Upload
vuongkhuong
View
223
Download
5
Embed Size (px)
Citation preview
Threat Protection – Tools and Best Practices ‐ Objectives
1. Threat Types – Express familiarity with different threat types such as Virus, Malware, Trojan,
Spyware, and Downloaders.
2. Threat Vectors – Be familiar with common threat vectors (sources) like websites, Scare Tactics,
social networking, email, and media.
3. Virus Protection ‐ Show knowledge of the following: Real time protection, standalone
protection, and the recommended frequency of scheduled scans
4. The Unknown – Understand the concept of the “Unknown” malware.
5. Reporting – Know what events should be reported/ recorded.
6. Windows Updates – Express understanding of “2 forms and 2 flavors” as well as proper timing of
updates installation.
Threat Protection – Tools and Best Practices
The greatest threat to our security is assuming the following:
“Someone” is looking out for us.
“They” have our best interests in mind.
“They” do not have ulterior motives.
“No one” would do that, it’s unethical.
Threat Types
Virus –
A virus is a piece of code that is capable of copying itself and typically has a detrimental effect,
such as corrupting the system or destroying data.
Malware –
Malware is software designed to infiltrate or damage a computer system without the owner's
informed consent. It includes Trojans, viruses, worms, and downloaders.
A Trojan horse, or Trojan –
A Trojan is a hacking program that is a non‐self‐replicating type of malware which gains
privileged access to the operating system while appearing to perform a desirable function but
instead drops a malicious payload, often including a backdoor allowing unauthorized access.
This can allow the Trojan creator an opportunity to utilize your computer.
Spyware –
Spyware enables a hacker to obtain information about another person’s computer activities. It
does this by by transmitting data covertly from their hard drive thru the internet.
Downloaders and Droppers –
Downloaders continually downloads “all of the above” to keep the computer infected even after
removal of the offending program. Once inside your computer they can be used to bypass
antivirus programs by concealing malware payloads within a container/program or downloading
them directly.
Threat Vectors
Internet ‐
Bait ‐ We are Fish. Game and screen saver websites, and Internet Explorer add‐ons.
Screensavers are programs. Any program can be poorly written.
Avoid game and screensavers sites – Many game sites will require you to install an add‐on to
internet explorer. Some of these add‐ons can be harmful to your computer and others can take
your internet over completely. Screensaver websites are a known source of viruses and
malware. As well, poorly written screen savers can cause performance problems with your
computer. They may not unload from memory fully or can cause memory faults because they
are trying to use memory already being used by windows or other programs.
Social Networking –
Social networking applications like “Facebook” and others allow you to pass files (programs,
pictures, and documents between users. Just because they are your friend on Facebook it does
not mean they are safe with their files or computer/device.
Scare Tactics –
Don’t fall for Scare Tactics. Analyze everything…. Scare tactics come from many sources, Email
warnings, website pop‐up ads, etc., warning you that your computer is infected. They are
designed to convince you to take some action that will ultimately be harmful to your computer
or your identity. The safest way to close a popup webpage or rogue program is to hit CTRL‐ALT‐
DEL and click on Task Manager. Select the internet explorer instance or program that you think
is the proper one and click on end task. Alternately you can log out of any software package that
you are connected to shut down your computer normally without clicking on anything else.
Email –
Don’t give out your work email address online unless it is for official business. The best way to
reduce junk mail is by not giving out your address unless it is necessary in the performance of
your job duties. Do not participate in joke/junk mail circles. Your address gets forwarded on to
everyone else who ever reads it in the future.
Preview pane in Outlook or other email clients.
Turn off the preview pane (reading pane) in your email client – With the preview pane on, you
can’t select an email to delete it without opening it in the viewer. Turning off this preview will
allow you to select and delete without ever opening the mail. Disable for inbox, junk, and
deleted items.
Personal emails –
Don’t check your personal email while at work. Doing so subjects your office computers to un‐
necessary risk. If you must check personal email at work please get authorization from your
supervisor. Utilizing your personal email for work related activities can subject your email
account to investigation and possible search now and into the future due to unforeseeable
litigation that may be put upon your office/department.
