https://learn.equalit.ie/mw/api.php?action=feedcontributions&user=Ben&feedformat=atomlearn.equalit.ie - User contributions [en]2024-03-28T12:48:21ZUser contributionsMediaWiki 1.23.1https://learn.equalit.ie/wiki/How_does_the_Internet_actually_work%3FHow does the Internet actually work?2014-06-02T22:54:34Z<p>Ben: /* Internet Routing */</p>
<hr />
<div><br />
=Connect=<br />
<br />
==Internet Routing==<br />
<br><br />
<br />
'Going online' requires connecting your computer to the national Internet infrastructure. The process begins by establishing a link to your Internet Service Provider (ISP) whether through a telephone line, cable or wireless connection. The ISP connects you to the national infrastructure which is regulated and in some countries governed by the ministry of telecommunications. Using one (or one of several) Internet exchange points in your country, the connection is routed to the global Internet. <br />
<br />
<br />
[[File:InternetConnectionsshort.jpg|InternetConnections]]<br />
<br />
<br />
Whether you are accessing the Internet from your home computer or from a mobile phone on a moving train, the principle remains the same: your device connects to the local ISP > connects to the national provider > connects to the Internet exchange (backbone). Should you be visiting a website or sending an email to a server located in a different country (quite likely) then this progression through the network hierarchy is repeated on the other end side of the communications channel too.<br />
<br />
<br />
[[File:InternetConnections.jpg|900px|InternetConnections]]<br />
<br />
<br />
Notice that in the last example, your connection routes through at least two national (legal) jurisdictions.<br />
<br />
<br />
'''Exercise:''' Use a Geo-IP traceroute tool (http://traceroute.monitis.com/ ) to view how your connection is routed to a particular website.<br />
<br />
'' '''Note:''' The Internet is a packet-switching network. This means that your email, for example, is broken down into small individual packets which are then sent independently of each other along the many possible routes on the network that connect you to your friend's computer. These packets are then reassembled at the receiver's end to re-create your email. Important! You do not control how data travels through the Internet once you hit the send button. ''<br />
<br />
=Locate=<br />
<br />
Now that you're connected, let's discuss what happens when you request to open a particular website and how this site then delivers back to your computer. Numerous protocols and technical standards govern how the Internet and all of its users locate and communicate with each other. The most important of which we will discuss has to do with Internet addressing. Because everyone on the Internet adheres to these, you are able to open webiste.com and send an email from your computer to a friend's mobile phone in another country.<br />
<br />
==Internet Protocol (IP) Address==<br />
<br />
Internet routing is possible because every computer is uniquely identified on the network by what is known as an IP address. These addresses look like 83.169.39.231 and are the building blocks of Internet addressing. Whenever you want to open a website from your computer, the Internet needs to know your IP address and the IP address of the server the website is hosted on, to make the connection. Important! Your IP address is assigned to you by your local ISP or if you are using mobile Internet, by your telecommunications provider. In most countries ISPs are obligated by law to collect and store traffic data (which IP requested a connection to which IP and when) . This is used primarily for identifying user activity on the Internet at a later date and is the main tool in the hands of Internet police.<br />
<br />
'''Note:''' in an office or Internet cafe scenario, only one computer is connected to the Internet and all other computers connect through it. Only the Internet facing computer (modem) is assigned an external IP address, whilst the others are assigned an internal IP address. Browsing history made from a computer in an Internet café can be traced back by the ISP to the café, not to the individual's computer.<br />
<br />
'''Exercise: Find your current IP on the Internet'''<br />
<br />
#View your computer's IP by visiting http://hostip.info You can also view the IP addresses associated with your favourite websites through this system. <br />
#Next, go to http://whois.net/ to find out who that particular IP address is registered to.<br />
<br />
==Domain Name System==<br />
<br />
Even though all computers connected to the Internet are assigned an IP address, we usually do not know these addresses nor do we use them when opening a website. Numbers are quite difficult to remember (how many phone numbers do you know by heart?) and for this reason we assign names as addresses for our websites (also known as a Universal Resource Locator – URL). These names and their associated IP addresses are recorded in the Domain Name System (DNS). This is akin to the Internet's telephone directory and is another critical component of Internet routing and operations. DNS is hierarchical, meaning that your computer can have its list of URLs and corresponding IPs, your ISP will have a list, the national provider will have a list and so on, right up to the root DNS servers (of which there are 13). Should your computer not have an entry for www.livejournal.com it will ask the next list up in line – the ISP's and so on. Whether browsing websites or sending email, DNS always plays a part. Below is a diagram describing how DNS is utilized when you search for the LiveJournal website. <br />
<br />
<br />
[[File:DSNDiag.jpg|DSNDiag]]<br />
<br />
<br />
* Not knowing the LiveJournal address, you open Google naturally. Your computer doesn't know where www.google.com is and so asks the DNS server for Google's IP.<br />
* Using Google's IP you locate the search engine and punch in 'LiveJournal'. The search returns www.livejournal.com which you promptly click.<br />
* Once again, your computer has no idea where to locate www.livejournal.com and returns to the DNS server to get its IP.<br />
* Finally, using the correct IP you can access LiveJournal's website.<br />
<br />
<br />
'''Media:''' A brief explanation how websites are located using the DNS.<br />
<br />
{{#ev:youtube|oN7ripK5uGM}}<br />
<br />
<br />
Another video that discusses the regulative and technical framework behind DNS and why this is important.<br />
<br />
{{#ev:youtube|72snZctFFtA}}<br />
<br />
<br />
<br />
'''Exercise: Change your computer's DNS settings''' (Here is a walkthrough regarding changing DNS settings in Windows 7)<br />
<br />
#Use the http://hostip.info tool to find out the IP addresses of your favourite websites.<br />
#Open the Control Panel and locate your Network Connection settings (LAN or Wireless). <br />
#Manually set the DNS servers to OpenDNS addresses:<br />
<br />
<br />
208.67.222.222<br />
208.67.220.220<br />
<br />
<br />
or use two of the root DNS servers http://en.wikipedia.org/wiki/Root_name_server ).<br />
<br />
=Interact=<br />
<br />
The last part of the Internet's infrastructure concerns the applications we use to send and receive content on the Internet. These include your browser, email program, chat client and every other software on your computer that utilizes or help you interact on the Internet. Every application has its particular language and protocols and these often affect how information is transmitted between two computers on the Internet. This usually involves a type of technical language (protocol) by which it communicates or the channel (port) it selects for communication. For example, some applications send data in a clear-text format and every computer/router that stands in-between the communicating parties can access and understand the transmitted information. Other applications take special care to ensure privacy for the communicating parties. For example, when you connect to http://google.com your browser is using the 'http' protocol on port 80. However when the website's address is preceded by the letters 'https' (https://mail.google.com) your browser begins to use the Secure Sockets Layer (SSL) protocol on port 443. The majority of this course is explaining and exploring the different ways that applications interact on the Internet, directly impacting upon your privacy, anonymity and authentication of the transmitted message.<br />
<br />
'''Media:''' Here's a video tutorial from some kid in his bedroom, pulling all the topics that we have discussed above, together.<br />
<br />
{{#ev:youtube|ZGRjUhBj5gg}}</div>Benhttps://learn.equalit.ie/wiki/How_does_the_Internet_actually_work%3FHow does the Internet actually work?2014-06-02T22:54:23Z<p>Ben: /* Internet Routing */</p>
<hr />
<div><br />
=Connect=<br />
<br />
==Internet Routing==<br />
<br><br />
<br />
'Going online' requires connecting your computer to the national Internet infrastructure. The process begins by establishing a link to your Internet Service Provider (ISP) whether through a telephone line, cable or wireless connection. The ISP connects you to the national infrastructure which is regulated and in some countries governed by the ministry of telecommunications. Using one (or one of several) Internet exchange points in your country, the connection is routed to the global Internet. <br />
<br />
<br />
[[File:InternetConnectionsshort.jpg|InternetConnections]]<br />
<br />
<br />
Whether you are accessing the Internet from your home computer or from a mobile phone on a moving train, the principle remains the same: your device connects to the local ISP > connects to the national provider > connects to the Internet exchange (backbone). Should you be visiting a website or sending an email to a server located in a different country (quite likely) then this progression through the network hierarchy is repeated on the other end side of the communications channel too.<br />
<br />
<br />
[[File:InternetConnections.jpg|1200px|InternetConnections]]<br />
<br />
<br />
Notice that in the last example, your connection routes through at least two national (legal) jurisdictions.<br />
<br />
<br />
'''Exercise:''' Use a Geo-IP traceroute tool (http://traceroute.monitis.com/ ) to view how your connection is routed to a particular website.<br />
<br />
'' '''Note:''' The Internet is a packet-switching network. This means that your email, for example, is broken down into small individual packets which are then sent independently of each other along the many possible routes on the network that connect you to your friend's computer. These packets are then reassembled at the receiver's end to re-create your email. Important! You do not control how data travels through the Internet once you hit the send button. ''<br />
<br />
=Locate=<br />
<br />
Now that you're connected, let's discuss what happens when you request to open a particular website and how this site then delivers back to your computer. Numerous protocols and technical standards govern how the Internet and all of its users locate and communicate with each other. The most important of which we will discuss has to do with Internet addressing. Because everyone on the Internet adheres to these, you are able to open webiste.com and send an email from your computer to a friend's mobile phone in another country.<br />
<br />
==Internet Protocol (IP) Address==<br />
<br />
Internet routing is possible because every computer is uniquely identified on the network by what is known as an IP address. These addresses look like 83.169.39.231 and are the building blocks of Internet addressing. Whenever you want to open a website from your computer, the Internet needs to know your IP address and the IP address of the server the website is hosted on, to make the connection. Important! Your IP address is assigned to you by your local ISP or if you are using mobile Internet, by your telecommunications provider. In most countries ISPs are obligated by law to collect and store traffic data (which IP requested a connection to which IP and when) . This is used primarily for identifying user activity on the Internet at a later date and is the main tool in the hands of Internet police.<br />
<br />
'''Note:''' in an office or Internet cafe scenario, only one computer is connected to the Internet and all other computers connect through it. Only the Internet facing computer (modem) is assigned an external IP address, whilst the others are assigned an internal IP address. Browsing history made from a computer in an Internet café can be traced back by the ISP to the café, not to the individual's computer.<br />
<br />
'''Exercise: Find your current IP on the Internet'''<br />
<br />
#View your computer's IP by visiting http://hostip.info You can also view the IP addresses associated with your favourite websites through this system. <br />
#Next, go to http://whois.net/ to find out who that particular IP address is registered to.<br />
<br />
==Domain Name System==<br />
<br />
Even though all computers connected to the Internet are assigned an IP address, we usually do not know these addresses nor do we use them when opening a website. Numbers are quite difficult to remember (how many phone numbers do you know by heart?) and for this reason we assign names as addresses for our websites (also known as a Universal Resource Locator – URL). These names and their associated IP addresses are recorded in the Domain Name System (DNS). This is akin to the Internet's telephone directory and is another critical component of Internet routing and operations. DNS is hierarchical, meaning that your computer can have its list of URLs and corresponding IPs, your ISP will have a list, the national provider will have a list and so on, right up to the root DNS servers (of which there are 13). Should your computer not have an entry for www.livejournal.com it will ask the next list up in line – the ISP's and so on. Whether browsing websites or sending email, DNS always plays a part. Below is a diagram describing how DNS is utilized when you search for the LiveJournal website. <br />
<br />
<br />
[[File:DSNDiag.jpg|DSNDiag]]<br />
<br />
<br />
* Not knowing the LiveJournal address, you open Google naturally. Your computer doesn't know where www.google.com is and so asks the DNS server for Google's IP.<br />
* Using Google's IP you locate the search engine and punch in 'LiveJournal'. The search returns www.livejournal.com which you promptly click.<br />
* Once again, your computer has no idea where to locate www.livejournal.com and returns to the DNS server to get its IP.<br />
* Finally, using the correct IP you can access LiveJournal's website.<br />
<br />
<br />
'''Media:''' A brief explanation how websites are located using the DNS.<br />
<br />
{{#ev:youtube|oN7ripK5uGM}}<br />
<br />
<br />
Another video that discusses the regulative and technical framework behind DNS and why this is important.<br />
<br />
{{#ev:youtube|72snZctFFtA}}<br />
<br />
<br />
<br />
'''Exercise: Change your computer's DNS settings''' (Here is a walkthrough regarding changing DNS settings in Windows 7)<br />
<br />
#Use the http://hostip.info tool to find out the IP addresses of your favourite websites.<br />
#Open the Control Panel and locate your Network Connection settings (LAN or Wireless). <br />
#Manually set the DNS servers to OpenDNS addresses:<br />
<br />
<br />
208.67.222.222<br />
208.67.220.220<br />
<br />
<br />
or use two of the root DNS servers http://en.wikipedia.org/wiki/Root_name_server ).<br />
<br />
=Interact=<br />
<br />
The last part of the Internet's infrastructure concerns the applications we use to send and receive content on the Internet. These include your browser, email program, chat client and every other software on your computer that utilizes or help you interact on the Internet. Every application has its particular language and protocols and these often affect how information is transmitted between two computers on the Internet. This usually involves a type of technical language (protocol) by which it communicates or the channel (port) it selects for communication. For example, some applications send data in a clear-text format and every computer/router that stands in-between the communicating parties can access and understand the transmitted information. Other applications take special care to ensure privacy for the communicating parties. For example, when you connect to http://google.com your browser is using the 'http' protocol on port 80. However when the website's address is preceded by the letters 'https' (https://mail.google.com) your browser begins to use the Secure Sockets Layer (SSL) protocol on port 443. The majority of this course is explaining and exploring the different ways that applications interact on the Internet, directly impacting upon your privacy, anonymity and authentication of the transmitted message.<br />
<br />
'''Media:''' Here's a video tutorial from some kid in his bedroom, pulling all the topics that we have discussed above, together.<br />
<br />
{{#ev:youtube|ZGRjUhBj5gg}}</div>Benhttps://learn.equalit.ie/wiki/How_does_the_Internet_actually_work%3FHow does the Internet actually work?2014-06-02T22:54:08Z<p>Ben: /* Internet Routing */</p>
<hr />
<div><br />
=Connect=<br />
<br />
==Internet Routing==<br />
<br><br />
<br />
'Going online' requires connecting your computer to the national Internet infrastructure. The process begins by establishing a link to your Internet Service Provider (ISP) whether through a telephone line, cable or wireless connection. The ISP connects you to the national infrastructure which is regulated and in some countries governed by the ministry of telecommunications. Using one (or one of several) Internet exchange points in your country, the connection is routed to the global Internet. <br />
<br />
<br />
[[File:InternetConnectionsshort.jpg|InternetConnections]]<br />
<br />
<br />
Whether you are accessing the Internet from your home computer or from a mobile phone on a moving train, the principle remains the same: your device connects to the local ISP > connects to the national provider > connects to the Internet exchange (backbone). Should you be visiting a website or sending an email to a server located in a different country (quite likely) then this progression through the network hierarchy is repeated on the other end side of the communications channel too.<br />
<br />
<br />
[[File:InternetConnections.jpg|800px|InternetConnections]]<br />
<br />
<br />
Notice that in the last example, your connection routes through at least two national (legal) jurisdictions.<br />
<br />
<br />
'''Exercise:''' Use a Geo-IP traceroute tool (http://traceroute.monitis.com/ ) to view how your connection is routed to a particular website.<br />
<br />
'' '''Note:''' The Internet is a packet-switching network. This means that your email, for example, is broken down into small individual packets which are then sent independently of each other along the many possible routes on the network that connect you to your friend's computer. These packets are then reassembled at the receiver's end to re-create your email. Important! You do not control how data travels through the Internet once you hit the send button. ''<br />
<br />
=Locate=<br />
<br />
Now that you're connected, let's discuss what happens when you request to open a particular website and how this site then delivers back to your computer. Numerous protocols and technical standards govern how the Internet and all of its users locate and communicate with each other. The most important of which we will discuss has to do with Internet addressing. Because everyone on the Internet adheres to these, you are able to open webiste.com and send an email from your computer to a friend's mobile phone in another country.<br />
<br />
==Internet Protocol (IP) Address==<br />
<br />
Internet routing is possible because every computer is uniquely identified on the network by what is known as an IP address. These addresses look like 83.169.39.231 and are the building blocks of Internet addressing. Whenever you want to open a website from your computer, the Internet needs to know your IP address and the IP address of the server the website is hosted on, to make the connection. Important! Your IP address is assigned to you by your local ISP or if you are using mobile Internet, by your telecommunications provider. In most countries ISPs are obligated by law to collect and store traffic data (which IP requested a connection to which IP and when) . This is used primarily for identifying user activity on the Internet at a later date and is the main tool in the hands of Internet police.<br />
<br />
'''Note:''' in an office or Internet cafe scenario, only one computer is connected to the Internet and all other computers connect through it. Only the Internet facing computer (modem) is assigned an external IP address, whilst the others are assigned an internal IP address. Browsing history made from a computer in an Internet café can be traced back by the ISP to the café, not to the individual's computer.<br />
<br />
'''Exercise: Find your current IP on the Internet'''<br />
<br />
#View your computer's IP by visiting http://hostip.info You can also view the IP addresses associated with your favourite websites through this system. <br />
#Next, go to http://whois.net/ to find out who that particular IP address is registered to.<br />
<br />
==Domain Name System==<br />
<br />
Even though all computers connected to the Internet are assigned an IP address, we usually do not know these addresses nor do we use them when opening a website. Numbers are quite difficult to remember (how many phone numbers do you know by heart?) and for this reason we assign names as addresses for our websites (also known as a Universal Resource Locator – URL). These names and their associated IP addresses are recorded in the Domain Name System (DNS). This is akin to the Internet's telephone directory and is another critical component of Internet routing and operations. DNS is hierarchical, meaning that your computer can have its list of URLs and corresponding IPs, your ISP will have a list, the national provider will have a list and so on, right up to the root DNS servers (of which there are 13). Should your computer not have an entry for www.livejournal.com it will ask the next list up in line – the ISP's and so on. Whether browsing websites or sending email, DNS always plays a part. Below is a diagram describing how DNS is utilized when you search for the LiveJournal website. <br />
<br />
<br />
[[File:DSNDiag.jpg|DSNDiag]]<br />
<br />
<br />
* Not knowing the LiveJournal address, you open Google naturally. Your computer doesn't know where www.google.com is and so asks the DNS server for Google's IP.<br />
* Using Google's IP you locate the search engine and punch in 'LiveJournal'. The search returns www.livejournal.com which you promptly click.<br />
* Once again, your computer has no idea where to locate www.livejournal.com and returns to the DNS server to get its IP.<br />
* Finally, using the correct IP you can access LiveJournal's website.<br />
<br />
<br />
'''Media:''' A brief explanation how websites are located using the DNS.<br />
<br />
{{#ev:youtube|oN7ripK5uGM}}<br />
<br />
<br />
Another video that discusses the regulative and technical framework behind DNS and why this is important.<br />
<br />
{{#ev:youtube|72snZctFFtA}}<br />
<br />
<br />
<br />
'''Exercise: Change your computer's DNS settings''' (Here is a walkthrough regarding changing DNS settings in Windows 7)<br />
<br />
#Use the http://hostip.info tool to find out the IP addresses of your favourite websites.<br />
#Open the Control Panel and locate your Network Connection settings (LAN or Wireless). <br />
#Manually set the DNS servers to OpenDNS addresses:<br />
<br />
<br />
208.67.222.222<br />
208.67.220.220<br />
<br />
<br />
or use two of the root DNS servers http://en.wikipedia.org/wiki/Root_name_server ).<br />
<br />
=Interact=<br />
<br />
The last part of the Internet's infrastructure concerns the applications we use to send and receive content on the Internet. These include your browser, email program, chat client and every other software on your computer that utilizes or help you interact on the Internet. Every application has its particular language and protocols and these often affect how information is transmitted between two computers on the Internet. This usually involves a type of technical language (protocol) by which it communicates or the channel (port) it selects for communication. For example, some applications send data in a clear-text format and every computer/router that stands in-between the communicating parties can access and understand the transmitted information. Other applications take special care to ensure privacy for the communicating parties. For example, when you connect to http://google.com your browser is using the 'http' protocol on port 80. However when the website's address is preceded by the letters 'https' (https://mail.google.com) your browser begins to use the Secure Sockets Layer (SSL) protocol on port 443. The majority of this course is explaining and exploring the different ways that applications interact on the Internet, directly impacting upon your privacy, anonymity and authentication of the transmitted message.<br />
<br />
'''Media:''' Here's a video tutorial from some kid in his bedroom, pulling all the topics that we have discussed above, together.<br />
<br />
{{#ev:youtube|ZGRjUhBj5gg}}</div>Benhttps://learn.equalit.ie/wiki/How_does_the_Internet_actually_work%3FHow does the Internet actually work?2014-06-02T22:53:54Z<p>Ben: /* Internet Routing */</p>
<hr />
<div><br />
=Connect=<br />
<br />
==Internet Routing==<br />
<br><br />
<br />
'Going online' requires connecting your computer to the national Internet infrastructure. The process begins by establishing a link to your Internet Service Provider (ISP) whether through a telephone line, cable or wireless connection. The ISP connects you to the national infrastructure which is regulated and in some countries governed by the ministry of telecommunications. Using one (or one of several) Internet exchange points in your country, the connection is routed to the global Internet. <br />
<br />
<br />
[[File:InternetConnectionsshort.jpg|InternetConnections]]<br />
<br />
<br />
Whether you are accessing the Internet from your home computer or from a mobile phone on a moving train, the principle remains the same: your device connects to the local ISP > connects to the national provider > connects to the Internet exchange (backbone). Should you be visiting a website or sending an email to a server located in a different country (quite likely) then this progression through the network hierarchy is repeated on the other end side of the communications channel too.<br />
<br />
<br />
[[File:InternetConnections.jpg|200px|InternetConnections]]<br />
<br />
<br />
Notice that in the last example, your connection routes through at least two national (legal) jurisdictions.<br />
<br />
<br />
'''Exercise:''' Use a Geo-IP traceroute tool (http://traceroute.monitis.com/ ) to view how your connection is routed to a particular website.<br />
<br />
'' '''Note:''' The Internet is a packet-switching network. This means that your email, for example, is broken down into small individual packets which are then sent independently of each other along the many possible routes on the network that connect you to your friend's computer. These packets are then reassembled at the receiver's end to re-create your email. Important! You do not control how data travels through the Internet once you hit the send button. ''<br />
<br />
=Locate=<br />
<br />
Now that you're connected, let's discuss what happens when you request to open a particular website and how this site then delivers back to your computer. Numerous protocols and technical standards govern how the Internet and all of its users locate and communicate with each other. The most important of which we will discuss has to do with Internet addressing. Because everyone on the Internet adheres to these, you are able to open webiste.com and send an email from your computer to a friend's mobile phone in another country.<br />
