IT WORKSHOP LAB MANUAL

Search Engines and Cyber Hygiene Exercise - 11

Aim: Working of search engine, Awareness of various threats on Internet, types of attacks and how to overcome. Installation of , configuration of personal and Windows update on computers.

11.1 Introduction Search Engine refers to a huge database of internet resources such as web pages, newsgroups, programs, images etc. It helps to locate information on .

User can search for any information by passing query in form of keywords or phrase. It then searches for relevant information in its database and return to the user.

Fig. 1. Windows explorer

198 Prepared by: APPROVED BY :

Ms.K.NIRMALA Dr.K.RAMANI Mr.V.S.V.S.S.S.M.CHAKRADHAR HOD, IT

IT WORKSHOP LAB MANUAL

Search Engine Components Generally there are three basic components of a search engine as listed below:

1. Web Crawler

2. Database

3. Search Interfaces

Web crawler It is also known as spider or bots. It is a software component that traverses the web to gather information.

Database All the information on the web is stored in database. It consists of huge web resources.

Search Interfaces This component is an interface between user and the database. It helps the user to search through the database.

Search Engine Working Web crawler, database and the search interface are the major component of a search engine that actually makes search engine to work. Search engines make use of Boolean expression AND, OR, NOT to restrict and widen the results of a search. Following are the steps that are performed by the search engine:

 The search engine looks for the keyword in the index for predefined database instead of going directly to the web to search for the keyword.

 It then uses software to search for the information in the database. This software component is known as web crawler.

 Once web crawler finds the pages, the search engine then shows the relevant web pages as a result. These retrieved web pages generally include title of page, size of text portion, first several sentences etc.

These search criteria may vary from one search engine to the other. The retrieved information is ranked according to various factors such as frequency of keywords, relevancy of information, links etc.

 User can click on any of the search results to open it.

199 Prepared by: APPROVED BY :

Ms.K.NIRMALA Dr.K.RAMANI Mr.V.S.V.S.S.S.M.CHAKRADHAR HOD, IT

IT WORKSHOP LAB MANUAL

11.2 INTRODUCTION TO VARIOUS THREATS ON INTERNET

A web is any threat that uses the internet to facilitate . Web threats use multiple types of and fraud, all of which utilize HTTP or HTTPS protocols, but may also employ other protocols and components, such as links in email or IM, or malware attachments or on servers that access the Web.

Web threats pose a broad range of risks, including financial damages, , loss of confidential information/data, theft of network resources, damaged brand/personal reputation, and erosion of consumer confidence in e-commerce and .

11.2.1 TYPES OF INTERNET THREATS

 Viruses  Network Worms  Trojans  /  Other Malware  Other Threats

Viruses

A virus is a program that replicates itself, usually by attaching itself to other files and programs. A worm is a program that does not infect other programs but makes copies of itself. programs do not replicate nor make copies of themselves, but rely on other "manual" methods of distribution. We use the term "viruses" on this page to cover all forms of infections.

Viruses are spread in a variety of ways. Some Examples:

• email attachments (such as Klez, Badtrans, MyParty) • instant messaging links and attachments (such as Aplore) • compromised web servers (such as Nimda) • Usenet news groups • Inernet Relay Chat channels • floppy diskettes • file downloads (many Trojans are embedded with other files)

200 Prepared by: APPROVED BY :

Ms.K.NIRMALA Dr.K.RAMANI Mr.V.S.V.S.S.S.M.CHAKRADHAR HOD, IT

IT WORKSHOP LAB MANUAL

Fig. 2. viruses

All viruses are different. Some activate on a certain day, but remain dormant until then. Others begin the attack as soon as the machine has been infected. Viruses can be very damaging and some are just annoying.

More than 1,00,000 known viruses exists in the world today Several hundred new viruses are discovered every month

Protecting from viruses:

A good way to protect yourself is to have a virus protection program and keep it up- to-date. Before running a download from an unknown site, or opening an email attachment, always be sure to scan it to ensure that it is not infected. If you do not know the source of a file do not open it. Even if you know the person who sent you a file, if you were not expecting it you may want to contact them before opening it. This is because many viruses automatically send themselves out to addresses it finds in files on the infected computer.

