Security
Frank H. Vianzon
Community College of Aurora
• A virus is a program that attempts to damage a computer
system and replicate itself to other computer systems. A virus
h...
• Win32/Conficker
• This virus is a network worm and exploits the RPC sub-system vulnerability present
in the Microsoft Wi...
Virus Scans
•
•
•

Trend Micro
Norton
McAfee

• Keep them updated?
Daily?
Every 4 hours

• Look for processes
•

Task Mana...
Some malicious software can hide itself such that there
might not be any obvious signs of its presence. Other
symptoms of ...
Additional Countermeasures

• Install anti-virus scanning software on e-mail servers.
Attachments are scanned before e-mai...
Additional Countermeasures

• Keep your operating system files up to date; apply securityrelated hotfixes as they are rele...
• Computers must meet certain health requirements before they
are allowed to connect to the network. These requirements
mi...
Spyware is software that is installed without the user's
consent or knowledge, designed to intercept or take partial
contr...
• Collects various types of
personal information, such as
Internet surfing habits and
passwords, and sends the
information...
• Grayware is software that might offer a
legitimate service, but which also includes
features that you aren't aware of or...
• Repair the infection. Repair is possible for true viruses that have
attached themselves to valid files. During the repai...
• Spam is unwanted and
unsolicited e-mail sent to
many recipients. Spam: Can
be benign as e-mails trying to
sell products....
•
•
•
•
•

Dumpster Diving
Shoulder Surfing
Piggybacking
Eavesdropping
Masquerading

• Phishing – where do you see phishin...
Countermeasures
•
•

•
•
•
•
•

Train employees to demand proof of identity over the phone and in person.
Define values fo...
• Phishing uses an e-mail
and a spoofed Web site to
gain sensitive information.
In a phishing attack: A
fraudulent message...
• Hoax virus information e-mails is a form of a phishing
attack. This type of attack preys on e-mail recipients who
are fe...
• New scam involving
text messages
• Call the bank
because your card
has been cancelled

*Phishing with Text
• Spear phishing is an e-mail spoofing fraud attempt that
targets a specific organization, seeking unauthorized access
to ...
Depends on three things
1. The apparent source must appear to be a
known and trusted individual,
2. there is information w...
Countermeasures

The most effective countermeasure for social engineering is
employee awareness training on how to recogni...
Counter Measures

• Dispose of sensitive documents securely, such as
shredding or incinerating.
• Dispose of disks and dev...
BIOS Security
BIOS Passwords
Chassis Intrusion Detection
Hard Disk Password
TPM
• You cannot read the passwords from the disk.
• You cannot move the drive to another system to access the
disk without th...
Hard Disk Password

• If you forget the user password, use the master password
to access the drive. If you do not know eit...
Trusted Platform Module
(TPM)

• A TPM is a special chip on the motherboard that
generates and stores cryptographic keys. ...
Trusted Platform Module
(TPM)

• *Protects encrypted keys
• *Together with the BIOS, the TPM forms a Root of
Trust: The TP...
9.0 security (2)
Upcoming SlideShare
Loading in …5
×

9.0 security (2)

352 views
246 views

Published on

This is the slides for my CompTIA A+ class

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
352
On SlideShare
0
From Embeds
0
Number of Embeds
12
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

9.0 security (2)

