|
1
|
- Firewalls
- Anti-virus
- Anti-spyware
|
|
2
|
- Due to the phenomenal growth of the Internet in the last decade
companies and individuals find it hard to operate without a presence on
the Internet. This means that companies are exposed to threats, which
can have a major business impact. The fact that one needs to protect
company and individual computers from unauthorized or unwanted access is
considered a common fact.
|
|
3
|
|
|
4
|
- In order to pick the right Firewall, understanding what a firewall does
is crucial.
- I will quickly cover basic TCP/IP
concepts and then move on to picking the right device.
|
|
5
|
|
|
6
|
- TCP runs on top of IP:
- A TCP packet contains a port number:
- A TCP packet contains a sequence number and a FLAG:
|
|
7
|
- A firewall is a perimeter defense device:
- This means that any firewall splits a network into a trusted or
protected, and un-trusted or unprotected side.
- A firewall filters traffic on a pre-defined set of rules:
- Any firewall is only as good as its configuration.
|
|
8
|
- These 2 factors limits the effectiveness of a firewall dramatically
and it is important to note that
a firewall does not:
- Protect you from your internal network.
- Protect you from authorized intended or untended malicious access. This
entails using granted privileges
or access for unintended operations.
- Protect you from all harmful attacks. Exploits found on the Internet
can use different techniques to penetrate basic firewall protection.
|
|
9
|
- Features of a good firewall:
- State full inspection-SPI
- It does content checking, passing protocols through a validation
exercise.
- It keeps a state of connections
whereby it monitors the state of a TCP connection and allows traffic
accordingly.
- It does address translation.
- It can authenticate connections.
|
|
10
|
- Hardware:
- Most basic routers do not include SPI
- VPN routers do
- Wired
- Wireless (WEP encryption)
|
|
11
|
- Most OS before Win XP do not include any protection.
- Win XP does not include SPI but offers some basic protection
- “Zone Alarm” offers SPI.
- http://www.rockbridge.net/zonealarm
|
|
12
|
|
|
13
|
- Origins
- Email was created by researchers as a way for them to communicate. This was many years before the World
Wide Web, what we now refer to as “The Internet”.
|
|
14
|
- Why is it insecure?
- It was not originally intended for widespread use outside of research.
- It was designed to be simple and easy to operate with minimum
restrictions.
- Security controls were afterthoughts that had to be pasted on to the
email system, instead of being part of the original design. Because of this, email security is
inefficient and incomplete.
|
|
15
|
- General definition – un-requested or unsolicited email, usually designed
to initiate a financial transaction or gather data for advertising
- Most legitimate companies do not engage in SPAM emailing
- A SPAM email is typically sent to many millions of email addresses in
the expectation that even if only a fraction of 1% generate a response,
the SPAM email will still produce an economic return
|
|
16
|
- SPAM originally was mostly just advertisements
- As email and Internet use have become more common since the late 1990’s,
email has become one of the primary ways to distribute viruses
- Recently, there has been increasing involvement of the criminal
underworld
- Identity theft
- Credit fraud
|
|
17
|
- Frequently used to deliver computer programs designed to infect your
computer and send new copies of the virus to other email addresses
and/or seize control of the computer.
- Can automatically install without your knowledge
- Uses your contact lists and emails for target addresses
- Very small and compact program
|
|
18
|
- Capable of sending many thousands of emails per hour
- Severe impact on your Internet browsing performance
- Severe impact on your overall computer performance
- Spreads virus to your friends and many others
- May result in your email address being blocked by potential recipients.
- May result in your ISP suspending your service until the problem is
corrected.
|
|
19
|
- In addition to installing an email server on your computer and mass
emailing copies of the virus to others, most of the recent email viruses
also carry a separate “payload” which installs a program on your
computer
- Silent install – you are unaware that the program has been installed
|
|
20
|
- This program often carries a component that allows the program to
receive orders from an outside source.
- This allows an unauthorized user to take control of your computer or
steal your data
- Often installs a “key logger”, a program that captures every keyboard
entry you make and records it for future transmission to other parties
|
|
21
|
- The program can report back to the original sender
- Allows others to steal your data:
- Passwords
- Bank account information
- Credit card information
- Personal information
|
|
22
|
- A new type of email virus is just being seen that is an even more
serious threat. This is a “Root
Kit” installer.
- Replaces key parts of your operating system
- Root Kit virus is almost impossible to detect
- Is able to take complete control of your computer
- Very few anti virus programs can even detect whether a Root Kit has
been installed
|
|
23
|
- There are only a few anti-virus companies that have Root Kit detectors.
- F-Secure has a product in Beta testing called “Blacklight” (www.f-secure.com/blacklight)
that attempts to detect and remove Root Kits
- Currently, the only fully effective remedy if infected is to wipe the
computer hard drive clean and reinstall everything
- Fortunately, Root Kits are still very rare, but that will rapidly change
|
|
24
|
- Don’t rely on a single defense – use a layered approach
- Use your ISP’s email virus filtering service, if available
- Use a hardware firewall
- Install a software firewall
- Install and maintain anti-virus software
- Use common sense.
|
|
25
|
|
|
26
|
- Install and keep up to date at least one anti-virus program
- What capabilities should it have?
- Real time file checking – should be able to check every file you use
on your computer, as you open it
- Real time email checking – should be able to check all incoming and
outgoing email
|
|
27
|
- Some Anti-virus programs require more resources on your computer than
others
- Norton and McAfee are resource intensive and will not “play well” with
other anti-virus programs.
