doccyber security handbook in tenyidie - Kohima
download 
Reclamo Transcript
cyber security handbook in tenyidie - Kohima
CYBER SECURITY HANDBOOK IN TENYIDIE
CONTENT TRANSLATED BY :
NIELIT KOHIMA, Department Of Electronics and IT (DeitY), Government of India
CONTENT PROVIDED BY:
Centre for Development of Advanced Computing (C-DAC)
Department of Electronics and Information Technology (DeitY), Ministry of Communications &
Information Technology (MCIT)
Ngulieketuoko
1. Puodze pukeshü
1.1 Information Security Awareness
1.2 Cyber Security kemeyie
2. Komputür zhorüli kephrü
2.1 Komputür zhorüli kephrü ca vatshakeshü
2.2 Mia pete la Internet zhorüli kephrü
2.3 Komputür kesemia la zhorüli chatha
2.4 Mirhi kepeta dzeko
3. Internet sikelie
3.1 World Wide Web (WWW)
3.2 Internet sekecü
3.3 Internet zhoko
3.4 Internet gei kemeviko
3.5 Kepekhre cako
3.6 Peer To Peer (P2P) Networking
4. Pfhükecü kemele nyako mu Web Browser-ko
4.1 Mha pfhükecü kemele nyako sekecü
4.2 Internet Browser (ko) Kekhrukhre
4.3 Web browser kitsatie kemichie
4.4 Kikemhie di n web browser chü kekhrukhrelie ta?
5. Kerhu chakecü (Filtering) mhathoko
5.1 Web browser gei mha kerhu chakecü mhathok
5.2 Parental Control Bar-ko
5.3 Parental control toolbar kheketuo medziketuo zhoko
5.4 Parental control toolbar gei parental control chükecüko bie kedikecü
5.5 K9 web kerüguo K9 rei hako seliekevi khashüya;
5.6 Spam chakecü
6. Internet Mediated Communication
6.1 e-Mail kekhrukhre
1|Page
6.2 Kerükri dieyie chükecü (Instant Messaging)
7. Social Networking
7.1 Social Networking geinu kemichie therhielieketuo chatha
8. Social Engineering
8.1 Social Engineering-e kedipuo ga?
8.2 Ukoe kikemhie di hako chüya ga?
8.3 Social Engineering-e puo cha kekreikreikecü kekra nu chülie vi.
8.4 Noe mia bu n rükebamia chü molieketuo la kikemhie di therhielietuo ga?
8.5 Mhanuü noe mia n pese bata üdi le ro kedipuo chü ta?
9. Online(Internet sekeba) Rüzhü mu Komputür Rüzhü
9.1 Internet sekeba rüzhü dze.
9.2 Rüzhü piekecü ki lelie morokesuo huo.
9.3 Kemichie sa kerei bakecüko.
9.4 Chathako
10. Khrukhre di mha piekecü
10.1
Khrukhre di mha piekecü mu khakeshü.
10.2
Khrukhre mo di mha piekecü puo kemichieko
10.3
Mha khrukhre di pielieketuo chatha huo.
11. Blogging
11.1
Blog rhi kekreikreikecüko.
11.2
Blog chükecü nu kemichie sa bayakecüko.
11.3
Blogging chükecü nu kemichie therhielieketuo chatha huo.
11.4
Miakrünuoko la Blogging nu kekhruohi.
12. Cyber nu kethachümia pesekecü.
12.1
Mia pese sei bakecü mu kethachümia pesekecü
12.2
Cyber nu kethachümia pesekecü hakemhiekecü kropuo nu chülie vi.
12.3
Chathako mu kekhruohiko
13. Online nu Mhakedekecüko mu Chathako.
13.1
Nhicunuomia bu online nu mia kedekecü nu u yalie.
13.2
Online nu mha kedekecü ngu pekrathoyakezhako.
2|Page
13.3
Online Banking(shükeiraka kelikecü lhitholhiü)
13.4
Internet nu mha khrükecü(shopping).
13.5
We supuo shikecü Kerügu(Identity Theft)
13.6
Tap nap chükecü.
13.7
Clickjack chükecü
14. Rozo dielie nu Kepesikeshü chako (Wireless Network).
14.1
Wireless Network-e kedipuo ga?
14.2
Wi-Fi network khrukhrekemo sekecü nu kemichieko
14.3
Wireless Home Network Security la chathako.
15. Mobile Kerüguo
15.1
Kerüguo nounyüko
15.2
Mobile mhathoko pekruketuo chathako.
16. Ketho dze khakeshü (Data) kerüguo.
16.1
Ketho dze khakeshü rüguokecü kemeyie
16.2
Ketho dze khakeshü khawakecü geinu rüguokelie
17. Chüümo kerüguo.
17.1
Komputer cabiko.
17.2
BIOS Kerüguo.
18. Khrukhrekecü kedojüko.
18.1
Operating System Security
18.2
Operating System rüguoketuo chathako.
18.3
Password Security Policy.
19. Kechükhu nu yakecü mu chükemesakecü mhakechü nyako.
19.1
Window-ko la bakecü mhakechü nyako.
19.2
Linux la bakecü mhakechü nyako.
20. Khakecü(Lockdown), Meho pie chü puotoukecü(Auditing) mu Mhakebvükecü
Tekelie Mhakechü Nyako(Intrusion Dectection Tools)
20.1
OS Lockdown Mhakechü nyako.
20.2
URL Scan la bakecü mhakechü nyako.
20.3
Web Server Lockdown Mhakechünyako.
3|Page
21. Security Assessment Mhakechü Nyako
21.1
OS Security Thako Sekecü(Access).
21.2
Ketho dze pfhüliekevi khakeshübase Security Thako Sekecü.
21.3
Application Security Sekecü.
22. Operating system Update-ko mu Patch-ko
22.1
Kerüguo thau chüpie thie-ketso rhi nu chükeshü kelakeshü mhakechü nyako
(Security Update Solution Tools) (Windows)
22.2
Windows Desktop Firewall Chükecüko.
23. Security Updated Detection Tools.
23.1
MBSA.
23.2
Microsoft Office Visio 2007 Kekheshüyakezhau.
4|Page
1. Sededie
1.1 Information Security Awareness
Information Security-e puo khadou pete nu pu morosuo, miali puoe sekecüu nunu vo
mechü krotho puo mu sümho sorkari mu seyieu ikevo pete pu ba. Information
Security mu National Security-e komputür Networking nu kerie(synonymous)
votazhie, süu Cyber nu u perhiekecü chü rüü se mu puo seyieu shükeiraka kelikecü
lhitholhiü, kekuo, kepfhesikelie chako, ikevoko… thete bode(critical infrastructure)
chieseiu chülieya. Süu-e süla, komputür Sistüm-ko mu Network-ko bu khrukhre
baketuoe meyie se. Süsie rei IT mu lietho kekreiko seyie chü kehielieketako pie
kompani khe nu mhachüketuo chükecüu le pekuotakecü la ketho dze khakeshü
kerüguo se kerie nu khashüketuo puo tsienyha nyi bate. Süsieu, Internet kishükinyi
tha nu memie vikezhüu la, kinu nu sebayakezhamia kekra Internet nu mha kedekecü
mu uko kepetsou mhathoko kehiepie baketa mhasi huoyo moro mhapuorei si mo
zokecü rei ba. Hau geinu, perhiekecüu-e, puo mvüdze puo chülie di mesakecümia bu
uko mhatho rükelieu nu kelhiekecü mhatho chülie mu chü pezha votalie vi. Hau la,
nkoe nhicunuomia, kepethamia, miakrünuo mu keze rüna chükeba nu phichümia ki
mhasiu keza mu mha kedekecüko chü kemedzalieketuo mhasi se uko bu dojüliekecüu merüya.
Information
Security,
Information
Technology
Krotho-u,
Ministry
of
Communications mu Information Technology hako memiekezhü kemeyieu
mehokeshü ki, India-mia sorkari-e Information Security Education and Awareness
(ISEA) mhathochie puo chüshü mu meholiete. Mhathochie hau mhathoko puo liro
nhicumia ki, kinu nu sebayakezhako ki mu IT nu chülieyakemoko ki mharhükelie rhi
nunu information security awareness kha kemeyashüketuo.
1.2 Cyber Security kemeyie.
Cyber Security-e puo kesemia la meyie, kekreilamonyü ukoe u thuo puoe supuo
shikecü (identity) kerügu nunu u rüguolieyakecü la. Krotho kekreikreikecü mu
sorkari rei kerüguo mhatho hau pie u lhitholhiü pekhre, kishükinyi dze, mu suo
mhaitaliekevi morei ketho dze thete (critical ketho dze pfhüliekevi khakeshü)
5|Page
rüguokecü chüya. Suo mhaitaliekevi dzeko komputür nu khapie kebako kekra rei
Internet ze kekhe bayakezha la dielie kethepfu mu khrukhrekecü se morosuotaya.
Süla cyber security bu balieketuo la mia pete rei cyber kerüguo thau malware u
kedekecü geinu u yaliekevi-u medzi phre morosuo.
FIG 1
Cyber security kese nu puo kethachü ze kesetayakezha ca kropuo liro.
Khakeshü (Application) gei puo kese zho chatha kethachü, komputür nu pekhre morei
puo zho kese kethachü, software nu code pie chüliekevi nu kethachü(poor software
coding), mha hako cyber kerüguo-kese kedojü nu metei mo morei puotou mo
bataliekevi la.
6|Page
2. Komputür zhorüli kephrü
2.1 Komputür zhorüli kephrü ca vatshakeshü.
Zhorüli liro kelhou zhorüli nu miali puo morei krotho puo komputür sekecü ki
kekhayakezha thezho kemeyie seliekevi zho kropuo pu ba. Zhorüli chatha khakeshü
nu Komputür kese nu zhorüli kikemhie kropuo mialiu morei krotho puoe lielie vi shi
ikecü. Komputür zhorüli kephrü nu puo panya kemhietho bakecüu sü kethumia
mezhü varhokecü tsienyako.
Kethu-u ketso mo di mhathuko thu la separkecü, themia puo puo thuo puo dze puo la
rübei khapiekebau thu separkecü hakemhieko zhorüli kephrü kevarho thakie kropuo.
2.2 Mia pete la Internet zhorüli kephrü
Internet zhorüli kephrü liro Internet sekecü zhorüli lieliekevi. We-e dietho mu therhu
pie Internet sekecümia mezhüko mu puo vieko tsü morosuo.
2.2.1
Lieliekevi(acceptance)
FIG 2
Miapuo-e Internet methuokehou nu bakecü (value free-
zone) vie mo ükecü lielie morosuo. Hau puocae world wide web-e mha
semorei viketako khapie bakecü shürotsa kemhie di bakecüu mo (waste wild
web) derei hau-e puoma kenyi vieko puoca kemeyatho nu le mu sekecü
thechü puo, süla we puonou kebako rhikecü mu puo kese nu se menuo
morosuo mu we-e Internet-e kijü pete nu houdo kekreita mo derei puoe puo za
kekreikreikecü nu mha kemeyietho puo ükecü silie morosuo.
2.2.2
Seyieu mu Khenu Kelhouzhorüliko gei meteikemo
Fig 3
Hau liro mia pete la mu seyieu la morei khenu kelhoumia
kelhouzho rüli ikecü chakha puorei ba mo. Mha hau mhaca kemeyie Tivi cha
puo; morei khenu thedzeleshü-u ikecü la idi setaliekenjü. We mha hau puo rhi
kekreikreikecü nu se morosuo.
2.2.3
e-mail mu chatting sekecü ki.
FIG 4
U kikru mu u zemia ze kepfhükecü nu Internet se morosuo.
Rüsuomia dielieko kelakecü nu khawa morosuo mu sükemhieko ze
7|Page
kerüchükecü nu u kirilie morosuo, mu we nhicumiako ki u bu rüsuomia ze
kepfhükecü nu kemichie bakecüko pethashülie morosuo.
2.2.4
Miapuo do chükecü. (pretending to be someone else)
FIG 5
Internet sekecü nu mia do chü di mia sekeda suo. Internet sekecü
nu u thuo u thapie mia kieshü mo di mia sekedokebae siazha ngukecü mese
mu mia kekreimia la rei kemichie ba. U nuonuoko ki mhatho hako pu
menuokeshü u zha we.
2.2.5
Die kesuo sekecü khawa morosuo (Avoid bad language)
FIG 6
We e-mail, chatting, blogging mu social networking hakemhieko
sekecü ki u zhokesuo die morei die kesuoko se suo derei Internet sekecü ki
mia keleko rhu morosuo mu mia puo rei thakecü chüta suo, mha hakemhieko
u thuo u kirilie mu se nhicumia rei pethalie morosuo.
2.2.6
U thuo u thapie mia kiekecü dzeko keviekelie.
FIG 7
Nhicumia bu puo thuo puo dze kecükerü u kebachüko, u fon
khuko, u keneiko, password hakemhieko khashü hie nu pu petha morosuo.
Rüsuomia ki u mirhi ketsekecü chü suo mu u thuo u dze petsepereko kevielie
nukecü cha morosuo, kekreilamonyü mha hako se kekrü mu u ketso mo di mia
ze kezataliekevi keprei la.
2.2.7
Mha piekeba ki (while downloading)
Fig 8
Ütsali kerünyü mu puo dze kepfhü nu Internet seya, süsie rei mirhi
kemele(video) meho mu rüzhükecü rei chüya. We Internet se di mhako pie
morei pielie di se mia ze keza, kepekie ikecüko chü suo. Mha hako se
nhicumia petha morosuo, mu uko bu mhatho/mhathu hakemhieko kethumia
mezhüko mu mha hako ne separkecü puoca kemeyieko rei u kiri ba morosuo.
2.2.8
Chatha chükecü(Supervision)
FIG 9
Mia puoe puo nuonuoko Internet nu kedipuo chü baya shi mu
ukoe thechü kikemhie kropuo nu le meho baya shikecü si morosuo, süsie rei
ukoe themia kikemhie kropuo ze kerüchü baya shikecü meho morosuo. Uko
bu mha puotoukemo bayakezha thechüko meho molieketuo la kekhalie
8|Page
morosuo. Nhicunuoko bu Internet nu thezho-u medzi tou di silie morokesuou
la uko sekecü ki ukrünuoko bu u meho mu u ze kerhe di se morosuo.
2.2.9
Nhicumia bu Internet sekecü nu u hüshülie morosuo (encourage children
to use internet)
We nhicumia, kephrünuomia mu kekreimia bu Internet nu mha silieketuo la
mu puotou nu silieketuo la u hüshülie morosuo. Internet-e mha pesikeshüko
silieketuo mu mha süko geinu mha silieketuo nya kemeyie se puo.
2.2.10 Internet sekelie.
Mia pete rei Internet-e se kephrüca rhiekeshüu chü kemeyalieketuo mu
chükehie siro puotei nu chülieketuo nya puo ikecü si ba. Hau nu mha
silieketuo-e we se morokesuo-u mu puotou-u pesikeshüko sitoulie di
mevikelie gei ba. Thedo hako Internet nunu pesikeshüko pfhükelie geinu
ngulie vi. U khadou nu kedojü khakeshü mu kinu mhatho khakeshüko,
kephrünuomiako website nu kebako ze kemejü morosuotayakezhako, mha
hako kephrünuomia keleko perho se balie di puo bu mha kekreikreikecü nu
thu morokesuo, mha puo pu pekreikeshüu nu kebako se morokesuo, u kele
puotou mu ketho-u sikelie. Thechü kekra nu mhaca huo mia u kele
kezakeshüko peviekeliebayakezha tuoi Internet-e u noudonoule mu ketho-u si
kekreilieketuo do silieya siro puocau mu u mhitsie pfhü pesoulieya.
2.3 Komputür kesemia la zhorüli chatha(ethical rules for computer users)
Mia puo komputür sekecü ki thezho medzi morokesuo huo hakhro thushüzhie:
2.3.1
Komputür se di komputür sekeba kekreimia puo pechüpenyü hie.
2.3.2
Komputür se mia kekreimia dze rügu hie.
2.3.3
Niepumia ketso mo di mia file sekecü chü hie.
2.3.4
Kethumia ketso mo di u mhathu thu keyie hie(do not copy copyrighted
software without the author’s permission).
2.3.5
Kethumia mezhü thezhoko mu mharhüko rhulie.
2.3.6
Mia pekhrekoko rhu morosuo, noe mia geinu mha süko merüyakezha tuoi.
2.3.7
Mia ketso mo di mia komputür kinyiko se hie.
2.3.8
Diethomiatho di Internet silie(ethically).
9|Page
2.3.9
Mhanuü mha puotoukemo nu keperokecü mhatho huo ngulie ro Internet lietho
khashüyakezhako (Internet service providers) mu kekuo mu thezho khashü
mu seyakezhamia ki panyashülie.
2.3.10 Mia puoe puo thuo puo Internet sekecü puo thuo puo supuo shi thakeshüu mu
puo password-ko rüguokecü puo zha zo. Ukoe rükralieketuo la süko pie leshü
nu morei mha gei thu suo.
2.3.11 Internet sekecümia puoe komputür nunu puo nei puo nyü chü di mia dzeko
pfhü morei chükedei suo, mha süko nu u password, files ikevoko sa pu ba.
2.4 Mirhi kepetako dze(scenarios)
2.4.1
Mhitsie I
Ravi-e Kishore ki puoe ese thukelieu puo bu mehoshülie vi mo ga idi ketso,
puoe chüshütuoü di puo ki pushü di le pesoushü mo. Zha huoyo sie uko eseko
uko khadou nu kepethau-e puotou mu kekrükebako mehoshü di Kishore bu
leshüki tei tseiketa sie balie nu di pu. Kepethau unie ese kemhie üdi tha puo
kie di puo bu puocapuola pushü nuta.
Süla nhicumia bu mia mhatho meho pie thu morei dieyie kepesikeshüko
Internet nu morei u khadoumiako ki meho pie chükecü chü suo ükecü u petha
mu u chatha seilie morosuo.
2.4.2
Mhitsie 2
Vicky-e komputer kha menuo mo di komputür kibou nunu tuo prata. Bob-e
Vicky komputür nu vo balie di sü sede lalie di dieyie (E-mail) kemeda huo
thulie di kephrünuomia huo mu khadou nu dieyie kro-u nu rei ketseshü.
Süla nhicumia bu mhakipuorei mia komoputürko se kekrü mu E-mail ID-ko
se kekrü di mia nou chü pesuo mu mia za kenga suo ikecü petha morosuo.
10 | P a g e
3. Internet sikelie (Understanding Internet)
Internet-e kedipuo shikecü puoca vatshakecü kekreikreikecü kekra ba derei puocako
hakhro thukebako mehoshü ro kemhie zo ükecü lelie vi.
Vatshakeshü 1: Komputür-ko kekhekerhü bakecü ze ketho dze khakeshü nu themia
soünyie (millions) kijü pete nu komputür sekebako ze kepfüliekevi chüshüyakecü.
Vatshakeshü 2: Kijü peteu nu komputür sekebamia bu kekhe di kepekroliekevi mu kijü
zieu gei ketuoko ze kepfhesiliekevi komputür nu kekhekecü mhatho puo.
Vatshakeshü 3: kijü pete nu komputür kekhekerhükeba zho, themia puoe komputür puo
sekeba nu komputür sekeba kehoupuorei dze siliekevi kekhiekebako mu kekhekeba.
“Internet” ikecü diecau diecütou-u liro “kekhekerhükebau nu kekhekerhukebako”.
Internet-e kijüu nu puo lha kecü kekreikreikecü thenyie-e kekhekerhükebako pete rei sa.
Teisozha kehounhie puo zorei Asia nu seyie kekreikreikecü nu mia soünyie 80 mese ze
kekhe baya.
FIG 10 Kijü peteu kekhekerhükeba nu Internet üse puo chü puo mo kenyi puo ükecü nu
leya. Hau-e rozoko mu komputü-ko kezha kekra kengu pie ba. Thelhitheü krotho huo
Internet nu kekhruohi huo pie kekhekerhükebako te kengu se baya derei kekuo kese
puorei Internet nu kedipuo kemhieya mu kikemhietaya shikecü kekhakeba puorei jü,
Internet-e “miapuo vie” ikecü ba mo. Seyie kekreikreikecü kekhiekerhükebako u thuo u
meseu nu shükeiraka cha nu kekhruohi di puo kru-u nunu pete balieya
3.1 World Wide Web (WWW)
Mia pete rei Internet mu web hanie kemhie zo idi leya derei hau kekrü. Web liro
komputür sekecü nu chatha seliekevi lietho Internet nunu petabayakezhau. Hau-ue
mhathuko(documents) mu kinyiko kengukeba puo. Hau Internet nu memie kerükritho
za puo. Hau-ue dieyie kekra kijü pete nu komputürko nu kengupiekebako rükri nu
petashüliekevi chüshü.
3.1.1
Web Site-e kedipuo ga?
Web Site nu liro puo nu vo soünyie lhe kezie kekhe baya, hau mha kekra
kekra teshü kerhelie di pie kekhe pie ba sidi u khruohi pie u bu web site nu u
cha pfhülieya. We hau nunu mha pesikeshü kekreikreikecü kekra ngulieya-
11 | P a g e
Rüzhü, keshürho dze kemeyie, kerülei thechü, kherhübagei tei rhüpiekebako,
teila dze mu kekrei kekra rei ngulieya. Internet nu web site soünyie kecü ba
mu we mha u noukemvü kehoupuorei pfhülie vi.
3.1.2
Web kebachü (address) puo
Web site kehoupuorei puo thuo puo kebachü kreitou di baya, hau üse Uniform
Resource Locator morei URL iya. Puo chü puo mehoketuo la noe web
browser nu kebachü bayakezha-u gei kebachüu thushü morosuo.
3.2 Internet kese (usage of Internet)
Internet-e kepfhesiketuo la, kepesikeshüko kenguketuo, leshümhasi, keneitei, thie thie
dzeko, Internet mu mhasi kepfhü, thelhitheü tsatie, u mhathu kepekiekecü
hakemhiekecü kekra la se pekuoya.
Internet sekecü nu, mhathu kepekie hau krotho morei lhitholhiü la rübei mo derei
themia kehoupuorei u thuo u web site-ko pesielie di u thuo u dze morei u mhatho
hakemhieko world wide web nunu kepesishülie vi.
Internet geinu themia thenyie-e mha kepesikeshüko u kinu nu, leshükiko nu, Internet
café-ko, mu mhathochüko nunu pfhüpie silieya.
Internet-e kijüu nu komputür kekhekerhükebako kengu sekeba puo, mha hau
komputür sekecü chatha mia kekra seyakezha tha puo nu ketho dze khakeshüko
kelikecü nu kekhruohishüya. Internet sekecümiako mha puorhi kekreikreikecü mu
kepesikeshü dielie kerhe morei kezalie vi.
•
Mia puoe Internet se miahoumia kehoupuo komputür nu rei kekhelie di u
mhasi, u keleko kezalie vi.
•
Leshü lhe nu mha thu ketsekecü tuoi di Internet nunu we mha thu pie u
kinumiako, u kezemiako tsülie vi, u thuo thechü kehourapuo ba zo rei mu mha
se da (stamp) morei vi, hakemhiekecü kekra ba.
•
We dielie ketseshü di mia bu rei süko phrü mu thu keyielie (mia bu selie) mu
süu chü kesa lala sei balie vi.
•
We internet nunu kekhe kedojü (web-based training) mu kepetse nu mhasi
kepfhü (distance learning) rei salie vi.
12 | P a g e
3.3 Internet zhoko
3.3.1
Puo kijü riehou kezakecü(geographic sharing)
Internet kijü riehou kezakecü keyie zo kijü pete mu sümho rei vo ba. Internet
zho kemeyie puo liro, noe mha puo nu kekheshüwata liro noe peteu ze
kepfhesilie vite.
3.3.2
Puo chükecü rhiu(Architecture)
Internet rhikecü rhiu liro, puo bu kekhekebau geinu kepfhesi pekrathokelie
chülieketuo geinu kepfhesi pekrathokelie chülieketuo geinu rhishü. Miali
komputürko morei kekhekebako chülie moketa la mha kekrei peteko
peleliekesüko chü keniekewa ba mo. Thechüko huo mha chü kedikezhü ki puo
puo dielieu kedi morei biepesuowaliekenjü.
3.3.3
Kijüzieu gei sekecü (Universal Access)
Seliekevi ngulie di dielie mhathu, mhapfhe, mirhi kemele mu puoma meyie se
di kijü pete nu votsolie kevi chü rüü se. Themia puoe puo thuo kirapuo tuo shi
rei mia pete la Internet nu mha puotou-ue kemhie zo. Mia puoe kijü nu
komputür kehoupuorei ze kekhielie vi, mu noe n bara-u khawa mo di thechü n
kenei kekra nu vowalie vi.
3.4 Internet puo kemevi
Internet nu meviliekevi kekra ba.
•
Internet-ue ketho dze mu dieyie thuo tshu ba, mu hau mha chü mu kepfhesilie
kevi vokeba rei sa.
•
Mha pfhülie kevi nyako online nu bakecüko liro, rükri mu kuo se.
•
Internet-ue se rüü.
•
Ketho dze pfhü rüükecü la kephrünuomiakoe mhasa kepfhümia chülie vi.
•
Kephrünuomiako u noumvü di u mhatho chükebau Internet sekecü nunu kijüu
ze kezalie vi.
•
Internet-ue u noumvü mu mia teshülie kevi, mha silie kevi rhi kekreikreikecü
nu chüpie ba.
•
Leshülhe nu kemhie mo di web-e puotei rüdikezhüu ze ketho dze chako
khashülie vi.
13 | P a g e
•
Kepetseko nu E-mail ketsekecü ki mhakhuko puo chü kedi morei kereikecü
chütaya mo.
•
Kephrünuomia-e kijü lukihaki nunu leshüda dzeko pfhülie vi.
Internet-ue mhasilie kevi nya kengupiekeba bou kezha se puo. Mha hau la,
puoe puocapuola kebako chü kemeyiemeluo mu chü pezhapie kephrünuoko
bu u leshüki daphrükiko nu leshü nguliekebako thau ki rei rükriekuokecü
chüshüya. Kephrünuomiakoe dieyie separ kenuothoko sorkari morei sorkari
vie kemo website-ko, mha hau mhakesa pfhükeba hievihiesuoko, scientific
mu u dzie se mhachü si sekecü(artistic) kinyiko mha se kepekiekecü kiko nu
mu themia mhatho khapie kepekiekecü chüko, mu krotho kekrei
kephrünuomia bu mhasilieketuo la dielie cha bakecüko ketho dzeko silie kevi.
Leshüki nu vokecü kemeyie kenieu thako nu, Internet-ue mhatho mhacamhala
kereko pfhükecü nu selie vi.
Internet-e mhasiliekevi kekuo puokecü la mu kepfhesilie kevi cha puo, hau-e
mhasikepfhü nu se morokesuo mhasilie kevi puoma kevi kekra khashü ba.
Hau-ue u thuo u kese di mhasilie mu mha kesa pfhükecü do sikelie mu süu
chükehiekelie rei sa, mha hau puotou-u pfhükecü nu mhaca meya se keba puo
silieketuo la rhie kreikeshüu chü khrielieketuo, mu seliekevi chükelie moro
mhatho kereikecü shüphrü mu kepfhesikelie mu keze mhatho chükecü nu
kethodze pfhükecü nu mhasiliekevi nyako selie kevi kemhieko, kinyiko mu
mia ze kepfhesilie kevi chü separkelie.
3.4.1
Internet nu ketho dze pfhüliekevi(access to Internet)
Kepethamiako kephrüca khakeshüko memiekezhü nu chü kemeyalieketuo la
Internet-e u tei chülie kevi nya puo. Mha silie kevi-e mha puocapuola ki ze
mu pelelie kevi dielieko pfhü mhailie mu rüümekhro di chülie kevi gei ba, mu
kedakecü, sikelie mu ketho dze süu sikelie. Internet nu dielie hau pfhükecü nu
u khruohipie thedo hau nu ngulie vi. Khadou bou nu mhathoko mu kinu se vo
chükecü mhathoko, kephrünuomiae web site nu kebako ze kemezhü
morosuotayakezhako, mha hako kephrünuomia bu themia kekreikreikecü la
thukecü nu se morokesuo u kiri se balieyakezha chatha puo, mha pu pekrei
14 | P a g e
piekeba puo mhatho la, puotoukecüu mu pelelie vikeba-u si kekrei mu capi
chükelie. Thechü kekra mhaca kemeyie khakeshü huo la u kele kekrei huo
separyakezha la, Internet-ue ketho-u nunu u noudonoule hanie si kekreikelie
mu u thuo u noudonoule mu mha puo rhi puo bakecüu meho menuokecü
chükehielie kevi thedo kekhruohikelie nya puo.
Internet-e kepfhesikelie mu keze mhachükecü thedo sikebau chükehiekecü nu
kephrünuomia mu nhicumia la mhanya kezha se puo. Pete mho rei, Internet-e
die se sikelie do cha kevi se puo. E-mail, chat rooms mu kerüchü di mha
pepikecü kroko nu hakemhieko nu kephrünuomiakoe kepfhesilie kevi
chathako kethu rhiu nunu silieya. Mha hau kepethamiako la Internet sakecü
mhathoko pie za puo mo di pete chükecü mu süu se puotou nu leshümhasi
mhathochieko mu kepetha zho kesa vikuokecü chüliekevi cha khashü.
Keze mhachükecü mhathoko. Mhatho keze chükecüko kephrünuomia bu
leshümhasi do chükehielieketuo la chüpie balie vi, mha hau e-mail dieyie
chüpie u kromia leshüki kekrei nu bakecüko kikeshü morei seyie kekreimia ki
rei pekuo balie vi. Keze mhachükecü mhathokoe kephrünuomia noukemvü
mu u noukele teshü mu u shüphrü nu ze kesekecü la kemeyie huo khakeshü nu
rei se morosuo. Mha hakemhie chako nu, Internet-ue kelhouzho mu nanyü
kereikecü memiekezhüko puoca si pesoukelie ca kemeyie puo. Kerüchükecü
bou puo mese puo mu mhatho krothoko kephrünuomia gei puotei keze mha
chükecü nu mha silie kevi khashülie vi.
3.5 Kepekhre cako (privacy issues)
Nhicunuomia kekra Internet sekecü do si pevi se ba. Ukoe komputür sekecü ketheguo
mu dielie mu mirhiko pfhükecü mouse nekeshü geinu chükelie la u nei. Menuo ze
mhaca puo nu ngukelie nhicunuomia leshükinu voliekesü krie za hiethepfü (90%) do
u thuo u ki nunu morei leshüki nu rei komputür selie kevi chü bate. Internet nunu mia
ze kerüchü mu kepfhüsilie kevi hau nhicunuoko teshütho ba. Nkoe u tei khashü di
mia
ze
kerüchükecü
kibouko(chat
rooms)
mu
mobile
nunu
dielie
chü
mhailieyakezhako, rüzhü, kemetsakecü nu lekezhü, online mhatho kemeyieko nu
leshülhe(forms) methukebako nu thukecü(filling)-ko meho vozhie. Theruo kesuo puo,
15 | P a g e
mia krünuo kekra mhatho sükemhieko u nuonuo pekhreko kemichie nu bakecü morei
kemichie therhielieketuo cha tsakecü sitou ba mo. India nu mha ungo sekecü puo liro,
miakrünuo kekra u nuonuo Internet nunu mhatho huo nu mhachü bakecü si ba mo.
Thie Internet nunu kepfhesiliekeba teiu nu, u thuo u dzeko puoma re mu süu
rüguokecü rei sükemhie di thedo kevi puo ükecü nhicunuomia bu süu si mu letoulie
morosuo.
Online mhathoko nu nhicunuomia privacy-u thedo nu die pepiwa morokesuo huo:
•
Mha kemehoko, kepeyiekecüko, thelhitheü morei methuo nu rüzhülie kevi
web sites rüzhüko piekecü hakemhie huo mu u za rukecü.
•
E-mail seketuo la chat access mu u za ruketuo la u thuo u dze tou-u petse di
pukeshü.
•
Methuo nu rüzhü pieketuo la u za rukecü ki u thuo u dze khakeshü.
•
Social Networking Web site-ko nu theza rukecü ki u thuo u dze khakeshü.
3.5.1
Kepekhre(Privacy)
Web site huo kephrünuomia bu leshü lhe puo nu u za, E-mail kebachü, teicie,
thenumia mo thepfumia shikecü mu huoki u telefon khu mu mha
ketseshüketuo kebachü hakemhieko u dzeu sisalieketuo la thu mhaishü nu u
kethutaya. Mhacha huo puotou zo/thezho zo: u dze chakecü hako kekra rei
website-u zhoe kikemhie puo shi ikecü gei ba pekraya. U thuo u dze tou-u
Internet sekeba ki nu khakeshü-ue kephrünuomia bie pesuoketuo (u ki mha
puotoukemo cha di u kedeketa), mhanya kepekiekecü nu/moro kechükhuko
(viruses) ze kesetalie vi. Pekhre mhathoko kephrünuomiako u thuo u website
chükezhü mu u mhathu online nu sekepar. U thuo u dze petse di khashü, u
mirhi moro kephrünuomia kekrei sakecü rei, mha hako dielie tekelie mu mia
kekreimia hako se di mha puotoukemo cha nu votalie vi.
3.6 Peer To Peer (P2P) Networking.
Peer to Peer (P2P) komputür network liro puo rhi kekreikreikecü kekra kekhe di
kenourhe di chükelie mechüvie kinyiko, sünu themia huoyo rübei kekhe di sekebakoe
mhatho-u puocütou nu khashü bayakezhau monyü network puo nu mhachükebamia
16 | P a g e
mu
network gei mhachükebako cumulative bandwith-u hakemhieko se baya.
Mhapfhe mirhi kepeta, ketho dze morei digital ketho dze nguliekevi rhi kehoupuorei
node-ko tsie ketso network-ko kemhie meya sekecü hakemhieko bakecü kezakebako
ze kekhe ba.
