Using the Internet Securely

Question 1

What is a URL and what does it stand for?

Answer 1

Uniform Resource Locator (URL)

URL Example: http://www.mycompany.com/folder/index.htm

URL is the standardized address of a resource, such as a website.

Question 2

What is a Protocol?

Answer 2

A protocol is an accepted standardized set of rules for communication.

Question 3

What is HTTP?

Answer 3

HyperText Transfer Protocol. It is one of the most common communication languages used in delivering web pages.

Question 4

What is a Host name?

Answer 4

A host name is a unique identifier given to a device connected to a network, allowing it to be located and accessed by other devices on the network.

Name of computer holding the content (www)

Question 5

What does ‘WWW’ stand for?

Answer 5

World Wide Web - a system of interconnected hypertext documents accessed via the internet.

Question 6

What is TLD?

Answer 6

TLD stands for top-level domain.
The first-order Internet directories, which include the original six —.com, .gov, .net, .org, .mil, and .edu— as well as the original two-letter country-specific codes, such as .us, .fr, and .es, and a plethora of more recent creations, including .info, .blog, .chat, .movie, .company, and .play.

Question 7

What is a Path to resource?

Answer 7

A path to a resource refers to the complete path or location of a specific resource within a URL. It is used to identify the specific page or file that a user wants to access within a website or web application. The path is typically listed after the domain name in a URL and includes any subdirectories, files, or parameters that are required to access the desired resource.

Question 8

URL Structure Example:

“http://www.mycompany.com/folder/index.htm”

Answer 8

Protocol: (HTTP)
Host name: (www)
Registered domain name: (mycompany.com)
TLD: (.com)
Path to resource: (/folder/index.htm)

Question 9

What does TLD stand for?

Answer 9

Top Level Domain

Question 10

HTTP VS HTTPS

Answer 10

While HTTP is the most common protocol of the World Wide Web, it’s also not secure. All communications are visible and unencrypted.
If the URL instead starts with HTTPS, it’s using encryption and is more secure. Web browsers also display a padlock icon to indicate that a page is using the HTTPS protocol.

Question 11

What does HTTP stand for?

Answer 11

HyperText Transfer Protocol

Question 12

What does HTTPs stand for?

Answer 12

HyperText Transfer Protocol Secure

Question 13

Shortened URLs

Answer 13

Shortened URLs are used frequently for legitimate purposes as well. Many of them allow you to hover your mouse over them without selecting and see a preview of the page the link is sending you to. You should still be cautious about selecting shortened URLs and check with the person who sent it to you to make sure they actually sent it and they know where it links to.

Question 14

Guidelines for Browsing the Web Safely:
Usage:

Answer 14

• Use a current / updated web browser.
• Avoid installing unnecessary add-ins, plug-ins, or toolbars in your web browser.
• Hover your mouse over a link before you select it to see the real address to where it leads, particularly if it is a shortened (Bitly-type) address.
• If you’re using a mobile device:
  * Use the link preview feature (if it exists) to see the
  actual URL before you tap.
  * Be mindful that it likely does not have malware
  protection by default.
• If you’re not sure if a link leads to where it claims, type the address in the address bar of a separate browser instance, rather than simply selecting the link.
• Bookmark websites that you commonly visit, so that you always have the correct address for those sites.

Question 15

Guidelines for Browsing the Web Safely:
Awareness:

Answer 15

• Learn to recognize suspicious URLs.
• Be vigilant that the websites you use to enter or view sensitive data use HTTPS as the protocol.
• Be mindful of the significance of the first two elements to the left of the single slash in a URL.
• Avoid selecting/tapping ads and pop-ups.

Question 16

Guidelines for Browsing the Web Safely:
Policies and Procedures:

Answer 16

• If your browser becomes infected or hijacked, seek help from your IT department.
• Always follow organizational policy when browsing the web.
• If your organization has an Internet usage policy, make sure you are familiar with it and follow it whenever you browse the web.

Question 17

Email Security

Answer 17

Many of the same rules that apply to safe web browsing also apply to safe email usage. Know the people who are sending you email messages and to whom you’re sending email messages, and decide whether or not it’s appropriate to trust them. Instead of entering sensitive information directly into the body of an insecure email message, consider sending an encrypted or password-protected attachment instead.

Question 18

Common Email Risks

Answer 18

Social engineering and malicious attachments are the two main risks.
Most common types of email - social engineering attacks:
* Fake security alerts: Your bank needs you to change your password.
* Threats of legal or official action: The government or a law firm is coming after you.
* Appeals for help: Someone you know is “stranded” in a foreign country.
* Malware removal/IT support offers: Malicious software has been “discovered” on your computer and someone wants to fix it for you.
* Free offers: Download an MP3 or win a tablet.
* Monetary/inheritance scams: Someone overseas needs your help getting their money.

Question 19

Email Attachments

Answer 19

Attachments are convenient. Practically any type of file can be an attachment, so exercise caution when opening.

Recognize impostors.
* Check the sender’s name and email address.
* Check the subject.
* Verify that message is in character for the sender.
* Call the sender to verify if uncertain.

