Security.ppt 198KB Jun 23 2011 10:25:54 AM
Workstation, Server and
Network Security
Technology Series #1
A review of Spyware, Malware,
Trojan, Worm, and Virus threats
and how to detect and stop them
Learning How to Secure
Information Systems
•Learning by doing
There is really only one way to learn how to do something and that is to do it.
If you want to learn to throw a football, drive a car, build a mousetrap, design
a building, cook a stir-fry, or be a management consultant, you must have a
go at doing it. Throughout history, youths have been apprenticed to masters
in order to learn a trade. We understand that learning a skill means
eventually trying your hand at the skill. When there is no real harm in simply
trying we allow novices to "give it a shot."
Parents usually teach children in this way. They don't give a series of lectures
to their children to prepare them to walk, talk, climb, run, play a game, or
learn how to behave. They just let their children do these things. We hand a
child a ball to teach him to throw. If he throws poorly, he simply tries again.
Parents tolerate sitting in the passenger seat while their teenager tries out
the driver's seat for the first time. It's nerve-wracking, but parents put up with
it, because they know there's no better way.
When it comes to school, however, instead of allowing students to learn by
doing, we create courses of instruction that tell students about the theory of
the task without concentrating on the doing of the task. It's not easy to see
how to apply apprenticeship to mass education. So in its place, we lecture.
Learning How to Secure
Information Systems
•Information Systems are
Inherently Complex
•
Because of their Complexity,
there is no simple or easy way to
learn how these systems
function. One must have a good
understanding of all aspects of
Information Systems; being an
expert on one or more parts of
the system is not sufficient.
Learning How to Secure
Information Systems
•Learn Information Security in 24
hours?
•
Walk into any bookstore, and you'll see how
to Teach Yourself Java in 7 Days alongside
endless variations offering to teach Visual
Basic, Windows, the Internet, and so on in a
few days or hours.
The conclusion is that either people are in a
big rush to learn about computers, or that
computers are somehow fabulously easier to
learn than anything else. There are no books
on how to learn Beethoven, or Quantum
Physics, or even Dog Grooming in a few days.
Learning How to Secure
Information Systems
•Learning how to secure your Computer
•
Learning How to secure Information Systems Is
not an easy task. In fact even determining potential
risks or threats is not easy. This workshop will cover
Information System Security from a Global
Perspective, but will focus on securing Individual
Computers. The Principals governing Information
Systems and the Computer System which functions
as your workstation are similar but security for the
individual workstation will be much easy to
accomplish (and probably of greater use to most
people, especially those who are not Technicians or
Systems people).
Securing Information
Systems
•Securing the Workstation or Local Computer?
•
There are three basic types of ISS (Information
Systems Security) methods:
•Centralized ISS which depends upon securing the
network at its point of entry
•Local or Distributed ISS which focus security on
the individual Workstations and Servers in the
Network
•And a Blended ISS which focuses certain aspects
of Security at either the Network or Local levels
•Each Approach has good and not so good
attributes especially when one is attempting to
optimize Network, Workstation and Server
performance
What is Optimization with
respect to ISS?
•All Systems Management
strives for Optimization
•
Optimization considers Resource
Utilization from the perspective of
Efficiency
•How well the system functions or its
effectiveness
• And the best mix of resource
allocation (efficiency) and System
Effectiveness (How well the system is
functioning).
What are Security threats?
•Anything which either directly or indirectly
effects legitimate user control over their
Network, Workstation or Server
•Information systems security (INFOSEC
and/or ISS): The protection of information
systems against unauthorized access to or
modification of information, whether in
storage, processing or transit, and against the
denial of service to authorized users, including
those measures necessary to detect,
document, and counter such threats.
ISS (Information Systems
Security)
•Applies to all aspects of
Information Systems
•There are many different types
of Security threats. While there
were always Security threats
present in Information Systems;
they were generally not public
knowledge until the appearance
of the Internet in the early
1990’s
ISS (Information Systems
Security)
•What is Systems Security
•Systems Security is the process of
preventing and detecting unauthorized
use of your computer. Prevention
measures help you to stop
unauthorized users (also known as
"intruders") from accessing any part of
your computer system. Detection
helps you to determine whether or not
someone attempted to break into your
system, if they were successful, and
what they may have done.
