Presentation on theme: "Workstation, Server and Network Security Technology Series #1 A review of Spyware, Malware, Trojan, Worm, and Virus threats and how to detect and stop."— Presentation transcript:
Workstation, Server and Network Security Technology Series #1 A review of Spyware, Malware, Trojan, Worm, and Virus threats and how to detect and stop them
Learning How to Secure Information Systems Learning by doing There is really only one way to learn how to do something and that is to do it. If you want to learn to throw a football, drive a car, build a mousetrap, design a building, cook a stir-fry, or be a management consultant, you must have a go at doing it. Throughout history, youths have been apprenticed to masters in order to learn a trade. We understand that learning a skill means eventually trying your hand at the skill. When there is no real harm in simply trying we allow novices to "give it a shot." Parents usually teach children in this way. They don't give a series of lectures to their children to prepare them to walk, talk, climb, run, play a game, or learn how to behave. They just let their children do these things. We hand a child a ball to teach him to throw. If he throws poorly, he simply tries again. Parents tolerate sitting in the passenger seat while their teenager tries out the driver's seat for the first time. It's nerve-wracking, but parents put up with it, because they know there's no better way. When it comes to school, however, instead of allowing students to learn by doing, we create courses of instruction that tell students about the theory of the task without concentrating on the doing of the task. It's not easy to see how to apply apprenticeship to mass education. So in its place, we lecture.
Learning How to Secure Information Systems Information Systems are Inherently Complex Because of their Complexity, there is no simple or easy way to learn how these systems function. One must have a good understanding of all aspects of Information Systems; being an expert on one or more parts of the system is not sufficient.
Learning How to Secure Information Systems Learn Information Security in 24 hours? Walk into any bookstore, and you'll see how to Teach Yourself Java in 7 Days alongside endless variations offering to teach Visual Basic, Windows, the Internet, and so on in a few days or hours. The conclusion is that either people are in a big rush to learn about computers, or that computers are somehow fabulously easier to learn than anything else. There are no books on how to learn Beethoven, or Quantum Physics, or even Dog Grooming in a few days.
Learning How to Secure Information Systems Learning how to secure your Computer Learning How to secure Information Systems Is not an easy task. In fact even determining potential risks or threats is not easy. This workshop will cover Information System Security from a Global Perspective, but will focus on securing Individual Computers. The Principals governing Information Systems and the Computer System which functions as your workstation are similar but security for the individual workstation will be much easy to accomplish (and probably of greater use to most people, especially those who are not Technicians or Systems people).
Securing Information Systems Securing the Workstation or Local Computer? There are three basic types of ISS (Information Systems Security) methods: Centralized ISS which depends upon securing the network at its point of entry Local or Distributed ISS which focus security on the individual Workstations and Servers in the Network And a Blended ISS which focuses certain aspects of Security at either the Network or Local levels Each Approach has good and not so good attributes especially when one is attempting to optimize Network, Workstation and Server performance
What is Optimization with respect to ISS? All Systems Management strives for Optimization Optimization considers Resource Utilization from the perspective of Efficiency How well the system functions or its effectiveness And the best mix of resource allocation (efficiency) and System Effectiveness (How well the system is functioning).
What are Security threats? Anything which either directly or indirectly effects legitimate user control over their Network, Workstation or Server Information systems security (INFOSEC and/or ISS): The protection of information systems against unauthorized access to or modification of information, whether in storage, processing or transit, and against the denial of service to authorized users, including those measures necessary to detect, document, and counter such threats.
ISS (Information Systems Security) Applies to all aspects of Information Systems There are many different types of Security threats. While there were always Security threats present in Information Systems; they were generally not public knowledge until the appearance of the Internet in the early 1990’s
ISS (Information Systems Security) What is Systems Security Systems Security is the process of preventing and detecting unauthorized use of your computer. Prevention measures help you to stop unauthorized users (also known as "intruders") from accessing any part of your computer system. Detection helps you to determine whether or not someone attempted to break into your system, if they were successful, and what they may have done.