Peer to Peer networking sekecü nu kemichie bakecü nu ro puo rhi bakemo networkko mu sikemo komputür-ko morei themia ze kezakecü geinu n komputürko gei
kechükhu, spam-ko vortalie vi.
3.6.1
Komputür sekecü chatha u neikemoko nu n komputür hieshükewa
(Exposing your computer to unwanted software)
U zhoki puo liro, Peer-to-Peer leshü(file) kezakecü mhathochieko kekra
kerüguo kevi morei sekecü nu kekhakelie hakemhieko se mhachü mo.
Mhanuü mhachü kediliekeviko nu chükedi menuokemo huo bata liro, süue
sekebamia hard disk nu kebako pete rei kekreimia pekiewaya.
3.6.2
Komputür kechükhuko mekakelie.
Süsie rei, P2P sekecü chatha kesemia puoe komputür kechükhu meka rüü se,
bahurei puoe sikemo cha huo nu mha pie ümha liro. Hamhorei, P2P
mhathochie hako kechükhuko mu zopeko (worms) hako ba di sekebamiako
komputürko bu puotou nu talie motalie vi.
3.6.3
Kethumia mezhü zho varhokecü
Kethumia mezhü zhoko kekra varhokecü u neikecü file-ko thakie, MP3
ütsali file-ko,VCD mirhi kepeta file-ko ikevoko. mu software-koe va kekra
P2P gei kezaya.
Kethumia mezhü mhathoko huo khapie mia bu pieliekevi chükeshüe
putoukemo morei kedukhrimia mharhü ketsishüwalie vi. Kethumia mezhü nu
kekuo ngulie mo di khakeshü gei kesia siazha rei ba.
3.6.4
N leshüki Internet kerükri chüpie rüli kerketa. (Slowing down
your school Internet speed)
17 | P a g e
Thelatho-u derei ketsatho-u mo, mhanuü noe file kekra peso di mia bu süko
P2P sekecü chatha leshüki cahou network nunu pie liro, network kekhakecü
süu chüpie puo bu rüli ker di cahou süu nu network pete chü kerüliwatuo.
3.6.5
P2P Network-ko sekecü chatha
•
Software cha kemesawayakezha (filter) peleliekesüko selie di n mhanyako
se ketho dze keperokecü nu cha kemesawalie.
•
File kezakecü mhathochie kekhakecüko selie di P2P mhathochie-u se
kemezhülie di süu se morosuo vorkecü teiki selie. Puo thuo puo geinu
sede parkecüu chüliekejü chüwalie.
•
Puo mhatho chükebako, kechükhu biekhrikecü mu Anti spyware bou-ko
puotei pete nu thie ketso tha nu khashü seilie.
•
Administration account se hie. Mha hau mhatho peteu pie P2P network-ko
sekeba kekreimiako pete bu ngulalie vi. Thezho medzi di mhatho chükecü
la zasou kekrei chü separlie.
•
Mha piekelie pete le pesuokecü nu selie.
•
File kemeyieko back-up chülie. Mha hau n khruohi pie n bu n file
pfhülalietuo.
•
U thuo mevilieketuo la mia ketso mo di software, file-ko ikevoko
bakecükehoupuorei vawalie. Puo sou nu, mha hakemhie puorei pie hie.
Peer to Peer network sekecü nu mevikelie kemeyietho-u liro hau-ue chüpie se
rüü.
•
Peer – to – Peer network-ko ro kekhekeba pete rei mhatho
chükezhamia chükecü rei mu khrükeliemia rei chüya, süla u tei u zha
khapie chükecü se morei vi.
•
Peer to Peer network-ue meyiekuo.
•
Peer to Peer network sedekecü rüükuo mu hau sekecüe Peer to Peer
network configuration mu puo nyako nu n tei se petsakuolie vi.
•
Peer to Peer Network-koe u tei u zha khapie chükecümia se morei vi.
Komputür network nu bakecü kehoupuorei network khakeshümia mu
sekebamia mhathochü ikecü nu mhachülie vi.
18 | P a g e
Puo thachüko:
•
Komputür puoe kehoukipuorei selie vi.
•
Network kekhrukhre-e komputür puo puo ikecüu gei kha phreshü morosuo.
•
Komputür puo puo ikecüu gei kha phreshü morosuo.
•
Komputür puo puo ikecü backup chü krei phre morosuo.
•
Ketho dze sekecü chükecü nu mha peteu kha kesekeshü puo rei ba di kese morei
kekhekelie ba mo.
•
Komputür puo puo ikecü network-u seketuo la puo thuo password kreitoutoukecü
se morosuo.
•
Network system-ko kekra kemhie, kekhrukhre bakemo mu zasi tuo kemo thezho
kropuo mia bu u pesekecü-u komputür nu file-ko khenu selie kevi khashüwa rei si
mo morei network peteko gei thedo nu die pepiwa rei si mo.
Peer to Peer Network-ko kekra bakecü thakie:
Mha kekra piekecü nu kemichie KEKRA kesa ba.
Kemichietho-u liro:
Kechükhu, Trojan, Worm, Keylogger mhathochie attachments.
IP zaru(signature) tattlers.
Torrents liro file piekecü nu meyie sekecü nu memie rükri sezhü. Noe n thuo mha
kehoupuo pfhü zhü rei, pfheü nunu vo mirhi kepetako nu application-ko ketso, Torrentkoe pfhü rüü se mu pie rüü se. sizo ürei, torrents kekrae thezho mo mu lhenu zho mu noe
süu pie üliro thezho varhote.
Peer-to-Peer file kezakecü torrent-ko gei nu sede pekraya. Hakoe file kezhako piekecü nu
thezho medzi di file kezakecü nu vi rükrükezhü. Torrents code nu chüpiekeba rhiu geinu
file kezhako piekecü rüükuo mu puoma kenyi kinyiko-e hako se sede di kesemia bu mha
pie rüükuolie bate. Torrents piekecüe ketho mu thezho nu ro mia puo puo thuo puo
komputür sekecü puo ro kekra kekhe di sebayakezha zho-u nunu pie ba, sükemhie di, mu
thela nu ketho dzeko kesapie noe file pfhükebau chü separya. Puo kereu ro, hau-e mha
kekrei sa teshü kesapie file hako gei khashü rüüthor/ KEYIE, mu hakoe dieyie khriewhiu
nu u whepfütaya, sidi N KOMPUTÜR NU le di n nya biephrowa mu rüü se di kebvüwaya,
n firewall sietsa. Süsie noe kechükhuko telie kevi ba ro telie kevi zotaya.
19 | P a g e
IP tattlers rei mha kechü puo, süu nu noe vapuo mha puo pielieta di se kerietho-u, süu-e
dielie khapie mhathochie süu meho kebamia kishüwatuo, no komoputür sekebau mu
piekelieu IP kebachü sa di. Mehokeba süla-e software chükehieketuo thelhitheü kompani
krokoe uko zha chü uko tsü di uko bu bust people downloading non-free-to-play software.
Mha ca 3 noe torrent nunu mha piekecüko KEHOUPUOREI khrükecü mhodzü chü
morokesuo liro:
1) Kepetse cha nunu mha pielie. Cyber café morei kekrei methuo wifi zone kemhieko
nu. Noe kepetse nu mha pie ro kemehomiakoe n pfhüliekenjü, süu-ue no kirapuo
nu mha pie shi thechü süu dielie rübei ketsekeshü zotuo.
2) N komputür nu thechü khrukhrekecü ra nu mha pielie, Mhapuo shürheithor (highly
active) cü nu hie, morei n antivirus mhathochieko nu quarantine file puo
kekhakeba nunu rei hie.
3) Torrent nu mha kehoupuorei pie liro bavüdo 48 pfhelie di süsie nu süu se sedelie,
mu süu chükecü mhodzü kechükhu ba mo shi meho di süu chüwalie. Kechükhu
kekra rei bavüdo kerie 48 khakeshü donu telietaya, mu noe n kechükhu tekelie
mhathochieu defination updates nguliekemochie pfhe morosuo, noe süu n
perhieliekecü mhodzü puo ze kegeilieketuo la. Mha hau bu mia kekreimia puo gei
chü rielie ro vikuo.
Kekhruohiko:
http://hubpages.com/hub/torrent-sites-overview
https://torrentsprivacy.com/
http://www.techfuels.com/general-networking/10266-advantages-peerpeernetworks.html
http://www.ucertify.com/article/what-are-the-advantages-and-disadvantages-ofapeer-to-peer-network.html
http://www.techsoup.org/learningcenter/networks/page4774.cfm
20 | P a g e
4. Pfhükecü kemele nyako mu web browser-ko
Pfhükecü kemele nyakoe Internet nu mha kehoupuorei pfhükecü rükri mu rüükecü
chüshüya. Mha pfhükecü kemele nyakoe n bu nhicumia la puotoukemoko khalie kevi
chüshüya. Internet nu mha puotoukemo pfhü di ngukelieko khakewa geinu n nuonuo bu
mha kemichie morei mha kepetsouko geinu u phi mesü molieketuo chü pevi selie vi.
Mhakepfhü nu ngukelieko cha kemesakecükoe chü tseiliete ikecü-u mo. Tsierei se
nyükemo huo la par zotuo.
4.1 Mha pfhükecü kemele nyako sekecü.
CTRL-F ahza-u se di miali web page kehoupuorei pfhülie vi. Websites kekra
pfhükecü bouko kropuo khashü di n bu site süu nu page-ko pfhülieya, moro puo
ketho dze mvüdze(ketho dze pfhüliekevi khakeshübase) nu thu sekebako pfhülieya.
Pfhükecü hau liro dielie pfhükecü nu chüliekevitho-u zo.
Dieca pfhükecü liro pfhükecü ahza kehoupuo do chü zorei pfhülie vi. Dieca puo thuo
kreitou bakecü puo pfhükecü ki puo do nu thechü khapie balie. Diekhu
kreitoukecüu(Keywords) pie dieca kreitoukecü nu mhakhu(encoding0 rhi nu thulie
pie “double quotation marks” pfhüketuoe pfhükecü kemele nya kekra pie phrase puo
chülieya. Huokipuo diecha(phrase) üse “character string” idi kieya.
4.1.1
Use+REQUIRE moro –REJECT A TERM OR PHRASE
Puo donu thechü khapie ba mo di + kha mhaishülie, mhathuko puotei bakecü
puo pfhükecü tei se petsalieketuo la. Thechü khapie ba mo di – kha
mhaishülie, mhathuko puotei bakecü puo khawaketuo la.
4.2 Internet Browser(s) Security
Web browser-e dielie mu World Wide Web nu kinyiko sekecü nu mevilieketuo la.
Hau-ue se pfhü mu pekiekeshü chüyakezha software khashükecü puo. Web browser
mhatho kemeyietho-u liro dieyie kemeyieko separkecü zo. Mhatho hau Uniform
Resource Identifier (URI) moro Uniform Resource Locator (URL) seya.
4.2.1
Uniform Resource Locator(URL)
Fig 11
URL-ue http://www.infosecawareness.in sou chüya.
21 | P a g e
URL puo puo ikecüe kezapie za kekreikreikecü chüpie bayakecü hakhro
khakeshü nu ngulietuo.
http:// -> kedzü nu, http = Hypertext Transfer Protocol mu file-u liro web lhe
puo mu nkoe puotei pete nu http-u thu morei vi, hau browser thuo puo geinu
khashüwaya.
www - world wide web (kijü peteu nu shüro tsa kemhie di kekhe bakecü)
infosecawareness – thechü-u za (site name)
.in – hau liro kekhakeba thechü puo za, hau seyie puo za reilie vi.
Kekuo riehou za kekreiko liro, .com(thelhitheü cha tsa krotho), .net(network
kekuo riehou) ikevoko.
(krotho puo kebachü gei krotho-u kebachü chiekeshü mu puo kebachü üse
kekuo riehou za{domain name} isiya)
Co.in – diemei morei kijü zieu kekuo riehou zae krotho puo kebachü
chiekeshü mu seyieu bode diemeiu co.in India nu thelhitheü krotho puo
pukeba kemhie di pesishüya.
Web browser puoe web server puo ze kekhe khre baya, sidi dielieko
pfhülashüya. Web server puo puo ikecü IP address chiekeshü ba phreya, mu
http se di vapuo web server ze kekhelieta liro, süu-ue hypet text mark-up
language (HTML) süu die se World Wide web nu mhathu separyakecü mu
süu nu mhathu sü tou-u web browser nu kepekielashüyakecü-u phrüshüya.
Kedzü nu, browser liro mha seliekevi puo World Wide Web nu dielieko
pfhülie kevi mu ze kepfhülie kevi cha khashüyakezha puo.
4.2.2
Web Browser-ko sekecü do sikelie.
Web browser-e software seliekevi khakeshü puo. Süu Internet nu tazhüya mu
web page-ko meholiekevi chüshüya. Sü rübei zomonyü mha kebako,
kemeduonyako, mirhi kemele kepetako, ütsali, mirhiko, mirhi kemele mu
kekrei kekra rei sa.
Die kekrei nu putoü ro, browser-e seliekevi khakeshü puo mu süu puo zho puo
medzi di world wide web nu dielie pete nu mha meholie mu kerüchüliekevi
khashüya.
22 | P a g e
4.2.3
web browser-ko puo rhi kekreikreikecüko.
Fig 12
Web browser-ko kekreikreikecü puo zho rei kekreikreikecü baya.
Web browser-e miali komputür puo nu rübei mhakechü nya chü di baya mo,
derei mobile fonko nu dielie ngukelie nu rei sa seya. Kemeduonya
kekreikreikecü web browser-ko back up chükecü ba, sükosü liro, Java, frames,
XHTML mu kekrei kekra sa ba. Web browser-ko die kekreikreikecü
Kekradie, Germanimia die, Chinamia die, Arabmia die ikecü kemhie mu
kekrei kekra nu rei baya. Web browser-ko kese da sikelie geinu, Internet
sekecü rei rüükuo mu chükhrielieya.
4.2.4
Web browser mia nei chüthokelie huo.
4.2.4.1 Internet Explorer(IE)
Hau üse Microsoft Internet Explorer mu IE idi kedzü nu seya. Hau-ue web
browser-ko donu mia nei chüthokelie puo. IE chükelie thelatho-u windows
operating system huo: window XP, windows 2003 mu windows vista
hakemhieko nu ba di ngulie vi. Fig 13
4.2.4.2 Mozilla Firefox
Hau mozilla thelhitheü krotho puo thuo chü sekepar web browser cha
khrükeshü nu methuo vie puo. Browser-ue puo cha kekreikreikecü nu
mhatho windows, MAC, Linux hakemhieko kekra selie vi.
Fig 14
4.2.4.3 Google Chrome
Hau-ue web browser puo puorhiu chüpie windows oprating system la
chükeshü puo. Browser hau windows XP mu windows vista nu talieya.
Fig 15
4.2.4.4 Safari
Apple corporation chükeshü web browser puo. Hau-ue MAC OS X nu
kedaliekevi kekrei puo khashü mo ro kreimo-kecü(default) web browser
puo. Browser hau windows XP mu Windows vista nu rei talieya. Fig 16
23 | P a g e
4.3 Web browser tsatie kemichie.
Software perhiekecü kemichie nu bakecü web browser-ko gei kemevi ngulie di mha
kede kra miemie patazhie. Thedo nu die pepikecü kelhiekecü website-ko geinu
kemichie nu bakecüko kehie pie web browser-ko nu khashüwa bate. Web browser nu
kethachüko sekecü perhiekebamiako la komputür nyako nu thedo nu die pepikecü
meyie se bate, komputür sekecümia kekra kikemhie di uko web browser chükecü rhiu
chüpie khrukhrelietuo shi siya mokecü kemhie morei uko web browser chüpie
khrukhrelieketuo la puo mhathoko chüliekevi mu chüliekesuo se morokesuo nu chüya
mo.
Fig 17
4.3.1
Web browser kekhrukhre
FIG 18
Kekrei se morokesuo nu, web browser puoe mha puo medzi di
chüpie baya, süu-ue kekhrukhre zhoko pete puo gei ba phre mo. Web browser
kekra Internet Explorer, Mozilla, Google chrome hakemhiecü kekrei kekra
komputür nu khepie baya. Süko tsie melie se sei baya. Web browser chü
kekhrukhrelie mo liro mha kere spyware, malware, kechükhuko, worms
ikevoko ze kesetaya. Süu se komputür puo gei khekeshü geinu
mhakebvükecümiako bu n komputür-u kekha se batalie vi. Software
perhiekecü nu mha kedekecü krakuo siertazhie mu süu web browser nu
kethachüko gei mevilie rei si mo. Web browser nu software huo Javascript,
Active X ikevo huo komputür zhoko nu kethachüko sedeshü balie vi. Süla no
web browser sekebau nu kekhrukhre zho huo khashükewae mha kemeyie puo,
kekreilamonyü hau geinu n komputür gei kemichie-u chü petsaliekevi la.
Tsiemelie web browser-ko thie ketso rhiu nu chüshüya. Software rhiu geinu
puo zhoko mu kedakecüko keditalie vi. Süla web browser update chükewa
selie nu di kepuya.
4.3.2
Kekhrukhre thechü (security zone)
Internet web browser nu kemichiekejü thechü-e n pie browser bu khrukhre di
balie mu Internet nu themiako mu thelhitheü krothoko pelelieya. Hau n
khruohipie n bu site kiu bu application, script, add-ons pie n komputür plug-in
24 | P a g e
khekecüko khashütuo shi pepishüya. Security zone-e puo zho kekrei
chakhakeba thechü-ko khro nu web site kebachüko sa pekrakecü kemhieko
baya. Puozho hau Internet Explorer nu baya mu hau peleliesükemo thechüko
morei mha perhiekecü thechüko cha khawaya. Mhaca hau firefox nu ngulie vi,
mu web browser kekreikreikecü rhiu geinu ngulietuo.
4.3.3
Peleliekevi thechüko
Internet liro themia kekhekeba puo, mhanya kekreikreikecü pete ze, themia
kekreikreikecü pete ze kekhe keba pulie vi. Hai zo di, noe themia n khaki keba
pete pele zotaya mo, süla we kiüdi website pete pelelie vi ta? Sümho rei kiüdi
noe n thuo kekhalie mo di mia pete bu vor n komputü se ta? FIG 19
Süla supuo pele ro vi ta ikecü pepiketuo la site-ko nu puozhoko selie.
4.4 Kikemhie di n web browser chü kekhrukhrelie ta?
4.4.1
Internet Explorer (IE Version 9)
Hakhro thupiekebako liro Internet Explorer nu puozho mu süko khekecü huo.
Hakhro khakeshüko
•
Setting/tool tab geinu -> safety -> noe hakemhie huo kedaliekevi
ngulietuo
25 | P a g e
•
Pfhükecü kerüguo (tracking protection)
•
Smart Screen Filter
•
In private browsing (mialiu mha mehokecü nu)
•
Active X filtering
•
Report unsafe website (website khrukhrekemo pukeshü)
•
Cross Site Scripting
5. Kerhu chakecü (Filtering) mhathoko
3.9 TCP Wrappers
TCP Wrapper-e se di kekhrukhre lietho dze pushü di sa pekrakeshü pie mha kebvükecü
mu access kekhakecü. TCP Wrapper-ko liro file-ko kenie nu kekhaya.
/etc/hosts.allow
/etc/hosts.deny
Chatha khakeshüue puo moü di pesoshükebako “ALL:ALL @ALL,PARANOID” file
nu ‘/etc/hosts.deny’ file khashü mu chü kemecümecie pie peleliekesü khashükeba file nu
khashü di ‘/etc/hosts.allow’ hakhro khakeshü kemhie di:
Ssh:192.168.1.2
Ftp:192.168.2.2
In.telnet:10.0.0.0/255.255.0# allow access from my internal
3.10 Log-ko mehokecü
Mhathoko pete ngulieketuo la sekecüko mu meho pie chü puotoukecü chüpie ba morosuo
ikecü kepuya. Mha kedaliekevi khashü moketa nu syslog-e ketho dze khakeshüko
in/var/log bayakezha thechü-u nu kengupie baya. Hau software configuration
troubleshooting moro seliekevi zhoko varhokecü pfhüketuo la se morokesuo puo.
Logcheck
Logcheck-e dielie file-ko mu mha kekreiko thezho puo medzi di crontab geinu
mhathochie rhielie vi bakecüko meho votuo mu email dze pukeshü puo ketsepie
lekepesuo mhatho kehoupuorei gei shütuo. Logcheck mu documentation hanie-e hau nu
ngulie vi:
http://www.psionic.com/abacus/logcheck/
colorlogs
Colorlogs-e code log lines nu, n bu mhatho kesuoko ngu mhailieketuo la puo zie(color)
theshütuo. Mha hau ketsoliekevi ca kemeyie puo derei a kesi ki zo we mia huoyo rübei
log file-ko kemeyieu takezhü nu meho petsataya. Noe hau geinu ngulie vi:
26 | P a g e
http://www.resentment.org/projects/colorlogs/
WOTS
WOTS liro log file-ko puo cha kekreikreikecü nunu kengushüya mu chü separkeshüko
dze pushü moro noe pukeshü morei chükeshü geinu mele partuo. WOTS-e puotei puotei
nu melekeshü noe puocapuola pukeshüko mehoya mu noe ahza khakeshüko rhü
separshüya (mail a report, sound an alert, ikecü kekra). WOTS-e no perl khekeshü pie
morosuo mu hau nu ngulie vi:
http://www.vcpc.univie.ac.at/~te/tools?
Swatch
Swatch-e WOTS ze kerie se, mu log files chü kedeikecüko rei kemhie se. Noe swatch
hau nu pielie vi:
ftp://ftp.stanford.edu/general/security-tools/swatch/
audited (kernel Loggin)
Auditd-u liro puo zho-u la puotou nu mehoketuo la khakeshüu. Puoe disk nu thu seketuo
chü kemezhükecü mese. Sedekecü ki, /etc/audit.rules daemon thezho hau nunu phrüya.
Noe /etc/audit.rules hau kehielie vi sidi setup audit file log kebachü mu mha kekrei rei
kedapie chü kedilie vi. Noe puotou toukecü nu chükecü kedojü puo se morosuo üliro
mhakechü nya hau n la puotoute, noe hau nu ngulie vi:
ftp://ftp.hert.org/pub/linux/audited/
3.11 SSH Security
OpenSSH liro kemichiekejü kekhotho nu puo zho medzi di khrukhrekecü rhi nu rhikeshü
puo, süu telent geinu kemichiekenyi kepetse nu seliekeviko puo tha chü kedishüya.
OpenSSH se di kepetse nu khrü leliekevi, backup-ko chükecü, kepetse nu Scp morei stfp
geinu bie kedikecü mu kekrei kekra sa chüya.
File mu port kedaliekevi khashükemo nu bakecü:
/etc/ssh/sshd_config_openSSH server configuration file
/etc/ssh/ssh_config_openSSH client configuration file
27 | P a g e
~/.ssh/-users ssh configuration directory
~/.ssh/authorized_keys moro ~/.ssh/authorized_keys_mechü-u
la cabiko thupie baya
(RSA moro DSA) sekebau zau nunu le di selie vi.
/etc/nologin – mhanuü file hau bataü liro, ssh root log in nu zokemo sie miapuorei bu le
mvütaya.
/etc/host.allow mu /etc/hosts.deny: seliekevi kekhakecü thupie kebako tcpwrapperko-e
chü kemeteishü morokesuo hanu puocha rhieshüya.
SSH Default port: TCP22
Disable openSSH server: desktop huo mu laptop ikecü openSSH server se mo di
mhachülieya. Mhanuü kepetse access morei lekecü se morei vi ümha liro puo bu
chüliekelho hakhro ahzako se di chüwalie.
# chkconfig sshd off – Redhat/Fedora
# yum erase openssh – server – Redhat/Fedora
# apt – get remove openssh – server – Debian/ubuntu/BOSS
Only use SSH Protocol 2(thezhoko kemedzi 2SSH rübei selie): SSH protocol version
1 liro puo kethachü nyi, süla SSH version 1 sekecü therhielie morosuo. ssh_config file
khrüshü di mhacha hako bu ba toukelie chülie:
Protocol 2
Limit User. SSH Access: Default geinu system pete rei SSHserver ze kekhelie kevi
khashüya. Vi mu puotoukecü kesemiako bu rübei seketuo la mu kekreimia cha khaketuo
la, edit sshd_config file, sidi hakhro khakeshü chako sashülie:
AllowUser root user 2 user 3
DenyUsers user 4 user 5 user 6
-> to allow specific users
-> To deny specific users
3.12 Chatha kekrei (other recommendations)
● FTP, Telnet mu rsh kekhruohiko se molieketuo la rüditalie, süu sou nu SFTP, openSSH
selie.
28 | P a g e
● /Sbin mu /etc/ directory-ko puo mie nu chükeshüko bu se baükecü chütoulie.
Thezho medzi di sekebako default chükelie geinu system-u reboot chüwalie vi, hau
“reboot” ahza moro CTRL+ALT+DEL nekeshü geinu lie vi. Hau bu chüliekesuo
chüketuo la /sbin/halt hau puo mie nu chükeshüko bu se ba ükecü chütoulie.
# Chmod 700/sbin/halt
● Chüliekesuo chüketuo la CTRL+ALT+DEL, edi/etc/initab lha süu nu thupiekebako
dzeu pushü, ca:ctrlaltdel:sbin/shutdown_t3-r tsie hakhro khakeshü mhie di, sidi pekru se
balie mu kethu-u nunu ta patalie.
#ca:: ctrlaltdel:/sbin/shutdown - t3 - r now
● Mi petuketuo nekecüko(Consoles) puo mie nunu khrü leliekesuo chülieketuo mu
chükedilieketuo la /etc/securetty file mu puo thuo puo chau gei kepushülie.
● Security Enhanced Linux:
Security Enhanced Linux kernel liro puo zhoko pete kekha tseishüketuo kekuo khapie
mhathochieko mu puo nya kesekeshüko puoma ketsatho/keketho nu mha chülie kevi uko
mhathoko chüketuo la se morokesuo khashüya.
Puo chakhako la hako se chüya, puo sekebau mhathochieko chüliekevi nu puo rhi peteu
daemons thedo nu die pepiwa di mhakere khakeshü (via buffer overflows moro mis
configurations) liro chü petsa moro chü kemedzashüya.
● File kerhekecü:
Linux mu windows gei kekhekebako file kezaketuo la, Samba software package seya.
Samba-e chüpie code nu thukecü puokhuko, kesemia rhiu nunu uko bu seliekelho chü
moro IP kebachü thashüyakezha selie vi, mu file thau nu chülieya.
● Code nu thukecü (Code nu thukecü):
Kepelekeba dielie khapie keba nu kemichie kehieshülie kevi-u chü petsalieketuo la, code
nu thukecü-e kedalievikeba puotou puo. Mhatho nya openPGP mu GnuPG hakemhieko
code nu thukecü e-mail-ko mu kekhekebako, süsie rei disk nu file khapiekebako
khashüliekevi khashüya.
● Kechükhu teketuo kerüguo(Anti virus protection):
Linux la antiVirus mhathochieko rei baya, hau system gei kemichie votaliekeviko chü
petsashüya. Clanav mu vexira hako ro Linux nu AntiVirus kechü nya huo.
29 | P a g e
● Floppies, cdroms mu USB-ko hakemhieko se bayakezhako bu chüliekesuo chüwalie.
Telnet, rsh,http seyakezha iptables hakemhie mhathoko bu chüliekesuo chüwalie.
● Liethoko mu khashüliekeviko se morei viketako khawalie, kekreilamonyü liethoko
petakeba krakuo mu mha kebvükecüko ki port khrü pekrakuokuotatuo. (port liro
ler/pakecü application tie puo). Süla system puo rüguoketuoe lietho se moreikeviko
khakewau zo.
MAC OS Hardening.
4.1 Dietherie
Khrüpiekeba kekhrukhre khekecü la liro, mha pete kekhekeba-u kedaliekevi (system preference)
nu volie, u thuo u la chüpiekeba nu security neshülie. Hakhro khakeshü kemhie di.
Fig 20
Hakhro khakeshü kemhie di Security nu neshülie süu keziekou(window) puo khrüshütuo, sidi
screen saver password, system preference security, filevault mu firewall chüshütuo. Keze petse
di screen shot screen saver password mu kekhrukhre
khekecü kekrei rei puo rhiu nu chü ba shi hakhro nu kepushütuo.
4.2 Pete la chükecüko(General settings)
Screen saver puo sedekecü ki, kedaliekevi kerietho-u liro, puokhu( password) puo chütuo. Hai zo
di screen saver-e puokhu puo ketso zoya mo, mhanuü puo sedeketa sie nu kedaliekevi kerietho-u
kedalieta zorei “require password 5 minutes after sleep or screen saver begins” isi di partuo.
Fig 21
Hakhro seliekevi kepukeshü sekebamia pete gei chakecü puo ukoe chülieta liro, kedaliekevi
khakeshü kenieu-ue puo thuo puo geinu sekebamia pete la sedekeshü ki khrü lekecü chüliekesuo
chüwatuo. Noe “Disable automatic login. mehoshü ro, sekebamia pete rei pekhrekhu khashü di
komputür nu le morosuo.
Fig 22
Hasieu kedaliekevi khakeshüu “require password to unlock each system preferences pane”-e
komputür nu kedaliekevi khashüyakezhau cabi khawatuo mu pekhrekhu puo khashü di khakebau
30 | P a g e
pane kehoupuorei la khrü morosuotatuo mu noe pane kehoupuorei khrüshüketuo la lock icon nu
neshülie morosuo. Hakhro khakeshü kemhie di.
Fig 23
Kedaliekevi khakeshü sü sieso-u liro “Log out after <n> minutes of inactivity” hau puo thuo puo
geinu komputür -u <n. tsevü de mhachümo bata ro sekebau gei khawatatuo.
4.3 Filevault
Filevault n kinu mha khapiekeba-u(home folder) gei dielieu mhakhu nu thuliekevi khashüya.
Filevault-e n kinu mha khapiekebau la puo bou(volume) kekrei puo chü separshüya mu sünu
bakecüko encrypt chüshüya. N kinu mha khapiekebau nu ketho dze pfhüliekevi bakecüko
mhakhu nu thupie balieya süla mhanuü noe n komputür pejüwa morei mia bu rügulie zorei n
dielieko khrukhrete. Filevault-e sorkari-e u medokelie kekhathoko code nu thukecü standard,
Advanced Code nu thukecü Standard 128-bit keys (AES-128) bakecüu seya.
Fig 24
Filevault nu voketuo la, “Turn on Filevault” khakeshüu nu neshülie, Filevault chüliekevi
chükelie sie, n kinu mha khapiekebau nu file pete mhakhu nu thuwaya. Noe password puotou-u
khashü morosuo, kinu mhabou-u nunu file kehoupuorei seliekevi chüketuo la.
Noe Filevault nu khrü lekecü ki, puoe Filevault chüliekevi chükeshü mhodzü kemichie hakhro
khakeshü-u pesishütuo.
Fig 25
4.4 Firewall
Firewall Mac OS X v10.5.1 mu kenuo-u ro Application Firewall, hau port metsi rhi nunu mo di n
bu sekecü (application) metsi mha kemeyieu geinu kekhepiekebako kekhakelie khashütuo. Hau
Firewall kerüguo gei kemeviko geinu mevi rüükuokelie chüshüya, mu senyükemo sekecüko
network port kekhataliekevi, süko thezho nu sekecüko kehiepie bayakezhako khruohipie
kediwaya.
Fig 26
31 | P a g e
No riekezhü kedaliekevi chüpiekebako nekeshü ki, süu n bu kedaliekevi khashütuo, komputür-u
nu sekeba kehoupuorei seliekevi chülieketuo la sa pekrakewa. “Block all incoming connection”
kedakelie geinu, noe kerieki komputür-u nu sekecü gei selieketuo chüketuo la sa pekrakelieko
therhie bate, süusü puo nou lerketuo la teshükesakecü kha.
4.5 Set the Root password
MAC OS X, kedaliekevi chülie mokecü nu, puo za mie-u bu chüliekelho nu chükedeiwate mu
puo khu methuo di puo za khawate. Puo khu kemetei puo se mo di, mha kekhekeba pete
kehoupuorei thedo nu die pepi rüü se di pepiwalie vi.
Fig 27
Sekebau zako chüshüketuo la, komputür u nei kedakelie kebau nu volie di Accounts window
khrüshüyakezha nu neshülie, hakhro khashükecü kemhie di.
Fig 28
Hanu noe sekebau account mu pekhrekhu kedalie vi moro zatho za kedeilie vi.
4.6 Disable Auto Logon
Mac OS X chükedeilieketuo khashü mo di chüpiekebau nu chükecü la puo thuo puo geinu mha
kekhakecüko sekecü chükeshü kerietho-u nu lelie. Süsie rei, Mac OS X, kedaliekevi khashü
moketa nu, login windows nu sekebamia za puotoukecüko pete pekieshüya. Süsie rei, va 3
puotoukemo nu leketuo dojüta ro, puo tho chüliekemo nu, puo khu siliekevi puo sekebau ki kha
mhaishütuo. Hau se rüükecü khashü mu/moro dielie seliekevi pie mia kehoupuo ki rei
khashütuo, mha pete kekhe bakecü nu chüümo seliekevi sa di, puozho hako bu komputürko pete
gei chüliekesuo chüwa morosuo.
Fig 29
Puo thuo puo geinu chüliekesuo chüketuo la, sekebau zasou khrüshülie, login kedaliekevi
bakecüko nu neshülie mu puo thuo separliekevi login “OFF” kedalie. Noe kedaliekevi kekreiko
login window-u geinu sede kesa latuo mo, kepekie, ze mu khakewa puo khuko, pekhrekhu
siliekevi thakeshü nu voiceOver hakemhieko ba.
32 | P a g e
4.7. Puo soukechü(Backups)
Ketho dze pfhüliekevi khakeshü-u nu puo thuo hardware thuo suo phreta zo ürei ketho dze
pfhüliekevi khakeshüko ngulalieketuo la tsie melie puotei puotei nu puo soukechü puo khashü
morokesuo kepuya.