Types or Categories of
Security Threats
•Human or Social-Based
Threats
•Physical or Hardware-Based
Threats
•Programming or SoftwareBased Threats
Types or Categories of
Security Threats
•Human or Social-Based Threats
•Essentially involve what Hacker’s like
to call “Social Engineering” based
threats. Leaving passwords in an
obvious place, using “weak”
passwords, or allowing other
individuals to access the machine.
•Surprisingly, these types of Security
breaches are the most common; and,
also the easiest to prevent.
Types or Categories of
Security Threats
•Physical or Hardware-Based Threats
•Having machines exposed in nonsecure environments, especially
servers containing critical information
and data
•Using old or unstable hardware which
could lead to loss of critical data
•Lack of sufficient Backup of Critical
Information could cause a serious loss
in the event of Network Disruption of
Compromise
Types or Categories of
Security Threats
•Programming or Software-Based Threats
•These threats can be caused by insecure
Operating Systems, insecure or bug-laden
Software Applications
•A major problem with Windows-based
Operating Systems is the close integration
between OS components and Software
Application (Office) components. This allows a
threat which compromises the Application to
easily access and compromise the OS.
•Specific Software which is written and
designed to Compromise Systems Security.
These include Spyware, Malware, Trojan,
Worm, and Virus threats.
Types or Categories of
Security Threats
•Malware is Hardware, software, or
firmware that is intentionally included
or inserted in a System for a harmful
purpose. Malware can be classified in
several ways, including on the basis of
how it is spread, how it is executed
and/or what it does. The main types of
Malware include Worms, Viruses,
Trojans, Backdoors, Spyware, Rootkits
and Spam.
Types or Categories of
Security Threats
•Spyware and Adware – Spyware or Adware is
software that in installed in a computer for the
purpose of covertly gathering information
about the computer, its users and/or or other
computers on the network to which it is
connected. The types of information gathered
typically are user names and passwords, web
browsing habits, financial data (e.g., bank
account and credit card numbers) or trade
secrets. A common application of spyware is
to provide pop-up advertisements that are
targeted at individual users based on their
web surfing habits.
Types or Categories of
Security Threats
•Worms and Viruses are Computer Programs
that replicate themselves without human
intervention. The difference is that a virus
attaches itself to, and becomes part of,
another Executable (i.e., runnable) program,
whereas a worm is self-contained and does
not need to be part of another program to
replicate itself. Also, while viruses are
designed to cause problems on a local system
and are passed through Boot Sectors of disks
and through e-mail attachments and other
files, worms are designed to thrive in a
Network environment. Once a worm is
executed, it actively seeks other computers,
rather than just parts of systems, into which to
make copies of itself.
Types or Categories of
Security Threats
•Trojans or Trojan Horses is software
that is disguised as a legitimate
program in order to entice users to
download and install it. In contrast to
worms and viruses, trojans are not
directly self-replicating. They can be
designed to do various harmful things,
including corrupt files (often in subtle
ways), erase data and install other
types of malware.
Types or Categories of
Security Threats
•Backdoor - A backdoor (usually written as a
single word) is any hidden method for
obtaining remote access to a computer or
other system. Backdoors typically work by
allowing someone or something with
knowledge of them to use special passwords
and/or other actions to bypass the normal
authentication (e.g., user name and password)
procedure on a remote machine (i.e., a
computer located elsewhere on the Internet or
other network) to gain access to the allpowerful root (i.e., administrative) account.
Backdoors are designed to remain hidden to
even careful inspection.
Types or Categories of
Security Threats
•Rootkit - A rootkit is software that is secretly
inserted into a computer and which allows an
intruder to gain access to the root account
and thereby be able to control the computer
at will. Rootkits frequently include functions to
hide the traces of their penetration, such as
by deleting log entries. They typically include
backdoors so that the intruder can easily gain
access again at a later date, for example, in
order to attack other systems at specific
times.