  1. 1. Security Frank H. Vianzon Community College of Aurora
  2. 2. • A virus is a program that attempts to damage a computer system and replicate itself to other computer systems. A virus has the following characteristics: A virus requires a replication mechanism which is a file that it uses as a host. When the host file is distributed, the virus is also distributed. Viruses typically attach to files with execution capabilities such as .doc, .exe, and .bat extensions. Many viruses are distributed via e-mail and are distributed to everyone in your address book. • The virus only replicates when an activation mechanism is triggered. For example, each time the infected file or program is executed, the virus is activated. • The virus is programmed with an objective, which is usually to destroy, compromise, or corrupt data. • Originally some viruses were created for nuisance Virus
  3. 3. • Win32/Conficker • This virus is a network worm and exploits the RPC sub-system vulnerability present in the Microsoft Windows operating system, allowing an attacker to remotely attack a computer without valid user credentials. Win32/Conficker infects the computer using unsecured folders, removable medium or by making use of Autorun facility enabled by default in windows. This threat contacts other domain names to download additional malicious code. • • • • • • • • Win32/PSW.OnlineGames Win32/Agent Win32/FlyStudio INF/Conflicker INF/Autorun Win32/Pacex.Gen WMA/TrojanDownload.GetCodec Win32/Qhost http://www.techonzo.com/2010/03/9-computer-viruses-you-should-be-awareabout/ *Windows Virus
  4. 4. Virus Scans • • • Trend Micro Norton McAfee • Keep them updated? Daily? Every 4 hours • Look for processes • Task Manager Look for connections • Net Stat Common symptoms of malware on your system include: • • • • • • • • • The browser home page or default search page has changed. Excessive pop-ups or strange messages being displayed. Firewall alerts about programs trying to access the Internet. System errors about corrupt or missing files. File extension associations have changed to open files with a different program. Files that disappear, are renamed, or are corrupt. New icons appear on the desktop or taskbar, or new toolbars show in the browser. The firewall or antivirus software is turned off, or you can't run antivirus scans. The system won't boot. *How to detect • •
  5. 5. Some malicious software can hide itself such that there might not be any obvious signs of its presence. Other symptoms of an infection include: • Slow Internet access. • Excessive network traffic, or traffic during times when no activity should be occurring. • Excessive CPU or disk activity. • Low system memory. • An unusually high volume of outgoing e-mail, or e-mail sent during off hours.
  6. 6. Additional Countermeasures • Install anti-virus scanning software on e-mail servers. Attachments are scanned before e-mail is delivered. You can also block all attachments to prevent any unwanted software, but this can also block needed attachments as well. • Implement spam filters and real-time blacklists. When implementing filters, be sure not to make the filters too broad, otherwise legitimate e-mails will be rejected. • Train users to use caution when downloading software or responding to e-mail. • Train users to update the virus definition files frequently and to scan removable storage devices before copying files. • Disable scripts when previewing or viewing e-mail. • Implement software policies that prevent downloading software from the Internet.
  7. 7. Additional Countermeasures • Keep your operating system files up to date; apply securityrelated hotfixes as they are released. • In highly-secured areas, remove removable drives (such as recordable optical drives and USB drives) to prevent unauthorized software from entering a system. Show full file extensions on all files. Viruses, worms, and Trojans often make use of double file extensions to change the qualities of files that are normally deemed harmless. For example, adding the extension .TXT.EXE to a file will make the file appear as a text file in an attachment, when in reality it is an executable. • Train users about the dangers of downloading software and the importance of anti-malware protections. Teach users to scan files before running them, and make sure they keep the virus protection definition files up to date.
  8. 8. • Computers must meet certain health requirements before they are allowed to connect to the network. These requirements might include having the latest security patches installed, having antivirus software, or having completed a recent antivirus scan. • Computers that meet the health requirements are given access to the network; computers that do not pass the health checks are denied full access. • Remediation for unhealthy computers provides resources to fix the problem. For example, the computer might be given limited network access in order to download and install the required antivirus software. • Network Access Protection (NAP) is Microsoft's implementation of NAC. Additional Countermeasures • Network Access Control (NAC) is a network-based solution that prevents unprotected computers from connecting to the network. With NAC:
  9. 9. Spyware is software that is installed without the user's consent or knowledge, designed to intercept or take partial control over the user's interaction with the computer. • Spyware: Is installed on your machine by visiting a particular Web page or running a particular application. • Can interfere with user control of the computer such as installing additional software, changing computer settings, and redirecting Web browser activity. – Ever Google search and cannot go back? Spyware
  10. 10. • Collects various types of personal information, such as Internet surfing habits and passwords, and sends the information back to its originating source. • Cookies are text files that are stored on a computer to save information about your preferences, browser settings, and Web page preferences. • Cookies are often used for legitimate purposes on ecommerce sites, but can be read or used for malicious purposes by spyware and other software. • Uses tracking cookies to collect and report a user's activities. Spyware
  11. 11. • Grayware is software that might offer a legitimate service, but which also includes features that you aren't aware of or features that could be used for malicious purposes. Grayware is often installed with the user's permission, but without the user fully understanding what they are adding. • Features included with grayware might be identified in the end user license agreement (EULA), or the features could be hidden or undocumented. The main objection to grayware is that the end user cannot easily tell what the application does or what was added with the application. Grayware
  12. 12. • Repair the infection. Repair is possible for true viruses that have attached themselves to valid files. During the repair, the virus is removed and the file is placed back in its original state (if possible). • Quarantine the file. Quarantine moves the infected file to a secure folder where it cannot be opened or run normally. You might quarantine an infected file that cannot be repaired to see if another tool or utility might be able to recover the file at another time. • Delete the file. You should delete files that are malicious files such as worms, Trojan horse programs, or spyware or adware programs. In addition, you should periodically review the quarantine folder and delete any files you do not want to recover. • *System Restore? • *Format and Recover! Remediation • Remediation is the process of correcting any problems that are found. Most antivirus software remediates problems automatically or semi-automatically (i.e. you are prompted to identify the action to take). Possible actions in response to problems are:
