Instant Messaging

Instant Messaging (IM) extension is among the most popular, user friendly and easily installable extensions. It is very simple to verify the instant messaging account with a One Time Password (OTP) received on mobile phones. Though emails are the preferred source of communication, Instant Messaging beats them when it comes to prompt interaction. Most of the leading IT companies like Microsoft and Google provide instant messaging services.

What is Instant Messaging?

Exchanging text messages between two or more participants in real time over the Internet using a set of communication technologies is called Instant Messaging. The benefit of Instant Messaging is that the sender can check if the receiver is online or not by viewing their status and can get a revert instantly. There are also few systems that allow messages to be sent to offline users or engage in video chats along with messaging.

The main features of instant messaging are as follows:

1. Allows back and forth communication with online friends
2. Allows creation of chat rooms with more than one friend
3. Allows video chats and view/send videos
4. Allows viewing images stored on the remote computer of a friend
5. Allows sharing of music 6. Allows sending quick messages from mobile phones
6. Allows sharing of favorite web links
7. Allows real time sharing of news
8. Allows audio calls with friends
9. Allows sharing of documents

The network of instant messaging has a client and a server. Client is installed at the user end. Whenever user initiates an IM session, it is authenticated by the server operated by the vendor of Instant messaging network. Google Hangout, MSN Messenger and Yahoo Messenger are some such vendors.

 

How Instant Messaging Works:

If A wants to send message to B, A types a message and commands client to send it to B.The message will be kept in a packet that would reach the server for authorization. Once the server examines and verifies that the package is meant for B, the server will keep it in a new packet and then the message will be forwarded to B.

Instant Messaging Security Issues

Contacting people using IM is less expensive and faster than any other medium (telephone or email). Due to this reason, Instant Messaging (IM) has gained popularity as the preferred communication medium. Apart from chatting with friends and family members, IM has convened real time communication especially in the corporate world, where time sensitive transactions occurs.

Some of the security threats associated with Instant Messaging are:

Privacy Issues: As the IM session exchanges information in clear-text mode, the data can face several privacy issues like eavesdropping, information leakage and loss of data. Most of the free IM Systems do not use encryption technique, which in turn opens opportunities for hackers. Several freeware network sniffers (NMAP or Ethereal) are available that can be downloaded to access the textual conversations between two parties.

Impersonation: Hackers can gain the access to login details of user’s IM account and can impersonate themselves as the user. Friends, business clients and co-workers cannot recognise if the user is real or not and can exchange crucial data or private information. This may cause severe damages to the victim.

Malware Threat: By using file transfer option on IM, users may allow infected files and malware to enter their system. Users may skip the antivirus check and invite virus on their system. Attackers can also convince credulous users to install malicious software sent by them.

IM Software Vulnerabilities: IM clients can have in-built vulnerabilities if not downloaded from a reliable source. It is advisable to check IM client carefully before installing them on your system, else the system can be prone to additional vulnerabilities.

Denial of Service: The system can also become susceptible to Denial of Service (DoS) while using Instant Messaging clients. These attacks may harm the system differently, such as by crashing instant messaging software, consuming higher CPU power, making IM clients hang repeatedly and make the computer unstable.

 

Managing Instant Messaging Security Issues

There is a multi-pronged approach that must be followed to handle the issues related to Instant Messaging. If the threats cannot be resolved, they are isolated, so that they cannot cause any further damage to the system or data.

To manage security issues related with Instant Messaging:

1. Set the IM Client not to accept shared files automatically, which in turn will protect the system from downloading virus affected files.
2. Whenever any file is received on IM, always check its origin and open only after scanning with antivirus software.
3. For official purposes, set up a corporate Instant Messaging System on the company’s Intranet.
4. Never open web links from unknown senders.
5. Either avoid sending personal information on IM systems or encrypt them before sending.
6. Always keep the firewall protection on, install latest antivirus software and keep Instant Messaging software updated.

 

 

Security of Google chrome and its steps

 

Although Firefox was given the most secured browser award in 2019, we still love Google Chrome don’t we? And switching browsers is not easy, especially when we have been using it for a while now. But don’t feel guilty about not using the most secured browser, you can still take these steps to ensure that your browser has the optimum level of security.