Types or Categories of
Security Threats
•Spam - Spam is unwanted e-mail which is
sent out in large volume. Although people
receiving a few pieces of spam per day might
not think that it is anything to be too
concerned about, it is a major problem for
several reasons, including the facts that its
huge volume (perhaps half or more of all email) places a great load on the entire e-mail
system, it often contains other types of
malware and much of its content is fraudulent.
Organizations typically have to devote
considerable resources to attempting to filter
out and delete spam while not losing
legitimate e-mail, thereby distracting them
from their primary tasks.
Types or Categories of
Security Threats
•Poorly Written Software - Similar damage can
result from poorly written software, which, like
malware, is extremely common. Although the
distinction between the two at times can be
subtle, in general the difference is that
malware is created entirely or mainly for the
purpose of doing harm or otherwise benefiting
its creator at the expense of others, whereas
the desire to do harm is not the main purpose
of poorly written software.
Types or Categories of
Security Threats
•Poorly Written Software - The continuous
existence of numerous and serious security
holes and other defects in some of the most
popular commercial software might, in fact, do
as much, or even more, damage to the
economy as malware. No reliable data is
available, although the cost of each is clearly
in the multiple billions of dollars per year,
according to most industry sources. One
reason for the lack of reliable data is that
many victims, including large corporations,
are reluctant to reveal the existence or extent
of damage. Another is the difficulty in
determining how to allocate the damage
between malware and poorly written software,
as the two are often intimately related.
Types or Categories of
Security Threats
•Poorly Written Software - There has been
much speculation as to why security remains
such a big problem for some of the most
widely used commercial software. The most
likely explanation is that there is no strong
incentive to improve it. This may be in part
because a full-scale cleanup would be very
costly, as much of the software is extremely
large and complex. But also to be kept in mind
is the fact that the computer security
business, including the sale of security-related
software (e.g., anti-virus programs), the use of
security consultants, and the sale of new,
supposedly more secure versions of defective
software, are very large and profitable
businesses.
Types or Categories of
Security Threats; Protection
Poorly Written Software - Among the various
ways in which this is accomplished is through
the use of a fine-grained system of ownership
and permissions for each file, directory and
other object on the system, thereby giving an
added layer of protection to critical system
files. Another is by making the source code
freely available on the Internet for
programmers from around the world to
inspect for possible security holes and other
problems, rather than attempting (often
unsuccessfully) to keep the code secret.
Types or Categories of
Security Threats; Protection
Poorly Written Software - There are a number
of steps that computer users can take to
minimize the chances of becoming infected by
malware. They include using relatively secure
software, providing physical security for
computers and networks, enforcing the use of
strong passwords, employing firewalls, using
malware detection programs, avoiding
opening e-mail attachments of unknown
origin, avoiding the downloading of dubious
programs and avoiding use of the root account
except when absolutely necessary.
Protection on The Desktop
Use of Multiple-Application or a Blended
Protection Strategy –
• There are many proprietary applications
which promise to protect you computer from
the various types of Malware. While some
applications may function well for specific
types of threats, none works well with all
threats. The best approach is to run several
applications on the same machine. This is not
necessarily and easy task since often it is
found that the scanners for many applications
interfere with other types of applications.
Protection on The Desktop
Use of Multiple-Application or a Blended
Protection Strategy –
• To find a mix of applications which works
together and at the same time provides
optimal protection requires research, study
and testing; since there are many applications
available in both proprietary and Open-Source
flavors.
Protection on The Desktop
Use of Multiple-Application or a Blended
Protection Strategy –
•
Protection on The Desktop
Use of Multiple-Application or a Blended
Protection Strategy –
• Symantec Client Security
http://www.symantec.com/index.htm is a
combination Firewall and Antivirus Application.
The Firewall functions just as a firewall on the
network would. It allows the user to restrict
Port access, Application access from and to
the Internet, and scans for Trojans and Worms
which may be resident on the machine. The
Virus program is automated and both
programs can be set to update automatically.
Symantec is a relatively good general purpose
product, but can cause problems with Email
disappearing if its settings are not correct.
Protection on The Desktop
Use of Multiple-Application or a Blended
Protection Strategy –
• Symantec Client Security Also it (the newer
versions) creates hidden user directories
which themselves can be the target of
Security exploits. One must follow the
instructions carefully and become aware of
how to set the various protect levels within
the application.
