جامعة القدس المفتوحة
Al-Quds Open University
We for Gaza
Information & Communication Technology Center (ICTC)
Technical Support
 

User’s Guids
 

Information Security
 

Important Tips for Information Security:

Always remember!

Proper and smart handling of computers and Internet has become a basic and essential matter to protect our data and information from penetration, intrusion and vandalism. These are some tips that should be taken into consideration to achieve a high degree of safety and protection:

  1. Use anti-virus software, anti-penetration, and protection walls and update them periodically.
  2. Make sure to update the operating system periodically.
  3. Create specific accounts with different permissions.
  4. Use passwords and make sure to store them encrypted.
  5. Dispose of any important information as soon as you are done with it
  6. Backup your important files periodically.
  7. Download programs and files only from trusted sites.
  8. Pay attention to those who are around you and who try to read your screen.
  9. make sure to shut down your computer while you are not using it.
  10. Do not open the operational files attached to emails, especially with extension like (VBS, SHS, PIF, and EXE), etc...
  11. Pay attention of the files that have more than one extension like (Name.BMP.EXE).
  12. Make sure of the Security settings for the Internet Browser.

1. Beware of access to your account using the system administrator (try using another account has less permissions.
2. Always use strong passwords.
3. Update the operating system continuously through the company’s official site.
4. Be wary of updates which was sent via e-mail which allegedly sent from the official company.
5. Use anti-virus software and updated them periodically.
6. Make sure of the Security settings in the Internet Browser

1. Update internet browser which you have constantly.
2. Block pop-ups.
3. Be Make sure of the Security settings in the Internet Browser.
4. Always read the terms and instructions of use when downloading any file via the Internet.

1. Do not outbreaks your password, for whatever reason.
2. Do not write the password on papers.
3. Understand that you are the only one who in charge of your password.
4. Do not use passwords that are difficult to remember.
5. Do not use the same password for all your accounts.
6. Do not send passwords via e-mail or chat rooms.

1. Do not use passwords that are easy to guess (such as your name, father’s name, …., etc.).
2. Do not use words in the dictionary.
3. Use a combination of letters, numbers and symbols.
4. Notice that the indiscriminate increase in choosing passwords makes it stronger.
5. Use long passwords (more than 10 characters).
6. sensed that passwords can be broken sooner or later, especially if they are weak.
7. Change your password periodically.

1) Password-protect your Smartphone:
Protecting your Smartphone with a strong password or pattern is one of the simplest ways to strengthen the access security of your Smartphone, but many people do not use it. Do not forget to set it to block automatically after 2-5 minutes of inactivity.
2) Install security solutions:
There are many free and paid security solutions available for Smartphones nowadays: Antimalware, AntiSpam, and Firewall. Don’t forget to update their databases regularly.
3) Download applications only from trusted and reliable sources:
Official App Stores monitor and verify the security of submitted applications before publishing them. Never install an application from an unknown App Store.
4) Check your apps permissions and rights:
Many applications ask for more permissions than needed. Be careful with those requirements, for example, a simple clock application that requires access to your contacts, GPS or internet access, does it really need it?
5) Keep the operating system up to date:
It is very important to perform regular updates of the O.S on your device, they contain last security patches.
6) Beware of links in emails or SMS:
Never open links included in emails or SMS from unknown sources, they could redirect you to phishing websites requesting for personal information or infect your device with malware.
7) Back up your information:
Don’t forget to back up your information frequently, like your contacts, photos, videos, audios, etc.., you may lose everything in the event of loss, theft or malware infection.
8) Encrypt your confidential information:
In our day, many people store sensitive information in the Smartphone memory, both personal and business. Encrypting it prevents any malicious person to access your information in case of theft, loss or malware infection.
9) Beware of Shoulder Surfing:
Be careful when you are entering sensitive information on your smartphone, such banking credentials, because you could be spied by people around you.
10) Avoid jailbraking or rooting of the device:
Even if jailbraking or rooting your smartphone allows you to get the full access of your smartphone OS it also opens a security hole, letting the malware get full access to the stored information without asking the user authorization.

1.Do not open any image or file during the chat were not sure of the identity of the sender or the link.
2. Do not send sensitive or private information via chat rooms.
3. Do not use pseudonyms that reveal your character like your country or your city or your family.
4. Try to hide your online status as much as possible, so that let the connection status “offline” most times.
5. Do not use auto-login feature, especially if you are using a public machine.
6. Always make sure you use the latest version of the chat program.

1. Beware of the use of modems with unknown brand type; always use the well-known reputable devices.
2. Change the default values that come with the modem device such as a password.
3. Change your name so that the modem does not indicate the name on your identity or your place.
4. Do encryption and property through the use of protocol (WPA2) and others.
5. Update drivers for the modem connected through periodic visits to the official site.
6. Stop “remote control” property to your modem.
7. Choose a suitable place for the modem so that it does benefit only authorized persons.

E-mail, (phishing) and social engineering

If you received an email asking you to click on a link or to send personal information via e-mail, this is probably a deceptive attempt to obtain personal information. This type of attack called “phishing”.
Technical support staff do not ask for such information via e-mail. Please report such requests.