Be careful of high-risk file types such as:
.htm .html .zip .exe .js .docm

Question 20

Common Phishing Techniques:

Answer 20

*The email is addressed to “Dear Valued Customer,” or the name is left blank.
*The sender’s name does not match their email address.
*The sender’s domain is misspelled.
*The subject line tries to draw you in.
*The tone of the message is threatening or urgent.
*There are spelling or grammar mistakes in the message.
*The signature is blank, incomplete, or doesn’t match the sender’s other signatures.
*The message instructs you to update your information, and then provides a convenient link or attachment to do so.
*The message uses the authority of a C-level officer or other manager who is too busy to speak with you directly, but wants you to do something for them.
*A friend wants you to check out a link or attachment.

Remember that legitimate email, even from a debt collector or government agency, will never include details of any case in an unsolicited email. Your IT department, bank, or online services provider will never ask for your password or account information in an email.

Question 21

Guidelines for Using Email Securely:
Usage

Answer 21

• Hover over links to see where they lead before you click them.
• Delete unsolicited emails and attachments.
• Be extra cautious with your email password. If you ever forget any other password, most systems can email it to you or send you a password-reset link. If a hacker gets into your email account, there’s little else of yours they can’t get.
• If an attachment asks for something unexpected, such as permission to install something, be especially wary.

Question 22

Guidelines for Using Email Securely:
Awareness

Answer 22

• Educate yourself about the latest scams.
• Be sure of who the senders really are. Recognize not just their names, but also their actual email addresses, their signature blocks, and the content and tone of their messages.
• Double-check that you have the correct recipients’ email addresses before sending any sensitive data.
• Never feel pressured into acting immediately because the tone is urgent, authoritative, or threatening.
• Be wary of subject lines that try to entice you or gain your confidence.
• Look for spelling mistakes in the sender’s domain, or spelling and grammar mistakes in the message body.
• Watch for unusual or atypical requests from seemingly valid sources, such as a bank or IT department asking for a password or personal information.
• Be mindful of hoaxes and impersonations. When in doubt, call back at a known valid number to verify. If something sounds too good to be true, it probably is.
• In dealing with email attachments, like the messages themselves, be confident of the source. If the attachment is unexpected or seems suspicious, delete it immediately and do not open it.

Question 23

Guidelines for Using Email Securely:
Policies and Procedures

Answer 23

• Do not allow yourself to be pressured into breaching organizational protocol.
• Follow any organizational policies on the use of email, what may be sent, and the manner in which it may be sent.

Question 24

What is Social Networking?

Answer 24

The use of dedicated websites and applications to interact with others who share similar interests.

Question 25

Common Social Networking Security Risks

Answer 25

*Hackers can create fake profiles or impersonate coworkers and long-lost classmates.
* Everything you post will basically live forever, even if you delete it immediately. You have no practical way of knowing who printed, copied, or re-shared the information
* Most social network providers require users to accept the terms of use, which often gives the providers the right to share or reuse your data.
* The combination of multiple information sources—such as computer and mobile platforms; posts, comments, and replies; and reactions to other content—might reveal more about you than you intended.
* Anything you do online can leak out to the entire world. If you’re a celebrity, politician, or some other high-profile person, the leaks are even more likely to occur.
* You often don’t know who is following you (and why).
* Social engineers are constantly looking for new victims. Even if you’re cautious of what you share, there are additional risks.

Security and sharing settings on these social networking sites may be inconsistent or confusing, so it’s possible that something you believe you’re sharing with a select group of friends is actually being shared with a larger group of acquaintances, or even with the entire world. A social networking provider you trust could be acquired by one of your competitors, at which point they effectively own all of your posted data.

Question 26

Guidelines for Using Social Networks Securely:
Usage

Answer 26

*Don’t share potentially sensitive or damaging information.
*Assume that anything you share is available to everyone, forever.
*When posting on an official organizational site, avoid revealing your credentials.

Question 27

Guidelines for Using Social Networks Securely:
Awareness

Answer 27

*Anything shared on social networking sites reflects on you and your organization.
*Be aware of how social engineers can access your account.
*Verify your connection is secure.
*Verify content prior to re-sharing.
*Pay attention to automated messages regarding fact-checking of posts. Avoid re-sharing whether or not you agree with the message.
*Avoid taking “fun” quizzes and other activities that might be aimed at gaining personal information.

Question 28

Guidelines for Using Social Networks Securely:
Policies and Procedures

Answer 28

*Carefully review the terms of use prior to accepting them.
*If your organization or industry has a policy on the personal use of social networking, be sure you know the policy and follow it.
*Review, understand, and appropriately configure privacy and security settings on any social networking sites you use.
*Re-check privacy and security settings periodically.
*Continued appropriateness for old features.
*Default settings for new features.

Question 29

Cloud Services

Answer 29

Any type of computing service provided online. Frequently, cloud services are provided by third-party companies over the Internet.