Protection on The Desktop
Use of Multiple-Application or a Blended
Protection Strategy –
AdawareSE: http://
www.lavasoftusa.com/software/adaware/
Ad-Aware Personal provides advanced
protection from known data-mining, aggressive
advertising, Trojans, dialers, malware, browser
hijackers, and tracking components. This
software is downloadable free of charge. It is
particularly targeted towards spyware for
commercial use through cookies.
Protection on The Desktop
Use of Multiple-Application or a Blended
Protection Strategy –
Counterspy: http://www.sunbeltsoftware.com/CounterSpy.cfm
One of the most comprehensive
products for detecting and deleting
malicious spyware and adware; it can
be run from a server, protecting each
workstation on a network. Counterspy
will run with Symantec, Spybot and
Trojan Hunter, allowing four automated
scans without interference, just set
them to run at different times.
Protection on The Desktop
Use of Multiple-Application or a Blended
Protection Strategy –
SpyBot Search and Destroy:
http://www.safernetworking.org/en/support/index.html
can detect and remove spyware of different kinds
from your computer. Spyware is a relatively new kind
of threat that common anti-virus applications do not
yet cover. If you see new toolbars in your Internet
Explorer that you didn't intentionally install, if your
browser crashes, or if you browser start page has
changed without your knowing, you most probably
have spyware. But even if you don't see anything,
you may be infected, because more and more
spyware is emerging that is silently tracking your
surfing behavior to create a marketing profile of you
that will be sold to advertisement companies. It is an
open source application.
Protection on The Desktop
Use of Multiple-Application or a Blended
Protection Strategy –
Trojanhunter:
http://www.misec.net/
As its name implies it is optimized for finding
and eliminating Trojan worms and other types of
maleware.
Protection on The Desktop
Use of Multiple-Application or a Blended
Protection Strategy –
CLAMWIN:
http://www.clamwin.com/content/view/136/52/
ClamWin is the windows version of ClamAV.
Mozilla Thunderbird mailbox files are not removed or
quarantined if an infected email is detected inside a mailbox
as is currently done in Symantec Client Security. This is a
freely available open source Application and can run with
most other scanners.
Protection on The Desktop
Use of Multiple-Application or a Blended
Protection Strategy –
Small Applications such as Netsky.exe – Which
can be downloaded from the Internet and run
against specific Malware threats. These usually
are available when a new critical agent is
detected.
Protection on The Desktop
Use of Multiple-Application or a Blended
Protection Strategy –
Regular Updating – Of Operating Systems
software, Applications, … etc. Windows, Linux,
and Apple OS and most applications have
automated Update systems available for
patching and addressing critical security issues.
Protection on The Desktop
Use of Multiple-Application or a Blended
Protection Strategy –
Registry and disk repair tools –
•Symantec has a product called System Works,
which can be run from the CDROM or Hard
Drive, it does not have to be installed into the
OS. It will perform disk defragmentation, disk
drive repair, and registry and other repairs to
Windows OS.
Protection on The Desktop
Use of Multiple-Application or a Blended
Protection Strategy –
Registry and disk repair tools – Used after
running Malware tools
•Registrytoolkit: http://www.registrytoolkit.com/
Scans your registry and hardrive for invalid registry keys
and program shortcuts.
•Startup management helps you to customize your system
startup to suit your needs. •BHO manager lets you remove
unused internet explorer plug-ins, to ensure a faster internet
experience. •Keeps backups of any registry change made by
Registry Toolkit, so you can always go back and restore it. •
Repairs frequent windows rebooting problems and system
freezes.
Protection on The Desktop
Use of Multiple-Application or a Blended
Protection Strategy –
Registry and disk repair tools – Used after
running Malware tools
•PcBugdoctor:
http://www.bugdoctor.com/
•This is the most comprehensive product out there for
repairing windows errors It can be set to scan on schedule.
Protection on The Desktop
Use of Multiple-Application or a Blended
Protection Strategy –
Registry and disk repair tools – Used after
running Malware tools
•StarDefrag:
http://kevin.gearhart.com/startdefrag/
•This is a Windows Defragmentor schedule, it will help
increase the performance of the computer by restoring
fragmented files.