Windows 2008 Hardening
5.1 Configure a security policy:
Security Configuration wizard Add geinu khekecü (install) chülie mu windows mha puo za
kekreikreikecü port mu lietho telieyakezhau khawalie, mu registry pethashülie mu khashükebau
mhatho rhiu geinu chü kemezhükeshülie.
● Keseshükebau-u mhatho geinu se morei vikecü mhathoko bu seliekesuo chüwalie.
● Firewall thezho sekemoko chüwalie mu firewall thezho baluokecüko chü petsawalie.
● Chakhakeba mha chü kemiekecüko puocapuola pushülie.
Security Policy Wizard la configure chüketuo la start - -> Programs - ->
Administration Tools - -> Security Configuration Wizard nu volie.
Fig 30
Fig 31
5.2 Account se moreikeviko vawa moro chüliekesuo chüwalie (Disable or
Delete unnecessary accounts):
Mha pekakecüko va kekra server port nu mu lietho(service) sekemoko nu le kemevi ngulieya.
Süla sekemo ports, puo zho kemedziko kha se batalie mu lietho se morei keviko bu chüliekelho
chükewa geinu. Kedaliekevi khashülie moketa nunu khekecü chükeba ki mhatho chükebau, rüso
mu kekhruohi khruohikeshü hako chü separte. Mha pekakecüko bu sekecü nu mevikecü chü
pereketuo la Administrator za-u bu chüliekesuo chüwa morosuo, hau-ue khrukhre puo do
kesimiakecü la. Guest mu Help Assistance nie bu puotei pete nu chüliekesuo chü morosuo.
Account-ko chüliekesuo morei vaketuo la:
Start - -> programs - -> administrative Tools - -> Server Manager nu volie.
Configuration - -> Local user and Groups - -> users
User-u gei thezatsa neshülie - -> properties - -> check for the accounts is disabled
33 | P a g e
Fig 32
Fig 33
5.3 Sekecü moro puo tho se moreikeviko khe motalie.
Mha sekecü kidepuo mha keseshüyakezhako nu kheshü shi süko pete bu mhatho ze kekhe
morosuo. Kele kevi puo liro, sekecü hako keza seketa mhodzü ukhieumhou kreitoukecü puo nu
network sekepar-u dojü mehowakecü. Sekecü huo lietho kitho kikhako selieya, süu huokipuo
keseshüyakezha peteu kekhrukhre pepishüya.
Belarc advisor: Hau software mu hardware kekhepiekeba missing patches fixes, antivirus status
ikecü pengushüya. Hau puoma sa mo mu u thuo u la, sorkari bu puo mha chükelieko, süu puozho
kekra komputür kekra managing security rei sakecüko rei selie vi.
Application se moreikevi kekhekebako bielaketuo la:
Start - -> Programs - -> Administrative tools - -> Server manager - -> Roles - -> Click
remove roles nu volie
Fig 34
Fig 35
5.4 Windows 2008 firewall configure chülie:
Windows 2008 server liro Advance Security geinu windows firewall üdi built in firewall geinu
vorya. Kekhrukhre kedojü kevitho puo liro, keseshükeba pete rei u thuo sekeba firewall,
bidirectional firewall süu chazoukepa mu puonoukeler traffic-u
cha kemesa pie puo chülieya. IPSEC mhakhu nu thukecüu liro kekhekecü puo gei chü kebawaya.
Noe windows Active Directory objects, source mu destination IP kebachüko mu puo zho
kemedziko selie di firewall zhoko rükriekezhü zho nu chülie vi.
Windows 2008 firewall configure chüketuo la: start - -> control panel - -> windows firewalls -> change settings nu volie.
Fig 36
Fig 37
Fig 38
34 | P a g e
5.4 Mha chükemezhükecü pethakecü(Configure Auditing):
Mhatho hako nu le mu chü kemie morosuo.
● Audit account logon mhathoko
● Audit account management
● Audit directory services
● Audit logon service
● Audit object access
● Audit policy change
● Audit priviledge use
● Audit process tracking
● Audit system events
Auditing configure chüketuo la: hanu volie, Start - -> Control Panel - -> Administrative Tools
- -> LocalSecurity policy - -> Security Settings - -> Local policies - -> Audit policies.
Fig 39
Tsevü, mu miapuorei hako pete puoma morei khokekreikecü chüliekenjü. Web site-ko kesa
morei thiedzü puoma rhieshükemoko puotou nu yalieketuo la, Blue Coat’s Patent – pending
Dynamic Real- time rating ™ (DRTR) technology puo
thuo puo geinu web page thako puoma rhieshükemoko la mhalemhamedoshüya, mu no pu
pekreikeshüko geinu chüliekevi chüshü mu moro khawaya.
● N komputür bu ta rülitakelho nu rüguo sei balieketuo la – caching liro web browser-e
ketho dze sekebako tsiekenuo pekrushüyakezha mhatho zho-u zo, süu Internet nu dielie
chakeshüko chü petsakeshüko geinu chüliekevi-u chü kehieshüya. K9 liro Blue Coat-e unique
caching technology seya, süla no Internet se di sikelieu puotei pete nu chüliekevi ketso rükriya.
Hanu ngusalie vi:
http://www 1. K9 websprotection.com/
5.6 Spam Filter
Mha bakecüko mu website chakecü ze di tsiedo e-mail chüliekevi khashüyakezhako pete rei
spam chakecü geinu chüliete.
35 | P a g e
Mhanuü noe ID peletou mo morei e-mail ID sikemomia sekeba puo üliro Spam filter kedaliekevi
bakecüu nu neshülie di e-mail ID sa khashülie,.
●Hakhro thakie khakeshü nu
Fig 40
36 | P a g e
6. Internet Mediated communication
6.1 E-mail security
FIG 41
E-mail ikecüu liro Electronic Mail chü pedzükecü-u zo. Internet nu lietho
hau se kemeyatho bakecü puo. Internet nu e-mail se dieyie thu keyiekecü chüya.
Dieyie hau ngulieketuo-u E-mail kebachü-u selie di ketseshüya mu lutsa rei sükemhie
chükecüu. E-mail-e tsevü huoyo donu mia kekra ki vapuo nu dielie ketse pie puo bu
voketuo chü-u tsolie vi. E-mail-e keza pie kenie chüpie baya, dieyie tsüu(header)-e
dielie kekhakecüko baya, kethotoukecü chüshüyakezha puo e-mail kebachü mu
ngukeliemia kebachüko mu dieyie mo-u puo moro süki kra, süu e-mail bakecüu.
E-mail system huo liro komputür zho puo nu moro network kecü puo nu khapie baya,
sidi ukoe E-mail zho kekrei careu geinu kekhe baya, süu sekebamia bu kijüu gei mia
kehoupuorei ze kekheliekevi chüshüya. Mikemela kekuo nu dielie thu ketsekecü
zhoko puo thuo puo pethakecü rhiko kekreikreikecü baya zoürei, mha kekhokeke huo
parya MAPI, X.400 hako huo baya süko sekebamia bu dielie ketsepie electronic mail
system kekreikreikecüko nu khashülieya.
MAPI liro Mail Application Programming Interface puo. Mha pete kekhekebau
windows geinu chükecüko, süko mail sekecü kekreikreikecüko keze mhachü di mailko kezaya. MAPI-e sekecü kenienie nu seliekevi chülie kemochie sekebamiakoe
dieyieko se huoniehuo ze kezalie vi. X.400 liro kijü zieu gei puo zho puo medzi di
standard format puo pie e-mail dieyieko pete la keseshüya. X.500 liro X.400 thau chü
kemeyakeshü puo, süu standard addresssing format-ko kesepie e-mial gei
kekhekebako puoe puo ze keperokecüu chüshü di e-mail ketselieya.
6.1.1
E-mail-e kikemhie di mhachülieya ga?
Hakhro khakeshü mirhi nu e-mail kikemhie di mhachüya shikecü ngulietuo.
Mail server puo puokecü puo gei mha keseshüyakezha kenie mhakechü nya
puo gei ba di ta keduozhüya. Puo liroro PoP3 (Post office Protocol) moro
37 | P a g e
IMAP (Internet Mail Access Protocol) keseshüyakezha dielieko lekecüko
tepie balieya mu kekreiu ro SMTP (Simple Message Transfer Protocol) server
dielieko chazou pakecüko tepie baya. SMTP ro port khu 25 gei mhachüya mu
PoP ro port khu 10 gei mhachüya mu IMAP ro port khu 143 gei mhachüya.
Fig 42
•
Mirhi pesogei khaskeshüu nu, client 1 liro mail server 1 nu puoza ba, mu client 2
liro puoza mail server 2 nu ba.
•
Client 1 mail puo ketsepie client 2 tsükeshü ki, dielie-u mail server 1 vie SMTP
keseshüyakezha nu vo rietaya. Hanu SMTP keseshüyakezhau-e ngukelieu kebachü
kezapie za kenie chülieya, sünie liro kesemia za(username) mu kekuo sekeba chü
za.
•
Thakie, mhanuü SMTP server-e haikecü puo [email protected] pie ngukelieu
kebachü idi ngulie. Hau-ue sekeba 1 nu chü kekreilietuo, süu vo tsolieketuo mail
keseshüyakezhau nu mail za puo nu example.com hau liro mail kesekeshüu nu
kekuo sekeba riehou za puo.
•
Kekuo sekeba riehou za-u selie di tsieuva puoe IP kebachü kekreikeshü puo
ngukelieu mail kesekeshü-u ki chatuo, mu SMTP kesekeshüu ze kekhelie di mail
kesekeshü 2 ki dieyie ketsetuo.
•
Siro SMTP kesekeshüu mail kesekeshü 2 nu PoP3 mail kesekeshü 2 kekhruohi
selie di client 2 dielie bou nu dieyieko kengulieya. Client 2 puo dielie bou
khrükeshü ki, client 1 dieyie ketsekeshüu ngulietuo.
6.1.2
•
PoP Server
PoP3 liro mail account puo puo ikecü la kethu nu khapie kengupiekeba huo baya.
Dieyie puoe sekebamia kreitoukecü puo ki vor liro süu-e dieyie süu pie kekhe di
themia süu za khuthu kengukebau nu khashütuo.
•
Sekeba puoe puo mail-ko mehoketuo la mial server nu kekhekeshü ki, puoe PoP3
kesekeshüu nu mail kesekeshüu süu port 110 geinu kekhelieya. Hanu puoe sekecü
za mu puo khu se di mail kesekeshüu nu puo dielie bou meho morosuotatuo.
•
IMAP rei PoP3 Protocol ze kerie ba.
38 | P a g e
6.1.3
E-mail-ko khrukhre di selieketuo nu e-mail mu kesezhoko gei kemichie
bataliekeviko.
E-mail-koe postcard-ko kemhie zo, süu nu themia kehoupuorei meholie vi.
Mail puoe mail server kekreiu nu chü kedeikeshü ki puo rüliketuo chü
kekreikecü baya, süu kekuo nguliekemo sekeba huo dieyieu meho morei chü
keniekecü chütalie vi.
Ketho dze chü rükrükecü puo bu e-mail kesekeshü puo mezakecü mhie di
mhanuü puo thuo n mailbox nunu vawata zorei dieyie pete mhakhu kemecü
nu kengupie batuo. Hau la themia kropuo kekhruohiko mezakebako dielie-u
nguliekevi cha ba. Süla thuo n dzeko e-mail-ko nu ketsekecü ketarho suo. Noe
mhanuü chietikheli nu dollar soünyie-kecü ngulie, mail sükemhieko ngukeliee mha kezha se, mu mha u keneitho-u zo. Derei dieyie hako ketho molie vi.
Mia kekra dieyie hako khoükeshü shükeiraka kekra pekawaya. Süla e-mail
süko si kemo chüwalie, süko nu n khashü hie mu süko üse kemeda (scam) üdi
lelie morosuo.
Huokipuo sikemo kebachü huo e-mail huo methuo u tsüketuo mu u dze
petseko ketsokecü vorya. Hau n dze petseko telieketuo la kebie chüpiekeba
puo.
•
Mhakhu rügukecü cha puo liro mia puo sietsa tha di puo puo pekhrekhu
thukeba ki mehokecü moro puoe leshü huo nu thupieketuo pfhükeba ki
mehokecü.
•
Mhakhu rügukecü cha kekrei puo liro, themoukecü (guess). Hacker-ko liro
mia puo puo dze khakeshüko kekhruohi geinu mha kikecü puo kereipie
chü dojüya.
•
Mhakinu mhakhukoe mhakhu kekra kerei ba liro hacker-koe processor
kerükri mu software nya kropuo se di mhakhu pfhü di chü separlieya. Mha
khu pfhükecü mhatho zho hau üse “Brute force attack” isiya.
•
Hacker-koe dieda nu die pfhü pie dojüya mu software nya huo kekhruohi se
di pekhrekhu crack chü dojüya. Hau üse “dictionary attack (dieda keperhie)”
idi kieya.
39 | P a g e
•
Puotei kekra tsa spam chüyakecüko morei hack chükecüko liro e-mail
kebachü geinu kehiekecü software morei code kekhekebako geinu, kemeda
email-ko, mu spam mu süsie rei n dze petseko rei sa ketseketuo la rügukecü
leya.
6.1.3.1 Kekhekecüko(Attachments)
Huokipuo kekhekecüko liro e-mail-ko geinu biekhriwaliekevi khu macros,
.EXE fileko mu ZIPPED file-ko hakemhie huo sa balie vi. Huokipuo
kekhekecüko chüpechakecü kenie bakecü “attachment.exe.doc” kemhie di
vorlie vi. Kekhekecü sükemhieko khrükeshü morei dojükeshü geinu noe
kelhiekecü khu piepie n vie mha pete kekhekebau nu khashüwa di süu n
vienya kekhekebau nu keza votalie vi.
6.1.3.2 Kemeda E-mail-ko
Huokipuo e-mail-ko huo e-mail address kekrükecü nunu ngulieya.
[email protected]
hakemhieko
kekhekecü
za,
“Facebook_password_4cf91exe” sa kesa di süu, e-mail-e, user facebook
khu kesau sa ba idi pevieya. User puoe file piekecü ki, süu uko komputür
chü perhuwalie vi mu kelhiekecü software rei se kemekawalie vi.
Fig 43
Tarhokeshü: e-mail-u kirapuo nu ngulie shi meho mu sitou pie lielie seilie,
hai zo di liethomiako n bu n pekhrekhu khashülie morei kediwalie idi
chalielho.
6.1.3.3 Spam e-mails
N inbox nu morei n e-mail komputür nu ketho dze kengu pie bayakezha
nu spam dielieko ler ketshulie di n kebvükeboutalie vi. spam-e e-mail
nunu dieyie kemhiekecü ketse pie mia kekreikreikecü tsükecü nu rei balie
vi. Huokipuo spam e-mail-ko mia bu silieketuo la kepekiekecüko nu vorlie
vi mu hanu kechükhu rei tuolie vi. e-mail sükemhieko khrükeshü geinu, n
40 | P a g e
nyau gei mha pete kekhe bayakezhau mekawalie vi mu n e-mail ID spam
chübaketa za nu partalie vi.
Fig 44
Chatha: Spam e-mail-ko khawa moro ignore chüwa morokesuo kepu mu
ketarho seiya.
6.1.3.4 E-mail methuo nu mha khashüketuo
Huokipuo e-mail-ko n rü baya: sikemomia huo mha methuo n tsüketuo
puya, chietikheli, vikelie nu ngukelie nyako, süko puoma sa mo di methuo
rei lielie vi, mu hako n miali/pekhre (personal) dielie ketsolie vi di n bu
methuo n ketsüko pieketuo la morei n ki chietikheli nu vikelie nu ngukelie
nyako pevielieketuo la raka chalie vi, hakoe n miali/pekhre dze malieketuo
la kebie chüpiekeba cha puo.
Fig 45
Chatha: Puotei pete nu rüsuomia user-ko methuo mha kha n tsüketuoko si
kemo chüwalie.
6.1.3.5 Hoaxes
Hoax liro miapuo bu mha kekrükecü puo üse puotou üdi pelelieketuo la
dojükecü puo. Hau üse u nei u nyü chü di kemichie keyie, user-ko bu
kenoudokecü chükecü idi puya.
6.1.4
Kikemhie di khalie ta?
6.1.4.1 Kerhu chakecü software-ko sekecü. (using filtering softwares)
Spam therhielieketuo la e-mail filtering software selie noe kekuokejü
kesemiako kinu rübei dieyie ngulieketuo la. E-mail khashüyakezha kekra
mha chakecü liethoko khashüya.
6.1.4.2 E-mail sikemomia kinu vorkecüko si kemo(ignore) chülie.
Sikemomia ki nu kekhekecü khrükecü therhielie, sükoe dieyie ngukelieu
gei kechükhu tuo reilie vikecü la.
N hard disk nu e-mail-ko mu attachment-u save chükewa mhodzü
kechükhu kerüguo software thie ketso rhi nu chüpiekeba pekru sekeba pie
chü kemesawalie.
41 | P a g e
6.1.5
E-mail khrukhre di silieketuo chatha huo.
Fig 46
•
E-mail dieyieko mhathu kemecü nu keyieshüyakezha mhie di, süu-e code nu
thuyakezha software PGP (pretty good privacy) kemhieko se di e-mail
dielieko ketsekecü mhodzü code nu chülie ikecü ketarhoya, süu geinu
ngukelieu rübei code-u chü kedeiliekevi chüliekevi zo.
•
E-mail kerhu cha kemesakecü software rübei selie di spam therhielie sidi
kekuokeba kesemiako rübei kinu dieyie nguliekevi chülie. E-mail
khashüyakezha kekra rei kerhu chakecü mhatho khashüya.
•
Sikemomia ki nu kekhekecüko vorkecüko kehie hie, sükoe dieyie ngukelieko
ze di kechükhu rei tuolie vikecü la.
•
N hard disk nu e-mail-ko nu kekhekecüko piekecü ki menuolie. Kechükhu
telieketuo pekrukelie mhodzü software thie ketso tha nu bakecü se di
kekhekecüko moho menuowalie.
•
Kekhekecüko mha pekawaliekevi khu bakecü word documents macros, .EXE
files mu ZIPPED file bakecüko dielie ketse hie. We-e standard .DOC format
sou nu Rich Text Format selie vi. RTF liro no mha pethakeshüko khapie balie
vi, macros puorei salielho. Mhanuü noe hau meka se bata liro hau-e n bu
kechükhu ketsepie mia tsükecü khalie vi.
•
E-mail-ko se di u thuo u dzeko ketse hie.
•
E-mail nunu n bu mhapuo nu n dze petse khashü nu chakecüko therhielie. Mu
link e-mail geinu vorkebako therhielie.
•
E-mail pelelie sükemo sekebako kinu vorkecüko ne hie kekreilamonyü süko
nekeshü geinu kelhiekecü khu huo bu puo tho chütalie vi mu n vienya mha
pete kekhepie bayakezhau nu keyie votalie vi.
6.2 Kerükri dieyie chükecü (instant massaging)
Fig 47
Instant Massaging (IM) liro real time se dieyie nu mia kenie morei süki krakecü
Internet kemhie di network nunu kepfhesiliekevi puo. Instant Massaging kemeyietho
42 | P a g e
puo mu hau geinu noe puotei ketho se di mia ze kerüchülie vi mu noe n kinumiako
tha mu n kezemiako tha no kepfhükecü tha khapiekeba nu balie vi mu themiau
Internet sekebachie puo ze kerüchülie vi. Tsie mu tsie chüliekevi mhatho
khashüyakezha kekra ba, süko AOL, Yahoo Messanger, Google talk kemhieko mu
süki rei kra basaluo.
6.2.1
IM sekecü nu kemichie sa bakecüko.
Hacker-ko tsiemelie instant message-ko selieya mu sidi tsie mu tsie dielieko
geinu kelhiekecü code hau nu Kechükhu, Trojan, mu Spyware balie vi mu noe
file nu nekeshü ki mhakhu-u n vienya kekhekebau nu letatuo mu tsevü huoyo
donu n vienya mha pete kekhe sekebau nu mekawalie vi.
6.2.1.1 Spim
Spim liro Instant Messaging nu spam kedzü nu sekecü zatho puo, hau IM
thako se di IM nu spam dieyieko ketseya. E-mail spam dielieko kemhie di,
spim dielieko rei kepekiekecüko se baya. Kekra rei web link-ko se baya,
link süko nekeshü geinu kelhiekecü code n PC nu lertaya.
Fig 48
Va kekra rei, puotei ketho nu hakemhietaya mu we mhatho hau khawa
morosuo sidi spim ze mhachü di IM Windows taparta mu metha, e-mail
nu we puotei ngulie di vawalie vi mu we spam pete vapuo nunu vawalie
vi, moro we kekhekecüko khrükecü mhodzü mha kesuokerhu bakecüko
meho pie chü kemesawalie vi. IM nu hau chülieya mo.
Tarhokeshü: IM nu kekhekecüko mu link-ko khrükecü therhielie
7. Social Networking
Social Networking ikecüe krotho kecü puo kemhie di, mialiu chüpie puo chü kro kemecü
nu chükeshü. Social Networking liro se Internet kesemiako ze kese di, dielie moro u mha
ze kesekecü dieca kehoupuorei, u khrietho chü kehiekezhü, moro mhatho nu keperokecü
sedekezhüko pfhü kenguya. (Moro) Social Networking kerüü thechü puo liro sünu themia
kekreikreikecü dielie kekreikreikecü keprokecü mha kehoupuorei thechü puo nu khapie
baya. Thakie, Orkut, Facebook, ikevoko.
43 | P a g e
Social Networking geinu we krotho kehoupuorei u keneiko, lhitholhiü, leshükiko mu
hakemhiekecü kekrei kekra nu kemevi kekra ngulieya. Hau kepfhesikelie nya
kreikhrokecü puo se di u kezemiako mu keze mhachüyakezhamiako ze kepenuo baliekevi
puo.
Puo kemevi hako khie puo kesuo kepfhesiliekevi nya hako geinu par ba, site-ko nu scam
chüyakezhako bu mawaliekevi moro hack chükezhako kehoupuorei bu mawalie vi, süla n
thuo n yaliekecü meyie se. Khriekesamiako liro Social Networking site hako uko nyi
phiya. Ukoe uko kehieshüya mu süu ukoe online nu ba sei bakecüu se kemichie nu
phishüya derei u kele kezaliekevi kesa cha puo nunuya: Internet sekeba ki kepesikeshü, u
thuo u la bakecü dzeko khawa mokecü, cyber-stalking, u teicie la puotoukemo khapie
kebako meho mu sekecü, kekhotho kerükrietho nu, Innet sekeba ki kemiekecü mu
nhicumia pesekecü. Fig 49
Thetseimia la liro, suomia thechü hako se pekrakuozhü shiü uko rei kemichie
kemesisekecü nu ba. Hako u pekhre pejükewa mu we supuo shi thakeshü kerügu rei sa
ba. Thetseimia rei cyber nu mia bu u pesekecü mu stalking nu mia bu u pesekecümia
chütalia vi.
7.1 Social Networking geinu kemichie therhielieketuo chatha.
•
No dielie Internet sekeba ki khakeshü nu menuolie, noe mhanuü n mirhi morei
mirhi kemele morei n za kecükerüko khashü ro süko puotei kecha batatuo mu mia
kehoupuorei kekhekeshüko ngu phretuo. Va kekra, thelhitheü chüyakezhamiako
mia pete meho di u keleko mu u keneiko silie di u zha khrükecü za puo chüya.
Sizoürei hacker-ko thechü hako se di miali/pekhre dieyie (personal information)
pfhü kengu mu hako se kekrü votalie vi.
•
Mha hau rükralie, n ze kekhekecü kehoupuorei n kinumiako dze petse di pukeshü,
kebachüko, n ze kekhekecü mirhi hakemhie dielie meteikemoko khashühie.
•
Thechü mu lietho kekra n bu u thuo u la zo mo liro pekhre ba morokesuoko
chükecü ki kedaliekevi chüshüya, mu süko se di mha kebvüshüyakezhamia bu
süko ngu molieketuo chüshüya. Noe suomia bu n dielieko ngunyü ba shi süu rhiu
nunu pekhre chü morokesuoko chülie vi.
44 | P a g e
•
Menuolie noe mhanuü social networking kezemiako u miau se vo di kesenyü liro,
website nu u thuo u thakeshüu molie vi. noe kesekecü mhodzü mha lelie. Noe
mhanuü vo kesetuoü liro miakra thechüra mu khinhie geinu süu chülie.
45 | P a g e
8. Social Engineering
8.1 Social Engineering sü kedipuo ga?
Social Engineering liro thesou chü kekrükewa geinu dielie seliekevi kemevi
ngulieketuo penuo kevor puo. Hau-e themia kesikelie kekha si se di dielie
ngulieketuo kekhrukhre nu mhapuo tsei mo bakecü simo di bakecü puo. Puoe telefon
nu morei e-mail nu mia puo do chü balie vi. E-mail huo ngukelieu ketsei pie puo bu
kekhekecü huo kehiewalie vi mu süu kechükhu puo morei kelhiekecü mhathochie
huo n komputür nu khashüwalie vi.
Diepu melhukecü-e social networking la parketa ca puo.
Thelhitheü dze, n mhathochü-u, kitiekinu, n thuo n dze mu themia-u mu n ze
kerüchükecü kekuo bakemomia huo ki diepu melhukecü, mu dielie tsiemelie
keditayakecüko miapuo ki pedie zo di puotou mo derei huoyo puo bu sikelie geinu
puoe mhaca rükrükecü n komputür khrü pie mehokecü, n krotho dze petseko
pfhükecü hakemhieko kekra chütalie vi.
8.2 Ukoe kikemhie di hako chüya ga?
Social Engineer puoe n telefon morei e-mail puo geinu n penuo vortuo mu themia puo
n Information Technology Department morei Help Desk nu vorkecü do chütuo mu
user ID, mhakhu mu petse kekrei komputürko mu network dzeko ketsolie vi.
Social Engineer puoe n mhathochü morei krotho khie nu n ze keselie vi mu n mhatho
dze morei n krotho-ue kikemhie di mhatho chüya shi ketsolie vi.
Social Engineer puoe n krotho-u nu vor di lhitholhiü nu se morokesuo huo sevorlie vi
mu network dzeko sileketuo la kikemhie di network kekhekeba ketso di dielie morei
pekhre dielie silie vi.
Social Engineer puoe n dze petseko siketuo la n leshüki, krotho ikevoko silieketuo la
n dze pushüyakezha leshü(Identity card) ketsolie vi.
46 | P a g e
Social Engineering mhicie zho-u rhevi puo nu mehoshü liro hack chükecü ze kemhie
zo: system-ko morei dielie nu u peleshükemoko kekuo huo mevilie di mhasekedo,
network nu u bu vornyükemo nu vorkecü, we supuo shikecü kerügu morei tsi zo di n
vienya pete khepie bayakezhau mu network kebvüshükecü.
8.3 Social Engineering-e puo cha kekreikreikecü kekra nu chülie vi.
8.3.1
Mhanya sakemo(non-technical)
Miakra thechüko
Social Engineering liro miakra thechü Café-ko, Pub-ko, mirhi kepeta kiko
kemhieko nunu chülie vi. noe dielie meteikemo huo mechüu ki petashü morei
khashüwalie vi morei social engineer puo morei mia puoe n pfhe siwalie vi.
Sieüko
Noe n ze mhachüyakezhamia puo ze sieü chü ba di dielie huo keze
mhachüyakezha kekreimia social engineer-kemo puo bu siwalie vi.
U thuo u geinu Kemiako morei Kethepfu (Personal Pride or Confidence)
Noe n thuo n kinumiako dze morei krotho dze dielie pekhre huo pu di n kuo n
hie nu krakelie, n kinumiako, mu n thuo n pele di sikemomia ki pu di kemiako
balie vi.
Internet sekecü teiki(Online)
Social Engineer-koe online nunu dielieko pielie rei si mo network nu
mhachükecümiako do chülie di, network geinu email ketsekeshü mu sekecü
khu morei pekhre/meteikemo dielie pedie zo mo di ketsolie vi.
8.1.2
Mhanyasekecü
Vishing
Hau social engineering telefon nya pete kekhekecü nyau nu mhatho puo,
puotei kekra puo rhiu voice over IP (VoIP) geinu chükerüüshü, mechüu ki u
dze petseko mu kishükinyi dielieko hakemhie u thuo u dze bakecüko
silieketuo mu mevilieketuo mu süu se kishükenyi nu zhakhra la. Thezau liro
“voice” mu “phishing” hanu kesapie thopie ba.
47 | P a g e
Chatha: Fon nu sikemomia ki n kishükinyi dze puorei khashülie, noe supuo
ze kerüchü ba shi sitoulalie mu dielie kehoupuorei khakeshü mhodzü kompani
pekebau moro rakaki pukebau meho mu meho lawalie.
Phishing
Phishing liro mhasekedoketuo rhi nu chükeshü rhi puo, hau se di n thuo n la
ketho dze khakeshüu puomakereko rüguketuo la, n credit card khuko,
mhakhuko, account ketho dze pfhüliekevi nu moro dielie kekrei. Mia
perhiekecükoe morei mhasimhalekuo parte mu uko phishing e-mail dieyieko
mu pop-up window-ko rei sa. Ukoe va kekra rei mechü krotho zasi mirhi huo
krotho ketho vie mu dielie huo u dze pushüliekevi huo uko ki nunu mezhü di
website nunu piekelie rei sa.
Chatha: Mhanuü noe phishing email dieyie puo ngulieta nhie di le üliro, süu
khoü hie mu sikemo kesemia (user) ki nu ngukelie puoroko (link) nu rei ne
hie.
8.1.3
Thezho kekrei nu rei chülieyakezha huo.
Baiting
Hau social engineering nu mhatho zho chüümo thedzethese mu rükebau
sikenyü mu puo medakesuo gei bakecü puo. Hanu perhiekecüu-e malware
khepiekebau khapie bawaya moro USB moro pen Drive, CD/DVD
ROMmekapfü baketako khapiezhü di puo rükebau bu ngulie mu puotoukecü
puo kemhie ngulieketuo khashü di puo bu sinyülieketuo mu uko bu u vienya
(device) nu sekecü pfhe baya.
Chatha: Mia mehomoketa morei chapra nu, elevator, bagei bu baketuo chü
hakemhieko mu kekrei nu rei zhükecüko bu n kedowa di mhanya seliekevi
chütahie.
Hükelie (persuasion)
Mia puo rüchü pie puonoe themia peleliekesü themia puo morei n thuo hai zo
di puo ki mha ketso ba zo ükecü rhi chü di puo hüpie puo bu n pelelie di
kepekhre dielie huo pushükecü.
48 | P a g e
Chatha: Sikemomia bu n rüchü pie pekhre dieyie pie u tsüwa hie, mia pele
mhaita hie.
8.1.4
Mhanya sakemo(Non-technical)
Kerhuko nu thulekecü (Dumpster diving)
Dumpster diving, süu rei üse trashing idi puyakecü hau rei socail engineering nu
mhatho zho kemeyie puo. Dielie kekra kompani mha kerhu kelhoukeshüko
morei mha vakewako geinu ngulieya.
Chatha: kepekhre leshüko puorei kelhupie kerhubou nu shü hie, kelhoukewa
mhodzü noe dielie kemeyie puorei bu tuo molieketuo la meho menuowalie.
Hoaxing
Hoax liro mia puo bu mha kekrükecü puo üse puotou üdi peleketuo la kebie chü
dojükecü puo. Mha hau miali puo rü pekuoya mu hau thezhokemo shükeiraka
morei mhanya nu mevikelie. Hoax-e va kekra mia bu thenga kralieketuo la
kemezhielieketuo keyu mha puotoukemo kejokechü chüya.
Chatha: e-mail sikemomia ki nunu vorkecü pelekecü u kirilie mu n kishükinyi
thau dze mhakipuorei khashü suo.
Pretexting
Pretexting liro mha puo u mhale se mirhi puo kepeta mhatho puo chüshü di
themia puo bu dielie morei mele di mhahuo puotei kekreiki chü lho rei sikemo
puo bu chülieketuo rü di chükecü. Mha hau meda cüu ki rei rüükuo.
Chatha: menuolie mo liro rüsuomia huo mha puotoukemo chüshü di n bu
pelelie di n pekre dielieko huo kengulieketuo la n sekedo cü leya.
8.4 Noe mia puo bu n rükebamia chü molieketuo la kikemhie di therhielietuo ga?
Huomia fon chü, n pfhü n ketso, morei e-mail dieyie chü mu puotoukemo nu n ze
mhachükeba huo morei kinu puonou dielie huo ketso liro süko le pesuolie. Mhanuü
sikemomia puoe puo krotho puotoukecü puo nu vor üdi pevie ro, puo kikecü kompani
puo nu vor shi puo dze thupieketuoko meho di sitouwalie.
•
Noe mia puo dielie ngukelie kekuo ba me mo shi sitoukemo ki n thuo n dze morei
n krotho dze, network-ko kikemhie di chü seba shi ikecüko rei khashü hie.
49 | P a g e
•
e-mail nu personal morei kishükinyi dzeko khashü hie, mu e-mail mha ketso morei
mha chakecüko kela hie. Sünu link medzi di email ketsekeshü rei sa pu ba.
•
Website keyako meho menuowakecü mhodzü Internet nu meteikemo dielieko
ketseshü hie. Website nu URL-u gei n nou khapie meholie. Kelhiekecü websiteko
liro puotou nu seke site keriekebako meho balie vi, derei URL-e puo khu moro
kekhakeba chü kekrei (thakie., .com vs. .net) kekrei puo derei huoyo kerie za
bakecü puo se balie vi.
•
Noe mhanuü e-mail mhacha puo puotou me mo shi sitou mo di n kebvü bata liro,
kompani ki mezhü kepfhesilie, süu sou nu, hamhodzü kepfhesiliekevi dielie
khakeshü dielieko meholie. Phishing perhiekecü sitoukeba huo dielie Internet
sekeba ki Anti-Phishing Working Group ikemhie kropuo nu ngulie.
