Presentation on theme: "MALWARE PREVENTION Ensure software firewall is running."— Presentation transcript:
MALWARE PREVENTION Ensure software firewall is running
SECURITY CENTER - GOOD Click Start->Control Panel->Security Center
SECURITY CENTER - BAD Click Start->Control Panel->Security Center
WIRELESS The linksys network is unsecured (is usually a router’s default)
PLANNING YOUR BACKUP STRATEGY AND WHAT TO CONSIDER It must be convenient or it will not work How quickly will you need to restore? Have multiple backups stored in different locations Plan around your daily schedule and find times which are best to perform backups Save all your data in one centralized location to simplify the process
PLANNING YOUR BACKUP STRATEGY AND WHAT TO CONSIDER Know how much data you need to backup Use your organizations shared backups to your advantage Do they backup shared drives Can be left on the server It is best to have multiple backup avenues
PLANNING YOUR BACKUP STRATEGY AND WHAT TO CONSIDER Always perform a backup prior to traveling with mobile devices What devices do you need to backup? Desktops Laptops Tablets Handheld Cell Phones
Source – A device or data location used which needs to be backed up Destination – Location where your backup will be created Restore Point – Date and time a backup occurred to restore from BACKUP TERMINOLOGY
Synchronization – Allows you to put the same data on 2 or more devices Initial sync takes a while to complete (dependant on how much data needs copied) Updates only the changed, deleted, or renamed data from either device in the partnership Commonly used to transfer data between laptops, desktops, tablets, and handhelds. It would still be advisable to deploy an additional backup plan for synchronized data. BACKUP TERMINOLOGY
Mirror – An exact copy of a directory, file, or drive Normally takes the same amount of space as the original Can often be accomplished with hardware between hard drives Mirroring disks is called RAID 1 (Redundant Array of Independent Disks) There are other types of RAI D configurations BACKUP TERMINOLOGY
BACKUP METHODS There are a choice of methods you can employ to make backup copies of your files. You can simply drag and drop the files you've created to other media, or Copy them using the XCOPY command, or use a third party CD /DVD mastering program (Nero) to copy your files to CD or DVD, or Use Windows or a third party backup programs to create a backup to other media.
BACKUP METHODS A CD mastering program, such as Nero, allows you backup your files to a CD-R. The resulting disc can be read by almost any CD-ROM, CD-R, or CD-RW drive without installing a compatible UDF reader program first. The disadvantage with these methods is that they are unable to create a backup larger than the media it is stored on. If this is a problem, you will need a true backup program capable of 'media spanning'. Backup programs differ from ordinary file saving by compressing files, storing many files in a single file proprietary to the backup program, and using the 'Archive' file attribute should you ask for a backup of changed or new files only.
BACKUP OPTIONS - BASIC At Very Least, Files Copied to Flash Drive Better than no backups at all Keep flash drive in safe place Windows Backup and Recovery Included with many Versions of Windows Takes a little practice Bundled Utility from Drive Manufacturer Other Backup Software Nero CD/DVD copying software Includes a system restore utility
BACKUP OPTIONS – DRIVE IMAGE Other Backup Software - Image of Drive True Image Home 2010 by Acronis Inexpensive at $50 per license Image Backup or File Backup Norton Ghost by Symantec Personal or enterprise version Image Backup or File Backup
BACKUP SCREEN – ACRONIS
Full Backup - Backup which contains all data from the Source Takes longer to create the backup Takes least amount of time to restore Takes the most amount of space for the backup Required as a starting point for backup plans BACKUP TYPES
Differential – Only the files changed since your last Full backup are copied Differential Backup is faster than a Full backup, but slower than an incremental backup. Restore is faster than an incremental, same as a full Take less space than a Full but more than an Incremental Over time can become larger than your Full Backup Only the Full and most recent Differential is required for a full restore BACKUP TYPES
Incremental – Only the files changed since most recent backup will be copied. Takes least amount of time to backup Takes the longest to restore Takes the least amount of storage space Dependent on a Full backup and any other Incremental backups for a full restore. BACKUP TYPES
