Embed Size (px)
Citation preview
Part I Typical Concerns and Problems What Computer Users Want to Avoid Types of Malware Explained Symptoms of Malware:
Viruses, Worms, Trojan Horses, Rootkits, Spyware, Adware, and Phishing
Firewalls Preventing Malware Malware Removal Backing Up Your Data
Backup Recovery
Troubleshooting Tools
COURSE OVERVIEW
Part II Using Your Email Safely Using Your Browser Safely Access Control Securing Your Computer Computer Security Checklist
COURSE OVERVIEW
TYPICAL CONCERNS AND PROBLEMS:
How did this (virus, malware, problem, etc.) get on here?
Should I upgrade from Windows XP to Windows 7?
Should I open this email? Should I reply to this email?
Why do I have to go through a maze of choices every day?
Updates are ready for your computer, what do I do?
Message to upgrade from AVG 8.5 to 9.0 – what do I do?
Can I encrypt the data on my laptop? Should I use Yahoo email, or Outlook Express? Do I need to upgrade to IE8, or use Mozilla?
I keep getting a strange message saying my computer is infected with 43 viruses.
My computer takes forever to boot and is running slowly.
How secure is the local area network I set up in my house?
Is it okay for my kids to download music from Limewire and play World of Warcraft?
I have five years worth of my Company’s Quickbooks, and no backup copy. What should I do?
Somebody helped me install Bearshare onto my computer, why is it acting strangely?
TYPICAL CONCERNS AND PROBLEMS:
WHAT COMPUTER USERS WANT TO AVOID
Malware - Adware, Spyware, Viruses, Trojans, Rootkits
Theft of Identity Unwanted Internet content Unwanted emails (spam) Annoyance, Slow and Unresponsive
Performance Undetected use of your machine by
hackers for spam propagation, D.O.S. attacks, etc.
Someone “Eavesdropping” over a wired or wireless network
Loss of important personal or business data
Loss of Use of the machine and access to internet (in this day and age, a form of “dial tone” many can’t do without)
Loss of investment through theft or damage to machine
Loss of Privacy
WHAT COMPUTER USERS WANT TO AVOID
VIRUSES, WORMS, TROJAN HORSES, ROOTKITS, SPYWARE, ADWARE, AND PHISHING
WHAT ARE VIRUSES?
Self-replicating software that causes system problems
May attach to another piece of software
Runs when opened Affects the system in some way
Pranks System damage or data loss Compromises system security
WHAT ARE WORMS?
Self-contained software that infects computer and attempts to spread to other computers
Usually spread over a network May not require human interaction Can spread very quickly
Spreads by way of system vulnerability Un-patched machines are vulnerable
WHAT IS A TROJAN HORSE?
A "back door" software program that allows intruders to take remote control of a computer without the owner’s knowledge. Trojan Horses can be installed on computers through thousands of free software packages that can be downloaded from the Internet.
WHAT IS A ROOTKIT?
An especially heinous Trojan Horse program or group of programs that can completely hide itself from a virus scan program by integrating itself into the core of the operating system. Rootkits typically start themselves before the machine's operating system making them capable of hiding multiple files, registry keys and/or programs from the operating system and thus the machine's virus scan software.
A Rootkit takes Administrator level control of a system without authorization of the system's owners and managers. There is a high level of difficulty associated with removing a Rootkit.
SYMPTOMS OF VIRUS, WORM TROJAN HORSE, & ROOTKIT SYMPTOMS Strange behavior such as
Computer is slow, and/or boots very slowly Pop up warnings, but no company name Hard disk is suddenly full Unable to run or install certain software
like anti-virus or firewall A sudden increase in network traffic
(network connection lights are constantly blinking)
Documents have been deleted or computer will not start
A scan reports malware is present
Other Symptoms Longer-than-normal program load times Unpredictable program behavior Inexplicable changes in file sizes Inability to boot Strange graphics appearing on your screen Or unusual sounds may indicate that a virus is
on your system. If your computer begins to act strangely, or
if it stops being able to do things it has always done in the past, it may be infected with Malware.
SYMPTOMS OF VIRUS, WORM TROJAN HORSE, & ROOTKIT SYMPTOMS
WHAT IS CAUSE OF THE SYMPTOM? It is important to distinguish between malware
symptoms and those that come from corrupted system files, which can look very similar. Unless you have up-to-date anti-malware software, there is no sure way to know if you have a virus or not.
