection
For more info about Browser session hijacking attack and how to safeguard yourself and your business visit our blog page:
These are perhaps the most common security threats that you’ll come across. Apart from these, there are others like spyware, wabbits, scareware, bluesnarfing, Potentially unwanted application or applications (PUAs), and many more. Fortunately, there are ways to protect yourself against these attacks.
Why is Computer Security Important?
In this digital era, we all want to keep our computers and our personal information secure and hence computer security is important to keep our personal information protected. It is also important to maintain our computer security and its overall health by preventing viruses and malware which would impact the system performance.
Computer Security Practices
Computer security threats are becoming relentlessly inventive these days. There is much need for one to arm oneself with information and resources to safeguard against these complex and growing computer security threats and stay safe online. Some preventive steps you can take include:
Secure your computer physically by:
Installing reliable, reputable security and anti-virus software - AVLP Recommends Windows Defender for Home and Small Business users
Activating your firewall, because a firewall acts as a security guard between the internet and your local area network
Stay up-to-date on the latest software and news surrounding your devices and perform software updates as soon as they become available
Avoid clicking on email attachments unless you know the source
Change passwords regularly, using a unique combination of numbers, letters and case types
Use the internet with caution and ignore pop-ups, drive-by downloads while surfing
Taking the time to research the basic aspects of computer security and educate yourself on evolving cyber-threats
Perform daily full system scans and create a periodic system backup schedule to ensure your data is retrievable should something happen to your computer.
Apart from these, there are many ways you can protect your computer system. Aspects such as encryption and computer cleaners can assist in protecting your computers and its files.
Unfortunately, the number of cyber threats are increasing at a rapid pace and more sophisticated attacks are emerging. So, having a good foundation in cybersecurity concepts will allow you to protect your computer against ever-evolving cyber threats.
What is Cybersecurity?
Cybersecurity is the body of technologies, processes, and practices designed to protect networks, computers, programs, and data from attack, damage, or unauthorized access.
The term cybersecurity refers to techniques and practices designed to protect digital data. The data that is stored, transmitted or used on an information system. After all, that is what criminal wants, data. The network, servers, computers are just mechanisms to get to the data. Effective cybersecurity reduces the risk of cyber-attacks and protects organizations and individuals from the unauthorized exploitation of systems, networks, and technologies.
Robust cybersecurity implementation is roughly based around three key terms: people, processes, and technology. This three-pronged approach helps organizations defend themselves from both highly organized attacks and common internal threats, such as accidental breaches and human error.
The attacks evolve every day as attackers become more inventive, it is critical to properly define cybersecurity and understand cybersecurity fundamentals.
Why is cybersecurity important?
Listed below are the reasons why cybersecurity is so important in what’s become a predominantly digital world:
With each passing year, the sheer volume of threats is increasing rapidly. According to the reports, cybercrime now stands at over $400 billion, while it was $250 billion two years ago.
Cyber attacks can be extremely expensive for businesses to endure. In addition to financial damage suffered by the business, a data breach can also inflict untold reputational damage.
Cyber-attacks these days are becoming progressively destructive. Cybercriminals are using more sophisticated ways to initiate cyber attacks.
Regulations such as GDPR (European Union) are forcing organizations into taking better care of the personal data they hold.
Because of the above reasons, cybersecurity has become an important part of the business and the focus now is on developing appropriate response plans that minimize the damage in the event of a cyber attack. But, an organization or an individual can develop a proper response plan only when he has a good grip on cybersecurity fundamentals.
Now that we know what cybersecurity is and why it is important. Let’s take a look at the fundamental objectives of cybersecurity.
Cybersecurity Fundamentals – Confidentiality
Confidentiality is about preventing the disclosure of data to unauthorized parties. It also means trying to keep the identity of authorized parties involved in sharing and holding data private and anonymous. Often confidentiality is compromised by cracking poorly encrypted data, Man-in-the-middle(MITM) attacks, and disclosing sensitive data.
Standard measures to establish confidentiality include:
Data encryption
Two-factor authentication
Biometric verification
Security tokens
Integrity
Integrity refers to protecting information from being modified by unauthorized parties. It is a requirement that information and programs are changed only in a specified and authorized manner. Challenges that could endanger integrity include turning a machine into a “zombie computer”, embedding malware into web pages.
Standard measures to guarantee integrity include:
Cryptographic checksums
Using file permissions
Uninterrupted power supplies
Data backups
Availability
Availability is making sure that authorized parties are able to access the information when needed. Data only has value if the right people can access it at the right time. Information unavailability can occur due to security incidents such as DDoS attacks, hardware failures, programming errors, and human errors.
Standard measures to guarantee availability include:
Backing up data to external drives
Implementing firewalls
Having backup power supplies
Data redundancy
AVLP offers Complete, Round the Clock OT Security Solutions
What is Operational Technology (OT) Cybersecurity?