Types or Categories of Security Threats Human or Social-Based Threats Physical or Hardware-Based Threats Programming or Software- Based Threats
Types or Categories of Security Threats Human or Social-Based Threats Essentially involve what Hacker’s like to call “Social Engineering” based threats. Leaving passwords in an obvious place, using “weak” passwords, or allowing other individuals to access the machine. Surprisingly, these types of Security breaches are the most common; and, also the easiest to prevent.
Types or Categories of Security Threats Physical or Hardware-Based Threats Having machines exposed in non- secure environments, especially servers containing critical information and data Using old or unstable hardware which could lead to loss of critical data Lack of sufficient Backup of Critical Information could cause a serious loss in the event of Network Disruption of Compromise
Types or Categories of Security Threats Programming or Software-Based Threats These threats can be caused by insecure Operating Systems, insecure or bug-laden Software Applications A major problem with Windows-based Operating Systems is the close integration between OS components and Software Application (Office) components. This allows a threat which compromises the Application to easily access and compromise the OS. Specific Software which is written and designed to Compromise Systems Security. These include Spyware, Malware, Trojan, Worm, and Virus threats.
Types or Categories of Security Threats Malware is Hardware, software, or firmware that is intentionally included or inserted in a System for a harmful purpose. Malware can be classified in several ways, including on the basis of how it is spread, how it is executed and/or what it does. The main types of Malware include Worms, Viruses, Trojans, Backdoors, Spyware, Rootkits and Spam.
Types or Categories of Security Threats Spyware and Adware – Spyware or Adware is software that in installed in a computer for the purpose of covertly gathering information about the computer, its users and/or or other computers on the network to which it is connected. The types of information gathered typically are user names and passwords, web browsing habits, financial data (e.g., bank account and credit card numbers) or trade secrets. A common application of spyware is to provide pop-up advertisements that are targeted at individual users based on their web surfing habits.
Types or Categories of Security Threats Worms and Viruses are Computer Programs that replicate themselves without human intervention. The difference is that a virus attaches itself to, and becomes part of, another Executable (i.e., runnable) program, whereas a worm is self-contained and does not need to be part of another program to replicate itself. Also, while viruses are designed to cause problems on a local system and are passed through Boot Sectors of disks and through e-mail attachments and other files, worms are designed to thrive in a Network environment. Once a worm is executed, it actively seeks other computers, rather than just parts of systems, into which to make copies of itself.
Types or Categories of Security Threats Trojans or Trojan Horses is software that is disguised as a legitimate program in order to entice users to download and install it. In contrast to worms and viruses, trojans are not directly self-replicating. They can be designed to do various harmful things, including corrupt files (often in subtle ways), erase data and install other types of malware.
Types or Categories of Security Threats Backdoor - A backdoor (usually written as a single word) is any hidden method for obtaining remote access to a computer or other system. Backdoors typically work by allowing someone or something with knowledge of them to use special passwords and/or other actions to bypass the normal authentication (e.g., user name and password) procedure on a remote machine (i.e., a computer located elsewhere on the Internet or other network) to gain access to the all-powerful root (i.e., administrative) account. Backdoors are designed to remain hidden to even careful inspection. authenticationremote machine Internetnetworkroot
Types or Categories of Security Threats Rootkit - A rootkit is software that is secretly inserted into a computer and which allows an intruder to gain access to the root account and thereby be able to control the computer at will. Rootkits frequently include functions to hide the traces of their penetration, such as by deleting log entries. They typically include backdoors so that the intruder can easily gain access again at a later date, for example, in order to attack other systems at specific times.