Network Security
Technology Series #1
A review of Spyware, Malware,
Trojan, Worm, and Virus threats
and how to detect and stop them
Learning How to Secure
Information Systems
•Learning by doing
There is really only one way to learn how to do something and that is to do it.
If you want to learn to throw a football, drive a car, build a mousetrap, design
a building, cook a stir-fry, or be a management consultant, you must have a
go at doing it. Throughout history, youths have been apprenticed to masters
in order to learn a trade. We understand that learning a skill means
eventually trying your hand at the skill. When there is no real harm in simply
trying we allow novices to "give it a shot."
Parents usually teach children in this way. They don't give a series of lectures
to their children to prepare them to walk, talk, climb, run, play a game, or
learn how to behave. They just let their children do these things. We hand a
child a ball to teach him to throw. If he throws poorly, he simply tries again.
Parents tolerate sitting in the passenger seat while their teenager tries out
the driver's seat for the first time. It's nerve-wracking, but parents put up with
it, because they know there's no better way.
When it comes to school, however, instead of allowing students to learn by
doing, we create courses of instruction that tell students about the theory of
the task without concentrating on the doing of the task. It's not easy to see
how to apply apprenticeship to mass education. So in its place, we lecture.
Learning How to Secure
Information Systems
•Information Systems are
Inherently Complex
•
Because of their Complexity,
there is no simple or easy way to
learn how these systems
function. One must have a good
understanding of all aspects of
Information Systems; being an
expert on one or more parts of
the system is not sufficient.
Learning How to Secure
Information Systems
•Learn Information Security in 24
hours?
•
Walk into any bookstore, and you'll see how
to Teach Yourself Java in 7 Days alongside
endless variations offering to teach Visual
Basic, Windows, the Internet, and so on in a
few days or hours.
The conclusion is that either people are in a
big rush to learn about computers, or that
computers are somehow fabulously easier to
learn than anything else. There are no books
on how to learn Beethoven, or Quantum
Physics, or even Dog Grooming in a few days.
Learning How to Secure
Information Systems
•Learning how to secure your Computer
•
Learning How to secure Information Systems Is
not an easy task. In fact even determining potential
risks or threats is not easy. This workshop will cover
Information System Security from a Global
Perspective, but will focus on securing Individual
Computers. The Principals governing Information
Systems and the Computer System which functions
as your workstation are similar but security for the
individual workstation will be much easy to
accomplish (and probably of greater use to most
people, especially those who are not Technicians or
Systems people).
Securing Information
Systems
•Securing the Workstation or Local Computer?
•
There are three basic types of ISS (Information
Systems Security) methods:
•Centralized ISS which depends upon securing the
network at its point of entry
•Local or Distributed ISS which focus security on
the individual Workstations and Servers in the
Network
•And a Blended ISS which focuses certain aspects
of Security at either the Network or Local levels
•Each Approach has good and not so good
attributes especially when one is attempting to
optimize Network, Workstation and Server
performance
What is Optimization with
respect to ISS?
•All Systems Management
strives for Optimization
•
Optimization considers Resource
Utilization from the perspective of
Efficiency
•How well the system functions or its
effectiveness
• And the best mix of resource
allocation (efficiency) and System
Effectiveness (How well the system is
functioning).
What are Security threats?
•Anything which either directly or indirectly
effects legitimate user control over their
Network, Workstation or Server
•Information systems security (INFOSEC
and/or ISS): The protection of information
systems against unauthorized access to or
modification of information, whether in
storage, processing or transit, and against the
denial of service to authorized users, including
those measures necessary to detect,
document, and counter such threats.
ISS (Information Systems
Security)
•Applies to all aspects of
Information Systems
•There are many different types
of Security threats. While there
were always Security threats
present in Information Systems;
they were generally not public
knowledge until the appearance
of the Internet in the early
1990’s
ISS (Information Systems
Security)
•What is Systems Security
•Systems Security is the process of
preventing and detecting unauthorized
use of your computer. Prevention
measures help you to stop
unauthorized users (also known as
"intruders") from accessing any part of
your computer system. Detection
helps you to determine whether or not
someone attempted to break into your
system, if they were successful, and
what they may have done.
