Computer Security

Download Report

Transcript Computer Security

Computer Security
What to Know and What to Do
Presented to CUGG 10/2005 2/2012
Jamie Leben IT-Works Computer Services
www.i-t-w.com 970-405-4399
Copyright 2005
What to Know?
What to Know
Consumers Union, the organization that
publishes Consumer Reports, estimates
there's a 1-in-3 chance this year that
computer users at home will have their
identity stolen or their computer damaged
from the proliferation of malicious
programs
What to Know
Resources


en.wikipedia.org - online encyclopedia, use to
research unfamiliar computer terms
www.staysafeonline.org - National Cyber Security
Alliance Home Page
What to Know
Terminology

ActiveX Controls (malicious): ActiveX is a Microsoft
platform for software componentry. It is used to
enable cross-application communication and dynamic
object creation in any programming language that
supports the technology. The embedding of COM into
the Internet Explorer web browser (under the name of
ActiveX) created a combination of problems that has
led to an explosion of computer virus, trojan and
spyware infections. These malware attacks mostly
depend on ActiveX for their activation and
propagation to other computers.
What to Know
Terminology

Botnet: Botnet is a jargon term for a collection of
software robots, or bots, which run autonomously. A
botnet's originator can control the group remotely,
usually through a means such as IRC, and usually for
nefarious purposes. A botnet can comprise a
collection of cracked machines running programs
(usually referred to as worms, Trojan horses, or
backdoors) under a common command and control
infrastructure. Botnets serve various purposes,
including Denial-of-service attacks, creation or misuse
of SMTP mail relays for spam, click fraud, and the
theft of application serial numbers, login IDs, and
financial information such as credit card numbers.
What to Know
Terminology

Firewall: In computing, a firewall is a piece of
hardware and/or software which functions in a
networked environment to prevent some
communications forbidden by the security
policy, analogous to the function of firewalls in
building construction.
What to Know
Terminology

Malware: Malware (a portmanteau of
"malicious software") is software program
designed to fulfill any purpose contrary to the
interests of the person running it. Examples of
malware include viruses and trojan horses.
What to Know
Terminology

Peer to Peer (P2P): A peer-to-peer (or P2P) computer
network is a network that relies on the computing
power and bandwidth of the participants in the
network rather than concentrating it in a relatively few
servers. P2P networks are typically used for
connecting nodes via largely ad hoc connections.
Such networks are useful for many purposes. Sharing
content files (see file sharing) containing audio, video,
data or anything in digital format is very common, and
realtime data, such as telephony traffic, is also
passed using P2P technology.
What to Know
Terminology

Pharming: Pharming is the exploitation of a
vulnerability in the DNS server software that
allows a cracker to acquire the Domain Name
for a site, and to redirect that website's traffic
to another web site. DNS servers are the
machines responsible for resolving internet
names into their real addresses — the
"signposts" of the internet.
What to Know
Terminology

Spyware: Spyware is a broad category of
malicious software intended to intercept or
take partial control of a computer's operation
without the user's informed consent.
What to Know
Terminology

SSL security certificate: SSL provides
endpoint authentication and communications
privacy over the Internet using cryptography.
In typical use, only the server is authenticated
(i.e. its identity is ensured) while the client
remains unauthenticated.
What to Know
Terminology

Phishing: In computing, phishing (also known
as carding and spoofing) is a form of social
engineering, characterised by attempts to
fraudulently acquire sensitive information,
such as passwords and credit card details, by
masquerading as a trustworthy person or
business in an apparently official electronic
communication, such as an email or an
instant message. The term phishing arises
from the use of increasingly sophisticated
lures to "fish" for users' financial information
and passwords.
What to Know
Terminology

Trojan: A trojan horse program has a useful and
desired function, or at least it has the appearance of
having such. Secretly the program performs other,
undesired functions. The useful, or seemingly useful,
functions serve as camouflage for these undesired
functions. The kind of undesired functions are not part
of the definition of a Trojan Horse; they can be of any
kind. They relied on fooling people to allow the
program to perform actions that they would otherwise
not have voluntarily performed. Trojans of recent
times also contain functions and strategies that
enable their spreading. This moves them closer to the
definition of computer viruses, and it becomes difficult
to clearly distinguish such mixed programs between
Trojan horses and viruses.
What to Know
Terminology

Virus: In computer security technology, a virus
is a self-replicating program that spreads by
inserting copies of itself into other executable
code or documents.
What to Know
Terminology

Worm: A computer worm is a self-replicating
computer program, similar to a computer
virus. a worm is self-contained and does not
need to be part of another program to
propagate itself.
What to Know
Terminology
Rootkit: A rootkit is a stealthy type of
malicious software (malware) designed to
hide the existence of certain processes or
programs from normal methods of detection
and enables continued privileged access to a
computer.
http://en.wikipedia.org/wiki/Rootkit

What to Do?????
What to Do?
Don't let the grandkids use the computer :)



They are great for installing malicious ActiveX
and javascript
Many use P2P software- a haven for infected
files
Will readily click the button labeled
“Click here to install junk on this machine”
What to Do?
Antivirus software installed and up to date

Microsoft Security Essentials
http://windows.microsoft.com/en-US/windows/products/security-essentials

Free Avast antivirus
http://www.avast.com/free-antivirus-download

Free AVG antivirus
http://free.avg.com/us-en/homepage

I suggest 1 antivirus program, and 1 or more
antispyware programs
What to Do?
Antispyware software installed and up to
date
Malwarebytes
http://www.malwarebytes.org
 Ad-Aware
http://www.lavasoft.com
 Spybot Search and Destroy
http://www.safer-networking.org/en/index.html

What to Do?
Have an active Firewall



External router is a good idea w/ high speed
Windows XP SP1 or greater includes a good
firewall
Vista, 7, Mac OS X, and Linux include good
firewall
What to Do?
Update operating system


http://www.update.microsoft.com - free
updates for windows
Keep automatic updates enabled, install
updates when recommended
What to Do?
Use a (free) alternative browserChrome
https://www.google.com/chrome
 Firefox
http://www.getfirefox.com
 Opera
http://www.opera.com/
 Safari
http://www.apple.com/safari/

What to Do?
Don't trust emails claiming to be from
banks, ebay, paypal
Who can remember the term for these?
Check www.snopes.com for accuracy.

What to Do?
Be extremely cautious of websites that
produce (SSL) security certificate
warnings


May mean the website itself has been
hijacked
Who recalls the term for this?
What to Do?
Be cautious clicking pop up windows.

Can link to trojans
What to Do?
Don't install ActiveX without verification

Beware “unsigned ActiveX control” messages
What to Do?
Don't open email attachments without
verifying with the sender first.
What to Do?
Be wary of content on Peer to peer file
sharing networks (don't share copyrighted
material)
What to Do?
Switch to Linux or Mac OS
I’m infected, what now?
• System restore to a known good date
• Start in safe mode with networking
• Download:
•
•
Tdsskiller (antirootkit)
Combofix (antimalware)
http://support.kaspersky.com/faq/?qid=208280684
http://www.bleepingcomputer.com/download/anti-
virus/combofix
•
Malwarebytes (antimalware)
http://www.malwarebytes.org
• Run one at a time, in the order above,
rebooting as the programs suggest
I’m infected, what now?
• Scan twice with combofix- once in safe
mode, reboot into regular mode, scan
again
• Repeat full scans with malwarebytes until
the scans come clean, or your are on your
third scan, with infections remaining- you’ll
probably need to back up and reinstall.
Questions?