By Engr. Ekene Ezeasor, 08063961963, IT Consultant
The Internet is a huge part of our everyday lives. It’s fun, useful, and informative, but can also be dangerous, no matter how safe you feel while browsing. By getting into the habit of using good Internet safety practices, you can protect your information and your identity. There are various simple ways we can minimise our exposure and vulnerability to attacks.
We will be discussing some of the internet attacks and ways to protect ourselves while surfing the internet.
There are several ways we can get hacked and our sensitive information leaked. We will talk about a few of them, at least some of the most popular ones.
- Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks: A denial-of-service attack overwhelms a system’s resources so that it cannot respond to service requests. A DDoS attack is also an attack on system’s resources, but it is launched from a large number of other host machines that are infected by malicious software controlled by the attacker.
- Man-in-the-middle (MitM) attack: A MitM attack occurs when a hacker inserts itself between the communications between a client and a server.
- Phishing and spear phishing attacks: Phishing attack is the practice of sending emails that appear to be from trusted sources with the goal of gaining personal information or influencing users to do something.
- Drive-by attack: In Drive-by download attacks, hackers look for insecure websites and plant a malicious script into one of the pages that might install malware directly onto the user's computer, or re-direct the victim to a site controlled by the hackers. Drive-by downloads can happen when visiting a website or viewing an email message or a pop-up window. Unlike other types of attacks, a drive-by doesn’t require any action from the user before being infected.
- Password attack: Because passwords are the most commonly used mechanism to authenticate users to an information system, obtaining passwords is a common and effective attack approach. Access to a person’s password can be obtained by looking around the person’s desk, ‘‘sniffing’’ the connection to the network to acquire unencrypted passwords, using social engineering, gaining access to a password database or outright guessing.
- SQL injection attack: SQL injection occurs when a hacker executes a SQL query to the database via the input data from the client to server. A successful SQL injection exploit can read sensitive data from the database, modify (insert, update or delete) database data, execute administration operations (such as shutdown) on the database, recover the content of a given file, and, in some cases, issue commands to the operating system.
- Cross-site scripting (XSS) attack: XSS attacks use third-party web resources to run scripts in the victim’s web browser or scriptable application. Specifically, the attacker injects a payload with malicious JavaScript into a website’s database. When the victim requests a page from the website, the website transmits the page, with the attacker’s payload as part of the HTML body, to the victim’s browser, which executes the malicious script.
- Eavesdropping attack: Eavesdropping attacks occur through the interception of network traffic. By eavesdropping, an attacker can obtain passwords, credit card numbers and other confidential information that a user might be sending over the network.
- Malware attack: Malicious software can be described as unwanted software that is installed in your system without your consent. It can attach itself to legitimate code and propagate; it can lurk in useful applications or replicate itself across the Internet. Some of the most common types of malware are Macro viruses, File infectors, System or boot-record infectors, Polymorphic viruses, Stealth viruses, Trojans, Logic bombs, Worms, Droppers, Ransomware, Adware and Spyware.
- Use strong, unique passwords
- Use a password manager to keep passwords safe and organized
- Enable multi-factor authentication on your accounts
- Sign up for accounts on legitimate sites only
- Log out of sites when you’re done using them
- Social Media and Email Safety
- Make your profiles private
- Review what information is public on your social media profiles
- Think about whether you’ll regret posting something later
- Review posts you’re tagged in before approving them
- Never give personal information to someone you met online
- Use caution when meeting in-person with someone you met online
- Use gender-neutral pseudonyms on forums
- Don’t open emails or files from people you don’t know
- Avoid clicking on sites that look fake or scammy
- Clear your browsing history often to maintain your privacy
- Do online shopping on encrypted sites
- Use private WiFi networks, never public ones
- Use an antivirus extension on your browser
- Install a firewall to protect your home network
- Keep your computer’s software up to date
- Enable encryption software on your phone
- Set your Bluetooth to “non-discoverable”
- Download apps from verified stores only
- Download security software for extra protection
- Find the Source of the Problem and Fix It
- Perform a Cybersecurity Audit and Keep Inventory
- Perform Damage Control
- Retrain and Refocus
It is worthy to note that one cannot achieve 100% safety when using the internet. But we advise you try as much as possible to minimize the dangers and damages caused by surfing the internet. Final tips to take home are:
- Install antivirus and malware protection if at all possible, as it’s one of the most reliable ways to keep your hard drive safe.
- Get identity theft protection through your credit card company or a separate service. This can help catch some identity theft attempts by notifying you of leaked information or suspicious purchases.
- Remember to back up your data on the cloud or an external hard drive. If your device is hacked, you’ll have your information stored safely elsewhere.
- To add an extra layer of security to your phone, create a PIN or use its fingerprint or face ID options. This will make it harder to access your information if your phone gets lost or stolen.
- Never share your name, home address, nickname or other real-life information.