Example of Cloud Services:
AWS - Amazon Web Services
DropBox
OneDrive

Question 30

Cloud Services Risks

Answer 30

The most common security risks of using cloud services are:

• Unauthorized access by hackers and malware.
• Trustworthiness of their employees.
• Compliance by the vendor with regulatory requirements for your particular industry or locale.
• Lack of control: Outsourcing its services to third parties.
• data you deleted locally may not be deleted from the cloud provider’s equipment.
• Vendor changes through mergers, acquisitions, or the original vendor going out of business.
• Compromise or theft of credentials or data while it’s being transmitted between you and the provider.
• Cloud services spoofing, where a hacker has inserted themselves between you and your connection to the cloud provider, or where you have been duped into using a fraudulent site.
  *Personal files and work data can be mixed

Question 31

IoT (Internet of things) Device Consideration

Answer 31

*The Internet of Things (IoT) contains billions of smart devices connected to the Internet. e.g. coffee makers, automobiles, industrial systems to mass transit.
*Inherently insecure—can introduce risks into any network.
*Never connect to organizational network without IT permission.
*Configure PINs and passwords.
*If phone is used to connect to devices, secure the phone as well.
*Single point of entry into your life and data.

Question 32

What does IoT stand for and what is it?

Answer 32

The Internet of Things (IoT) describes the network of physical objects—“things”—that are embedded with sensors, software, and other technologies for the purpose of connecting and exchanging data with other devices and systems over the internet.

Question 33

Guidelines for Secure Use of Cloud Services:
Usage

Answer 33

*Put non-critical data in the cloud first.
*Maintain data backups.
*Secure IoT devices with PINs/passwords/permissions.

Question 34

Guidelines for Secure Use of Cloud Services:
Awareness

Answer 34

*Protect your credentials. Use multi-factor authentication when possible.
*Ensure the security of devices you use to connect to the cloud.
*Remember that local deletion does not guarantee deletion from the cloud.

Question 35

Guidelines for Secure Use of Cloud Services:
Policies and procedures

Answer 35

*Don’t establish or use cloud services for organizational data without consent.
*Don’t connect IoT devices to the network without IT approval and guidance.

Question 36

Scenario:
Your department manager has announced that the company will begin to use cloud storage and computing services.

What can you suggest be done to mitigate the risks associated with using cloud services?

Answer 36

You can be careful about protecting your cloud credentials and be vigilant with the devices you use to connect to cloud services. You can also limit what you store in the cloud to protect sensitive data.

Question 37

Which of the following storage media is absolutely within your company’s control to destroy?

A. A third-party offsite backup

B. Shared space on a cloud provider’s file storage service

C. Web space on a hosted server

D. A hard drive local to an onsite server

Answer 37

D

Question 38

What can you do to reduce your risk when using IoT devices?

Answer 38

*Use a PIN or password on the device.
*Change the default administrative credentials that come with the device.
*If you use your phone to remotely control or connect to the device, make sure the phone is secured.
*Be sure to consult with your IT department before introducing IoT devices into the company network.

Question 39

Secure Connection

Answer 39

*Use a VPN (Virtual Private Network)
*Perform regular vulnerability scans.
Health checks
Anti-malware
Scan all devices connected to your home network.

Question 40

What is Firmware?

Answer 40

Firmware is a type of software that is embedded into hardware devices to control their functionality. It is a combination of both software and hardware components that form the permanent storage of instructions and data used to run the device.

The main function of firmware is to control the basic operation of the hardware device, such as managing input/output operations, controlling system settings, and providing a user interface. Firmware can also provide security features, such as password protection and encryption, and can include diagnostic tools to aid in troubleshooting and maintenance.

Question 41

Remote Management

Answer 41

A form of IT control that enables staff to monitor and possibly take control of bring your own device (BYOD) and corporate computing devices.

IT can enforce policies and settings, view hardware, and perform remote wipes.

Can be used for specific apps instead of the whole device.

Question 42

Smart Home Devices Risks

Answer 42

*Unauthorized access to home network
*Voice commands and recordings
*Identity theft
*Unauthorized recordings
*Data theft

Question 43

Securing Smart Home Devices

Answer 43

*Turn off smart devices when you are not home.

*Turn off smart devices when working with sensitive information.

*Isolate smart devices on a dedicated network or guest network.

Question 44

Collaboration Platforms

Answer 44

A category of business software that combines business productivity tools with social network capabilities.

E.g. Teams, google classroom

Question 45

Guidelines for Working from Remote Locations Securely - Usage:

Answer 45

*Separate personal and professional use:
Use a private work network.
Limit devices on work network.
Keep data stored separately

*Establish and maintain secure connections:
Use a VPN.
Scan for vulnerabilities.
Require Wi-Fi passwords and secure network settings.
*Practice secure collaboration:
Strong authentication.
Limit sharing.
Blur or change video background.

Question 46

Guidelines for Working from Remote Locations Securely - Awareness:

Answer 46

Know what smart devices are connected to your networks.

Monitor what features of collaboration software are active.

Find out if your device is subject to remote management.

Question 47

Guidelines for Working from Remote Locations Securely - Polices and Procedures:

Answer 47

Follow established organizational policies for working remotely.