<br />
==Internet Protocol (IP) Address==<br />
<br />
Internet routing is possible because every computer is uniquely identified on the network by what is known as an IP address. These addresses look like 83.169.39.231 and are the building blocks of Internet addressing. Whenever you want to open a website from your computer, the Internet needs to know your IP address and the IP address of the server the website is hosted on, to make the connection. Important! Your IP address is assigned to you by your local ISP or if you are using mobile Internet, by your telecommunications provider. In most countries ISPs are obligated by law to collect and store traffic data (which IP requested a connection to which IP and when) . This is used primarily for identifying user activity on the Internet at a later date and is the main tool in the hands of Internet police.<br />
<br />
'''Note:''' in an office or Internet cafe scenario, only one computer is connected to the Internet and all other computers connect through it. Only the Internet facing computer (modem) is assigned an external IP address, whilst the others are assigned an internal IP address. Browsing history made from a computer in an Internet café can be traced back by the ISP to the café, not to the individual's computer.<br />
<br />
'''Exercise: Find your current IP on the Internet'''<br />
<br />
#View your computer's IP by visiting http://hostip.info You can also view the IP addresses associated with your favourite websites through this system. <br />
#Next, go to http://whois.net/ to find out who that particular IP address is registered to.<br />
<br />
==Domain Name System==<br />
<br />
Even though all computers connected to the Internet are assigned an IP address, we usually do not know these addresses nor do we use them when opening a website. Numbers are quite difficult to remember (how many phone numbers do you know by heart?) and for this reason we assign names as addresses for our websites (also known as a Universal Resource Locator – URL). These names and their associated IP addresses are recorded in the Domain Name System (DNS). This is akin to the Internet's telephone directory and is another critical component of Internet routing and operations. DNS is hierarchical, meaning that your computer can have its list of URLs and corresponding IPs, your ISP will have a list, the national provider will have a list and so on, right up to the root DNS servers (of which there are 13). Should your computer not have an entry for www.livejournal.com it will ask the next list up in line – the ISP's and so on. Whether browsing websites or sending email, DNS always plays a part. Below is a diagram describing how DNS is utilized when you search for the LiveJournal website. <br />
<br />
<br />
[[File:DSNDiag.jpg|DSNDiag]]<br />
<br />
<br />
* Not knowing the LiveJournal address, you open Google naturally. Your computer doesn't know where www.google.com is and so asks the DNS server for Google's IP.<br />
* Using Google's IP you locate the search engine and punch in 'LiveJournal'. The search returns www.livejournal.com which you promptly click.<br />
* Once again, your computer has no idea where to locate www.livejournal.com and returns to the DNS server to get its IP.<br />
* Finally, using the correct IP you can access LiveJournal's website.<br />
<br />
<br />
'''Media:''' A brief explanation how websites are located using the DNS.<br />
<br />
{{#ev:youtube|oN7ripK5uGM}}<br />
<br />
<br />
Another video that discusses the regulative and technical framework behind DNS and why this is important.<br />
<br />
{{#ev:youtube|72snZctFFtA}}<br />
<br />
<br />
<br />
'''Exercise: Change your computer's DNS settings''' (Here is a walkthrough regarding changing DNS settings in Windows 7)<br />
<br />
#Use the http://hostip.info tool to find out the IP addresses of your favourite websites.<br />
#Open the Control Panel and locate your Network Connection settings (LAN or Wireless). <br />
#Manually set the DNS servers to OpenDNS addresses:<br />
<br />
<br />
208.67.222.222<br />
208.67.220.220<br />
<br />
<br />
or use two of the root DNS servers http://en.wikipedia.org/wiki/Root_name_server ).<br />
<br />
=Interact=<br />
<br />
The last part of the Internet's infrastructure concerns the applications we use to send and receive content on the Internet. These include your browser, email program, chat client and every other software on your computer that utilizes or help you interact on the Internet. Every application has its particular language and protocols and these often affect how information is transmitted between two computers on the Internet. This usually involves a type of technical language (protocol) by which it communicates or the channel (port) it selects for communication. For example, some applications send data in a clear-text format and every computer/router that stands in-between the communicating parties can access and understand the transmitted information. Other applications take special care to ensure privacy for the communicating parties. For example, when you connect to http://google.com your browser is using the 'http' protocol on port 80. However when the website's address is preceded by the letters 'https' (https://mail.google.com) your browser begins to use the Secure Sockets Layer (SSL) protocol on port 443. The majority of this course is explaining and exploring the different ways that applications interact on the Internet, directly impacting upon your privacy, anonymity and authentication of the transmitted message.<br />
<br />
'''Media:''' Here's a video tutorial from some kid in his bedroom, pulling all the topics that we have discussed above, together.<br />
<br />
{{#ev:youtube|ZGRjUhBj5gg}}</div>Benhttps://learn.equalit.ie/wiki/Lesson_2_Further_ReadingLesson 2 Further Reading2014-05-28T22:37:31Z<p>Ben: </p>
<hr />
<div><br />
http://flossmanuals.net/basic-internet-security/<br />
<br />
[https://securityinabox.org/en/chapter-7 How to keep your Internet communications private] <br />
<br />
'''Public Key Encryption'''<br />
<br />
Read through a couple of interesting guides on how you can set-up public key data encryption for your email communications.<br />
<br />
https://flossmanuals.net/basic-internet-security/ch027_mail-encryption-gpg<br />
<br />
http://equalit.ie/esecman/chapter2_4.html#2_4b<br />
<br />
https://securityinabox.org/en/thuderbird_encryption<br />
<br />
https://www.vaultletsoft.com<br />
<br />
https://www.enlocked.com</div>Benhttps://learn.equalit.ie/wiki/Online_LearningOnline Learning2014-05-28T22:11:53Z<p>Ben: /* Lesson 6 – Seven steps to better passwords */</p>
<hr />
<div>'''This work was done in collaboration and the support of [http://www.tol.org/ Transitions Online]<br />
<br />
==Introduction==<br />
<br />
Computers and the Internet are all about information gathering, storage and exchange. Hence, the topic of security in the digital realm relates to the security of information and its communication. The Internet, in theory, provides everyone with an equal opportunity to access and disseminate information. Yet, as time has shown, this is not always the case. Governments and corporations realize the importance and value of controlling information flows, and of being able to decide when to restrict them. The security of information is further complicated by malicious individuals creating computer viruses and hacking into computer systems, often with no other motive than causing damage.<br />
<br />
Confusion and complexity is heightened by the abundance of software, hardware and electronic devices built to interact with an increasingly sophisticated and complicated network. Users have to immerse themselves in concepts and technology that seem to be far removed from the real world. The security of your information, online identity and the privacy of your communications falls first and foremost upon your shoulders and requires comprehension of how the Internet and your computer actually work.<br />
<br />
The Internet has profoundly changed social interaction and the dissemination of ideas and knowledge. Publication is no longer restricted by geographic or financial boundaries, and any citizen could become a journalist and reach a global audience.<br />
<br />
This online training course has several objectives. It aims to educate and raise awareness to the technical aspects behind computer and Internet operations as a precursor to explaining inherent digital risks and vulnerabilities. Because it is virtually impossible to predict and describe in advance every security situation that one could encounter – the emphasis here is to provide enough background information and explanation of risks to make the user aware of the problem and able to make an educated and appropriate response. The other objective is to provide solutions to the most common security threats faced by journalists working in politically repressive countries, as well as links and references to software tools and manuals for further study and exploration of the subject. <br />
<br />
__NOTOC__<br />
<br />
==Lesson 1 - The Internet and its Pitfalls==<br />
<br />
* [[How does the Internet actually work?]]<br />
<br />
This chapter is a requirement to understanding other topics covered in Lesson 1 and throughout the Internet Security Course. <br />
<br />
* [[What is Internet surveillance?]]<br />
<br />
A distinction must be made between what we perceive as surveillance in the physical world – a person watching and shadowing your movements, and what occurs on the Internet. <br />
<br />
* [[Lesson 1 Exercises]]<br />
<br />
* [[Lesson 1 Further Reading]]<br />
<br />
==Lesson 2 – Privacy! On the Internet?==<br />
The Internet is a network of networks passing data through numerous intermediary computers and routers. Data typically travels the Internet in a readable (insecure) format. Your search query on Google or your Yahoo email message is accessible to your local Internet service provider as well as the body monitoring the national telecommunications infrastructure. By default, there is no privacy in Internet communications and many become victims of random and targeted network surveillance and traffic analysis. There are however, certain steps and measures you can take, some easier than others, to ensure a level of privacy in your Internet communications.<br />
<br />
* [[Encrypted connections]]<br />
The open - we can see everything that you send and receive - Internet could not become a powerful medium for business nor could it ensure a general users' expectation of privacy.<br />
* [[Instant Messaging and VoIP]]<br />
Instant messaging tools such as MSN Messenger and Yahoo Chat also use open channels for communicating your information. Everything you send or receive using these programs is liable to surveillance.<br />
* [[Using a VPN for Secure Internet Browsing]]<br />
<br />
* [[Lesson 2 Exercises]]<br />
<br />
* [[Lesson 2 Further Reading]]<br />
<br />
==Lesson 3 – Goodbye Censorship!==<br />
Many countries around the world have installed software and underlying infrastructure that prevents Internet users within those countries from accessing certain websites and Internet services. Companies, schools and public libraries often use similar software to protect their employees, students and patrons from material that they consider distracting or harmful. This kind of filtering technology comes in a number of different forms. Some filters block a site based on its IP address, while others blacklist certain domain names or keywords contained in web pages or your search queries. <br />
<br />
Regardless of what filtering methods are present, it is nearly always possible to evade them by relying on intermediary computers, outside your country, to reach blocked services for you. This process is often called censorship circumvention, or simply circumvention, and the intermediary computers are called proxies. Proxies, too, come in many different forms. Some Internet services such as RSS readers and online translators perform the function of a proxy without necessarily being created for circumvention. There are also especially dedicated proxy servers, virtual private networks multiple-proxy anonymity networks. It is difficult to say in advance which particular technique will work to bypass the censorship mechanisms in place in your country and it is worthwhile to be aware of several different methods. Each offers its own particular method for getting around restrictions, at the same time each method is vulnerable in its own way. This chapter describes the various ways to circumvent censorship and explains when these methods may or may not work. <br />
<br />
* [[Internet Censorship]]<br />
Censoring the channel of dissemination can take place at two different moments within an information cycle. Pre-publication – when the original message is prevented from being disseminated. This includes self-censorship, legislation and editorial or managerial interference with material to be published or made available to the public. Post-publication – when the audience is prevented from accessing an existing message or content communicated to them. Primarily this involves access to Internet websites and online services, and will be explained and discussed in this module.<br />
<br />
* [[Circumventing Censorship]]<br />
If you cannot go directly to a website because it is blocked by one of the methods discussed above, you will need to find a way around the obstruction. Many methods exist to circumvent the blocklists, which are only effective when a website is requested directly. If a third party is called to fetch a website for us, then these lists become irrelevant. For over a decade, netizens living in censored Internet environments have been using online translation and caching services to access a website indirectly. Others have relied on anonymisers, whose original intent was to conceal your identity from a website.<br />
* [[A Word On Anonymous Internet Publishing]]<br />
<br />
* [[Lesson 3 Exercises]]<br />
<br />
* [[Lesson 3 Further Reading]]<br />
<br />
==Lesson 4 - Digital information management==<br />
This section describes the technology and methods for managing your digital data. We will talk about preventing unauthorized access to your data, making sure that you do not lose important documents and we will discuss the correct procedures for destroying unwanted data as well as cleaning a computer of traces left behind from past working sessions. Secure data management should be on the top of your to-do list if you work with information that you do not want to lose or expose to an outside party. Once you have set-up the tools described in this chapter and assimilate the processes into your daily working routine, you will make a huge leap towards keeping your data private and secure. <br />
<br />
* [[Information storage]]<br />
Unauthorized access to the information on your computer or portable storage devices can be carried out remotely, if the 'intruder' is able to read or modify your data over the Internet; or physically, if he manages to get hold of your hardware or simply sit behind your computer. <br />
* [[Destroying data]]<br />
You may be concerned that your encrypted volume not only protects your data from unauthorized access but also indicates precisely where you store the information that you most wish to protect. In a tight situation you could be forced to reveal the volume password through intimidation, interrogation and possibly worse. <br />
* [[Destroying temporary files]]<br />
'''Fact:''' when you delete a file, even after you empty the Recycle bin, the contents of that file remain on your hard drive and can be recovered by anyone who has the right tools and a little luck. <br />
Aside from destroying unwanted data from your digital memory device, you should also consider destroying temporary files.<br />
* [[Backup]]<br />
It is too late to think about having a backup once you lose or break your computer, USB memory stick. Obviously an up to date backup has to created in advance of the catastrophe.<br />
<br />
* [[Lesson 4 Exercises]]<br />
<br />
* [[Lesson 4 Further Reading]]<br />
<br />
==Lesson 5 – Digital investigative journalism==<br />
The modern journalist must be aware of basic Internet infrastructure and operations. Certain clues accompany every website, email and digital media file – that could reveal information about the sender or the source otherwise hidden from the naked eye. Those who invest a lot of time and energy into maintaining social networks should also be aware of the risks from online profiling that they expose themselves and others to. This lesson will cover methods to identify the location of a particular website, reveal the sender of an email message, view technical details of a digital media file, discuss privacy implications regarding mobile telephone use and list several precautions for using social media platforms, in particular Facebook.<br />
<br />
* [[IP forensics]]<br />
* [[Email spoofing]]<br />
We are prone to identify and authenticate email messages by the sender's name and email address. This Lesson will help you analyse and validate the real sender of a received email message. <br />
* [[Data Forensics]]<br />
Just like every email message records the IP address of the server it is sent from, so does every digital document contain details about the time it was created, the device that created it and other useful information. <br />
* [[Profiling]]<br />
In the physical world we are identified by passport to our government and by recognition to our friends. A drivers licence, a social security or tax file number and our reputation serve as distinguishing features of our identity and associations. <br />
* [[Mobile profiling and surveillance]]<br />
You may have heard or already know that mobile telecomunnications are insecure by default. Did you know that your geigraphical location can be pinpointed thanks the phone in your pocket?<br />
<br />
* [[Lesson 5 Exercises]]<br />
<br />
* [[Lesson 5 Further Reading]]<br />
<br />
==Lesson 6 – Seven steps to better passwords==<br />
A password is often the first (and last) line of defense – protecting unauthorized access to your computer or an Internet account. A password is like a key to a door. You may have several different keys for your home, your office, your car and your safe. None of the locks are the same and you have a collection of different keys to open them. The same should apply to your passwords. Each account should have its own strong password. The definition of a strong password is one that cannot easily be guessed, cracked or stolen by an attacker. This chapter explains how to create and remember strong passwords and how not to lose them!<br />
<br />
* [[Better Passwords]]<br />
<br />
* [[Lesson 6 Exercises]]<br />
<br />
* [[Lesson 6 Further Reading]]</div>Benhttps://learn.equalit.ie/wiki/Online_LearningOnline Learning2014-05-28T22:11:05Z<p>Ben: /* Lesson 6 – Seven steps to better passwords */</p>
<hr />
<div>'''This work was done in collaboration and the support of [http://www.tol.org/ Transitions Online]<br />
<br />
==Introduction==<br />
<br />
Computers and the Internet are all about information gathering, storage and exchange. Hence, the topic of security in the digital realm relates to the security of information and its communication. The Internet, in theory, provides everyone with an equal opportunity to access and disseminate information. Yet, as time has shown, this is not always the case. Governments and corporations realize the importance and value of controlling information flows, and of being able to decide when to restrict them. The security of information is further complicated by malicious individuals creating computer viruses and hacking into computer systems, often with no other motive than causing damage.<br />
<br />
Confusion and complexity is heightened by the abundance of software, hardware and electronic devices built to interact with an increasingly sophisticated and complicated network. Users have to immerse themselves in concepts and technology that seem to be far removed from the real world. The security of your information, online identity and the privacy of your communications falls first and foremost upon your shoulders and requires comprehension of how the Internet and your computer actually work.<br />
<br />
The Internet has profoundly changed social interaction and the dissemination of ideas and knowledge. Publication is no longer restricted by geographic or financial boundaries, and any citizen could become a journalist and reach a global audience.<br />
<br />
This online training course has several objectives. It aims to educate and raise awareness to the technical aspects behind computer and Internet operations as a precursor to explaining inherent digital risks and vulnerabilities. Because it is virtually impossible to predict and describe in advance every security situation that one could encounter – the emphasis here is to provide enough background information and explanation of risks to make the user aware of the problem and able to make an educated and appropriate response. The other objective is to provide solutions to the most common security threats faced by journalists working in politically repressive countries, as well as links and references to software tools and manuals for further study and exploration of the subject. <br />
<br />
__NOTOC__<br />
<br />
==Lesson 1 - The Internet and its Pitfalls==<br />
<br />
* [[How does the Internet actually work?]]<br />
<br />
This chapter is a requirement to understanding other topics covered in Lesson 1 and throughout the Internet Security Course. <br />
<br />
* [[What is Internet surveillance?]]<br />
<br />
A distinction must be made between what we perceive as surveillance in the physical world – a person watching and shadowing your movements, and what occurs on the Internet. <br />
<br />
* [[Lesson 1 Exercises]]<br />
<br />
* [[Lesson 1 Further Reading]]<br />
<br />
==Lesson 2 – Privacy! On the Internet?==<br />
The Internet is a network of networks passing data through numerous intermediary computers and routers. Data typically travels the Internet in a readable (insecure) format. Your search query on Google or your Yahoo email message is accessible to your local Internet service provider as well as the body monitoring the national telecommunications infrastructure. By default, there is no privacy in Internet communications and many become victims of random and targeted network surveillance and traffic analysis. There are however, certain steps and measures you can take, some easier than others, to ensure a level of privacy in your Internet communications.<br />
<br />
* [[Encrypted connections]]<br />
The open - we can see everything that you send and receive - Internet could not become a powerful medium for business nor could it ensure a general users' expectation of privacy.<br />
* [[Instant Messaging and VoIP]]<br />
Instant messaging tools such as MSN Messenger and Yahoo Chat also use open channels for communicating your information. Everything you send or receive using these programs is liable to surveillance.<br />
* [[Using a VPN for Secure Internet Browsing]]<br />
<br />
* [[Lesson 2 Exercises]]<br />
<br />
* [[Lesson 2 Further Reading]]<br />
<br />
==Lesson 3 – Goodbye Censorship!==<br />
Many countries around the world have installed software and underlying infrastructure that prevents Internet users within those countries from accessing certain websites and Internet services. Companies, schools and public libraries often use similar software to protect their employees, students and patrons from material that they consider distracting or harmful. This kind of filtering technology comes in a number of different forms. Some filters block a site based on its IP address, while others blacklist certain domain names or keywords contained in web pages or your search queries. <br />
<br />
Regardless of what filtering methods are present, it is nearly always possible to evade them by relying on intermediary computers, outside your country, to reach blocked services for you. This process is often called censorship circumvention, or simply circumvention, and the intermediary computers are called proxies. Proxies, too, come in many different forms. Some Internet services such as RSS readers and online translators perform the function of a proxy without necessarily being created for circumvention. There are also especially dedicated proxy servers, virtual private networks multiple-proxy anonymity networks. It is difficult to say in advance which particular technique will work to bypass the censorship mechanisms in place in your country and it is worthwhile to be aware of several different methods. Each offers its own particular method for getting around restrictions, at the same time each method is vulnerable in its own way. This chapter describes the various ways to circumvent censorship and explains when these methods may or may not work. <br />
<br />
* [[Internet Censorship]]<br />
Censoring the channel of dissemination can take place at two different moments within an information cycle. Pre-publication – when the original message is prevented from being disseminated. This includes self-censorship, legislation and editorial or managerial interference with material to be published or made available to the public. Post-publication – when the audience is prevented from accessing an existing message or content communicated to them. Primarily this involves access to Internet websites and online services, and will be explained and discussed in this module.<br />
<br />
* [[Circumventing Censorship]]<br />
If you cannot go directly to a website because it is blocked by one of the methods discussed above, you will need to find a way around the obstruction. Many methods exist to circumvent the blocklists, which are only effective when a website is requested directly. If a third party is called to fetch a website for us, then these lists become irrelevant. For over a decade, netizens living in censored Internet environments have been using online translation and caching services to access a website indirectly. Others have relied on anonymisers, whose original intent was to conceal your identity from a website.<br />
* [[A Word On Anonymous Internet Publishing]]<br />
<br />
* [[Lesson 3 Exercises]]<br />
<br />
* [[Lesson 3 Further Reading]]<br />
<br />
==Lesson 4 - Digital information management==<br />
This section describes the technology and methods for managing your digital data. We will talk about preventing unauthorized access to your data, making sure that you do not lose important documents and we will discuss the correct procedures for destroying unwanted data as well as cleaning a computer of traces left behind from past working sessions. Secure data management should be on the top of your to-do list if you work with information that you do not want to lose or expose to an outside party. Once you have set-up the tools described in this chapter and assimilate the processes into your daily working routine, you will make a huge leap towards keeping your data private and secure. <br />
<br />
* [[Information storage]]<br />
Unauthorized access to the information on your computer or portable storage devices can be carried out remotely, if the 'intruder' is able to read or modify your data over the Internet; or physically, if he manages to get hold of your hardware or simply sit behind your computer. <br />
* [[Destroying data]]<br />
You may be concerned that your encrypted volume not only protects your data from unauthorized access but also indicates precisely where you store the information that you most wish to protect. In a tight situation you could be forced to reveal the volume password through intimidation, interrogation and possibly worse. <br />
* [[Destroying temporary files]]<br />
'''Fact:''' when you delete a file, even after you empty the Recycle bin, the contents of that file remain on your hard drive and can be recovered by anyone who has the right tools and a little luck. <br />
