Cyber safety

Cyber safety is trying to be safe on the internet and is the knowledge of maximizing the user's
personal safety and security risks to private information and property associated with using the
internet, and the self-protection from computer crime in general.

Safely browsing the web: Protecting yourself by securing your devices, software and
connections is important, but making the right choices when doing things on the web can
make a huge difference to your safety online. There are potential risks involved in doing
things online, but by making smart choices you can reduce that risk.

By using a combination of preventative measures and making good choices online you can
stay safe when browsing the web.

Before you start – Update your software: Exploiting email and web browsing applications is the
most common way hackers and malware try to gain access to devices and your information.
Protect yourself before you start browsing the web by making sure that your operating system,
web browser, security software, browser plugins (like Java or Adobe products) and other
applications are up-to-date.

Protect your web browser: You can adjust the settings in your web browser to work in a more or
less secure way. Some functionality might be limited when using the most secure settings, but
they can provide the best protection from malicious content. Most web browsers will give you
warnings when they detect you visiting a malicious website or possibly being exposed to
malicious content. Pay attention to these warnings – they can help protect you from malware,
phishing and identity theft.

Use safe behaviour:

Use the following advice when browsing the web to significantly reduce your risk of being a
victim of cybercrime:
 Use strong unique passwords online.

Only download files and applications from websites that you trust, such as from
official app stores or legitimate organisations, such as your bank.

Pause and think carefully before clicking on links in email, messages or on social
networking sites. Don’t click on links in messages if you don’t know the sender or if the
message is unexpected.

If you think a link looks suspicious or you can’t tell where it leads to, before you click
hover over that link to see the actual web address it will take you to (usually shown at the
bottom of the browser window). If you do not recognize or trust the address, try
searching for relevant key terms in a web browser. This way you can find the article,
video, or webpage without directly clicking on the suspicious link.

Expand shortened URLS to check if they are safe. Short URLs are often used in social
media. There are a number of services that create short links - such as goo.gl, bit.ly,
tinyurl.com, ow.ly and youtu.be. To check if these links are safe you can use an ‘expand
link’ facility to get the original URL from a shortened link without having to click through
to the destination. Look for a short URL expander that is recommended by your anti-
virus software or a reputable software company.

Be wary of offers that seem too good to be true. Leave websites that ask for your
personal or banking details in return for money – these are scams.

Don’t agree to friend requests from people you don’t know on social media networks -
people are not always who they say they are.

Identity protection: Your personal identity is important as it defines who you are. Your identity
includes your personal information; information such as name, address, contact information,
bank account, credit card numbers, and social security numbers should all be kept private.

Confidentiality: Confidentiality is roughly equivalent to privacy. Measures undertaken to ensure

confidentiality are designed to prevent sensitive information from reaching the wrong people,
while making sure that the right people can in fact get it: Access must be restricted to those
authorized to view the data in question. It is common, as well, for data to be categorized
according to the amount and type of damage that could be done should it fall into unintended
hands. More or less stringent measures can then be implemented according to those
categories.
Sometimes safeguarding data confidentiality may involve special training for those privy to such
documents. Such training would typically include security risks that could threaten this
information. Training can help familiarize authorized people with risk factors and how to guard
against them. Further aspects of training can include strong passwords and password-related
best practices and information about social engineering methods, to prevent them from bending
data-handling rules with good intentions and potentially disastrous results.

A good example of methods used to ensure confidentiality is an account number or routing

number when banking online. Data encryption is a common method of ensuring confidentiality.
User IDs and passwords constitute a standard procedure; two-

factor authentication is becoming the norm. Other options include biometric verification and
security tokens, key fobs or soft tokens. In addition, users can take precautions to minimize the
number of places where the information appears and the number of times it is actually
transmitted to complete a required transaction. Extra measures might be taken in the case of
extremely sensitive documents, precautions such as storing only on air gapped computers,
disconnected storage devices or, for highly sensitive information, in hard copy form only.

Social networks: Social networking is playing a huge role in our life. Now a days businesses
heavily rely on social media for their promotions and sale of their products. But on the other hand
lot of frauds are being done using social media. Person shouldn’t accept any random request.
There are lot of fake accounts on social media which might be hackers they might intrude in your
PC.

Cyber Trolling: Trolling is internet slang for a person who intentionally starts arguments or upsets
others by posting inflammatory remarks. The sole purpose of trolling is angering people. It has
been compared to flaming in cyber bullying. Plus, many people who troll think what they do is an
"art". They frequently hide behind a cloak of anonymity. The symbol for trolling is a black and
white drawing of a face with a mischievous grin, which is symbolic of the expression someone is
making while trolling victims.

Purpose of trolling is To be a source of entertainment for the troller, To be offensive and

argumentative, To derive pleasure from annoying the hell out of others, To scour the internet for
bait (a.k.a. you), To get attention, To feel powerful, To gain recognition, To upset the victim
Cyber bullying: Cyber bullying is deliberate and repeated harm inflicted through using the
Internet, interactive and digital technologies, or mobile phones.

Purpose

To get revenge

To feel empowered

To gain popularity

To harass and threaten

To be offensive

To humiliate

To intimidate

To upset the victim

Provided by: Sanjeev Kumar Giri (PGT – CS)
 CBSE Revision Notes

Class-11 Informatics Practices (New Syllabus)

Unit 4: Society, Law and Ethics (SLE-1) - Cyber safety

Appropriate usage of social networks

Now a day’s social network is playing a key role on our society from making friends to sharing
information and news. But same thing can be used in negative sense that could impact
someone’s life for example spreading fake news about someone without verifying that. Now a
day’s it is quiet common to see fake news around social network at time people end up losing
their life. Or they go into depressions because of rumours which might not be true. We often see
people using fake accounts to talk to someone we should also be aware about these things we
should not share our personal information with unknown people on social media.

Spread of rumours: It is becoming common practice to spread rumours on social media and at
times it spreads like a fire. We can often see certain message circulating on Whatsapp that XYZ
product is banned by doctors it contains some toxics most of the guys fall under these rumours
and they stop using those products. While using social media we must be aware there are lot of
rumours going on which might not be true before believing any news received on social media
you should verify those things simply by Googling it if any trusted news source has covered that
news it’s true but if you won’t see any such news from trusted source then it’s fake. It’s not just
about products but hatred can be speared using these social media’s at times you might hate
someone because of these rumours. At times rumours are spread for the sake of revenge without
thinking how it’ll impact other person’s life. Everybody must be aware there is a punishment for
spreading rumours about someone so everyone should refrain from doing such things and stop
believing everything you see on social media.

Common social networking sites (Twitter, LinkedIn, and Facebook): There are lot of social
networking sites like Twitter, LinkedIn, Facebook. There are other sites also which is not as
popular as these 3. Aim of these social networking sites is to help people connect with each
other if we’ll take an example of Facebook we have been making lot of friends on Facebook we
share our opinions with others. It helps us to keep connected with our friends
 1/2
Material downloaded from myCBSEguide.com.
and we can see what’s going on in their life which wasn’t possible before this social networking
came into existence. Facebook has also helped people to grow their business and people are
even selling products via Facebook. If we talk about LinkedIn it has helped companies to look for
employees. A person looking for a job can easily go to LinkedIn and can search for jobs as there
are HR’s from different companies who keep posting about vacancies in their company. You can
learn from these guys by taking help from them like what sort of job is suitable for you or how
you can find a job or how to pursue your career. It is a great platform for guys who what to learn
something. On the other hand twitter is mostly used to share the opinions by everyone it’s mostly
famous among celebrities. They keep sharing their views. And we can easily connect with them
or we can respond to their views. Social networking has changed the way we used to live our
life.

Specific usage rules: There are specific rules you should be aware of before using social media.
Never reveal your personal information to other person as that person might exploit you because
of that information. Whatever you write on social media make sure it does not hurt anyone’s
sentiments. Never spread rumours about other person. Never try to defame anyone on social
media. If you are writing something make sure you mention it’s your point of view and your
colleagues have nothing to do with this. Don’t spread hatred.
 2/2
Material downloaded from myCBSEguide.com.
 CBSE Revision Notes

Class-11 Informatics Practices (New Syllabus)

Unit 4: Society, Law and Ethics (SLE-1) - Cyber safety

Safely Accessing Websites

While accessing any website we should always be aware it’s safe and it does not contain any
harmful content in like virus and other malicious things always try to access websites which has
https:// in it rather http:// here “s” means secure. Let’s see some of the possible threats which
you might get while accessing websites.