Types or Categories of Security Threats Spam - Spam is unwanted e-mail which is sent out in large volume. Although people receiving a few pieces of spam per day might not think that it is anything to be too concerned about, it is a major problem for several reasons, including the facts that its huge volume (perhaps half or more of all e- mail) places a great load on the entire e-mail system, it often contains other types of malware and much of its content is fraudulent. Organizations typically have to devote considerable resources to attempting to filter out and delete spam while not losing legitimate e-mail, thereby distracting them from their primary tasks.
Types or Categories of Security Threats Poorly Written Software - Similar damage can result from poorly written software, which, like malware, is extremely common. Although the distinction between the two at times can be subtle, in general the difference is that malware is created entirely or mainly for the purpose of doing harm or otherwise benefiting its creator at the expense of others, whereas the desire to do harm is not the main purpose of poorly written software.
Types or Categories of Security Threats Poorly Written Software - The continuous existence of numerous and serious security holes and other defects in some of the most popular commercial software might, in fact, do as much, or even more, damage to the economy as malware. No reliable data is available, although the cost of each is clearly in the multiple billions of dollars per year, according to most industry sources. One reason for the lack of reliable data is that many victims, including large corporations, are reluctant to reveal the existence or extent of damage. Another is the difficulty in determining how to allocate the damage between malware and poorly written software, as the two are often intimately related.
Types or Categories of Security Threats Poorly Written Software - There has been much speculation as to why security remains such a big problem for some of the most widely used commercial software. The most likely explanation is that there is no strong incentive to improve it. This may be in part because a full-scale cleanup would be very costly, as much of the software is extremely large and complex. But also to be kept in mind is the fact that the computer security business, including the sale of security-related software (e.g., anti-virus programs), the use of security consultants, and the sale of new, supposedly more secure versions of defective software, are very large and profitable businesses.
Types or Categories of Security Threats; Protection Poorly Written Software - Among the various ways in which this is accomplished is through the use of a fine-grained system of ownership and permissions for each file, directory and other object on the system, thereby giving an added layer of protection to critical system files. Another is by making the source code freely available on the Internet for programmers from around the world to inspect for possible security holes and other problems, rather than attempting (often unsuccessfully) to keep the code secret.source code
Types or Categories of Security Threats; Protection Poorly Written Software - There are a number of steps that computer users can take to minimize the chances of becoming infected by malware. They include using relatively secure software, providing physical security for computers and networks, enforcing the use of strong passwords, employing firewalls, using malware detection programs, avoiding opening e-mail attachments of unknown origin, avoiding the downloading of dubious programs and avoiding use of the root account except when absolutely necessary.
Protection on The Desktop Use of Multiple-Application or a Blended Protection Strategy – There are many proprietary applications which promise to protect you computer from the various types of Malware. While some applications may function well for specific types of threats, none works well with all threats. The best approach is to run several applications on the same machine. This is not necessarily and easy task since often it is found that the scanners for many applications interfere with other types of applications.
Protection on The Desktop Use of Multiple-Application or a Blended Protection Strategy – To find a mix of applications which works together and at the same time provides optimal protection requires research, study and testing; since there are many applications available in both proprietary and Open-Source flavors.
Protection on The Desktop Use of Multiple-Application or a Blended Protection Strategy –
Protection on The Desktop Use of Multiple-Application or a Blended Protection Strategy – Symantec Client Security http://www.symantec.com/index.htm is a combination Firewall and Antivirus Application. The Firewall functions just as a firewall on the network would. It allows the user to restrict Port access, Application access from and to the Internet, and scans for Trojans and Worms which may be resident on the machine. The Virus program is automated and both programs can be set to update automatically. Symantec is a relatively good general purpose product, but can cause problems with Email disappearing if its settings are not correct. http://www.symantec.com/index.htm
Protection on The Desktop Use of Multiple-Application or a Blended Protection Strategy – Symantec Client Security Also it (the newer versions) creates hidden user directories which themselves can be the target of Security exploits. One must follow the instructions carefully and become aware of how to set the various protect levels within the application.