Types or Categories of
Security Threats
•Human or Social-Based
Threats
•Physical or Hardware-Based
Threats
•Programming or SoftwareBased Threats
Types or Categories of
Security Threats
•Human or Social-Based Threats
•Essentially involve what Hacker’s like
to call “Social Engineering” based
threats. Leaving passwords in an
obvious place, using “weak”
passwords, or allowing other
individuals to access the machine.
•Surprisingly, these types of Security
breaches are the most common; and,
also the easiest to prevent.
Types or Categories of
Security Threats
•Physical or Hardware-Based Threats
•Having machines exposed in nonsecure environments, especially
servers containing critical information
and data
•Using old or unstable hardware which
could lead to loss of critical data
•Lack of sufficient Backup of Critical
Information could cause a serious loss
in the event of Network Disruption of
Compromise
Types or Categories of
Security Threats
•Programming or Software-Based Threats
•These threats can be caused by insecure
Operating Systems, insecure or bug-laden
Software Applications
•A major problem with Windows-based
Operating Systems is the close integration
between OS components and Software
Application (Office) components. This allows a
threat which compromises the Application to
easily access and compromise the OS.
•Specific Software which is written and
designed to Compromise Systems Security.
These include Spyware, Malware, Trojan,
Worm, and Virus threats.
Types or Categories of
Security Threats
•Malware is Hardware, software, or
firmware that is intentionally included
or inserted in a System for a harmful
purpose. Malware can be classified in
several ways, including on the basis of
how it is spread, how it is executed
and/or what it does. The main types of
Malware include Worms, Viruses,
Trojans, Backdoors, Spyware, Rootkits
and Spam.
Types or Categories of
Security Threats
•Spyware and Adware – Spyware or Adware is
software that in installed in a computer for the
purpose of covertly gathering information
about the computer, its users and/or or other
computers on the network to which it is
connected. The types of information gathered
typically are user names and passwords, web
browsing habits, financial data (e.g., bank
account and credit card numbers) or trade
secrets. A common application of spyware is
to provide pop-up advertisements that are
targeted at individual users based on their
web surfing habits.
Types or Categories of
Security Threats
•Worms and Viruses are Computer Programs
that replicate themselves without human
intervention. The difference is that a virus
attaches itself to, and becomes part of,
another Executable (i.e., runnable) program,
whereas a worm is self-contained and does
not need to be part of another program to
replicate itself. Also, while viruses are
designed to cause problems on a local system
and are passed through Boot Sectors of disks
and through e-mail attachments and other
files, worms are designed to thrive in a
Network environment. Once a worm is
executed, it actively seeks other computers,
rather than just parts of systems, into which to
make copies of itself.
Types or Categories of
Security Threats
•Trojans or Trojan Horses is software
that is disguised as a legitimate
program in order to entice users to
download and install it. In contrast to
worms and viruses, trojans are not
directly self-replicating. They can be
designed to do various harmful things,
including corrupt files (often in subtle
ways), erase data and install other
types of malware.
Types or Categories of
Security Threats
•Backdoor - A backdoor (usually written as a
single word) is any hidden method for
obtaining remote access to a computer or
other system. Backdoors typically work by
allowing someone or something with
knowledge of them to use special passwords
and/or other actions to bypass the normal
authentication (e.g., user name and password)
procedure on a remote machine (i.e., a
computer located elsewhere on the Internet or
other network) to gain access to the allpowerful root (i.e., administrative) account.
Backdoors are designed to remain hidden to
even careful inspection.
Types or Categories of
Security Threats
•Rootkit - A rootkit is software that is secretly
inserted into a computer and which allows an
intruder to gain access to the root account
and thereby be able to control the computer
at will. Rootkits frequently include functions to
hide the traces of their penetration, such as
by deleting log entries. They typically include
backdoors so that the intruder can easily gain
access again at a later date, for example, in
order to attack other systems at specific
times.
Types or Categories of
Security Threats
•Spam - Spam is unwanted e-mail which is
sent out in large volume. Although people
receiving a few pieces of spam per day might
not think that it is anything to be too
concerned about, it is a major problem for
several reasons, including the facts that its
huge volume (perhaps half or more of all email) places a great load on the entire e-mail
system, it often contains other types of
malware and much of its content is fraudulent.