Fig. 3. virus protection

Anti-virus program:

An anti-virus program is designed to protect your computer from possible virus infections. Most viruses are designed to operate in the background in a way that the user will not notice. Virus protection programs search for, detect, and attempt to remove these viruses. 201 Prepared by: APPROVED BY :

Ms.K.NIRMALA Dr.K.RAMANI Mr.V.S.V.S.S.S.M.CHAKRADHAR HOD, IT

IT WORKSHOP LAB MANUAL

Anti-virus programs must be kept up-to-date in order for them to provide adequate protection. New viruses are being created every day and your anti-virus program can't always predict what they will be able to do or how they will work.

Due to the nature of the operating system, Linux, and other UNIX-like operating systems are not as susceptable to viruses. Thus an anti-virus program is not necessary.

Network Worms

Network Worm is a Self-replicating Viruses that reside in the active memory of a computer. A worm is a computer program that has the ability to copy itself from machine to machine. Worms use up computer processing time and network bandwidth when they replicate, and often carry payloads that do considerable damage. Worms send themselves out to the Internet from infected systems. Either include tiny e-mail server or search for unprotected shared network drives to unload.

Trojan Programs:

Trojan, is a standalone malicious program that does not attempt to infect files unlike a or replicate itself with the intent of infecting other computers unlike a . Trojan horses can make copies of themselves, steal information, or harm their host computer systems

Trojan horses are often destructive programs that masquerade as benign applications. Unlike viruses and worms, Trojan horses do not replicate themselves, but they can be just as destructive. One of the most insidious types of Trojan horse is a program that claims to get rid of viruses but instead introduces viruses onto the computer.

• Threats enabled by (/through) Trojans � DDos attacks � Data stealing � Distributed spam eMails

Spyware / Adware: • Cookies – Track you online • Browser Hijackers – Changes default home page • Tracking Cookies – Gathers info of web usage • Trickles – Reinstalls spyware when deleted • Keyloggers – Records anything you type! …. Etc.

202 Prepared by: APPROVED BY :

Ms.K.NIRMALA Dr.K.RAMANI Mr.V.S.V.S.S.S.M.CHAKRADHAR HOD, IT

IT WORKSHOP LAB MANUAL

Other malware: • Dos & DDos attacks • Flooders • FileCryptors & PolyCryptors • Nukers … Etc. Other Threats: • � Confidential information stealing by fraud emails & web sites (author falsified) � Several millions of Phishing messages have been sent world wide � Fastest growing threat today • SPIM � Instant Messaging SPAM � Estimated: 4 billion SPIM's during 2004

Diagnosing Infections:

• Slow computer, system reboots • Mouse moves by itself • Browser goes to unexpected web sites • Slow internet access • Endless popup ads • New desktop toolbars

Solutions to Overcome:

• Disabled antivirus scanner or firewall • Check startup program group regularly for software you didn’t install • Check Add/Remove programs for software you didn’t install (make a list of installed items on a new machine and check the list regularly) • Check running services monthly • Check running processes in Task Manager • Monitor open ports • Monitor outgoing and incoming connections

203 Prepared by: APPROVED BY :

Ms.K.NIRMALA Dr.K.RAMANI Mr.V.S.V.S.S.S.M.CHAKRADHAR HOD, IT

IT WORKSHOP LAB MANUAL

Anti-Virus Software:

Antivirus software is used to prevent, detect, and remove malware, including but not limited to the computer viruses, computer worms, Trojan horses, spyware and adware. Computer security, including protection from social engineering techniques, is commonly offered in products and services of antivirus software companies.