1. Limit synced items
We use Google Chrome across all our devices, and so, to keep us updated we often sync all our devices so that all the information (logins and passwords, bookmarks, etc.) is available to us at all times. However, this continuous sending of data can put your security at risk, so limit the synchronization.

To do this, click the three dots on the upper right side of Chrome and then Settings > Advanced > Sync and other Google Services.

As you see in the above image, Synchronize everything is set by default. We recommend deactivating the options you use less frequently.

2. Encrypt synchronized data
In the same menu, i.e. Settings > Advanced > Sync and other Google Services, there is another options to encrypt your synchronized data. Select the option Encrypt synced data with your own sync passphrase. Next, choose a password that you can remember (different from your Google account password).

This will add an extra layer of security by asking for the password every time Google Chrome wants to synchronize your data.

3. Tweak the Content Settings
Go to the Settings > Advance and then click Site Settings (under Privacy and security). This particular section is highly crucial to your security; it’s where you’ll configure what to do with Cookies, JavaScript, Plugins, Popups, and more. These are the recommended settings.

Cookies: Keep local data until you quit your browser (this clears your cache for every browser closed).
JavaScript: Do not allow any sites to run JavaScript (you’ll probably need to add sites to the exceptions for any website you need to allow JavaScript).
Plugins: Let me choose when to run plugin content.
Location: Do not allow any sites to track your physical location (add any sites to the exceptions list that are needed).
Notifications: Do not allow any site to show notifications.

Other than these settings, leave those listed as recommended. If you happen to be super paranoid, you might also go to Unsandboxed plugin access under Site Settings, and enable it if it’s not enabled already.

Note: Sites with two-factor authentication might not behave properly when you set Cookies to Keep Local Data Until You Quit Your Browser. For those, you must set up exceptions.

To set an exception, click the Manage Exceptions button and then enter the necessary site and click Allow from the drop-down. You can use wildcards in exceptions in the form of [*]google.com.

4. Change your Password settings
   Under Settings > Advance > Passwords ensure that Offer to save passwords and Auto Sign-in are both unchecked. Even though this would mean you will have to remember your passwords, and will need to sign in every time you go to a particular website.5. Change the System settings within Google Chrome
   For the very concerned for online privacy, I would highly recommend unchecking Continue Running Background Apps When Google Chrome Is Closed. This will close all apps when you exit Chrome and prevent notifications (such as G mail, Facebook, etc.) from having access to your desktop. You would find this setting under Settings > Advanced > System.6. Use the Incognito
   For those that really don’t want to risk security at any cost, when using Google Chrome, you can always run every session through an Incognito window. Many desktop environments will allow you to open Chrome in Incognito without having to first launch Chrome and then open a new Incognito window. You can also click on the 3 ellipses for the Google Chrome menu, and then click on New Incognito window or press Ctlr+Shift+N for shortcut.

   7. Turn off Google Activity Control
   Google Chrome not only saves your browsing data, but so does Google itself every time you’re logged in to your Google account. This option, activated by default, can be easily deactivated. To do this, access the option Activity controls of your account from this link, and deactivate the switch.

Also, from this page you can configure many other aspects related to your activity. If you have time, take an in-depth look, because it is really interesting (and you’ll be surprised to know just how much Google knows about you).

8. Maintain your list of extensions
Google Chrome extensions are highly useful, and we often install them, but then we use them for a few days, and then forget about them. What is the point of having plugins installed that are constantly sending data to an external server? It is advisable to review the extensions we have installed from time to time and clean them up.

To do this, click on the 3 ellipses for settings, and then click on More tools > Extensions or directly access using the Google Chrome flag chrome://extensions/. Uninstall/remove every extension that you do not plan to use within the next 2 weeks.

9. Add these security extensions
There are a lot of extensions available whose main focus is security. Here’s a list of such extensions.
HTTPS Everywhere: HTTPS Everywhere is an extension created by EFF and the Tor Project which automatically switches thousands of sites from insecure “HTTP” to secure “HTTPS”. It will protect you against many forms of surveillance and account hijacking, and some forms of censorship.