Aside from destroying unwanted data from your digital memory device, you should also consider destroying temporary files.<br />
* [[Backup]]<br />
It is too late to think about having a backup once you lose or break your computer, USB memory stick. Obviously an up to date backup has to created in advance of the catastrophe.<br />
<br />
* [[Lesson 4 Exercises]]<br />
<br />
* [[Lesson 4 Further Reading]]<br />
<br />
==Lesson 5 – Digital investigative journalism==<br />
The modern journalist must be aware of basic Internet infrastructure and operations. Certain clues accompany every website, email and digital media file – that could reveal information about the sender or the source otherwise hidden from the naked eye. Those who invest a lot of time and energy into maintaining social networks should also be aware of the risks from online profiling that they expose themselves and others to. This lesson will cover methods to identify the location of a particular website, reveal the sender of an email message, view technical details of a digital media file, discuss privacy implications regarding mobile telephone use and list several precautions for using social media platforms, in particular Facebook.<br />
<br />
* [[IP forensics]]<br />
* [[Email spoofing]]<br />
We are prone to identify and authenticate email messages by the sender's name and email address. This Lesson will help you analyse and validate the real sender of a received email message. <br />
* [[Data Forensics]]<br />
Just like every email message records the IP address of the server it is sent from, so does every digital document contain details about the time it was created, the device that created it and other useful information. <br />
* [[Profiling]]<br />
In the physical world we are identified by passport to our government and by recognition to our friends. A drivers licence, a social security or tax file number and our reputation serve as distinguishing features of our identity and associations. <br />
* [[Mobile profiling and surveillance]]<br />
You may have heard or already know that mobile telecomunnications are insecure by default. Did you know that your geigraphical location can be pinpointed thanks the phone in your pocket?<br />
<br />
* [[Lesson 5 Exercises]]<br />
<br />
* [[Lesson 5 Further Reading]]<br />
<br />
==Lesson 6 – Seven steps to better passwords==<br />
A password is often the first (and last) line of defense – protecting unauthorized access to your computer or an Internet account. A password is like a key to a door. You may have several different keys for your home, your office, your car and your safe. None of the locks are the same and you have a collection of different keys to open them. The same should apply to your passwords. Each account should have its own strong password. The definition of a strong password is one that cannot easily be guessed, cracked or stolen by an attacker. This chapter explains how to create and remember strong passwords and how not to lose them!<br />
<br />
* [[The Seven Steps]]<br />
<br />
* [[Lesson 6 Exercises]]<br />
<br />
* [[Lesson 6 Further Reading]]</div>Benhttps://learn.equalit.ie/wiki/Online_LearningOnline Learning2014-05-28T22:10:41Z<p>Ben: /* Lesson 6 – Seven steps to better passwords */</p>
<hr />
<div>'''This work was done in collaboration and the support of [http://www.tol.org/ Transitions Online]<br />
<br />
==Introduction==<br />
<br />
Computers and the Internet are all about information gathering, storage and exchange. Hence, the topic of security in the digital realm relates to the security of information and its communication. The Internet, in theory, provides everyone with an equal opportunity to access and disseminate information. Yet, as time has shown, this is not always the case. Governments and corporations realize the importance and value of controlling information flows, and of being able to decide when to restrict them. The security of information is further complicated by malicious individuals creating computer viruses and hacking into computer systems, often with no other motive than causing damage.<br />
<br />
Confusion and complexity is heightened by the abundance of software, hardware and electronic devices built to interact with an increasingly sophisticated and complicated network. Users have to immerse themselves in concepts and technology that seem to be far removed from the real world. The security of your information, online identity and the privacy of your communications falls first and foremost upon your shoulders and requires comprehension of how the Internet and your computer actually work.<br />
<br />
The Internet has profoundly changed social interaction and the dissemination of ideas and knowledge. Publication is no longer restricted by geographic or financial boundaries, and any citizen could become a journalist and reach a global audience.<br />
<br />
This online training course has several objectives. It aims to educate and raise awareness to the technical aspects behind computer and Internet operations as a precursor to explaining inherent digital risks and vulnerabilities. Because it is virtually impossible to predict and describe in advance every security situation that one could encounter – the emphasis here is to provide enough background information and explanation of risks to make the user aware of the problem and able to make an educated and appropriate response. The other objective is to provide solutions to the most common security threats faced by journalists working in politically repressive countries, as well as links and references to software tools and manuals for further study and exploration of the subject. <br />
<br />
__NOTOC__<br />
<br />
==Lesson 1 - The Internet and its Pitfalls==<br />
<br />
* [[How does the Internet actually work?]]<br />
<br />
This chapter is a requirement to understanding other topics covered in Lesson 1 and throughout the Internet Security Course. <br />
<br />
* [[What is Internet surveillance?]]<br />
<br />
A distinction must be made between what we perceive as surveillance in the physical world – a person watching and shadowing your movements, and what occurs on the Internet. <br />
<br />
* [[Lesson 1 Exercises]]<br />
<br />
* [[Lesson 1 Further Reading]]<br />
<br />
==Lesson 2 – Privacy! On the Internet?==<br />
The Internet is a network of networks passing data through numerous intermediary computers and routers. Data typically travels the Internet in a readable (insecure) format. Your search query on Google or your Yahoo email message is accessible to your local Internet service provider as well as the body monitoring the national telecommunications infrastructure. By default, there is no privacy in Internet communications and many become victims of random and targeted network surveillance and traffic analysis. There are however, certain steps and measures you can take, some easier than others, to ensure a level of privacy in your Internet communications.<br />
<br />
* [[Encrypted connections]]<br />
The open - we can see everything that you send and receive - Internet could not become a powerful medium for business nor could it ensure a general users' expectation of privacy.<br />
* [[Instant Messaging and VoIP]]<br />
Instant messaging tools such as MSN Messenger and Yahoo Chat also use open channels for communicating your information. Everything you send or receive using these programs is liable to surveillance.<br />
* [[Using a VPN for Secure Internet Browsing]]<br />
<br />
* [[Lesson 2 Exercises]]<br />
<br />
* [[Lesson 2 Further Reading]]<br />
<br />
==Lesson 3 – Goodbye Censorship!==<br />
Many countries around the world have installed software and underlying infrastructure that prevents Internet users within those countries from accessing certain websites and Internet services. Companies, schools and public libraries often use similar software to protect their employees, students and patrons from material that they consider distracting or harmful. This kind of filtering technology comes in a number of different forms. Some filters block a site based on its IP address, while others blacklist certain domain names or keywords contained in web pages or your search queries. <br />
<br />
Regardless of what filtering methods are present, it is nearly always possible to evade them by relying on intermediary computers, outside your country, to reach blocked services for you. This process is often called censorship circumvention, or simply circumvention, and the intermediary computers are called proxies. Proxies, too, come in many different forms. Some Internet services such as RSS readers and online translators perform the function of a proxy without necessarily being created for circumvention. There are also especially dedicated proxy servers, virtual private networks multiple-proxy anonymity networks. It is difficult to say in advance which particular technique will work to bypass the censorship mechanisms in place in your country and it is worthwhile to be aware of several different methods. Each offers its own particular method for getting around restrictions, at the same time each method is vulnerable in its own way. This chapter describes the various ways to circumvent censorship and explains when these methods may or may not work. <br />
<br />
* [[Internet Censorship]]<br />
Censoring the channel of dissemination can take place at two different moments within an information cycle. Pre-publication – when the original message is prevented from being disseminated. This includes self-censorship, legislation and editorial or managerial interference with material to be published or made available to the public. Post-publication – when the audience is prevented from accessing an existing message or content communicated to them. Primarily this involves access to Internet websites and online services, and will be explained and discussed in this module.<br />
<br />
* [[Circumventing Censorship]]<br />
If you cannot go directly to a website because it is blocked by one of the methods discussed above, you will need to find a way around the obstruction. Many methods exist to circumvent the blocklists, which are only effective when a website is requested directly. If a third party is called to fetch a website for us, then these lists become irrelevant. For over a decade, netizens living in censored Internet environments have been using online translation and caching services to access a website indirectly. Others have relied on anonymisers, whose original intent was to conceal your identity from a website.<br />
* [[A Word On Anonymous Internet Publishing]]<br />
<br />
* [[Lesson 3 Exercises]]<br />
<br />
* [[Lesson 3 Further Reading]]<br />
<br />
==Lesson 4 - Digital information management==<br />
This section describes the technology and methods for managing your digital data. We will talk about preventing unauthorized access to your data, making sure that you do not lose important documents and we will discuss the correct procedures for destroying unwanted data as well as cleaning a computer of traces left behind from past working sessions. Secure data management should be on the top of your to-do list if you work with information that you do not want to lose or expose to an outside party. Once you have set-up the tools described in this chapter and assimilate the processes into your daily working routine, you will make a huge leap towards keeping your data private and secure. <br />
<br />
* [[Information storage]]<br />
Unauthorized access to the information on your computer or portable storage devices can be carried out remotely, if the 'intruder' is able to read or modify your data over the Internet; or physically, if he manages to get hold of your hardware or simply sit behind your computer. <br />
* [[Destroying data]]<br />
You may be concerned that your encrypted volume not only protects your data from unauthorized access but also indicates precisely where you store the information that you most wish to protect. In a tight situation you could be forced to reveal the volume password through intimidation, interrogation and possibly worse. <br />
* [[Destroying temporary files]]<br />
'''Fact:''' when you delete a file, even after you empty the Recycle bin, the contents of that file remain on your hard drive and can be recovered by anyone who has the right tools and a little luck. <br />
Aside from destroying unwanted data from your digital memory device, you should also consider destroying temporary files.<br />
* [[Backup]]<br />
It is too late to think about having a backup once you lose or break your computer, USB memory stick. Obviously an up to date backup has to created in advance of the catastrophe.<br />
<br />
* [[Lesson 4 Exercises]]<br />
<br />
* [[Lesson 4 Further Reading]]<br />
<br />
==Lesson 5 – Digital investigative journalism==<br />
The modern journalist must be aware of basic Internet infrastructure and operations. Certain clues accompany every website, email and digital media file – that could reveal information about the sender or the source otherwise hidden from the naked eye. Those who invest a lot of time and energy into maintaining social networks should also be aware of the risks from online profiling that they expose themselves and others to. This lesson will cover methods to identify the location of a particular website, reveal the sender of an email message, view technical details of a digital media file, discuss privacy implications regarding mobile telephone use and list several precautions for using social media platforms, in particular Facebook.<br />
<br />
* [[IP forensics]]<br />
* [[Email spoofing]]<br />
We are prone to identify and authenticate email messages by the sender's name and email address. This Lesson will help you analyse and validate the real sender of a received email message. <br />
* [[Data Forensics]]<br />
Just like every email message records the IP address of the server it is sent from, so does every digital document contain details about the time it was created, the device that created it and other useful information. <br />
* [[Profiling]]<br />
In the physical world we are identified by passport to our government and by recognition to our friends. A drivers licence, a social security or tax file number and our reputation serve as distinguishing features of our identity and associations. <br />
* [[Mobile profiling and surveillance]]<br />
You may have heard or already know that mobile telecomunnications are insecure by default. Did you know that your geigraphical location can be pinpointed thanks the phone in your pocket?<br />
<br />
* [[Lesson 5 Exercises]]<br />
<br />
* [[Lesson 5 Further Reading]]<br />
<br />
==Lesson 6 – Seven steps to better passwords==<br />
A password is often the first (and last) line of defense – protecting unauthorized access to your computer or an Internet account. A password is like a key to a door. You may have several different keys for your home, your office, your car and your safe. None of the locks are the same and you have a collection of different keys to open them. The same should apply to your passwords. Each account should have its own strong password. The definition of a strong password is one that cannot easily be guessed, cracked or stolen by an attacker. This chapter explains how to create and remember strong passwords and how not to lose them!<br />
<br />
* [[Seven steps to better passwords]]<br />
<br />
* [[Lesson 6 Exercises]]<br />
<br />
* [[Lesson 6 Further Reading]]</div>Benhttps://learn.equalit.ie/wiki/Better_PasswordsBetter Passwords2014-05-28T21:56:26Z<p>Ben: /* Step 5: What is a strong password? */</p>
<hr />
<div>===Step 1: Keep your computer clean and protected===<br />
<br />
Before we begin talking about strong passwords we must make sure that our computer is protected from spyware (that could leak your passwords) and unauthorised remote access. This is part and parcel of everyday computing but is especially pertinent to keeping your passwords secure from theft. Most hacking attacks happen by stealing your account password through the installation of spyware on the computer. You must install and maintain up-to-date (and legitimate) anti-virus and firewall software. You should also ensure that your operating system and all applications on your computer have the latest updates. These steps are the precursor to all secure computer operations.<br />
<br />
'''Exercises:''' Protect your computer from malware and unauthorised remote access by installing and configuring an anti-virus and firewall from https://securityinabox.org/<br />
<br />
{{#ev:youtube|e0CzRAh1KAI}}<br />
<br />
<br />
===Step 2: Always be vigilant and cautious===<br />
<br />
The Internet is rife with cyber criminals creating scams that trick you to reveal your password or inadvertently install a piece of malware that will leak them (especially if you skipped Step 1 above). You must be extra vigilant when clicking on links sent to you in an email or chat message. Avoid installing pirated software and browsing to websites whose identity, authenticity you cannot be sure of. Don't use Internet Explorer to browse the Web, run Firefox with the No-Script extension or Chrome with extensions that forbid webpages to execute code on your computer.<br />
<br />
'''Media:''' Read [http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/ this] account from a Wired journalist on how hackers compromised his entire digital life, and how he managed to [http://contextly.com/redirect/?id=SoBTdyU9No:112358:78 restore] it. Lots of good tips and advice.<br />
<br />
'''Exercise:''' Firefox users install the http://noscript.net/ extension; Chrome users install [https://chrome.google.com/webstore/detail/notscripts/odjhifogjcknibkahlpidmdajjpkkcfn NotScript] extension.<br />
<br />
===Step 3: Prevent profiling===<br />
<br />
Many people find it difficult to remember passwords and end up creating something that is related to their personal life or interests. For example, a user in New York City might choose 'manhattan' or 'yankees2012' as their password. Perhaps they will use their child's name and year of birth or the name of their pet dog.<br />
<br />
'''Media:''' A [http://xato.net/passwords/more-top-worst-passwords/#more-269 study] of the most commonly used passwords and one covering password [http://arstechnica.com/security/2012/08/passwords-under-assault/2/ hacking] techniques<br />
<br />
A common tactic in password hacking is called profiling – finding out personal details that may have been used as your password. By mining your Facebook, LinkedIn and other public profiles the attack will learn a lot of information about your identity and begin to guess and figure out your passwords. <br />
<br />
{{#ev:youtube|ANXYxDBzleg}}<br />
<br />
===Step 4: Prevent brute force attacks===<br />
<br />
Computers can figure out your password by trying all possible combinations of letters and numbers. A brute force attack usually begins with a dictionary attack – the computer tries every word in the dictionary as your password. This would take a human a long time to attempt, computers can do it at speeds of up to a million passwords per second. Should a dictionary attack prove unsuccessful, all possible combinations of letters, numbers and punctuation is attempted as your password. This method would inevitably find your password sooner or later, the only barrier is time.<br />
<br />
<br />
{| class="wikitable" style="text-align: center;<br />
! style="text-alight:left;"| Length/Variations<br />
!26<br />
!36<br />
!52<br />
!68<br />
|-<br />
|3<br />
|0.18 seconds<br />
|0.47 seconds<br />
|1.41 seconds<br />
|3.14 seconds<br />
|-<br />
|5<br />
|1.98 minutes<br />
|10.1 minutes<br />
|1.06 hours<br />
|4.0.4 hours<br />
|-<br />
|8<br />
|24.2 days<br />
|10.7 months<br />
|17 years<br />
|1.45 centuries<br />
|-<br />
|10<br />
|44.8 years<br />
|1.16 millennia<br />
|45.8 millennia<br />
|45, 582 millennia<br />
|}<br />
<br />
''Here's a rough guide to how how much time a relatively simply laptop will require to brute force your password. The top row indicates the pool of variation in your password (small letters, small letters and numbers, small letters and capitalisation, small letters and capitalization and numbers and four signs of punctuation). The left hand column indicates the length of your password.''<br />
<br />
'''Media:''' http://www.decryptum.com/ can decrypt your word or excel document online. http://www.elcomsoft.com/aopr.html is a software you can download to 'recover' access to protected MS Office documents.<br />
<br />
===Step 5: What is a strong password?===<br />
<br />
A password should be difficult to guess or for a computer program to workout.<br />
<br />
<br />
*'''Make it long:''' The longer a password is, the less likely it is that a computer program would be able to guess it in a reasonable amount of time. You should try to create passwords that include ten or more characters. You could also try using a whole sentence as your password.<br />
*'''Make it complex:''' In addition to length, the complexity of a password also helps prevent automatic 'password cracking' software from guessing the right combination of characters. Where possible, you should always include upper case letters, lower case letters, numbers and symbols, such as punctuation marks, in your password.<br />
*'''Don't make it personal:''' Your password should not be related to you personally. Don't choose a word or phrase based on information such as your name, social security number, telephone number, child's name, pet's name, birth date, or anything else that a person could learn by doing a little research about you.<br />
*'''Keep it secret:''' Do not share your password with anyone unless it is absolutely necessary. Often, there are alternatives to sharing a password, such as creating a separate account for each individual who needs access.<br />
*'''Keep it unique:''' Avoid using the same password for more than one account. Otherwise, anyone who learns that password will gain access to even more of your sensitive information.<br />
*'''Keep it fresh:''' Change your password on a regular basis, preferably at least once every three months. Some people get quite attached to a particular password and never change it. This is a bad idea. The longer you keep one password, the more opportunity others have to figure it out.<br />
<br />
'''Media:''' Check how strong your password is http://howsecureismypassword.net<br />
<br />
{{#ev:youtube|3DKff6sFm1c}}<br />
<br />
{{#ev:youtube|qAend7JaNFU}}<br />
<br />
===Step 6: How to create and remember strong passwords===<br />
<br />
Mnemonics can help you create and remember a strong password. Since it is easier for us to remember a phrase rather than a random combination of letters and number – you could create your password from a sentence or even a paragraph. Let's take the following as an example:<br />
<br />
Will you still need me, will you still feed me when I am 64?<br />
<br />
Now, lets take the first letter of every word. We get Wysnm,wysfmwIa64?<br />
<br />
Alternatively, lets take the last letter. We get lulde,luldenIm64?<br />
<br />
Both of these passwords are long and complex enough to keep the computer busy for thousands of years. Now the trick is not to remember the password itself, but to keep the sentence in mind as well as your rule for withdrawing the password from this sentence. From now on, picture the sentence in your mind and extract your password from it.<br />
<br />
'''Exercise:''' Create a password using mnemonics and test yourself from memory<br />
<br />
'''Media:''' Password [http://www.schneier.com/essay-246.html creation] advice from the Godfather of computer security<br />
<br />
===Step 7: Using software for password creation and storage===<br />
<br />
As an alternative, you can generate random, complex passwords for all of your accounts in a portable, encrypted ''secure password database'', such as '''KeePass'''. Whenever you need to enter a password for a specific account, you can look it up in '''KeePass'''. Using the copy/paste functions you can withdraw the passwords from the program to the screen where it is required.<br />
<br />
The '''KeePass''' program stores all of your passwords in a secure database, protected by a master password (this one you have to remember!). You can store hundreds of different passwords and relevant notes in the program, without having to remember them.<br />
<br />
'''Exercise:''' Install and start using https://securityinabox.org/en/keepass_main</div>Benhttps://learn.equalit.ie/wiki/Better_PasswordsBetter Passwords2014-05-28T21:53:57Z<p>Ben: /* Step 5: What is a strong password? */</p>
<hr />
<div>===Step 1: Keep your computer clean and protected===<br />
<br />
Before we begin talking about strong passwords we must make sure that our computer is protected from spyware (that could leak your passwords) and unauthorised remote access. This is part and parcel of everyday computing but is especially pertinent to keeping your passwords secure from theft. Most hacking attacks happen by stealing your account password through the installation of spyware on the computer. You must install and maintain up-to-date (and legitimate) anti-virus and firewall software. You should also ensure that your operating system and all applications on your computer have the latest updates. These steps are the precursor to all secure computer operations.<br />
<br />
'''Exercises:''' Protect your computer from malware and unauthorised remote access by installing and configuring an anti-virus and firewall from https://securityinabox.org/<br />
<br />
{{#ev:youtube|e0CzRAh1KAI}}<br />
<br />
<br />
===Step 2: Always be vigilant and cautious===<br />
<br />
The Internet is rife with cyber criminals creating scams that trick you to reveal your password or inadvertently install a piece of malware that will leak them (especially if you skipped Step 1 above). You must be extra vigilant when clicking on links sent to you in an email or chat message. Avoid installing pirated software and browsing to websites whose identity, authenticity you cannot be sure of. Don't use Internet Explorer to browse the Web, run Firefox with the No-Script extension or Chrome with extensions that forbid webpages to execute code on your computer.<br />
<br />
'''Media:''' Read [http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/ this] account from a Wired journalist on how hackers compromised his entire digital life, and how he managed to [http://contextly.com/redirect/?id=SoBTdyU9No:112358:78 restore] it. Lots of good tips and advice.<br />
<br />
'''Exercise:''' Firefox users install the http://noscript.net/ extension; Chrome users install [https://chrome.google.com/webstore/detail/notscripts/odjhifogjcknibkahlpidmdajjpkkcfn NotScript] extension.<br />
<br />
===Step 3: Prevent profiling===<br />
<br />
Many people find it difficult to remember passwords and end up creating something that is related to their personal life or interests. For example, a user in New York City might choose 'manhattan' or 'yankees2012' as their password. Perhaps they will use their child's name and year of birth or the name of their pet dog.<br />
<br />
'''Media:''' A [http://xato.net/passwords/more-top-worst-passwords/#more-269 study] of the most commonly used passwords and one covering password [http://arstechnica.com/security/2012/08/passwords-under-assault/2/ hacking] techniques<br />
<br />
A common tactic in password hacking is called profiling – finding out personal details that may have been used as your password. By mining your Facebook, LinkedIn and other public profiles the attack will learn a lot of information about your identity and begin to guess and figure out your passwords. <br />
<br />
{{#ev:youtube|ANXYxDBzleg}}<br />
<br />
===Step 4: Prevent brute force attacks===<br />
<br />
