Defensive Measures at Operating System Layer
This is the second layer of the defense in depth model. The defensive measures that have to be taken at this layer are:
* Keep up-to-date security patches and update releases for Operating System.
* Make a boot/ERD disk and keep it current
* Install and keep updated Antivirus software
* Install and keep updated Antispyware software
* Harden Operating System by turning off unnecessary services and features
Keep up-to-date security patches and update releases for Operating System
The most important program that runs on a computer is Operating System. Every general-purpose computer must have an Operating System to run other programs. Operating System perform basic tasks, such as recognizing input from the keyboard, sending output to the monitor, keeping track of files and folders on the disk and controlling peripheral devices such as disk drives and printers. Some of the common Desktop Operating Systems are Windows (9x, NT Workstation, 2000 Professional, XP Home Edition & Professional Edition) and Linux workstation etc.
Application software sits on top of Operating system because it is unable to run without the Operating System. Application software (also called end-user programs) includes word processor like MS Word, databases like SQL or Oracle etc.
It is the most essential task that every user has to do as it is repetitive ongoing activity. Every time vulnerability is explored the vendors releases the respective patch and that has to be installed immediately after release. If not, that might be an open door to exploit the system.
The user should subscribe the security newsletter from the respective vendors, whose software he is using. Accordingly, whenever a security patch or a hotfix (A Patch or Hotfix is a small program released by the vendor which fixes up the software for known bugs and vulnerabilities.)is being released the user will be intimated and can act accordingly.
Now days, the every application has the feature to update automatically through Internet. The user should cautiously configure the respective applications.
Using Windows Update
Windows Update is a Microsoft Web site that provides updates for Windows operating system software and Windows-based hardware. Updates address known issues and help protect against known security threats. The patches, hot fixes and service packs released by the Microsoft Corporation are free of cost.
When any user visit the Windows Update Web site i.e. http://www.windowsupdate.com , Windows Update scans the user’s computer and tells which updates are missing and should be applied to his system. The user chooses the updates that he wants to install and how to install them.
“Windows Update” uses the following categories:
• High priority: Critical updates, security updates, service packs, and update rollups that should be installed as soon as they become available and before user install any other updates.
• Software (optional): Non-critical fixes for Windows programs, such as Windows Media® Player and Windows Journal Viewer 5.
• Hardware (optional): Non-critical fixes for drivers and other hardware devices, such as video cards, sound cards, scanners, printers, and cameras.
Optional updates address minor issues or add non-critical functionality to user’s
computer. It is more important to install high priority updates so that the user’s computer gets the latest critical and security-related software.
Difference between Express and Custom Windows Update?
• Express (recommended) displays all high priority updates for user’s computer so that he can install them with one click. This is the quickest and easiest way to keep user’s computer up to date.
• Custom displays high priority and optional updates for user’s computer. User must review and select the updates that he wants to install, one by one.
Automatic Updates
Automatic Update is a feature that works with Windows Update to deliver critical and security-related updates as they become available. When the user turns on Automatic Updates (recommended), Windows automatically looks for high priority updates for user’s computer. Windows recognizes when the user is online and uses the Internet connection to search for downloads from the Windows Update Web site. An icon appears in the system tray each time new updates are available.
Users have to decide how and when the updates are installed. Sometimes, some updates require the user to accept an End User License Agreement (EULA), answer a question about the installation process, or restart the computer before the user can install them.
Automatic Updates delivers only high priority updates. To get optional updates, the user still needs to visit the Windows Update Web site.
Microsoft releases Windows patch on the second Tuesday of each month, so to be safe, checks for the updates manually every couple of weeks. As there may be a lag between when a patch is available and when Windows Update pushes it to the user’s system (as the system has been off for more than a few days).
Using MBSA
MBSA is Microsoft Baseline Security Analyzer version 2.1 gives the ability to assess the administrative vulnerabilities present on one or multiple systems. MBSA scans the specified computers and then generates a report that contains details for each computer about the security checks that MBSA performed, the results, and recommendations for fixing any problems. In addition to checking for misconfiguration that might cause security problems in the operating system, user can check for security problems in Microsoft SQL Server and Microsoft Internet Information Services (IIS). User can also determine whether a computer has the most current Microsoft Windows and Microsoft
Office updates installed, and can check for security updates, update rollups, and service packs for other products hosted by the Windows Update site.
Below steps are mentioned that how to scan your computer for vulnerabilities see figure 7, figure 8 & figure 9.
1. Open MSBA Double-click on Scan a computer see figure-7.
Figure-7
Continued.......................
Wednesday, November 11, 2009
Personal Firewall Basic to In-depth Home Computer Security Guide Page 6
Figure 3 shows where the personal firewall fits into the connection of a home PC to the Internet. Obviously the personal firewall is not a discrete component, rather it is software that runs on the home PC, but it’s shown separately for clarity. As illustrated, the goal of the personal firewall is to ensure that traffic from intruders cannot reach the home PC – understanding that the firewall will not block attachments bearing malicious code.