•
Anti-virus, firewalls, mu email kerhu cha kemesakecü hakemhieko khelie mu
meza menuo se balie di puo kepakele mele hako huo chü petsalie.
•
N email sekebau mu web browser anti-phishing rhi kehoupuorei khashü liro süko
meviko le di selie.
8.5 Mhanuü noe mia n pese bata üdi le ro kedipuo chü ta?
Mhanuü noe n krotho dze dielie meteikemo huo kepuwata mecie di leta liro, n krothou donu themia puotou huo ki puwalie, süu network kekhebayakezhako rei sa pu ba.
Nko bu mha lekepesuo huo morei mhatho puo rhi kreikecü huo vorkecü ki u kiri
balieketuo la.
•
Mhanuü noe n kishükinyi thau kemichie nu bate nhie di le liro, n kishükinyi ki nu
kepfhesi mhailie mu thza bakecü kehoupuorei kemichie nu bataliekevi pete
khawalie. Puocapuola jükecü n za bakecü nu puoma piekecüko meholie.
•
Noe mhakhu huo mia pesipenguwate nhie ro kedi mhaiwalie. Noe mhanuü
mhakhu kemhietou di mhacha kekreikreikecü kekra nu seya ümha liro, theza
khapiekeba puo puokecü la pete kedeiwakecü chütoulie morosuo, mu mhakhu süu
thiesie rei se la hie.
•
We supuo shikecü rhiu kerügu zasi kekrei rei meholie.
•
Mha kepese morei n perhiekecü hau chüpahimia ki rükhroshükecü lelie, mu
Federal trade commission ze di dielie puo chüshülie.
50 | P a g e
9. Online Rüzhüko mu Komputür Rüzhüko
9.1 Online rüzhü dze.
Online rüzhü liro Internet nu komputür network puo geinu rüzhüya. Online rüzhü-e
thezho medzikecü leshükhu geinu chükecü nu vo mirhi geinu chükecü rüzhü ketso
puo rhi kekreikreikecü nu chüpie baya. Sükemhie di rüzhümiakoe rüzhü
kemhietoukecü puo keze rüzhülie vi. Internet sekecü rüzhü hau puo kemevi kezhathou liro mia puo puo rübei online nu rüzhü ba zorei puoe rüzhü kekreikreikecü kekra ze
kekhelie di rüzhülie vi. kemeduonya rhiu nunu rüzhüko rei krakuo partazhü.
Kemeduonya ze kekhekecü rüzhü flash rüzhüko mu java rüzhüko meyiekuo mu mia
nei chükuolie bate.
Methuo di Inetrnet nu ba di rüzhüliekevi mu thelhitheü rüzhü rei ba, rüzhü kemeyie
mu themia u neiyakezha rüzhü kekratsa rei end user license pfhekhokelie se peteko
nu hou mu puotei huoyo se sekecü rüzhüu rhikeshümia kinu vorya mu pfhekho süu
varhokewamia ki kemichie pesishü mu u khawa ikecü rei chüya.
Themia kekra online rüzhü keze rüzhükecü ba mu sükosü puotei ketho nu pfhekho
mharhü rüzhü, u thuo u meseu nu rüzhükeshü rüzhü, themia kerietho-u pekecü rüzhü
mu kekrei kekra rei sa di keze rüzhükelie ba.
9.2 Rüzhü piekecü ki lelie morokesuo huo.
•
Online rüzhü puo thau phrü menuolie, tsiemelie ukoe n bu n teicie-u la puotou me
mo shi silieketuo chüshüya.
•
Thechü no sekebako nu puotei mu puocapuolako phrü menuolie mu nhicunuomia
bu khrukhre di selieketuo rüzhü zho huo ba mo shi meholie.
•
Hau meyie mu rüzhü zekebako uko rüzhüko meyiekecü chülie morosuo mu
website peleliekesüko nunu rüzhüko pielie.
•
Huokipuo methuo nu pieliekevi rüzhüko kelhiekecü software ba rei whewaya,
hako plug-ins se di rüzhüu se morosuotaya, rüzhü puo administrative mode nu
khrüketuo hau kehüya mo, mha hako chükecü geinu mia perhiekecümia puo bu n
komputür peteu kekhalieketuo kemichie cha puo khrüshüwate, user mode
sekecüue administrative mode nu sekecüu ki rei puotei pete nu khrukhrekuo.
51 | P a g e
•
Online nu rüzhükecü ki rüzhü site nu rüzhükelieu kevitho, mha hau geinu kemichie
chü petsalie di kelhiekecü website nu puo thela chüta molie vi.
9.3 Kemichie sa bakecüko.
•
Internet sekeba ki rüzhükoe n komputür mhanya kekhekebau nu kemeduonya
kemichieko rei ba moro rüzhümiako noe ze kerüchüyakecüko mha pete
kekhekebau nu ba.
•
Software-u rüzhü kesekeshü-u gei mhapuo pepishü ro, komputür kikecüpuo süu
geinu khepie ba shiü süu rei thedo nu die pepikecüu medzi zotuo. Rüzhü nu code
kemichie nu bakecüko ngu tou di se ba liro mha pese mu pechüpenyütuoü
bakecüko bu n system nu lertaya mu rüzhümia puo komputür n file-ko phrüwaya,
rüzhü-u n kehiewaketa komputür-u kekha tseilieketuo la, Internet sekecü nunu
rüzhükecü teiki biepesuokecü chü selieya.
•
Noe n komputür nu rüzhü puo pie khashütuo ükecü ki kechükhu mu worm-ko n
vienya mha pete kekhekebau nu leta rei si mo. Kechükhu mu zope hako no file huo
piekecüko nu rüshü balie vi.
•
Kelhiekecü software-ko website Internet sebakecü ki rüzhü huo chat, email gei
bayakecüko ze kekhekebako sekelie chütaya, sidi n ketsei pie n bu website
kethokemo huo nu volie di kelhiekecü software huo piepie n komputür nu
khashüwaya, süsie ukoe software süu se kejokemou mhatho kekreikreikecü huo nu
setaya.
•
Huokipuo rüzhü coding huo khrukhrekemo geinu, rüzhü software süu n komputür
nu mha kebvükecü zho chütaya mu sikemo thachüko sevor khashüwaya.
•
Huokipuo rüsomia yaliekemo komputür huo Internet nu khelie di online nu rüzhü
bakecü ki selieketuo chülietuoü dojüya mu nhicumia kekrei do chü di nhicuko ma
pie uko kinu u thuo u la bakecü dielieu pfhükecü leya.
•
Kelhiekecü miali huo n sekedo di n bu rüzhü website kemeda huo nunu pie pie
khekecü chülie vi mu software patches huo n bu rüzhü pielieketuo la khashü n
tsütuoü di putuo, hako ketho nu liro kelhiekecü software.
•
Noe online rüzhüko mu rüzhü vie website kekreiko nu n dze kedzü khakeshü
bakecü geinu kelhiekecü huomia n dzeko pfhülie vi, ukoe n za nunu theza huo
52 | P a g e
sedelie vi, ze lalie, moro n account baketau geinu access chüketuo la selie vi.
Rüzhü theza uko bu si mo di chüsepar batalie vi. Miahuomia rüzhü nu rünyieko
mu chüliekeviko mhie di rhilie di zepie raka chülietuoü rhükecü rei üsi.
9.4 Chathako
Online rüzhüko nu le di seketuo la kikru e-mail kebachü puo chü separlie.
Sreenshots: mhakinu online rüzhü huo rüzhükeba ki mha kesuo huo chüta liro,
keyboard geinu “print screen” ikecü nekeshü se di puo zieu gei mha kepekie
bakecüko gei screen shot puo pielie di website kiu penou ba shi süu ki
rükhroshülie mu screen shot-u bu puo zhapu chüshülie.
Anti-virus mu antispyware software selie.
File e-mail dielieko mu tsie mu tsie dielieko ze kekhekebako khrükecü nu u
kiri mu menuolie.
No Internet nunu mha piekecüko mu software kesako puotou mu khrukhre mo
shi meho menuowalie.
N web browser-ko petha pie chü kekhrukhrewalie.
Firewall puo selie.
N thuo sekeba n dze kedzü khakeshü puo chüpie puo bu die puotou-u nu
rüzhü n tuoikecümia puo la rüzhü kikemhie huo baya shi süko salieketuo
chülie.
Nhicumia la puotei puotou puo chiepie bawalie.
Website sikemoko nunu mhakipuorei software mu rüzhüko pie hie.
Link-ko, mirhiko mu pop up-ko website-ko nu nekeshü u kirilie, hakoe
kechükhu ba di n komputür bie kerüzawalie vi.
Internet nu rüzhüko pie bakecü ki mhakipuorei n thuo n dze petseko
khashühie.
Rüzhü puoma sakemo huo kechükhu puo gei balie vi, süla süko piekecü ki u
kiri mu puo dze kikemhie di khapie ba shi meho menuolie.
Pekhrekhu kemetei se mu chü separlie.
N application software patch mu thieketso ikecü chülie.
53 | P a g e
10. Khrukhre di mhapiekecü (safe downloading)
10.1
Khrukhre di mha piekecü mu khakeshü
10.1.1 Piekecü dze (about downloading)
Pie (downloading) ikecü cau liro komputür kebamia puoe Internet se di
Internet sekeba ki mhatho nunu file puo puo mhiekecü puo piekecü pu ba.
Mha piekecü hau network geinu network khashüyakezha puo ki file puo meho
pie piekecüu rei pu ba. Pietuo ikecüe ketho dze pfhüliekevi khakeshü puo
ngulieketuo süusü, mha pieliekevi chüpiekeba kehoupuorei pielie vi. noe
Internet nunu mha kehoupuorei pielie vi, süko mhathuko, ütsali, mirhi
kemeleko, mirhiko mu software kekhie mu sükemhiekecü kekra sa.
FIG 50
10.1.2 Mha khakeshü dze (about downloading)
Fig 51
Mha piekecüu ze kethotsütoukecüu liro mha khakeshü mu hau liro n network
mho geinu komputür nu bakecü puo meho di khapie komputür kekrei puo nu
khashü. Mha khakecü puocae ketho dze khakeshü pfhüliekevi keyiekecü. Mha
kehoupuorei chü keyiekeshüu khashülie vi. Kedzü nu “khakeshü” ikecüe file
puo komputür puo pielietuoü dojü pie kebau nu ketsekeshu. Noe mha
kehoupuorei ketseshülie vi, süko mhathuko, ütsali, mirhi kemeleko, mu
software kemhieko mu sükezie rei sa.
10.2
Khrukhre mo di mha piekecü puo kemichieko.
Fig 52
Noe Internet nunu mha pietuoü siekecü ki, süu mhathochie puo khekecü
chükecü mirhi huo khrükeshü, website huo moro e-mail huo nunu kekhekecü,
tsali khapiekeba piekecü mu komputür puo mu mha khapiekeba kekrei kekra
rei sa kesatuo. Mha khapiekeba hako ukoe pukeshüko ze kemhielie vi, derei
ukoe n kelhiekecü software kemhieko huo ze kerei di n komputür
pechüpenyüwalie vi, süu kechükhu, zopeko mu mha kepeka mhathochie rei sa
balie vi.
54 | P a g e
•
Kechükhu puoe n ketho dze pfhüliekevi khapiekeba biepesuowalie vi
moro miapuo ki n komputür nu dielieu khashüwalie vi mu n PC nu
kepekhre dielie pete pekaperuowalie vi. Fig 53
•
Mha kechükedekecü kekrei puo liro spyware. Spyware-u liro n
komputür zhorüli kediwaya, süko PC bu ta rülita, mukhrekhu
komputür biepesuo (crash) rei votaya. Spyware-u se di noe sekewa
dzeko pfhülie vi, pe rügulie mu n pekatuoü bakecümia bu n system nu
dielie pete kekha tseilie vi. Fig 54
•
Kelhiekecü software huo n bu si mo di khashüwalie vi, moro
mhathochie puo geinu, keperokecü(link) moro noe software pie
nyükeba puo geinu keyieshüwalie vi.
•
Thakie, noe website pelelie sükemo puo geinu rüzhü puo pienyü balie
vi, süki noe si mo derei kelhiekecü software huo pielie vi.
•
Huokipuo malware-e puo thuo puo geinu komputür gei hau bata liro email ketsepie mia tsükecü kebachü ngukelie pete gei keza votaya.
•
10.3
•
Malware hako liro email geinu keza pekra votaya.
Mha khrukhre di pielieketuo chatha huo.
File kehoupuorei piekecü ki n komputür nu sekecü melekeba pete khawalie, mha
piekecü ki mha khapiekeba chüpiekeba puo rübei bu mele balie.
•
Mhanuü noe mha pie bakecü ki mhahuo kekrülie ükecü puo chü ümha liro ikecü la
sekecü kemeyie pete khapie bawalie.
•
Firewall chüpie bawalie, kechükhu kerüguo chüpie bawa di no mha khapiekeba
puo piekecü puo bu mediemerhie di kechükhu ketuoko meho menuo pie
chükemesawalie.
Fig 55
•
Noe website nunu morei e-mail huo nunu keperokecü huo piekelie sie mha
khapiekeba peteko chükemesawalie.
•
Anti-virus, spam filter mu spyware thie ketso thau nu chükewa se seilie, süu bu
noe pienyü bakecü application-ko nu n khruohipie n bu kechükhu, spyware kemhie
bakecüko telieketuo la.
55 | P a g e
Fig 56
•
Ütsali, mirhi kemele, rüzhü mu mha khapiekeba sükemhie kekra rei
peleliesükemo thechüko nunu pie hie mu n kezemiako site huo n ki pukeshüko nu
vo hie morei website nu le mo di kepukeshüko nu vo hie.
•
URL-ko kemhie mo shi meholie di rüzhüko, ütsali morei mirhi kemeleko website
kekhrukhre HTTP mo di HTTPS sekebako nunu pie seilie. Web Kebachü nu,
ukoe “http” kedipie “https” nu shüwaya. https-u liro hypertext transfer protocol
secure ikecü pu ba.
•
Mha kehoupuorei piekecü teiki peleliekevi website-ko nu rübei pie seilie. Link-ko
nu neshü di puotou nu bakemo thechüko nunu mha pie hie.
•
Mhanuü die kerhu huo website nu parta liro window-u khawalie, puo thuo
kedithede puo meyie shierei kekreilamonyü website sükemhieko nunu n PC nu
spyware khashüwalie vikecü la.
•
Mha bakecü piekecü mhodzü puokecükezha kidepuo ba shi mehowalie, huokipuo
puoe cüsekecü pekieshü derei noe nekeshü sie file süu memie pie zhakuotaya.
•
Link huo hau nu neshülie ro n komputür mha chü pethakecüko keditatuo mu n PC
pie XBOX mevilie di noe n komputür nu rüzhü puothelakejü chükebako rüzhülie
vi idi pukecü mhakipuorei pele hie.
•
N bu methuo nu mha pielie vi idi pukebako mhakipuorei pie hie kekreilamonyü
sükemhieko gei kelhiekecü software u gei tuo rei si mo.
•
Link morei mha khapiekebako ne mo di puo thuo puo geinu mha piekecü chülie,
mha khapiekeba-u pielie di khapie kirapuo pie ba nyü ba shiü sünunu khashüwalie
di süsie nu chüliekevi süu selie.
•
Khrukhre di seliekevi rhi nu chüliekecü sie nu mhakehouporei pielie.
Fig 57
•
Pelikecü nu ne hie morei khekelie puo se sedekecü mhodzü phrü menuolie.
Puocae puo kese zho mu puo rhiko phrükecü.
•
Noe website-u dze sitseilie kemochie süu nunu mhapuorei pie hie zolie mu süu
kompani ketho puo nunu thechüu ketho puo mo shi süu sitoulie.
56 | P a g e
•
Keperokecü kehoupuorei n ki methuo nu antivirus morei antispyware khashütuoü
pukecüko nunu mha pie hie zolie, puotei pete nu pelelekesü site nunu mha pielie,
noe mhanuü site piekebau le kenoudo za üliro, thechü-u pfhüliekevi nya n
keneitho-u nu telie di miapuorei süu kemeduonya lienyükemo hau dze thushü
morei panya ba mo shi meholie.
Fig 58
57 | P a g e
11. Blogging
Web blog puo liro website mu mhapuo gei lerkecüko mha kikemhie di chüte shi ikecü
puosietsa nunu tha kesieso pie bakecü rei sa, cayie kreikhrokecü puo puo dze kesa
tsiemelie thie ketso ikecü thau nu chüpie kho ba. Dielieu site niepuu thuo thupie balie vi,
website morei puo cha kekrei nunu pfhü sevor balie vi, morei sekecümiakoe khakeshü
geinu rei lie vi. web blog liro Miali noudonoule khakeshüko kengu piekeba rei sa kesa
balie vi (teisonhie dze thukecü leshü rhi puo).
11.1
Blog rhi kekreikreikecüko
Puo gei bakecü puo rhi kekreikreikecü kekra ba mu puo gei keba puoe kikemhie di
sevorshü shiü morei thushü shikecü:
• Personal blog
• Thelhitheü kompani keze puo chükeba mu krotho blog-ko (corporate and
organizational blog)
• Genere blog-ko
• Thedzethese blog-ko(Media type blogs)
• Device gei bakecü blog-ko(By device blogs) fig 59
Blog thechü kekreikreikecüko kepfhesiliekevi puo mhatho kekreikreikecü nunu
seya.
11.1.1 U thuo u blog liro miali puoe teisonhie dze thukecü leshüda puo morei mia
dze pushüyakecü puo. Thechü puo, Twitter kemhieko, blogger-ko bu u keleko
mu mha u gei kevorko u kezemiako mu u kinumiako ze tsiemutsie kezaliekevi
chülieya mu e-mail chükecü ki rei rükrikuo.
11.1.2 Thelhitheü keze krotho chükeba mu krotho blog-ko (thelhitheü, lhitholhiü
cha)-koe kompaniko mu mhachüyakezhamiakoe seya. Hakoe puo nou mu
kompaniko keze puo chü mhachükeba kro mu kepfhesilieketuo la morei
chazou nu thelhitheü chüketuo mhatho la, zasi chüketuo la moro mechü ze
keperoketuo la seya.
58 | P a g e
11.1.3 Genre blogs (puocapuolako, leshümhasi, seyie nyie, rüverüvü) hako liro
shüphrüca kreikhrokecü puo rhiekeshü pemvüya, süu leshümhasi, fashün,
ütsali, rüverüvü, seyie nyie, kitiekinu (personal) blogs… hakemhie mu sükezie
rei sa.
11.1.4 Thedzethese kemhie blog-ko (vlog, linklog, photoblog) hakoe mirhi
kemeleko vlogs idi kieyakezhako se kezakecü nu seya, linklogs üdi link
kezakecüko nu mu photoblog üdi photo kezakecüko nu seya.
11.1.5 Device gei bakecü blog-ko(mobile fon, PDA, webcam wearable wireless)
hakoe mobile device mobile fon-ko moro PDA moblog üdi kieyakezhako
nunu blog thuketuo la seya.
11.2
Blog chükecü nu seyakecüko
Noe mhanuü n thuo n la rübeikecü n za, n kebachü, n fon khuko, credit card dze
petse ikecü bloggin thechü nu khashü liro, n dieliekoe mia bu rügulie rei si mo
(identity kerügumia) kekreilamonyü thechü süu nu le di seliekevi theza bakecü
pete rei n dze kedzü nu thukecü ngu mu le di selie vikecü la. Blog thechü-u nu n
dze pedzü di thukeshü chü separkezhüu mia pete mhingu chü bakecü la.
Rüsuomia kehoupuorei morei themia kehoupuorei n dze kedzü nu khakeshü nu
lelie di noe n thuo n dze kikemhie di thupie ba shiü pete mewaholie vi.
Thakie, mhanuü noe n credit card khapie site nu khashü tse ukoe puo khu süu se
uko thuo uko lhitholhiü la moro mha khrükecü mhatho la seta mu puozha-u ketse
pie n tsüwatuo. Thakie, kekrei puo liro mhanuü n nuonuokoe uko leshüki za
morei thechü kirapuo ba shi ikecü zako site nu khashü tse, rüsuomia dielie süu
mehokebau sü geinu kemevi ngulie di te zeta rei si mo.
11.3
Bloggin chükecü nu kemichie therhelieketuo chatha huo.
• Blogging site-ko nu mhakipuorei n thuo n dze puocüu khashü hie.
• Dielie pelelie mu puo gei thaliekeviko khashülie kereilamonyü süu
kijü peteu gei voya mu noe web nu thukeshüu puotei pete nu bataketuo
pelelie morosuo.
• Blogger-mia ze di keperhiekecü therhielie morosuo.
59 | P a g e
• Noe kikecü puo la se shi thushülie, n blog-ko rüguolieketuo la
mehokebako ki blog nu thu menuoshülie mu thu kemecüshülie.
• Thakie puotou mu vikecüko nu uko chathashülie, nhicunuomiako uko
ze kekhiekecü dzeko thupie khashükezhü kemhieko la.
11.4
Miakrünuoko la Blogging nu kekhruohi.
• Nhicunuomia ze di Internet sekeba ki sekecü thezho huo sedelie.
• N nuonuoko mha huo thushü nyü di le ba ro uko thushükewa mhodzü
mehowalie.
• Blogging mhatho mu mha kedithede ba shiü meholie mu uko mhatho caüko
mhakhu kerüguo kekhrukhre blog mu sükezie rei bakecü kemhieko.
• N nuonuoko blog puotei puorhi puo medzi di meho lashüshülie.
• Thakie keviko nu uko chathashülie, sükosü leshükephrünuomia u ze
kekhekecü dze huo thushükebako rei meho di thakie chüshülie.
11.5
Mhathu/hasie hai vortaliekevi (Scenario)
Puo khriethomia kekra chüyakecü kemhie di, Alice rei blog puo ba. Derei, puo
khriethomiako tuoi monyü, puoe thechü süu pekhre pie baya. Puoe mia kekrei puo
blog rei ze kekheya mo, mu puoe puo thuo puo blog zasi se di mia kekreimia puo
ki rei mha thushüya mo. Hai bakecü nu, Bob-e Alice blog nu URL-u ngulie di puo
blog nu puo zemiako khapiekebau nu puo za rei khashülie. Dieu keyie vota, sidi
pechakemo nu mia pete rei Alice blog-u phrü phrewata. Theruo kesuo nu, puoe
puo blog se mia sikeba khe thamelekecü nu se, sünu kephrünuomia kekrei huo,
kepethako mu puo krünuoko rei sa. Mia pete puo gei u nei mota. Süla n nuonuo
bu u kicükinumia dze ze keperokecü u penuokecü dzeko puorei thushü
molieketuo la uko chatha seilie mu uko chtha pie uko bu blog-ko kikemhie di
setuo shi mu blog sekecü puo kemevi kedipuo ba shi silie mu uko bu blog se di
miathamele ikecü mhatho chüya mo ükecü sitoulie.
60 | P a g e
12. Cyber nu kethachümia pesekecü (Cyber Bullying)
12.1
Mia pese sei bakecü mu kethachümia pesekecü (harrassment and Bullying)
Cyber nu kethachümia pesekecü hau Internet mhathoko e-mail, chat rooms, keze
mha kerüchücü krothoko, tsie mu tsie dieyie chükecü moro web pages nu chü
votalie vi. mha hau mobile fon nu kemeduonya sekecü SMS-ko nu rei sa
kethachümia pesekecü chülie vi. cyber nu kethachümia pesekecü hau mia krekecü
mia nou chükemeyie mu mia pie kethekrekecü chü, Internet sekeba ki nu diekrie
keyieshü, dielie u neikemo ketse mu mia chü kethachü/mia pu kerünuo
hakemhieko rei sa.
12.2
Cyber bullying hakemhiekecü kropuo nunu chülie vi.
Nhicumia yopuo/morei teicie kere-e ki bakecü puo-e (teen) screen za nhicumia
yopuo za ze kerie sekecü puo geinu chüseparlie vi. Theza süu “i” ikecü puo
krakuo balie vi morei “e” ikecü puo tsakuo balie vi. ukoe theza hau se di mia
kekreimia do chü di mia kekrei user huo ki mha puotoukemo huo puwalie vi.
Nhicunuomiae hamho u thuo u donu kerüchükecü ketse pie mia ki u u thuo u
donu kerüchükecü keyiewalie vi.
12.2.1 Mia do chülie di diekrie keyiekecü.
Sieü dieyieko ketsekeshü moro mia diepu do chülie di ketseshü di diekrie pu
kezapie nhicumia kekrei puo morei u teen kekrei puo chü pesuokecü.
Ukoe thenou chükemeyiekecü dielie huo ketse pie mia ngumecüyakezha kro
kerüchükecü bou nu ketse pie mia puo do chülie di puo peseshülie vi, sidi mia
kie pie mia puo pechütuoü, themia süu za, kebachü mu telefon khu rei khapie
kengukemecü krotho süu nu khashü di uko mhatho chü kerüüshü rei si mo.
12.2.2 Thenga foto morei mirhi kemele huo ketsekeshü.
Mirhi puo morei mirhi kemele puo miapuo puo locker room nu, dzülouki nu,
moro puo nya dojükecü kibou nunu rhilie di Internet sekecü teiki nu khashü
morei mia kekreimia fonko nu ketsekeshü.
61 | P a g e
12.2.3 Web site-ko moro blog-ko sekecü nu.
Nhicunuomiae rüzhüchüko nu mia krekecü chü baya, tsiedo web site huo
moro blog huo chüseparlie di süu se mia pese moro nhicu kekreimia huo pie
kemichie nu chükeshü chütalie vi. ukoe nhicunuomia kekrei yopuo morei
miakra kro huo peseketuo la pekuo di puo lhe huo chü/rhi pekrei zo pie
separya.
12.2.4 Cell fon-ko nunu mia kengakecü thu ketsekecü.
Text war moro text attacks hako liro nhicunuomia keze kropuo chülie di mia
puo pesekecü, dielie thenyie-e thupie ngumecükecü die pie kekhe di rükebau
fon moro mobile fon kekrei huo nu ketsekeshü.
12.2.5 Mia kedekecü email mu mirhi email moro mobile nunu ketsepie mia
kekrei puo pesekecü.
Nhicunuomiae ngukemecü moromia kedekecü dielie ketse pie nhicumia
kekrei huo tsüwalie vi, ukoe le mo di kelhou ketho-u nu süko pu mo ürei, mia
khriekemo morei mia kedekecü dielie hakoe u pechüwaya mu mesi se.
12.2.6 Mia ze kerüchükelie online rüzhüko nu sekeba kekreimia pesekecü.
Nhicunuomia/teen tiedie nu nhicunuomia/teen kekrei huo nou chü
kekrü/pesetaya, ukoe mia kedekecü mu die kesuoko Internet sekeba ki
rüzhüko rüzhükeba ki morei kerüchükelie rüzhüko chükeba ki.
12.2.7 Mhakhuko (password) rügukecü.
Nhicumia yopuoe nhicumia kekrei yopuo puo zakhuko rügulie vi mu süu se di
mia kekreimia ze kerüchü batalie vi, puoe nhicunuoyo do chü di moroe puo
puo sekecü dze kedzü khakeshü ketho-u kediwa di se batalie vi.
12.3
Chathako mu kekhruohiko.
• Parental Control Bars, Desktop Firewall, Browser Filter ikecüko selie di
nhicunuomia bu cyber nu kethachümia pese morei mha puotoukemoko ngu
molieketuo la süko khawalie moro therhielieketuo la.
• N nuoyo leshüki nu Internet sekecü nu kerüguo mhasi mhathochie bu
batoukecü chülie.
62 | P a g e
• Noe leshüki keseko ki uko bu kephrünuomiako petha morei khruohi pie uko
bu kikemhie di Internet sekeba nu u kezemia u pesekecüko therhielietuo shi
morei kikemhie di süko die kelatuo shikecü chalie vi, social networking
thechüko mu Internet sekeba u za nu bakecüko ze mhasi di kerüchülie.
• Komputür sekecü bou, Internet sekecü bou mu thezhoko chüshülie.
• Komputür-ko mu device kekrei USB, CDROM kemhieko leshüki nu cyber nu
mia pese di sekecü la, Thezho, kekhruohi chatha mu Internet sekecü nu thezho
medziketuoko chü kemecieshülie.
• Cyber nu mia pesekecü puo kekuo kide ba shi kephrünumiako pethashülie.
• Kephrünuomia ki mia pesekecü puo rhi kekreikreikecüko kehoupuorei
zeliekenjü ükecü pethashülie mu thezho sükemhieko-e kepethakecü gei ba
ükecü pethashülie.
• Kephrünuomiako tarhokecü mu thetshü mehokecü pesiekecü.
• Kepethamiakoe kephrünuomiako meho di u tarho moro kephrünuomia
phichüko bu ketarho mu mehokecü pesielie di dielie kekhrukhre si ba
morokesuo mu chatha chü mu kephrünuomia kethetshü chüpie kebako meho
di tarhokecü chülie morosuo.
• Blocking/ Filtering Software pie leshükinu Lab PC-ko nu chüshülie.
• Nhicumia bu cyber nu mia pesekecü therhie morei khalieketuo la moro mha
puotoukemo bakecü se molieketuo la Desktop Firewall-ko, Browser filter-ko
selie. Leshükephrünuoko online mhathoko la liro ketarhokecü software nyako
selie.
• N kephrünuoko ki mhasi pethashülie.
• Kedojü shüphrü pie kephrünuomia tsü di puonou morei chazou dze dze si
pesoukecümia zevor cyber nu mia pesekecü, Internet sekecü nu thezho kevi
mu kekhrukhre dze kekreikreikecü bakecüko pie pethashülie. Hamho rei mha
sükemhie ze kekhiekecü leshü huo se leshüki nu dashüllie.
63 | P a g e
13. Online nu mha kedekecü mu chatha huo.
13.1
Nhicunuomia bu online nu mia kedekecü nu u yalie.
Nhicunuomiae komputür sekecü morei ukoe online nu bakecü ki u keya kemichie
huo ze keselie vi. Noe puo bu khrukhre di bakelieu rübei mo derei noe n
komputür nu ketho dze pfhüliekevi khapie bakecüko rei ya morosuo. phiyha
kerüü huoyo piekeshü geinu, kemichie süko chü petsalie vi.
13.1.1 Kemichie kikemhiekecü kropuo ga?
• Mirhi puotoukemo mu mha puotoukemo bakecüko nu kehiekecü.
• Pierüü nu mia tekecümiako Chat room-ko nu e-mail geinu mha
ketsokecü.
• Internet sekeba nunu kethachümia pese mu mia pese sei bakecü.
• Software, ütsali moro mirhi kemeleko mu piracy.
• U thuo u la bakecü dzeko hiekeshü.
• Spyware mu kechükhuko.
• Thelhitheüko krathorketa: Mha zeketuo la kepekiekecü mu mhanya
bakecü ze kekhekecü website-ko.
• Puotoukemo nu mha piekecüko, ütsali file kerüguo mhatho chüpiekeba
huo puo mhiekecü nu piekecü.
13.1.2 Mechüu kerüguo chatha huo (Genral safety tips).
• Noe mhanuü pedophile puoe n nuoyo kemiekecü chü morei puo ze khrietho
chütuoü ba morei n nuoyoe mia bu u nou khapie puo pese morei puo thachü la
puo pese sei bata ükecü le pesuo bata liro, chüpahimia khenu bakecümia ze
kepfhesilie.
• Nhicunuomia la thezho kerünuotho nu khashülie.
• Internet nu vo mha uneikemoko kekrükelie nu vo ngukecü kemichieu chü
petsalieketuo la sünu kebako kerhu cha mu spam kerhu cha seilie.
• Nhicunuomia kedipuo chülie vi shi süu le di komputür keza seyakecüko petha
pie chüpie uko khalie.
64 | P a g e
• Kikru-u la e-mail theza puo website-ko nu u za rukecü kepeyiekecüko mu
kekrei huo la pekuo di chükecü lelie.
• Thetshümia pie thetshümia gei mha khapiekebau keze kerhekecüko gei
menuolie.
13.1.3 Nhicumia Internet sekecü nu u chathalie.
Web browser pete rei tsiedo nu mehokecü thechü-ko dze thu kengupie baya
mu vado puo la web page süko kropuo rei chüpie ba saya. Tsiedokinu
mehokecü website-ko mehoketuo la History khu moro ctrl mu H cabiu
neshülie.
•
Vado puo la file khapiekebako mehoketuo la, Internet Explorer khrüshülie
-> Internet option kedalie -> General Tab gei Temporary Internet Files
khro -> Settings button nu neshülie mu View Files neshülie.
•
No n thuo puo kemichieko sitoulie mu nhicunuoyo chathalie mu uko bu
Internet seketuo kha nko tsükecü mhodzü mharhülie.
•
Nhicunuomia ze di uko bu Internet sekeba ki nu kedipuo chülie vi mu
kedipuo chüliekenjü shi kerüchülie.
•
Nhicunuomia bu komputür nu zaru chükecüko sekecü la kenourhe di
kedierhekecü chülie.
•
Noe uko bu kikemhie di Internet sekecü nu kikemhie di uko chatha mu
tarhotuo shi süu se dojü pie meholie di rhülie.
•
No puo rie rhiekeshüu noe n nuonuoko ze di kikemhie di kerüchülieya
shiü uko teicieu rhi gei batuo mu ukoe kemeduonya kidepuo se si ba shi
mu noe miakrünuo chükecü nu kikemhie di capi chüya shi sügei batuo.
•
Mhatho hakoe uko memie siekecü teiu nu rüditatuo mu puotei pete nu
puocapuolako le sei morosuo.
13.1.4 Nhicunuomia online sekecü nu u zhorüliko chathakecü.
•
Mhanuü nhicumia yopuoe komputür selieketuo la medzüthor
liro uko online nu u ze ba seilie.
65 | P a g e
•
N nuonuoko bu ukoe online nu u za kikemhiekecü se mu
pekhrekhukoko kikemhie cü se ba shiü n ze keza seilie.