Operational technology (OT) cybersecurity references the software, hardware, practices, personnel, and services deployed to protect operational technology infrastructure, people, and data.
12 Simple Things You Can Do to Be More Secure Online
1. Make Sure You have a Functioning Antivirus and Keep It Updated - for most people it will be Windows Security (formerly known as Windows Defender)
We call this type of software antivirus, but fending off actual computer viruses is just one small part of what they do. There is an emerging threat in recent years called ransomware. Ransomware, as the name suggests, holds your data hostage as it encrypts your files and demands payment to restore them. Trojan horse programs seem like valid programs, but behind the scenes, they steal your private information. Bots turn your computer into a soldier in a zombie army, ready to engage in a denial-of-service attack, spew spam, or whatever the bot herder commands. An effective antivirus protects against these and many other kinds of malware.
Windows Defender has ransomware protection built into it, but it is not turned on out-of-the box, confusing - we know!
PC manufacturers and sale stores may not tell you that Windows has antivirus built into it! Not only is Microsoft Defender baked into the operating system, it automatically takes over protection when it detects no other antivirus, and just as automatically steps aside when you install third-party protection. The thing is, this built-in antivirus is not set up out of the box with the best protection settings leaving you vulnerable. You may think you need a third-party antivirus and may be told that the best free ones are way better than Microsoft Defender. But in reality unless you work are in a corporate or enterprise settings, all you need is optimize your system for privacy and security. Aegis Complete PC Suite takes care of that for you!
2. Explore the pre-installed software and Security Tools that came with the PC or what You Install
Many excellent apps and settings help protect your devices and your identity, but they're only valuable if you know how to use them properly. To get the maximum protective power from these tools, you must understand their features and settings. A lot of the time your PC (or Mac if not bought directly from Apple) is bundles with Potentially Unwanted Applications (PUAs), some times masquerading as "security" or "protection" software or "safe search tool"! They are actually harmful to your computer and most of the time are the cause of the issues you are experiencing with your PC.
Some bloatware are installed deliberately by sellers of the PC to make you into paying for unnecessary fees and subscription down the road. Don't be a victim of this rampant extorsion - AVLP can help! We offer services to optimize your PC by removing the crapware that manufacturers and big box retails often install in your PC. After our service, you will have a pleasant surprise to see the know fast and responsive your PC is and often times better in performance than the day you purchased new!
3. Use Unique Passwords for Every Login
One of the easiest ways hackers steal information is by getting a batch of username and password combinations from one source and trying those same combinations elsewhere. For example, let's say hackers got your username and password by hacking an email provider. They might try to log into banking sites or major online stores using the same username and password combination. The single best way to prevent one data breach from having a domino effect is to use a strong, unique password for every single online account you have. I know it can be tedious to create and remember unique credentials for each login, we suggest writing them down in a mini notebook and keep it in a safe place.
4. A word about VPN and its Use cases
Any time you connect to the Internet using a public Wi-Fi network that you don't own, you should use a virtual private network or VPN. Say you go to a coffee shop and connect to a free Wi-Fi network. You don't know anything about the security of that connection. It's possible that someone else on that network, without you knowing, could start looking through or stealing the files and data sent from your laptop or mobile device. The hotspot owner might be a crook, sniffing out secrets from all Wi-Fi connections. A VPN encrypts your internet traffic, routing it through a server owned by the VPN company. That means nobody, not even the owner of the free Wi-Fi network, can snoop on your data.
But if it's your home, office or known wifi and you are not trying to access sites that are unavailable in your region VPN can actually slow down your internet without any significant benefits! We recommend a browser level adblock and security and privacy extension instead. Call us to find out more!
Some useful use-cases for VPN
If you are using public open Wi-Fi (no password, or password is available to everyone around)
If you are using internet to access financial stuff in a public place like Starbucks, Airports, Hotels, etc.
If you'd like your location to be anonymous or a specific region to access specific services not available in your region
If you are working remotely and your and the nature of your work in confidential, classified, or sensitive
5. Use Multi-factor Authentication
Multi-factor authentication can be a pain, but it absolutely makes your accounts more secure. Multi-factor authentication means you need to pass another layer of authentication, not just a username and password, to get into your accounts. If the data or personal information in an account is sensitive or valuable, and the account offers multi-factor authentication, you should enable it. Gmail, Evernote, and Dropbox are a few examples of online services that offer multi-factor authentication.
Multi-factor authentication verifies your identity using at least two different forms of authentication: something you are, something you have, or something you know. Something you know is the password, naturally. Something you are could mean authentication using a fingerprint, or facial recognition. Something you have could be your mobile phone. You might be asked to enter a code sent via text or tap a confirmation button on a mobile app. Something you have could also be a physical Security Key; Google and Microsoft have announced a push toward this kind of authentication.