Online Backup Services Mozy Carbonite The Initial backup of your files may take days, after that, hours. BACUP OVER THE INTERNET
BACKUP HARDWARE CONSIDERATIONS Consider the types of connections you have available on your computers USB 2.0 or better preferred eSATA drives (External SATA) IEEE 1394 or Firewire Ethernet via Wired or Wireless connections Consider the types of removable media you can use on your computer Flash Drives CD, DVD Drives External Drives by Seagate
BACKUP HARDWARE OPTIONS Many storage vendors are creating one stop solutions (Maxtor OneTouch, Western Digital MyBook) Check if they offer free backup software Create your own by buying external bay and an internal hard drive Usually does not come with software Normally less expensive
BACKUP HARDWARE OPTIONS CD/DVD writers Software can really affect how this applies Multiple format options CD, DVD, DVD double layer (DL), and RW Media is inexpensive, so keep multiple iterations Blu-Ray and HD-DVD Larger volumes VERY EXPENSIVE LACK OF STANDARDS Data size can be an issue
BACKUP HARDWARE OPTIONS Flash Drives (called Memory Keys) Great for the person on the move which needs to backup when traveling Up to 16 GB capacity is under $40 Up to 32 GB capacity is under $90
BACKUP DEMONSTRATION Simple - Copy Files to USB Drive More Advanced -Windows Backup
RECOVERY SCENARIOS Scenario 1 Hardware Problem – a drive fails Problem gets fixed – a new drive installed Partitions are then restored from backup Machine is bootable and ready to go Might only take an hour or two Scenario 2 Hardware Problem – a drive fails Problem gets fixed – a new drive installed No Partition backup available Start Recovery CD, or Reinstall everything from scratch Recover your data from a USB Key, CDs, etc. Do O/S updates, etc Takes a long time – a day? more?
Scenario 3 Multiple Virus Infections on machine - user has Quickbooks files backed up, but no image of entire drive Remove Malware with an anti-Malware program and continue, or: Reinstall Windows (to alleviate future security concerns) Reinstall Quickbooks Recover the Quick book files from backup Scenario 4 User Installs a new device – and then unable to boot Try to Boot using Last Known Good Configuration If still not booting, use F8 to get to Safe Mode Click No when prompted to Continue, thereby going to System Restore (Allows Windows to go back to prior version of the registry and drivers) Select a prior point in time to go back to. RECOVERY SCENARIOS
ACCESS CONTROL Physical Access Users, Groups and Permissions
ACCESS CONTROL Access control - to secure computers and operating systems. Human and physical security Make sure that your computer is physically secure. Keep business computers containing sensitive information behind a locked door. Hibernating or turning off the machine when you are not using it for long periods of time reduces vulnerability Watch out for “shoulder surfers” who try to steal passwords by watching your fingers as you log on Don’t tape passwords to the monitor Taking extra precautions to protect portable computers and hand-held devices…
PASSWORDS Password Limitations and why they are in place Password Expiration Decreases the chances of your password being cracked Complex Passwords Requiring complexity actually increases the possible character combinations required by brute-force cracking Password Length Requirements The longer your password the more possible character combinations are present and the harder it is to crack Dealing with Password Limitations Password lockouts If a certain number of login attempts fail within a given timeframe the account is automatically locked out for a preset amount of time Using this limitation stops brute force authentication attempts Dictionary Checks Simple checks against common dictionaries are used to increase password complexity.
PASSWORDS Suggestions for Complex Passwords Think of a phrase and use the first characters of each word, mixing case and adding numbers and special characters It is good to change your password every 6 months = Iig2cyPe6m UC huskies are number one = UchuskiesR#1 Using a favorite word or phrase and breaking it up with numbers and special characters Happy = Hap3py1 Motorcycle = M0tor6cyc!e Passwords: Don’t leave yours lying around Don’t share them with friends The longer the better Change passwords often Use minimum eight characters, mix of upper and lower case, include a digit and a symbol Set a password on all accounts, including the Administrator account.