Privacy Badger: Privacy Badger sends the Do Not Track signal (https://www.eff.org/issues/do-not-track) with your browsing. If trackers ignore your wishes, your Badger will learn to block them. Privacy Badger starts blocking once it sees the same tracker on three different websites.

Hola Free VPN: Hola is a free and ad-free VPN proxy service that provides a faster and a more open Internet. Unblock websites blocked or censored in your country, company and school, and stream media with the free Hola Unblocker VPN proxy service.

Unshorten.link: Shortened links can be hiding anything. With the Unshorten.link extension, any shortened link (such as bit.ly or t.co) you click on will be automatically expanded and analyzed for malware giving you a clear view of where the link is taking you. Unshorten will also automatically remove known tracking cookies from the URL.

Last Pass Password Manager: LastPass, an award-winning password manager, saves your passwords and gives you secure access from every computer and mobile device.

WOT Web of Trust: WOT creates a secure browsing environment, showing website security icons next to every URL & reputation alerts for unsafe websites.

Chrome Cleaner: The most fast and powerful Cleaner Extension in the Chrome Store! Cleaner lets you clear all unnecessary data from Chrome as easy as one click. Protect your privacy, delete all activity and fasten your browser with Cleaner extension for Chrome.

10. Take a Google Security Checkup
Before looking at extensions or apps however, a wise step would be to see how secure your browser is right now. Google provides an easy-to-use tool for this specific task called security checkup.

When you visit the site, Chrome will log you in and assess your current levels of protection, highlighting any areas that need addressing.

 

Security of Mozilla firefox

Develop by the Mozilla foundation ,firefox is an open source web browser having a customizable user interface. The browser is available for windows, android, linux and Mac operating system respectively.

Enable a master password

Like other browsers, Firefox by default allows anyone who accesses your computer to log in to sites where you’ve saved the password. And as with Google Chrome, a list of the saved usernames and passwords can be viewed via the Options menu of Firefox.

 

Fortunately, Firefox offers a master password feature that encrypts and password-protects the saved password list. When enabled, you must enter the master password the first time you use a saved password, once per browser session. Additionally, even though you enter the master password the first time, you must always enter it before you can view saved passwords via the Options menu. This is a great feature to help prevent casual snooping of your passwords. It even prevents most third-party utilities from recovering them.

To enable the master password feature, open the Firefox menu, select Options, select the Security tab, and then check the Use a master password option.

Use a strong password for syncing

Like Google Chrome, Firefox has a syncing feature to synchronize your bookmarks, passwords, and other browser data to Firefox browsers running on other computers and devices. Fortunately, Firefox encrypts all synced data, not just your saved passwords (as Google Chrome does). Additionally, Firefox has more security than what Chrome offers by default when you’re setting up a new computer or device to sync. In Firefox, you must log in with your Firefox Sync password. Then you must either enter a random pass code from the new device into one that you’ve already set up, or take the recovery key from a device you’ve already set up and input that key into the new device.

So you don’t have much to worry about with Firefox syncing—as long as you use a strong password, one with upper- and lowercase letters, numbers, and special characters. If someone knows or cracks the password, and has access to a device you’ve already set up with syncing, they can then set up other devices with syncing and access your passwords and other browser data.

To enable or change sync settings, open the Firefox menu, select Options, and select the Sync tab.

Verify that security options are enabled

Like other popular browsers, Firefox includes some basic security and privacy settings. Though most are enabled by default, you should ensure they haven’t been disabled.

Start by opening the Firefox menu and selecting Options. In the Options window, select the Security tab. Ensure that the first option, Warn me when sites try to install add-ons, is enabled to help prevent sites from automatically installing add-ons, as some can be dangerous. Then ensure that the next two options, Block reported attack sites and Block reported web forgeries, are also checked to help enable protection against malware and phishing.

Next, select the Privacy tab. And if you want more privacy online, select the first option, Tell websites I do not want to be tracked, which isn’t enabled by default. Although it can’t prevent all tracking, it will reduce tracking by those sites that support this type of option.

Now, select the Content tab. To prevent pop-up windows that can be annoying and even contain phishing ads, ensure that the first option is enabled: Block pop-up windows.

Lastly, select the Advanced tab, select the Update subtab, and ensure that Automatically install updates is selected.