Organizations typically have to devote
considerable resources to attempting to filter
out and delete spam while not losing
legitimate e-mail, thereby distracting them
from their primary tasks.
Types or Categories of
Security Threats
•Poorly Written Software - Similar damage can
result from poorly written software, which, like
malware, is extremely common. Although the
distinction between the two at times can be
subtle, in general the difference is that
malware is created entirely or mainly for the
purpose of doing harm or otherwise benefiting
its creator at the expense of others, whereas
the desire to do harm is not the main purpose
of poorly written software.
Types or Categories of
Security Threats
•Poorly Written Software - The continuous
existence of numerous and serious security
holes and other defects in some of the most
popular commercial software might, in fact, do
as much, or even more, damage to the
economy as malware. No reliable data is
available, although the cost of each is clearly
in the multiple billions of dollars per year,
according to most industry sources. One
reason for the lack of reliable data is that
many victims, including large corporations,
are reluctant to reveal the existence or extent
of damage. Another is the difficulty in
determining how to allocate the damage
between malware and poorly written software,
as the two are often intimately related.
Types or Categories of
Security Threats
•Poorly Written Software - There has been
much speculation as to why security remains
such a big problem for some of the most
widely used commercial software. The most
likely explanation is that there is no strong
incentive to improve it. This may be in part
because a full-scale cleanup would be very
costly, as much of the software is extremely
large and complex. But also to be kept in mind
is the fact that the computer security
business, including the sale of security-related
software (e.g., anti-virus programs), the use of
security consultants, and the sale of new,
supposedly more secure versions of defective
software, are very large and profitable
businesses.
Types or Categories of
Security Threats; Protection
Poorly Written Software - Among the various
ways in which this is accomplished is through
the use of a fine-grained system of ownership
and permissions for each file, directory and
other object on the system, thereby giving an
added layer of protection to critical system
files. Another is by making the source code
freely available on the Internet for
programmers from around the world to
inspect for possible security holes and other
problems, rather than attempting (often
unsuccessfully) to keep the code secret.
Types or Categories of
Security Threats; Protection
Poorly Written Software - There are a number
of steps that computer users can take to
minimize the chances of becoming infected by
malware. They include using relatively secure
software, providing physical security for
computers and networks, enforcing the use of
strong passwords, employing firewalls, using
malware detection programs, avoiding
opening e-mail attachments of unknown
origin, avoiding the downloading of dubious
programs and avoiding use of the root account
except when absolutely necessary.
Protection on The Desktop
Use of Multiple-Application or a Blended
Protection Strategy –
• There are many proprietary applications
which promise to protect you computer from
the various types of Malware. While some
applications may function well for specific
types of threats, none works well with all
threats. The best approach is to run several
applications on the same machine. This is not
necessarily and easy task since often it is
found that the scanners for many applications
interfere with other types of applications.
Protection on The Desktop
Use of Multiple-Application or a Blended
Protection Strategy –
• To find a mix of applications which works
together and at the same time provides
optimal protection requires research, study
and testing; since there are many applications
available in both proprietary and Open-Source
flavors.
Protection on The Desktop
Use of Multiple-Application or a Blended
Protection Strategy –
•
Protection on The Desktop
Use of Multiple-Application or a Blended
Protection Strategy –
• Symantec Client Security
http://www.symantec.com/index.htm is a
combination Firewall and Antivirus Application.
The Firewall functions just as a firewall on the
network would. It allows the user to restrict
Port access, Application access from and to
the Internet, and scans for Trojans and Worms
which may be resident on the machine. The
Virus program is automated and both
programs can be set to update automatically.
Symantec is a relatively good general purpose
product, but can cause problems with Email
disappearing if its settings are not correct.
Protection on The Desktop
Use of Multiple-Application or a Blended
Protection Strategy –
• Symantec Client Security Also it (the newer
versions) creates hidden user directories
which themselves can be the target of
Security exploits. One must follow the
instructions carefully and become aware of
how to set the various protect levels within
the application.