Computers can figure out your password by trying all possible combinations of letters and numbers. A brute force attack usually begins with a dictionary attack – the computer tries every word in the dictionary as your password. This would take a human a long time to attempt, computers can do it at speeds of up to a million passwords per second. Should a dictionary attack prove unsuccessful, all possible combinations of letters, numbers and punctuation is attempted as your password. This method would inevitably find your password sooner or later, the only barrier is time.<br />
<br />
<br />
{| class="wikitable" style="text-align: center;<br />
! style="text-alight:left;"| Length/Variations<br />
!26<br />
!36<br />
!52<br />
!68<br />
|-<br />
|3<br />
|0.18 seconds<br />
|0.47 seconds<br />
|1.41 seconds<br />
|3.14 seconds<br />
|-<br />
|5<br />
|1.98 minutes<br />
|10.1 minutes<br />
|1.06 hours<br />
|4.0.4 hours<br />
|-<br />
|8<br />
|24.2 days<br />
|10.7 months<br />
|17 years<br />
|1.45 centuries<br />
|-<br />
|10<br />
|44.8 years<br />
|1.16 millennia<br />
|45.8 millennia<br />
|45, 582 millennia<br />
|}<br />
<br />
''Here's a rough guide to how how much time a relatively simply laptop will require to brute force your password. The top row indicates the pool of variation in your password (small letters, small letters and numbers, small letters and capitalisation, small letters and capitalization and numbers and four signs of punctuation). The left hand column indicates the length of your password.''<br />
<br />
'''Media:''' http://www.decryptum.com/ can decrypt your word or excel document online. http://www.elcomsoft.com/aopr.html is a software you can download to 'recover' access to protected MS Office documents.<br />
<br />
===Step 5: What is a strong password?===<br />
<br />
A password should be difficult to guess or for a computer program to workout.<br />
<br />
<br />
*'''Make it long:''' The longer a password is, the less likely it is that a computer program would be able to guess it in a reasonable amount of time. You should try to create passwords that include ten or more characters. You could also try using a whole sentence as your password.<br />
*'''Make it complex:''' In addition to length, the complexity of a password also helps prevent automatic 'password cracking' software from guessing the right combination of characters. Where possible, you should always include upper case letters, lower case letters, numbers and symbols, such as punctuation marks, in your password.<br />
*'''Don't make it personal:''' Your password should not be related to you personally. Don't choose a word or phrase based on information such as your name, social security number, telephone number, child's name, pet's name, birth date, or anything else that a person could learn by doing a little research about you.<br />
*'''Keep it secret:''' Do not share your password with anyone unless it is absolutely necessary. Often, there are alternatives to sharing a password, such as creating a separate account for each individual who needs access.<br />
*'''Keep it unique:''' Avoid using the same password for more than one account. Otherwise, anyone who learns that password will gain access to even more of your sensitive information.<br />
*'''Keep it fresh:''' Change your password on a regular basis, preferably at least once every three months. Some people get quite attached to a particular password and never change it. This is a bad idea. The longer you keep one password, the more opportunity others have to figure it out.<br />
<br />
'''Media:''' Check how strong your password is http://howsecureismypassword.net<br />
<br />
{{#ev:youtube|3DKff6sFm1c}}<br />
<br />
===Step 6: How to create and remember strong passwords===<br />
<br />
Mnemonics can help you create and remember a strong password. Since it is easier for us to remember a phrase rather than a random combination of letters and number – you could create your password from a sentence or even a paragraph. Let's take the following as an example:<br />
<br />
Will you still need me, will you still feed me when I am 64?<br />
<br />
Now, lets take the first letter of every word. We get Wysnm,wysfmwIa64?<br />
<br />
Alternatively, lets take the last letter. We get lulde,luldenIm64?<br />
<br />
Both of these passwords are long and complex enough to keep the computer busy for thousands of years. Now the trick is not to remember the password itself, but to keep the sentence in mind as well as your rule for withdrawing the password from this sentence. From now on, picture the sentence in your mind and extract your password from it.<br />
<br />
'''Exercise:''' Create a password using mnemonics and test yourself from memory<br />
<br />
'''Media:''' Password [http://www.schneier.com/essay-246.html creation] advice from the Godfather of computer security<br />
<br />
===Step 7: Using software for password creation and storage===<br />
<br />
As an alternative, you can generate random, complex passwords for all of your accounts in a portable, encrypted ''secure password database'', such as '''KeePass'''. Whenever you need to enter a password for a specific account, you can look it up in '''KeePass'''. Using the copy/paste functions you can withdraw the passwords from the program to the screen where it is required.<br />
<br />
The '''KeePass''' program stores all of your passwords in a secure database, protected by a master password (this one you have to remember!). You can store hundreds of different passwords and relevant notes in the program, without having to remember them.<br />
<br />
'''Exercise:''' Install and start using https://securityinabox.org/en/keepass_main</div>Benhttps://learn.equalit.ie/wiki/Better_PasswordsBetter Passwords2014-05-28T21:52:41Z<p>Ben: /* Step 5: What is a strong password? */</p>
<hr />
<div>===Step 1: Keep your computer clean and protected===<br />
<br />
Before we begin talking about strong passwords we must make sure that our computer is protected from spyware (that could leak your passwords) and unauthorised remote access. This is part and parcel of everyday computing but is especially pertinent to keeping your passwords secure from theft. Most hacking attacks happen by stealing your account password through the installation of spyware on the computer. You must install and maintain up-to-date (and legitimate) anti-virus and firewall software. You should also ensure that your operating system and all applications on your computer have the latest updates. These steps are the precursor to all secure computer operations.<br />
<br />
'''Exercises:''' Protect your computer from malware and unauthorised remote access by installing and configuring an anti-virus and firewall from https://securityinabox.org/<br />
<br />
{{#ev:youtube|e0CzRAh1KAI}}<br />
<br />
<br />
===Step 2: Always be vigilant and cautious===<br />
<br />
The Internet is rife with cyber criminals creating scams that trick you to reveal your password or inadvertently install a piece of malware that will leak them (especially if you skipped Step 1 above). You must be extra vigilant when clicking on links sent to you in an email or chat message. Avoid installing pirated software and browsing to websites whose identity, authenticity you cannot be sure of. Don't use Internet Explorer to browse the Web, run Firefox with the No-Script extension or Chrome with extensions that forbid webpages to execute code on your computer.<br />
<br />
'''Media:''' Read [http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/ this] account from a Wired journalist on how hackers compromised his entire digital life, and how he managed to [http://contextly.com/redirect/?id=SoBTdyU9No:112358:78 restore] it. Lots of good tips and advice.<br />
<br />
'''Exercise:''' Firefox users install the http://noscript.net/ extension; Chrome users install [https://chrome.google.com/webstore/detail/notscripts/odjhifogjcknibkahlpidmdajjpkkcfn NotScript] extension.<br />
<br />
===Step 3: Prevent profiling===<br />
<br />
Many people find it difficult to remember passwords and end up creating something that is related to their personal life or interests. For example, a user in New York City might choose 'manhattan' or 'yankees2012' as their password. Perhaps they will use their child's name and year of birth or the name of their pet dog.<br />
<br />
'''Media:''' A [http://xato.net/passwords/more-top-worst-passwords/#more-269 study] of the most commonly used passwords and one covering password [http://arstechnica.com/security/2012/08/passwords-under-assault/2/ hacking] techniques<br />
<br />
A common tactic in password hacking is called profiling – finding out personal details that may have been used as your password. By mining your Facebook, LinkedIn and other public profiles the attack will learn a lot of information about your identity and begin to guess and figure out your passwords. <br />
<br />
{{#ev:youtube|ANXYxDBzleg}}<br />
<br />
===Step 4: Prevent brute force attacks===<br />
<br />
Computers can figure out your password by trying all possible combinations of letters and numbers. A brute force attack usually begins with a dictionary attack – the computer tries every word in the dictionary as your password. This would take a human a long time to attempt, computers can do it at speeds of up to a million passwords per second. Should a dictionary attack prove unsuccessful, all possible combinations of letters, numbers and punctuation is attempted as your password. This method would inevitably find your password sooner or later, the only barrier is time.<br />
<br />
<br />
{| class="wikitable" style="text-align: center;<br />
! style="text-alight:left;"| Length/Variations<br />
!26<br />
!36<br />
!52<br />
!68<br />
|-<br />
|3<br />
|0.18 seconds<br />
|0.47 seconds<br />
|1.41 seconds<br />
|3.14 seconds<br />
|-<br />
|5<br />
|1.98 minutes<br />
|10.1 minutes<br />
|1.06 hours<br />
|4.0.4 hours<br />
|-<br />
|8<br />
|24.2 days<br />
|10.7 months<br />
|17 years<br />
|1.45 centuries<br />
|-<br />
|10<br />
|44.8 years<br />
|1.16 millennia<br />
|45.8 millennia<br />
|45, 582 millennia<br />
|}<br />
<br />
''Here's a rough guide to how how much time a relatively simply laptop will require to brute force your password. The top row indicates the pool of variation in your password (small letters, small letters and numbers, small letters and capitalisation, small letters and capitalization and numbers and four signs of punctuation). The left hand column indicates the length of your password.''<br />
<br />
'''Media:''' http://www.decryptum.com/ can decrypt your word or excel document online. http://www.elcomsoft.com/aopr.html is a software you can download to 'recover' access to protected MS Office documents.<br />
<br />
===Step 5: What is a strong password?===<br />
<br />
A password should be difficult to guess or for a computer program to workout.<br />
<br />
<br />
*'''Make it long:''' The longer a password is, the less likely it is that a computer program would be able to guess it in a reasonable amount of time. You should try to create passwords that include ten or more characters. You could also try using a whole sentence as your password.<br />
*'''Make it complex:''' In addition to length, the complexity of a password also helps prevent automatic 'password cracking' software from guessing the right combination of characters. Where possible, you should always include upper case letters, lower case letters, numbers and symbols, such as punctuation marks, in your password.<br />
*'''Don't make it personal:''' Your password should not be related to you personally. Don't choose a word or phrase based on information such as your name, social security number, telephone number, child's name, pet's name, birth date, or anything else that a person could learn by doing a little research about you.<br />
*'''Keep it secret:''' Do not share your password with anyone unless it is absolutely necessary. Often, there are alternatives to sharing a password, such as creating a separate account for each individual who needs access.<br />
*'''Keep it unique:''' Avoid using the same password for more than one account. Otherwise, anyone who learns that password will gain access to even more of your sensitive information.<br />
*'''Keep it fresh:''' Change your password on a regular basis, preferably at least once every three months. Some people get quite attached to a particular password and never change it. This is a bad idea. The longer you keep one password, the more opportunity others have to figure it out.<br />
<br />
'''Media:''' Check how strong your password is http://howsecureismypassword.net<br />
<br />
{{#ev:youtube|3DKff6sFm1c}}<br />
<br />
https://www.youtube.com/watch?v=3DKff6sFm1c<br />
<br />
http://dotsub.com/media/07471d2f-2a20-4661-9208-f3394b1c219b/e/m<br />
<br />
===Step 6: How to create and remember strong passwords===<br />
<br />
Mnemonics can help you create and remember a strong password. Since it is easier for us to remember a phrase rather than a random combination of letters and number – you could create your password from a sentence or even a paragraph. Let's take the following as an example:<br />
<br />
Will you still need me, will you still feed me when I am 64?<br />
<br />
Now, lets take the first letter of every word. We get Wysnm,wysfmwIa64?<br />
<br />
Alternatively, lets take the last letter. We get lulde,luldenIm64?<br />
<br />
Both of these passwords are long and complex enough to keep the computer busy for thousands of years. Now the trick is not to remember the password itself, but to keep the sentence in mind as well as your rule for withdrawing the password from this sentence. From now on, picture the sentence in your mind and extract your password from it.<br />
<br />
'''Exercise:''' Create a password using mnemonics and test yourself from memory<br />
<br />
'''Media:''' Password [http://www.schneier.com/essay-246.html creation] advice from the Godfather of computer security<br />
<br />
===Step 7: Using software for password creation and storage===<br />
<br />
As an alternative, you can generate random, complex passwords for all of your accounts in a portable, encrypted ''secure password database'', such as '''KeePass'''. Whenever you need to enter a password for a specific account, you can look it up in '''KeePass'''. Using the copy/paste functions you can withdraw the passwords from the program to the screen where it is required.<br />
<br />
The '''KeePass''' program stores all of your passwords in a secure database, protected by a master password (this one you have to remember!). You can store hundreds of different passwords and relevant notes in the program, without having to remember them.<br />
<br />
'''Exercise:''' Install and start using https://securityinabox.org/en/keepass_main</div>Benhttps://learn.equalit.ie/wiki/Lesson_4_Further_ReadingLesson 4 Further Reading2014-05-28T21:42:00Z<p>Ben: </p>
<hr />
<div><br />
*[http://en.flossmanuals.net/basic-internet-security/ch035_introduction-to-securing-personal-data/ Introduction to Securing Personal Data]<br />
<br />
*[https://securityinabox.org/en/chapter-4 How to protect sensitive files on your computer]</div>Benhttps://learn.equalit.ie/wiki/Lesson_4_Further_ReadingLesson 4 Further Reading2014-05-28T21:41:46Z<p>Ben: </p>
<hr />
<div><br />
*[http://en.flossmanuals.net/basic-internet-security/ch035_introduction-to-securing-personal-data/<br />
Introduction to Securing Personal Data]<br />
<br />
*[https://securityinabox.org/en/chapter-4 How to protect sensitive files on your computer]</div>Benhttps://learn.equalit.ie/wiki/Lesson_3_Further_ReadingLesson 3 Further Reading2014-05-28T21:40:50Z<p>Ben: </p>
<hr />
<div><br />
*[http://flossmanuals.net/basic-internet-security/ Basic Internet Security]<br />
How to keep your Internet communications private<br />
<br />
'''Public Key Encryption'''<br />
<br />
Read through a couple of interesting guides on how you can set-up public key data encryption for your email communications.<br />
<br />
*https://flossmanuals.net/basic-internet-security/ch027_mail-encryption-gpg<br />
<br />
*http://equalit.ie/esecman/chapter2_4.html#2_4b<br />
<br />
*https://securityinabox.org/en/thuderbird_encryption<br />
<br />
*https://www.vaultletsoft.com<br />
<br />
*https://www.enlocked.com</div>Benhttps://learn.equalit.ie/wiki/Lesson_5_Further_ReadingLesson 5 Further Reading2014-05-28T21:39:31Z<p>Ben: </p>
<hr />
<div><br />
*[https://securityinabox.org/en/chapter-10 How to use mobile phones as securely as possible]<br />
<br />
*[https://securityinabox.org/en/chapter-11 How to use smartphones as securely as possible ]<br />
<br />
*[https://securityinabox.org/en/portable_security Mobile Security]<br />
<br />
*[https://ssd.eff.org/ Surveillance Self Defense] <br />
<br />
*[https://securityinabox.org/en/chapter-9 How to protect yourself and your data when using social networking sites]</div>Benhttps://learn.equalit.ie/wiki/Lesson_4_Further_ReadingLesson 4 Further Reading2014-05-28T21:37:28Z<p>Ben: </p>
<hr />
<div><br />
*Introduction to Securing Personal Data<br />
http://en.flossmanuals.net/basic-internet-security/ch035_introduction-to-securing-personal-data/<br />
<br />
*How to protect sensitive files on your computer<br />
https://securityinabox.org/en/chapter-4</div>Benhttps://learn.equalit.ie/wiki/Lesson_3_Further_ReadingLesson 3 Further Reading2014-05-28T21:37:00Z<p>Ben: </p>
<hr />
<div><br />
*http://flossmanuals.net/basic-internet-security/<br />
How to keep your Internet communications private<br />
<br />
'''Public Key Encryption'''<br />
<br />
Read through a couple of interesting guides on how you can set-up public key data encryption for your email communications.<br />
<br />
*https://flossmanuals.net/basic-internet-security/ch027_mail-encryption-gpg<br />
<br />
*http://equalit.ie/esecman/chapter2_4.html#2_4b<br />
<br />
*https://securityinabox.org/en/thuderbird_encryption<br />
<br />
*https://www.vaultletsoft.com<br />
<br />
*https://www.enlocked.com</div>Benhttps://learn.equalit.ie/wiki/Lesson_2_Further_ReadingLesson 2 Further Reading2014-05-28T21:36:22Z<p>Ben: </p>
<hr />
<div><br />
*http://flossmanuals.net/basic-internet-security/<br />
<br />
*[https://securityinabox.org/en/chapter-7 How to keep your Internet communications private] <br />
<br />
'''Public Key Encryption'''<br />
<br />
Read through a couple of interesting guides on how you can set-up public key data encryption for your email communications.<br />
<br />
*https://flossmanuals.net/basic-internet-security/ch027_mail-encryption-gpg<br />
<br />
*http://equalit.ie/esecman/chapter2_4.html#2_4b<br />
<br />
*https://securityinabox.org/en/thuderbird_encryption<br />
<br />
*https://www.vaultletsoft.com<br />
<br />
*https://www.enlocked.com</div>Benhttps://learn.equalit.ie/wiki/Lesson_1_Further_ReadingLesson 1 Further Reading2014-05-28T21:35:54Z<p>Ben: </p>
<hr />
<div><br />
*[http://equalit.ie/esecman/appendix_b.html Digital Security & Privacy for Human Rights Defenders - Appendix B - The Internet Explained]<br />
<br />
*[http://equalit.ie/esecman/chapter2_5.html Digital Security & Privacy for Human Rights Defenders - Internet Surveillance]<br />
<br />
*[http://www.southbourne.com/articles/internet-in-practice Sonet Digital - the Internet Explained]<br />
<br />
*[http://en.wikipedia.org/wiki/Internet The Internet, by Wikipedia]</div>Benhttps://learn.equalit.ie/wiki/Lesson_1_Further_ReadingLesson 1 Further Reading2014-05-28T21:35:42Z<p>Ben: </p>
<hr />
<div><br />
*[http://equalit.ie/esecman/appendix_b.html Digital Security & Privacy for Human Rights Defenders - Appendix B - The Internet Explained]<br />
<br />
<br />
*[http://equalit.ie/esecman/chapter2_5.html Digital Security & Privacy for Human Rights Defenders - Internet Surveillance]<br />
<br />
<br />
*[http://www.southbourne.com/articles/internet-in-practice Sonet Digital - the Internet Explained]<br />
<br />
<br />
*[http://en.wikipedia.org/wiki/Internet The Internet, by Wikipedia]</div>Benhttps://learn.equalit.ie/wiki/Lesson_5_Further_ReadingLesson 5 Further Reading2014-05-28T21:35:18Z<p>Ben: </p>
<hr />
<div><br />
*How to use mobile phones as securely as possible https://securityinabox.org/en/chapter-10<br />
<br />
*How to use smartphones as securely as possible https://securityinabox.org/en/chapter-11<br />
<br />
*Mobile Security https://securityinabox.org/en/portable_security<br />
<br />
*Surveillance Self Defense https://ssd.eff.org/<br />
<br />
*How to protect yourself and your data when using social networking sites https://securityinabox.org/en/chapter-9</div>Benhttps://learn.equalit.ie/wiki/Lesson_1_ExercisesLesson 1 Exercises2014-05-28T21:34:11Z<p>Ben: </p>
<hr />
<div>'''Exercise 1'''<br />
<br />
Use a Geo-IP traceroute tool (http://traceroute.monitis.com/ ) to view how your connection is routed to a particular website.<br />
<br />
'''Exercise 2 '''<br />
<br />
View your computer's IP by visiting http://hostip.info. You can also view the IP addresses associated with your favourite websites through this system. <br />
<br />
'''Exercise 3 '''<br />
<br />
#Use the http://hostip.info tool to find out the IP addresses of your favourite websites.<br />
#Open the Control Panel and locate your Network Connection settings (LAN or Wireless). Manually set the DNS servers to OpenDNS addresses (208.67.222.222208.67.220.220) or use two of the root DNS servers.<br />
<br />
'''Exercise 4 '''<br />
<br />
Install the Wireshark network protocol analyzer (http://www.wireshark.org/) to view traffic on the local network (this exercise is only for those using a cable connection to the network).</div>Benhttps://learn.equalit.ie/wiki/How_does_the_Internet_actually_work%3FHow does the Internet actually work?2014-05-28T21:31:37Z<p>Ben: /* Domain Name System */</p>
<hr />
<div><br />
=Connect=<br />
<br />
==Internet Routing==<br />
<br><br />
<br />
'Going online' requires connecting your computer to the national Internet infrastructure. The process begins by establishing a link to your Internet Service Provider (ISP) whether through a telephone line, cable or wireless connection. The ISP connects you to the national infrastructure which is regulated and in some countries governed by the ministry of telecommunications. Using one (or one of several) Internet exchange points in your country, the connection is routed to the global Internet. <br />
<br />
<br />
[[File:InternetConnectionsshort.jpg|InternetConnections]]<br />
<br />
<br />
Whether you are accessing the Internet from your home computer or from a mobile phone on a moving train, the principle remains the same: your device connects to the local ISP > connects to the national provider > connects to the Internet exchange (backbone). Should you be visiting a website or sending an email to a server located in a different country (quite likely) then this progression through the network hierarchy is repeated on the other end side of the communications channel too.<br />
<br />
<br />
[[File:InternetConnections.jpg|InternetConnections]]<br />
<br />
<br />
Notice that in the last example, your connection routes through at least two national (legal) jurisdictions.<br />
<br />
<br />
'''Exercise:''' Use a Geo-IP traceroute tool (http://traceroute.monitis.com/ ) to view how your connection is routed to a particular website.<br />
<br />
'' '''Note:''' The Internet is a packet-switching network. This means that your email, for example, is broken down into small individual packets which are then sent independently of each other along the many possible routes on the network that connect you to your friend's computer. These packets are then reassembled at the receiver's end to re-create your email. Important! You do not control how data travels through the Internet once you hit the send button. ''<br />
<br />
=Locate=<br />
<br />
Now that you're connected, let's discuss what happens when you request to open a particular website and how this site then delivers back to your computer. Numerous protocols and technical standards govern how the Internet and all of its users locate and communicate with each other. The most important of which we will discuss has to do with Internet addressing. Because everyone on the Internet adheres to these, you are able to open webiste.com and send an email from your computer to a friend's mobile phone in another country.<br />
<br />
==Internet Protocol (IP) Address==<br />
<br />
Internet routing is possible because every computer is uniquely identified on the network by what is known as an IP address. These addresses look like 83.169.39.231 and are the building blocks of Internet addressing. Whenever you want to open a website from your computer, the Internet needs to know your IP address and the IP address of the server the website is hosted on, to make the connection. Important! Your IP address is assigned to you by your local ISP or if you are using mobile Internet, by your telecommunications provider. In most countries ISPs are obligated by law to collect and store traffic data (which IP requested a connection to which IP and when) . This is used primarily for identifying user activity on the Internet at a later date and is the main tool in the hands of Internet police.<br />
<br />
'''Note:''' in an office or Internet cafe scenario, only one computer is connected to the Internet and all other computers connect through it. Only the Internet facing computer (modem) is assigned an external IP address, whilst the others are assigned an internal IP address. Browsing history made from a computer in an Internet café can be traced back by the ISP to the café, not to the individual's computer.<br />
<br />
'''Exercise: Find your current IP on the Internet'''<br />
<br />
#View your computer's IP by visiting http://hostip.info You can also view the IP addresses associated with your favourite websites through this system. <br />
#Next, go to http://whois.net/ to find out who that particular IP address is registered to.<br />
<br />
==Domain Name System==<br />
<br />
Even though all computers connected to the Internet are assigned an IP address, we usually do not know these addresses nor do we use them when opening a website. Numbers are quite difficult to remember (how many phone numbers do you know by heart?) and for this reason we assign names as addresses for our websites (also known as a Universal Resource Locator – URL). These names and their associated IP addresses are recorded in the Domain Name System (DNS). This is akin to the Internet's telephone directory and is another critical component of Internet routing and operations. DNS is hierarchical, meaning that your computer can have its list of URLs and corresponding IPs, your ISP will have a list, the national provider will have a list and so on, right up to the root DNS servers (of which there are 13). Should your computer not have an entry for www.livejournal.com it will ask the next list up in line – the ISP's and so on. Whether browsing websites or sending email, DNS always plays a part. Below is a diagram describing how DNS is utilized when you search for the LiveJournal website. <br />
<br />
<br />
[[File:DSNDiag.jpg|DSNDiag]]<br />
<br />
<br />
* Not knowing the LiveJournal address, you open Google naturally. Your computer doesn't know where www.google.com is and so asks the DNS server for Google's IP.<br />
* Using Google's IP you locate the search engine and punch in 'LiveJournal'. The search returns www.livejournal.com which you promptly click.<br />
* Once again, your computer has no idea where to locate www.livejournal.com and returns to the DNS server to get its IP.<br />
* Finally, using the correct IP you can access LiveJournal's website.<br />
<br />
<br />
'''Media:''' A brief explanation how websites are located using the DNS.<br />
<br />
{{#ev:youtube|oN7ripK5uGM}}<br />
<br />
<br />
Another video that discusses the regulative and technical framework behind DNS and why this is important.<br />
<br />
{{#ev:youtube|72snZctFFtA}}<br />
<br />
<br />
<br />
'''Exercise: Change your computer's DNS settings''' (Here is a walkthrough regarding changing DNS settings in Windows 7)<br />
<br />
#Use the http://hostip.info tool to find out the IP addresses of your favourite websites.<br />
#Open the Control Panel and locate your Network Connection settings (LAN or Wireless). <br />
#Manually set the DNS servers to OpenDNS addresses:<br />