Use common sense: If the e-mail seems strange or different from the general pattern, it is probably a malicious attempt to gain access to your information and your accounts.

– Do not click on the links that you receive in e-mail messages unless you are absolutely sure it is safe.

– Do not respond to e-mails or phone calls that ask for personal or confidential information before checking the sender’s identity and the purpose of this require.

– Do not send confidential information about the work via e-mail without proper permission.

– Do not send confidential information to personal e-mail accounts such as Gmail or Yahoo!

 

The safety of social networking

Social networks reveal your personal information if you are not careful, can reveal your private information.

– Golden Rule No. 1: If you do not want the world to see, do not post it!

– Golden Rule No. 2: Do not allow others to break the first rule for you. Do not share what you do not want the world to see!

– If you are in high level job, you are a prime target for attackers. Follow the rules # 1 and #2 in all eagerness and attention.

– Do not use a same password for your bank accounts and your work, personal accounts.

– Think before you publish! There is no guarantee of privacy on the Internet.

– Control privacy settings on your social network profile.

– Be careful of new friends requests, are they really who claim to be?

 

Suspect in everything you receive or asked to do, for example:

– Do not click on links posted on social network pages.

– Be careful when installing applications from untrusted websites.

 

Contact us

– If you are not sure if you have anti-malware software on your work computer and it is working properly

– If you think that sensitive information had been leaked

– If you are not sure that the received message is safety or not

– If you think there is a violation of the privacy of your computer or hacked

– If you receive a good message from any person at the university asks for personal information, including your accounts and passwords…

Welcome to the first newsletter of information security! Our goal is to inform you about the appropriate ways to address information in all forms electronic, etc. You’re a target Your personal information and your computer are valuable preys to criminals who working online and other curious people. Statistics show that humans are the weakest link in information security. So, cybercriminals will try to set you up take actions that would open doors for them. They target you to: -Access your financial or other sensitive information. -Use your computer to attack other computer systems. -Steal your identity. -Damage to your reputation -Gain a competitive advantage (by stealing researches). Technology alone is not enough to secure the information. You might have sensitive information lying on your desk or are discussed in the next room. Keep in mind that information leaks often starts from within and not from attackers on the Internet. Follow these simple guidelines, intuitive, and you will help us to keep all our information safe. Intuitive and simple principles: -Do not disclose any personal or confidential information unless absolutely necessary, to the appropriate party. -Do not leave sensitive information lying around in your workplace. -Do not install unauthorized applications or unlicensed. -Lock or shutdown device your computer always before leaving. -Always make sure that your anti-malware software installed. -Always check before allowing access to a work area where sensitive information is processed. Passwords: keys to the Kingdom Make the password as a needle in the haystack is difficult for hackers to find them. Follow these guidelines when selecting and using your passwords: -Do not use passwords that are easy to guess. -Use difficult passwords but easy to remember. Difficult passwords should contain upper and lower case letters, numbers and other symbols. -Do not share your password with anyone, even Admin or best friend. -Do not use the same password for work and personal accounts. -Do not write your password and leave them where others can find them. -Do not use a public computer to sign in to sites with sensitive information (such as the Bank).

Attack of Clones: Fake AV Invading Mobile App Stores

Clones

Fake antivirus programs are increasingly appearing in mobile app stores. Kaspersky Lab recently found two such programs imitating the company’s products in two different official app stores for mobile devices.

 

Attack of the Clones

Fake apps that claim to protect mobile devices

The first fake app was discovered in Windows Phone Store. This in itself was unusual because scammers tend to target users of Android – via Google Play – due to the platform’s popularity. The app in question went by the name of Kaspersky Mobile. The fact there is no such program in Kaspersky Lab’s product line suggests the fraudsters didn’t expect anyone to notice the discrepancy. Another interesting feature of this particular app was the fact users had to pay for it. This meant its creators immediately started making money without having to devise additional scams such as demanding payments to remove “malware” that had supposedly been detected on users’ devices.

 

The second fake app imitating the Kaspersky Lab brand was for sale on Google Play and was called Kaspersky Anti-Virus 2014. Again, there is no Kaspersky Lab product for mobile devices by that name. The screenshot used on the page of the fake app was simply copied from the official Kaspersky Internet Security for Android page. Unlike the app for sale in Windows Phone Store, the creators of this fake app didn’t even bother to add a simulation of a scanner – the functionality was limited to a random series of statements appearing on top of an “official” logo.

 

“The story of paid fake AV for mobiles started with the appearance of Virus Shield in the Google Play store. Now we are seeing how one successful scam spawns numerous clones. Scammers who want to make a quick buck from inattentive users are selling dozens of fake apps, copying the design, but not the functionality of the original,” commented Roman Unuchek, Senior Malware Analyst at Kaspersky Lab.“It is quite possible that more and more of these fake apps will start appearing. However, one thing for sure is that the security mechanisms put in place by the official stores cannot cope with these kinds of scams.”

  1. Beware of logging into your device using the administrator’s account (try using another account with permissions) powers.
  2. Always use strong passwords.
  3. Update the operating system frequently through the company's main site.
  4. Be aware of the updates sent via email, which allegedly sent from the parent company.
  5. Use anti-virus software and update them periodically.
  6. Make sure to adjust the security settings for the Internet browser.