Media –
Any tape, CD, DVD, floppy, flash, or other “Input/Output” device can carry malware and can
infect your computer/device.
Virus Protection –
Free Antivirus –
Free antivirus products rarely provides as much protection and support as a paid for antivirus.
Review the EULA of any “Free” products that you use to be sure that “Use on Government computers” is
allowed.
Real‐Time Protection –
Real‐time protection resides between you and your computer and the internet. It monitors
incoming/outgoing data and blocks its entry into the computer if the data matches a known
malware pattern.
Never install more than one antivirus program that provides “Real Time” protection on your
computer. They will fight for ultimate control and your computer can suffer from poor
performance as a result.
Standalone Protection –
Get a second opinion ‐ Freestanding programs (not to be confused with free programs) are
available that can provide you with a second opinion of your malware status. Online scanning
for malicious software can also be done at several antivirus vendor sites.
Scheduled Scans –
The most overlooked protection step is not scanning your hard drive. Just having an antivirus
installed and updated is not enough. Weekly/monthly scheduled scanning of your drive should
also be taking place. As your antivirus learns of new threats (updates), it may detect a malware
that has been living in your computer without your knowledge.
The Unknown…
New or unknown viruses and malware – All malware spends some time as an unknown. There is always
some time lag between when a virus or malware gets created and when you are protected from it.
Someone has to get it. It has to be identified as a virus. Antivirus vendors have to update their detection
schemes to detect it and you have to download the update. This can take weeks during which time you
are vulnerable to the new attack. The only 100% protection for a computer is not to have it connected
to any network or internet at all. Even then, CD’s or flash drives that are infected can be inserted
infecting even the invulnerable.
Reporting ‐ Need for Reporting, virus, odd behavior, and compromise.
Report any suspicious activity or unexpected computer events to your supervisor – If your antivirus
reports a virus or your homepage suddenly changes you should report this to your supervisor. Odd
behavior can be your warning that something is about to go wrong. It may be that your computer and or
data have been compromised and this should be investigated further.
Windows Updates ‐
Windows updates provide security patches and performance fixes as well as “bug” fixes and “Service
Packs”.
Service packs (come from windows update) are MAJOR operating system upgrades and should
only be done after backing up your data and when you have plenty of time for it to finish.
A cautionary note about timing and workload ‐ Do not perform windows updates just prior to any major
work project like payroll, year‐end processes, or budget.
Windows Updates – Windows updates comes in 2 forms, Automatic and Manual and 2 flavors,
Windows updates and Microsoft Updates. Most users will install automatic updates routinely
because they get reminded by the balloon popup every time they log on or shutdown. Users
should periodically perform a manual update by clicking on the windows update link.
The first time there you should sign up for “Microsoft Updates” This will allow updates for other
Microsoft products (Word, Excel, etc) to be installed as well. After signing up for “Microsoft
updates”, you should repeatedly come back to this link until it shows 0 (zero) critical updates
available. Manual updating should be done every 6 months.
LGC recommendations/offerings –
Your office may purchase AVG antivirus from LGC. After the initial sale, we can include the AVG product
renewal in with your annual hardware support costs on contracted computers. For non‐contracted
computers we can provide renewals on demand at a cost.
LGC also offers “Malwarebytes Antimalware”. It comes quoted automatically with any new PC and we
can sell a copy to any existing user. MWB is a onetime purchase per computer and is not transferrable.
Discussion
Testing
Closing
3/6/2014
1
Tools and Best Practices
INTRODUCTION
The greatest threat to our digital security is assuming the following:
• “Someone” else is looking out for me.
• “They” have my best interests in mind.
• “No one” would do that, it’s unethical.
• It won’t happen to me, I have nothing of value on my computer.
• It won’t matter if I get a virus because all I do is surf the internet.
OBJECTIVES
To gain a basic understanding of the following topics:
Threat Types
Threat Vectors (sources)
Virus Protection
The Unknown Malware
Reporting
Windows Updates
3/6/2014
2
THREAT TYPESMalware
Malware is software designed to infiltrate or damage a computer system without the owner's informed consent. It includes Trojans, viruses, worms, and downloaders.