<br />
<br />
208.67.222.222<br />
208.67.220.220<br />
<br />
<br />
or use two of the root DNS servers http://en.wikipedia.org/wiki/Root_name_server ).<br />
<br />
=Interact=<br />
<br />
The last part of the Internet's infrastructure concerns the applications we use to send and receive content on the Internet. These include your browser, email program, chat client and every other software on your computer that utilizes or help you interact on the Internet. Every application has its particular language and protocols and these often affect how information is transmitted between two computers on the Internet. This usually involves a type of technical language (protocol) by which it communicates or the channel (port) it selects for communication. For example, some applications send data in a clear-text format and every computer/router that stands in-between the communicating parties can access and understand the transmitted information. Other applications take special care to ensure privacy for the communicating parties. For example, when you connect to http://google.com your browser is using the 'http' protocol on port 80. However when the website's address is preceded by the letters 'https' (https://mail.google.com) your browser begins to use the Secure Sockets Layer (SSL) protocol on port 443. The majority of this course is explaining and exploring the different ways that applications interact on the Internet, directly impacting upon your privacy, anonymity and authentication of the transmitted message.<br />
<br />
'''Media:''' Here's a video tutorial from some kid in his bedroom, pulling all the topics that we have discussed above, together.<br />
<br />
{{#ev:youtube|ZGRjUhBj5gg}}</div>Benhttps://learn.equalit.ie/wiki/How_does_the_Internet_actually_work%3FHow does the Internet actually work?2014-05-28T21:30:36Z<p>Ben: /* Internet Routing */</p>
<hr />
<div><br />
=Connect=<br />
<br />
==Internet Routing==<br />
<br><br />
<br />
'Going online' requires connecting your computer to the national Internet infrastructure. The process begins by establishing a link to your Internet Service Provider (ISP) whether through a telephone line, cable or wireless connection. The ISP connects you to the national infrastructure which is regulated and in some countries governed by the ministry of telecommunications. Using one (or one of several) Internet exchange points in your country, the connection is routed to the global Internet. <br />
<br />
<br />
[[File:InternetConnectionsshort.jpg|InternetConnections]]<br />
<br />
<br />
Whether you are accessing the Internet from your home computer or from a mobile phone on a moving train, the principle remains the same: your device connects to the local ISP > connects to the national provider > connects to the Internet exchange (backbone). Should you be visiting a website or sending an email to a server located in a different country (quite likely) then this progression through the network hierarchy is repeated on the other end side of the communications channel too.<br />
<br />
<br />
[[File:InternetConnections.jpg|InternetConnections]]<br />
<br />
<br />
Notice that in the last example, your connection routes through at least two national (legal) jurisdictions.<br />
<br />
<br />
'''Exercise:''' Use a Geo-IP traceroute tool (http://traceroute.monitis.com/ ) to view how your connection is routed to a particular website.<br />
<br />
'' '''Note:''' The Internet is a packet-switching network. This means that your email, for example, is broken down into small individual packets which are then sent independently of each other along the many possible routes on the network that connect you to your friend's computer. These packets are then reassembled at the receiver's end to re-create your email. Important! You do not control how data travels through the Internet once you hit the send button. ''<br />
<br />
=Locate=<br />
<br />
Now that you're connected, let's discuss what happens when you request to open a particular website and how this site then delivers back to your computer. Numerous protocols and technical standards govern how the Internet and all of its users locate and communicate with each other. The most important of which we will discuss has to do with Internet addressing. Because everyone on the Internet adheres to these, you are able to open webiste.com and send an email from your computer to a friend's mobile phone in another country.<br />
<br />
==Internet Protocol (IP) Address==<br />
<br />
Internet routing is possible because every computer is uniquely identified on the network by what is known as an IP address. These addresses look like 83.169.39.231 and are the building blocks of Internet addressing. Whenever you want to open a website from your computer, the Internet needs to know your IP address and the IP address of the server the website is hosted on, to make the connection. Important! Your IP address is assigned to you by your local ISP or if you are using mobile Internet, by your telecommunications provider. In most countries ISPs are obligated by law to collect and store traffic data (which IP requested a connection to which IP and when) . This is used primarily for identifying user activity on the Internet at a later date and is the main tool in the hands of Internet police.<br />
<br />
'''Note:''' in an office or Internet cafe scenario, only one computer is connected to the Internet and all other computers connect through it. Only the Internet facing computer (modem) is assigned an external IP address, whilst the others are assigned an internal IP address. Browsing history made from a computer in an Internet café can be traced back by the ISP to the café, not to the individual's computer.<br />
<br />
'''Exercise: Find your current IP on the Internet'''<br />
<br />
#View your computer's IP by visiting http://hostip.info You can also view the IP addresses associated with your favourite websites through this system. <br />
#Next, go to http://whois.net/ to find out who that particular IP address is registered to.<br />
<br />
==Domain Name System==<br />
<br />
Even though all computers connected to the Internet are assigned an IP address, we usually do not know these addresses nor do we use them when opening a website. Numbers are quite difficult to remember (how many phone numbers do you know by heart?) and for this reason we assign names as addresses for our websites (also known as a Universal Resource Locator – URL). These names and their associated IP addresses are recorded in the Domain Name System (DNS). This is akin to the Internet's telephone directory and is another critical component of Internet routing and operations. DNS is hierarchical, meaning that your computer can have its list of URLs and corresponding IPs, your ISP will have a list, the national provider will have a list and so on, right up to the root DNS servers (of which there are 13). Should your computer not have an entry for www.livejournal.com it will ask the next list up in line – the ISP's and so on. Whether browsing websites or sending email, DNS always plays a part. Below is a diagram describing how DNS is utilized when you search for the LiveJournal website. <br />
<br />
<br />
[[File:DSNDiag.jpg|DSNDiag]]<br />
<br />
<br />
* Not knowing the LiveJournal address, you open Google naturally. Your computer doesn't know where www.google.com is and so asks the DNS server for Google's IP<br />
* Using Google's IP you locate the search engine and punch in 'LiveJournal'. The search returns www.livejournal.com which you promptly click<br />
* Once again, your computer has no idea where to locate www.livejournal.com and returns to the DNS server to get its IP<br />
* Finally, using the correct IP you can access LiveJournal's website<br />
<br />
<br />
'''Media:''' A brief explanation how websites are located using the DNS<br />
<br />
{{#ev:youtube|oN7ripK5uGM}}<br />
<br />
<br />
Another video that discusses the regulative and technical framework behind DNS and why this is important<br />
<br />
{{#ev:youtube|72snZctFFtA}}<br />
<br />
<br />
<br />
'''Exercise: Change your computer's DNS settings''' (Here is a walkthrough regarding changing DNS settings in Windows 7)<br />
<br />
#Use the http://hostip.info tool to find out the IP addresses of your favourite websites.<br />
#Open the Control Panel and locate your Network Connection settings (LAN or Wireless). <br />
#Manually set the DNS servers to OpenDNS addresses:<br />
<br />
<br />
208.67.222.222<br />
208.67.220.220<br />
<br />
<br />
or use two of the root DNS servers http://en.wikipedia.org/wiki/Root_name_server ).<br />
<br />
=Interact=<br />
<br />
The last part of the Internet's infrastructure concerns the applications we use to send and receive content on the Internet. These include your browser, email program, chat client and every other software on your computer that utilizes or help you interact on the Internet. Every application has its particular language and protocols and these often affect how information is transmitted between two computers on the Internet. This usually involves a type of technical language (protocol) by which it communicates or the channel (port) it selects for communication. For example, some applications send data in a clear-text format and every computer/router that stands in-between the communicating parties can access and understand the transmitted information. Other applications take special care to ensure privacy for the communicating parties. For example, when you connect to http://google.com your browser is using the 'http' protocol on port 80. However when the website's address is preceded by the letters 'https' (https://mail.google.com) your browser begins to use the Secure Sockets Layer (SSL) protocol on port 443. The majority of this course is explaining and exploring the different ways that applications interact on the Internet, directly impacting upon your privacy, anonymity and authentication of the transmitted message.<br />
<br />
'''Media:''' Here's a video tutorial from some kid in his bedroom, pulling all the topics that we have discussed above, together.<br />
<br />
{{#ev:youtube|ZGRjUhBj5gg}}</div>Benhttps://learn.equalit.ie/wiki/Lesson_6_Further_ReadingLesson 6 Further Reading2014-05-27T21:09:46Z<p>Ben: </p>
<hr />
<div><br />
<br />
*[https://securityinabox.org/en/chapter-3 How to create and maintain secure passwords]<br />
<br />
*[http://en.flossmanuals.net/basic-internet-security/ch009_keeping-passwords-safe/ Keeping passwords safe]<br />
<br />
*[https://zine.riseup.net/assets/digital_security_for_activists.pdf Digital security for activists]</div>Benhttps://learn.equalit.ie/wiki/Lesson_6_Further_ReadingLesson 6 Further Reading2014-05-27T21:09:29Z<p>Ben: </p>
<hr />
<div><br />
<br />
#[https://securityinabox.org/en/chapter-3 How to create and maintain secure passwords]<br />
<br />
#[http://en.flossmanuals.net/basic-internet-security/ch009_keeping-passwords-safe/ Keeping passwords safe]<br />
<br />
#[https://zine.riseup.net/assets/digital_security_for_activists.pdf Digital security for activists]</div>Benhttps://learn.equalit.ie/wiki/Lesson_6_Further_ReadingLesson 6 Further Reading2014-05-27T21:09:13Z<p>Ben: Created page with " [https://securityinabox.org/en/chapter-3 How to create and maintain secure passwords] [http://en.flossmanuals.net/basic-internet-security/ch009_keeping-passwords-safe/ Keep..."</p>
<hr />
<div><br />
<br />
[https://securityinabox.org/en/chapter-3 How to create and maintain secure passwords]<br />
<br />
[http://en.flossmanuals.net/basic-internet-security/ch009_keeping-passwords-safe/ Keeping passwords safe]<br />
<br />
[https://zine.riseup.net/assets/digital_security_for_activists.pdf Digital security for activists]</div>Benhttps://learn.equalit.ie/wiki/Lesson_6_ExercisesLesson 6 Exercises2014-05-27T21:07:42Z<p>Ben: </p>
<hr />
<div>'''Exercise 1'''<br />
Firefox users install the http://noscript.net/ extension; Chrome users install [https://chrome.google.com/webstore/detail/notscripts/odjhifogjcknibkahlpidmdajjpkkcfn NotScript] extension.<br />
<br />
'''Exercise 2'''<br />
Create a password using mnemonics and test yourself from memory.<br />
<br />
'''Exercise 3'''<br />
https://security.ngoinabox.org/en/keepass_main.html</div>Benhttps://learn.equalit.ie/wiki/Lesson_6_ExercisesLesson 6 Exercises2014-05-27T21:07:33Z<p>Ben: </p>
<hr />
<div>'''Exercise 1'''<br />
Firefox users install the http://noscript.net/ extension; Chrome users install [https://chrome.google.com/webstore/detail/notscripts/odjhifogjcknibkahlpidmdajjpkkcfn NotScript] extension.<br />
<br />
<br />
'''Exercise 2'''<br />
Create a password using mnemonics and test yourself from memory.<br />
<br />
'''Exercise 3'''<br />
https://security.ngoinabox.org/en/keepass_main.html</div>Benhttps://learn.equalit.ie/wiki/Lesson_6_ExercisesLesson 6 Exercises2014-05-27T21:07:22Z<p>Ben: Created page with "'''Exercise 1''' Firefox users install the http://noscript.net/ extension; Chrome users install [https://chrome.google.com/webstore/detail/notscripts/odjhifogjcknibkahlpidmdaj..."</p>
<hr />
<div>'''Exercise 1'''<br />
Firefox users install the http://noscript.net/ extension; Chrome users install [https://chrome.google.com/webstore/detail/notscripts/odjhifogjcknibkahlpidmdajjpkkcfn NotScript] extension.<br />
<br />
<br />
'''Exercise 2'''<br />
Create a password using mnemonics and test yourself from memory.<br />
<br />
'''Exercise 3'''<br />
<br />
https://security.ngoinabox.org/en/keepass_main.html</div>Benhttps://learn.equalit.ie/wiki/Better_PasswordsBetter Passwords2014-05-27T21:04:35Z<p>Ben: </p>
<hr />
<div>===Step 1: Keep your computer clean and protected===<br />
<br />
Before we begin talking about strong passwords we must make sure that our computer is protected from spyware (that could leak your passwords) and unauthorised remote access. This is part and parcel of everyday computing but is especially pertinent to keeping your passwords secure from theft. Most hacking attacks happen by stealing your account password through the installation of spyware on the computer. You must install and maintain up-to-date (and legitimate) anti-virus and firewall software. You should also ensure that your operating system and all applications on your computer have the latest updates. These steps are the precursor to all secure computer operations.<br />
<br />
'''Exercises:''' Protect your computer from malware and unauthorised remote access by installing and configuring an anti-virus and firewall from https://securityinabox.org/<br />
<br />
{{#ev:youtube|e0CzRAh1KAI}}<br />
<br />
<br />
===Step 2: Always be vigilant and cautious===<br />
<br />
The Internet is rife with cyber criminals creating scams that trick you to reveal your password or inadvertently install a piece of malware that will leak them (especially if you skipped Step 1 above). You must be extra vigilant when clicking on links sent to you in an email or chat message. Avoid installing pirated software and browsing to websites whose identity, authenticity you cannot be sure of. Don't use Internet Explorer to browse the Web, run Firefox with the No-Script extension or Chrome with extensions that forbid webpages to execute code on your computer.<br />
<br />
'''Media:''' Read [http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/ this] account from a Wired journalist on how hackers compromised his entire digital life, and how he managed to [http://contextly.com/redirect/?id=SoBTdyU9No:112358:78 restore] it. Lots of good tips and advice.<br />
<br />
'''Exercise:''' Firefox users install the http://noscript.net/ extension; Chrome users install [https://chrome.google.com/webstore/detail/notscripts/odjhifogjcknibkahlpidmdajjpkkcfn NotScript] extension.<br />
<br />
===Step 3: Prevent profiling===<br />
<br />
Many people find it difficult to remember passwords and end up creating something that is related to their personal life or interests. For example, a user in New York City might choose 'manhattan' or 'yankees2012' as their password. Perhaps they will use their child's name and year of birth or the name of their pet dog.<br />
<br />
'''Media:''' A [http://xato.net/passwords/more-top-worst-passwords/#more-269 study] of the most commonly used passwords and one covering password [http://arstechnica.com/security/2012/08/passwords-under-assault/2/ hacking] techniques<br />
<br />
A common tactic in password hacking is called profiling – finding out personal details that may have been used as your password. By mining your Facebook, LinkedIn and other public profiles the attack will learn a lot of information about your identity and begin to guess and figure out your passwords. <br />
<br />
{{#ev:youtube|ANXYxDBzleg}}<br />
<br />
===Step 4: Prevent brute force attacks===<br />
<br />
Computers can figure out your password by trying all possible combinations of letters and numbers. A brute force attack usually begins with a dictionary attack – the computer tries every word in the dictionary as your password. This would take a human a long time to attempt, computers can do it at speeds of up to a million passwords per second. Should a dictionary attack prove unsuccessful, all possible combinations of letters, numbers and punctuation is attempted as your password. This method would inevitably find your password sooner or later, the only barrier is time.<br />
<br />
<br />
{| class="wikitable" style="text-align: center;<br />
! style="text-alight:left;"| Length/Variations<br />
!26<br />
!36<br />
!52<br />
!68<br />
|-<br />
|3<br />
|0.18 seconds<br />
|0.47 seconds<br />
|1.41 seconds<br />
|3.14 seconds<br />
|-<br />
|5<br />
|1.98 minutes<br />
|10.1 minutes<br />
|1.06 hours<br />
|4.0.4 hours<br />
|-<br />
|8<br />
|24.2 days<br />
|10.7 months<br />
|17 years<br />
|1.45 centuries<br />
|-<br />
|10<br />
|44.8 years<br />
|1.16 millennia<br />
|45.8 millennia<br />
|45, 582 millennia<br />
|}<br />
<br />
''Here's a rough guide to how how much time a relatively simply laptop will require to brute force your password. The top row indicates the pool of variation in your password (small letters, small letters and numbers, small letters and capitalisation, small letters and capitalization and numbers and four signs of punctuation). The left hand column indicates the length of your password.''<br />
<br />
'''Media:''' http://www.decryptum.com/ can decrypt your word or excel document online. http://www.elcomsoft.com/aopr.html is a software you can download to 'recover' access to protected MS Office documents.<br />
<br />
===Step 5: What is a strong password?===<br />
<br />
A password should be difficult to guess or for a computer program to workout.<br />
<br />
<br />
*'''Make it long:''' The longer a password is, the less likely it is that a computer program would be able to guess it in a reasonable amount of time. You should try to create passwords that include ten or more characters. You could also try using a whole sentence as your password.<br />
*'''Make it complex:''' In addition to length, the complexity of a password also helps prevent automatic 'password cracking' software from guessing the right combination of characters. Where possible, you should always include upper case letters, lower case letters, numbers and symbols, such as punctuation marks, in your password.<br />
*'''Don't make it personal:''' Your password should not be related to you personally. Don't choose a word or phrase based on information such as your name, social security number, telephone number, child's name, pet's name, birth date, or anything else that a person could learn by doing a little research about you.<br />
*'''Keep it secret:''' Do not share your password with anyone unless it is absolutely necessary. Often, there are alternatives to sharing a password, such as creating a separate account for each individual who needs access.<br />
*'''Keep it unique:''' Avoid using the same password for more than one account. Otherwise, anyone who learns that password will gain access to even more of your sensitive information.<br />
*'''Keep it fresh:''' Change your password on a regular basis, preferably at least once every three months. Some people get quite attached to a particular password and never change it. This is a bad idea. The longer you keep one password, the more opportunity others have to figure it out.<br />
<br />
'''Media:''' Check how strong your password is http://howsecureismypassword.net<br />
<br />
{{#ev:dotsub|http://dotsub.com/media/07471d2f-2a20-4661-9208-f3394b1c219b/e/m<br />
}}<br />
<br />
http://dotsub.com/media/07471d2f-2a20-4661-9208-f3394b1c219b/e/m<br />
<br />
===Step 6: How to create and remember strong passwords===<br />
<br />
Mnemonics can help you create and remember a strong password. Since it is easier for us to remember a phrase rather than a random combination of letters and number – you could create your password from a sentence or even a paragraph. Let's take the following as an example:<br />
<br />
Will you still need me, will you still feed me when I am 64?<br />
<br />
Now, lets take the first letter of every word. We get Wysnm,wysfmwIa64?<br />
<br />
Alternatively, lets take the last letter. We get lulde,luldenIm64?<br />
<br />
Both of these passwords are long and complex enough to keep the computer busy for thousands of years. Now the trick is not to remember the password itself, but to keep the sentence in mind as well as your rule for withdrawing the password from this sentence. From now on, picture the sentence in your mind and extract your password from it.<br />
<br />
'''Exercise:''' Create a password using mnemonics and test yourself from memory<br />
<br />
'''Media:''' Password [http://www.schneier.com/essay-246.html creation] advice from the Godfather of computer security<br />
<br />
===Step 7: Using software for password creation and storage===<br />
<br />
As an alternative, you can generate random, complex passwords for all of your accounts in a portable, encrypted ''secure password database'', such as '''KeePass'''. Whenever you need to enter a password for a specific account, you can look it up in '''KeePass'''. Using the copy/paste functions you can withdraw the passwords from the program to the screen where it is required.<br />
<br />
The '''KeePass''' program stores all of your passwords in a secure database, protected by a master password (this one you have to remember!). You can store hundreds of different passwords and relevant notes in the program, without having to remember them.<br />
<br />
'''Exercise:''' Install and start using https://securityinabox.org/en/keepass_main</div>Benhttps://learn.equalit.ie/wiki/Better_PasswordsBetter Passwords2014-05-27T21:00:10Z<p>Ben: /* Step 5: What is a strong password? */</p>
<hr />
<div>===Step 1: Keep your computer clean and protected===<br />
<br />
Before we begin talking about strong passwords we must make sure that our computer is protected from spyware (that could leak your passwords) and unauthorised remote access. This is part and parcel of everyday computing but is especially pertinent to keeping your passwords secure from theft. Most hacking attacks happen by stealing your account password through the installation of spyware on the computer. You must install and maintain up-to-date (and legitimate) anti-virus and firewall software. You should also ensure that your operating system and all applications on your computer have the latest updates. These steps are the precursor to all secure computer operations.<br />
<br />
'''Exercises:''' Protect your computer from malware and unauthorised remote access by installing and configuring an anti-virus and firewall from https://securityinabox.org/<br />
<br />
{{#ev:youtube|e0CzRAh1KAI}}<br />
<br />
<br />
===Step 2: Always be vigilant and cautious===<br />
<br />
The Internet is rife with cyber criminals creating scams that trick you to reveal your password or inadvertently install a piece of malware that will leak them (especially if you skipped Step 1 above). You must be extra vigilant when clicking on links sent to you in an email or chat message. Avoid installing pirated software and browsing to websites whose identity, authenticity you cannot be sure of. Don't use Internet Explorer to browse the Web, run Firefox with the No-Script extension or Chrome with extensions that forbid webpages to execute code on your computer.<br />
<br />
'''Media:''' Read [http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/ this] account from a Wired journalist on how hackers compromised his entire digital life, and how he managed to [http://contextly.com/redirect/?id=SoBTdyU9No:112358:78 restore] it. Lots of good tips and advice.<br />
<br />
'''Exercise:''' Firefox users install the http://noscript.net/ extension; Chrome users install [https://chrome.google.com/webstore/detail/notscripts/odjhifogjcknibkahlpidmdajjpkkcfn NotScript] extension.<br />
<br />
===Step 3: Prevent profiling===<br />
<br />
Many people find it difficult to remember passwords and end up creating something that is related to their personal life or interests. For example, a user in New York City might choose 'manhattan' or 'yankees2012' as their password. Perhaps they will use their child's name and year of birth or the name of their pet dog.<br />
<br />
'''Media:''' A [http://xato.net/passwords/more-top-worst-passwords/#more-269 study] of the most commonly used passwords and one covering password [http://arstechnica.com/security/2012/08/passwords-under-assault/2/ hacking] techniques<br />
<br />
A common tactic in password hacking is called profiling – finding out personal details that may have been used as your password. By mining your Facebook, LinkedIn and other public profiles the attack will learn a lot of information about your identity and begin to guess and figure out your passwords. <br />
<br />
{{#ev:youtube|ANXYxDBzleg}}<br />
<br />
===Step 4: Prevent brute force attacks===<br />
<br />
Computers can figure out your password by trying all possible combinations of letters and numbers. A brute force attack usually begins with a dictionary attack – the computer tries every word in the dictionary as your password. This would take a human a long time to attempt, computers can do it at speeds of up to a million passwords per second. Should a dictionary attack prove unsuccessful, all possible combinations of letters, numbers and punctuation is attempted as your password. This method would inevitably find your password sooner or later, the only barrier is time.<br />
<br />
<br />
{| class="wikitable" style="text-align: center;<br />
! style="text-alight:left;"| Length/Variations<br />
!26<br />
!36<br />
!52<br />
!68<br />
|-<br />
|3<br />
|0.18 seconds<br />
|0.47 seconds<br />
|1.41 seconds<br />
|3.14 seconds<br />
|-<br />
|5<br />
|1.98 minutes<br />
|10.1 minutes<br />
|1.06 hours<br />
|4.0.4 hours<br />
|-<br />
|8<br />
|24.2 days<br />
|10.7 months<br />
|17 years<br />
|1.45 centuries<br />
|-<br />
|10<br />
|44.8 years<br />
|1.16 millennia<br />
|45.8 millennia<br />
|45, 582 millennia<br />
|}<br />
<br />
''Here's a rough guide to how how much time a relatively simply laptop will require to brute force your password. The top row indicates the pool of variation in your password (small letters, small letters and numbers, small letters and capitalisation, small letters and capitalization and numbers and four signs of punctuation). The left hand column indicates the length of your password.''<br />
<br />
'''Media:''' http://www.decryptum.com/ can decrypt your word or excel document online. http://www.elcomsoft.com/aopr.html is a software you can download to 'recover' access to protected MS Office documents.<br />
<br />
===Step 5: What is a strong password?===<br />
<br />
A password should be difficult to guess or for a computer program to workout.<br />
<br />
<br />
*'''Make it long:''' The longer a password is, the less likely it is that a computer program would be able to guess it in a reasonable amount of time. You should try to create passwords that include ten or more characters. You could also try using a whole sentence as your password.<br />