Some of the Antivirus software’s

• Norton Anti-Virus • McAfee Anti-Virus • AVG Anti-Virus

11.3 INSTALLATION OF ANTI-VIRUS

Steps for installing antivirus software

 Head over to the Microsoft Security Essentials page and download the software. Double-click on the installer to begin the installation process.  The installation should be pretty self-explanatory. Just follow the steps it gives you. Make sure you've checked the box to turn on the Windows Firewallwhen prompted, and give the whole thing a few minutes to install.  When it's done, it will ask you to run a scan. Hit yes, and it will download the latest virus definitions and run its first scan. All of this will take a few minutes, so just leave the program alone and let it do its thing.  When it's finished it's scan (hopefully without finding anything), it will begin monitoring your computer. Click the "Change My Scan Schedule" button to schedule a regular scan of your computer. I usually like to run mine on Sunday at 2:00 AM, when I know I'll be sleeping. Save your settings and you're done! Now, Microsoft Security Essentials will run in the background, constantly monitoring your computer for any viruses. If it catches anything, it will let you know and tell you how to proceed. It will also run a scan during the time you've scheduled it for, so make sure your computer's running at that time (in the above case, Sunday at 2 AM). You can check to make sure it's running by going to your system tray in the bottom-right corner and looking for the green castle icon.

Remember, good anti-virus software is important, but even more important is practicing safe browsing habits. The best way to avoid viruses is to make sure you don't download them in the first place. Don't click on anything that claims its anti-virus software unless you know where it came from, don't click on any suspicious Facebook posts, and make sure that you don't click on any fake email links. If you get an email from ebay.com, hover over the link

204 Prepared by: APPROVED BY :

Ms.K.NIRMALA Dr.K.RAMANI Mr.V.S.V.S.S.S.M.CHAKRADHAR HOD, IT

IT WORKSHOP LAB MANUAL

and look at the bottom of your screen to make sure it actually goes to somewhere at www.ebay.com—if it goes somewhere else, it's probably going to harm your computer.

11.4 Firewalls:

In very simple terms, a firewall is a device or program that allows you to monitor and control what comes into and goes out of your network. Almost every major business will use a firewall to protect its internal network from the outside world. Traditionally firewalls were, and in many cases still are, very expensive, dedicated pieces of hardware that use something called a "ruleset" to either allow or disallow connections through it. An effective firewall will do this at the "packet" level, that is it looks at every piece of data, or packet, individually before deciding to either allow it or drop it. Firewall forces every piece of information entering or leaving the castle to pass over a single drawbridge, where they could be inspected by the I/O police. The diagram below shows a very basic small network and firewall.

Fig. 4. Firewall

Windows Firewall A number of significant changes have been made to Windows Firewall (formerly called Internet Connection Firewall or ICF) in Service Pack 2 - all designed to help improve computer security.

Prior to Service Pack 2, Windows XP shipped with the firewall disabled by default. Activating the firewall meant having to either run a wizard or navigate through the Network Connections folder to turn it on manually.

With installation of Service Pack 2, Windows Firewall is turned on by default, providing improved default levels of protection on all new installations and upgrades. This also helps protect any new network connections as they are added to the system.

205 Prepared by: APPROVED BY :

Ms.K.NIRMALA Dr.K.RAMANI Mr.V.S.V.S.S.S.M.CHAKRADHAR HOD, IT

IT WORKSHOP LAB MANUAL

How Windows Firewall Works When someone on the Internet or on a network tries to connect to your computer, we call that attempt an "unsolicited request." When your computer gets an unsolicited request, Windows Firewall blocks the connection. If you run a program such as an instant messaging program that needs to receive information from the Internet or a network, the firewall asks if you want to block or unblock (allow) the connection. You should see a window like the one below.

Fig. 5. Firewall security alert If you choose to unblock the connection, Windows Firewall creates an exception so that the firewall won't bother you when that program needs to receive information in the future.

Allowing Exceptions - the Risks Each time you allow an exception for a program to communicate through Windows Firewall, your computer is made more vulnerable. To allow an exception is like poking a hole through the firewall. If there are too many holes, there's not much wall left in your firewall. Hackers often use software that scans the network looking for computers with unprotected connections. If you have lots of exceptions and open ports, your computer can become more vulnerable. To help decrease your security risk: • Only allow an exception when you really need it. • Never allow an exception for a program that you don't recognize. • Remove an exception when you no longer need it.