Use add-ons for more protection

Consider installing these security-related add-ons for extra protection:

NoScript helps you control which sites can use JavaScript, Silverlight, Flash, and other embedded content, as they can be used maliciously to infect your computer or for phishing attempts.

Adblock Plus blocks banners, pop-ups, and video advertisements on websites to reduce clutter and the resulting annoyance; they can even reduce accidentally stumbling upon adware, malware, and phishing attacks.

Web of Trust (WOT) shows the user ratings of sites and blocks dangerous sites—such as those with malware—to increase safe surfing, shopping, and searching on the Web.

HTTPS Finder automatically detects and enforces HTTPS/SSL-encrypted connections when available—great in helping to reduce the chances of an eavesdropper on a Wi-Fi network from capturing your login details.

Xpnd.it! short URL expander allows you to hover over shortened links to see the real URL and other basic information about the site so you know where it leads before clicking.

Check and update plug-ins

Cyber criminals regularly use vulnerabilities in popular browser plug-ins (like Java and Adobe products) to infect and invade computers. Most plug-ins regularly release updates to patch security holes. Many plug-ins are set by default to update automatically or at least to notify you of them. However, it’s a good idea to check periodically for updates. Consider using the Mozilla plug-in checker or third-party sites like Qualys BrowserCheck for updates for other browsers.

A little vigilance goes a long way

Firefox is pretty secure on its own, but you can make it even more secure with the right settings and add-ons. Good password management remains essential, too: Create and enable a strong master password so others can’t use or view your passwords. And if you use the syncing feature to synchronize your passwords and browser data across devices, use a strong password to prevent others from syncing. Finally, keep tabs on your add-ons and plug-ins to make sure they’re giving you the best possible protection.

 

Security of internet Explorer

Internet explorer (EI) is one such browser that can be found on any and every PC having the windows operating system. One most keep the security system setting of IE updated to protect the browser from online threats.

Internet Explorer has security measures in place to help protect you as you browse the web.

Follow these steps to adjust these settings:

1. Within Internet Explorer, go to Tools > Internet Options. The Internet Options window appears.
2. Select the Security This tab has a section at the top that lists the various security zones that Internet Explorer uses. For each of these zones, you can select a custom level of protection.
3. Click Custom level. A second window appears that allows you to select various security settings for that zone. The Internet zone is where all sites initially start out. You should apply the Highsecurity setting for this zone. By selecting the High security setting, several features including ActiveX, Active scripting, and Java are disabled. Then click OK.
4. From the Security tab, click Default level, and drag the slider control up to High.
5. Click Trusted sitesto set security zone for sites that you think are safe to visit.
6. To add or remove sites from this zone, click Sites. A secondary window appears listing the sites that you trust, where you can add or remove them. You may also require that only verified sites (HTTPS) can be included in this zone. You should set the security level for the trusted sites zone to Medium-high (or Medium for Internet Explorer 6 and earlier). If you trust that the site will not contain malicious content, you can add it to the list of sites in the Trusted sites zone. Once a site is added to this zone, features such as ActiveX and Active scripting are enabled for the site.
7. Select the Privacytab and click Advanced. The Advanced Privacy Settings window appears.
8. Select the Override automatic cookie handling
9. Then select the Promptradio button for both first and third-party cookies. This prompts you each time a site tries to place a cookie on your machine. If the number of cookie prompts is too excessive, you can select the option to Always allow session cookies. This allows non-persistent cookies to be accepted without user interaction.
   Note: For more information about cookies, see the managing browser cookies  how to article.
10. Click OK.
11. Click Sites on the Privacy tab to specify which websites are always or never allowed to use cookies. You can add or remove sites, and change the current settings for existing sites.
12. Click OK.
13. Select the Advancedtab to manage settings that apply to all of the security zones.
14. Clear the Enable third-party browser extensions This option includes tool bars and Browser Helper Objects (BHOs). While some add-ons can be useful, they also have the ability to violate your privacy. Internationalized Domain Names (IDN) can be abused to allow spoofing of web page addresses, which can allow phishing attacks to be more convincing.
15. To protect against IDN spoofing, select the Always show encoded addresses
16. Clear the Play sounds in webpages Sounds in web pages may introduce security risks by having the browser process additional untrusted data.
17. Click OK.