What is the Internet?

It is a global computer network providing a variety of information and

communication facilities, consisting of interconnected networks using
standardized communication protocols. The Internet is a global
network of billions of computers and other electronic devices.
Some Tips to Stay Safe Online:
 Be mindful on what you share online.
 Do not just accept terms and conditions, read it.
 Do not share your password with anyone.
 Do not talk to strangers whether online or face-to- face.
 Never post anything about a future vacation.
 Add friends you know in real life.
 Avoid visiting untrusted websites.
 If you have WiFi at home, make it private by adding a password.
 Install and update an antivirus software on your computer.
Some Tips to Stay Safe Online:
 Install and update an antivirus software on your computer.
- BitDefender
- ESET NOD32
- F-Secure
- Kaspersky
- Norton
- AVAST
- SMADAV
 Avoid downloading anything from untrusted websites.
 Buy the software, do not use pirated ones.
 Do not reply or click links from suspicious emails.
ONLINE SAFETY
This is the knowledge of maximizing the user's personal safety and
security risks to private information and property associated with using
the internet, and the self-protection from computer crime in general.
Common concerns regarding safety on the internet include:

• Malicious users
• Spam
• Phishing
• Cyberbullying
• Cyberstalking
• Software
• Malware
• Computer Viruses
• Various types of obscene or offensive content
• Cyberbullying

Computer Crimes

• Stalking
• Identity Theft
• Copyright Infringement

INTERNET SECURITY
Internet Security is a tree branch of computer security related to the
Internet, often involving browser security but also network security on
a more general level as it applies to other applications or operating
systems on a whole.
INTERNET ETIQUETTE
Internet Etiquette is online communication that makes everyone
comfortable. Whenever you work and communicate online, there are
some basic rules you should follow:
1. Think before you send.
If you send an email or post a message in anger, it could come back
to haunt you later. The same goes for pictures and videos you post
online. Even when something is deleted from a page, it may still be
out there waiting to be found when you least expect it.
2. Respect the time and bandwidth of others.
Don't pass along emails that contain hoaxes, or send messages to the
entire student body. The same goes for sending large videos or
attachments in an email message. It wastes everyone's time when
they have to wade through extra information to get to the important
stuff.
3. Don't send messages that could be misinterpreted as
threatening or hurtful.
Be careful about the language you use as well as the information you
pass along about others. Sending messages that could be seen as
threatening may result in disciplinary action.
4. Follow the conventions of writing when sending formal emails
or posting comments online.
Unless the message you're sending is informal (such as a text
message to a friend), you should use correct spelling, grammar, and
punctuation. You shouldn't WRITE IN ALL CAPS! (It's considered
shouting)
5. Respect other's right to privacy.
Don't use technology to pass along rumors or share personal
information about someone without their permission. The same goes
for posting names and photos of others.
ONLINE ETHICS
Online ethics refers to patterns of behavior used when on the Internet,
guided both by law and personal philosophy. Understanding legal
ramifications and trusting personal philosophy used in other areas of
life can help a person determine his or her online ethics.
INTERNET THREATS
1. Malware
2. Spam
3. Phishing
4. Botnet
5. Denial of Service Attack
MALWARE
Malware, or malicious software, is any program or file that is harmful
to a computer user. Types of malware can include computer viruses,
worms, Trojan horses and spyware. These malicious programs can
perform a variety of different functions such as stealing, encrypting or
deleting sensitive data, altering or hijacking core computing functions
and monitoring users' computer activity without their permission.
Malware authors use a variety of physical and virtual means to spread
malware that infect devices and networks. For example, malicious
programs can be delivered to a system with a USB drive or can
spread over the internet through drive-by downloads, which
automatically download malicious programs to systems without the
user's approval or knowledge.

MALWARE
Different types of malware contain unique traits and characteristics.
Types of malware include:

• A virus is the most common type of malware which can execute

itself and spread by infecting other programs or files.
• A worm can self-replicate without a host program and typically
spreads without any human interaction or directives from the
malware authors.
• A Trojan horse is designed to appear as a legitimate program in
order to gain access to a system. Once activated following
installation, Trojans can execute their malicious functions.
• Spyware is made to collect information and data on the device of
the user and observe their activity without their knowledge.
• Ransomware is designed to infect a user's system and encrypt
the data. Cybercriminals then demand a ransom payment from
the victim in exchange for decrypting the system's data.
• A rootkit is created to obtain administrator-level access to the
victim's system. Once installed, the program gives threat actors
root or privileged access to the system.
• A backdoor virus or remote access Trojan (RAT) secretly creates
a backdoor into an infected system that allows threat actors to
remotely access it without alerting the user or the system's
security programs.
• Adware is used to track a user’s browser and download history
with the intent to display pop-up or banner advertisements that
lure the user into making a purchase. For example, an advertiser
might use cookies to track the web pages a user visits to better
target advertising.
• Keyloggers, also called system monitors, are used to see nearly
everything a user does on their computer. This includes emails,
opened web-pages, programs and keystrokes.

