Cybersecurity Part 3: Educate Yourself About Web Addresses

In our first two posts about Cybersecurity, we defined different threats and discussed what the College of Nursing IT department does, as well as what you can do, to protect our data at the College of Nursing.  This post will go over some additional information about reading website addresses that will help you to be safer when browsing the web.

Below in black/blue/red/green you can see the full web address of the RN to BSN program introduction on the CON website.  You will notice four distinct parts of the address. Below, we will go over those parts of the web address.

Http(s): The letters “http” ahead of a website signify the Hypertext Transfer Protocol, and the “S” added here indicates that the connection is encrypted (or, coded to keep unauthorized viewers from seeing the information being transferred).

Domain: The domain name is the name of the website that you are accessing. In the case above, nursing.osu.edu is the domain name of the College of Nursing.  All of the subsequent pages that you can reach from the College of Nursing’s website are “nested” into this domain.  In this particular case, nursing.osu.edu is connected to the overall osu.edu domain which you can reach by clicking the link at the very top of the page.  In much the same way that books have chapters with sub sections, the larger “osu.edu” domain connects to the smaller “nursing.osu.edu” domain which has many pages attached to it.

Extension: The extension tells us what kind of website we are accessing.  In this case, the “.edu” extension indicates that this is a higher educational institution.  Other common domain names are listed on this Wikipedia page.  It’s good to be familiar with the most used extensions, because in recent years, fake websites have popped up that may lead you to think they are legitimate. For example, the real website for the ABC News television station is abcnews.go.com.  Recently, a fake site popped up with the web address abcnews.go.co* (notice this site ends with “.co” instead of the usual “.com”) that mimicked the real website quite convincingly.

Path: The series of words with forward slashes that follow the website extension tell your computer where to look in the domain of the website– this is basically a nested series of pages. So, in the example above, the RN to BSN program introduction connects to the undergraduate program overview page which can be found on the academic program page.

Now that you know the basic elements of a web address, try paying attention to the addresses that common links take you to.  Whenever you see a domain name that seems off (like “gooogle.com” for instance), an extension you don’t recognize such as “.co”, or you don’t trust the provider of the link, DON’T CLICK!  You can find some helpful hints from these pages as well:

How to Spot a Fake Website

Reading Web Addresses

 

*For those of you who are now terrified of clicking on a bad link, we’re glad you’re paying attention! The link above to the fake ABC website will just take you to a Wikipedia page describing the site, so feel free to check it out this time.

 

 

Cybersecurity Part 2: External Threats

In our previous cybersecurity post, we discussed internal threats and what you can do to avoid them.  This post will focus on external threats, and how the College of Nursing IT department is working to keep our network safe.

An external threat is an attack or attempted attack by an outsider trying to gain access to a network.  There are several levels of external threats, including:

  • Basic: These usually take the form of scripts that automatically search the internet for vulnerabilities. They are not usually aimed at specific people or networks.
  • Advanced: These are attackers actively trying to access a network from the outside.
  • Advanced Persistent: These are often hackers who are state-sponsored or may even come from inside foreign governments.  They have the time, money, resources, and motivation to get into a network and they will continue trying new attacks.  Attacks of this nature are often the ones you hear about on the evening news.

We asked Erik Yarberry, network administrator for the College of Nursing, what we are doing to mitigate threats from both external and internal attacks.  Here are a few things our network is equipped with:

  • A Firewall, or a system that uses certain rules to control traffic into and out of the network.  The CON has two firewalls– one that protects all networks inside the CON (including Nursing_WiFi) from the outside, and then another one that keeps Nursing_WiFi separate from the wired network.
  • A Virtual Private Network (VPN) which encrypts internet connections to network resources that are not available to the public
  • Splunk, a program which exports all of the network’s system logs and allows network administrators to search those logs using sophisticated techniques
  • Data Loss Prevention (DLP) Software which protects all of the network’s data from exposure or being compromised.
  • Various alerts about possible “ransomware” attacks, compromised accounts, too many login attempts, etc

With all of these programs and defense mechanisms in place, our network runs every day while fending off potential attacks from the outside.  In our next and final entry for this series, we will discuss more ways that you can protect your information and keep the CON network secure.