Protection on The Desktop Use of Multiple-Application or a Blended Protection Strategy – AdawareSE: http://www.lavasoftusa.com/software/adaware/ http://www.lavasoftusa.com/software/adaware/ Ad-Aware Personal provides advanced protection from known data-mining, aggressive advertising, Trojans, dialers, malware, browser hijackers, and tracking components. This software is downloadable free of charge. It is particularly targeted towards spyware for commercial use through cookies.
Protection on The Desktop Use of Multiple-Application or a Blended Protection Strategy – Counterspy: http://www.sunbelt- software.com/CounterSpy.cfm One of the most comprehensive products for detecting and deleting malicious spyware and adware; it can be run from a server, protecting each workstation on a network. Counterspy will run with Symantec, Spybot and Trojan Hunter, allowing four automated scans without interference, just set them to run at different times.
Protection on The Desktop Use of Multiple-Application or a Blended Protection Strategy – SpyBot Search and Destroy: http://www.safer- networking.org/en/support/index.html can detect and remove spyware of different kinds from your computer. Spyware is a relatively new kind of threat that common anti-virus applications do not yet cover. If you see new toolbars in your Internet Explorer that you didn't intentionally install, if your browser crashes, or if you browser start page has changed without your knowing, you most probably have spyware. But even if you don't see anything, you may be infected, because more and more spyware is emerging that is silently tracking your surfing behavior to create a marketing profile of you that will be sold to advertisement companies. It is an open source application.
Protection on The Desktop Use of Multiple-Application or a Blended Protection Strategy – Trojanhunter: http://www.misec.net/ As its name implies it is optimized for finding and eliminating Trojan worms and other types of maleware.
Protection on The Desktop Use of Multiple-Application or a Blended Protection Strategy – CLAMWIN: http://www.clamwin.com/content/view/136/52/ ClamWin is the windows version of ClamAV. Mozilla Thunderbird mailbox files are not removed or quarantined if an infected email is detected inside a mailbox as is currently done in Symantec Client Security. This is a freely available open source Application and can run with most other scanners.
Protection on The Desktop Use of Multiple-Application or a Blended Protection Strategy – Small Applications such as Netsky.exe – Which can be downloaded from the Internet and run against specific Malware threats. These usually are available when a new critical agent is detected.
Protection on The Desktop Use of Multiple-Application or a Blended Protection Strategy – Regular Updating – Of Operating Systems software, Applications, … etc. Windows, Linux, and Apple OS and most applications have automated Update systems available for patching and addressing critical security issues.
Protection on The Desktop Use of Multiple-Application or a Blended Protection Strategy – Registry and disk repair tools – Symantec has a product called System Works, which can be run from the CDROM or Hard Drive, it does not have to be installed into the OS. It will perform disk defragmentation, disk drive repair, and registry and other repairs to Windows OS.
Protection on The Desktop Use of Multiple-Application or a Blended Protection Strategy – Registry and disk repair tools – Used after running Malware tools Registrytoolkit: http://www.registrytoolkit.com/ Scans your registry and hardrive for invalid registry keys and program shortcuts. http://www.registrytoolkit.com/ Startup management helps you to customize your system startup to suit your needs. BHO manager lets you remove unused internet explorer plug-ins, to ensure a faster internet experience. Keeps backups of any registry change made by Registry Toolkit, so you can always go back and restore it. Repairs frequent windows rebooting problems and system freezes.
Protection on The Desktop Use of Multiple-Application or a Blended Protection Strategy – Registry and disk repair tools – Used after running Malware tools PcBugdoctor: http://www.bugdoctor.com/ http://www.bugdoctor.com/ This is the most comprehensive product out there for repairing windows errors It can be set to scan on schedule.
Protection on The Desktop Use of Multiple-Application or a Blended Protection Strategy – Registry and disk repair tools – Used after running Malware tools StarDefrag: http://kevin.gearhart.com/startdefrag/ This is a Windows Defragmentor schedule, it will help increase the performance of the computer by restoring fragmented files.