Number of passwords for each length LengthNumber of PasswordsNumber of passwordsCracking Time 162Not nearly enoughTry this by hand 23844Three thousandAlmost no time One quarter of a millionLess than one second Fourteen millionTwo seconds Almost one billionTwo and a half minutes Fifty six billionTwo and a half hours Three and a half trillionOne week Two hundred trillionOne year Thirteen quadrillionSeventy years Eight hundred and forty quadrillion Forty centuries LotsA quarter of a million years Even moreSixteen million years PASSWORDS – LENGTH
PASSWORD CHANGE Demonstration
USING SAFELY Spammers want your address Anytime you send or receive communications on the Internet or browse a Web site, there are opportunities for individuals to intercept your communications to obtain your address. If you post to a Usenet newsgroup, list your address on a Web site, or fill out insecure forms on the Web, your address can be collected by spammers: Junk mail, known as spam, is becoming a very lucrative business for those who use the Internet for commercial advertising. Since is reasonably inexpensive, senders can blast it out by the millions at a rate much faster and cheaper than using other means such as that delivered by the postal service. Spammers can use automated programs to find addresses on the Internet very quickly. Unchecked, spam will not only overwhelm legitimate messages but may include viruses that can be dangerous to your computer.
USING SAFELY Dangerous Attachments are Common Electronic mail can be a major source of security concern. attachments are an important medium through which viruses, worms, and Trojan Horses spread from one computer to another. Every attachment is a potential threat to your computer’s security. Choose your client software carefully. Regardless of its origin, be cautious and don't open any attachment unless you know the sender. Also, never run or open any attachment from your program unless it has been scanned with an up-to-date antivirus program. If you're not certain that your antivirus program is working automatically, save the attachment to your hard drive and scan it manually before you open it.
PROTECTING AGAINST SPAM There are several ways to prevent spam from reaching you: Block junk . Many programs have built-in filters that can help you separate spam from your wanted . You may also try to enlist the help of your Internet Service Provider (ISP). Hide your address from spammers by setting up a separate address dedicated solely to Web transactions. Watch out for checked boxes when buying things online, as this may indicate that you are giving the company permission to sell or give your address to other parties. Review privacy policies when signing up for Web-based services. Policy should outline the whether the site will share your information. AOL’s Mail Controls (AOL Security Center) helps you: Block junk mail by keyword or sender Report spam in your mailbox Manage your spam folder
PROTECTING AGAINST SPAM Avoid listing your address in large Internet directories. Don’t set up accounts to generate automatic responses while you are away from the workplace. This will only verify your address to those spammers who send you spam while you are away. If you have an address listed on a Web page, consider opening or using a free account. Never open attachments unless they have been first scanned with an antivirus software program. In Outlook or Outlook Express, Go Offline before Opening s. Don’t buy anything from spam . Always go directly to the company's Web site.
PROTECTING AGAINST SPAM Despite your best efforts, you will probably still be subject to a certain amount of spam. Some tips for dealing with spam are: Don’t reply to any s asking for information. Always go directly to the company's Web site. If the spam seems to be coming from a disreputable source, do not follow the unsubscribe directions. This only verifies your true address. If you can’t confirm that the sender is valid, delete the message immediately without opening any attachments. Don’t forward chain messages, such as messages that state "Send this on to all of your friends.“ Treat an from a charity asking for money as spam. If you believe in the charity, contact them directly.
WHAT IS PHISHING? Phishing is a method that uses spam or pop-up messages to steal identities. An attempt to gather your personal information for malicious use “We suspect an unauthorized transaction on your account…. Please click the link below and confirm your identity” Typically it involves an official looking spoofing its origin to look like it is from a credit card company or bank. It may inform you that a security breach or system failure occurred and states that you need to go to their Web site to verify certain information related to your account. The Web site will look virtually identical to the actual institution’s Web site, but it is counterfeit intended to lead persons into divulging information required for identity theft. “Phisher” then uses information to steal money, identity, etc.