  13. 13. • Spam is unwanted and unsolicited e-mail sent to many recipients. Spam: Can be benign as e-mails trying to sell products. • Can be malicious containing phishing scams or malware as attachments. • Wastes bandwidth and could fill the inbox, resulting in a denial of service condition where users can no longer receive e-mails. Spam
  14. 14. • • • • • Dumpster Diving Shoulder Surfing Piggybacking Eavesdropping Masquerading • Phishing – where do you see phishing now?
  15. 15. Countermeasures • • • • • • • Train employees to demand proof of identity over the phone and in person. Define values for types of information, such as dial-in numbers, user names, passwords, network addresses, etc. The greater the value, the higher the security around those items should be maintained. If someone requests privileged information, have employees find out why they want it and whether they are authorized to obtain it. Verify information contained in e-mails and use bookmarked links instead of links in emails to go to company Web sites. Dispose of sensitive documents securely, such as shredding or incinerating. Dispose of disks and devices securely by shredding floppy disks or overwriting disks with all 1's, all 0's, then all random characters. Verify information from suspicious e-mails by visiting two or more well-known malicious code threat management Web sites. These sites can be your antivirus vendor or a well-known and well-regarded Internet security watch group.
  16. 16. • Phishing uses an e-mail and a spoofed Web site to gain sensitive information. In a phishing attack: A fraudulent message that appears to be legitimate is sent to a target. • The message requests the target to visit a Web site which also appears to be legitimate. • The fraudulent Web site requests the victim to provide sensitive information such as the account number and password. Phishing
  17. 17. • Hoax virus information e-mails is a form of a phishing attack. This type of attack preys on e-mail recipients who are fearful and will believe most information if it is presented in a professional manner. All too often, the victims of these attacks fail to double check the information or instructions with a reputable third party antivirus software vendor before implementing the recommendations. Usually these hoax messages instruct the reader to delete key system files or download Trojan horses. Phishing with Hoax Virus
  18. 18. • New scam involving text messages • Call the bank because your card has been cancelled *Phishing with Text
  19. 19. • Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. Spear phishing attempts are not typically initiated by "random hackers" but are more likely to be conducted by perpetrators out for financial gain, trade secrets or military information • • • • • Facebook LinkedIn eBay/Paypal Click here to see your grade Other social media So why have a facebook at all? *Spear Phishing
  20. 20. Depends on three things 1. The apparent source must appear to be a known and trusted individual, 2. there is information within the message that supports its validity 3. the request the individual makes seems to have a logical basis. Combine with Social Engineering *Spear Phishing
  21. 21. Countermeasures The most effective countermeasure for social engineering is employee awareness training on how to recognize social engineering schemes and how to respond appropriately. Specific countermeasures include: • Train employees to demand proof of identity over the phone and in person. • Define values for types of information, such as dial-in numbers, user names, passwords, network addresses, etc. The greater the value, the higher the security around those items should be maintained. • If someone requests privileged information, have employees find out why they want it and whether they are authorized to obtain it. • Verify information contained in e-mails and use bookmarked links instead of links in e-mails to go to company Web sites.
  22. 22. Counter Measures • Dispose of sensitive documents securely, such as shredding or incinerating. • Dispose of disks and devices securely by shredding floppy disks or overwriting disks with all 1's, all 0's, then all random characters. • Verify information from suspicious e-mails by visiting two or more well-known malicious code threat management Web sites. These sites can be your antivirus vendor or a well-known and well-regarded Internet security watch group.
  23. 23. BIOS Security BIOS Passwords Chassis Intrusion Detection Hard Disk Password TPM
  24. 24. • You cannot read the passwords from the disk. • You cannot move the drive to another system to access the disk without the password (the password moves with the disk). • You cannot format the disk to remove the passwords. Hard Disk Password • Some portable computers allow you to set a password on a hard disk. When set, the password must be given at system startup or the disk cannot be used. • Hard disk passwords are part of the ATA specifications so they are not dependent upon a specific disk manufacturer. • There are two different passwords: user and master. • Set the password(s) by using the CMOS program. Some programs do not allow you to set a password, only let you set the user password, or let you set both a user and a master password. • Passwords are saved on the hard disk.
  25. 25. Hard Disk Password • If you forget the user password, use the master password to access the drive. If you do not know either password, you cannot access any data on the drive. • Most drives allow a limited number of incorrect password attempts. After that time, you must restart the system to try entering additional passwords. You can try as long as you want, but constantly restarting the system makes guessing the password a tedious job. • Drives might ship with a default master password. However, these passwords (if they exist) are not publicly available and cannot be obtained from disk manufacturers. • Setting a hard disk password is sometimes referred to as locking the hard disk.
  26. 26. Trusted Platform Module (TPM) • A TPM is a special chip on the motherboard that generates and stores cryptographic keys. Use the CMOS program to initialize the TPM. • During initialization, you set a TPM owner password. The TPM password is required to manage TPM settings. • The TPM includes a unique key on the chip that can be used for hardware system identification. • The TPM can generate a cryptographic key or hash based on the hardware in the system, and use this key value to verify that the hardware has not changed. This value can be used to prevent the system from booting if the hardware has changed. • The TPM can be used by applications to generate and save keys that are used with encryption.
  27. 27. Trusted Platform Module (TPM) • *Protects encrypted keys • *Together with the BIOS, the TPM forms a Root of Trust: The TPM contains several PCRs (Platform Configuration Registers) that allow a secure storage and reporting of security relevant metrics. These metrics can be used to detect changes to previous configurations and derive decisions how to proceed. A good example can be found in Microsoft's BitLocker Drive Encryption (see below). • *Therefore the BIOS and the Operating System have the primary responsibility to utilize the TPM to assure platform integrity. Only then applications and users running on that platform can rely on its security characteristics such as secure I/O "what you see is what you get", uncompromised keyboard entries, memory and storage operations.

×