•
Browser pethakecüko chüpie puo bu mha puotoukemoko puotou
puo nu selieketuo chüpie bawalie.
•
N ki nu komputür-u pie thechü kemeya puo nu khapie balie.
•
Ukoe Internet sekecü nu kedipuo chü bayashi süu pfhülieketuo
la Internet Monitoring Software khapie balie.
13.1.5 Sekecü pete la u bu sekecü account puo chüshülie.
N nuoyo la seketuo za kreitoukecü puo chüwalie di puo bu seliekevi puotei
puo mu komputür-u kekhaketuo puotou puo le di khashülie.
Thakie, ukoe mhathochie kesa kheliekenjü morei noe uko bu chüliekevi
khashü kemosie khekecüko bie kediliekenjü. Hau geinu uko tarholie mu uko
Internet nu bakecü nu kedipuo chü ba shi süko kekhalie vi.
13.2
Online nu Mha Kedekecü ngu pekrathoyakezhako.
13.2.1 Online Scam.
Online scam liro n ki shükeiraka ngulieketuo la n khakelie dojükecü puo.
Online Scam puo rhi kekreikreikecü kekra ba, hanu theza kemeda, mirhi
kemeda, email kemedako, mhathuko pie mia seketuo vie chükelie, kemeda
mhatho khashüketuo mu kekrei kekra geinu n raka pielieketuo rei sa ba.
Hai zo di, e-Mail kemeda puo ketsepie n thuo n dze petseko hakemhieko,
Internet nu shükeiraka lhitholhiü chükecüko, credit card dze petse ikecüko
geinu khakeshü geinu votaya. Huokipuo chietikhelie kompaniko ki nunu
kepesikeshü kemeda e-mail huo ketseshüya, mu noe online nu puoma
kekhotho-u nunu zeyakezha mhazeko nu chükecü nu mha n tsüketuo kemeda
e-mail nguliekecüko chükeshü geinu süko chü vortaya.
Phishing Scam
Online scam chüyakezhako n ki e-mail puo ketseshü di n theza sekecü dzeko
ketso morei n credit card dze petseko kepero (link) puo sa di n bu n dzeko
khashüliekevi khashü. Va kekra, link ketsekeshüu n rakakiko ze kerie za
66 | P a g e
batuo. Süla noe n dze petse di kepero süu nu ketseshü ro petsepere süko scam
chükebakoe ngulietuo mu n shükeirakako se kekrü votalie vi.
Chietikheli scam
Huokipuo noe e-mail “noe chetikheli nu raka soünyie (million dollars)
kraliete” ikecü ngulieya mu dielie sükemhiekoe mha kezha se, mu süu we
mha u keneitho puo ketho zo. Dielie sükemhieko die kelakeshü geinu
shükeiraka kekra pejüwatuo, kekreilamonyü dielie hakemhiekoe ketho mo,
scammer-koe n chü penya mu n bolie di raka telieketuo la süko chüshüya.
Online Auction
Noe mhanuü mhanya huo pushü ro n ki phrakeshüu mhiekecü mhakipuorei
ngulielho morei mha süu ze kemhie lielho, mu n ki puo dze pukeshüu we tsei
mo, kekrü, moro kemeda puo lie vi. scammer-u pukeshüu mia puo kinunu
pielie di site kekrei nu ukoe pukeshüu ngulieketuo-u ki tsakuokecü ba ro ukoe
süu nu voya sidi scammer-ko noe mhanya pienyü bakecüu ketse pie n tsüshü
motalie vi.
Mhanya ketsekecü moro rou geinu ketsekecü(Forwarding product or
shipping scam.)
Mhakinu noe online nu mha thelhitheü la kepekiekecü leshü puo morei e-mail
manager US geinu chü sekepar lhitholhiü krotho puo puo kebachü morei
rakaki dze petseko khatseishü mo mu mia puo bu mhako pielie di uko
kebachü süu nu dzükezha mho pfütheketuo huo ketsekecü, mu n bu mha
keyiekeshü süko pie n rakaki nu khashü ro pielie nu di ketsokecü puo
kelashüwata.
Puotei kekra, mha hakemhieko credit card rügulie di se mha khrükelieko mu
ketsepie n kebachü nu khashü mu n sewa mu n bu mha süu ketse la pie ukoe
mia sekewa huo tsü balie vi mu süue dzükezha mho rouko geinu ketse
lakeshü. Shükeiraka rügukelie süko n account nu kedipie khashüwatuo.
E-mail Scam hakemhie huo -- kelukeshü sevorzhie noe webcam, Digital
Camera nguliete ikevoko.
67 | P a g e
Huokipuo noe e-mail dielie hakemhie huo ngulieya – Noe mha rükrükecü
digital mirhibou webcam kemhie huo nguliete, noe chü morokesuo-u liro
hieko web site mehoshü di link hakhro khakeshüu nu neshülie liro sikecüu zo
mu n debit card moro credit card dze petseko mhanya dzü mho rou nunu
ketseketuo mu keseketuo mako la. Sizoü rei mhanya süko mhakipuorei vorya
mo derei zha huoyo sie n rakaki nu theza chüpiekeba nu puo zha praketako
pengushütuo mu noe shükeirakako pejüwatuo.
e-mail-ko geinu.
Va kekra, mia sekedoyakezhamiae n ki e-mail u kedowaliekevi mha
khashüketuo mu süu rüü se di raka kekra ngulieketuo ketseshüya mu n bu n
thuo n dzeko petse di pukecü n kebachü ketho üdi thakeshü, rüveleshü
(passport) dze petse bayakezhako puo rhi tou nu nepie ketseshü nu di chaya
mu n bu pedzüperie bank account puo geinu puo zha huo sou nu di chaya.
Süla noe vapuo raka süu khashüwata ro, ukoe raka süko pielie di süsie
kepfhesiliekevi khawaya, n bu mhapuorei ngulie mo di khawaya.
Income Tax Refund la menuokemo website-ko
Hai zo di, website-ko mhakezha website-ko kemhie di le ya mu credit card,
ATM vie CVV PIN, dze petseko pfhüya mu khezanuo khashüyakezhamia u
thuo u dze petse kekreiko electronic mode geinu crediting income tax refund
za nunu chüya.
13.2.2 Online scam-ko therhielieketuo chathako.
e-mail rakaki nunu vor me mo shi sitouwalie.
Online nu rakaki dze petseko khashüketuo le menuolie, khashükewa mhodzü
rakaki-u noe e-mail ngukelieu dze kepe di sitouwalie. Mhapuo morosuo morei
rükrita ro rakakiko kiüdi fon chü a ki pu mo di kiüdi e-mail nu dielie ketseshü
shi? ikecüko lelie.
Rou nunu mha ketsekeshüu dze sitouwalie.
Shipping scam la menuolie. Noe sekeba kompani puo ki nu ngulie di chü sede
voketa mhodzü kekuokesemia leshü geinu zaru chükeshü fax ngutoukelie
chülie.
68 | P a g e
Online nu auction chükecü ki menuolie.
Online nu auction chükecü chü voketa mhodzü le menuolie mu mhama
kemeyie nu khashükebako bu n bawa hie. Raka 200 nunu zekeba mhanyako
kikemhie di raka 20 nunu ngulie vi shi leshülie.
e-mail geinu dielie noe mhanya ngukelie khakeshüko nu u kirilie.
Noe mhanya huo puoma meyiesekecü nu ngukelieko le menuolie. Nkoe
kedipuo la email huo noe Internet sekeba ki nu mhakhrükecü morei
kepeyiekecü puorei chü mo di kikemhie di n ki mhanya la dielie vor ba shi
leshülie.
Chietikheli scam bie nunu n mawa hie.
Noe scammer-ko mu e-mail-ko puo cayie cha noe raka 10000 nguliete
ikecüko kebie chüpiekebako nunu n mawa hie, noe süko nu keze mhachü mo
zorei kedipuo la n rübei süu ngulie shi leshülie.
13.3
Online Banking
Fig 60
Online Banking rei üse Internet banking idi pulie vi. hau liro rakaki nu thelhitheü
mhatho raka sukecüko chüyakezhako Internet nunu chükecüu. We u kinu moro u
mhathochü nu ba di shükeiraka pie mha su mu piekecüko chü phrelie vi. Internet
se di shükeiraka lhitholhiü chükecü liro raka khakecü, chükecüko chülie vi moro
online nunu raka pie mha sukecüko rei chülie vi. puo kemevi-u liro customer-ko
bu u teiu la puotouu le di rakakinu mhathoko chülie vi. Mha khrükecümia-koe
rakaki nu pukeshüko pfhe ba morei vite, süu email nunu u bu u raka kide baluo
shi meholie idi vorya. Ukoe uko raka kide tsie rei baluo shi teisonhie u za nu lelie
di mehokeshü rübei zo di meholie vite. Ukoe uko za nu mha kenourhekemoko
morei puotoukemo huo bata liro telie di kedipuo chü morosuote shi süu chü
mhaiwalie vi.
Link Manipulation
Phishing sekecü mhatho kekra mhanya nu u sekewa rhi geinu rhikelie se di e-mail
nu keperokecü chüya (mu spoofed website kikemhie puo nu u ze votaya shi) hako
spoofed krotho viekecü parya. URL-ko diekhu kekrükecü moro sub domain
69 | P a g e
sekecü hakoha phisher-ko thedo seyakecü kekratho kropuo. URL thakie hako nu,
http://www.yourbank.example.com/, hau nu URL-ue n ze n rakaki website nu
Attacker Ketho dze pfhüliekevi khakeshübase nu voshüketuo mhie di parya; derei
ketho nu liro URL hau liro “yourbank” (süu phishing) bayakecü Attacker Ketho
dze pfhüliekevi khakeshübase Website nu tha baya.
Filter Evasion
Phishing chüyakecükoe antiphishing filter-ko bu e-mail-ko mhathu se
pekrayakecüko te rekuolieketuo la mhathu sou nu mharhi seya.
Malware attacks.
Thakie;
Clampi Virus liro Rakakiko mu Credit Card site-ko rüya.
Web kemchie kerüguo tsie ki nu parkecü nu khapie baketuo-e mhatho kemichie
puo kekreilamonyü kechükhuko mu Trojan parya, lhou mhai laparlie, mu
kemichie tha kho sekecü nu keza votaya. Mha keyiekecü Nine Ball, Conficker,
mu Gunblar hakemhiekoe thechüu nu lerta di cyber security world nu mha bie
pechükecüu chü bataya, kekreilamonyü u tei seya - komputürko ki kemichieu
ukoe chükebau pie pekieshü mo di kemekrie di süko nu ler kekha votaya. Rüli di
memiekecü süko puo liro Clampi, Trojan puo puo mhatho kerietho-u par zi pie
2007 ketso (süu no supuo ketso ba shi süu gei ba) derei tsie we süu mhasi
rükrükelie kerüguo riehouko khe nu u tsütha kaü chü ba. Clampi liro therie ki
kelhiekecü site la rhiepiekebako geinu malware khashüketuo la keyie voya, derei
süu site puotou nunu separ di sükoe kelhiekecü link-ko nu thelhitheü la mha
kepekiekecüko bu telieketuo geinu rei nguya, Joe Steward, khrukhre di
chülieketuo mhathoko, mvüsa ki mechü kro puo ki Black Hat Security
Conference, USA Today-e pushü. PC nu vapuo khelieta liro, Trojan-u n bu credit
card puo moro banking website mehoketuo la kemekrie di n pfhe bataya. Puoe no
roughly 4,600 shükeiraka web thechü-ko puo nu bakecü telie ro puoe mehoketuo
la puo dojü pie baya, puoe kesemia za mu puokhuko thupie baya, mu
70 | P a g e
kejokechümiako ki thedze süko kha lashüya. Clampi liro network login dzeko rei
meholie vi, süu bu network chükeba PC-ko (thakie, mhathoki nu bakecüko) ki
keyieshüya. Ketho nu tse, thelhitheüko liro Clampi la puo rükeba kerietho-u chü
ba. Times Online, mvüsa teiki pukeshü rhi nu ro, Georgia nu bagei nya zayakezha
duka puo nu mia bu $ 75,000 rügulie, süu kejokechümiako Clampi se di online nu
thelhitheü mu shükeiraka dzeko mechü leshüki thechü puo nu se di komputürko
nu pekhre se di mha kekhalie sidi kemeda payroll soukecü nu $ 150,000 khashü.
13.4
Internet nunu mha khrükecü (online shopping)
Online nu mhakhrükecüe mia nei chü selie mu meyie sete, noe n ki cie pra mo di
mha kehoupuorei khrülie vite, mu hau mikemela geinu seyakezha mhanyako,
kebakaezhünya, u ketsokemiekecü daruko, mu kekrei kekra sa khrükecü puoteiu
la puotou sekecü cha puo. We themia kekra mu bagei kekra cha khakecüko
therhielie vi. mha hau la puotei puo chie krei pie we khrünyükebau mha
kengupiekeba kiu bu khrüshükecü pfhe di khrü iya mo derei we u thuo puotei
kehoukipuorei mha khrülie vi. mha kemevi hako khie mha kemichie huo rei ba
mu Internet nu kemichie kreitoukecü puo ba süla noe online nu mhakhrükecü
chüketa mhodzü kekhrukhre chatha huo pielie morosuo.
13.4.1 Online shopping khrukhre di chülieketuo chatha huo.
•
Noe online shopping vokecü mhodzü n PC-ue mha pete kerüguo antivirus,
anti spyware, firewall, system updated mu patches pete mu web browser
kerüguo peleliekesü site-ko nu kerüguo tha kerükrie puo nu batoukecü
chülie morosuo.
•
No mha khrükecü mhodzü no website kiu nu mha khrünyü ba shiü puo
dzeko pfhüpie phrü menuolie, kekreilamonyü mia perhieyakezhako website
puotoukecü nu chüpiekeba kemhie huo nu kebie pethupie n bolieketuo
chüpie bayakezha la, derei süu ketho nu puotou nu thezho medzi di chüpie
ba mo. Süla mha sekebau puo telefon khu nu puo mo-u bakecü chüu thu
menuolie mu website-u mia rei peleyakezha chü puo mo moshi sitouwalie.
Website kekrei rei pfhülie di puomako kemezhülie. Thechü hau moro
71 | P a g e
thelhikechümia mhakhrüyakezhamia mu thedzekethumia hau dze kikemhie
di thupie ba shi süu phrü mu meho menuolie.
•
Noe online nu mha puo khrüketuo dojülieta liro, site hau http moro padlock
browser address bar gei ba moshi morei status bar-u gei ba me moshi
meholie mu süsie nu shükeiraka kelikecü mhathoko chü volie.
•
Mha keliekecü mhathoko chü tseilieta liro, süu thu sekepar puo chülie moro
mha keliekecü süu thukelieko mu puo mhanyau dze petseko, puoma, ukoe
raka pielieketa pesikeshüko, mhazeu zho mu kikemhie shi hakemhieko
screenshot puo pielie.
•
Noe chütseilieta ro Credit card-u nu kedipuo thupie ba shi süu meho
mhaiwalie mu süu pie noe puoma soukeshüu ze kemhie zo moshi silie, mu
mhanuü noe mha huo kediketa ngu ro süu nu kekuokesemiako ki pu
mhaishülie.
•
N online shopping chütseilieta ro web browser cookies pete chü
kemesawalie mu n PC khawalie mo liro spammer-ko mu phisher-ko systemu Internet ze kekhekeshüu pfhü batuo mu ukoe spam e-mail ketsekecü
dojütuo mu n thuo n la rübei bakecü dzeko pfhüketuo la kelhiekecü software
huo khashüwaliekevi dojü rei si mo keprei la.
•
Email “please confirm of your payment, purchase and account detail for the
product” hakemhieko nu u kirilie. Hau rükralie, puotou nunu thelhitheü
chükebako mhakipuorei email sükemhieko puorei ketseya mo. Noe email sükemhie huo ngulie ro kerükritho nu lhitho-u ki fon chüshülie di süu
dze pushülie.
13.5
Identity kerügu.
Mhanuü miapuoe, no sikemo nu, n mialiu dze yopuo silie mu süu se mha
sekedokecü mhatho chü ro no supuo shi ikecüu kerügu hau chülieta ükecü silieya.
We supuo shi ikecü kerügue kejokemou chü di mia sekedokecü ze kemejüya. Hau
liro mia puoe mia puo do chü di mia shükeiraka rügulieketuo moro mha kekrei
mevilieketuo chükecü. Puoca hau liro mha kesa puo mu hau ketho nu liro
misnomer puo, kekreilamonyü hau-ue mia puoe keyie pie puo tsu puo nuo gei
72 | P a g e
khashü di puo bu rei mia identity kerügu chütuoükecüe chüliekenjü zo, süu puo
thuo seketuo la rübei zo. Supuoe mia bu puo identity rüguliete shi süu-e mha kere
puo rhi kekreikreikecü puo gei partalie vi, süu puo mha kesuo mhathoko geinu
puoe themia süu idi parketa geinu. Seyie kekra nu u thuo mevilieketuo la mia
kekreimiapuo puoe supuo shi ikecüu sekecü hau kejokemou mhatho puo ükecü
thezho kreitoukecü chüpie baya. We supuo shikecü kerügu nu mia sekedokecümia
ze kekrei za ba, süu we supuo shikecüu puotoukemo puo selie di miasekedokecüu ze kekhe ba. We supuo shikecü kerügu hau kezapie za kezha kenie chülie vi:
•
Application fraud
•
Account takeover
Application nu mia sekedokecüe kejokechümia puoe kerügu morei
leshü kemeda huo se theza puo mia kekreimia puo za nunu sedekecü
geinu parya. Kejokechümiae documents utility bills mu rakaki nu leshü
khakeshü huo rügulie pie mia puo dze se morokesuoko chülieketuo la
rügulie vi. cha kekreitsa liro ukoe thedo chükecü mhathu huo
chüseparlie vi.
Account takeover hau liro kejokechümia kekreimia puo account
pietaketuo dojükecü geinu vortaya, hau liro puoe mia puo rü di lekebau
dzeko pfhükengu rietuo, süsie themia huo do chü di puo leshü
khashüyakezhako ze kerüchütuo sidi puoe leshüko piekeba niepu
kethotou-u zo ükecü rhi nunu, mu sidi uko bu dielieko puo kebachü
kesa puo nu ketseshüwalie nu di chatuo. Süsie kejokechüu puo leshüu
pejüwata üdi süu sou nu kekrei puo uko bu ketselashü nu di chatuo.
13.6
Tab napping.
Tab napping liro online phishing scam se n komputür nu kishükinyi perhieketuo
do kesa puo.
We Internet seyakezhamia kehoupuorei online scam-ko bu u pechüpenyüketuo
rüü se. nkoe theruokesuo nu, mha u kepeka vie yopuo ngukelie nu vi selie mu, süu
sou nu puomhatho sü kirei khokuokecü puo lavor se baya.
Fig 61
73 | P a g e
Tsie ketso phishing-e n kesemiazako, mhakhukoko mu rakaki nu dze petseko
rüguketuo dojü di thedo chü di dielie huo ketse n tsükecüko chü ba. Puotei kekra
ketsekeshü themiaue no raka kenguyakezha kiu nunu ükecü pevietuo mu n ki n bu
rakaki nu n dze morokesuo petseko e-mail-u gei link bakecüu gei neshü di khapie
chü kemecüshülie nu n ki chatuo.
Ketho nu link-u n kedo pie website kemeda puo n rakakiu website mhie di
ngukecü puo nu khashüwate. Noe vapuo no sedelieyakezha zau dze petseko
thushüwata liro kejokechü themiau site kemeda puo chükeshüu-e süko se di
seliekevi chülietatuo.
Derei nkoe n bu phishing attack hakemhieko la n bu mhasilietazhie, mu nko mia
kekra URL-ko email puotou nu separkecü mhie di ngukecü chüba rei süko
neshüketuo menuo se morokesuo si ba. Phishing la u kiri morokesuoko parkeba ki
ze, scammer-ko bu chü khrielieketuo chü rekuokecü chü ba, tab napping-e scam
se puo sieu mehoketuo la balie vi.
Tsie ngukewako tab napping-e phishing scam-ko donu chü menuo mu khokuo ba,
mu puoe n bu dodgy link puo gei n bu neshüketuo n ketseiya mote. Süu sou nu
Internet sekecümiako suomia browser gei tap kekra vapuo nunu neshüya shi süko
rü baya (thakie, CTRL+T nekeshü geinu).
13.6.1 Kikemhie di puoe mhachülieya ga?
Browser tab mhachütoulie ba moketa puo sou nu kemedo page set up puo n u
thuo u la ketho dze pfhüliekevi khakeshü ngulieketuo la khashükewa – noe
hakemhie chü baketa rei le rei balho.
Pelelie vi mo shi, mia sekedokecümiakoe mhanuü tap yopuoe puotei huoyo la
puo bu mhachü mo bata ro süu telieya, mu n browser history meho terü baya
süu noe website kiu nu meho sei baya shi pfhüketuo la, mu süla page kiu puo
do chü di chütuo shikecü la.
Süla noe tab kesa puo khrülieta mu web page puo meho bata ro, web page süu
puo thuo puo mhietou sei batatuo, süu noe puotei huoyo süu nu lavor mo di
window kekrei mu tab kekrei huo sekeba ki ikecü le suo. Kelhiekecü code-e
no web page khrükeshüu sou nu puo rhi krikecü nu kethokemo puo hau ze puo
74 | P a g e
rhitou ze keriekecü puo puotou nu chü sekepar page noe meho kethokecü puo
chüwalie vi.
13.6.2 Tap napping puo mhatho nu kikemhie di mhachütalie vi ga?
N thuo noe online bank account login-u nu khrükeshü leshülie, derei noe tab
kesa puo website kekrei puo tsevü huoyo mehoketuo la khrüshü, sidi tap
kerieu meho mo di khapie ba. Noe n rakaki thechüu nu lavorkecü ki login
page süu noe khapie bakewa ki mhietou ba zotuo. Noe le bakemo ketho-u liro
page kemedo puoe puo thau pie bate, süla noe no sekec zau mu puo khu-u
thukeshü ki, noe le ba mo di mia sekedokebau bu n account nu rüüse di khapie
seliekevi chüwate.
Fig 62
Noe n thuo n bank account nu tab kekrei khrükewa mhodzü log chüwata zo
ürei, noe lavorkecü ki n bu login chülashü nu di chakeba ngulalie rei si mo,
mha hau mha lekepesuo puorei separshü mo rei si mo, kekreilamonyü noe
rakakinuko-e kha tsekecü mhatho chüwate nhie idi letatuo kekreilamonyü noe
n zau bie kele mo ba pachatakecü la. Noe va kenieu se latuoü lalekecü ki
chükecü hau va kenie mha leshü motatuo. Derei tsie meseu va noe chü
kekrükelie nu mia sekedokebamia va kenie kemedo-u n ki kerüguo dze
petseko uko server nu ketse lashüwate.
Noe vapuo süu chüwata liro, noe n bank website ketho-u nu rüümekhro di
lavolie vite kekreilamonyü noe ketho nu kerieu va rei khatoukecü chüwa mo
zokecü la, süu mha pete puotou ba zokecü rhiu chüpie n pengushüya.
13.6.3 Tap napping nu n yalieketuo chatha.
•
N zau nu ta lekecü dze petse puorei khashükecü mhodzü noe browser
kebachü lhe-u puotou ba zo ükecü URL nu meho seilieketuo chülie. Tab
chükewa lha kemedo puoe URL kreikecü puo no website se ba nhie ikebau
nu batuo.
•
Noe browser-u gei tab se khrüketuo ba mo zo ürei URL-ue https:// kebachü
kekhrukhre puo ba seilieketuo meholie.
75 | P a g e
•
Mhanuü URL-u mhahuo nu lepesuo zakecü chü liro, tab-u khalawalie di
URL puotou-u khalashü di khakewau khrülashülie.
•
N bu n za nu lekecü dze petse kerüguo thu morokesuo tab bakecüko se mo
di khapie bawaketuo therhielie. Internet nunu shükeiraka thelhitheü chükeba
ki tab puorei khrüshü hie – süu sou nu window kesa khrülie (CTL+N)
13.7
Clickjacking
Clickjacking liro kelhiekecü mhatho chüketuo zho puo, hau se web sekecümiako
sekedo pie mia ki pu suotokecü dze morei uko komputür web page-ko ngupie mia
pechüpenyükelho mhiekecüko nekkeshü geinu kekhaliekecü. Browser-ko mu
platform-ko donu kethachü huo vortaya, clickjacking puoe code puo metei tou di
chütou pie bawaketa puo rhi chüpfülie moro mhathu puo sekebau bu si mo di se
bataliekevi, süu mhakhu yopuo puo mhatho kekrei sa chülieyakezha puo kemhie
di ngukecü puo nekeshü geinu. Clickjacking-e chülie vi kekreilamonyü mha huo
ngu menenuokecü HTML web pages bu lekemo mhatho chüketuo u zha khrüpie
bawalie vi.
Clickjacking chükewa page puoe user puo kesü pie puo bu uneikemo mhathoko
keviepiekeba link huo nu neshüwalie vi. clickjack page gei liro, mha perhiekebaue thedo chükeba button huo pengushütuo, süsie ngu voliekevi layer puo gei page
kekrei puo chüpie puo pie chüshütuo, nkoe keviepiekeba page-u gei mhatho
chükeba ki keviepiekeba lhe-ue puotoukecü lha puolie vi, mu süla perhiekecü-ue
sekebau kesü pie puo bu puoe chükecü le mo zokecü mhatho huo süu hasie
telaliekenjükecü mhatho huo chüwaya, hau sekebau lhe kekreiko nu rei kethotou
nu mezhü bakecü.
Hanu ngusalie vi;
http://en.wikipedia.org/wiki/clickjacking
13.7.1 Puo PANYA ca kropuo (some of the ISSUES)
Ca # 1 STATUS: Clickjacking-e perhiekecüu bu nekeshüko kekuokeseko chü
kethachüwa mu victim-u web-page nekeshüko Javascript geinu morei sa mo
di u thuo puo rhiu chülieketuo-u ketseshüketuo chüwaya. Vapuo – nekeshü nu
khakeshü neketuo khuko moro keperokecükoe mha u pekawalie kerüütho.
76 | P a g e
Hau kemenuotho rei 2002 ki mu situote mu ketsatho nu rei PoC se (3) sekecü
nguwate. (Google Desktop MITM attack, Google Gadgets auto-add and click
fraud). Browser kemeyieko pete chü keniebaketa ngu ba.
Puoca # 2 STATUS: ActiveX kekhakecükoe clickjacking bu puo
pechüwaketuo morei rüchü mhaiwakecü chüliekevi puo pie ukoe mhanuü
traditional modal dialog se mo üliro, derei sikecüu ki rei on-page prompting
gei pelekuoya. Hau cross domain access se morei vi, puocae iframes/frames
hakoe attacker control page gei mhapuo chü vorketa morei baketa mhodzü
chü morei ba morokesuo chü bei morosuo.
Hanu ngusalietuo:
http://ha.org/blog/20081007/clickjacking-details/
13.7.2 Chathako:
•
Sikemo kesemiako ki keperokecüngukelieko nu mhakipuorei
neshü hie.
•
Chülie vi ro link kemerü-u kemeho sie meho lashülie süu mouse
pie keperokecü khakeshüu gei shülie mu puo dze petseko puo
puoke thevitsa puo mei nu nekeshü mhodzü mehowalie.
Silieketuo la hakhro mirhi khakeshüu nunu kekhruohi selie.
Fig 63
•
77 | P a g e
Browser nu URL thushü seilie.
14. Wireless Network
14.1
What is a Wireless Network?
Wireless Network-e komputür network kehoupuorei rozo ro kehoupuo geinu rei
khekemo pu ba. Hau liro telecommunication network-ko nu mhatho chükeba puo
(thelhitheü) geinu mhatho zhoko chükecü, hau pelikecü chükecü ki rozoko geinu
chükecüko therhielie, morei mhanya thechü lukihaki nunu kakhekecüko. Wireless
network hako chü kedishüyakezha system radio wave üdi kieyakezha wireless ta
rükri sekecü Internet mu network kekhekecüko se mu thekekecü chü pekuoshüya.
Wi-Fi-e kedipuo ga?
Wi-Fi liro puo ro sa mo di mikemela se mhachülieyakezha mhanyako kekhekecü
mhatho tha kekho mhatho puo. “Wi-Fi” liro Wi-Fi Alliance mu mhanyako la
mhatho zasi puo IEEE802.11 kikru thako zasi puo. Wi-Fi liro themia soünyie 700
mese ki puoe seya, sünu 4 million hot-spots ba (Wi-Fi Internet kekhebakecü
thechüko) kijüu peteu nu, mu soünyie 800 mese wi-fi nya kesa teicie kepra par
seiya. Wi-Fi nyako Wi-Fi Alliance interoperability certification testing kerie
sekelieko wi-fi ZHAPU chükeshü mhatho mu zasi silie vi.
Radio Wi-Fi nu kepfhesiliekevi la seyakezhakoe radio walkie-talkies, cell fonko
mu mhanya kekrei ze kerie se. ukoe mikemela ro geinu zasi puo radio morei Tivi
mhthochie khashü morei ngukelie radio wave-ko chüshüya mu ukoe 1-ko mu 0ko chü kedei pie radio wave-ko chüshü mu radio wave süko chü kedi pie 1-ko mu
0- ko nu shülie vi.
Ukoe mi ro geinu zasi pie radio morei tivi mhathochie nu zasi wave 2.4 GHz mor
5 GHz nu khashüya. Wave zasi khakeshü hanu cell fon-ko, walkie talkie-ko, mu
tiviko nu rei khokuokecü chü baya. Wave zasi hau khokuo mu zasiu ketho dze
pfhüliekevi khakeshü pfü krakuolieya.
Ukoe 802.11 networking standard-ko seya, süu puo rhi kekreikreikecü nunu
vorya:
•
802.11a transmit mi ro zasi 5GHz nu chüshüya mu 54 megabits ketso ketho
dze pfhüliekevi khakeshü tsevü metsei ikecü nu mele khoshüya.
78 | P a g e
•
802.11b liro kerüleitho mu kemeyietho thau. 802.11b transmit in the 2.4 GHz
frequency band of the radio spectrum .
•
802.11g transmit at 2.4 GHz like 802.11b, derei hau-ue rükrithorkuo – puoe
54 megabits ketho dze pfhüliekevi khakeshü tsevü puo donu selie vi.
•
802.11n liro kekra bakecüko donu puo tha kesatho-u, puo tha hau meyiemeluo
di rükri mu range chü kehieshüya.
14.2
Wi-Fi network khrukhrekemo sekecü mu kemichieko.
Themia kehoupuorei net-work voliekevi thechü kemeya nu, code nu chüwakemo
wireless network-e thengulie moro telie moro puo dze thupiezhüliekevi mhapuo
puotoukemo mu thelhi chükecüu, kekuo khapie tsüshükemo pie puo nou network
kinyiko sakebau rei mu Internet-u gei rei mevilie, mu süsie spam morei mhatho
puotoukemo kekrei rei wireless network kebachüko nunu ketseshülie vi.
Wireless kerüguo nu kemichieko puo liro mha kebvükecü puoe mia bu u
rübakecüu broadband connection selie di online nu puoma sou mo di web nu mha
meho, puotoukemo nu piekecü ütsali moro software piekecü chütalie vi. hau tsie
mu tsie kepechü vor molie vi, derei network puotou nu sekebau gei Internet moro
network sekecü nu rüli lertalie vi.
Mha kebvükecümia puoe mia bu puo pesekecü chükebau-u kekhekecüu se
kelhiekecü mhatho mha puotoukemo kezakecü, DoS pie mia kechükecü moro
hack chükecü khakewa kemhieko nu se batalie vi. mha kebvükecüu-ue puo za
khashü moto di batalie vi puoe kekhekecüu victim-u connection nu se kebau pie
puo connection chü di.
Ketho-u ro mia bu puo pesekeba-u kekhekecü geinu pfhü lalie vi mhanuü
kejokemou mhatho huo pfhükevo ki ngulie ro. Mu wireless network puoe
corporate network gei mezhü phi kekhekemo kitho kikha puo chü batalie vi.
Liethomia puo morei kompani puoe mia bu dielie pekhrekecü vieko tekeyuo la
rükeba puo chü batalie vi.
Khrukhrekemo wireless network-ko gei kemichie huo rei ba. Siro themia mu
krotho kekra tsierei khrukhrekemo wireless network-ko se baya zo. Derei mhasi
se wireless network attack chüketuoe rüükuotazhie. Mia puoe khrukhrekemo
79 | P a g e
wireless network-u chüpie khrukhrekecü chüwa morosuo mu network kekuokejü
nunu sekebako rüguolie morosuo.
14.3
Wireless Home Network Security la chatha.
1) Default Administrator Pass-words (and Username) kediwalie.
Access point morei router liro wi-fi network kekra shülou. Mhanya hako set
up chüketuo la mhachükeshümiakoe web page khashü di mha pethakecü-u
chü kedei pie chüpie niepumiako bu u network kebachü mu puo zasou
chükeba dielieko nu lelieketuo keseshüya. Nieputou-u bu chükedeikecüko
pethapie chüketuo la, web page-ko-e rüguo pie baya mu süu sekecüu za mu
puo khuko mezhü mu puotou ba morosuo. Mha chükeshümiakoe kedaliakevi
khashülie moketa sekecü za mu puo khu kesaketuo wireless cha pfhükeshü-u
moro access point-u za kesa di khashüya. hako Internet nu ba di kedaliakevi
khashülie moketa sekecü za mu puo khu ngulieya. Internet nu leshü hako la
khakeshüko rüüse di ngulietuo. Sekecümia kekra u sekeba za mu puo khu
kesakecü hako kediya mo. U terü chü di seyakecümia la liro, chüpiekeba hako
kediwa morosuotaya.
2) urn on (compatible) WPA/WEP En-cryption
Wi-Fi nya geinu u yapiekebako pete code nu thukecü kemhie huo ba seiya.