Consider the “horsepower” of your computer before installing a
second program, especially if you are using one of these packages.
- Anti-virus programs that appear to work reasonably well together are
(there may be other programs as well):
- Authentium/Command Antivirus (www.authentium.com)
- AVG (www.grisoft.com)
- F-Prot (www.f-secure.com)
|
|
28
|
- Learn how to identify common attributes of SPAM and virus emails. Listed below are some common
SPAM/virus email traits but this is not a complete list.
- Unusual characters in the Subject line
- Email that asks you to provide confidential information, either in a
reply email or by asking you to go to a website. Be very careful about providing
information such as:
- Credit Card number / Bank Account number
- Social Security number
|
|
29
|
- If it sounds too good to be true, it probably is.
- No, there really isn’t a former Nigerian government official that wants
to share his $20,000,000 with you.
- Do you really want to buy stock or bonds from someone who makes his
living sending unsolicited email?
If the stock was really that good (or even existed), he wouldn’t
need to spend his time trying to get you to buy it.
- How much do you want to entrust your health to a pill or lotion you saw
in a SPAM email, from an undocumented source, with no safety inspection
or valid certification?
|
|
30
|
- Don’t reward SPAM
- My own personal policy is to never visit a website or purchase a
product as a result of SPAM.
- Take responsibility for your computer and use common sense
- Self reliance and common sense are your most effective tools. Remember, what happens to your
computer is your responsibility.
No software or hardware can properly protect your computer
without your help.
|
|
31
|
|
|
32
|
- • SpyWare is any technology that aids in gathering
- information about a person or organization
- without their knowledge.
- • AdWare is any software application in which
- advertising banners are displayed while the
- program is running.
- • MalWare is short for malicious software,
- software designed specifically to damage or
- disrupt a system, such as a virus or a Trojan
- horse.
|
|
33
|
- • SpyWare applications are typically bundled
- as a hidden component of
freeware or
- shareware programs that can be
- downloaded from the Internet.
- • Trojans/Malware can be installed without the user's consent, as a
“drive-by download”, or as the result of clicking some option in a
deceptive pop-up window.
|
|
34
|
- • Hide it inside another
- program's installer.
- • Keep asking to install until the user says Yes.
- • Create a false pretense
- for the user needing the
software.
- • Hide software out in group directories on peer-to peer networks.
- • Design it to look essential, or to be invisible.
- • Design it not to uninstall, even when asked.
|
|
35
|
- • Comet Cursor
- • Bonzi Buddy
- • InterNet Games
- • CoolWebSearch
- • Weather Bug
- • Incredimail
- • Snood & Dynomite
- • Web Search Toolbars
- • Instant Messengers
- • File Sharing Programs
- • Kazaa
- • Morpheus
|
|
36
|
- • Monitor your keystrokes
- • Collect information about
- you and your surfing
- habits
- • Modify system settings
- • Redirect your browser
- • Send/Receive cookies to other SpyWare programs
- • Leave a backdoor open
- for hackers
- • Install other programs
- directly onto you PC
- • Load adult orientated
- images on your PC
- • Dial a service, most likely adult content sites, for which you will be
billed!
|
|
37
|
- • Does your computer seem slow?
- • Do you see programs you don’t
- remember installing?
- • When you start your Internet browser,
- does it open to a page you've never
- seen before?
- • Do you see a sudden increase in popup
- advertisements on pages where you've
- never seen them before?
- • Antivirus messages keep popping up.
|
|
38
|
- • Keep Windows up to date.
- • Keep your Antivirus up to date.
- • Install software only from Web sites you trust.
- • Read the fine print on free software.
- “There is no such thing as a free lunch”
- • Use a tool to help detect and remove
- unwanted software.
|
|
39
|
- • Set your Internet Security settings to at least Medium.
- • Open Internet Explorer and click the Tools menu and
- then the Internet Options...sub-menu.
- • Click on the Security tab at the top. Next click on the
- Internet icon. The Security
Level bar should be set to
- Medium.
- • Next click on the Restricted Sites icon. The Security
- Level bar should be set to
High.
- • Next click on the Trusted Sites icon. The Security Level
- bar should be set to Low.
|
|
40
|
- The Google Toolbar - for IE
- http://toolbar.google.com/
- Maxthon – Tabbed Browser
- http://www.maxthon.com
|
|
41
|
|
|
42
|
|
|
43
|
|
|
44
|
- • Set up IE in a secure fashion
- • A good popup blocker
- • A good Antivirus
- • A good removal tool
- SpySweeper (by Webroot)
http://www.rockbridge.net
- Spybot-Search & Destroy (by Spybot)
http://www.download.com
- Ad-aware (by Lavasoft)
http://www.download.com
|
|
45
|
|
|
46
|
|
|
47
|
- RGV Outsourcers mail Filtering
- RGV Implements its own filtering
- Spam
- Viruses
- Port filtering
|
|
48
|
|
|
49
|
- RGV will introduce a new free service in October
|
|
50
|
- Residential Customers Parental
Control
- Parents will be able to control and limit their children’s use
|
|
51
|
- SMB Customers
- Will be able to control and limit use of each employee.
|
|
52
|
- Develop a policy
- Implement the policy
- Evaluate the solution
- Cost less in the long run
- Patch, Patch, Patch
|
Notes
