US-CERT Cyber Security Tip ST05-014 -- Real-World Warnings Keep You Safe Online

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                      Cyber Security Tip ST05-014
                Real-World Warnings Keep You Safe Online

   Many of the warning phrases you probably heard from your parents and
   teachers are also applicable to using computers and the internet.

Why are these warnings important?

   Like  the  real  world, technology and the internet present dangers as
   well  as  benefits.  Equipment  fails,  attackers  may target you, and
   mistakes  and  poor  judgment  happen. Just as you take precautions to
   protect  yourself  in  the real world, you need to take precautions to
   protect  yourself  online.  For many users, computers and the internet
   are unfamiliar and intimidating, so it is appropriate to approach them
   the same way we urge children to approach the real world.

What are some warnings to remember?

     * Don't  trust  candy  from  strangers  -  Finding  something on the
       internet  does  not  guarantee that it is true. Anyone can publish
       information  online,  so  before  accepting a statement as fact or
       taking action, verify that the source is reliable. It is also easy
       for  attackers to "spoof" email addresses, so verify that an email
       is  legitimate  before  opening  an unexpected email attachment or
       responding  to  a  request  for  personal  information  (see Using
       Caution with Email Attachments and Avoiding Social Engineering and
       Phishing Attacks for more information).
     * If  it  sounds  too  good  to  be  true, it probably is - You have
       probably  seen many emails promising fantastic rewards or monetary
       gifts. However, regardless of what the email claims, there are not
       any wealthy strangers desperate to send you money. Beware of grand
       promises--they  are  most likely spam, hoaxes, or phishing schemes
       (see  Reducing  Spam,  Identifying  Hoaxes  and Urban Legends, and
       Avoiding   Social   Engineering  and  Phishing  Attacks  for  more
       information).  Also  be  wary of pop-up windows and advertisements
       for  free  downloadable  software--they  may be disguising spyware
       (see Recognizing and Avoiding Spyware for more information).
     * Don't advertise that you are away from home - Some email accounts,
       especially  within  an  organization,  offer  a feature (called an
       autoresponder)  that allows you to create an "away" message if you
       are  going  to  be  away from your email for an extended period of
       time.  The  message is automatically sent to anyone who emails you
       while  the  autoresponder  is  enabled.  While  this  is a helpful
       feature  for  letting your contacts know that you will not be able
       to respond right away, be careful how you phrase your message. You
       do not want to let potential attackers know that you are not home,
       or,   worse,   give  specific  details  about  your  location  and
       itinerary.  Safer options include phrases such as "I will not have
       access  to  email  between  [date]  and [date]." If possible, also
       restrict  the  recipients  of  the  message  to people within your
       organization or in your address book. If your away message replies
       to  spam, it only confirms that your email account is active. This
       may increase the amount of spam you receive (see Reducing Spam for
       more information).
     * Lock  up  your  valuables  - If an attacker is able to access your
       personal  data,  he  or she may be able to compromise or steal the
       information.  Take  steps to protect this information by following
       good  security  practices  (see the Cyber Security Tips index page
       for  a  list  of  relevant  documents).  Some  of  the  most basic
       precautions  include  locking  your  computer  when you step away;
       using   firewalls,  anti-virus  software,  and  strong  passwords;
       installing   appropriate  patches;  and  taking  precautions  when
       browsing or using email.
     * Have  a  backup  plan  -  Since  your information could be lost or
       compromised  (due  to  an  equipment  malfunction, an error, or an
       attack),  make  regular  backups  of  your information so that you
       still  have  clean,  complete copies (see Good Security Habits for
       more  information).  Backups  also help you identify what has been
       changed  or  lost.  If  your  computer  has  been  infected, it is
       important  to  remove the infection before resuming your work (see
       Recovering  from  Viruses,  Worms,  and  Trojan  Horses  for  more
       information).  Keep  in mind that if you did not realize that your
       computer was infected, your backups may also be compromised.
     _________________________________________________________________

     Authors: Mindi McDowell, Matt Lytle
     _________________________________________________________________

     Produced 2005 by US-CERT, a government organization.

     Note: This tip was previously published and is being re-distributed 
     to increase awareness. 
  
     Terms of use
 
     <http://www.us-cert.gov/legal.html>
  
     This document can also be found at
 
     <http://www.us-cert.gov/cas/tips/ST05-014.html>
 

     For instructions on subscribing to or unsubscribing from this
     mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
     
     
     


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBSHUKR3IHljM+H4irAQK47wf/UBbdJ+npl37vm68eVSppvlN9l6mEBf7y
7fVERhm4+SZB9qEdwfIlAOv3ww0GNslAQ3f8pqNT4A3ibwrky+ba9lkw1grhYtbg
YahVBR8JNVR1JBeq9bUp9ocjv4NLF2SPxMmNVu5aG4rt9NQ0b6UXRC/zoL/hP0N6
Q7imEmwXExMnTl+Q9tnifMp6bZAr/ULHByObN8oBCXPfB2voM4BAHmwiVNkxubI3
an9iEbw4cjrCs8KJu9UVo50+QAjGF1IFjY2cWJgxToV8NCoS2R/vzOvyTL4GOeuf
o7/Mbv6XmqlZ/T85Zo2WJMNGyd1ON4IXQ1mcn+R4rmw6aavZPisHaw==
=VSqg
-----END PGP SIGNATURE-----

[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux