|
Beginner's Guide to Computer
Security
All computers, from the family
home computer to those on desktops in the largest corporations
in the country can be affected by computer security breaches.
However, these can often be easily
prevented. How?
These frequently asked questions
will provide you with a general overview of general security
information that will inform you of basic IT security, privacy
issues, unravel IT security jargon and provide other useful
information that will help protect your family and business
online. Making the internet accessible and safe for you!
General information
>
Is it safe?
> Where can
I get help?
> How do
I know if my PC is safe?
> Is my computer
safe if I'm not connected to the internet?
> How do
I know if a web site is reputable?
> What about
non-UK web sites?
> How do
I know if a web site belongs to a UK company?
> I went
to one organisation's web site and arrived at another - how?
>
How do I know if a web site is genuine?
Basic security information
>
What is a password?
> What is
a secure password?
> Why do
some sites ask for passwords?
> What is
SSL?
> What
does the padlock on the browser mean?
> How do
I manage the risks of being online?
> What is
a secure web browser?
Privacy
>
What happens to my personal information when I use the internet?
> What are
cookies?
> Should
I disclose personal information on the internet?
> Why do
organisations ask for personal information?
> What rights
do I have to stop my information being shared?
> What is
a chatroom? Is it safe?
> Can people
track what I'm doing when I'm on-line?
> Does my
ISP protect me at all?
Security jargon
>
What is port scanning?
> What is
a virus?
> How do
I know if I've got a virus?
> How can
I avoid getting viruses? And cure them if I do?
> What is
a hacker?
> Could
someone take control of my PC remotely?
> What is
a firewall?
> What is
a digital certificate?
> What is
a digital signature?
> What about
broadband - is there anything special I need to know?
> Am I
more at risk by leaving my PC connected all the time?
Family Protection
>
How can I keep my children safe online?
> Is the
internet safe for my children?
> I've heard
something about filtering software to restrict access for
my children - what is this and does it work?
> How can
I stop my children accessing unsuitable sites?
> What
is a chatroom? Is it safe?
Online shopping
>
Is internet shopping safe?
> What are
the benefits of internet shopping?
> What are
the risks of internet shopping?
> What if
I buy goods on the internet and something goes wrong?
> Is it
safe to use my credit card?
> What about
cases where credit card details have been made public?
General Information
Is it safe?
Yes - provided you take a few
sensible precautions. But remember that very few things in
life can ever be guaranteed absolutely safe and risk free
and the internet is no exception!
Where can
I get help?
Advice is readily available on
all aspects on being online, from this site and from other
sites - look under your specific concern. You can also contact
your Internet Service Provider (ISP).
How do I know
if my PC is safe?
If you have anti-virus software
on your PC (and keep it up to date), and are sensible about
opening email attachments, and have the file sharing option
in Windows turned off (unless you need it for use in an office
or home network) then your PC is reasonably safe. Try not
to leave the PC connected to the internet when it is not in
use. You should also consider installing a firewall, this
is particularly important if you have a permanent connection
e.g. broadband access. As a further measure, make sure you
keep back up copies of anything important on floppy disk,
CD-ROM or another storage device then if you do fall victim
to a virus or your computer breaks down you can retrieve your
data.
Is my computer
safe if I'm not connected to the internet?
Yes, although there are still
risks from viruses on floppy disks and CD-ROMs if you are
not connected to the internet and of course your computer
may break down or be stolen.
How do I know
if a website is reputable?
Just as anyone can insert an advertisement
in a newspaper, so anyone can set up a website. Check for
contact details on the site (a postal address, not just an
email address). For shopping use sites which you know or which
have been recommended, or look for the TrustUK logo.
What about
non-UK web sites?
One of the most exciting things
about the internet is being able to get information from all
over the world. Use the same common sense you would use for
any website, such as checking for postal contact details.
But remember that only UK sites have to adhere to UK laws.
How do I know
if a website belongs to a UK company?
Web site addresses often include
a two-letter country code, e.g. www.ukonline.gov.uk, at the
end of the given address or before the / shown on the browser.
Exceptions are for example .com, .net, and .org domains which
can be used across the globe. Some UK-based search engines
offer the option to search pages from the UK only.
I went to
one organisation's website and arrived at another - how?
Very often websites offer useful
links to other sites, for example these pages offer suggestions
about other websites offering information, such as the DTI
"Safe Internet Shopping" - if you click on the hyperlink
then you will be transferred to that site. Additionally, some
websites may send to another site temporarily as part of a
transaction, such as with the Government Gateway.
>
http://www.consumer.gov.uk/consumer_web/e-shopping.htm
How do I know
if a web site is genuine?
Internet addresses have to be
properly registered so most organisations have registered
their own names as site names. However, this cannot always
be guaranteed, particularly for all available suffixes, so
if you are in any doubt it is advisable to check for physical
address details.
Basic security information
What is a
password?
A password is a code which should
be known only to you which is used to prevent other people
impersonating you, rather like a PIN number with a bank cash
point card. A password should be carefully chosen (see the
next question on secure passwords) and not disclosed to others
or written down.
What is a
secure password?
Passwords should always be kept
secret and should not be easy to guess. Avoid anything with
obvious associations (like a spouse's name) or any dictionary
words - both can be easy for a hacker to work out. Ideally
a password should be at least 8 characters long and include
a mixture of uppercase, lowercase, numerals and other characters
eg EdunPO20=. One possible way to remember a password is to
pick a phrase, perhaps a line from a song, as a starting point.
Don't write it down or share it with anyone, including helpline
staff who should never have a need to know it. Some passwords
are automatically required to be changed after a specified
period, but it is good practice to change them every three
months. Finally, don't use the same password for everything,
just as you have different keys for your house, your car and
your office desk.
Why do some
sites ask for passwords?
As a basic check that you are
who you say you are (rather like the PIN number used with
a bank cash point card). There are more secure ways to prove
who you are, such as using digital certificates, but these
are only required where there needs to be substantial assurance
of identity.
What is SSL?
SSL, or Secure Socket Layer, is
a software tool which ensures that information sent to or
from a website cannot be viewed during transmission. It uses
a public and private key encryption system.
What does
the padlock on the browser mean?
It shows that you are on a site
using SSL to encrypt your personal information while it is
en route from your PC to the website operator's system, so
that it cannot be read by anyone intercepting it.
How do I
manage the risks of being online?
Be sensible you don't cross a
busy road without looking and thinking first, so do the same
online. Take reasonable precautions, like using anti-virus
software, and shopping from reputable sites. Adjust the security
settings on your browser to protect you to the level you require.
Don't give out personal information in chatrooms or if you
are not sure who is receiving the information. Just as you
give your children guidance about not speaking to strangers
in the street, give them guidance on sensible internet practice.
Think safety first then you can enjoy all the internet offers.
What is a
secure web browser?
A browser lets you access the
information on the internet. Common browsers include Microsoft
Internet Explorer and Netscape Navigator. A secure web browser
supports the technical security protocols (standards) used
by some sites to prevent unauthorized people from seeing information
sent to or from the sites. You can tell when this is happening
by the appearance of a padlock symbol at the bottom of the
browser window. Double clicking this symbol will show a 'digital
certificate' confirming the authenticity of the site.
Privacy
What happens
to my personal information when I use the internet?
Initially it is sent from your
computer to the website owner via a series of links, which
may not be direct. Unless it has been encrypted (using SSL
or other security tools) it can be intercepted by others while
being passed from link to link, so it is advisable to send
personal information, including credit card details, only
to sites which support SSL or similar tools. Once it arrives
at its destination, the information is used and stored as
required by the website owner, and may be used in direct marketing
or passed to other organisations. All UK websites which collect
personal data must, under the terms of the Data Protection
Act 1998, display information about how data is to be used,
and some may include the Information Commissioner's padlock
symbol (not to be confused with the secure site browser symbol).
>
Information Commissioner (http://www.dataprotection.gov.uk)
What are
cookies?
A cookie is an information file
created on your computer by a website you visit, which can
be used by the website to give individual preferences, including
'shopping basket' information while moving between pages on
a site. Some cookies remain on your computer between visits
so the website can address you by name or retain preference
data for a subsequent visit. In the UK, where cookies incorporate
any form of identifying data they are subject to the provisions
of the Data Protection Act 1998.
Should I disclose personal
information on the internet?
It depends on what you are doing
online. If you are buying something and wanting it delivered,
then obviously the vendor will need your name and address
and payment information. Some websites may request additional
information for marketing and other purposes but they should
not require you to give it. In chatrooms you should be wary
of giving any personal information, and children in particular
should be told not to give out any information which could
be used to identify them.
Why do organisations
ask for personal information?
Some personal information may
be required as part of a service the organisation is providing
to you (e.g. name, address and credit card number will be
required when buying something online to be delivered to your
home). Some may be useful to the organisation in offering
you a better service online. But organisations may also use
personal information for marketing purposes: their website
should advise you of this in their 'Privacy Policy' and give
you the option to decline.
What rights
do I have to stop my information being shared?
The Information Commissioner recommends
that websites allow you to state that you do not want your
information to be shared with third parties, rather as paper
forms often contain a tick box to this effect.
What is a
chatroom? Is it safe?
A chatroom provides an environment
where people can go and communicate about a common interest.
There are a wide variety of chatrooms on the internet covering
all sorts of interest for all types of people. They can be
enjoyable and a good way to get together with like-minded
people, but there can be dangers, particularly for children.
As you cannot see the person at the other end, you cannot
guarantee that they are who they say they are. So beware of
giving out any personal details, and warn children not to
give out their address or telephone number, and never to arrange
to meet anyone they have encountered in a chatroom without
their parent or guardian present.
Can people
track what I'm doing when I'm on-line?
Yes. Cookies can keep information
on your use and some websites use this data to follow users'
paths (so that they can improve their websites and their services).
Plus your PC maintains a history of sites you have visited.
Does my ISP
protect me at all?
ISPs can help by blocking junk
emails and by ensuring that they do not host inappropriate
material. Some ISPs also provide parental controls and filtering
out of undesirable sites.
Security jargon
What is port
scanning?
Sending messages to possible computer
addresses to see if a computer is there and whether it may
be vulnerable to a hacking attack.
What is a
virus?
A piece of malicious code which
can make unauthorised changes to your PC, including deleting
and changing files, and may email itself automatically to
others from your PC. Recent examples include the Love Bug
and Kournikova viruses.
How do I
know if I've got a virus?
Strange things may happen, your
PC may not work properly, or it may run slowly, or files may
not open as expected. But you may not notice anything untoward.
Some viruses can lie dormant before activating on specific
dates or following specific events.
How can I
avoid getting viruses? And cure them if I do?
Most viruses are transmitted by
email. You should avoid opening any email attachments, which
you do not expect, often they have enticing titles to induce
you to open them. Do not open any attachment with a double
file extension (e.g. file.jpg.exe). Make sure you use anti-virus
software, and make sure it is up to date to guard against
the most recent viruses. Your anti-virus software may help
you eliminate the virus, but in extreme cases it may be necessary
to completely reload all files on the PC (even the operating
system). Don't forget that viruses can also be introduced
on floppy disks and CD-ROMs though this is less common nowadays,
it still pays to check with your anti-virus software. You
can dramatically reduce the risk of catching a virus - but
you can never absolutely guarantee against it so make sure
you make backups of important information.
What is a
hacker?
Originally this meant someone
who wrote their own software. Now it is taken to mean someone
who attempts to gain unauthorised access to a computer system.
They may wish to commit fraud, gather data from the computer
system, or deface a website.
Could someone
take control of my PC remotely?
Yes, although the risks are minimal
if you have dial-up access because of the way internet addresses
are assigned. You should however consider the use of a firewall
to help protect your PC particularly if you have an always
on connection, as the risk increases with the time spent online.
Remote access to your PC could result in it being used to
attack other computers or networks.
What is a
firewall?
Firewalls act as a filter between
your computer and the outside world, to protect it from unauthorised
use. It can be either hardware (which can protect several
computers in a network) or software (which can run on a PC).
Firewalls filter out the unauthorised or potentially dangerous
types of data, while letting the data you want through. They
can also stop hackers gaining access to your PC. When you
install a firewall you should always configure it to your
own requirements rather than leaving the default settings
in place.