PHISHING SYMPTOMS You are asked to provide personal information to a person or website claiming to be from a legitimate company You have provided personal information to a person or website claiming to be from a legitimate company Unauthorized charges on your credit card Loans or credit applied for in your name Identity stolen
PHISHING EXAMPLE 1
PHISHING EXAMPLE 2
PHISHING EXAMPLE 3
PROTECTING AGAINST PHISHING Do not reply or click on any links in an or pop-up message asking for personal information. If you believe the contact may be legitimate, contact the organization or company using a legitimate phone number or open a new Internet Browser session and type in the company’s main Web address, and search for information about the request. Never provide your account password over the phone or in response to an unsolicited Internet request. Don’t personal or financial information. If you initiate a transaction through a Web site, be sure that the site is secure. Review account statements regularly to ensure all charges are correct. Report suspicious activity to the Federal Trade Commission (FTC) through the Internet at: or by calling (877) IDTHEFT.
A MICROSOFT ONLINE VIDEO Movie from Microsoft http: //www.microsoft.com/protect/ http: //www.microsoft.com/protect/
SAFER INTERNET BROWSING
Some good practices are: NEVER download software from the Web unless you are certain you know what it is and that you want and need it. Be wary of any Web site that says you need some special plug-in. Spyware often obtained through “Drive-by Download” when browsing the web To buy things online, Use “Paypal “or “Bill Me Later” when possible. Always make sure that any Internet site requesting personal information is secure. A locked padlock icon will appear (usually in the right-hand corner of the browser window). The URL should begin with https:// instead of (the “s” stands for Secure Sockets Layer). This ensures that the sensitive data, such as credit card information, is encrypted as it is transferred over the Internet. SAFER INTERNET BROWSING
SSL - “Secure Sockets Layer” – Negotiates a method to encrypt communication between a client and server Allows other network protocols to connect “over top” of it, such as web browsing and protocols TLS - “Transport Layer Security is a variant of SSL used to negotiate encryption within the network protocol being used Very important on insecure networks such as wireless How to verify SSL in a browser https: -- the web address begins with https meaning the connection is using HTTP over SSL Look for a lock icon Internet Explorer may display a Security Alert that states “you are about to view pages over a secure connection” Most browsers advise as you are enter or leave a secure Web site.
SAFER INTERNET BROWSING SSL In effect - https:// visible, and lock symbol in lower right
COOKIES What Are Cookies? Cookies are snippets of text (not program code) that a Web server can store on a user’s hard disk and which cannot be executed or be used to spread viruses. Cookies allow a Web site to store information on a user’s machine and later retrieve it when needed Cookies enable advertisers to collect information about your shopping preferences and interests. The main purpose of cookies is to keep track of activity on a specific Web site and possibly prepare customized Web pages for users. For example, a weather service may tailor its offerings to a user’s locality without a user having to enter the ZIP code every time. Home pages at certain portals can be customized to display only the information that is relevant to your needs or desires. You may see a welcome page with your name on it. Some online shopping sites may make recommendations to you based on previous purchases.
PEER-TO-PEER FILE SHARING Common issues with P2P file sharing Copyright issues Spyware / Adware Zombies Remote control Key logging Security exploits Sharing unexpected information How to protect yourself when using P2P – (Gnutella, Edonkey, Limewire, etc) Try to avoid them if possible Install Antivirus Install Spyware Detection Software Check for operating system and software updates regularly Try to avoid them if possible (intentionally repeated)
DO’S TO AVOID MALWARE Prevention is a matter of vigilance, using appropriate tools to protect your computer. It is usually the unwary who get computer viruses. Keep your operating system current with the latest patches and updates. The writers of viruses and worms often exploit bugs and security holes in operating systems and other computer software. Software manufacturers frequently release patches for such holes. When you are installing something on your computer, make sure you carefully read all disclosures, including the license agreement and privacy statement. Unreputable services may not give you any warning of including other software.
DO’S TO AVOID MALWARE Install antivirus (ant-malware) software. Antivirus programs perform two general functions: They scan for and quarantine or remove viruses in files on disks, and monitor the operation of your computer for virus-like activity. Keep your virus detection software updated. Viruses are constantly evolving and new ones are always being created, so an out-of-date antivirus program may not detect or protect against the most recent variants. The developers of any reputable antivirus program will issue updates on a regular basis, usually at least once a week.