Adware: Adware, or advertising-supported software, is software that generates revenue for its
developer by automatically generating online advertisements in the user interface of the software
or on a screen presented to the user during the installation process. The software may generate
two types of revenue: one is for the display of the advertisement and another on a "pay-per-click"
basis, if the user clicks on the advertisement. The software may implement advertisements in a
variety of ways, including a static box display, a banner display, full screen, a video, pop-up ad
or in some other form.

Some software developers offer their software free of charge, and rely on revenue from
advertising to recoup their expenses and generate income. Some also offer a version of the
software at a fee without advertising.

The software's functions may be designed to analyse the user's location and which Internet
sites the user visits and to present advertising pertinent to the types of goods or services
featured there. The term is sometimes used to refer to software that displays unwanted
advertisements known as malware.

Malware: Malware, or malicious software, is any program or file that is harmful to a computer
user. Malware includes computer viruses, worms, Trojan horses and spyware. These malicious
programs can perform a variety of functions, including stealing, encrypting or deleting sensitive
data, altering or hijacking core computing functions and monitoring users' computer activity
without their permission.

Programs officially supplied by companies can be considered malware if they secretly act
against the interests of the computer user. For example, company ABC sold the rootkit, which
contained a Trojan horse embedded into CDs that silently installed and concealed itself on
 1/3
Material downloaded from myCBSEguide.com.
purchasers' computers with the intention of preventing illicit copying. It also reported on users'
listening habits, and unintentionally created vulnerabilities that were then exploited by
unrelated malware.

One strategy for protecting against malware is to prevent the malware software from gaining
access to the target computer. For this reason, antivirus software, firewalls and other strategies
are used to help protect against the introduction of malware, in addition to checking for the
presence of malware and malicious activity and recovering from attacks.

Virus: A computer virus is a type of malicious code or program written to alter the way a
computer operates and that is designed to spread from one computer to another. A virus
operates by inserting or attaching itself to a legitimate program or document that supports
macros in order to execute its code. In the process a virus has the potential to cause
unexpected or damaging effects, such as harming the system software by corrupting or
destroying data. Once a virus has successfully attached to a program, file, or document, the
virus will lie dormant until circumstances cause the computer or device to execute its code. In
order for a virus to infect your computer, you have to run the infected program, which in turn
causes the virus code to be executed. This means that a virus can remain dormant on your
computer, without showing major sings or symptoms. However, once the virus infects your
computer, the virus can infect other computers on the same network. Stealing passwords or
data, logging keystrokes, corrupting files, spamming your email contacts, and even taking over
your machine are just some of the devastating and irritating things a virus can do.

Trojans: In computing, a Trojan horse is a program that appears harmless, but is, in fact,
malicious. Unexpected changes to computer settings and unusual activity, even when the
computer should be idle, are strong indications that a Trojan is residing on a computer.

A Trojan horse may also be referred to as a Trojan horse virus, but that is technically
incorrect. Unlike a computer virus, a Trojan horse is not able to replicate itself, nor can it
propagate without an end user's assistance. This is why attackers must use social
engineering tactics to trick the end user into executing the Trojan. Typically,

the malware programming is hidden in an innocent-looking email attachment or free download.

When the user clicks on the email attachment or downloads the free program, the malware that
is hidden inside is transferred to the user's computing device. Once inside, the malicious code
can execute whatever task the attacker designed it to carry out.
 2/3
Material downloaded from myCBSEguide.com.
Because the user is often unaware that a Trojan horse has been installed, the computing
device's security depends upon antimalware software that can recognize malicious code,
isolate it and remove it. To avoid being infected by Trojan malware, users should keep their
antivirus software up to date and never click on links from untrusted sources or download files
from unknown senders.
 3/3
Material downloaded from myCBSEguide.com.
 CBSE Revision Notes

Class-11 Informatics Practices (New Syllabus)

Unit 4: Society, Law and Ethics (SLE-1) - Cyber safety

Safely Communicating Data

One should always stay safe while making online payments or transferring the data. Let’s see
possible measures you can take to keep yourself secure.

Secure connections: A secure connection is a connection that is encrypted by one or more

security protocols to ensure the security of data flowing between two or more nodes. When a
connection is not encrypted, it can be easily listened to by anyone with the knowledge on how to
do it, or even prone to threats by malicious software and rogue and unexpected events.