Allowing Exceptions Despite the Risks Sometimes you might want someone to be able to connect to your computer, despite the risk - such as when you use VNC to let support staff to connect to your computer. To add a program to the exceptions list 1. Click Start and then click Control Panel. 2. In the control panel, click Security Center, and then click Windows Firewall. 3. On the Exceptions tab, under Programs and Services, select the check box for the program or service that you want to allow, and then click OK. 206 Prepared by: APPROVED BY :

Ms.K.NIRMALA Dr.K.RAMANI Mr.V.S.V.S.S.S.M.CHAKRADHAR HOD, IT

IT WORKSHOP LAB MANUAL

If the program (or service) that you want to allow is not listed 1. Click Add Program. 2. In the Add a Program dialog box, click the program that you want to add, and then click OK. The program will appear, selected, on the Exceptions tab, under Programs and Services. 3. Click OK.

Fig. 6. Windows firewall If the program (or service) that exceptionyou want tabto allow is not listed in the Add a Program dialog box click Browse , locate the program that you want to add, and then double- click it. (Programs are usually stored in the Program Files folder on your computer.) The program will appear under Programs , in the Add a Program dialog box. Reducing the Risks of Allowing an Exception By default when you enable an exception it will unblock access from all computers that are on the same network as you, e.g. the whole Internet. You can restrict this access to only those systems or networks that you trust. You do this by changing the scope of the exception. To change the scope of an exception 1. On the Exceptions tab, under Programs and Services, select the program or service that you want to change the scope of, and then click Edit. 2. Click Change scope on Edit a Program.

207 Prepared by: APPROVED BY :

Ms.K.NIRMALA Dr.K.RAMANI Mr.V.S.V.S.S.S.M.CHAKRADHAR HOD, IT

IT WORKSHOP LAB MANUAL

Fig. 7. Editing a program

3. Select Custom list in Change Scope. Then add the details of the hosts and/or networks you wish to unblock.

Fig. 8. Change scope

Windows Update: You might need to have a computer administrator account to perform some tasks. Windows Update is the online extension of Windows that helps you keep your computer up to date. Microsoft offers important updates-which include security updates and other critical issues—to help protect your computer against new viruses and other security threats that can spread over the Internet or a network. Other updates contain enhancements such as upgrades and tools that can help your computer run more smoothly. Windows Update scans your computer and provides you with a tailored selection of updates that apply only to the software and hardware on your computer. Using Windows Update: • To open Windows Update, click Start, click All Programs, and then click Windows Update.

208 Prepared by: APPROVED BY :

Ms.K.NIRMALA Dr.K.RAMANI Mr.V.S.V.S.S.S.M.CHAKRADHAR HOD, IT

IT WORKSHOP LAB MANUAL

• The first time you go to the Windows Update Web site, click Yes when prompted to install any required software or controls. • To use Windows Update, you need to establish a connection to the Internet. • For more information, click Related Topics.

Using Automatic Windows Update: To turn on Automatic updates You must be logged on as a computer administrator to complete this procedure. 1. Open SYSTEM, and then click the Automatic updates tab. – or – If you are running Windows 2000, click Start, point to Settings, click Control Panel, and then double- click Automatic updates. 2. Click Automatic (recommended). 3. Under Automatically download recommended updates for my computer and install them, select the day and time you want Windows to install updates. Procedure: • To open System, click Start, click Control Panel, click Performance and Maintenance, and then click System. • Automatic updates provides high-priority updates, which include security and other critical updates that can help protect your computer. It's a good idea to visit the Windows Update Web site (http://www.microsoft.com/) on a regular basis to get optional updates, such as recommended software and hardware updates, that can help improve your computer's performance.

------

209 Prepared by: APPROVED BY :

Ms.K.NIRMALA Dr.K.RAMANI Mr.V.S.V.S.S.S.M.CHAKRADHAR HOD, IT