General Information and Acronyms
It is essential for a computer or smartphone user to know some basic information about the technology and what some acronyms mean in order to be able to comprehend how a system works and how some issues might be caused.
What is an IP address:
The term IP address stands for "Internet Protocol" address and it refers to a unique number linked to all online activity an individual does. It is similar to the idea of a house address which is used for sending and receiving letters. An IP address is always four numbers separated by commas. You can use the <ipconfig> command in cmd to view your own IP address.
What is a Network:
A network, in computing, is a group of two or more devices that can communicate. In practice, a network is comprised of a number of different computer systems connected by physical and/or wireless connections. This allows all the machines within a network to share communication, shared storage, shared hardware control etc.
What is a Workgroup/Domain:
Computers on a network can be part of a workgroup or a domain. These two are distinguished on how the resources on the network are being managed. A common example of a workgroup is the set up on a basic home network, compared to computers on a workplace network that are usually part of a domain. The main differences on the resource management between the two are the following:
- All computers are peers; no computer has control over another computer.
- Each computer has a set of user accounts. To use any computer in the workgroup, you must have an account on that computer.
- There are typically no more than ten to twenty computers.
- All computers must be on the same local network or subnet
- One or more computers are servers. Network administrators use servers to control the security and permissions for all computers on the domain. This makes it easy to make changes because the changes are automatically made to all computers.
- If you have a user account on the domain, you can log on to any computer on the domain without needing an account on that computer.
- There can be hundreds or thousands of computers.
- The computers can be on different local networks.
What is a Port:
In networking, a port is an endpoint of communication. This means that all the physical and wireless connections are passing through the ports of hardware devices. At a software level, a port is a logical construct that identifies a specific process or a network service type. It can be considered as a door on a house(machine) that allows only a specific type of entity to pass through. On a machine there are a big number of doors(ports) that remain closed until opened for a specific type of entity to pass through.
What is a Malware:
A malware (malicious software) is a program with a set of codes(processes) that can be used against the user or their machine. Note that the processes themselves can not be considered malicious, since they are legit processes of an operating system. What makes them malicious is the reason they are running on a machine and the intentions of the person running them. For example, a knife is an everyday tool we use in the kitchen but it can be also used for a crime with the wrong intentions.
What is a Protocol:
A protocol in computing is referring to a set of rules and procedures that control data transmission between computers. Protocols are responsible for filtering the type of information and the procedures allowed that are passing through a port. A common example of protocol is HTTP/HTTPS that is used to control the processes of Web servers and browsers. The difference of HTTP and HTTPS is the use of an SSL certificate that encrypts the communication, providing an extra layer of security.
What is a Certificate:
A certificate is a unique digitally signed document that is used to identify the authenticity of a software or a website. A certificate is signed by a trusted third party CA (certificate authority) and thus verifying the authenticity of the website. A very common use of a certificate is the SSL which is used to encrypt the communications made within an internet browser.
A very good security practice is to always look for the https:// of a website before using it, especially when it come to handling sensitive information such as online payments and personal information. Keep in mind that an http website does not mean the website is compromised and an https website does not necessarily mean the website is secured, but it can minimize the chances of accessing a "bad" website.
Common Types of Attacks
Phishing/Spear Phishing Attack:
Phishing attack is the practice of sending emails that appear to be from trusted sources with the goal of gaining personal information or influencing users to do something. It combines social engineering and technical trickery. It could involve an attachment to an email that loads malware onto your computer. It could also be a link to an illegitimate website that can trick you into downloading malware or handing over your personal information. The difference between a phishing and a spear phishing attack is the approach to the victim. A phishing attack is usually a generic message(with no personal information) that have as a purpose to compromise or infect as many users as possible. On the other hand, a spear phishing attack is the act of using personalized information about one or more targeted victims and device specific messages, tailored to gain the attention and appear legit to specific people. A spear phishing attack requires some research on behalf of the attacker but it is usually more successful as it is much harder to be identified.
This attack is the most common especially to basic users, therefore every user of a machine that communicates with the internet is at risk.
To reduce the risk of being compromised, you can use the following practices:
Critical thinking — Do not accept that an email is the real deal just because you’re busy. Stop for a minute and analyze the email.
Hovering over the links — Move your mouse over the link, but do not click it! Just let your mouse cursor hover over the link and see if the pop-up link is the same . Apply critical thinking to decipher the URL.
Analyzing email headers — Email headers define how an email got to your address. The “Reply-to” and “Return-Path” parameters should lead to the same domain as is stated in the email.
A password is the most common user verification method therefore it is a valuable asset for an actor. A password attack is the act of acquiring, with any mean, the credentials of a user in order to steal information or money, or even impersonate them for personal gain. Two common methods that an attack might approach this attack (except social engineering or physical reconnaissance) are:
Bruteforce: A brute force attack is when the attacker uses guessed passwords and sequences until they find the correct one. There are software that can do this automatically.
Dictionary attack: A dictionary is when the attacker uses a database of common passphrases and words to find the correct one.
If you considered the above methods you can see a pattern on how the attack works. Since both attacks somewhat try to guess common words and passphrases, or words that might relate with the victim, a best practice emerges. When creating a password it is essential to:
- Use all three characters, symbols and numbers
- Use them with no apparent order or meaning (high entropy)
- Do not use common words, especially words and names that are related to you
A malware attack is achieved with the use of a malicious file that can be either be emailed to the user with the use of social engineering and phishing, or be downloaded by a malicious website.
Always be aware of the following things when handling external inbound files:
- The legitimacy of the sender. Do not open email attachments from unknown sources.
- Even if the sender is known it is always good to double check with the person before opening it (since attackers can impersonate people known to the victim)
- When downloading files through the internet, try to scan them using the online tool VirusTotal.
Key-logger Malware: A very common attack that affects the general public is the use of a malicious file that contains a key-logger function and it is used to steal the victim's personal information or account credentials. The concept behind a key-logger is simple, when the victim runs the malicious file on their machine they will trigger the function to be activated and then in turn, it will record every single keystroke that happens on that machine. An experienced hacker can then use that large list of characters to identify and extract any information and credentials used by user.