To check whether you already have an antivirus software program installed on your computer, check the Programs list on the Start menu and look for an antivirus program. Many major computer manufacturers include at least a trial version of a popular antivirus software package.
Be sure it is turned on.
Spyware is a general term used for software that performs certain activities such as advertising, collecting personal information, or changing the configuration of your computer, generally without a obtaining your consent.
You might have spyware or other unwanted software on your computer if: You see pop-up advertisements even when you are not
on the Web. The page your Web browser first opens to (your home
page) or your browser search settings have changed without your knowledge.
You notice a new toolbar in your browser that you didn’t want, and find it difficult to get rid of.
Your computer takes longer than usual to complete certain tasks.
You experience a sudden rise in computer crashes.
WHAT IS SPYWARE?
SPYWARE SYMPTOMS Spyware can consume your PC’s resources.
A bad spyware infection could dramatically slow your computer’s performance including causing your system’s to become increasingly unstable.
Spyware can take up bandwidth to communicate information back to its creator.
Unable to access certain web sites Web-based email Secure sites (HTTPS)
Browser may be redirected to another page Start Up Programs – Some spyware variants
will try to add themselves to your Windows start up program list. Boot up time becomes noticeably slower.
SPYWARE Spyware is often associated with software that
displays advertisements (called adware) or software that tracks personal or sensitive information. Many of these programs track your Internet
browsing habits and then provide advertising companies with marketing data.
This does not mean all software which provides ads or tracks your online activities is bad.
For example, you might sign up for a free music service, but "pay" for the service by agreeing to receive targeted ads.
If you understand the terms and agree to them, you may have decided that it is a fair tradeoff. You might also agree to let the company track your online activities to determine which ads to show you.
WHAT IS ADWARE?
Adware — a general term used for software that invades your computer in the form of persistent pop-up ads. Adware is similar to spyware except it is used primarily for advertising purposes and may have provided the user with information about its operation. One of the biggest adware programs
online is Gator.com. Gator may help fill in Web forms, but it is also one of the most aggressive software programs for adware on the market.
ADWARE SYMPTOMS
Often get unwanted pop-ups, even when not using your web browser
Browser may be redirected to another page
Unwanted Browser Toolbars – These programs are commonly bundled with free software which the publisher often describes as “advertiser supported.”
HOW DOES MALWARE GET ON YOUR COMPUTER? Malware usually gets on your computer
and spreads in one of several ways: From vulnerabilities in Windows programs From downloads off of the Internet From browsing infected Internet sites From email attachments From using Instant Messaging From Peer to Peer File Sharing From external media such as CDs, USB Keys File Sharing Over the Network
TERMS Hacker — a general term used for anyone who spends time
poking into computers and operating systems, trying to discover their vulnerabilities. A Hacker may look for and break into computers or networks without authorization, either for the fun of it or to steal valuable information such as credit card number.
Threat — any event that may harm a system by means of destruction, disclosure, modification of data, and/or denial of service.
Vulnerability — a weakness in security procedures that may be used to violate a system security policy.
Risk — the probability that a vulnerability will cause a harmful result.
Malware — A term which is emerging to refer to any software written with malicious intent.
TERMS Denial of Service Attack (DoS) — a term used when an attacker
attempts to prevent legitimate users from accessing information or services. The most common and obvious type of DoS attack occurs when an attacker “floods” a network with information.
Distributed Denial of Service Attack (DDoS) — a DoS attack where the attacker uses multiple machines rather than one machine to prevent legitimate users from accessing information or servies. This type of attack is generally more effective than a traditional DoS attack.
Man-in-the-Middle Attack - A system between two hosts that either passively watches traffic to gain information used to “replay” a session or actively interferes with the connection, potentially imitating the remote system.
Zombies - Computer system infected by a virus or Trojan horse that allows the system to be remotely controlled for future exploits. These systems may be used to send large amounts of spam e-mail or take part in Distributed Denial of Service (DDoS) attacks.
TERMS Password Cracker - An application that tries to obtain a password by repeatedly
generating and comparing encrypted passwords or by authenticating multiple times to an authentication source. Common methods of Password cracking
Brute Force Dictionary
Biometrics – When used in Information Technology it usually refers to the use of human traits
for authentication This method can include fingerprints, eye retinas and irises, voice patterns, and a
host of other consistent biological data Social Engineering — the practice of obtaining confidential
information by manipulation; for example, people claiming to be administrators may trick computer users in to divulging sensitive information.