Anyone who wants to get information from a non-secured connection can do so since they can
easily go through, in and out of the computer’s network taking with them important data such as
login, passwords and other private information.

Secure connections, as they supposed to protect the data being transferred from one
computer to another, must be able to do three main things.

1. Prevent third parties from getting hold of confidential data

2. It must first validate the identification of the person who wishes to access and exchange
the data

3. It must protect information from being viewed or altered by unknown parties

There are many methods to be able to establish a secure connection, but most of them involve
data encryption. Data encryption is a method which hides information from other unauthorized
parties. This method usually needs an appropriate program installed on both computers
involved in the connection that will encrypt and decrypt the information. Among these are our
basic security protocols embedded in main communication protocols like TCP/IP, HTTPS,
POP3 or IMAP.

Firewalls and anti-virus software may also serve in creating secure connections in some
form.
 1/3
Material downloaded from myCBSEguide.com.
Eavesdropping: Eavesdropping is as an electronic attack where digital communications are
intercepted by an individual whom they are not intended.

This is done in two main ways: Directly listening to digital or analog voice communication or the
interception or sniffing of data relating to any form of communication.

Eavesdropping is the act of intercepting communications between two points.

In the digital world, eavesdropping takes the form of sniffing for data in what is called
network eavesdropping. A specialized program is used to sniff and record packets of data
communications from a network and then subsequently listened to or read using
cryptographic tools for analysis and decryption.

For example, Voice over IP (VoIP) calls made using IP-based communication can be picked up
and recorded using protocol analyzers and then converted to audio files using other specialized
software.

Data sniffing is easily done on a local network that uses a HUB since all communications are
sent to all the ports (non-recipients just drop the data) and a sniffer will simply accept all of the
incoming data.

This goes the same for wireless networking where data is broadcast so even non-recipients
can receive the data if they have the proper tools.

Actual eavesdropping, that is the simple act of listening to other people talk without them
knowing it, can be done using current technology such as hidden microphones and
recorders.

Hacking into devices such as IP phones is also done in order to eavesdrop on the owner of
the phone by remotely activating the speaker phone function.

Devices with microphones including laptops and cell phones also can be hacked to remotely
activate their microphones and discretely send data to the attacker.

Phishing: Phishing is the act of sending an email to a user falsely claiming to be an established
legitimate enterprise in an attempt to scam the user into surrendering private information that will
be used for identity theft. Phishing email will typically direct the user to visit a website where they
are asked to update personal information, such as a password, credit card, social security, or
bank account numbers, that the legitimate organization already has. The website, however, is
bogus and will capture and steal any information the user enters on the page.
 2/3
Material downloaded from myCBSEguide.com.
Identity verification: As services and socialising shifted online, identifying each other
digitally has become increasingly important.

How can we do this securely, without impacting users’ experience? Let us explore the trends in
online identity verification, looking at the key solutions and implications for businesses and
users.

Exposing more personal information about ourselves and revealing our true identities online
opens up great opportunities and risks. Organisations must navigate (and mitigate) these for
their users.

Consequently, a number of solutions have emerged to validate who we are online.

Two-Step Verification

Creating a username and password to access specific websites is the most familiar online
identity system. But, we’ve known it’s a broken process for years.

It’s too difficult to create and manage unique, elaborate passwords for each online account we
have. And even the idea that a ‘strong password’ can protect us is now a fantasy, with
hackers regularly breaking into computer systems and releasing username and password
data.

Worse than this, plenty of us daisy-chain accounts to our main email address; creating a
single point of failure for hackers to exploit, gaining entry to countless more with ease. The
most common solution is two-factor authentication: requesting knowledge (such as an
alphanumerical ‘secret’) and possession (adding a physical level) for a user to verify
themselves. Cash machines were the original implementation of this idea, requiring
possession of a physical card and remembering a secret PIN.

The trick is establishing a second, physical authenticator that is secure, but doesn’t
inconvenience the user.

For example, many companies have avoided the delay and cost of issuing unique physical
tokens (such as a key fob, or card reader); instead, asking users to add a mobile contact
number and enter unique codes sent via SMS.
 3/3
Material downloaded from myCBSEguide.com.