Some of the freeware & shareware firewalls are listed below:
http://www.avira.com
http://www.personalfirewall.comodo.com
http://www.pctools.com
http://www.free-firewall.org
http://www.iopus.com/guides/free-firewall.htm
http://www.firewallguide.com/freeware.htm
http://www.zonelabs.com
http://www.zonealarm.com
http://smb.sygate.com/download_buy.htm
Configuring Internet Connection Firewall
Windows XP with SP2 includes a built-in firewall called the Internet Connection Firewall (ICF). By default it is disabled, ICF can provide an additional layer of protection against network based attacks such as worms and denial-of-service (DoS) attacks. To Enable ICF do the following steps:
1. Go to Start menu\Control Panel\Network and Internet Connections\Network Connections\ Under the Dial-Up or LAN or High Speed Internet category, click the icon to select the connection that user wants to help protect Figure-4.
Figure-4
2. In the task pane on the left, under Network Tasks, click Change settings of this Connection (or right-click the connection user wants to protect, and then click
Properties Figure-5.
Figure-5
3. On the Advanced tab, under Internet Connection Firewall, check the box next to Protect my computer and network by limiting or preventing access to this Computer from the Internet Figure-6.
Figure-6
There are some limitations with ICF that must consider before enabling it. ICF does not have the rich feature set provided by many third party products. This is because ICF is intended only as a basic intrusion prevention feature. ICF prevents people from gathering data about the PC and blocks unsolicited connection attempts. The biggest limitation of ICF is that it protects the user only from inbound pests; it doesn’t alert the user to suspicious outbound traffic.
Disconnect from the Internet when not using it
The user relying on traditional dial-up access to the Internet will likely disconnect when they are not using the connection since usage limits apply and they may only have one phone line. On the other hand, home users with “alwayson” broadband access services such as cable modems or DSL/ADSL+ may be tempted to leave their computer permanently connected to the Internet. A permanent connection allows them to access their files over the Internet from a remote location. The problem is that the longer one remains connected, the longer an intruder gets time to attack the host.
It is recommended for the broadband home users that they should turn-off their
cable /DSL/ADSL modems when they are not using Internet at all.
Or for those users who are directly connected to their ISP with their network cards, they should disable their network cards in the operating system when they are not using their systems to access internet
To disable the network card in Windows 98, follow the following steps:
* Right-click My computer\select properties\ click device manager
* Expand Network Adapters
* Select the Network adapter that is used for ISP connection
* Click properties
* Select Disable in this hardware profile.
To disable the network card in Windows 2000/XP, follow the following steps:
* Right-click My network places\ select properties
* Select the Local Area Connection used for connecting ISP.
* Right-click and select Disable.
Continued....................
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
Some of the freeware & shareware firewalls are listed below:
http://www.avira.com
http://www.personalfirewall.comodo.com
http://www.pctools.com
http://www.free-firewall.org
http://www.iopus.com/guides/free-firewall.htm
http://www.firewallguide.com/freeware.htm
http://www.zonelabs.com
http://www.zonealarm.com
http://smb.sygate.com/download_buy.htm
Configuring Internet Connection Firewall
Windows XP with SP2 includes a built-in firewall called the Internet Connection Firewall (ICF). By default it is disabled, ICF can provide an additional layer of protection against network based attacks such as worms and denial-of-service (DoS) attacks. To Enable ICF do the following steps:
1. Go to Start menu\Control Panel\Network and Internet Connections\Network Connections\ Under the Dial-Up or LAN or High Speed Internet category, click the icon to select the connection that user wants to help protect Figure-4.
Figure-4
2. In the task pane on the left, under Network Tasks, click Change settings of this Connection (or right-click the connection user wants to protect, and then click
Properties Figure-5.
Figure-5
3. On the Advanced tab, under Internet Connection Firewall, check the box next to Protect my computer and network by limiting or preventing access to this Computer from the Internet Figure-6.
Figure-6
There are some limitations with ICF that must consider before enabling it. ICF does not have the rich feature set provided by many third party products. This is because ICF is intended only as a basic intrusion prevention feature. ICF prevents people from gathering data about the PC and blocks unsolicited connection attempts. The biggest limitation of ICF is that it protects the user only from inbound pests; it doesn’t alert the user to suspicious outbound traffic.
Disconnect from the Internet when not using it
The user relying on traditional dial-up access to the Internet will likely disconnect when they are not using the connection since usage limits apply and they may only have one phone line. On the other hand, home users with “alwayson” broadband access services such as cable modems or DSL/ADSL+ may be tempted to leave their computer permanently connected to the Internet. A permanent connection allows them to access their files over the Internet from a remote location. The problem is that the longer one remains connected, the longer an intruder gets time to attack the host.