Code nu thukecü liro ketho dze pfhüliekevi khakeshü kedi pie scrambled rhi
chüpie kekuo khashü tsükemo themia bu si mhailiekejü chükeshü. Thie teiu
nu code nu thukecü kemeduonya huo wi-fi la bate.
Wired Equivalent Code nu thukecü (WEP), liro code nu thukecü tha kewe
puo, hau Passphrase kekra sekecü nu rei hau metse huoyo donu teketa pu bate.
Hau-ue code nu thukecü zho thakeshü puo, süu puotei chüliekevi nu rüü se di
thuwaliekevi puo, süusü metse huoyo morei tsevü huo.
Enabling Wired Equivalent Privacy (WEP)
Fig 64
WEP nu security puo panya morokesuo huo batayakecü la, wi-fi Alliance-e
network ketho üdi pukeshü mu code nu thukecü la standard puo khashüte.
80 | P a g e
WPA (wi-fi security access)-e wireless security la puo tha kemeyieko donu
puo. WPA-e kekhrukhre tha kerükrie WEP-e khashüliekevi mho kehoupuorei
khashüya.
Enabling Wi-Fi Protected Access (WPA)
Fig 65
Wi-Fi networking nu, SSID-u Wireless Access Point-ko moro router-ko nunu
puotei puo donu puotei puo medzi di pekieshüya. Mharhi hau thelhietheü mu
mobile mhanyako la rhishü. Süu wi-fi khrükeliekoe rühou se thechü kekrei
puo nu vo rei si mo. SSID pukeyiekeshü mharhiu liro kinu wi-fi nwtwork la se
morosuo phi zo mo. Security-u chükehieketuo la, SSID pukeyiekeshü
kekhrukhre mharhiu bu chüliekesuo chüwa morosuo. SSID puotou-u se point
access chülieketuo la wireless sekebako u dzie se chükedeikecü, ukoe
pukeyiekeshü dielieko se sa morei vite.
Fig 66
3) Default SSID-u kedikecü.
Service Set Identifier (SSID) liro network za access mu router-koe seyakecü
puo. SSID set hau mhanya chüshüyakezhamia se u mhatho rou geinu
ketsekecü la seya. Thakie puo, SSID-u Linksys nyako kehoupuo la rei
“Linksys” iya. SSID-u sikeba la network nu hack chüketa cau molie vi, derei
default SSID-ue network-u chükedei pie chü menuolie mo mu puo perhiekecü
chütalie vi idi pushüya. Wireless network security chükedeikeba ki, default
SSID-u kediwalie.
Fig 67
4) MAC Address Filtering chüliekevi.
Wi-Fi nya pete rei mia siliekevi Media Access control (MAC) Address moro
chüümo-u kebachü ükecü kreikhrokecü puo ba phreya. Router-ko moro
Access point liro MAC address-ko mhanya uko gei kekhekebako pete meza se
baya. Network access-u bu mhanyako puo gei khe bakecüko rübei gei
khashülieketuo mu kekreiko chakhawaketuo la, mhanya bakecüko kekra
access point moro router ki mhanyakebako kekra mha kekhayakezhau bu u
81 | P a g e
dielieko MAC address nu khapie balieketuo la puo bu pielie nu di puya. Derei
hau-ue hacker-ko ki rei puo kekuo tsakuo mu uko software mhathochiekoe
MAC kebachüko do chülie vi.
FIG 69
5) Komputü puopuokecü mu Router-u gei Firewall-ko seliekevi chülie.
Router-u Firewall bu khrütou bakecü chülie. Network router-ko kekra rei
firewall chüliekevi chüpie baya. Hau liro puo mharhiu bu chüliekevi mu
chüliekesuo kedaliekevi puo. Router kitsa nunu firewall ze di, router-u gei
komputür khepiekeba pete gei personal firewall kheshü mu configure chü
salie.
Firewall-u gei kekhrukhre feature-ko liro thezakejü Internet mhachako yakecü
website lienyükemoko browse chükecü, malware mu spyware nunu yakecü
hako rei sa. Mu kekhrukhre zhoko rei vatshashüya sidi lienyükemo mu
thezakejü ze kekhekebako khawaya.
6) Puotei kecha se-mo bataketuo teikiko network-u khawalie.
Access Point puo morei router mhanuü petupie ba ükecü puo chü liro puoe
zasiko petashü sei baya. Network khaketuo la chüliekevi ketso khashüketuo
la, wireless security measures nu morokesuotho-u liro access point moro
router-u khapie bawakecü. Device-u khrü mu kha sei bakecü chü phiya mo,
derei kekrei ki chü lho zo ürei rüvekecü ki morei offline ba pechaketa teiki
chükecü lelie. Komputür disk drive-ko liro mikemela sekecü rüwhi se-mukhakecü la kemezhiekeba silieya, derei hau liro broadband modem-ko mu
router-ko la nounyü kenieu.
7) Router-u moro access point puo tha nu khrukhre di khapie balie.
Wireless zasikoe puo chüümo riehou ze di puo phapie ba mo. Wireless router
gei zasikoe mereibou kiu mho volie vi moro miapuo ki care-u cie pa di zanuou ki ketso rei volie vi. wireless router kekra rei zasi khu 100 feet ketso
volieya. Mhanuü zasi tha hau mha kemetou puo rhi nu leshü di wireless router
bu puo metsuo-u chü, zasiu puo ke lutsahatsa nunu feet 100 ketso volie vi.
Mia kekreimiako la liro seketuo la rei wireless network-u pfhü rüükuote.
82 | P a g e
Wireless home network puo khekecü teiki, puo thau access point moro routerue puo voliekeviu geinu leya. Mhanya hau bu pata molieketuo la petha pie
kipha kepenuo ki monyü kiu metsuo nu khashülie. Zasi puoe kichiepuo mele
volie ba shi mu mhanya kikemhie kropuo cie vo ba shi süko sozhako, thegei
hakemhiekecü kekrei sakecü rhiu geinu ta rülitaya. Aluminium foil rei se
kiphako morei kikhako nu mekawalie di zasi kekuo-u chü petsawalie vi.
8) Do not Auto-connect to open wi-fi Networks.
Mha kepesikeshü puo rei sa mo di komputür puo gei puo thuo puo geinu open
wireless network bakecü kehoupuorei kheketuo la, komputürko kekra moro
mhanyako setting puo komputür gei puo thuo puo geinu kekhelieketuo
khashüya. Derei puo kemichie puo sa bakecüu liro access point puo do
chükecü ba di sekeba lepesuokemo telie mu puo gei komputür kekhekebako
hack chütalie vi.
Mu theza keviko pieketuo la access point chü kedei pie chü morosuo bei,
kemosie themia kekuo khashü tsükemo kehoupuorei access-point puoe sekecü
theza mu puo khu se mo di sekecü chülie vi.
9) Assign Static IP Addresses to Devices
DHCP (Dynamic Host Configuration Protocol) dynamically mhanya
khepiekebako network chü kedeikecü dielieko chükecü nu seya. Süla DHCP
la üdi network pethakecüko u dzie se chü kedei morei vi. Hau u dzie se
network pethakecüko chükedeikecüu bie petsawaketa la puo kere bamoketa
geinu seya. Derei kekreitsa liro, mhakepekau-e network pethakecüko
chükedeiketuo chüketuo la dojü phrepie bawaketa geinu mu network-u selie vi
baketa nguliekecü la mhatho hau se di network-u gei rüümekhro di kekhelie
vi. hau sekecü therhielieketuo la Static IP Addresses devies-u gei wireless
network-u khekecü.
Meholiekeviko:
http://computer.howstuffworks.com/wireless-network1.htm
http://en.wikipedia.org/wiki/Wireless network
http://en.wikipedia.org/wiki/Wi-Fi
83 | P a g e
http://compnetworking.about.com/od/wirelesssecurity/tp/wifisecurity.htm
http://www.thegeekpub.com/773/why-wpa-is-better-than-wep/
http://pcineoneone.com/howto/80211bsecurity1/
84 | P a g e
15. Mobile security
Mobile PC morei mobile-ko gei Internet se khenu mhatho kezhako nu selieketuo
thelhitheü application-ko la khakeshü hau kemichie pie u thuo u gei moro krotho dielie
kemeyieko gei chü batalie vi. Mhasi kerükrü chükeliemiako morei miali sekecümia la
liro, mobile morei mobile PC sekeba mha kemevi kekra ba, sükosü liro thechü
kehoukipuo nu rei u mhatho chüliekevi ikecü kekrei kekra rei ba… mobile mhanyau puo
thuo puo zho puo ba derei kerüguo nounyü dielie meteikemo kemhieko nguliekevi rei ba.
Fig 70
Mha kedekecü kekreikreikecü rei kekra ba, süu puo cha kekreikreikecü nu mobile
sekebako u gei chüwakiekevi. Thakie, mirhi dielieko mu leshükhu se thukecü dielieko
ketse pie puo khu huo nu methuo nu fon chülieyakezhako nu chükeshü, si moto di mobile
fon nu dielie ngukelie puo nu nekeshü. Tsieteiu nu kelhiekecü mhathochie kekra par di
mobile fonko mu laptopko nu lelieketuo dojü mu süu geinu u thuo u dze puo nou
bakecüko rügulietuo.
15.1
Kerüguo nounyü
15.1.1 Exposure of critical information
WLAN zasi huoyo meyiemeluokecü thechü kepeciekecü nu ta volieya, mu
wireless sniffer puo se di zasi hako nu meholikevi chülie vi. Wireless nu
kerüguo se morokesuo de khapie balie mo liro mha kebvükecü puoe thete dze
huo kehieshülie vi.
Fig 71
15.1.2 Mhanya pejükewa morei rügukelieko
Fig 72
Mhanuü Wireless Virtual Private Networks (VPNS) nu kerüguo se morokesuo
de khapie bawata zorei, mhanuü mhanyau pejüwata morei mia bu rügulieta
liro. Mhanuü mhanya sükoe password puo se puo keya chüwa mo mu userlevel kerüguo mhatho kekrei rei sa chüwa mo liro Corporate intranet peteu
kedekecü mhatho chüwalie vi.
85 | P a g e
15.1.3 Mobile kechükhuko
Mobile kechükhukoe mha kedekecü kezha philie vi, kekrei mo rei mhanya
huo komputür nu chüliekevi meyiemeluo di bakecüko. Mobile nyako, mha
cha kekra rei kechükhu mhodzü thachü. Kechükhukoe kerüguo la
chüpiekebako nu huoyo lie puoki cie bakecüko nu application-ko moro
operating system khapiekebako nu mevilie di chü pesuowalie vi. Application
mobile nya nunu piekecüko kechükhu vo rüü pie desktop application-ko ze
kemhie zotuo. Mobile OS huo nu, SMS dieyieko chütouliekemo device-u bie
pesuo tseiwalie vi.
15.1.3.1
Blujacking
Bljacking liro theza sakemo dieyieko, dieyie pienyükemoko ketse
pie Bluetoothseliekevi mobile fon-ko moro laptop sekebamia
kekrei tsükecü. Bluejacking liro Bluetooth seliekevi fonko gei baya
mu süu bluetooth seliekevi nya kekrei puo ze keselieketuo la
pfhükecü.
Bluejack
chüjakezhau-e
zho
puo
ketho
nu
kepfhesiliekevi dze petseko moro mikemel nya thelhitheü leshü
keliketuo la pekuo di chüshü. Puoe fon kebachü leshüda (address
book) nu kesa puo thushü, dieyie puo thukeshü, mu süu bluetooth
nunu ketseketuo kedakelie. Fon-u fon kekrei bluetooth bakecü
pfhütuo, sidi, puoe puo ngulieta liro, dieyieu ketseshüya.
Puozau thuo hai ba zoü rei, Bluejacking liro se morosuo bei mu
mha biepesuowaya mo. Bluejack chüyakezhau-e u thuo u la rübei
bakecü dielie rügu morei fon kekhakecü chütaya mo.
Mhanuü Bluejacking se mirhi mesakemo morei mia kedekecü
dieyieko morei mirhiko, moro mha zeketuo la kepesikecü ketse ro
sünu puo kere huo batalie vi. Noe mhanuü dieyie sükemhieko
therhielienyü ro, n Bluetooth khawalie vi, moro “undiscoverable”
nu set chüwalie.
86 | P a g e
15.1.3.2
Bluesnarfing
Bluesnarfing liro Bluetooth fon nu ketho dze pfhüliekevi khakeshü
kerüguu. Bluesnarfing kemhie di, bluesnarfing rei device bluetooth
seliekeviko se di mia kepenuoki kebako pfhü mu ze kepfülieketuo
gei baya.
Kethu nu, bluetooth kesemia puo software puotou-u se laptop nu
petekebaue fon puo kepenuoki keba puo pfhülie vi, noe chüliekevi
chüshü mo rei ze kekhelie vi, mu n fon leshüda (mia ze
kepfhüliekevi khuko bakecüu) kepfhüliekevi bakecüko (contacts)
mu khrüphrüleshü ikecü pielie vi. n mobile fon serial khu rei pulie
vi mu se fon-u do chü di selie vi.
Noe Bluetooth khawa moro “undiscoverable” nu khapie bawa
morosuo (undiscoverable) pfhüliekejü pethakecüu n bu Bluetooth
nya headsets kemhieko seliekevi chüshüya, derei puocae n fon liro
kekreimia bu ngulieketuo chüwatuo.
15.1.4 E-mail kechükhuko
Fig 73
E-mail kechükhuko PDA-ko gei chüvorkecü e-mail khu PC-ko gei
vorliekecüko ze kemhie khre zo. Kechükhu hako kompaniko la puoma re se,
mu hai di thelhitheü tazhüyakecüko rei kebvüwaya. PalmOS/LibertyCrack liro
PDA e-mail kechükhu thakie puo. Hau liro Trojan horse sekeba puo mu süu
Palm PDA nu application-ko pete vawalie vi.
15.1.5 Kelhiekecü software worms, spywares mu trojans kemhieko.
Fig 74
Worm-e fon network kebvüwa rei si mo mu sü bluetooth nu mha kelikecü ki
mobile puo geinu kekrei puo gei keyieshüwalie vi. bluetooth geinu spyware
mobile fon gei talerketakoe miali dieyieko chü kedi pie chazou network gei
khashüwa rei si mo. Trojan-u mobile gei rüzhü application ze kesa di
khakewau SMS dieyieko ketsepie tsüphrü kekra ki khashüwalie vi mu fon-u
puo zha chü pekrawa rei si mo.
87 | P a g e
15.2
•
Mobile deviceko rüguoketuo chatha huo.
Bluetooth morei mms attachment rhi nunu applicationko piekecü ki menuolie.
Sükoe mha pekawaliekevi software huo balie vi, süu mobile fon-u
chükeniewatuo.
•
Bluetooth kekhekecüu ngukemo rhi(mode) nu khapie bawalie, süu noe kese
kekreimia bu n mobile fon morei laptopko nu sekelie chü morosuota zo kemosie.
Mhanuü sikemomia puoe Bluetooth geinu mobile fon-u moro laptop geinu
seliekevi chüketuo dojükecü ki, Bluetooth volie kevi thechüu cietalie süu puo bu
kekhe mo mhaitalieketuo la.
•
Peleliekelho chako nu mobile fon morei laptop gei mhakesuo kebako pie
molieketuo therhielie.
•
MMS dieyie sikemo sekebamia ki nunu vor liro khrükecü mhodzü süu vawalie.
•
Mobile fon-u kikemhie di setuo shi kepethadze thupieketuoko phrü menuo di
kerüguo pethakecüko, pin code settings, Bluetooth settings, infrared settings mu
application pieketuo la kikemhie kropuo medzi morosuo shi süko pekuo di. Hau n
khruohi pie n mobile fon chüpie kelhiekecü mhathoko nu rüguolietuo.
•
Mobile fon sekecü la pin code chakecüu chüshüwalie. Pin puo kedalie, süu
themouliekejü puo mu n la rükralie kerüü puo lie.
•
Call barring nu khakecü liethoko operatorko khakeshüko selie, süu se application
no mu n kikru tsüphrüko sekemoko khalieketuo la.
•
N mobile fon pie n thuo n la ketho dze pfhülieketuo khakeshü puo chü hie, süu
rüsuomia dzie nu ta leta liro kemichie ba. Thedze kemeyie credit card mu bank
card password hakemhieko mu kekrei rei sa mobile fon nu kengu/khapie bakecü
ketarhoya mo.
•
N cell fon nu IMEI code-u thupie balie mu süu pie thechü kekhrukhre nu khapie
balie. Hau niepuu khruohi pie puo mobile mia bu rügoukelieu bu seliekelho
chülieya. Chükebaue(operator) IMEI code-u se dif on puo khawalie vi.
•
Puotei medzi di, puo sie thalieketuo ketho dze pfhüliekevi kemeyieko mobile fon
nu kmorei laptop nu chatha leshüu nu kepetha khakeshüko medzi di peleliekecü
88 | P a g e
deviceko mobile fon morei laptop gei Bluetooth geinu kekhelie keviko chü
kemecüshülie.
•
Methuo nu chükemesakelie nyako selie, süko internet nu ngulieya mu selie di n
mobile bu puo rhi nu puo tho chülieketuo la, kelhiekecü software huo bu bie
kebvükewa ki.
Rükralie:
IMEI liro International Mobile Equipment Identifier ikecüu mu süu mhaphrükhu
15 moro 17 mese batuo, süu mobile device puo puokecü pete puo thuo puo la
kreitoutou dib a phretuo. Mhanuü mobile puoe jüta ro liro mobile niepuue
kekhashüyakezha-u ki puo bu mobile-u khawa di puo bu puo mhatho chü
motaketuo khalie vi süu mobile fon süu IMEI khu-u pie kekhashüyakezha-u
tsüshülie vi.
89 | P a g e
16. Ketho dze pfhüliekevi khakeshü Security
Ketho dze pfhüliekevi khakeshü security icü puocae ketho dze pfhüliekevi-ue fraud rhi
kehoupuorei bakemo chü toushükelie nu ketho dze pfhüliekevi khakeshü hau seliekevi
chüketuo la puo kecha pie kekuo khapie tsükeshümia rübei bu seliekevi rhi nu kekha nu
ba. Ketho dze pfhüliekevi ikecüu liro u thuo u la bakecü dielie süko mialiu, rakaki dze
petse nu kekrei rei sa pie ba. Ketho dze-e chükedi/biekedi, network kompaniko donu mu
süu cie vokecü, sükoe security puo rhie chü di puo cha meya se vokesako gei nounyü mu
u keneiu bakecü.
Sizoüshierei, krothokoe ketho dze pfhüliekevi khakeshü puomau nu kha se bakelie device
nu bakecü mu u keneiu bakecü.
Sizoüshierei, krothokoe ketho dze pfhüliekevi khakeshü puomau nu kha se bakelie device
nu bakecü üse khrukhre tsei baketa rhiu le baya. Süla, mia pete bu ketho dze-u chü
kekhrukhre morokesuo ba mu silie liro kekuo nguliekemomia bu seta molietuo.
16.1.1 Ketho dze pfhüliekevi pekruketuo la thezho kekreikreikecü
Ketho dze khakeshüu bu khrukhre saketuo la puo rhi kekreikreikecü huo baya.
Ketho dze kekreikreikecüko kikemhie di chüpie khrukhre balietuo shikecü
puo zho medzi do chüvoketuoko hakhro khashüzhie.
16.1.2 Dielie kezakebako
Dielie kerhe/kezakecüko kekuo khapie tsükeshümia bu access chü toukelie
chülie mu ketho dze pfhüliekevi khakeshü kiu ze keza rei vi shi mu mechüu ze
kiu keza suo shi süko chü kreilie.
Themia kekra internet nu u personal mu confidential dzeko kezaliekevi rhiu
nu chüpie u bu u dzeko kekuo khapie tsükemomiako ki khashü molieketuo
chüshü morosuote. Thedze hako kidepuo pekru mu khrukhre di khapie balie vi
shi süketso chütuo puo mhatho khakeshüue medzi mu mia kekreimia ze keza
morei keyielielho.
90 | P a g e
16.1.3 Securing ketho dze pfhüliekevi khakeshü during transmission
Transmit chükeba ki ketho dze pfhüliekevi khakeshü-u chü pie khrukhre
bakecü hau nu code nu thukecü mu ketho ükecü pukeshü rei sa mu süu rei
puotei puo nu puotei kekreiu rei kekuo kesemia/ngukeliemia morosuo.
Ketho üdi pukeshü liro pekhre dze/dielie komputür kenie donu ker hau nu
code nu thukecü mu ketho üdi pukeshü rei sa mu süu rei puotei puo nu puotei
kekreiu rei kekuo kesemia/ngukeliemia morosuo. Ketho üdi pukeshü liro
pekhre dze/dielie komputür kenie donu kerüchü kethochü voketa mhodzü
keze kezayakecüchü kethochü voketa mhodzü keze kezayakecüu.
Mechüu (public) key code nu thukecü liro ketho üdi pukeshü ca kekrei puo,
süu ngukelieu ketho-u se mo shikecü pushüya mu ketsekeshüu mo mu süu
cabi-u kekhruohi se di chüshüya, süue system kenie puo rhi kekrei nunu puo
sekebau geinu chüshüya.
Code nu thukecü ketho dze pfhüliekevi khakeshü cabi bakemo-u tsiedo teiki
komputür kesemiakoe chü rüümekhrote mu süu 27 performing geinu chülie
vi. Süla code nu thukewa ketho dze pfhüliekevi khakeshüko yalieketuo cabi
puolhou bu cha morosuo sikelie geinu mia bu themou/chie rüü molieketuo la.
Ketho dze pfhüliekevi khakeshü-u code nunu thukecü ketho dze pfhüliekevi
khakeshü-u puo kro se-u (third party) bu ketho dze pfhüliekevi khakeshüu
ngukelie ki uko bu siliekevi mkhathu nu phrüliekejü chülieketuo la.
16.1.4 Web browser
Browser application se di ketho dze pfhüliekevi khakeshü ketsekecü ki URL
ngu di puo bu khrukhretoukecü chülie. Süu bu HTTP mo di HTTPS URL nu
ketho me mo shi sitoulie ketuo la puotou nu setoukelie chülie.
16.1.5 Email mhathochieko bu khrukhre bakelie.
Email mhathochieko mechü cabi se code nu thukecü se dielie ketse mu
ngukelie chülie di chü kekhrukhrelie. Hau sekeba kenienie rei e-mail
mhathochie kekhrukhre sekecü geinu chü puotuolie ya kemosie sekeba-ue email kekhrukhre mhathochie se mo di e-mail ketseshütuo.
91 | P a g e
16.1.6 Secure shell
Hamhodzü, komputür kesemiako telnet application se di remote mha pete
khesekebauko ze kekheya. Derei telnet-e dielieko mhathu kemecü nunu chü
keyieshüya. Hau public key cryptography ae code nu chülieya mu kepele nu
ketho dze pfhüliekevi khakeshü mezhükecü chü toulieya.
16.1.7 Ketho dze pfhüliekevi khakeshü backup.
Thie teiu nu mia puoe file kemeyie puo pejüwa hau mha kesuotho puote.
Ketho dze pfhüliekevi khakeshü bu khrukhre balieketuo thezho kekrei puo liro
ketho dze pfhüliekevi khakeshü ketho-u khruohi pie disk moro tape kekrei
puo nu khashükelie. Backup hau sekebau khruohi pie mhanuü hard disk-u
kaketa puo chü zo shierei ketho dze pfhüliekevi khakeshü ketho-u ngulakelie
chülieya.
Tsie zo rei nkoe CDko mu DVDko se uko file kemeyieko backup chü pezha
se ba zoluo. Mhakinu CD/DVD süu suota ro kimhie ta?? Haki file süko
ngulalieketuo kelakeshü puo ba. Ngulakelie mhanya bou (recovery toolbox),
hau n khruohipie n bu huo ngulalievi, ketho dze pfhüliekevi khakeshü suoketa
huo noe pejü tseitouwate nhie di lekeba huo.
16.2
Mha
huo
khakewa
geinu
ketho
dze
pfhüliekevi
khakeshü
chüpie
khrukhrekelie(Securing ketho dze pfhüliekevi khakeshü by disposal)
Sekebau-e ketho dze pfhüliekevi khakeshü se sa morei viketa huo vakeshü ki, menuo
se div a morosuo, sidi ketho dze pfhüliekevi khakeshü süu kekuo khapie
tsüshükemomia bu süu chü se lasier molieketuo la. Information mu formatting
vakeshü geinu ketho dze pfhüliekevi khakeshü-u khrukhre se di vawate ikecü ba mo.
Ketho dze pfhüliekevi khakeshü-u va tsei/kemesa touwaketuo la, software tool huo
ngulieya, süu ketho dze pfhüliekevi khakeshü-u chülaliekelhoko chülieya. Operating
mha pete khesekebau huo formatting command bu chüliekevi puo zho kho se di
chüshü di puo bu format rübei zo mo derei kemerü (zero) sa pie puo chü süu nu
bashüwaya. Ketho dze pfhüliekevi khakeshü vaketuo cha kerüütho-u liro wiping
mhathochie sekecü, süu disk-u format chükecü rübei zo mo derei ketho dze
92 | P a g e
pfhüliekevi khakeshü kerhu huo sa pie bashüya. Algorithms huo mha khrukhre di
vaketuo la ngulieya.
• Single pass
Hanu ketho dze pfhüliekevi khakeshü-u puo mho gei 1ko mu 0ko vapuo rübei
di thupie baya.
• DOD 5520.22-M Standard
Standard hau puo mho gei addressable location-ko character-ko nu
complement-ko ba di thupie baya mu se kekreiko ze kemezhüya.
• Guttmann method
Method hau ketho dze pfhüliekevi khakeshü-u va 35 mese huo puo mho thuya
mu hau chükecü encoding algorithms kekreikreikecü disk chüshüyakecü
kekreikreikecühuo seyakecü huo se di chüshüya. Linux mu Unix Mha pete
khesekebauko file bie pesuokecü ahza puo se file sensitive huo bakecüko mia
kekrei puo ngulalieketuo yakecü chüya. Kerhekecü ahza-u puo mho nu file pu
kreikeshüu thu mu thu sei baya, süu hardware puoma resekecüko bu ketho dze
pfhüliekevi khakeshü pfhü lakecü chü rekuolieketuo la. Hau chatha-u ki mha
kha pekrakuoshü di puo sie kezalie mu hard disk-u nu file puo vawaya.
Linux/Unix ahza kekreipuo se disk drive format chütseiliekevi puo liro ‘dd’
ahza-u. Mhakinu ahza hau nu switch kreikecü huo se bata liro, disk süu pete
kemerü(zero) nu thu la phrewaya.
93 | P a g e
17. Chüümo kerüguo (physical Security)
Kerüguo nu phiyha kerietho-u liro PC-u chüümo kerüguo lekecü. Chüümo kerüguo meza
se balieketuoe puo kebachü mu shükiraka puo la khapiekebau gei ba.
Phiyha kenieu liro puo chüümo bu puo tha puo nu batoukelie mhathoko rei sap u ba mu
süko mi khakeshükomputür-u kesachü, kibou-u kemekukele(temperature) hako rei mu
haki rei krakecü rei phi ba. Mhatho hamho pukeshü puo zo rei kaketa geinu komputür-u
kemichie nu votaliekevi chüwaya.
N ki nu, n kinu PC-ue mha puoma keretho-u chü baketuo cha vi se ba (good chance),
moro mhanüü noe laptop puo ba liro, noe n likhuo nu pfüketuoko donu puoma keretho-u
chütuolie vi. N insurance policy thuo hardware-u mako sou morei wheshü zo shierei
mhanuü süu mia bu rügulieta liro, rakae mha kemeyie morei preonal ketho dze
pfhüliekevi khakeshüko se lavorlieketuo chüliekenjü. Süla pouch puomo-u se khrukhre di
bakelie-e software bu khrukhre bakelie tuoi meyie phre zo.
Mhathozhoko huo chüümo kekhrukhre-e se komputür gei khashüliekevi.
17.1
Komputür cabiko (Computer locks)
Tsiedo teiu nu PCko cabi se khaliekevi rhi nu chükeshü rei ngulie bate, süu socket
puo bou-u mhodzü nu cabi se khrü mu khalieketuo baya. Hau u khruohipie
kekuokejümiako(kekuo nguliekemomiako) bu PC-u gei hardware-u sekecü
kekhalieketuo chülie vi, mu süsie rei puoe uko bu uthuo uko floppy morei
hardware nunu mha pete khesekebau-u khrükecü khalieya.
17.2
BIOS Security
• BIOS (Basic Input Output Mha pete khesekebau) hako liro software nunu
chüsesierya, süu komputür puoe disk-u gei mhathochieko access chü mo di
keyboard, monitor, serial mu parallel keperokecüko mu puo mhatho kekrei
huo rei kekhaliekevi baya. BIOS-e ROM chip puo ze di komputür geinu vor
mu süu disk chüliemoketa puo chü rei puoe mhapuorei ta lho ikecü
chütoushüya.
• BIOS pekhrekhu chükelie geinu kekuo kha tsüshükemomia bu mha pete
khesekebau-u khrü lalie mu kekha si se di sekelie chükecü khalieya. Hau
94 | P a g e
kekhrukhre tha kerünuo puo khashüya kekreilamonyü mia puoe battery-ko bu
kekhekemo chüwalie vi mu mhanya se mha chüshüyakezhamia default
password-u se di BIOS-u selie vi. sizoürei süu kekuo bakemo puo-e puotei
huo se di puobou-u khrü mu BIOS selie vi, süu mhakebvükecü puo sie huo
khashüwalie vi.
17.3
Krothoko nu
Krotho kekra puo sie pfhükecü mu ngulakelie mhatho huo khashüya. Mhatho
hako komputür nu software se mhachükecümia kekhruohi se di chüya.
Kehoukipuorei kerügumia puoe Internet nu kekhekeshü ki, miapuorei kekha mo
zorei puo thuo puo geinu kerügu-u bu si mo di mha pete khesekebau-u IP
Kebachü moro fon khu puoe se kekhekebau ketse pie mha ngulalieyakecü chü
(recovery service center) nu khashüya.
17.3.1 Mikemela khakeshüu bu kebvü mo zo di mha pete khesekebau-u gei
khashü sei balie morosuo puo bu ketho dze pfhüliekevi khakeshü
ppekrulie moluokecüko mikemela vormoketa ki pejükecü khalieketuo la.
•
UPS (uninterruptible power supply) se di le moto ba di mi jüketa
rüguoya.
•
Huokipuo mi kha pekrakeshü moreo tsaketa hau komputür nu
bakecüko la puo chüümo chü pesuowalie vi.
•
Komputür-u UPS gei meka pie baya, mu mhanuü mi ketho-u teta liro,
UPS-u mi kekuo komputür-u bu puo thuo puo khalieketuo mu puo
dielie peteko rüguolieketuo se morokesuo kekhashülieya.
•
Mikemela jü tseiketa hau ketho dze pfhüliekevi khakeshü pejükewa
gei mu hardware bie pesuokewa gei mhakere si mu ngutoutaya.
•
Mha mesi kecükezha kidepuo pie UPS ze kekhekebau gei khashütuo
shi süu le morosuo. Mha mesi sü komputür rhi mecütoukecü puo,
work station, mini-mainframe, hard disk drive, moro dojükecü mhanya
huo balie vi.
•
Vapuo mhanya puo mi bu ba sei baliekevi cha se morokesuo puo sileta
liro, UPS mha pete khesekebau-u rating se morokesuo-u volt-ampere
95 | P a g e
(VA) rating theza thuliekevi chüu gei bashüliekevi lelieyuo of the
equiptment UPS-u bu puo lie chüketuo-u
17.4
•
N PC-u chüümo bu khrukhre balieketuo chatha huo.
Power supply se moreikeviko se seilie mu kekuo khapie tsükemomia bu
komputür-u se molieketuo chütoulie.
•
Mha pete khesekebau-u screen cabi khaliekecü chülieyakezhako yalie, süko
screen saver kemhieko password se mo di seliekenjü, moro mha pete khawa di
mia kehoupuorei seleikevi chükenyümia bu therie nu sede la morokesuo
kemhieko.
•
BIOS pethakecü gei kekuo kha tsüshükemoko gei u kiri balieketuo la chassis
intrusion kedaliekevi chüpiekebau bu chüliekevi chüpie balie.
•
Ketho dze pfhüliekevi khakeshü pekruliekemoko mi vor moketa ki pejüwakecü
khalieketuo la mikemela khakeshüu bu kebvü motokecü bu ba seikecü mha pete
khesekebau-u gei khashülie morosuo.
•
CPU bu letortakecü khalieketuo la mha pete khesekebau-u bu kibou nyophekejü
mu teikhrie la kipha (ventillation) chükecü kevi bakecü puo nu khapie ba
morosuo.
•
PC cabiko bu khrukhre balie morosuo mu meho mo di khapie ba hie.
•
Komputür-u bu sozha-u gei khelievikebau gei khetou hie kekreilamonyü
mikemela kekuo rükrie/krakuokeshü geinu komputür bie pesuowalie vi. Süu sou
nu mikemela kekuo kekhokeke keya ketho puo se komputür plug chülie.
•
Mha pete khesekebau-u mikemela kekuo, puo gei khashüliekevi mu grounding
ketsatho nu rei teicie puo nu vapuo meholie di puoe mha chükeshü-u pu petseshü
tsolieketuo chütoukelie chülie.
•
Mikemela mele morei rüdeikemokoe ketho dze pfhüliekevi khakeshü dietho mu
peleliekevi mu mhathochie chü voyakecüko mu rünyie gei kengupiekebako chü
keniewalie vi, süla melelieketuo mhanyako kheshülie morosuo.
•
Keyboard gei kethu menuokecü selie.
•
PC geinu no mhacümhakrie hie.
•
N PC-u kheki sethi bu penuo ba suo.
96 | P a g e
•
N PC bu mesa balie.
•
Kiu cie patakecü modzü PC khapiekeba kibou-u cabi se kha menuowalie.
•
CPU khapiekeba bou-u cabi se khaliekevi khrülie mu süko, cabi se khapie balie.