Virus
A virus is a piece of code that is capable of copying itself and typically has a detrimental effect, such as corrupting the system or destroying data.
Trojan
A Trojan is a hacking program that is a non-self-replicating type of malware which gains privileged access to the operating system while appearing to perform a desirable function but instead drops a malicious payload, often including a backdoor allowing unauthorized access. This can allow the Trojan creator an opportunity to utilize your computer.
Spyware
Spyware enables a hacker to obtain information about another person’s computer activities. It does this by transmitting data covertly from their hard drive thru the internet.
Downloaders and Droppers
Downloaders continually downloads “all of the above” to keep the computer infected even after removal of the offending program. Once inside your computer they can be used to bypass antivirus programs by concealing malware payloads within a container/program or downloading them directly.
MALWARE – TROJANS, VIRUSES, WORMS, AND DOWNLOADERS.
Trojans allow the enemy inside your computer by opening a backdoor.
Viruses are self replicating and spread throughout your files.
Worms propagate themselves thru your local area network
Downloaders Invite all their buddies into your computer
Malware
THREAT VECTORS• Internet - Avoid game and screensavers sites – Many game sites will require you to install an
add-on to internet explorer. Some of these add-ons can be harmful to your computer and others can take your internet over completely. Screensaver websites are a known source of viruses and malware. As well, poorly written screen savers can cause performance problems with your computer.
• Social Networking – Social networking applications like “Facebook” and others allow you to pass files (programs, pictures, and documents) between users. Just because they are your friend on Facebook it does not mean they are safe with their files or computer/device.
• Scare Tactics – Don’t fall for Scare Tactics. Analyze everything…. Scare tactics come from many sources, Email warnings, website pop-up ads, etc., warning you that your computer is infected. They are designed to convince you to take some action that will ultimately be harmful to your computer or your identity. The safest way to close a popup webpage or rogue program is to hit CTRL-ALT-DEL and click on Task Manager. Select the internet explorer instance or program that you think is the proper one and click on end task. Alternately you can log out of any software package that you are connected to shut down your computer normally without clicking on anything else.
3/6/2014
3
WE ARE ALL FISH
Screen Savers, Desktop images, and Games are the bait.
THREAT VECTORS - CONTINUED• Email – Don’t give out your work email address online unless it is for official business. The best
way to reduce junk mail is by not giving out your address unless it is necessary in the performance of your job duties. Do not participate in joke/junk mail circles. Your address gets forwarded on to everyone else who ever reads it in the future.
• Turn off the preview pane (reading pane) in your email client – With the preview pane on, you can’t select an email to delete it without opening it in the viewer. Turning off this preview will allow you to select and delete without ever opening the mail. Disable for inbox, junk, and deleted items.
• Personal emails – Don’t check your personal email while at work. Doing so subjects your office computers to un-necessary risk. If you must check personal email at work please get authorization from your supervisor. Utilizing your personal email for work related activities can subject your email account to investigation and possible search now and into the future due to unforeseeable litigation that may be put upon your office/department.
• Media – Any tape, CD, DVD, floppy, flash, or other “Input/Output” device can carry malware and can infect your computer/device.
EMAIL - KEEP SOME THINGS VERY PRIVATE
• Don’t give out your email address.
• Use a bogus account or fictitious information first.
• Create a 2nd Junk account for your junk correspondence that must have a valid address.
• Don’t check your personal email at work.
• Don’t check your work email at home.
3/6/2014
4
TURN OFF THE PREVIEW PANE
Turn off the reading pane for Inbox, Deleted items, and Junk Mail
VIRUS PROTECTION• Free antivirus products rarely provides as much protection and support as a paid for antivirus.
Review the EULA of any “Free” products that you use to be sure that “Use on Government computers” is allowed.
• Real-time protection resides between you, your computer, and the internet. It monitors incoming/outgoing data and blocks its entry into the computer if the data matches a known malware pattern.
• Never install more than one antivirus program that provides “Real Time” protection on your computer. They will fight for ultimate control and your computer can suffer from poor performance as a result.
