INVITATION TO CYBERSECURITY 242 Figure 9.10 A website protected with HTTPS. In Section 8.1.6 we briefly covered the HTTPS protocol that is used to make web browser connections end-to-end encrypted—it is the secure replacement for HTTP (see Figure 9.10). When browsing the Internet, users need to be cautious on sites that are not served over HTTPS. With HTTP, the web server has not been authenticated as genuine, and no encryption is used. Most traffic is HTTPS encrypted by default on today’s Internet. However, on local area networks and when writing or using custom networking software, users need to be aware of the threat of eavesdropping and take appropriate precautions. This may include encrypting data before it is sent over the network. It should be assumed that traffic sent over the network will be sniffed, and therefore, one should investigate to be sure that it is protected. For example, on an organization’s network, are Voice Over Internet Protocol (VOIP) phone calls encrypted? How about data sent to copiers and printers? These questions are worth asking. Below in Section 9.2.4.2 we examine wireless networks and how that data can be protected. 9.2.3 Harden Systems If there is one thing this textbook has made clear it is that cyberspace is rife with vulnerabilities. Computers of all kinds, including laptops, smartphones, routers, and smart devices, need to be hardened. Hardened means made secure. This section outlines some steps that users can take to make their devices more secure. 9.2.3.1 Patch Systems Section 4.1.2.2 explored technical vulnerabilities and explained the importance of software patching. As every cyber attacker knows, n-day exploits are effective because cyber defenders do not always apply patches in a timely manner. Operating systems, desktop applications, and smartphone apps need to be patched. Cloud-based applications, like Google Docs, are patched by the cloud provider since the software runs on their servers. However, web browsers such as Google Chrome and Mozilla Firefox run locally on computers. Similarly, smartphone apps run on end-users smartphones. Therefore, it is the end-user’s responsibility to patch their operating systems and the software that runs locally on their devices. Because patching is so important, software vendors have made it easier over time for users to apply patches—it usually happens automatically and sometimes without the user even knowing. Patches are typically pushed out to users as part of software updates. The updates may include new features in addition to security fixes. If a user is prompted to
RkJQdWJsaXNoZXIy MTM4ODY=