97 | P a g e
18. Kekhrukhre kedojüko (safe practices)
Noe miakrünuo puo, leshükephrünuomia puo, online nu rüzhümia puo morei
thelhitheükechümia puo morei miapfü puo üliro, Internet-u n ki puotei kevi kekra thiedzü
ngulieyakemo khashüya. N mhasimhale chü kemeyaliekevi, rüzhüliekevi, muviko moro
tsali, kikru mirhiko mu mirhi kemeleko kezaliekevi, n zemiako ze kerüchülie morei keze
thelhietheü chükebamiako ze keze di mhatho chüliekevi hako pete rei tsie nko kelhou teiu
nu mha u kenei rüdikezhü mu chükehiekelie phre. Sizoürei puoteikevi sükogeinu mha u
chiekecü kemeriekecü vor ba. Dieliekeviu liro noe n kikru mu n ketho dze pfhüliekevi
khakeshü rüguolieketuo chatha huo pieliekevi ba.
18.1
Mha pete khesekebau kekehaketuo kerüguo.(Operating System Security)
Mha pete khesekebau kekhakebau liro komputür nu mhathochie kemeyie
tazhüyakecüu. Puoe mhatho mie kemeyie keyboard, geinu khapie puo gei
khakeshüko, file huo kekha mu hard disk nu directory-ko sishüya mu chazou
nya/mhatho printer-ko, scanner hakemhieko mu kekrei rei sa…
Fig 81
•
Puoe mhathochieko puo rhi puo nu khapie uko bu miapuo mia kekreiu ze
kerikecü chütaya mo.
•
Puoe kekuo bakemomiako bu mha pete khesekebau-u sekecü chü molieketuo la
mha pete khesekebau-u rüguokecü mu kemeho-u chüya.
18.1.1 Operating System nu kerüguo se morokesuo.
PC kekreikreikecü kropuo nu mu kesekeshü-ko gei mha pete khesekebau
kekhakecü nu kerüguo-u network kerüguo mhatho peteu rhevi puo chükeshü
nu puoe puo mhatho kemeyie se chü ba. Network nu mha pete khesekebau
puo update chüshü mota liro network-u gei kerüguo mhathoko mha pete
khesekebau kekreiko gei rei chü pesuo votatuo. Thie teiu nu nkoe operating
mha pete khesekebau kho mu sekecü puo feature kekra bakecü kekra bate,
derei hakoe se kepethakecü chülie, chükedeilie mu meho menuolie mo liro
peka mhaiwalie vi. huokipuo operating mha pete khesekebau-u patches
kenuothoko pie update chükeba ki puo nou nu mhachü bayakecüko kekhakecü
98 | P a g e
mha pete khesekebau kekrei ze die huo siertalie vi, süla mha pete khesekebauu kekhakecü-u thie ketso ikecü rhi nu chükeba ki menuo se di chü morosuo.
18.1.2 Mha pete khesekebau-u kekhakecü pekruketuo chatha.
Noe n thuo n ki nunu n komputür se ba mo n notebook PC se di rüvetuo shi
rei, hakoe mha pete khesekebau pekruketuo la se morokesuo chatha huo.
18.1.2.1
Antivirus nya puo kheshülie mu süu bu thieketso ikecü thau nu
khapie balie.
Fig 82
Kechükhuko, worm-ko mu malware kekrei huo liro thie teiu nu
Internet nu mha kere khashü kekratho chü ba. Puo thuo si baürei,
anti virus kheliektuo kevi huo mu kechükhu pfhükeshü rübei zo
mo derei kerüguo khashükecü mho chüshüshü ba. Sizoü shierei,
antivirus mhanya kehouuorei noe thie-ketso rhi nu chüpiekeba mu
n mha pete khesekebau scan chü sei bakecü ze puo kevi kemhietou
zo.
Spyware, Virus, Worms mu Trojan kekreikeba.
Spyware: Spyware liro kelhiekecü software n komputür nu puo
thela chü di batayakecü generic term puo zo, mu hau liro n dze mu
file kekrei n komputür nu kebako pfhü kenguya mu Internet nu
kekreimia ki keyieshüya.
Virus: Komputür Virus liro mhathochie puo mhietoukecü puo
chülieya mu mhathochie puo morei file-ko puo thuo süko ze
kekhelie di u bu si mo di mha pete khesekebau-u chü pesuo bataya.
Worm: Worm liro uko thuo machine puo geinu kekreipuo gei puo
thuo puo mhietoukecü puo chülieya mu süsieu Internet nunu süko
piekecü chü morei viya. Ukoe uko meka se baketau komputür
nunu uko chü separlie di kekhekecüko rhi nunu email-ko geinu uko
thuo uko ketseshüya.
99 | P a g e
Trojan: Trojan-ko liro hacker-koe Internet nunu lerlie di n
komputür nu thedze pfhükengu moro n komputür seketuo la
kithokikhako.
18.1.2.2
Firewall khe mu seliekevi chülie.
Fig 83
Anti virus mhanyako kemhie di, Firewall mhanyako rei n mha pete
khesekebau-u Internet nu kedekecüko hacker-ko, virus-ko, mu
worm-ko kemhieko nunu rüguolieketuo mu süu lekepesuo
kepfhüliekeviko n komputür nu khakeshüko filter chükecü.
18.1.2.3
Password-ko kemetei selie.
Komputür kerüguo nu puo bodeu n thelhitheü mu kinu la liro
password kemetei zho medziketuo. Password-ko liro fileko,
mhathochieko, komputür-ko, hard driveko mu network-ko sekecü
kekhaya. Nkoe süsie rei kekuo nguliekemomiako bu sekecü kahya.
Password-ko meteikemo kedakelie geinu n komputür mha pete
khesekebau-ko khrü le rüükuoya mu n thelhitheü mu n ki pie
kelhiekecü perhiekebako ki kehieshüwataya. Rhevi puo chüshü ro,
password chülie mu süu pekhre di khapie balie, süu mhakipuorei
se mia kekreimia ze keza hie.
Fig 84
18.1.2.4
N personal ketho dze pfhüliekevi khakeshü back up chülie:
Noe puotei kekra, mu huokipuo kishükinyi rei pepa pie, n mhatho
la file süko chü separ, n tsunuoko mirhiko moro keneitei kekrei.
File süko pejükewae n la mha kezhatatuo. N tei huo kha sa pie
media khapiekeba chülie mu software kekhruohi application la n
tei kha sashülie, silie di, n thuo puo geinu puotei puo se di
kesiethakecü chülie mu file n la meyie sekecüko pekru se
balieketuo puotei puo chüpie balie. Fig 85
18.1.2.5
100 | P a g e
N Private information-ko private di khapie balie:
Noe n bank account number mhakipuorei kepekie morei siketuo le
rei lielhokecü kemhie di, n thuo n dze, khakeshü, n kikru morei
mia mhakekrei noe mia bu sinyükemo pie mechü lisi chükeshü
khalie morosuo.
Fig 86
•
N zasou za pie n login morei online za chü seilie.
•
N za, n fon khu, kebachü, password ikevoko mhakipuorei
khashü hie.
•
Internet sekeba ki nu rüsuomia ki mhakipuorei n thuo n
mirhi morei kikru mirhi se keza hie.
•
Meteikemo dzeko pie code nu thulie.
•
Pop-up windows nu mhakipuorei n thuo n dze morei
kishükinyi dze khashü hie.
18.2
Password kekhrukhre zho(Password Security Policy)
Cyber kijüu nu mhakhu liro themia kesuomia ki nunu n dzeko rüguolieketuo la
cabi puo morei pekhre diekhu puo morei character string puo. Hau se ketho ikecü
pushüya, noe supuo shi sitoulie moro kinyiko nu mevilie di selieketuo la.
Kekuokejü themiako bu sekecü khalieketuo la pekhre di khapie ba morosuo.
Mechü keze kekhe di melezhüyakezha Facebook, Orkut, mu Linked In kemhieko
puo puokecü kekjhrukhre la se pekrakuoyakecü, ketsokecü thechü n keneitho,
leshüki, college ikevoko mapfü baya.
18.2.1 Hako la thachü bataliekeviko liro.
•
Pekhrekhuko(Password) mia kekreimia ze kerhe balie vi mu süu se
kekrü reiwalie vi.
•
Pekhrekhuko rükra motaya.
•
Pekhrekhuko rügukelie se di kekuokejü kesemia puoe n dze puocüko
kengu batalie vi.
18.2.2 Mhakhuko (Password) kemeyie.
•
Mhakhue mha pete khesekebau puo nu miali puo we supuo shikecü
sou chüya.
101 | P a g e
•
Hau mialiu khruohipie sekeba kekuo nguliekemoko bu mehokelie
nunu puo dze puocüko rüguolieya. Süla mhakhuko bu khrukhrekecü
meyie se.
•
Mhakhu liro sekebau mu puo dze puocüko unie donu keya cakha puo
chüshüya.
18.2.3 Hacker-ko mhakhuko ngulalieketuo la thedo kekreikreikecü seyakecüko.
18.2.3.1
Shoulder surfing.
Fig 88
Mhakhu rügukecü cha puo liro mia puo sietsa tha di puoe puo
mhakhu phrüketuo la puo bouka mho geinu puoe nekeba ki
mehokecü. Shoulder Surfing liro mezhü mehokecü thedo puo, süko
mia puo bouka mho geinu puo password-ko, PIN-ko, u thuo u dze
meteikemo kekrei ngulieketuo mu noe fon nunu mia ze kerüchü di
n credit card khu khashükeshü ki n pfhe rünyükelie.
Shoulder surfing liro miakra thechüko nu chü rüü se di chülieya.
Hau-ue kemejükeshü miapuo khetou ki thalie di puoe leshü puo
methuokebako nu thukecü, ATM nu PIN puo khakeshü, morei
mechü puoma sou di seyakezha fon mu calling card sekecü rüü se.
hau liro kepecie nu rei chülie vi mu süu binocular-ko kekhruohi
selie morei vision-enhancing nya kekrei huo se di chülie vi.
Mhanuü n password-u shoulder surfer-ko bu nguwata liro n la
rübeikecü pekhre dze dzeko kemichie nu batatuo. Ukoe n mhakhu
dzeko se le di n za nu lelie mu n dzeko pechüwa rei si mo.
Chatha: n nunonuoko ki uko bu mechü hou nu mu leshükiko nu le
di seketuo thezako mu mhakhuko khakeba ki shoulder Surfer-ko la
u kirilie morokesuo vatsha menuoshülie. Uko ki uko password-ko
mia mhodzü nu neshü hie idi chalie. Kekuo nguliekemo
sekebamiako bu ngukecü khalieketuo la uko bu leshü se keyboardu yalie di thulie idi uko ki pushülie.
18.2.3.2
102 | P a g e
N mhakhuko pie leshü gei thu morei hard disk gei kengukecü
Rüsomiae leshü lhe morei disk nu pekhrekhuko thupiekebako
pfhüya.
Chatha: N nuonuo ki u bu pekhrekhuko leshü lhe morei disk drive
kehoupuo nu rei khapie baketuo la thupie ba hie zolie idi pushülie.
Uko ki süko khapie baketuoe pemokelieu kevitho idi pushülie.
18.2.3.3
Mia kemvü chü di mia petsukecü
Password rügukecü cha kekrei puo liro themoukecü. Hacker-koe
miali/mia puo dze petsepereko kekhruohi geinu ukoe mha
kekhaliekevi chülie vikeba kehoupuorei dojüya. Ukoe themiau za,
puo kinu zakie, mhakhu (kepenuo teisozha,fon khu) leshüki za
ikevoko pete dojü voya. Mhanuü pekhrekhuko mhakhu kekha
kesakecü chü bata liro hacker-koe processor kerükri mu software
nya huo se password-u separlieya. Pekhrekhuko pfhükecü mhatho
zho hau üse “Brute force attack” isiya.
Fig 88
Chatha: N nuonuoko ki uko bu uko dze petsepere thashüyakezha
kinu zakie, fon khu, kepenuo zha ikevoko se uko password chühie
ikecü puocapuolako pushülie.
18.2.3.4
Dieda keperhieko(Dictonary attacks)
Hacker-koe dieda nu diecako chüliekeviko pete pie software tool
puo se di n mhakhu separketuo dojüya. Hau üse “Dictionary
attack” isiya.
Chatha: N nuonuoko petha pie uko bu mhakhuko se leketuo za
sekepar ki dieda nu die se hie (khunuoko, nhamenyieko, perako
morei puocako kemhieko)
18.2.3.5
Network geinu n pekhrekhu dzeko ketsekeshü.
Hacker-koe network traffic network-u gei rühouketuo thengulie di
n mhakhu dzeko rei silie vi morei noe fon nu mia ze kerüchükeba
ki n pfhe rünyülie di n mhakhu dze-u ngulie vi.
Fig 90
103 | P a g e
Chatha: N nuonuoko bu uko pekhrekhu pie uko kezemiako morei
online chatting, e-mail morei fon nu kerüchükecüko nu rei mia puo
ki rei khashü hie idi uko pethashülie.
18.2.3.6
Rüsomia ze n pekhrekhu kezakecü.
Sikemomia (rüsomia) ze n pekhrekhuu kezakeshü geinu n dze
petseko pejükecü chü votalie vi. Ukoe n le seketuo dielie selie di n
dzeko setalie vi. Mha pete khesekeba kekhakeba-ue supuo mha
pete khesekebau gei chüba shi si mo, puoe themia kehoupuorei
thedze puotou le seketuo lhe-u gei khashü ro puo bu seliekevi
khashüya. Rüsuomiako, n dzeko ngulieta liro, ukoe süu se
mhakehoupuorei chülie vi. ukoe mehopie chülie, chü kemhie lalie
morei vawalie vi.
Chatha: N nuonuoko ki sikemomia (rüsomia) ki uko pekhrekhuko
keza hie idi pu menuoshülie.
18.2.3.7
Pekhrekhuko
meteikemo
morei
mhapuorei
bakemo
pekhrekhuko sekecü.
Kethachü mu methuokecü pekhrekhukoe attacker-ko n mha pete
khesekebau-u khrü lerketuo kerüütho cha puo.
Chatha: n nuonuoko ki uko password thachü liro rüsuomiae uko
dzeko rügu morei ngu mhailie vi ikecü pushülie. Uko bu “mhakhu
kemetei selie” idi chalie.
18.2.3.8
Password rükralieketuo kemetei mu kerüütho.
Mhakhu kemetei puoe leshükhuko, mhaphrükhuko mu characterko c.!@*^&)(~@ hakemhieko rei kerei ba morosuo. mhakhu hako
rükra balieketuoe puokere nyi se. süla hakhro kepekiekeshü
kemhie di chülie vi.
Pass phrase hako mehoshü phi.
Fig 93
104 | P a g e
18.2.3.9
Password-ko kemeteiko pesiekecü ki mha rükra morokesuoko.
•
Password pesiekecü la ketsatho nu rei character 8 selie. Character
se pekrakuo mu u mhakhu-u khrukhrekuokecü zo.
•
Mhakhu puo chü separkecü ki character kekreikreikecü kesa pie
chülie. Thakie, mhakhu puo lowercase, uppercase, mhaphrükhu
mu character rükrükecü ikevoko kesakecü pie chülie.
•
Dieda nu diecako se molie. Sükoe mia bu khrü mhailie vi.
•
Mhakhu puoe rükraliekevi rhiu geinu chülie. Hau mhakhu
mharapuo nunu thu morokesuo-u therhielieya, mu süu ketarhoya
mo.
•
Mhakhu puoe themouketuo chü re morosuo.
•
Mhakhu u tsiemelie kedei sei balie.
18.2.3.10
Mhakhu (Password) kevipuo chüpie se balieketuo chathako.
•
Mhakhu-u zhadoudo kenie nu vapuo kediwalie morei noe mhakinu
miapuoe n mhakhu si bate nhie di lepesuota ro kediwalie.
•
Thiedzü sewaketa pekhrekhu puo sela hie.
•
No n mhakhu khashükeba ki mia puo n khieki ba liro menuolie.
•
Code nu thukecü kemevi bakecü kekhruohi se di komputür nu n
mhakhuko khapie balie.
•
105 | P a g e
N za la mha n khieümhou bakecü zako se n pekhrekhu chü hie.
19. Virus Protection and Cleaner Tools
19.1
Windows based Tools
19.1.1 Avast Home Edition.
• Standard Shield – Real-Time protection
• IM Shield – Instant Massanger protection
• P2P Shield – P2P Protection
• Internet Mail – E-Mial protection
• Outlook/Exchange – Microsoft Outlook/Exchange protection
• Web Shield – HTTP protection (local transparent proxy)
• Script blocker – Script checker (pro version only)
• Network Shield – basic protection against well-known Network
worms. Act as a lightweight Intrusion Detection Mha pete khesekebau
• Audible alarms – vocal warnings such as “caution, a virus has been
detected!”
• Boot-Time Scan – through the program interface, a user can schedule a
boot-time scan to remove viruses that load during windows startup and
are therefore diffficult to remove.
Avast! Antivirus-koe thekhrü kerie 14-ko komputür-u Internet pie khekeba
sie puo thuo methuo nu thie ketso ikecü nu chü balieya. Thekhrü 14
teichie kehoupuorei sie, software kese-ue licence key kesau ngulieketuo la
theza ru la morosuo. Pay version-u nu chükhowata zokemosie, theza
rukecü-u thieketso methuo nu ba zo.
http://www.avast.com/eng/download-avast-home.html
19.1.2 AVG free edition.
Girsoft pukecü, mia 60 million mho AVG Anti-Virus protection baya, süu
Free Edition sa sekecüko rei sa pu ba.
AVG Anti-Virus Free Edition liro AVG Anti-Virus Professional Edition
product ze kemhie, derei feature pete baya mo. Puoe scan kikemhie di chüya
106 | P a g e
shi ikecü-u nu fine-grained kekhakecü-u thachü. Süsie rei, free version-ko
technical support Grisoft, nunu ngulieya mo, mu die liro kekradie nu rübei
bakecü zo.
Grisoft-e AVG Anti-Virus Free Edition version 7.1 sie kethau kezei zha 18
2007 ki tseite idi kepesishü. User-koe AVG Anti-Virus Free Edition version
7.5 ketso chü pekho morosuote.
http://free.grisoft.com/doc/5390/us/frt/0
19.1.3 Avira Anti-virus Protection Edition Classic.
AntiVir Personal Edition Classic (Windows, Linux)-e methuo selieyakezha
nya puo. Application hau-ue u thuo u kese la rübei zo. Antivirus software
kekra kemhie di, hau-ue disk nu kechükhuko scan chüya mu puosietsa nu file
khrükecü mu khakewa rhi nu tazhüya. Puoe root kit teshü mu chüwalie vi.
puoe Internet thie ketso ikecü tha nu khashükelieko rei chüshüya
(kedeilieketuo kedaliekejü nu teisonhie) süu nu puoe window puo khrüshüya,
user-u bu AntiVir Personal Edition Premium khrülie nu kepekiekecü rei sa.
AntiVir Personal Edition Premium teicie kepra puo ma €2 20 votaya. Puoe
free version nu mha huo chükehieliete, kemeyiethoko liro:
Adwaer mu Spyware tekecü
Exclusive download server
E-mail scanning
http://www.free-av.com/antivirus/allinone.html
19.1.4 Bit defender 10 free edition
Bit Defender liro Bucharest geinu software kompani SOFTWIN-e chükeshü
antivirus software suite uo. Süu ziephie 2001 ki khrüshü, mu tsie bakecüko
donu version ker-u. Bit defender-e SOFT win AVX (Antivirus Express) nya
kerieki kebako sou nu bate. Bit Defender-u bakecüko antivirus nya kinu nu
seyakezhako la, thelhitheü, enterprise user-ko mu Internet Service Provider-ko
la rei sa.
http://www.bitdefender.com/PRODUCT-14-en--BitDefender-FreeEdition.html
107 | P a g e
19.1.5 Mcafee Virus Scan Plus
Kechükhu kerüguo liro n PC peteu pfhelieya
Spyware
Protection-e
lienyükemo
mhathochie
siertaliekeviko khashüya.
Firewall-e
hacker-ko
bu
ler
molieketuo
nu
kekhruohilieya.
http://home.mcafee.com/store/packages.aspx?pkgid=276&csts=1
19.1.5 Comodo Antivirus
Comodo Antivirus 2.0 beta liro puo bu kechükhuko, Trojan-ko mu Worm-ko
geinu talieketuo kekhotho nu khashüketuo la rhi pekreikecü nu chükeshü puo.
Install, chü kedei cü chü rüü mu Comodo Antivirus se Industry nu chatha
khakeshüko la kemiakokecü chüya, süu kemeduonya kekhothoko thuo tshu baya.
http://antivirus.comodo.com/download.html
19.1.6 Calmav (open source)
Clam Antivirus (clamAV), liro methuo open source software toolkit windows mu
unix kemhie mha pete khesekebau kekhakebau-ko puo. Puo kese kekratho puo
liro mail keliekecü kesekeshüko mu server-side e-mail virus scanner chü di
ClamAV liro GNU, General Public License term khro nu kezashüwate. clamAV
mu puo bu thie ketso ikecüko kenienie rei methuo nu seliekevi chüshüwate.
http://www.clamwin.com/content/view/18/46/
19.1.7 Win Pooch (open source)
Win Pooch liro methuo mu open source mhathochie komputür microsoft software
petakebako nu spyware te mu yashüya. Puoe Trojan-ko rei teshüya mu real-time
protection khashüketuo la Clam wins nu Bid Defender antivirus software ze
kepekroya. Version 0.6.0 nu kemhie, kernel-mode hooking liro kernel-mode
driver puo geinu kheshüya, n bu windows kernel mu system liethoko Win Pooch
seliekevi khashüya. Puoe, sizoürei, siatakecü zesuo se di Blue Screens of death.
http://sourceforge.net/project/showfiles.php?group id=122629
19.2 Linux based Tools
19.2.1 Avast Home edition
108 | P a g e
Avast! Linux Home Edition liro antivirus solution Linux tha meyiekezhü
kehiekezhüu sou chüya. Software hau liro kinu user-ko mu thelhitheü la
sakemoko la sa pekuo di rhishü.
19.2.2 AVG Fre Edition
AVG 7.5 Free for Linux liro Linux geinu machine peta bayakezhako kechükhu
geinu mha pete nu mu reliable kerüguo chüshüya. Puoe feature kekra seliekevi
khashüya, süko hakemhie kropuo, puotei chie mu folder-ko, file-ko mu
common archive kemhieko kechükhu puo gei bataliekevi la chapie scan chüya.
No rei puo teichie puo chülie vi, moro Internet nu moro local update sources
geinu n AVG la bu thie ketso ikecü nu chalie vi.
19.2.3 Calmlk
ClamTk-e Clam antivirus glk2-pers sekecü la GUI puo mhodzü-puo mei puo.
Haue Linux la se rüü, medza, tha-mu-nekeshü desktop virus scanner rhikeshü
puo.
http://sourceforge.net/projects/clamlk/
109 | P a g e
20. Lock down, auditing and Intrusion Detection Tools
20.1
OS Lockdown Tools
20.1.1 Windows based
20.1.1.1
Secure it pro 4.70.0117
Secure It Pro se no komputür sebakemo ki cabi khawalie.
Mhathochie-u dze petse kekra (ton) nu vorya. Windows key
mhatho cayietho-u bu seliekenjü chükewa, ctrl+Alt+Del, Alt+Tab,
window key-ko mu ctrl+Esc cabi kesakecü kemhieko.
Süsie rei Secure It Pro rei windows boot keys, cold boots teshüya,
themia kekreimia bu dielieko khashüliekevi khashüya, mhakhu
puotoukemo khashüketuo dojükecüko khashüya, hakemhieko bu
chüliekelho chülieya moro metse huoyo puo thuo puo kemhiekecü
rei chüwaya. Süsie rei mhathochie hau mhakhu u siepetielakeshü
kedaliekevi sa ba, süu noe n mhakhu n sie lelie mota liro n
chathashüya, süsie rei chükedeiliekevi riekezhü huo kedaliekevi
süsie rei screen saver cabi se khaliekevi rei sa ba.
http://www.cleansofts.com/get/945/17903/secure IT Pro 470.html
20.1.1.2
PC Locker Pro
PC Locker Pro liro no tuoketa ki n komputür-u cabi kha balie mu
yaliekecü Freeware puo.
http://pc-locker-pro.en.softonic.com/
20.1.1.3
Rülikecü thau (Steady State)
Windows Steady State se user profile chüsepar, chükemie mu
chü(remove) rüü se. Hard drive-u gei user account nu le, zaru-u thu
kedi, moro file-ko moro folder-ko kekha morokesuo puorei ba mo.
Noe console cayietho-u geinu sekecümia kekha zhoko mezhü
kekha ba. User profile puo puo ikecü gei security default kerükrie,
metsuo moro kerünuo kerükrei nu khashütuo sidi puo dze kedzü nu
khakeshü-u fine tune chülie di puo dzeko khashü, Windows Steady
State nu kedaliekevi kekra bakecüko selie di.
110 | P a g e
http://www.microsoft.com/windows/products/winfamily/sharedacc
ess/default.mspx
20.1.2 Linux based
20.1.2.1
Pressulus Version 2.16.0
Pressulus-e mha pete khesekebau nu mhachülieyakezhau bu mha
pete nu se morokesuo G Conf nu mha bie kedeikecüko seliekevi
chüshüya, süu sekecü peteko gei, uko kedipuo chülie vi shi puo
mese, puo chükecü, süu kiosks (thakie, Internet café-ko)
kreikhrokecü puo se morokesuo reilie vi.
Cabi se khaliekevi thakieko liro panel-ko (panel chükedeikecü nu
mhachü kedikecü khashüya mo, uko thako mu peko gei kebako
cabi se khakecü), uko mhathoko huo miali di sekecü (screen cabi
khrü mu khakecü chüliekemo chükecü), web browser-u (mechü ca
chükecüko kreitoukecü chütoukelie URL’ko, sekecüu bu full
screen mode nu bakecü hako chüliekesuo chükecü).
http://linuxappfinder.com/packages/pressulus
20.1.2.2
Bastille Linux
Bastille Hardening mhathochie-u oprating mha pete khesekebau
puo “lock down” chüwaya, mha pete khesekebau kerüguo chü
pekuo mu chü petsakecü la puo thuo puo tsüu pfülie di puo nou-u
bu thedo nu theca pepiwaya. Bastille-e mha pete khesekebau-u tsie
tha nu rei hardening seliekevi chülieya, tsie melie kerüguo
pethakecüko kikemhie kropuo puo mhatho chü ba shiü süko
rükhroshü baya.
http://bastille-linux.sourceforge.net/running bastille on.htm
111 | P a g e
20.1.2.3
Kiosk
Mha pete khesekebau mhachüyakezhako uko tei puo rhi kekra nu
puoma tsakecü nu user-ko kekrükelie nu mhacha huo mu uko
setting chükedikewa uko kereko chü puotou lashü baya. Mharhiko
sitoukemo user puoe desktop icon puo chü kenie pie waste bin nu
khashüwa moro mime kemhie puo set chüpie mhathochie
puotoukemo puo khrüketuo la ukoe mha kedikewa süko petha
kesalalie motaliekevi. Mha pete khesekebau la mhachükebako
kekhruohi uko kiekecüe mia pete tei puotou, nu seliekemo puo.
User-u mhakipuorei mhachü kedipie u neikemo nu chüwa mo ro
vikuotuo.
Kiosk Tool-u sedeshülie (no se sei bayakezha kemhie di, run morei
root chü morei vi) K menu mha pete khesekebau -> Kiosks Admin
Tool kedakeshü geinu moro Kiosk tool command se, sidi AddNew
Profile neshülie. Profile hau za puo thoshülie ‘locked-down’
kemhie puo sidi pekrulieketuo la OK neshülie. N dze kedzü nu
khapiekeba kesau pekrulieketuo la n root mhakhu-u chatuo. Süsieu
Manage Users neshülie mu n lock-down profile
kesau ze kerhelieketuo la user policy puo sa sapekrashülieketuo
chülie vi, noe supuo kro kiu nu ba shikecü ngu mu kedilie vi süu
file/etc/group mehokelie geinu chülie vi.
http://extrogear.kde.org/apps/kiosktool.php
20.2
URL Scan Based Tools
20.2.1 Phishing Scans
20.2.1.1
Reasonable Anti-Phishing Toolbar
Mia sekecü email nunu n kishükinyi account rüguolieya mu web
thechüko ze thedo nu die pepishüya. Anti phishing software rhi
kekreiko mhie monyü phishing report mechanism sekecü,
Reasonable Anti phishing toolbar-e puo tsüu pfülie di kethedokecü
web site bataliekeviko teshüya, süu mhingu nu n bank account,
112 | P a g e
credit card dze mu online account PayPal, eBay, Citibank mu
HSBC kemhieko yalieketuo la. Anti phishing rei puoca nyi di mia
sekecü web site email-ko mu web page-ko geinu vorkecüko
telieya. Version 2.0.21 windows vista sa pekrashü mu IE 7 sie
thashüya.
http://www.download.com/reasonable/Anti-PhishingToolbar/3000-12768_4- 10634323.html
20.2.1.2
Phishing 1.0
Anti-Phishing Tool hau se noe phishing, E-mail Frauds mu
Spoofed e-Mail-ko n INBOX vapuo nekeshü geinu ta mhalie vi.
http://www.scanwith.com/download/phishing Dectector.htm
20.2.1.3
Garlic Wrap
GarlicWrap liro remote control puo mha pete khesekebau gei
Internet mhachükebako chü kerüliwaya kekreilamonyü khakeshü-u
kesekeshü metsuo-u gei kekhe mhailiekecüko mehoyakecü la.
Website mia sekecüko cha rei khashüya. Garlic Wrap-e website
pete nu user-u puo ketho dze pfhüliekevi khakeshübase metsuo-u
gei dielie khapie bakecüko petsou di sekecüko pete mehoya.
http://garlicwrap.com/WebDownloadClient.php
20.2.1.4
McAfee Site Advisor for Firefox
McAfee Site Advisor for Firefox- site-ko nu kerüguo kekhokeke
kemejü sa pekrashüya mu adware, spam, mu online scamko geinu
n rüguolieketuo cha pfhüshüya.
http://www.siteadvisor.com/download/ff preinstall.html
20.2.1.5
Spoofed Stick
Spoofed Stick liro rüüsekecü browser chü kemeyakecü puo, süu
sekecüko khruohi pie uko bu spoofed (kemeda) website-ko telieya.
Kemeda website puoe puo rhi ngupe si pevisekecü, zasi visekecü
site (ebay.com moro Citibank.com kemhie) kemhie di chüshüya
derei huoyo kekrei za moro URL kebvüya. Attacker-u süsie mia bu
113 | P a g e
spoofed site-u mu voketuo la mia setuoü di e-mail dielie kemedako
ketseshüya morei link khapie mechü houko nu khashüya – krie za
huoyo URL kekrükebau lelielho ükecü pele mu dielie kemeyie huo
khashüwaya. Kedojü hau huokipuo “phishing” isiya.
http://www.Spoofstick.com/Internet explorer.html
http://www.Spoofstick.com/firefox.html
20.3
Web Server Lockdown Tools
20.3.1 Microsoft IIS Lockdown Tool 2.1
Microsoft-e Internet Information Services (IIS) Lockdown Tool 2.1 thie ketso
thau nu chükeshü version puo khrüshüte, süu IIS-gei pele bayakecü Microsoft
nyako la Template khashüya. IIS Lockdown Tool-e chathako se moreikeviko
khakewa geinu puo mhatho chülieya, süu geinu attack surface bakecüko mia
perhiekecüko geinu chü petsalieya. Keya rükrükecü khashüketuo moro
perhiekecüko ki nu u yaketuo la keya kekra kesekecü, URLscan, customized
templates puo yakepie kesekeba mhatho puo puokecü la, IIS Lockdown Tool
nu chükesawate.
http://www.microsoft.com/technet/security/tools/locktool.mspx
http://www.microsoft.com/downloads/details.aspx?FamilyID=DDE9EFC0BB30- 47EB-9A61-FD755D23CDEC&displaylang=en
20.3.2 URL Scan Security tool
URL Scan version 2.5-e kerüguo nya HTTP mhacha Intertnet Information
Services (IIS) tha nu chükecüko la seya. HTTP pu kreikeshü mhachako
khaketuo la, UrlScan Security tool-e kemezhiekecü chütaliekevi mhachako bu
keseshükebau tso molieketuo la kekhruohishüya. Urlscan 2.5 tsiewe server IIS
4.0 clean installation chü di khashükelieko chülieketuo mu kenuo rei
chülietuo.
http://technet.microsoft.com/en-in/security/cc242650(en-us).aspx
114 | P a g e
20.4
Dectection Tools
20.4.1 Linux based
20.4.1.1
Tiger (Intrusion Detection Tool)
Tiger-e kerüguo nya kerüguo chü kemezhükecü mu mha
kebvükecü tekecü mha pete khesekebau kenienie nu rei seya. Puoe
UNIX thako kekreikreikecü sie thashüya mu puoe GPL license
khro nu methuo mu keseshüya. Mhanya kekreiko kemhie mo di,
Tiger-e POSIX nyako rübei se morosuoya mu peteu shell die nu
thuya.
http://download.savannah.nongmu.org/releases/tiger/
20.4.1.2
Tripware (Monitors Directory for any changes)
Open Source Tripwire ® software-e kerüguo mu ketho dze
pfhüliekevi khakeshü mezhükecü Tool kreitoukecü file kedikecü
range mha pete khesekebau puo nu monitor chükecü mu perhokecü
nu se morokesuo puo.
http://sourceforge.net/projects/tripwire/
20.4.1.3
SWATCH (Actively monitors log files)
Mhathochie hau mhatho liro mha pete khesekebau-u lo file-ko scan
chü di kerüguo-ze kekhekecü mhathoko moro event u kenei kekrei
mhathoko report chüshüketuo la Swatch-e mha pete khesekebau
gei mhachü bayakezhako ki u kiri ba morokesuoko ketseketuo la
chükedeilie vi. Mhathochie-u kinyi file puo se di puotei huo scan
chüya mu u kiriba morokesuo chüshüketuo la, Resource file-u
chatha huo puo mirhi pu pekreikeshü, mharhiu ngukelie ki mha
chüketuo, mu mharhiu recurrence. Swatch mhathochieu call pager
perl utility kezakecüu ze di khashüya. Thezau chü separkecü tuoi,
utility hau ki rei morokesuo page-ko mha pete khesekebaus
personnel gei ketseshüya. Listing 3 typical swatch resource file
kepekieshüya. Default nu, Swatch mhathochieu Swatch resource
file bu puo zau ~/.Swatchrc mu wilmonitor the/var/log/syslog file
115 | P a g e
ikecü
merüya.