*'''Make it complex:''' In addition to length, the complexity of a password also helps prevent automatic 'password cracking' software from guessing the right combination of characters. Where possible, you should always include upper case letters, lower case letters, numbers and symbols, such as punctuation marks, in your password.<br />
*'''Don't make it personal:''' Your password should not be related to you personally. Don't choose a word or phrase based on information such as your name, social security number, telephone number, child's name, pet's name, birth date, or anything else that a person could learn by doing a little research about you.<br />
*'''Keep it secret:''' Do not share your password with anyone unless it is absolutely necessary. Often, there are alternatives to sharing a password, such as creating a separate account for each individual who needs access.<br />
*'''Keep it unique:''' Avoid using the same password for more than one account. Otherwise, anyone who learns that password will gain access to even more of your sensitive information.<br />
*'''Keep it fresh:''' Change your password on a regular basis, preferably at least once every three months. Some people get quite attached to a particular password and never change it. This is a bad idea. The longer you keep one password, the more opportunity others have to figure it out.<br />
<br />
'''Media:''' Check how strong your password is http://howsecureismypassword.net<br />
<br />
{{#ev:dotsub|http://dotsub.com/media/07471d2f-2a20-4661-9208-f3394b1c219b/e/m<br />
}}<br />
<br />
http://dotsub.com/media/07471d2f-2a20-4661-9208-f3394b1c219b/e/m</div>Benhttps://learn.equalit.ie/wiki/Better_PasswordsBetter Passwords2014-05-27T20:59:51Z<p>Ben: /* Step 5: What is a strong password? */</p>
<hr />
<div>===Step 1: Keep your computer clean and protected===<br />
<br />
Before we begin talking about strong passwords we must make sure that our computer is protected from spyware (that could leak your passwords) and unauthorised remote access. This is part and parcel of everyday computing but is especially pertinent to keeping your passwords secure from theft. Most hacking attacks happen by stealing your account password through the installation of spyware on the computer. You must install and maintain up-to-date (and legitimate) anti-virus and firewall software. You should also ensure that your operating system and all applications on your computer have the latest updates. These steps are the precursor to all secure computer operations.<br />
<br />
'''Exercises:''' Protect your computer from malware and unauthorised remote access by installing and configuring an anti-virus and firewall from https://securityinabox.org/<br />
<br />
{{#ev:youtube|e0CzRAh1KAI}}<br />
<br />
<br />
===Step 2: Always be vigilant and cautious===<br />
<br />
The Internet is rife with cyber criminals creating scams that trick you to reveal your password or inadvertently install a piece of malware that will leak them (especially if you skipped Step 1 above). You must be extra vigilant when clicking on links sent to you in an email or chat message. Avoid installing pirated software and browsing to websites whose identity, authenticity you cannot be sure of. Don't use Internet Explorer to browse the Web, run Firefox with the No-Script extension or Chrome with extensions that forbid webpages to execute code on your computer.<br />
<br />
'''Media:''' Read [http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/ this] account from a Wired journalist on how hackers compromised his entire digital life, and how he managed to [http://contextly.com/redirect/?id=SoBTdyU9No:112358:78 restore] it. Lots of good tips and advice.<br />
<br />
'''Exercise:''' Firefox users install the http://noscript.net/ extension; Chrome users install [https://chrome.google.com/webstore/detail/notscripts/odjhifogjcknibkahlpidmdajjpkkcfn NotScript] extension.<br />
<br />
===Step 3: Prevent profiling===<br />
<br />
Many people find it difficult to remember passwords and end up creating something that is related to their personal life or interests. For example, a user in New York City might choose 'manhattan' or 'yankees2012' as their password. Perhaps they will use their child's name and year of birth or the name of their pet dog.<br />
<br />
'''Media:''' A [http://xato.net/passwords/more-top-worst-passwords/#more-269 study] of the most commonly used passwords and one covering password [http://arstechnica.com/security/2012/08/passwords-under-assault/2/ hacking] techniques<br />
<br />
A common tactic in password hacking is called profiling – finding out personal details that may have been used as your password. By mining your Facebook, LinkedIn and other public profiles the attack will learn a lot of information about your identity and begin to guess and figure out your passwords. <br />
<br />
{{#ev:youtube|ANXYxDBzleg}}<br />
<br />
===Step 4: Prevent brute force attacks===<br />
<br />
Computers can figure out your password by trying all possible combinations of letters and numbers. A brute force attack usually begins with a dictionary attack – the computer tries every word in the dictionary as your password. This would take a human a long time to attempt, computers can do it at speeds of up to a million passwords per second. Should a dictionary attack prove unsuccessful, all possible combinations of letters, numbers and punctuation is attempted as your password. This method would inevitably find your password sooner or later, the only barrier is time.<br />
<br />
<br />
{| class="wikitable" style="text-align: center;<br />
! style="text-alight:left;"| Length/Variations<br />
!26<br />
!36<br />
!52<br />
!68<br />
|-<br />
|3<br />
|0.18 seconds<br />
|0.47 seconds<br />
|1.41 seconds<br />
|3.14 seconds<br />
|-<br />
|5<br />
|1.98 minutes<br />
|10.1 minutes<br />
|1.06 hours<br />
|4.0.4 hours<br />
|-<br />
|8<br />
|24.2 days<br />
|10.7 months<br />
|17 years<br />
|1.45 centuries<br />
|-<br />
|10<br />
|44.8 years<br />
|1.16 millennia<br />
|45.8 millennia<br />
|45, 582 millennia<br />
|}<br />
<br />
''Here's a rough guide to how how much time a relatively simply laptop will require to brute force your password. The top row indicates the pool of variation in your password (small letters, small letters and numbers, small letters and capitalisation, small letters and capitalization and numbers and four signs of punctuation). The left hand column indicates the length of your password.''<br />
<br />
'''Media:''' http://www.decryptum.com/ can decrypt your word or excel document online. http://www.elcomsoft.com/aopr.html is a software you can download to 'recover' access to protected MS Office documents.<br />
<br />
===Step 5: What is a strong password?===<br />
<br />
A password should be difficult to guess or for a computer program to workout.<br />
<br />
<br />
*'''Make it long:''' The longer a password is, the less likely it is that a computer program would be able to guess it in a reasonable amount of time. You should try to create passwords that include ten or more characters. You could also try using a whole sentence as your password.<br />
*'''Make it complex:''' In addition to length, the complexity of a password also helps prevent automatic 'password cracking' software from guessing the right combination of characters. Where possible, you should always include upper case letters, lower case letters, numbers and symbols, such as punctuation marks, in your password.<br />
*'''Don't make it personal:''' Your password should not be related to you personally. Don't choose a word or phrase based on information such as your name, social security number, telephone number, child's name, pet's name, birth date, or anything else that a person could learn by doing a little research about you.<br />
*'''Keep it secret:''' Do not share your password with anyone unless it is absolutely necessary. Often, there are alternatives to sharing a password, such as creating a separate account for each individual who needs access.<br />
*'''Keep it unique:''' Avoid using the same password for more than one account. Otherwise, anyone who learns that password will gain access to even more of your sensitive information.<br />
*'''Keep it fresh:''' Change your password on a regular basis, preferably at least once every three months. Some people get quite attached to a particular password and never change it. This is a bad idea. The longer you keep one password, the more opportunity others have to figure it out.<br />
<br />
'''Media:''' Check how strong your password is http://howsecureismypassword.net<br />
<br />
{{#ev:dotsub.com|http://dotsub.com/media/07471d2f-2a20-4661-9208-f3394b1c219b/e/m<br />
}}<br />
<br />
http://dotsub.com/media/07471d2f-2a20-4661-9208-f3394b1c219b/e/m</div>Benhttps://learn.equalit.ie/wiki/Better_PasswordsBetter Passwords2014-05-27T20:55:12Z<p>Ben: /* Step 5: What is a strong password? */</p>
<hr />
<div>===Step 1: Keep your computer clean and protected===<br />
<br />
Before we begin talking about strong passwords we must make sure that our computer is protected from spyware (that could leak your passwords) and unauthorised remote access. This is part and parcel of everyday computing but is especially pertinent to keeping your passwords secure from theft. Most hacking attacks happen by stealing your account password through the installation of spyware on the computer. You must install and maintain up-to-date (and legitimate) anti-virus and firewall software. You should also ensure that your operating system and all applications on your computer have the latest updates. These steps are the precursor to all secure computer operations.<br />
<br />
'''Exercises:''' Protect your computer from malware and unauthorised remote access by installing and configuring an anti-virus and firewall from https://securityinabox.org/<br />
<br />
{{#ev:youtube|e0CzRAh1KAI}}<br />
<br />
<br />
===Step 2: Always be vigilant and cautious===<br />
<br />
The Internet is rife with cyber criminals creating scams that trick you to reveal your password or inadvertently install a piece of malware that will leak them (especially if you skipped Step 1 above). You must be extra vigilant when clicking on links sent to you in an email or chat message. Avoid installing pirated software and browsing to websites whose identity, authenticity you cannot be sure of. Don't use Internet Explorer to browse the Web, run Firefox with the No-Script extension or Chrome with extensions that forbid webpages to execute code on your computer.<br />
<br />
'''Media:''' Read [http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/ this] account from a Wired journalist on how hackers compromised his entire digital life, and how he managed to [http://contextly.com/redirect/?id=SoBTdyU9No:112358:78 restore] it. Lots of good tips and advice.<br />
<br />
'''Exercise:''' Firefox users install the http://noscript.net/ extension; Chrome users install [https://chrome.google.com/webstore/detail/notscripts/odjhifogjcknibkahlpidmdajjpkkcfn NotScript] extension.<br />
<br />
===Step 3: Prevent profiling===<br />
<br />
Many people find it difficult to remember passwords and end up creating something that is related to their personal life or interests. For example, a user in New York City might choose 'manhattan' or 'yankees2012' as their password. Perhaps they will use their child's name and year of birth or the name of their pet dog.<br />
<br />
'''Media:''' A [http://xato.net/passwords/more-top-worst-passwords/#more-269 study] of the most commonly used passwords and one covering password [http://arstechnica.com/security/2012/08/passwords-under-assault/2/ hacking] techniques<br />
<br />
A common tactic in password hacking is called profiling – finding out personal details that may have been used as your password. By mining your Facebook, LinkedIn and other public profiles the attack will learn a lot of information about your identity and begin to guess and figure out your passwords. <br />
<br />
{{#ev:youtube|ANXYxDBzleg}}<br />
<br />
===Step 4: Prevent brute force attacks===<br />
<br />
Computers can figure out your password by trying all possible combinations of letters and numbers. A brute force attack usually begins with a dictionary attack – the computer tries every word in the dictionary as your password. This would take a human a long time to attempt, computers can do it at speeds of up to a million passwords per second. Should a dictionary attack prove unsuccessful, all possible combinations of letters, numbers and punctuation is attempted as your password. This method would inevitably find your password sooner or later, the only barrier is time.<br />
<br />
<br />
{| class="wikitable" style="text-align: center;<br />
! style="text-alight:left;"| Length/Variations<br />
!26<br />
!36<br />
!52<br />
!68<br />
|-<br />
|3<br />
|0.18 seconds<br />
|0.47 seconds<br />
|1.41 seconds<br />
|3.14 seconds<br />
|-<br />
|5<br />
|1.98 minutes<br />
|10.1 minutes<br />
|1.06 hours<br />
|4.0.4 hours<br />
|-<br />
|8<br />
|24.2 days<br />
|10.7 months<br />
|17 years<br />
|1.45 centuries<br />
|-<br />
|10<br />
|44.8 years<br />
|1.16 millennia<br />
|45.8 millennia<br />
|45, 582 millennia<br />
|}<br />
<br />
''Here's a rough guide to how how much time a relatively simply laptop will require to brute force your password. The top row indicates the pool of variation in your password (small letters, small letters and numbers, small letters and capitalisation, small letters and capitalization and numbers and four signs of punctuation). The left hand column indicates the length of your password.''<br />
<br />
'''Media:''' http://www.decryptum.com/ can decrypt your word or excel document online. http://www.elcomsoft.com/aopr.html is a software you can download to 'recover' access to protected MS Office documents.<br />
<br />
===Step 5: What is a strong password?===<br />
<br />
A password should be difficult to guess or for a computer program to workout.<br />
<br />
<br />
*'''Make it long:''' The longer a password is, the less likely it is that a computer program would be able to guess it in a reasonable amount of time. You should try to create passwords that include ten or more characters. You could also try using a whole sentence as your password.<br />
*'''Make it complex:''' In addition to length, the complexity of a password also helps prevent automatic 'password cracking' software from guessing the right combination of characters. Where possible, you should always include upper case letters, lower case letters, numbers and symbols, such as punctuation marks, in your password.<br />
*'''Don't make it personal:''' Your password should not be related to you personally. Don't choose a word or phrase based on information such as your name, social security number, telephone number, child's name, pet's name, birth date, or anything else that a person could learn by doing a little research about you.<br />
*'''Keep it secret:''' Do not share your password with anyone unless it is absolutely necessary. Often, there are alternatives to sharing a password, such as creating a separate account for each individual who needs access.<br />
*'''Keep it unique:''' Avoid using the same password for more than one account. Otherwise, anyone who learns that password will gain access to even more of your sensitive information.<br />
*'''Keep it fresh:''' Change your password on a regular basis, preferably at least once every three months. Some people get quite attached to a particular password and never change it. This is a bad idea. The longer you keep one password, the more opportunity others have to figure it out.<br />
<br />
'''Media:''' Check how strong your password is http://howsecureismypassword.net<br />
<br />
{{#ev:youtube|ANXYxDBzleg}}</div>Benhttps://learn.equalit.ie/wiki/Better_PasswordsBetter Passwords2014-05-27T20:54:42Z<p>Ben: /* Step 4: Prevent brute force attacks */</p>
<hr />
<div>===Step 1: Keep your computer clean and protected===<br />
<br />
Before we begin talking about strong passwords we must make sure that our computer is protected from spyware (that could leak your passwords) and unauthorised remote access. This is part and parcel of everyday computing but is especially pertinent to keeping your passwords secure from theft. Most hacking attacks happen by stealing your account password through the installation of spyware on the computer. You must install and maintain up-to-date (and legitimate) anti-virus and firewall software. You should also ensure that your operating system and all applications on your computer have the latest updates. These steps are the precursor to all secure computer operations.<br />
<br />
'''Exercises:''' Protect your computer from malware and unauthorised remote access by installing and configuring an anti-virus and firewall from https://securityinabox.org/<br />
<br />
{{#ev:youtube|e0CzRAh1KAI}}<br />
<br />
<br />
===Step 2: Always be vigilant and cautious===<br />
<br />
The Internet is rife with cyber criminals creating scams that trick you to reveal your password or inadvertently install a piece of malware that will leak them (especially if you skipped Step 1 above). You must be extra vigilant when clicking on links sent to you in an email or chat message. Avoid installing pirated software and browsing to websites whose identity, authenticity you cannot be sure of. Don't use Internet Explorer to browse the Web, run Firefox with the No-Script extension or Chrome with extensions that forbid webpages to execute code on your computer.<br />
<br />
'''Media:''' Read [http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/ this] account from a Wired journalist on how hackers compromised his entire digital life, and how he managed to [http://contextly.com/redirect/?id=SoBTdyU9No:112358:78 restore] it. Lots of good tips and advice.<br />
<br />
'''Exercise:''' Firefox users install the http://noscript.net/ extension; Chrome users install [https://chrome.google.com/webstore/detail/notscripts/odjhifogjcknibkahlpidmdajjpkkcfn NotScript] extension.<br />
<br />
===Step 3: Prevent profiling===<br />
<br />
Many people find it difficult to remember passwords and end up creating something that is related to their personal life or interests. For example, a user in New York City might choose 'manhattan' or 'yankees2012' as their password. Perhaps they will use their child's name and year of birth or the name of their pet dog.<br />
<br />
'''Media:''' A [http://xato.net/passwords/more-top-worst-passwords/#more-269 study] of the most commonly used passwords and one covering password [http://arstechnica.com/security/2012/08/passwords-under-assault/2/ hacking] techniques<br />
<br />
A common tactic in password hacking is called profiling – finding out personal details that may have been used as your password. By mining your Facebook, LinkedIn and other public profiles the attack will learn a lot of information about your identity and begin to guess and figure out your passwords. <br />
<br />
{{#ev:youtube|ANXYxDBzleg}}<br />
<br />
===Step 4: Prevent brute force attacks===<br />
<br />
Computers can figure out your password by trying all possible combinations of letters and numbers. A brute force attack usually begins with a dictionary attack – the computer tries every word in the dictionary as your password. This would take a human a long time to attempt, computers can do it at speeds of up to a million passwords per second. Should a dictionary attack prove unsuccessful, all possible combinations of letters, numbers and punctuation is attempted as your password. This method would inevitably find your password sooner or later, the only barrier is time.<br />
<br />
<br />
{| class="wikitable" style="text-align: center;<br />
! style="text-alight:left;"| Length/Variations<br />
!26<br />
!36<br />
!52<br />
!68<br />
|-<br />
|3<br />
|0.18 seconds<br />
|0.47 seconds<br />
|1.41 seconds<br />
|3.14 seconds<br />
|-<br />
|5<br />
|1.98 minutes<br />
|10.1 minutes<br />
|1.06 hours<br />
|4.0.4 hours<br />
|-<br />
|8<br />
|24.2 days<br />
|10.7 months<br />
|17 years<br />
|1.45 centuries<br />
|-<br />
|10<br />
|44.8 years<br />
|1.16 millennia<br />
|45.8 millennia<br />
|45, 582 millennia<br />
|}<br />
<br />
''Here's a rough guide to how how much time a relatively simply laptop will require to brute force your password. The top row indicates the pool of variation in your password (small letters, small letters and numbers, small letters and capitalisation, small letters and capitalization and numbers and four signs of punctuation). The left hand column indicates the length of your password.''<br />
<br />
'''Media:''' http://www.decryptum.com/ can decrypt your word or excel document online. http://www.elcomsoft.com/aopr.html is a software you can download to 'recover' access to protected MS Office documents.<br />
<br />
===Step 5: What is a strong password?===<br />
<br />
A password should be difficult to guess or for a computer program to workout.<br />
<br />
<br />
*'''Make it long:''' The longer a password is, the less likely it is that a computer program would be able to guess it in a reasonable amount of time. You should try to create passwords that include ten or more characters. You could also try using a whole sentence as your password.<br />
*'''Make it complex:''' In addition to length, the complexity of a password also helps prevent automatic 'password cracking' software from guessing the right combination of characters. Where possible, you should always include upper case letters, lower case letters, numbers and symbols, such as punctuation marks, in your password.<br />
*'''Don't make it personal:''' Your password should not be related to you personally. Don't choose a word or phrase based on information such as your name, social security number, telephone number, child's name, pet's name, birth date, or anything else that a person could learn by doing a little research about you.<br />
*'''Keep it secret:''' Do not share your password with anyone unless it is absolutely necessary. Often, there are alternatives to sharing a password, such as creating a separate account for each individual who needs access.<br />
*'''Keep it unique:''' Avoid using the same password for more than one account. Otherwise, anyone who learns that password will gain access to even more of your sensitive information.<br />
*'''Keep it fresh:''' Change your password on a regular basis, preferably at least once every three months. Some people get quite attached to a particular password and never change it. This is a bad idea. The longer you keep one password, the more opportunity others have to figure it out.<br />
<br />
'''Media:''' Check how strong your password is http://howsecureismypassword.net<br />
<br />
{{ev:youtube|ANXYxDBzleg}}</div>Benhttps://learn.equalit.ie/wiki/Better_PasswordsBetter Passwords2014-05-27T20:40:03Z<p>Ben: /* Step 4: Prevent brute force attacks */</p>
<hr />
<div>===Step 1: Keep your computer clean and protected===<br />
<br />
Before we begin talking about strong passwords we must make sure that our computer is protected from spyware (that could leak your passwords) and unauthorised remote access. This is part and parcel of everyday computing but is especially pertinent to keeping your passwords secure from theft. Most hacking attacks happen by stealing your account password through the installation of spyware on the computer. You must install and maintain up-to-date (and legitimate) anti-virus and firewall software. You should also ensure that your operating system and all applications on your computer have the latest updates. These steps are the precursor to all secure computer operations.<br />
<br />
'''Exercises:''' Protect your computer from malware and unauthorised remote access by installing and configuring an anti-virus and firewall from https://securityinabox.org/<br />
<br />
{{#ev:youtube|e0CzRAh1KAI}}<br />
<br />
<br />
===Step 2: Always be vigilant and cautious===<br />
<br />
The Internet is rife with cyber criminals creating scams that trick you to reveal your password or inadvertently install a piece of malware that will leak them (especially if you skipped Step 1 above). You must be extra vigilant when clicking on links sent to you in an email or chat message. Avoid installing pirated software and browsing to websites whose identity, authenticity you cannot be sure of. Don't use Internet Explorer to browse the Web, run Firefox with the No-Script extension or Chrome with extensions that forbid webpages to execute code on your computer.<br />
<br />
'''Media:''' Read [http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/ this] account from a Wired journalist on how hackers compromised his entire digital life, and how he managed to [http://contextly.com/redirect/?id=SoBTdyU9No:112358:78 restore] it. Lots of good tips and advice.<br />
<br />
'''Exercise:''' Firefox users install the http://noscript.net/ extension; Chrome users install [https://chrome.google.com/webstore/detail/notscripts/odjhifogjcknibkahlpidmdajjpkkcfn NotScript] extension.<br />
<br />
===Step 3: Prevent profiling===<br />
<br />
Many people find it difficult to remember passwords and end up creating something that is related to their personal life or interests. For example, a user in New York City might choose 'manhattan' or 'yankees2012' as their password. Perhaps they will use their child's name and year of birth or the name of their pet dog.<br />
<br />
'''Media:''' A [http://xato.net/passwords/more-top-worst-passwords/#more-269 study] of the most commonly used passwords and one covering password [http://arstechnica.com/security/2012/08/passwords-under-assault/2/ hacking] techniques<br />
<br />
A common tactic in password hacking is called profiling – finding out personal details that may have been used as your password. By mining your Facebook, LinkedIn and other public profiles the attack will learn a lot of information about your identity and begin to guess and figure out your passwords. <br />
<br />
{{#ev:youtube|ANXYxDBzleg}}<br />
<br />
===Step 4: Prevent brute force attacks===<br />
<br />
Computers can figure out your password by trying all possible combinations of letters and numbers. A brute force attack usually begins with a dictionary attack – the computer tries every word in the dictionary as your password. This would take a human a long time to attempt, computers can do it at speeds of up to a million passwords per second. Should a dictionary attack prove unsuccessful, all possible combinations of letters, numbers and punctuation is attempted as your password. This method would inevitably find your password sooner or later, the only barrier is time.<br />
<br />
<br />
{| class="wikitable" style="text-align: center;<br />
! style="text-alight:left;"| Length/Variations<br />
!26<br />
!36<br />
!52<br />
!68<br />
|-<br />
|3<br />
|0.18 seconds<br />
|0.47 seconds<br />
|1.41 seconds<br />
|3.14 seconds<br />
|-<br />
|5<br />
|1.98 minutes<br />
|10.1 minutes<br />
|1.06 hours<br />
|4.0.4 hours<br />
|-<br />
|8<br />
|24.2 days<br />
|10.7 months<br />
|17 years<br />
|1.45 centuries<br />
|-<br />
|10<br />
|44.8 years<br />
|1.16 millennia<br />
|45.8 millennia<br />
|45, 582 millennia<br />
|}</div>Benhttps://learn.equalit.ie/wiki/Better_PasswordsBetter Passwords2014-05-27T20:38:40Z<p>Ben: /* Step 4: Prevent brute force attacks */</p>
<hr />
<div>===Step 1: Keep your computer clean and protected===<br />
<br />
Before we begin talking about strong passwords we must make sure that our computer is protected from spyware (that could leak your passwords) and unauthorised remote access. This is part and parcel of everyday computing but is especially pertinent to keeping your passwords secure from theft. Most hacking attacks happen by stealing your account password through the installation of spyware on the computer. You must install and maintain up-to-date (and legitimate) anti-virus and firewall software. You should also ensure that your operating system and all applications on your computer have the latest updates. These steps are the precursor to all secure computer operations.<br />
<br />