SPAM

• an unwanted email mostly from bots or advertisers. It can be

used to send malware.
PHISHING
an unwanted acquisition of sensitive personal information like
passwords and credit card details.
BOTNET
group of compromised computer connected to a network ("zombie")
DENIAL OF SERVICE ATTACK (DoS)
disrupts computer access to internet services
INTERNET DANGERS
Dark Web
Social Engineering
Hacking
Password Cracking
Penetration
Testing
What is the dark web?
How to access it and what you'll find
The dark web is part of the internet that is not visible to search
engines and requires the use of an anonymizing browser called Tor to
be accessed. You've no doubt heard talk of the “dark web” as a
hotbed of criminal activity — and it is.
In the Dark Web, you can buy credit card numbers, all manner of
drugs, guns, counterfeit money, stolen subscription credentials,
hacked Netflix accounts and software that helps you break into other
people’s computers.
What is the dark web?
How to access it and what you'll find
But not everything in the Dark Web is illegal. The dark web also has a
legitimate side. For example, you can join a chess club or BlackBook,
a social network described as the “the Facebook of Tor.”
Social Engineering
Psychological Manipulation of People
Social Engineering

It is the term used for a broad range of malicious activities

accomplished through human interactions.

It uses psychological manipulation to trick users into making security

mistakes or giving away sensitive information.

The idea behind social engineering is to take advantage of a potential

victim’s natural tendencies and emotional reactions.

Social engineering attack techniques

Social engineering attacks come in many different forms and can be
performed anywhere where human interaction is involved. The
following are the five most common forms of digital social engineering
assaults.
Baiting
As its name implies, baiting attacks use a false promise to pique a
victim’s greed or curiosity. They lure users into a trap that steals their
personal information or inflicts their systems with malware.
Scareware
involves victims being bombarded with false alarms and fictitious
threats. Users are deceived to think their system is infected with
malware, prompting them to install software that has no real benefit
(other than for the perpetrator) or is malware itself.
Social engineering attack techniques Pretexting
Pretexting
Here an attacker obtains information through a series of cleverly
crafted lies. The scam is often initiated by a perpetrator pretending to
need sensitive information from a victim so as to perform a critical
task.
Phishing
As one of the most popular social engineering attack types, phishing
scams are email and text message campaigns aimed at creating a
sense of urgency, curiosity or fear in victims. It then prods them into
revealing sensitive information, clicking on links to malicious websites,
or opening attachments that contain malware.
Spear phishing
This is a more targeted version of the phishing scam whereby an
attacker chooses specific individuals or enterprises. They then tailor
their messages based on characteristics, job positions, and contacts
belonging to their victims to make their attack less conspicuous. Spear
phishing requires much more effort on behalf of the perpetrator and
may take weeks and months to pull off. They’re much harder to detect
and have better success rates if done skillfully.

Social engineering prevention

Social engineers manipulate human feelings, such as curiosity or fear,
to carry out schemes and draw victims into their traps. Therefore, be
wary whenever you feel alarmed by an email, attracted to an offer
displayed on a website, or when you come across stray digital media
lying about.
The following tips can help improve your vigilance in relation to
social engineering hacks:

• Don’t open emails and attachments from suspicious sources

• Use multifactor authentication

• Be wary of tempting offers

• Keep your antivirus/antimalware software updated

Catch a Phish
Determine if the following e-mails are legitimate e-mails or phishing e-
mails.
First, a short myth:
"A 15-year-old boy sits behind a glowing black monitor, typing
furiously. The green text streams across his screen like a waterfall.
His nervousness escalates dramatically as he sends rapid-fire
commands to the strained computer. Suddenly, he lets out a
triumphant laugh and proceeds to steal money."
Hackerszszsz
Such is the stereotypical view of a hacker. Yet, there’s so much more
to this fine art than Hollywood or the media describes. Hackers are
varied creatures and include these 7 types:
1. Script Kiddie
– A derogatory term often used by amateur hackers who don’t care
much about the coding skills. These hackers usually download tools or
use available hacking codes written by other developers and hackers.
Their primary purpose is often to impress their friends or gain
attention.
However, they don’t care about learning. By using off-the-shelf codes
and tools, these hackers may launch some attacks without bothering
for the quality of the attack. Most common cyber attacks by script
kiddies might include DoS and DDoS attacks.
2. White Hat
– Also known as ethical hackers, White Hat hackers are the good
guys of the hacker world. They’ll help you remove a virus or PenTest a
company. Most White Hat hackers hold a college degree in IT security
or computer science and must be certified to pursue a career in
hacking. This individual specializes in ethical hacking tools,
techniques, and methodologies to secure an organization’s
information systems
3. Black Hat
– The term “black hat” originated from Western movies, where the bad
guys wore black hats and the good guys wore white hats. A black-hat
hacker is an individual who attempts to gain unauthorized entry into a
system or network to exploit them for malicious reasons. The black-
hat hacker does not have any permission or authority to compromise
their targets. They try to inflict damage by compromising security
systems, altering functions of websites and networks, or shutting down
systems. They often do so to steal or gain access to passwords,
financial information, and other personal data.
4. Gray Hat
– Nothing is ever just black or white; the same is true in the world of
hacking. Gray Hat hackers don’t steal money or information yet they
don’t help people for good. Usually, grey-hat hackers surf the net and
hack into computer systems to notify the administrator or the owner
that their system/network contains one or more vulnerabilities that
must be fixed immediately. Grey hats may also extort the hacked,
offering to correct the defect for a nominal fee.
5. Green Hat
– These are the hacker “n00bz,” but unlike Script Kiddies, they care
about hacking and strive to become full-blown hackers. They’re often
flamed by the hacker community for asking many basic questions.
You can identify them by their spark to grow and learn more about the
hacking trade. Once you answer a single question, the hackers will
listen with undivided attention and ask another question until you
answer all their queries.
6. Red Hat
– These are the vigilantes of the hacker world. Red Hat Hackers have
an agenda similar to white hat hackers which in simple words is
halting the acts of Blackhat hackers. However, there is a major
difference in the way they operate. They are ruthless when it comes to
dealing with black hat hackers.
Instead of reporting a malicious attack, they believe in taking down the
black hat hacker completely. Red hat hacker will launch a series of
aggressive cyber attacks and malware on the hacker that the hacker
may as well have to replace the whole system.
7. Blue Hat
– These are another form of novice hackers much like script kiddies
whose main agenda is to take revenge on anyone who makes them
angry. They have no desire for learning and may use simple cyber
attacks like flooding your IP with overloaded packets which will result
in DoS attacks.
A script kiddie with a vengeful agenda can be considered a blue hat
hacker.