Protection on The Desktop
Use of Multiple-Application or a Blended
Protection Strategy –
AdawareSE: http://
www.lavasoftusa.com/software/adaware/
Ad-Aware Personal provides advanced
protection from known data-mining, aggressive
advertising, Trojans, dialers, malware, browser
hijackers, and tracking components. This
software is downloadable free of charge. It is
particularly targeted towards spyware for
commercial use through cookies.
Protection on The Desktop
Use of Multiple-Application or a Blended
Protection Strategy –
Counterspy: http://www.sunbeltsoftware.com/CounterSpy.cfm
One of the most comprehensive
products for detecting and deleting
malicious spyware and adware; it can
be run from a server, protecting each
workstation on a network. Counterspy
will run with Symantec, Spybot and
Trojan Hunter, allowing four automated
scans without interference, just set
them to run at different times.
Protection on The Desktop
Use of Multiple-Application or a Blended
Protection Strategy –
SpyBot Search and Destroy:
http://www.safernetworking.org/en/support/index.html
can detect and remove spyware of different kinds
from your computer. Spyware is a relatively new kind
of threat that common anti-virus applications do not
yet cover. If you see new toolbars in your Internet
Explorer that you didn't intentionally install, if your
browser crashes, or if you browser start page has
changed without your knowing, you most probably
have spyware. But even if you don't see anything,
you may be infected, because more and more
spyware is emerging that is silently tracking your
surfing behavior to create a marketing profile of you
that will be sold to advertisement companies. It is an
open source application.
Protection on The Desktop
Use of Multiple-Application or a Blended
Protection Strategy –
Trojanhunter:
http://www.misec.net/
As its name implies it is optimized for finding
and eliminating Trojan worms and other types of
maleware.
Protection on The Desktop
Use of Multiple-Application or a Blended
Protection Strategy –
CLAMWIN:
http://www.clamwin.com/content/view/136/52/
ClamWin is the windows version of ClamAV.
Mozilla Thunderbird mailbox files are not removed or
quarantined if an infected email is detected inside a mailbox
as is currently done in Symantec Client Security. This is a
freely available open source Application and can run with
most other scanners.
Protection on The Desktop
Use of Multiple-Application or a Blended
Protection Strategy –
Small Applications such as Netsky.exe – Which
can be downloaded from the Internet and run
against specific Malware threats. These usually
are available when a new critical agent is
detected.
Protection on The Desktop
Use of Multiple-Application or a Blended
Protection Strategy –
Regular Updating – Of Operating Systems
software, Applications, … etc. Windows, Linux,
and Apple OS and most applications have
automated Update systems available for
patching and addressing critical security issues.
Protection on The Desktop
Use of Multiple-Application or a Blended
Protection Strategy –
Registry and disk repair tools –
•Symantec has a product called System Works,
which can be run from the CDROM or Hard
Drive, it does not have to be installed into the
OS. It will perform disk defragmentation, disk
drive repair, and registry and other repairs to
Windows OS.
Protection on The Desktop
Use of Multiple-Application or a Blended
Protection Strategy –
Registry and disk repair tools – Used after
running Malware tools
•Registrytoolkit: http://www.registrytoolkit.com/
Scans your registry and hardrive for invalid registry keys
and program shortcuts.
•Startup management helps you to customize your system
startup to suit your needs. •BHO manager lets you remove
unused internet explorer plug-ins, to ensure a faster internet
experience. •Keeps backups of any registry change made by
Registry Toolkit, so you can always go back and restore it. •
Repairs frequent windows rebooting problems and system
freezes.
Protection on The Desktop
Use of Multiple-Application or a Blended
Protection Strategy –
Registry and disk repair tools – Used after
running Malware tools
•PcBugdoctor:
http://www.bugdoctor.com/
•This is the most comprehensive product out there for
repairing windows errors It can be set to scan on schedule.
Protection on The Desktop
Use of Multiple-Application or a Blended
Protection Strategy –
Registry and disk repair tools – Used after
running Malware tools
•StarDefrag:
http://kevin.gearhart.com/startdefrag/
•This is a Windows Defragmentor schedule, it will help
increase the performance of the computer by restoring
fragmented files.