DO’S TO AVOID MALWARE Handle attachments wisely. If you do not know the sender of a message and it includes an attachment, proceed very cautiously. You may want to consider deleting the message without reading it. attachments are quite often the culprits in many virus attacks. Therefore, if you do decide to open an attachment, be sure that it has been scanned with antivirus software. Train everyone who uses your computer or network. At a minimum, family members and employees should know not to open unexpected attachments and not to execute software they download from the Internet until they have scanned it for viruses.
DO’S TO AVOID MALWARE Back up your files regularly. Scan your backup files with virus scanning software before using them. Learn and use a keyboard shortcut - Alt-F4 to close pop-up windows. Obtain public-domain software from reputable sources. Check newly downloaded software thoroughly using reputable virus detection software. Quarantine infected systems. If you discover that a system is infected with a virus, immediately isolate it from other systems by unplugging or disconnecting it from the network. Do not allow anyone to move or copy files from it to another system until the system has been disinfected.
DO’S TO AVOID MALWARE Use caution when using the Preview Pane in Microsoft Outlook. When the Preview Pane is enabled, there is greater opportunity for a virus to come in through an . Don’t use your personal disk space (e.g., USB drives,) with public computers or other computers that are used by more than one person, unless you know they are adequately protected. Install a pop-up blocker on your browser. Or use an alternate browser that has a pop-up blocker built in. Be careful with your passwords. If you get a 'login screen', try a wrong password first. A 'good' site will tell you that you have a bad password. A 'bad' site will accept anything as a password.
DONT’S TO AVOID MALWARE Don’t open any attachment that ends in.exe,.vbs, or.lnk on a computer running Microsoft Windows Never install software that comes via an or web page pop-up. It's probably dangerous Don't fall for 'phishing attacks'. These are the s you get that tell you that your bank wants to verify your credit card number, etc. If you ever find a USB Flash drive, don’t insert it into your computer. Hackers sometimes leave these around as bait, with Malware on it set to load undetected when the drive automatically starts.
OTHER RECOMMENDED PRACTICES If you have teenage children, have a machine for you, and a machine for them if possible. Especially if you use your computer for business Use a Good Quality Surge Suppressor (Not just a Power Strip) with a good Joule Rating, 1300 minimum. Invest in an Auxiliary Power Unit (APU), Especially if you use your computer for business Disconnect your computers and peripherals when lightning storms approach - No surge suppressor can stop lightning. Old machines and drives – do not sell on eBay unless drives are wiped. Before you throw away an old drive, Degauss, or smash it first.
Up-to-date anti-virus and a running firewall will catch many problems Scan computers running Windows often with Microsoft Security Essentials, AVG, or Norton or Mcafee (the last two are often provided by your ISP). Strong Passwords/Protect System accounts Free removal tools often available for specific malware problems MalwareBytes – (Scans, Removes) Microsoft’s Malicious Software Removal Tool Free online virus scanning Education - and the choices you make - are the best prevention. Microsoft’s Base Line Analyzer In many Cases, programs such as MalwareBytes, and Microsoft Security Essentials can remove or quarantine Malware infections. If they are offering an option to do that, give it a try. BEST OFFENSE IS A STRONG DEFENSE
SECURITY CHECKLIST Basic Steps to Protect Your Computer
The first step is to disconnect from the internet – and immediately set up a firewall to protect you against hackers. If you don't have a firewall, your computer will be 'found' by hackers in well under 20 minutes (probably less). If you have Windows XP, Vista, or Windows 7, enable the Windows firewall. It's not perfect, but it's better than nothing. For a better, hardware firewall - get a router from your favorite computer store. It will be placed between your computer and your cable/DSL modem. For example, the D-Link, NetGear, and LinkSys brands. They work, and are fairly easy to set up. Most will allow you to connect four computers, so they can all get to the Internet. If you have high-speed access (cable/DSL modem), then you must get a hardware firewall. The cost is around$50, and worth it. (Think of the cost of replacing your data ). The cable modem that you got from your cable company or phone company probably doesn't have a firewall to protect you. SECURITY CHECKLIST