'''Exercises:''' Protect your computer from malware and unauthorised remote access by installing and configuring an anti-virus and firewall from https://securityinabox.org/<br />
<br />
{{#ev:youtube|e0CzRAh1KAI}}<br />
<br />
<br />
===Step 2: Always be vigilant and cautious===<br />
<br />
The Internet is rife with cyber criminals creating scams that trick you to reveal your password or inadvertently install a piece of malware that will leak them (especially if you skipped Step 1 above). You must be extra vigilant when clicking on links sent to you in an email or chat message. Avoid installing pirated software and browsing to websites whose identity, authenticity you cannot be sure of. Don't use Internet Explorer to browse the Web, run Firefox with the No-Script extension or Chrome with extensions that forbid webpages to execute code on your computer.<br />
<br />
'''Media:''' Read [http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/ this] account from a Wired journalist on how hackers compromised his entire digital life, and how he managed to [http://contextly.com/redirect/?id=SoBTdyU9No:112358:78 restore] it. Lots of good tips and advice.<br />
<br />
'''Exercise:''' Firefox users install the http://noscript.net/ extension; Chrome users install [https://chrome.google.com/webstore/detail/notscripts/odjhifogjcknibkahlpidmdajjpkkcfn NotScript] extension.<br />
<br />
===Step 3: Prevent profiling===<br />
<br />
Many people find it difficult to remember passwords and end up creating something that is related to their personal life or interests. For example, a user in New York City might choose 'manhattan' or 'yankees2012' as their password. Perhaps they will use their child's name and year of birth or the name of their pet dog.<br />
<br />
'''Media:''' A [http://xato.net/passwords/more-top-worst-passwords/#more-269 study] of the most commonly used passwords and one covering password [http://arstechnica.com/security/2012/08/passwords-under-assault/2/ hacking] techniques<br />
<br />
A common tactic in password hacking is called profiling – finding out personal details that may have been used as your password. By mining your Facebook, LinkedIn and other public profiles the attack will learn a lot of information about your identity and begin to guess and figure out your passwords. <br />
<br />
{{#ev:youtube|ANXYxDBzleg}}<br />
<br />
===Step 4: Prevent brute force attacks===<br />
<br />
Computers can figure out your password by trying all possible combinations of letters and numbers. A brute force attack usually begins with a dictionary attack – the computer tries every word in the dictionary as your password. This would take a human a long time to attempt, computers can do it at speeds of up to a million passwords per second. Should a dictionary attack prove unsuccessful, all possible combinations of letters, numbers and punctuation is attempted as your password. This method would inevitably find your password sooner or later, the only barrier is time.<br />
<br />
{|<br />
! style="text-alight:left;"| Length/Variations<br />
!26<br />
!36<br />
!52<br />
!68<br />
|-<br />
|3<br />
|0.18 seconds<br />
|0.47 seconds<br />
|1.41 seconds<br />
|3.14 seconds<br />
|-<br />
|5<br />
|1.98 minutes<br />
|10.1 minutes<br />
|1.06 hours<br />
|4.0.4 hours<br />
|-<br />
|8<br />
|24.2 days<br />
|10.7 months<br />
|17 years<br />
|1.45 centuries<br />
|-<br />
|10<br />
|44.8 years<br />
|1.16 millennia<br />
|45.8 millennia<br />
|45, 582 millennia<br />
|}</div>Benhttps://learn.equalit.ie/wiki/Better_PasswordsBetter Passwords2014-05-27T20:38:18Z<p>Ben: /* Step 4: Prevent brute force attacks */</p>
<hr />
<div>===Step 1: Keep your computer clean and protected===<br />
<br />
Before we begin talking about strong passwords we must make sure that our computer is protected from spyware (that could leak your passwords) and unauthorised remote access. This is part and parcel of everyday computing but is especially pertinent to keeping your passwords secure from theft. Most hacking attacks happen by stealing your account password through the installation of spyware on the computer. You must install and maintain up-to-date (and legitimate) anti-virus and firewall software. You should also ensure that your operating system and all applications on your computer have the latest updates. These steps are the precursor to all secure computer operations.<br />
<br />
'''Exercises:''' Protect your computer from malware and unauthorised remote access by installing and configuring an anti-virus and firewall from https://securityinabox.org/<br />
<br />
{{#ev:youtube|e0CzRAh1KAI}}<br />
<br />
<br />
===Step 2: Always be vigilant and cautious===<br />
<br />
The Internet is rife with cyber criminals creating scams that trick you to reveal your password or inadvertently install a piece of malware that will leak them (especially if you skipped Step 1 above). You must be extra vigilant when clicking on links sent to you in an email or chat message. Avoid installing pirated software and browsing to websites whose identity, authenticity you cannot be sure of. Don't use Internet Explorer to browse the Web, run Firefox with the No-Script extension or Chrome with extensions that forbid webpages to execute code on your computer.<br />
<br />
'''Media:''' Read [http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/ this] account from a Wired journalist on how hackers compromised his entire digital life, and how he managed to [http://contextly.com/redirect/?id=SoBTdyU9No:112358:78 restore] it. Lots of good tips and advice.<br />
<br />
'''Exercise:''' Firefox users install the http://noscript.net/ extension; Chrome users install [https://chrome.google.com/webstore/detail/notscripts/odjhifogjcknibkahlpidmdajjpkkcfn NotScript] extension.<br />
<br />
===Step 3: Prevent profiling===<br />
<br />
Many people find it difficult to remember passwords and end up creating something that is related to their personal life or interests. For example, a user in New York City might choose 'manhattan' or 'yankees2012' as their password. Perhaps they will use their child's name and year of birth or the name of their pet dog.<br />
<br />
'''Media:''' A [http://xato.net/passwords/more-top-worst-passwords/#more-269 study] of the most commonly used passwords and one covering password [http://arstechnica.com/security/2012/08/passwords-under-assault/2/ hacking] techniques<br />
<br />
A common tactic in password hacking is called profiling – finding out personal details that may have been used as your password. By mining your Facebook, LinkedIn and other public profiles the attack will learn a lot of information about your identity and begin to guess and figure out your passwords. <br />
<br />
{{#ev:youtube|ANXYxDBzleg}}<br />
<br />
===Step 4: Prevent brute force attacks===<br />
<br />
Computers can figure out your password by trying all possible combinations of letters and numbers. A brute force attack usually begins with a dictionary attack – the computer tries every word in the dictionary as your password. This would take a human a long time to attempt, computers can do it at speeds of up to a million passwords per second. Should a dictionary attack prove unsuccessful, all possible combinations of letters, numbers and punctuation is attempted as your password. This method would inevitably find your password sooner or later, the only barrier is time.<br />
<br />
{|<br />
! style="text-alight:left;"| Length/Variations<br />
!26<br />
!36<br />
!52<br />
!68<br />
|-<br />
|3<br />
|0.18 seconds<br />
|0.47 seconds<br />
|1.41 seconds<br />
|3.14 seconds<br />
|-<br />
|5<br />
|1.98 minutes<br />
|10.1 minutes<br />
|1.06 hours<br />
|4.0.4 hours<br />
|-<br />
|8<br />
|24.2 days<br />
|10.7 months<br />
|17 years<br />
|1.45 centuries<br />
|-<br />
|10<br />
|44.8 years<br />
|1.16 millenia<br />
|45.8 millenia<br />
|45, 582 millenia<br />
|}</div>Benhttps://learn.equalit.ie/wiki/Better_PasswordsBetter Passwords2014-05-27T20:37:52Z<p>Ben: /* Step 4: Prevent brute force attacks */</p>
<hr />
<div>===Step 1: Keep your computer clean and protected===<br />
<br />
Before we begin talking about strong passwords we must make sure that our computer is protected from spyware (that could leak your passwords) and unauthorised remote access. This is part and parcel of everyday computing but is especially pertinent to keeping your passwords secure from theft. Most hacking attacks happen by stealing your account password through the installation of spyware on the computer. You must install and maintain up-to-date (and legitimate) anti-virus and firewall software. You should also ensure that your operating system and all applications on your computer have the latest updates. These steps are the precursor to all secure computer operations.<br />
<br />
'''Exercises:''' Protect your computer from malware and unauthorised remote access by installing and configuring an anti-virus and firewall from https://securityinabox.org/<br />
<br />
{{#ev:youtube|e0CzRAh1KAI}}<br />
<br />
<br />
===Step 2: Always be vigilant and cautious===<br />
<br />
The Internet is rife with cyber criminals creating scams that trick you to reveal your password or inadvertently install a piece of malware that will leak them (especially if you skipped Step 1 above). You must be extra vigilant when clicking on links sent to you in an email or chat message. Avoid installing pirated software and browsing to websites whose identity, authenticity you cannot be sure of. Don't use Internet Explorer to browse the Web, run Firefox with the No-Script extension or Chrome with extensions that forbid webpages to execute code on your computer.<br />
<br />
'''Media:''' Read [http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/ this] account from a Wired journalist on how hackers compromised his entire digital life, and how he managed to [http://contextly.com/redirect/?id=SoBTdyU9No:112358:78 restore] it. Lots of good tips and advice.<br />
<br />
'''Exercise:''' Firefox users install the http://noscript.net/ extension; Chrome users install [https://chrome.google.com/webstore/detail/notscripts/odjhifogjcknibkahlpidmdajjpkkcfn NotScript] extension.<br />
<br />
===Step 3: Prevent profiling===<br />
<br />
Many people find it difficult to remember passwords and end up creating something that is related to their personal life or interests. For example, a user in New York City might choose 'manhattan' or 'yankees2012' as their password. Perhaps they will use their child's name and year of birth or the name of their pet dog.<br />
<br />
'''Media:''' A [http://xato.net/passwords/more-top-worst-passwords/#more-269 study] of the most commonly used passwords and one covering password [http://arstechnica.com/security/2012/08/passwords-under-assault/2/ hacking] techniques<br />
<br />
A common tactic in password hacking is called profiling – finding out personal details that may have been used as your password. By mining your Facebook, LinkedIn and other public profiles the attack will learn a lot of information about your identity and begin to guess and figure out your passwords. <br />
<br />
{{#ev:youtube|ANXYxDBzleg}}<br />
<br />
===Step 4: Prevent brute force attacks===<br />
<br />
Computers can figure out your password by trying all possible combinations of letters and numbers. A brute force attack usually begins with a dictionary attack – the computer tries every word in the dictionary as your password. This would take a human a long time to attempt, computers can do it at speeds of up to a million passwords per second. Should a dictionary attack prove unsuccessful, all possible combinations of letters, numbers and punctuation is attempted as your password. This method would inevitably find your password sooner or later, the only barrier is time.<br />
<br />
{|<br />
! style="text-alight:left;"| Length/Variations<br />
!26<br />
!36<br />
!52<br />
!68<br />
|-<br />
|3<br />
|0.18 seconds<br />
|Pie<br />
|0.47 seconds<br />
|1.41 seconds<br />
|3.14 seconds<br />
|-<br />
|5<br />
|1.98 minutes<br />
|10.1 minutes<br />
|1.06 hours<br />
|4.0.4 hours<br />
|-<br />
|8<br />
|24.2 days<br />
|10.7 months<br />
|17 years<br />
|1.45 centuries<br />
|-<br />
|10<br />
|44.8 years<br />
|1.16 millenia<br />
|45.8 millenia<br />
|45, 582 millenia<br />
|}</div>Benhttps://learn.equalit.ie/wiki/Better_PasswordsBetter Passwords2014-05-27T20:37:37Z<p>Ben: /* Step 4: Prevent brute force attacks */</p>
<hr />
<div>===Step 1: Keep your computer clean and protected===<br />
<br />
Before we begin talking about strong passwords we must make sure that our computer is protected from spyware (that could leak your passwords) and unauthorised remote access. This is part and parcel of everyday computing but is especially pertinent to keeping your passwords secure from theft. Most hacking attacks happen by stealing your account password through the installation of spyware on the computer. You must install and maintain up-to-date (and legitimate) anti-virus and firewall software. You should also ensure that your operating system and all applications on your computer have the latest updates. These steps are the precursor to all secure computer operations.<br />
<br />
'''Exercises:''' Protect your computer from malware and unauthorised remote access by installing and configuring an anti-virus and firewall from https://securityinabox.org/<br />
<br />
{{#ev:youtube|e0CzRAh1KAI}}<br />
<br />
<br />
===Step 2: Always be vigilant and cautious===<br />
<br />
The Internet is rife with cyber criminals creating scams that trick you to reveal your password or inadvertently install a piece of malware that will leak them (especially if you skipped Step 1 above). You must be extra vigilant when clicking on links sent to you in an email or chat message. Avoid installing pirated software and browsing to websites whose identity, authenticity you cannot be sure of. Don't use Internet Explorer to browse the Web, run Firefox with the No-Script extension or Chrome with extensions that forbid webpages to execute code on your computer.<br />
<br />
'''Media:''' Read [http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/ this] account from a Wired journalist on how hackers compromised his entire digital life, and how he managed to [http://contextly.com/redirect/?id=SoBTdyU9No:112358:78 restore] it. Lots of good tips and advice.<br />
<br />
'''Exercise:''' Firefox users install the http://noscript.net/ extension; Chrome users install [https://chrome.google.com/webstore/detail/notscripts/odjhifogjcknibkahlpidmdajjpkkcfn NotScript] extension.<br />
<br />
===Step 3: Prevent profiling===<br />
<br />
Many people find it difficult to remember passwords and end up creating something that is related to their personal life or interests. For example, a user in New York City might choose 'manhattan' or 'yankees2012' as their password. Perhaps they will use their child's name and year of birth or the name of their pet dog.<br />
<br />
'''Media:''' A [http://xato.net/passwords/more-top-worst-passwords/#more-269 study] of the most commonly used passwords and one covering password [http://arstechnica.com/security/2012/08/passwords-under-assault/2/ hacking] techniques<br />
<br />
A common tactic in password hacking is called profiling – finding out personal details that may have been used as your password. By mining your Facebook, LinkedIn and other public profiles the attack will learn a lot of information about your identity and begin to guess and figure out your passwords. <br />
<br />
{{#ev:youtube|ANXYxDBzleg}}<br />
<br />
===Step 4: Prevent brute force attacks===<br />
<br />
Computers can figure out your password by trying all possible combinations of letters and numbers. A brute force attack usually begins with a dictionary attack – the computer tries every word in the dictionary as your password. This would take a human a long time to attempt, computers can do it at speeds of up to a million passwords per second. Should a dictionary attack prove unsuccessful, all possible combinations of letters, numbers and punctuation is attempted as your password. This method would inevitably find your password sooner or later, the only barrier is time.<br />
<br />
{|<br />
! style="text-align:left;"| Item<br />
! Amount<br />
! Cost<br />
<br />
<br />
<br />
{|<br />
! style="text-alight:left;"| Length/Variations<br />
!26<br />
!36<br />
!52<br />
!68<br />
|-<br />
|3<br />
|0.18 seconds<br />
|Pie<br />
|0.47 seconds<br />
|1.41 seconds<br />
|3.14 seconds<br />
|-<br />
|5<br />
|1.98 minutes<br />
|10.1 minutes<br />
|1.06 hours<br />
|4.0.4 hours<br />
|-<br />
|8<br />
|24.2 days<br />
|10.7 months<br />
|17 years<br />
|1.45 centuries<br />
|-<br />
|10<br />
|44.8 years<br />
|1.16 millenia<br />
|45.8 millenia<br />
|45, 582 millenia<br />
|}</div>Benhttps://learn.equalit.ie/wiki/Better_PasswordsBetter Passwords2014-05-27T20:35:26Z<p>Ben: </p>
<hr />
<div>===Step 1: Keep your computer clean and protected===<br />
<br />
Before we begin talking about strong passwords we must make sure that our computer is protected from spyware (that could leak your passwords) and unauthorised remote access. This is part and parcel of everyday computing but is especially pertinent to keeping your passwords secure from theft. Most hacking attacks happen by stealing your account password through the installation of spyware on the computer. You must install and maintain up-to-date (and legitimate) anti-virus and firewall software. You should also ensure that your operating system and all applications on your computer have the latest updates. These steps are the precursor to all secure computer operations.<br />
<br />
'''Exercises:''' Protect your computer from malware and unauthorised remote access by installing and configuring an anti-virus and firewall from https://securityinabox.org/<br />
<br />
{{#ev:youtube|e0CzRAh1KAI}}<br />
<br />
<br />
===Step 2: Always be vigilant and cautious===<br />
<br />
The Internet is rife with cyber criminals creating scams that trick you to reveal your password or inadvertently install a piece of malware that will leak them (especially if you skipped Step 1 above). You must be extra vigilant when clicking on links sent to you in an email or chat message. Avoid installing pirated software and browsing to websites whose identity, authenticity you cannot be sure of. Don't use Internet Explorer to browse the Web, run Firefox with the No-Script extension or Chrome with extensions that forbid webpages to execute code on your computer.<br />
<br />
'''Media:''' Read [http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/ this] account from a Wired journalist on how hackers compromised his entire digital life, and how he managed to [http://contextly.com/redirect/?id=SoBTdyU9No:112358:78 restore] it. Lots of good tips and advice.<br />
<br />
'''Exercise:''' Firefox users install the http://noscript.net/ extension; Chrome users install [https://chrome.google.com/webstore/detail/notscripts/odjhifogjcknibkahlpidmdajjpkkcfn NotScript] extension.<br />
<br />
===Step 3: Prevent profiling===<br />
<br />
Many people find it difficult to remember passwords and end up creating something that is related to their personal life or interests. For example, a user in New York City might choose 'manhattan' or 'yankees2012' as their password. Perhaps they will use their child's name and year of birth or the name of their pet dog.<br />
<br />
'''Media:''' A [http://xato.net/passwords/more-top-worst-passwords/#more-269 study] of the most commonly used passwords and one covering password [http://arstechnica.com/security/2012/08/passwords-under-assault/2/ hacking] techniques<br />
<br />
A common tactic in password hacking is called profiling – finding out personal details that may have been used as your password. By mining your Facebook, LinkedIn and other public profiles the attack will learn a lot of information about your identity and begin to guess and figure out your passwords. <br />
<br />
{{#ev:youtube|ANXYxDBzleg}}<br />
<br />
===Step 4: Prevent brute force attacks===<br />
<br />
Computers can figure out your password by trying all possible combinations of letters and numbers. A brute force attack usually begins with a dictionary attack – the computer tries every word in the dictionary as your password. This would take a human a long time to attempt, computers can do it at speeds of up to a million passwords per second. Should a dictionary attack prove unsuccessful, all possible combinations of letters, numbers and punctuation is attempted as your password. This method would inevitably find your password sooner or later, the only barrier is time.<br />
<br />
<br />
{|<br />
|Length/Variations<br />
|26<br />
|36<br />
|52<br />
|68<br />
|-<br />
|3<br />
|0.18 seconds<br />
|Pie<br />
|0.47 seconds<br />
|1.41 seconds<br />
|3.14 seconds<br />
|-<br />
|5<br />
|1.98 minutes<br />
|10.1 minutes<br />
|1.06 hours<br />
|4.0.4 hours<br />
|-<br />
|8<br />
|24.2 days<br />
|10.7 months<br />
|17 years<br />
|1.45 centuries<br />
|-<br />
|10<br />
|44.8 years<br />
|1.16 millenia<br />
|45.8 millenia<br />
|45, 582 millenia<br />
|}</div>Benhttps://learn.equalit.ie/wiki/Better_PasswordsBetter Passwords2014-05-27T20:26:35Z<p>Ben: </p>
<hr />
<div>===Step 1: Keep your computer clean and protected===<br />
<br />
Before we begin talking about strong passwords we must make sure that our computer is protected from spyware (that could leak your passwords) and unauthorised remote access. This is part and parcel of everyday computing but is especially pertinent to keeping your passwords secure from theft. Most hacking attacks happen by stealing your account password through the installation of spyware on the computer. You must install and maintain up-to-date (and legitimate) anti-virus and firewall software. You should also ensure that your operating system and all applications on your computer have the latest updates. These steps are the precursor to all secure computer operations.<br />
<br />
'''Exercises:''' Protect your computer from malware and unauthorised remote access by installing and configuring an anti-virus and firewall from https://securityinabox.org/<br />
<br />
{{#ev:youtube|e0CzRAh1KAI}}<br />
<br />
<br />
===Step 2: Always be vigilant and cautious===<br />
<br />
The Internet is rife with cyber criminals creating scams that trick you to reveal your password or inadvertently install a piece of malware that will leak them (especially if you skipped Step 1 above). You must be extra vigilant when clicking on links sent to you in an email or chat message. Avoid installing pirated software and browsing to websites whose identity, authenticity you cannot be sure of. Don't use Internet Explorer to browse the Web, run Firefox with the No-Script extension or Chrome with extensions that forbid webpages to execute code on your computer.<br />
<br />
'''Media:''' Read [http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/ this] account from a Wired journalist on how hackers compromised his entire digital life, and how he managed to [http://contextly.com/redirect/?id=SoBTdyU9No:112358:78 restore] it. Lots of good tips and advice.<br />
<br />
'''Exercise:''' Firefox users install the http://noscript.net/ extension; Chrome users install [https://chrome.google.com/webstore/detail/notscripts/odjhifogjcknibkahlpidmdajjpkkcfn NotScript] extension.</div>Benhttps://learn.equalit.ie/wiki/Better_PasswordsBetter Passwords2014-05-27T20:24:59Z<p>Ben: Created page with "===Step 1: Keep your computer clean and protected=== Before we begin talking about strong passwords we must make sure that our computer is protected from spyware (that could ..."</p>
<hr />
<div>===Step 1: Keep your computer clean and protected===<br />
<br />
Before we begin talking about strong passwords we must make sure that our computer is protected from spyware (that could leak your passwords) and unauthorised remote access. This is part and parcel of everyday computing but is especially pertinent to keeping your passwords secure from theft. Most hacking attacks happen by stealing your account password through the installation of spyware on the computer. You must install and maintain up-to-date (and legitimate) anti-virus and firewall software. You should also ensure that your operating system and all applications on your computer have the latest updates. These steps are the precursor to all secure computer operations.<br />
<br />
'''Exercises:''' Protect your computer from malware and unauthorised remote access by installing and configuring an anti-virus and firewall from https://securityinabox.org/<br />
<br />
{{#ev:youtube}e0CzRAh1KAI}}<br />
<br />
<br />
===Step 2: Always be vigilant and cautious===<br />
<br />
The Internet is rife with cyber criminals creating scams that trick you to reveal your password or inadvertently install a piece of malware that will leak them (especially if you skipped Step 1 above). You must be extra vigilant when clicking on links sent to you in an email or chat message. Avoid installing pirated software and browsing to websites whose identity, authenticity you cannot be sure of. Don't use Internet Explorer to browse the Web, run Firefox with the No-Script extension or Chrome with extensions that forbid webpages to execute code on your computer.<br />
<br />
'''Media:''' Read [http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/ this] account from a Wired journalist on how hackers compromised his entire digital life, and how he managed to restore it. Lots of good tips and advice.</div>Benhttps://learn.equalit.ie/wiki/Online_LearningOnline Learning2014-05-27T20:22:23Z<p>Ben: /* Lesson 6 – Seven steps to better passwords */</p>
<hr />
<div>'''This work was done in collaboration and the support of [http://www.tol.org/ Transitions Online]<br />
<br />
==Introduction==<br />
<br />
Computers and the Internet are all about information gathering, storage and exchange. Hence, the topic of security in the digital realm relates to the security of information and its communication. The Internet, in theory, provides everyone with an equal opportunity to access and disseminate information. Yet, as time has shown, this is not always the case. Governments and corporations realize the importance and value of controlling information flows, and of being able to decide when to restrict them. The security of information is further complicated by malicious individuals creating computer viruses and hacking into computer systems, often with no other motive than causing damage.<br />
<br />
Confusion and complexity is heightened by the abundance of software, hardware and electronic devices built to interact with an increasingly sophisticated and complicated network. Users have to immerse themselves in concepts and technology that seem to be far removed from the real world. The security of your information, online identity and the privacy of your communications falls first and foremost upon your shoulders and requires comprehension of how the Internet and your computer actually work.<br />
<br />
The Internet has profoundly changed social interaction and the dissemination of ideas and knowledge. Publication is no longer restricted by geographic or financial boundaries, and any citizen could become a journalist and reach a global audience.<br />
<br />
This online training course has several objectives. It aims to educate and raise awareness to the technical aspects behind computer and Internet operations as a precursor to explaining inherent digital risks and vulnerabilities. Because it is virtually impossible to predict and describe in advance every security situation that one could encounter – the emphasis here is to provide enough background information and explanation of risks to make the user aware of the problem and able to make an educated and appropriate response. The other objective is to provide solutions to the most common security threats faced by journalists working in politically repressive countries, as well as links and references to software tools and manuals for further study and exploration of the subject. <br />
<br />
__NOTOC__<br />
<br />
==Lesson 1 - The Internet and its Pitfalls==<br />
<br />