Grayware – Annoying, Unwanted Applications that “find their way” to your PC without your consent
Crimeware – Malware designed with the express purpose of aiding criminal activity, udually for financial gain or identity theft.
TERMS Key Logging Software - Software or Hardware installed on a system to
capture and log all keystrokes Security Exploit - A software bug, or feature, that allows access to a
computer system beyond what was originally intended by the operator or programmer.
Peer-to-Peer File sharing, or P2P, is using software to facilitate the transfer of data between two systems without the need for a central file server
HTTP - (Hyper Text Transfer Protocol) URL - (Uniform Resource Locator) Firewall — software, hardware or both used to block
unauthorized access to a machine or a network. A firewall can be internal (on an individual machine) or external (a separate piece of hardware on a network protecting multiple machines); however, the use of both internal and external firewalls is commonplace. Ranges from simple to complex, Local operating system
firewalls are referred to as “personal firewall software”
FIREWALLS Firewalls
Hardware – Most Wireless Routers act as a Firewall Software (Windows Firewall or a vendor’s firewall – for
example Zone Alarm) Understanding Windows Firewall
A firewall is a system or software that controls the flow of traffic between networks and protects your computer or network from an attacker who might damage or get access to your personal information. This extra layer of protection is especially important if
your computer has an “always on” Internet connection such as a cable modem or a DSL line.
When someone on the Internet or a network tries to connect to your computer, Windows Firewall blocks the unsolicited connection.
If you run a program such as an instant messaging program, the firewall will ask if you want to block or unblock the connection.
If you choose to unblock the connection, Windows Firewall creates an exception and automatically allows the connection next time.
FIREWALL DIAGRAM
LAYERS OF SECURITY
FIREWALLS The Windows Firewall:
Designed to prevent unsolicited connections from reaching or originating from your computer.
You may have to configure it to allow connections for certain programs and services. If this is the case, you can make exceptions in the Windows Firewall for those programs.
Never allow an exception for a program that you don’t recognize.
Windows XP Note: Windows XP Service Pack 2 must be installed in order to see the Windows Firewall icon in the Control Panel.
The Windows Firewall does not: Detect or disable computer viruses and worms if they are
already on your computer. However, it will help block computer viruses and worms from reaching your computer.
Stop you from opening email with dangerous attachments. Block spam or unsolicited email from appearing in your inbox.
FIREWALLS
UPDATES
Keep Windows operating system current and updated with current patches and service packs.
Keep Windows applications (like Microsoft Office applications) current. In any Microsoft Office application, go to the
Help menu, select Check for Updates. In a Web browser, go to the link at:
http://office.microsoft.com/productupdates/ Microsoft Office updates are also available on
CD by clicking on the link “Order service pack CDs.”
MICROSOFT BASELINE SECURITY ANALYZER (MBSA)
Use it to identify common security vulnerabilities.
(It may be difficult to keep up with all of the security fixes and updates for Windows, even with the assistance of Windows Update.
MBSA is a tool that checks the latest list of fixes and compares it with the ones that have been installed on one or more computers.
In addition, MBSA checks for common security vulnerabilities, such as weak passwords and insecure configuration.
ANTI-MALWARE PROGRAMS
Commonly used Anti Malware Programs include AVG, Microsoft Security Essentials, Norton, Mcaffee, Kaspersky, Adaware, Spyware Doctor.
Obtain and install an antivirus program on your computer.
Enable Resident Shield – May be called Proactive Threat Protection or similar name.
Perform or schedule Virus Signature Updates to occur frequently.
Perform manual virus scans on external media. Schedule a virus scan to occur on a regular
basis.
MALWARE PREVENTION
Keep anti-virus definitions up-to-date
MALWARE PREVENTION
Keep your systems patched Automatic updates on Windows Software Updates on OS X
Run a software firewall Already included in most operating systems Verify it is turned on!
Run up-to-date anti-virus software Don’t connect computer directly to Internet
Use a hardware firewall or router Run as a standard user instead of Administrator
Limits possible damage
MALWARE PREVENTION
Ensure software
firewall is running