If you plan on using a wireless connection, then get a wireless router. It will also have a firewall built-in. Again, D-Link, NetGear, or LinkSys. A note about the setup of your router/firewall. Change the default user name and password; the defaults are well known. If you get a wireless router, enable the “WPA" encryption key for more protection, (not WEP). Without it, your neighbors could connect to your wireless network. Use a limited account for everyday use Limited accounts thwart Malware Use “Fast User Switching” or “RunAs” to execute programs and installers as an Administrator when needed Turn off Simple File Sharing Turn on Auditing / Review Logs Turn off “Everyone” access Create local policies for robust passwords and account lockouts Review other security policies
Anti-Virus (Anti-Malware) This is important, just like everything else. Install an anti-virus program. Make sure it is kept current. Updates are usually once a week, although they can come daily during periods of heavy viral attacks. Microsoft Security Essentials, AVG, McAfee Symantec/Norton, Kaspersky, PC Tools Spyware Doctor. There are others. Just make sure that you get one that keeps things current. Once installed, configure it to check all files, all incoming/downloaded files, and checking. And set the 'check for updates' schedule for a daily check. Once everything is current, do a full scan of your computer. It will take a while. Do it. It's important. If any viruses are found, delete; repairing isn't always totally successful. SECURITY CHECKLIST
Windows Update Now that you got the firewall going, you can reconnect to the Internet and get the Windows operating system current. The easiest way is through Automatic Updates. Set them up for "automatic download and install". You can set that up manually. But go to and use their wizards to set it up. (The wizards will also set up Windows Firewall, if you have XP.)www.microsoft.com/protect Install all the 'critical updates'. The other updates can be installed, but the 'critical' ones are critical. Take the time to do it. If you have dial-up, start the download process when you go to bed -- use the phone line for the updates a night while you are sleeping. If you have broadband (high- speed) access, it will be faster. It may take several hours, depending on how far behind you are. Spend the time. It's important. Once all the updates are installed, make sure your automatic updates are set for daily checks. The Microsoft site will help you do that. SECURITY CHECKLIST
Other Updates The programs that you use need updates. Check for them once a month. Many people use Microsoft Office. Office updates are not automatically installed through the Automatic Update process. Go to the site, click on the link for "Office Family", then download and install the updates.www.microsoft.com/protect Do the same for the other programs you use. Just go to their web site to get the updates.
Plan your backup strategy Deciding where to create backup Deciding when to create backup Local vs Online, Offsite Storage Software Options Hardware Considerations System Restore Points Can provide a speedy recovery But if you detect malware, old ones should be removed SECURITY CHECKLIST
Physical Laptop Security Practices If you haven't invested in a nice case to store your laptop, get one If you travel on airplanes with your laptop, don't check it Take care not to leave your laptop or your laptop bag unattended You should invest in (and use) a laptop security cable You may consider using a radio-controlled alarm, which sounds an alert if you and your notebook carrying case are unexpectedly separated. You may want to think about using a recovery service If you have to leave Laptop in a car, hide it. Don’t leave a Laptop in a hot car – This can damage them Be careful with belt attachments for PDAs, Phones Every phone should have a password – In case it is lost - it cannot be used SECURITY CHECKLIST
Account and Applications security. Log off or lock your workstation when away from your desk. Disable File and Print Sharing (Disabled by Default in Windows 7) Protect System and User accounts Secure the local administrator account Rename the Local Administrator Account Give it a strong Password Use a non-administrative account for everyday use Disable GUEST Disable or delete unused accounts Use strong passwords on all accounts NEVER use blank passwords Disable auto-login SECURITY CHECKLIST
A REMINDER – THINK ABOUT
A REMINDER – START HERE Click Start->Control Panel->Security Center
Remember – The Best Prevention Against Malware is: You - and The Computing Decisions You Make THE BEST PREVENTION
QUESTIONS? Remember – The Best Prevention Against Malware is: You - and The Computing Decisions You Make