What is a
digital certificate?
A data file which can be used
to prove the identity of an individual. The individual digitally
signs a document using his "private key" which is
known only to him, while his "public key" can be
made freely available to anyone, allowing them to decrypt
his digital signature to prove that the individual did generate
the document. The public key is issued on a digital certificate
by a certification authority.
What is a
digital signature?
Data included within a digital
document, which identifies who produced it, and to show that
no changes have subsequently been made to the document. It
is used together with a digital certificate to prove identity.
What about
broadband - is there anything special I need to know?
Broadband generally means fixed
price, fast internet access without the need for 'dial up'.
This can result in internet connections being left on for
long periods as it doesn't tie up a phone line (e.g. ADSL).
Am I more
at risk by leaving my PC connected all the time?
'Always on' connections can increase
the risk of unauthorised, remote access to your PC. A firewall
and up to date anti virus software are recommended to protect
your PC.
Family Protection
How can I
keep my children safe online?
Have the PC in a family room rather
than the child's bedroom, give your child sensible guidance
about not giving out personal information or meeting people
they have encountered online without you as a parent or guardian
present. Look at some of the useful information sites for
both parents and children. You can also use filtering software
to reduce the risk of exposure to undesirable information
such as pornography.
Is the internet
safe for my children?
The internet offers wonderful
opportunities for children, and is often useful for school
work. There are several sites offering excellent advice for
both parents and children, including:
> www.bcs.org/parentaladvice
> www.internetcrimeforum.org.uk/chatwise_streetwise.html
>
www.thinkuknow.co.uk
>
http://younggov.ukonline.gov.uk
I've heard
something about filtering software to restrict access for
my children - what is this and does it work?
Filtering software can restrict
access to certain types of site, so can be used to screen
out, for example, pornography. This can be done in various
ways.
How can
I stop my children accessing unsuitable sites?
Using filtering software can obviously
help, although it is also advisable to keep the PC in a family
room rather than in the child's bedroom.
What is
a chatroom? Is it safe?
A chatroom provides an environment
where people can go and communicate about a common interest.
There are a wide variety of chatrooms on the internet covering
all sorts of interest for all types of people. They can be
enjoyable and a good way to get together with like-minded
people, but there can be dangers, particularly for children.
As you cannot see the person at the other end, you cannot
guarantee that they are who they say they are. So beware of
giving out any personal details, and warn children not to
give out their address or telephone number, and never to arrange
to meet anyone they have encountered in a chatroom without
their parent or guardian present.
Online shopping
Is internet
shopping safe?
Yes, provided you take some basic
precautions: use sites you know or which have been recommended
(or look for the TrustUK logo), get the supplier's postal
address and telephone number, look for the padlock symbol
on the browser to show your personal details are protected
when being sent to the supplier, keep copies of all email
correspondence and order forms, be aware of your cooling off
rights and remember that you have the same consumer rights
when using your credit card as you do in a shop - the law
protects you from card fraud. For more information, see the
DTI Safe Internet Shopping website.
http://www.dti.gov.uk/consumer_web/e-shopping.htm
What are
the benefits of internet shopping?
It's easy and convenient, particularly
if you can't easily get out to the shops.
What are
the risks of internet shopping?
When shopping online your normal
high street rights apply if the trader is based in the UK,
but for auctions and private sales the general rule is "buyer
beware". Websites that do not use security technology
(eg SSL, the browser padlock) may leave your personal information
open for anyone who intercepts the communication (imagine
it as being on a postcard rather than in a sealed envelope).
What if
I buy goods on the internet and something goes wrong?
Normal consumer rights apply.
If you buy by credit card and the goods fail to arrive or
are faulty, the card company should refund you for any single
item costing over £100.
Is it safe
to use my credit card?
Yes, look for sites which use
SSL (the browser padlock). Within the EU the card company
must refund you if your credit or debit card is used fraudulently.
What about
cases where credit card details have been made public?
This is rare and usually due to
details being sent insecurely (not using SSL) or else the
website not being secure. Use familiar or recommended websites
if you have concerns.
e-Security
index | e-Security
Guidelines | Contacts
| Links
top
of page
|