Default
hau
rei
command-line
options
geinuspecified chülie vi. utility hau sekecü mhodzü noe syslog
configuration dielie /etc/syslog.conf nu puo rhi puo nu sitoukelie
chülie.
http://safari.java.net/0321194438/ch08lev2sec2
20.4.1.4
LIDS (Linux Intrusion Detection tool)
LIDS liro Linux kernel Xie Huagang mu philippe Biondi thukeshü
mu chü separkeshü puo. Puoe kerüguo chathako huo Linux kernel
khenu bakemoko chüshüya. Hako huo hako rei sa baya: mendatory
access control (MAC), port scan detector puo (puo mie nunu
zorei), mu process protection.
http://www.lids.jp/wiki/index.php?cmd=read&page=Development
&word=LIDS
20.4.1.5
Snort (Intrusion Detection Tool)
Snort liro puocha khrüpiekeba network kebvükecüu khaketuo mu
tekecü mha pete khesekebau rule-driven language se si sekecü, süu
zaru, protocol mu anomaly gei bakecü mha mehokecü mhatho
zhoko gei kemeviko pie kesakecü. Thie ketso soünyie mha piekecü
nu, Snort-e mha kebvükecü teketuo la puo mhatho khapiekeba
kemeyatho puo u khaketuo kemeduonya kijü zieu gei mu Industry
nu de facto thau chüliete.
http://www.snort.org/
20.4.1.6
BRO (Network Intrusion Detection Mha pete khesekebau)
Bro liro Lawrence Berkeley National Laboratory nu Energy
Department-e chükeshü IDS network puo mu federal, military mu
research lab-ko nu se kemesi seya. Bro liro open source puo, Unixgei bakecü NIDS süu network traffic mu anamolous traffic zhoko
mele sei di mehoya.
Mhanya hau therietho nu application layer packets kedalie mu
süsieu eventoriented analyzer-ko biekhrikecü chülie di puo rhiko
116 | P a g e
pie zaru keliekecü ketho dze pfhüliekevi khakeshü idi sikelieko ze
kemejüya. Bro-e zaru-pemvü di mha tekecü mhanya puo zo
shierei, puoe traffic pattern kedikeshüko mu pedzüperie mhatho
kepukeshüko nunu mha keperhieko telieya.
http://www.bro-ids.org/download.html
20.4.1.7
Prelude (Intrusion Detection tool)
Prelude-e kelhiekecü mhatho sensor (snort, honeyd, Nessus
Vulnerability Scanner, Samhain, over 30 types of mha pete
khesekebaus logs, mu kekrei kekra) kekreikreikecü nu perhiekecü
puo si pevikuoliekecü nu mevilieya mu puo thela nu mhatho
kekreikreikecüko donu puo thuo puo geinu nu keperocüu chükecü.
Prelude-e Hybrid IDS puo süu tsie bakecü nyako chüpie keze puo
chü, kuo se, mu application kezakecü chükelie chülie vi bakecü nu
puo khapie khashüliekevi chüshü.
http://www.prelude-ids.org/spip.php?rubrique6
20.4.1.8
OSSEC (Host based Intrusion Detection mha pete khesekebau)
OSSEC liro Open Source Host-pemvü di bakecü kebvükecü
teyakezha mha pete khesekebau puo. Puoe log analysis, integrity
checking, windows registry monitoring, root kit detection, timebased alerting mu active response ikecü chüya. Puoe operating
mha pete khesekebaus kekra nu talieya, süu Linux, OpenBSD,
FreeBSD, Mac OS, Solaris mu Windows rei sa ba. Puoe
centralized,
cross-platform
architecture
ba
di
mha
pete
khesekebau-ko kekra bu monitor mu manage chüliekevi chüshüya.
http://www.ossec.net/main/downloads/
117 | P a g e
21. Security Accessment Tools.
21.1
Assessment of OS Security Levels.
21.1.1 Microsoft Security accessment tool (windows)
Microsoft Security Accessment Tool (MSAT) kemichie bakecü-accessment
application dielieko keseshüketuo la rhikeshü infrastructure donu kerüguo
kese kevitho-u dze pushüya.
http://www.microsoft.com/downloads/details.aspx?FamilyID=6d79df9c=c6d
-4e8f-8000-0be72b430212&displaylang=en
21.1.2 Nessus ($, Linux, Windows)
Nessus ® vulnerability scanner-u liro, active scanner-ko nu kijüu-krüta puo,
süu ta vi se di ngukelie chatha chü, chü kedeikecüko mehoshü, asset profiling,
sensitive ketho dze pfhüliekevi khakeshü pfhükecü mu n kerüguo
posturekethachüko ca pushüya, Nessus Scanner-ko liro lhitho mhatho peteu,
DMZ-ko nou, mu network chüümo kekreitou bakecüko nu rei keza volie vi.
http://www.nessus.org/download/
21.1.3 Retina (Windows)
Retina Network Security scanner, industry-u mu sorkari tha puo tha kekra
bakecü kethachü kesekecü la, sibaketako sishü mu kemerü (zero) teisozha
kethachü sa bakecü kerüguo khashükecü kemichie mehokecü, kerüguo kedojü
kevithoko seliekevi chüshü, thezho rhüshü, mu regulatory audits.
http://www.eeye.com/html/products/retina/download/index.html
21.1.4 IBM Internet Scanner
Internet Scanner-e n network nu network chü baketa devices puo rhi 1,300
kezie silie vi, süu desktop-ko, server-ko, router-ko/switch-ko, firewall-ko,
kerüguo nyako mu kesekeshü router-ko sa pu ba. Vapuo n network chükeba
nyako silieta liro, Internet Scanner-e chükedeikecüko, patch levels, operating
mha pete khesekebau-ko mu application khepie bakecüko nu vulnerabilities
ba di hacker-ko bu pfhülie di kekuo ngulie mo zo rei sekecü chükecüko la
meho menuowaya.
118 | P a g e
http://www.iss.net/iss€n/MYISS/login.jhtml?action=download
21.1.5 Patch link vulnerability assessment tool.
Corporate kemichie puoteiu puotei nu, proactive-u operating mha pete
khesekebau nunu khakewa mu application thachüko chü petsashüya.
• IT mako chü petsashüya mu mha chü separkelieko puo thuo puo
geinu chülieketuo chü kerükrie se di chü kehieshüya,
subscription gei patch mehokecü kelakeshü rei chüshüya.
• ‘Patch drift’ geinu tsie kemichie bakecüko biewaya.
• Demonstrate compliance sa di kerüguo thezhoko mu sorkari
medziyakezhako patch monitor chü sei bakecü nu pukeshü pete
sakecü.
http://www.lumension.com/patch-management.jsp
21.1.6 Qualis guard (Linux & Windows)
Free scan liro n bu n server-u mha bu puo peka mhaiwaliekevi perhiekecümia
thenyie-e bu pfhüliekeviko kerükri mu puotou nu scan chülieya. Mhakinu IP
Kebachü khakeshüu nu puo thachüko ba zoü ro, Free Scan-e süko pfhülie mu
kemichie puo puokecü la dielie petseko khashütuo – süko puo rüü, associated
threat, mu puo rhi chüvortaliekevi rei sa. Puoe link-ko n bu puo thachüu mu
süu kemejüketuo la link-ko rei khashüya.
http://www.qualis.com/forms/trails/freescan/matrix/?Isid=6960
21.1.7 GFI LAN guard (windows)
GFI LAN guard Network Security Scanner (N.S.S)-e n bu n network-u gei n
kerüguo thachü-ko scan, pfhü, se mu chükemezhü laliekevi chüshüyakezha
zhakhra – kraliekezhü kelakeshü puo. Mhatho chükecümia puo chükecü, noe
va kekra mhakere thachü panyako la, patch management mu network auditing
hakemhie ze kekhiekecüko la mhachü kekri morosuotaya, huokipuo mhanya
kekra se di süko chü morosuotaya. Si zoürei GFI LAN guard N.S.S geinu,
thachü kesekecü sozha se hako puo bou puo geinu khashüwaya. Console
yopuo rükhrokecü mhatho chü rükrükecü mhatho chükeba, GFI LAN guard
119 | P a g e
N.S.S kesa puo chüpie kelakeshü sekecü geinu khruohi pie panya hako
address chü rükri mu chü pevikuolieya.
http://www.gfi.com/downloads/downloads.aspx:pid=lanss&lid=EN
21.1.8 Core Impact (windows)
Core Impact-e commercial penetration testing application Core Security
Technology-koe chükehiekeshü mu süu keseu (user) bu mha pfhülievi mu
kerüguo thachüko komputür network gei bakecüko se tseiliekevi chüliekevi
chüshü.
Interface-u mialiu bu komputür kerüguo nu kedojü vi rükrükecü kedojü lie mo
di seliekevi nu rhishü, mu dielie kengukelieko geinu report-ko chükeshü
mhatho rei sa. Hau kompani 600 kezie mu sorkari puo thuo puo kesekeliekoe
se baya.
http://www.coresecurity.com/?module=contentMed&action=item&id=535.
21.1.9 IIS Internet Scanner (windows)
Mha khrükecü ketsatho nu, 10 IP-ko .ISS Internet Scanner liro network-u gei
komputür puo gei khashütuo, mu komputür-ko mu router-ko operating system
key application mu chükedeikecü mu kerüguo thachüko IIS-ko ketho dze
pfhüliekevi khakeshü base se di puo thachü sekebako scan chüshüya. License
puo thelakejü hau teicie puo nu vapuo puo yapie mu kemhiekecü se morosuo.
version hau site protector management license 500 IP-ko ketso vo ba.
https://www.securehq.com/group.wml&storeid=1&deptid=75&groupid=928&
ds= wps hop store&session 10=200912853219352563
21.1.10Nikto (Linux)
Web scanner Nikto liro meyakuokecü open source (GPL) web server
scanner puo, süu comprehensive kedojü web kesekebako bakecü kekra
petsou di chüya, süko 3200 file/CGI kemichie chü siertaliekeviko, 625
server-ko mho nu versions, mu version specified problems on 230 servers
rei sa. Scan chüwaketa item-ko mu plugin-koe tsiemelie update chüya mu
puo thuo puo geinu rei update chülie vi (se nyü ro). Puoe whisker/wip
whisker se puo mhatho chüliekebako kekra nu seya. Hau-e mhakechü nya
120 | P a g e
kemeyie se puo derei tsiemelie update chükecü-u la puo kemeyie tsa se.
Thete kethachü kekhotho mu kesathoko puotei kekra teliemotaya.
http://linux.softpedia.com/get/mha pete khesekebau/Networking/Nikto10271.shtml
21.1.11X-scan (windows)
X-scan liro basic network vulnerability scanner puo, süu multi-threading scan
approach seya. Scanner-u command line kenienie rei selie vi mu puoe GUI
mhodzü – puosie se rüükecü puo baya. Cayie hako scan chülievi:
Remote OS type mu version detection,
Standard Port status mu banner information,
SNMP dielie,
CGI vulnerability detection,
IIS vulnerability detection,
RPC vulnerability detection,
SSL vulnerability detection,
SQL – server,
FTP – server,
SMTP – server,
PoP3 – server,
NT – server weak user/password pairs ketho üdi
pukeshü module,
Remote Registration information, ikevoko.
http://www.xfocus.org/programs/200507/18.html.
http://www.vulnerabilityaccessment.co.uk/xscan.htm
21.1.12Sara (Linux, windows, open source)
Puo mode kerüütho (default) mu, puoe khenu mha pesoshü kecüko mu
network-ko dze kedipuo pfhülie vi shi network service süko finger, NFS,
NIS, ftp mu tftp, rexd, mu service kekrei huo hievihiesuo meho di pfhüya.
Dielie kebngukelieko network dze lietho bakecüko rei mu potential
security flaw-ko rei saya - - va kekra petha puotoukemo morei network
121 | P a g e
liethoko puotoukemo, mha pete khesekebau morei network utility-ko gei
bugs si pevi sekecüko, moro thachü moro policy pepikelie se mokebako
rhi nu chüya. Puoe süsie ketho dze pfhüliekevi khakeshü hau mu report
chüshü morei thezho-u gei bakecü mha pete khesekebau kerüü puo se
kerüguo ketsopfhü bataliekevi huo baro süko ketsokega ilie vi. Kesekoe
sitse hievihiesuo süko meho, mha ketso, mu HTML browser puo selie di
chazou pakecü ki petse di hievihiesuo meho, süko Mosaic moro Netscape
kemhieko. Mhathochieu security implication-ko hievihiesuoko la pekuo di
chüpie barei, mechüu network dielie kekra mhakechü nyako network
services running, hardware mu software puo rhi network gei sekebako
ikevoko sekecü geinu mevilie vi.
http://www-arc.com/sara/
21.1.13SAINT (Linux & Open source)
SAINT, morei Security Administrator.s Integrated Network Tool-u liro,
puo chü kethachüko thashüya mu chükemie morokesuo pushükecü
chüshüya. SAINT ® vulnerability accessment tool se, noe:
• N network-u kerüguo gei mhakebvükecüko bu ler seketa
mhodzü telie mu puo thachü bataliekeviko chü keniewaya.
• Pedzüperie le mu mha pete khesekebau vulnerability ba
seiyakecü khalieya.
• Chüliekevi mho sorkari zhoko chü kepekieshüya, FISMA, SOX,
GBLA, HIPAA, mu COPPA kemhieko mu industry zhoko
PCIDSS kemhieko.
• SAINT® scanning engine-ue kiputsie n kethachü mehoketuo
mhathochie-u la puotou-u zo. SAINT-e graphical user interface
intuitive mu se rüükecü puo chahta chüshüya.
http://download.saintcorporation.com/downloads/freetrail/saintinstall-6.7.2.gz
122 | P a g e
21.1.14MBSA (windows)
Microsoft Baseline Security Analyzer (MBSA) liro se-rüükecü mhanya IT
mhathomia khruohipie cü(small) mu thedo(medium) thelhitheüko bu uko
kerüguo tha mhathoko nu meteikecü la rhishü mu süu Microsoft security
pukeshüko zho rhiu geinu specific remediation chatha seliekevi khashüya.
Windows Update Agent mu Microsoft Update infrastructure geinu chüshü,
MBSA Microsoft management device kekrei ze puotou puo nu baseikecü
khashüya mu süu Microsoft Update (MU), Windows Server Update
Services (WSUS), Mha pete khesekebau Management Server (SMS) mu
Microsoft Manager (MOM) rei sa. Ngutoukecü MBSA average nu
komputür soünyie(million) 3 kezie zhadoudo metsei scan chüwaya.
21.1.15Paros Proxy (Linux, Windos, Open Source)
Nko mhathochie puo “paros” idi kieyakecü puo huomia u web application
nu kerüguo-u mehoshü chü morosuokebamia ki thashüya. Süu puoma sa
mo mu Java nu thu tsei. Paros Proxy lhenuzho-u geinu, HTTP mu HTTPS
ketho dze pfhüliekevi khakeshü pete kesekeshüu mu sekecüu, cookies rei
sa mu form field-ko telie mu chü kenie rei salie vi.
http://www.parosproxy.org/download.shtml
21.1.16Web sacrab (Linux windows, open source)
Web Scarab-e framework puo, hau se application-ko petse di mehoya mu
süu HTTP mu HTTPS protocol-ko se keperoya. Hau Java nu thu, mu süla
platform-ko kekra la pfhü rüü. Web Scarab-e operation mhatho chükecü
mode kekra ba, plug-in huo se di süu sekecü chü baya. Puo kese
puokruthokecü nu, Web Scarab intercepting proxy puo chü di puo mhatho
chüya, keseu-u bu mehokesa la mu puo mhachako browser-u chü
separkeshüko kemieya, süu server-u ki ketsekeshü mhodzü, mu browser-u
bu ngulakelie mhodzü puo die kelakeshüko kesekeshüu ki khakeshü
mhodzü review mu kemielaya.
http://www.net – security.org/software.phpid=504
123 | P a g e
21.1.17Web Inspect (windows)
Web Inspect application security assessment mhakechü nyau n krotho-u
web security mu n dze thetha-thoko web application layer donu nu sikeba
mu sikemo thachüko chü puotoushüya. Web Inspect rei check-ko salie di n
khruohipie web server security chü puotoushüya u Web server-u puotou
nu chü kedeipie ba me mo shi mehoshüya. Web Inspect geinu, audit
chüyakecüko, compliance officer-ko, mu kerüguo kesimiakoe security
assessment-ko web application mu web service-ko chülieya.
https://h10078.www1.hp.com/cda/hpms/display/main/hpns
content.jsp?
Zn=bto&cp=1-11-201_200%5e9570 4000 100
21.1.18whisker/Libwhisker (Linux, Windows, Open source)
Libwhisker liro perl module HTTP kedojü tsa takecü kekhaketuo la
bakecü puo. Puoe security holes sikeba kekra la, HTTP server-ko
dojükecü la mhathoko khashüya, kekrei mo rei CGI kemichie bakecüko.
Whisker liro scanner puo, süu libwhisker seya derei süu tsie Nikto süu
libwhisker seyakecü keneiu nu u medokemo chüwaya.
http://www.wiretrip.net/rfp/
21.1.19Burp Suite (Linux, Windows, Open Source)
Burp Suite liro web application-ko perhieketuo chü kesakecü tha puo. Süu
Burp mhakechünya pete baya mha kenie kesakecü chüu kekra uko donu
chü kerüü nu application perhiekecü mhatho-u rükrilieketuo la rhipie baya.
Mhakechü nya pete rei robust framework kemhiekecü puo se di HTTP
mhachako, ketho üdi pukeshü, downstream proxies, loggin, alerting mu
extensibility kekhaya.
Burp Suite n bu n dzie se mu puo thuo puo geinu chükecü zhoko kerei pie
web application-ko chü krei, meho, perhie mu seliekevi khashüya. Burp
Mhakechünya kekreikreikecü keze dielie kezakecü mu mhapfhü di
sitoukelieko mhakechünya puo nu mhapfhü di sitoukelieko mhakechü nya
puo nu thehie chü sezhüya, mhakemeyie kekrei puo se perhiekecü
chüketuo la.
124 | P a g e
http://portswigger.net/suite/download.html
21.1.20Wikto (Windows, Open Source)
Wikto liro web server-ko gei puo kesuokerhu baketako mehoya. Puoe
Nikto nu mhachüliekebako ze kemhie khrekecü khashüya derei puoe
mhachüliekevi u neisekecü huo khashüya, süko Back-End miner mu Close
Google integration kemhieko. Wikto liro MS.NET kheümhou la thushü
mu binary mu/moro source code la zaru se morosuo.
http://www.senseport.com/research/wikto/
21.1.21Acunetix Web Vulnerability Scanner (windows)
Acunetix WVS-e website 100,000 scan chükecü nu, 42%-e Cross
Scripting gei kethachü ba di ngulie. XXS-e kemichie khothor ba mu puo
perhiekecü kra miemiezhü zo. Hacker-koe kethachü hako se menuo selie
di krotho meteikemo ketho dze pfhüliekevi khakeshü-ko rügu ba. No hau
sieu nu kholie vi me/ cross Site Scripting perhiekecüu bu kelhiekecü
JavaScript, VBScript, ActiveX, HTML moro Flash vulnerable dynamic
page puo nu khashü di user-u sekedoliekevi chüshüya, puo machine nu
ketho dze pfhüliekevi khakeshü-ko pfhülieketuo la script-u execute
chüwaya. Exploited Cross Site Scripting-e kelhiekecü hako ngulieketuo la
se pekuoya:
• Identity kerügu.
• Sensitive mu khakecü dielieko sekecü.
• Puoma sa di seyakecü bakecüko methuo nu seliekevi chükecü.
• Sekebamia web browse chükecü zhoko riekecü.
• Miali puo morei lhithomia krotho huo dze pu pesuo pie mechüu
ki khashükecü.
• Web application mharhiu biepesuokecü.
• Service perhie mo üdi pukecü.
http://www.acunetix.com/cross-site-scripting/scanner.htm
125 | P a g e
21.1.22Watchfire AppScan (windows)
Watchfire AppScan-e website kerüguo mu compliance chüshüketuo la
web application security audit chüpie puo bu puo thuo puo geinu
chüliekevi chüshüya. Kijüzieu gei market-share krüta za thoshüya Gartner
mu IDC rhi geinu nko AppScan chükelie mhanyako Suite-e web
application kerüguo kedojü pete bu morokesuo rhi la kelakeshü khashüya
– outsourced, miali scan-ko mu enterprise – analysis kemeya – mu user rhi
peteko – application chü kehieshüyakezhako, quality assurance teams,
penetration testers, security auditors mu senior management.
Https://www.watchfire.com/securearea/appscan.aspx
21.1.23N-Stealth (windows)
N-Stealth liro web server security-auditing tool pete khre la 30,000 kezie
thachüko scan chüshüya. Hau-e mhachüshüyakezhamiako, kerüguo la
kekhruohi ketsoliekeviko mu IT professional-ko la puotoutho.
http://www.nstalker.com/products/free/
21.2
Accessment Of Databasebase Security Levels
21.2.1 IPLocks
IP Locks Armour-e Industry-u kelakeshü kekuotho-u database kethachüko
telie mu chülashüketuo khashüya. Mha keze kekreimia puorei scalability,
customizability,
mu
IP
Lock-ko
cost-effectiveness
kesakecüko
ze
kemejüliekenjü. Kijü lukihaki kompaniko IPLocks armour se critical
Innitiative hakemhieko siethashüya:
User Priviledge Reporting
Internal security
SOX Compliance
PCI Compliance
Risk Management
http://www.iplocks.com/products/iplocks-armour.html
126 | P a g e
21.2.2 App Dectective.
Network geinu chüyakecü, vulnerability assessment scanner, App Detective
Pro puo n infrastructure donu ketho dze pfhüliekevi khakeshübase
application-ko pfhüshüya mu uko kerüguo kekuo seliekevi chüshüya.
Piecemeal Solution-ko ze kemejüshü liro, App Detective Pro modules-e
enterprise-ko bu application tiers kemeyie kenie seliekevi khashüya –
application/Middleware, mu back-end database-interface yopuo geinu. App
Dectective Pro-e proven kerüguo mhatho chatha zho puo mu application-level
kethachüko mhasi kemeya puo bu puo sie thashü di hievihiesuo meho, puo
dze pushü, mu kerüguo gei kecie bakecüko chülashü mu chükedeikecü
kerkrüshüya. Süu chükeshü geinu, enterprise-ko chü separ morei uko die
kelashü zomonyü kekha rei salie viketuo süteiki routine audit-ko chü kehie
mu chü kerüükoshüya.
https://www.appsecinc.com/downloads/appdetectivepro/
21.3
Assessment of Application Security
21.3.1 Browser security levels
21.3.1.1
Watch fire
Watch fire ® liro web application security audit-ko bu puo thuo
puo geinu chülie di website kerüguo mu compliance chükecü nu
puo khruohi pie puo bu chü puotouliekevi chüshüya. Kijü peteu
thelhitheü-kezakecü krüta zathoshü Garner mu IDC rhi nu, nko
App Scan product suite-e kelakeshü khapie web application
security kedojü se morokesuo puorhi pete outsourced, miali scan
mu
enterprisewide
analysis
–
mu
user
pete-application
chüshüyakezhamia, quality assurance kroko, penetration tester-ko,
security auditor-ko mu senior management hako tsüshüya.
https://www.watchfire.com/securearea/appscan.aspx
127 | P a g e
21.2.1.2N-Stalker
n-Stalker Web Application Security Scanner 2006 liro web security
solution puo. Si peviseketa N-Stealth HTTP Security Scanner nu puo Web
Attack Signature Database pie, patient-pending component-oriented Web
Application Security Accessment technology chükesa pie puo chükeshü
geinu, N-Stalker-e n web Application-u khieümhou hau nu vulnerability
huo batayakezhako sweep chüliekesü chülietuo, Cross-site Scripting mu
SQL injection rei sa, Buffer Overflow mu Parameter Tampering
perhiekecü mu sükezie rei ba.
http://www.nstalker.com/products/free/download-free-edition.
21.2.1.3Sprajax (AJAX la)
Sprajax liro open source black box security scanner puo, se AJAXchüliekevi application-ko kerüguo selieketuo la seya. AJAX frameworkko mecütou di sekebau bakecüu telieketuo geinu, Sprajax-e kedojü
mhachako chü vikuo mu kethachü partaliekeviko silieya.
http://www.owesp.org/index.php/category:OWASP Sprajax Project
21.2.1.4Pixy (PHP la)
Pixy-e Open-Source Vulnerability Scanner puo, süu SQL, XXS kereko
PHP application-ko sishüya.
http://pixybox.seclab.tuwien.ac.at/pixy/download.php
21.3.2 Peer to Peer Networking levels
21.3.2.1
Prevx
Sizoürei, n komputür nu file-ko kezaketuo la mu huokipuo Bit
Torrent kemhieko n komputürko bu P2P network-u donu file-ko
seliekecü chülieketuo la, noe TCP port mecütoukecü puo firewall
geinu P2P software puo kepfhesiketuo la khrüshü morosuo. süu
chükeshü geinu, noe vapuo port-u khrüshüwata liro noe kelhiekecü
traffic süu nu lerkecüko nunu n yakecü chütatuo, süu personal
firewall
software
Zone
Alarm
chüshüyakezha
kemhie
kekreilamonyü hai zo di khashü morei puo meleko kekhakeshü
128 | P a g e
geinu pete zekeshü geinu lekepesuo mhatho kekra telie mo di
khashüwatuo moro u nei n medo mele kekra khakeshü süu keseu
thuo u software khe dojükecü kemhieko, süla Prevx-e user-u ki
kikemhie di mhathoko setuo shi ketsoya. Kehoukipuorei
application puo mha pete khesekebau mhale nu leketuo dojükecü
ki morei thetha file-ko morei registry-u biekedeiwa ro, Prevx
Home software-u mhatho/mele süu telieya mu süu kha tseiwa
moro user-u ki kikemhie di chü votuo shi ketsoya. Prevx rhi nu,
software-u buffer tsuziekecü te mu khatuo mu overruns, thetha
files mu directory-ko chü kemie, mha pete khesekebau registry-u
gei thetha thechüko kedikeshüko kekuokhasashü motatuo mu
sükezie sa. A-e a antivirus mu firewall software a kedojü khakecü
doki zhadoudo puo pete biewa mu tsie rei kechükhu puo rei ze
morei kelhiekecü code morei spyware ze kese mo. Ad-Aware puo
pie scan chükeshü nu tracking cookies u dzie ketshu ngulie, derei
kelhiekecü puorei mo.
http://info.prevx.com/downloadprevx2.asp
21.3.2.2
Honey trap
Honey trap liro network kerüguo mhakechü nya puo network
liethoko nu perhiekecüko mehoketuo la thukeshü puo. Lowinteractive honey pot puokecü la, süu network gei bayakezha
perhiekecüko si rei sikemoko rei dielieko kenguya mu süu geinu
pedzü-kemichie pesikecü dielie khashüya.
http://honeytrap.mwcollect.org/downloadDownload%20Honeytrap
129 | P a g e
22. Operating mha pete khesekebau Updates and Patches
22.1
Security Update Solution Tools (Windows)
22.1.1 Updates
22.1.1.1
Microsoft Update
Bug kenuotho-u Microsoft Windows chü kemieshüya, süu-e DoS
perhiekecü
bataliekeviko
huo
sa
chü
kemiekeshü.
Windowsupdate.microsoft.com
22.1.1.2
WSUS
Microsoft Windows Server Update Services (WSUS) liro
information technology administration-ko bu Microsoft chükelie
nya thie ketso rhi nu chükeshüko selie di Windows operating mha
pete khesekebau sekeba komputür-ko bu chüliekevi khashüya.
WSUS
sekelie
geinu,
mhachülieyakezhamiakoe
update-ko
Microsoft Update nunu uko network mu komputür-ko ki
kezakecüu kese tseilieya.
http://technet.microsoft.com/en-us/wsus/default.aspx
22.1.1.3
Microsoft Office Update
Bug kenuothoko Microsoft windows chülashüya, süu DoS
perhiekecü bataliekevi rei se chülashüya.
Http://office.microsoft.com/en-us/downloads/default.aspx
22.2
Windows Desktop Firewall Settings
22.2.1 Firewall
Firewall liro miali network puo gei morei puo geinu sekelie kekhakecü
software morei hardware mha pete khesekebau puo. Süu ketho dze
pfhüliekevi khakeshü packet-ko meho mu logging chü di mhachüya, mu ketho
dze pfhüliekevi khakeshü packet-ko predefined security criteria kele de
chüliemoketako cha khawaya. Süu n mha pete khesekebau-u khruohipie puo
bu khrukhrekuolieya.
130 | P a g e
22.2.2 Windows Firewall Configure chüketuo zhoko
• Windows XP nu Windows firewall access chüketuo la, Start nu
volie di Run nu neshülie. Open box nu Wscui.cpl thushülie mu
Ok neshülie.
Fig. 94
• Tsiewe nko hakhro khakeshü mhie di window ngulie vite.
Fig. 95
• Manage security setting khro, Windows Firewall neshülie.
• Tsiewe nko hakhro khakeshü mhie di window ngulie vite.
Fig. 96
General Tab khro, firewall-u khrüpie baketuo chütoulie. Don.t
allow exception ikebau kedakelie geinu, mhathochie Exception
tab khro sa pekrapie bakecüko Windows firewall bu khawaya.
•
Mhathochie
u
neikeba
kehoupuorei
morei
lietho
puo
khapiebaketa puo khrülaketuo la, Excepion Tap nu neshü mu
Add Program neshülie.
List hakhro pengupiekeba nu u neikeba mhathochie morei lietho
kedalie di OK neshülie. Exception tap khro nu nkoe port
uneikeba add port nekeshü geinu khrülie vi.
Firewall-ue seliekevi khakeshü nu chü khriekelie keperokecüko
mehoketuo la, hakhro kepekiekeshü kemhie di Advance Tab nu
neshülie.
Fig. 97
Advance Tab khro, hakhro kepekiekeshü kemhie di Security
Logging section khro settings nu neshülie.
Fig. 98
Log setting khro, Log successful connection kedaliekevi
chüpiekebau meholie mu Log File Option section khro log file-u
cha-u chü kemecü mu sitoushülie.
Fig 99
131 | P a g e
Mha pete khesekebau nu open port-ko mehoketuo la morei
command prompt-u nu keperokecüko pesieketuo la netstat-ano
thushülie.
Rükralie: Mha pete khesekebau-u gei krotho se (third party)
firewall puo pelikecü(install) chüshü liro, chü kedeiliekelho
firewall-u n mha pete khesekebau ze voryakecüu bu khawakecü
chütoulie.
Fig 100
Log setting-ko khro, Log successful connections kedaliekeviu
meholie mu log fileu chau Log File Option section khro si
kemecü mu sitoushülie.
Fig 101
Mha pete khesekebau-u nu open port-ko mehoketuo la morei
command prompt-u nu connectionko pesieketuo la nestat-ano
neshülie.
Rükralie: Mha pete khesekebau-u gei krotho se firewall puo
pelikecü chüshü liro, chü kedeiliekelho firewall-u n mha pete
khesekebau ze voryakecüu bu khawakecü chütoulie.
132 | P a g e
23. Security Update Detection Tools
23.1
MBSA
Microsoft Baseline Security Analyzer (MBSA) liro se rüükecü mhanya IT
mhathomia la rhikeshü puo, süu puo kezhakecü liro kecü mu thedo thelhitheüko
khruohi pie uko kerüguo thau le medo kenourhe di Microsoft security pukeshüko
mu specific remediation guidance seliekevi khashüya. Windows Update Agent
mu Microsoft Update infrastructure geinu chü, MBSA liro Microsoft management
chükelie nya kekreiko ze kemhie sei bakecü chü puotoukecü chüya, süu Microsoft
Update (MU), Window Server Update Services (WSUS), Mha pete khesekebau
Management Server (SMS) mu Microsoft Operation Manager (MOM) rei sa.
Ngukelie, MBSA-e zhadoudo metsi komputür 3 million kezie mese scan chülieya.
http://www.microsoft.com/technet/security/tools/mbsahome.mspx
23.2
Microsoft Office Visio 2007 connector
Nu n network security status-u si baya mo ga? Get visual. Visio 2007 Connector
Microsoft Baseline Security Analyzer (MBSA) la khapiekebau n bu MBSA scan
puo hievihiesuo-u meholie vi mu süu mecükecü puo, Microsoft Office Visio 2007
network mirhi puocapuola rei silie vi.
Noe visio 2007 Professional mu MBSA 2.1, süu Microsoft geinu vorkecü free
security tool puo hanie ba phre morosuo, connector hau bu puotou mu
mhachülieketuo la.
Meholiekeviko:
http://www.microsoft.com/india/windows/products/windowsvista/features/details/
parentalcontrols.mspx
www.switched.com
www.us-cert.gov
www.occ.treas.gov
http://www.getsafeonline.org/nqcontent.cfn?a id=1157
133 | P a g e
http://www.google.com/support/websearch/bin/answer.py?hl=en&answer=35892
www.staysafeonline.info
www.yahoo.com
http://www.uni.illinois.edu/library/computerlit/scenarios.php
http://www.getsafeonline.org/
http://dban.sourceforge.net/
http://www.heidi.ie/eraser/
http://micro2000.com/erasedisk/
http://www.apple.com/safari/features.html#security.
134 | P a g e