• Standalone Protection – Get a second opinion - Freestanding programs (not to be confused with free programs) are available that can provide you with a second opinion of your malware status. Online scanning for malicious software can also be done at several antivirus vendor sites.
• Scheduled Scans – The most overlooked protection step is not scanning your hard drive. Just having an antivirus installed and updated is not enough. Weekly/monthly scheduled scanning of your drive should also be taking place. As your antivirus learns of new threats (updates), it may detect a malware that has been living in your computer without your knowledge.
FREE IS NOT REALLY FREE
• What does “Free” mean?
• Cost is not measured in pure dollars anymore.
• What is your privacy worth?
• What is access to your PC worth?
• Free versions are obviously something less than “Paid For” versions!
• Read the EULA
3/6/2014
5
THE UNKNOWN MALWARE
All malware spends some time as an unknown.
There is always some time lag between when a virus or malware gets created and when you are protected from it.
Someone has to get it. It has to be identified as a virus. Antivirus vendors have to update their detection schemes to detect it and you have to download the update.
This can take weeks during which time you are vulnerable to the new attack.
The only 100% protection for a computer is not to have it connected to any network or internet at all. Even then, CD’s or flash drives that are infected can be inserted infecting even the invulnerable.
REPORTING RESPONSIBILITIES
• Individual office personnel must report suspicious activity or they put the whole office at risk.
• It’s everyone’s responsibility to insure the security and integrity of office data.
• Government and Corporate offices are incorporating network monitoring systems to track data transfers and internet usage.
WINDOWS UPDATES
Windows updates provide security patches and performance fixes as well as “bug” fixes and “Service Packs”.
Service packs (come from windows update) are MAJOR operating system upgrades and should only be done after backing up your data and when you have plenty of time for it to finish.
Do not perform windows updates just prior to any major work project like payroll, year-end processes, or budget.
Windows Updates – Windows updates comes in 2 forms, Automatic and Manual and 2 flavors, Windows updates and Microsoft Updates. Most users will install automatic updates routinely because they get reminded by the balloon popup every time they log on or shutdown. Users should periodically perform a manual update by clicking on the windows update link.
The first time there you should sign up for “Microsoft Updates” This will allow updates for other Microsoft products (Word, Excel, etc.) to be installed as well. After signing up for “Microsoft updates”, you should repeatedly come back to this link until it shows 0 (zero) critical updates available. Manual updating should be done every 6 months.
3/6/2014
6
WINDOWS UPDATES VS. MICROSOFT UPDATES
LGC RECOMMENDATIONS AND OFFERINGS
• Your office may purchase AVG antivirus from LGC. After the initial sale, we can include the AVG product renewal in with your annual hardware support costs on contracted computers. For non-contracted computers we can provide renewals on demand at a cost.
• LGC also offers “Malwarebytes Antimalware”. It comes quoted automatically with any new PC and we can sell a copy to any existing user. MWB is a onetime purchase per computer and is not transferrable.
REVIEW QUESTIONS
1. True / False – Installing more than 1 antivirus at a time is recommended.
2. Pick the correct statement
a: Weekly/Monthly antivirus scan is recommended.
b: You never need to scan your hard drive.
c: Scanning annually is the only requirement.
3. The common threat types include:
a: bogus, hoax, malware, Trojans, and spyware
b. rogue, malware, virus, spyware and downloaders
c: malware, viruses, Trojans, spyware, and downloaders
3/6/2014
7
REVIEW QUESTIONS CONTINUED4. Common places to acquire a malware include:
a. subways, coffee shops, email, and internet cafes.
b. internet, social networking, scare tactics, email, and media
c. jail, prison, detention, my neighbors house, and the hospital
5. True / False . Unknown malware can’t hurt your computer because your antivirus does not recognize it.
6. Who should report unusual computer behavior?
7. Operating system updates comes in 2 forms and 2 flavors. What are they?
a. Reverse, forward, Chocolate, and Vanilla.
b. Automatic, manual, windows updates, and Microsoft updates.
c. Update, uninstall, windows updates, Microsoft updates.
LOCAL GOVERNMENT CORPORATION
Thank You for Attending
Threat Protectionat Resource 2014