If you just use a password for authentication, anyone who learns that password owns your account. With multi-factor authentication enabled, the password alone is useless. Most password managers support multi-factor, though some only require it when they detect a connection from a new device. Enabling Multi-factor authentication for your password manager is a must.
6. Use Passcodes Even When They Are Optional
Apply a passcode lock wherever available, even if it's optional. Think of all the personal data and connections on your smartphone. Going without a passcode lock is unthinkable.
Many smartphones offer a four-digit PIN by default. Don't settle for that. Use biometric authentication when available, and set a strong passcode, not a stupid four-digit PIN. Remember, even when you use Touch ID or equivalent, you can still authenticate with the passcode, so it needs to be strong.
Modern iOS devices offer a six-digit option; ignore it. Go to Settings > Touch ID & Passcode and select Change Passcode (or Add Passcode if you don't have one). Enter your old passcode, if needed. On the screen to enter the new code, choose Custom Alphanumeric Code. Enter a strong password, then record it as a secure note in your password manager.
Different Android devices offer different paths to setting a strong passcode. Find the Screen Lock settings on your device, enter your old PIN, and choose Password (if available). As with the iOS device, add a strong password and record it as a secure note.
7. Pay With Your Smartphone
Setting up your smartphone as a payment device is typically a simple process. It usually starts with snapping a picture of the credit card that you'll use to back your app-based payments. And setup pretty much ends there; you're ready.
Point-of-sale terminals that support smartphone-based payment usually indicate the fact with an icon, from a picture of a hand holding a smartphone to a stylized representation of a radio wave. Just place your device on the terminal, authenticate with a thumbprint, and you've paid up.
How is that better than using the credit card itself? The app generates a one-use authentication code, good for the current transaction only. Even if someone filched that code, it wouldn't do them any good. And paying with a smartphone app eliminates the possibility of data theft by a credit card skimmer.
8. Use Different Email Addresses for Different Kinds of Accounts
People who are both highly organized and methodical about their security often use different email addresses for different purposes, to keep the online identities associated with them separate. If a phishing email claiming to be from your bank comes to the account you use only for social media, you know it's fake.
Consider maintaining one "burner" email address dedicated to signing up for apps that you want to try, but which might have questionable security, or which might spam you with promotional messages. After you've vetted a service or app, sign up using one of your permanent email accounts. If the dedicated account starts to get lots of spam, contact us, or close it and create a new one.
9. Get your browser security checked by an expert - AVLP can help! 307 223 2230
10. Sometimes a simple security setup together with a good browsing protection and privacy extension is all you need. - don't get fooled into paying a lot for them - We can help!
11. Don't Fall Prey to Click Bait or Phishing Scams
Part of securing your online life is being smart about what you click. Clickbait doesn't just refer to cat compilation videos and catchy headlines. It can also comprise links in email, messaging apps, and Facebook. Phishing links masquerade as secure websites, hoping to trick you into giving them your credentials. Drive-by download pages can cause malware to automatically download and infect your device.
Don't click links in emails or text messages, unless they come from a source you trust. Even then, be cautious; your trusted source might have been compromised, or the message might be fake. The same goes for links on social media sites, even in posts that seem to be from your friends. If a post seems unlike the style of your social media buddy, it could be a hack.
12. Protect Your Social Media Privacy
There’s a common saying: if you’re not paying for a service, you’re not a customer; you’re the product. Social media sites make it easy for you to share your thoughts and pictures with friends, but it’s easy to wind up sharing too much.
You can download your Facebook data to see just what the social media giant knows about you. It may be quite an eye-opener, especially if you're the kind of person who routinely clicks on quizzes that require access to your social media account. Really, you don't need to know which Disney princess or dog breed you are.
Beware, too, of hackers posing as your social media friends. A common scam starts with a private message and ends with hackers taking over your account and using it to continue the scam. If you get an odd or unexpected private message from a friend, ask about it using email or some other type of communication. Your friend may have been scammed.
You can drastically reduce the amount of data going to Facebook by disabling the sharing platform entirely. Once you do, your friends can no longer leak your personal data. You can't lose data to apps, because you can't use apps. And you can't use your Facebook credentials to log into other websites (which was always a bad idea).
Of course, other social media sites need attention too. Google probably knows more about you than Facebook, so take steps to manage your Google privacy, too. Make sure you've configured each social media site so that your posts aren't public (well, all except Twitter and other broadcast media services). Think twice before revealing too much in a post, since your friends might share it with others. With care, you can retain your privacy without losing the entertainment and connections of social media.
more resources...
Have your system been compromised recently?
Have you downloaded/installed a virus or unwanted app?
PC running slow, freezing, crashing?
Something's not right?
Try Windows Malicious Software Removal Tool you can also download Microsoft Support Emergency Response Tool
Did you like our Article on Privacy and Security ?