What is Password Cracking?

Password cracking is the process of attempting to gain Unauthorized
access to restricted systems using common passwords or algorithms
that guess passwords. In other words, it’s an art of obtaining the
correct password that gives access to a system protected by an
authentication method.
Password cracking employs a number of techniques to achieve its
goals. The cracking process can involve either comparing stored
passwords against word list or use algorithms to generate passwords
that match
Password strength is the measure of a password’s efficiency to resist
password cracking attacks. The strength of a password is determined
by;

• Length: the number of characters the password contains.

• Complexity: does it use a combination of letters, numbers, and
symbol?
• Unpredictability: is it something that can be guessed easily by an
attacker?

Password cracking techniques

There are a number of techniques that can be used to crack
passwords. We will describe the most commonly used ones
below:

• Dictionary attack – This method involves the use of a wordlist to

compare against user passwords.
 • Brute force attack – This method is similar to the dictionary
attack. Brute force attacks use algorithms that combine alpha-
numeric characters and symbols to come up with passwords for
the attack. For example, a password of the value “password” can
also be tried as p@$$word using the brute force attack.
• Rainbow table attack – This method uses pre-computed hashes.
Let’s assume that we have a database which stores passwords
as md5 hashes. We can create another database that has md5
hashes of commonly used passwords. We can then compare the
password hash we have against the stored hashes in the
database. If a match is found, then we have the password.
• Guess – As the name suggests, this method involves guessing.
Passwords such as qwerty, password, admin, etc. are commonly
used or set as default passwords. If they have not been changed
or if the user is careless when selecting passwords, then they
can be easily compromised.
• Spidering – Most organizations use passwords that contain
company information. This information can be found on company
websites, social media such as facebook, twitter, etc. Spidering
gathers information from these sources to come up with word
lists. The word list is then used to perform dictionary and brute
force attacks.

Md5 (Message Digest 5)

• It is a cryptographic function that allows you to make a 128-bits

(32 caracters) "hash" from any string taken as input, no matter
the length (up to 2^64 bits).
• This function is irreversible, you can't obtain the plain text only
from the hash.
• One should know that md5, although it's very used and common,
shouldn't be use to encrypt critical data, since it's not secure
anymore (collisions were found, and decrypt is becoming more
and more easy).
• If you still want to use md5 to store passwords on your website,
good thing would be to use a "salt" to make the hash more
difficult to crack via brute force and rainbow tables.
 • A salt is simply a character string that you add to a user
password to make it less breakable. For instance, say we are
using the password "password" (good idea). It will be obviously
really easy to break. Then before storing this password in your
database, you just concatenate a random string (generated with
a php function for instance) such as a~/!c^12/*bn@( for example.
That would make the password look like
a~/!c^12/*bn@(password, which is obviously really harder to
crack.

Sha-256

• It is a function of algorithm Sha-2

• Sha-2 algorithm was developed by NSA to answer the security
problem of Sha-1, since the theorical discover of a 2^63
operations for collisions. This algorithm takes as input a 2^64
maximum length message, and outputs a 256 bits hash.
• It seems that sha256 is becoming more and more used in order
to replace the old md5 hash function. I think that sha256 is
actually the best replacement because of its good balance
between online storage size and security. As the others
cryptographic functions of its "family", Sha-256 is unilateral so
you can't find the plaintext with only the hash.
• Sha-256 is a good way to store your users passwords, as it is
way more secure than Md5 or Sha-1 for instance. Even if it is
more secure though, you should still consider using a salt to
improve security.