* [[How does the Internet actually work?]]<br />
<br />
This chapter is a requirement to understanding other topics covered in Lesson 1 and throughout the Internet Security Course. <br />
<br />
* [[What is Internet surveillance?]]<br />
<br />
A distinction must be made between what we perceive as surveillance in the physical world – a person watching and shadowing your movements, and what occurs on the Internet. <br />
<br />
* [[Lesson 1 Exercises]]<br />
<br />
* [[Lesson 1 Further Reading]]<br />
<br />
==Lesson 2 – Privacy! On the Internet?==<br />
The Internet is a network of networks passing data through numerous intermediary computers and routers. Data typically travels the Internet in a readable (insecure) format. Your search query on Google or your Yahoo email message is accessible to your local Internet service provider as well as the body monitoring the national telecommunications infrastructure. By default, there is no privacy in Internet communications and many become victims of random and targeted network surveillance and traffic analysis. There are however, certain steps and measures you can take, some easier than others, to ensure a level of privacy in your Internet communications.<br />
<br />
* [[Encrypted connections]]<br />
The open - we can see everything that you send and receive - Internet could not become a powerful medium for business nor could it ensure a general users' expectation of privacy.<br />
* [[Instant Messaging and VoIP]]<br />
Instant messaging tools such as MSN Messenger and Yahoo Chat also use open channels for communicating your information. Everything you send or receive using these programs is liable to surveillance.<br />
* [[Using a VPN for Secure Internet Browsing]]<br />
<br />
* [[Lesson 2 Exercises]]<br />
<br />
* [[Lesson 2 Further Reading]]<br />
<br />
==Lesson 3 – Goodbye Censorship!==<br />
Many countries around the world have installed software and underlying infrastructure that prevents Internet users within those countries from accessing certain websites and Internet services. Companies, schools and public libraries often use similar software to protect their employees, students and patrons from material that they consider distracting or harmful. This kind of filtering technology comes in a number of different forms. Some filters block a site based on its IP address, while others blacklist certain domain names or keywords contained in web pages or your search queries. <br />
<br />
Regardless of what filtering methods are present, it is nearly always possible to evade them by relying on intermediary computers, outside your country, to reach blocked services for you. This process is often called censorship circumvention, or simply circumvention, and the intermediary computers are called proxies. Proxies, too, come in many different forms. Some Internet services such as RSS readers and online translators perform the function of a proxy without necessarily being created for circumvention. There are also especially dedicated proxy servers, virtual private networks multiple-proxy anonymity networks. It is difficult to say in advance which particular technique will work to bypass the censorship mechanisms in place in your country and it is worthwhile to be aware of several different methods. Each offers its own particular method for getting around restrictions, at the same time each method is vulnerable in its own way. This chapter describes the various ways to circumvent censorship and explains when these methods may or may not work. <br />
<br />
* [[Internet Censorship]]<br />
Censoring the channel of dissemination can take place at two different moments within an information cycle. Pre-publication – when the original message is prevented from being disseminated. This includes self-censorship, legislation and editorial or managerial interference with material to be published or made available to the public. Post-publication – when the audience is prevented from accessing an existing message or content communicated to them. Primarily this involves access to Internet websites and online services, and will be explained and discussed in this module.<br />
<br />
* [[Circumventing Censorship]]<br />
If you cannot go directly to a website because it is blocked by one of the methods discussed above, you will need to find a way around the obstruction. Many methods exist to circumvent the blocklists, which are only effective when a website is requested directly. If a third party is called to fetch a website for us, then these lists become irrelevant. For over a decade, netizens living in censored Internet environments have been using online translation and caching services to access a website indirectly. Others have relied on anonymisers, whose original intent was to conceal your identity from a website.<br />
* [[A Word On Anonymous Internet Publishing]]<br />
<br />
* [[Lesson 3 Exercises]]<br />
<br />
* [[Lesson 3 Further Reading]]<br />
<br />
==Lesson 4 - Digital information management==<br />
This section describes the technology and methods for managing your digital data. We will talk about preventing unauthorized access to your data, making sure that you do not lose important documents and we will discuss the correct procedures for destroying unwanted data as well as cleaning a computer of traces left behind from past working sessions. Secure data management should be on the top of your to-do list if you work with information that you do not want to lose or expose to an outside party. Once you have set-up the tools described in this chapter and assimilate the processes into your daily working routine, you will make a huge leap towards keeping your data private and secure. <br />
<br />
* [[Information storage]]<br />
Unauthorized access to the information on your computer or portable storage devices can be carried out remotely, if the 'intruder' is able to read or modify your data over the Internet; or physically, if he manages to get hold of your hardware or simply sit behind your computer. <br />
* [[Destroying data]]<br />
You may be concerned that your encrypted volume not only protects your data from unauthorized access but also indicates precisely where you store the information that you most wish to protect. In a tight situation you could be forced to reveal the volume password through intimidation, interrogation and possibly worse. <br />
* [[Destroying temporary files]]<br />
'''Fact:''' when you delete a file, even after you empty the Recycle bin, the contents of that file remain on your hard drive and can be recovered by anyone who has the right tools and a little luck. <br />
Aside from destroying unwanted data from your digital memory device, you should also consider destroying temporary files.<br />
* [[Backup]]<br />
It is too late to think about having a backup once you lose or break your computer, USB memory stick. Obviously an up to date backup has to created in advance of the catastrophe.<br />
<br />
* [[Lesson 4 Exercises]]<br />
<br />
* [[Lesson 4 Further Reading]]<br />
<br />
==Lesson 5 – Digital investigative journalism==<br />
The modern journalist must be aware of basic Internet infrastructure and operations. Certain clues accompany every website, email and digital media file – that could reveal information about the sender or the source otherwise hidden from the naked eye. Those who invest a lot of time and energy into maintaining social networks should also be aware of the risks from online profiling that they expose themselves and others to. This lesson will cover methods to identify the location of a particular website, reveal the sender of an email message, view technical details of a digital media file, discuss privacy implications regarding mobile telephone use and list several precautions for using social media platforms, in particular Facebook.<br />
<br />
* [[IP forensics]]<br />
* [[Email spoofing]]<br />
We are prone to identify and authenticate email messages by the sender's name and email address. This Lesson will help you analyse and validate the real sender of a received email message. <br />
* [[Data Forensics]]<br />
Just like every email message records the IP address of the server it is sent from, so does every digital document contain details about the time it was created, the device that created it and other useful information. <br />
* [[Profiling]]<br />
In the physical world we are identified by passport to our government and by recognition to our friends. A drivers licence, a social security or tax file number and our reputation serve as distinguishing features of our identity and associations. <br />
* [[Mobile profiling and surveillance]]<br />
You may have heard or already know that mobile telecomunnications are insecure by default. Did you know that your geigraphical location can be pinpointed thanks the phone in your pocket?<br />
<br />
* [[Lesson 5 Exercises]]<br />
<br />
* [[Lesson 5 Further Reading]]<br />
<br />
==Lesson 6 – Seven steps to better passwords==<br />
A password is often the first (and last) line of defense – protecting unauthorized access to your computer or an Internet account. A password is like a key to a door. You may have several different keys for your home, your office, your car and your safe. None of the locks are the same and you have a collection of different keys to open them. The same should apply to your passwords. Each account should have its own strong password. The definition of a strong password is one that cannot easily be guessed, cracked or stolen by an attacker. This chapter explains how to create and remember strong passwords and how not to lose them!<br />
<br />
* [[Better Passwords]]<br />
<br />
* [[Lesson 6 Exercises]]<br />
<br />
* [[Lesson 6 Further Reading]]</div>Benhttps://learn.equalit.ie/wiki/Online_LearningOnline Learning2014-05-27T20:22:08Z<p>Ben: /* Lesson 6 – Seven steps to better passwords */</p>
<hr />
<div>'''This work was done in collaboration and the support of [http://www.tol.org/ Transitions Online]<br />
<br />
==Introduction==<br />
<br />
Computers and the Internet are all about information gathering, storage and exchange. Hence, the topic of security in the digital realm relates to the security of information and its communication. The Internet, in theory, provides everyone with an equal opportunity to access and disseminate information. Yet, as time has shown, this is not always the case. Governments and corporations realize the importance and value of controlling information flows, and of being able to decide when to restrict them. The security of information is further complicated by malicious individuals creating computer viruses and hacking into computer systems, often with no other motive than causing damage.<br />
<br />
Confusion and complexity is heightened by the abundance of software, hardware and electronic devices built to interact with an increasingly sophisticated and complicated network. Users have to immerse themselves in concepts and technology that seem to be far removed from the real world. The security of your information, online identity and the privacy of your communications falls first and foremost upon your shoulders and requires comprehension of how the Internet and your computer actually work.<br />
<br />
The Internet has profoundly changed social interaction and the dissemination of ideas and knowledge. Publication is no longer restricted by geographic or financial boundaries, and any citizen could become a journalist and reach a global audience.<br />
<br />
This online training course has several objectives. It aims to educate and raise awareness to the technical aspects behind computer and Internet operations as a precursor to explaining inherent digital risks and vulnerabilities. Because it is virtually impossible to predict and describe in advance every security situation that one could encounter – the emphasis here is to provide enough background information and explanation of risks to make the user aware of the problem and able to make an educated and appropriate response. The other objective is to provide solutions to the most common security threats faced by journalists working in politically repressive countries, as well as links and references to software tools and manuals for further study and exploration of the subject. <br />
<br />
__NOTOC__<br />
<br />
==Lesson 1 - The Internet and its Pitfalls==<br />
<br />
* [[How does the Internet actually work?]]<br />
<br />
This chapter is a requirement to understanding other topics covered in Lesson 1 and throughout the Internet Security Course. <br />
<br />
* [[What is Internet surveillance?]]<br />
<br />
A distinction must be made between what we perceive as surveillance in the physical world – a person watching and shadowing your movements, and what occurs on the Internet. <br />
<br />
* [[Lesson 1 Exercises]]<br />
<br />
* [[Lesson 1 Further Reading]]<br />
<br />
==Lesson 2 – Privacy! On the Internet?==<br />
The Internet is a network of networks passing data through numerous intermediary computers and routers. Data typically travels the Internet in a readable (insecure) format. Your search query on Google or your Yahoo email message is accessible to your local Internet service provider as well as the body monitoring the national telecommunications infrastructure. By default, there is no privacy in Internet communications and many become victims of random and targeted network surveillance and traffic analysis. There are however, certain steps and measures you can take, some easier than others, to ensure a level of privacy in your Internet communications.<br />
<br />
* [[Encrypted connections]]<br />
The open - we can see everything that you send and receive - Internet could not become a powerful medium for business nor could it ensure a general users' expectation of privacy.<br />
* [[Instant Messaging and VoIP]]<br />
Instant messaging tools such as MSN Messenger and Yahoo Chat also use open channels for communicating your information. Everything you send or receive using these programs is liable to surveillance.<br />
* [[Using a VPN for Secure Internet Browsing]]<br />
<br />
* [[Lesson 2 Exercises]]<br />
<br />
* [[Lesson 2 Further Reading]]<br />
<br />
==Lesson 3 – Goodbye Censorship!==<br />
Many countries around the world have installed software and underlying infrastructure that prevents Internet users within those countries from accessing certain websites and Internet services. Companies, schools and public libraries often use similar software to protect their employees, students and patrons from material that they consider distracting or harmful. This kind of filtering technology comes in a number of different forms. Some filters block a site based on its IP address, while others blacklist certain domain names or keywords contained in web pages or your search queries. <br />
<br />
Regardless of what filtering methods are present, it is nearly always possible to evade them by relying on intermediary computers, outside your country, to reach blocked services for you. This process is often called censorship circumvention, or simply circumvention, and the intermediary computers are called proxies. Proxies, too, come in many different forms. Some Internet services such as RSS readers and online translators perform the function of a proxy without necessarily being created for circumvention. There are also especially dedicated proxy servers, virtual private networks multiple-proxy anonymity networks. It is difficult to say in advance which particular technique will work to bypass the censorship mechanisms in place in your country and it is worthwhile to be aware of several different methods. Each offers its own particular method for getting around restrictions, at the same time each method is vulnerable in its own way. This chapter describes the various ways to circumvent censorship and explains when these methods may or may not work. <br />
<br />
* [[Internet Censorship]]<br />
Censoring the channel of dissemination can take place at two different moments within an information cycle. Pre-publication – when the original message is prevented from being disseminated. This includes self-censorship, legislation and editorial or managerial interference with material to be published or made available to the public. Post-publication – when the audience is prevented from accessing an existing message or content communicated to them. Primarily this involves access to Internet websites and online services, and will be explained and discussed in this module.<br />
<br />
* [[Circumventing Censorship]]<br />
If you cannot go directly to a website because it is blocked by one of the methods discussed above, you will need to find a way around the obstruction. Many methods exist to circumvent the blocklists, which are only effective when a website is requested directly. If a third party is called to fetch a website for us, then these lists become irrelevant. For over a decade, netizens living in censored Internet environments have been using online translation and caching services to access a website indirectly. Others have relied on anonymisers, whose original intent was to conceal your identity from a website.<br />
* [[A Word On Anonymous Internet Publishing]]<br />
<br />
* [[Lesson 3 Exercises]]<br />
<br />
* [[Lesson 3 Further Reading]]<br />
<br />
==Lesson 4 - Digital information management==<br />
This section describes the technology and methods for managing your digital data. We will talk about preventing unauthorized access to your data, making sure that you do not lose important documents and we will discuss the correct procedures for destroying unwanted data as well as cleaning a computer of traces left behind from past working sessions. Secure data management should be on the top of your to-do list if you work with information that you do not want to lose or expose to an outside party. Once you have set-up the tools described in this chapter and assimilate the processes into your daily working routine, you will make a huge leap towards keeping your data private and secure. <br />
<br />
* [[Information storage]]<br />
Unauthorized access to the information on your computer or portable storage devices can be carried out remotely, if the 'intruder' is able to read or modify your data over the Internet; or physically, if he manages to get hold of your hardware or simply sit behind your computer. <br />
* [[Destroying data]]<br />
You may be concerned that your encrypted volume not only protects your data from unauthorized access but also indicates precisely where you store the information that you most wish to protect. In a tight situation you could be forced to reveal the volume password through intimidation, interrogation and possibly worse. <br />
* [[Destroying temporary files]]<br />
'''Fact:''' when you delete a file, even after you empty the Recycle bin, the contents of that file remain on your hard drive and can be recovered by anyone who has the right tools and a little luck. <br />
Aside from destroying unwanted data from your digital memory device, you should also consider destroying temporary files.<br />
* [[Backup]]<br />
It is too late to think about having a backup once you lose or break your computer, USB memory stick. Obviously an up to date backup has to created in advance of the catastrophe.<br />
<br />
* [[Lesson 4 Exercises]]<br />
<br />
* [[Lesson 4 Further Reading]]<br />
<br />
==Lesson 5 – Digital investigative journalism==<br />
The modern journalist must be aware of basic Internet infrastructure and operations. Certain clues accompany every website, email and digital media file – that could reveal information about the sender or the source otherwise hidden from the naked eye. Those who invest a lot of time and energy into maintaining social networks should also be aware of the risks from online profiling that they expose themselves and others to. This lesson will cover methods to identify the location of a particular website, reveal the sender of an email message, view technical details of a digital media file, discuss privacy implications regarding mobile telephone use and list several precautions for using social media platforms, in particular Facebook.<br />
<br />
* [[IP forensics]]<br />
* [[Email spoofing]]<br />
We are prone to identify and authenticate email messages by the sender's name and email address. This Lesson will help you analyse and validate the real sender of a received email message. <br />
* [[Data Forensics]]<br />
Just like every email message records the IP address of the server it is sent from, so does every digital document contain details about the time it was created, the device that created it and other useful information. <br />
* [[Profiling]]<br />
In the physical world we are identified by passport to our government and by recognition to our friends. A drivers licence, a social security or tax file number and our reputation serve as distinguishing features of our identity and associations. <br />
* [[Mobile profiling and surveillance]]<br />
You may have heard or already know that mobile telecomunnications are insecure by default. Did you know that your geigraphical location can be pinpointed thanks the phone in your pocket?<br />
<br />
* [[Lesson 5 Exercises]]<br />
<br />
* [[Lesson 5 Further Reading]]<br />
<br />
==Lesson 6 – Seven steps to better passwords==<br />
A password is often the first (and last) line of defence – protecting unauthorised access to your computer or an Internet account. A password is like a key to a door. You may have several different keys for your home, your office, your car and your safe. None of the locks are the same and you have a collection of different keys to open them. The same should apply to your passwords. Each account should have its own strong password. The definition of a strong password is one that cannot easily be guessed, cracked or stolen by an attacker. This chapter explains how to create and remember strong passwords and how not to lose them!<br />
<br />
* [[Better Passwords]]<br />
<br />
* [[Lesson 6 Exercises]]<br />
<br />
* [[Lesson 6 Further Reading]]</div>Benhttps://learn.equalit.ie/wiki/File:Distancetotowers5.pngFile:Distancetotowers5.png2014-05-27T20:19:52Z<p>Ben: </p>
<hr />
<div></div>Benhttps://learn.equalit.ie/wiki/File:Mobileprofiling.pngFile:Mobileprofiling.png2014-05-27T20:19:24Z<p>Ben: </p>
<hr />
<div></div>Benhttps://learn.equalit.ie/wiki/Mobile_profiling_and_surveillanceMobile profiling and surveillance2014-05-27T20:19:03Z<p>Ben: </p>
<hr />
<div>The world of digital mobile communications operates on largely similar principles to the Internet. Your mobile device has a unique number, received its connection from a regional intermediary and all communications are routed through a central gateway. Internet connected mobile phones have bridged the divide even closer.<br />
<br />
Let's have a look at the details recorded by the telecommunications network when you are using your mobile phone. Every handset is identified on the network by a unique IMEI number (you can see what your phone's IMEI number is by pressing ….). You are able to register on the network and make/receive calls once your SIM card number is approved. This is the same as your telephone number and allows you to operate on the network. <br />
<br />
[[File:mobileprofiling.png|mobile profiling]]<br />
<br />
Whenever your phone is switched on and receives a signal, it must keep in constant communication with a mobile telephone tower. You can see these towers on tall buildings and mountain tops, spaced several kilometres apart. Your telephone sends out a signal and is answered by the nearest three available towers. It will use the tower closest to it and regularly update the proximity by sending out another signal every second or so. Notice that when you are talking on the phone in a moving car, you sometimes lose signal for a few seconds – this is your phone changing tower's as its location changes.<br />
<br />
[[File:distancetotowers5.png|distance to towers 5]]<br />
<br />
On the diagram above, you can see the amount of milliseconds between a telephone tower and (your) mobile phone. The closest tower (3) will be chosen. However, knowing the distance between the phone and three separate towers allows for triangulation – a mathematical process that can pinpoint the location of your phone to within a few square metres.<br />
<br />
{{#ev:youtube|v6gqipmbcok}}<br />
<br />
<br />
To recap, every second your phone communicates its unique identification number, the SIM registration details and its location. In most countries, mobile phone providers must record and keep these details for several years – not your conversations, but what is known as network data. The same applies for phone calls you make or receive from the handset. The sender's and recipient's number, the date and duration of the call, the location of the two handsets, all of this information is recorded and stored.<br />
<br />
Its quite difficult to get away from the reality. In some countries, pre-paid SIM cards can be purchased anonymously (without registering your identity). There are also services to spoof or fake the handsets IMEI – however this is illegal in most jurisdictions. All communications made through a mobile phone network are also vulnerable to surveillance, with ever improving software able to decode and decipher certain words and phrases from the digital stream.<br />
<br />
The introduction of Internet enabled mobile phones have restored a little bit of communications privacy to the cellular network. You can use Internet encryption protocols (namely SSL) to create a secure connection between your handset and the provider of the service (e.g. Gmail) just as you would using a standard computer. This means that you would have more privacy sending an email message rather than a text from your mobile phone. The latest developments for mobile based communications privacy is encrypted Voice Over IP (VoIP) tools. Some countries allow mobile users to run Skype. Other tools such as CSIPSimple allow end-to-end encryption for voice calls made from mobile phones.</div>Benhttps://learn.equalit.ie/wiki/ProfilingProfiling2014-05-27T20:16:31Z<p>Ben: </p>
<hr />
<div>Modern technology is a lot more pervasive and invasive in the way it amasses personal information and compiles profiles of our identity and persona. Analysis of these profiles are then used to make certain assumptions about our private or professional lives, habits, interests and associations. <br />
<br />
'''Internet Profiling'''<br />
<br />
Many organizations, websites and media outlets cover the dangers and threats posed by Internet profiling. A lot of this is done by marketing companies, recording and collating IP addresses of visitors to websites to by making users download cookies, that perform a similar function. Google's advertising and market research tools DoubleClick and Adsense have installed cookies on billions of computers and are able to deliver 'relevant' advertisement to the website the user accesses.<br />
<br />
'''Media:''' http://www.guardian.co.uk/technology/2012/apr/23/doubleclick-tracking-trackers-cookies-web-monitoring <br />
<br />
Profiling can have a much more pervasive and negative impact – when certain assumptions are made about your political or religious orientation say, by your network's of friends on Facebook, Twitter or LiveJournal. Facebook has a concrete policy whereby it will reply to an email sent from a law enforcement domain (see above: email spoofing!) with information regarding one of its users.<br />
<br />
'''Media:''' http://www.facebook.com/safety/groups/law/guidelines/ <br />
<br />
There are no specific guidelines to avoid online profiling. You must be extra vigilant when creating and maintaining social network profiles; You should always use SSL connections rather than http (Lesson 2)and anonymous networks should you wish to conceal your IP and your destination (see Lesson 3); You should wipe temporary Internet files after each session, this includes any collected cookies (see Lesson 4).</div>Benhttps://learn.equalit.ie/wiki/File:Metadata5.jpgFile:Metadata5.jpg2014-05-27T20:15:05Z<p>Ben: </p>
<hr />
<div></div>Ben