It is recommended for the broadband home users that they should turn-off their
cable /DSL/ADSL modems when they are not using Internet at all.
Or for those users who are directly connected to their ISP with their network cards, they should disable their network cards in the operating system when they are not using their systems to access internet
To disable the network card in Windows 98, follow the following steps:
* Right-click My computer\select properties\ click device manager
* Expand Network Adapters
* Select the Network adapter that is used for ISP connection
* Click properties
* Select Disable in this hardware profile.
To disable the network card in Windows 2000/XP, follow the following steps:
* Right-click My network places\ select properties
* Select the Local Area Connection used for connecting ISP.
* Right-click and select Disable.
Continued....................
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
Defensive Measures at Network Access Layer Basic to In-depth Home Computer Security Guide Page 5
The defensive actions have been identified at each layer, it is necessary to discuss how these actions will be carried out for a Windows-based home Internet user. It is also important to keep in mind that the defensive posture is weakened when one does not implement the entire defense in depth strategy that is being advocated. For example,using a firewall but having either no or outdated antivirus software, leaves the system vulnerable.
Defensive Measures at Network Access Layer
This is the first layer of the defense in depth model. The defensive measures that have to be taken at this layer are:
Use a Firewall.
Disconnect from the Internet when not using it.
Use a Firewall
A firewall places a virtual barrier between the computer and hackers, who might seek to delete information from the computer, make it crash, or even steal personal information.
The firewall serves as the primary defense against a variety of computer worms that are transmitted over the network. It helps to protect the computer by hiding it from external users and preventing unauthorized connections to the computer.
For home users, a firewall typically takes one of two forms:
Personal firewall - specialized software running on an individual computer, e.g. ZoneAlarm and in-built Windows Internet Connection Firewall (ICF) etc.
Hardware firewall - a separate device designed to protect one or more computers, e.g. Linksys EtherFast Cable/DSL Router.
If user is having a home network, it is recommended that he should have both types of firewall installed i.e. hardware firewall at the router3 and personal firewall at each system using that network. But if the user is using a stand-alone PC only, then it is recommended that he should have at least a personal firewall installed on the PC.
Installing Personal Firewalls
A Personal firewall or desktop firewall is a software program that provides primary defense mechanism for the desktop computer connected to the internet.
The firewall acts like a guard, who checks everybody entering or going out of the home and based on some prior knowledge allows or disallows the people.
Once the personal firewall is being installed, it is continuously running in the background, watching out all the incoming and outgoing traffic. Simultaneously it reports to the user by giving a pop-up about the program which is trying to access the internet or conversely trying to access the user’s system. It is solely the discretion of the user that to whom or which program he wants to allow through the firewall.
Users should be exceptionally careful when allowing a particular program or file through the firewall. And have to be very considerate about which file is used by which particular program.
Why firewall is needed?
If the computer is not protected when the user connects to the Internet, hackers can gain access to personal information from the computer. They can install code on the computer that destroys files or causes malfunctions. They can also use user’s computer to cause problems on other home and business computers connected to the Internet. A firewall helps to screen out many kinds of malicious Internet traffic before it reaches to the user’s system.
Some firewalls can also help to prevent others from using user’s computer to attack other computers without user’s knowledge. Using a firewall is important no matter how the user connects to the Internet — dial-up modem, cable modem, or digital subscriber line (DSL or ADSL).
Microsoft Corporation provides Internet Connection Firewall for Windows XP SP2 users only. For the users running old versions of Windows (9x, NT or 2000), they have to select a desktop firewall according to their needs from third party.While Windows 2000 does not having a purpose-built firewall, it does have IP Security filters that can be used to make a static packet filter.
Figure-3: Protecting the Internet-connected Home PC
Continued......................
Defensive Measures at Network Access Layer
This is the first layer of the defense in depth model. The defensive measures that have to be taken at this layer are:
Use a Firewall.
Disconnect from the Internet when not using it.
Use a Firewall
A firewall places a virtual barrier between the computer and hackers, who might seek to delete information from the computer, make it crash, or even steal personal information.
The firewall serves as the primary defense against a variety of computer worms that are transmitted over the network. It helps to protect the computer by hiding it from external users and preventing unauthorized connections to the computer.
For home users, a firewall typically takes one of two forms:
Personal firewall - specialized software running on an individual computer, e.g. ZoneAlarm and in-built Windows Internet Connection Firewall (ICF) etc.
Hardware firewall - a separate device designed to protect one or more computers, e.g. Linksys EtherFast Cable/DSL Router.
If user is having a home network, it is recommended that he should have both types of firewall installed i.e. hardware firewall at the router3 and personal firewall at each system using that network. But if the user is using a stand-alone PC only, then it is recommended that he should have at least a personal firewall installed on the PC.
Installing Personal Firewalls
A Personal firewall or desktop firewall is a software program that provides primary defense mechanism for the desktop computer connected to the internet.
The firewall acts like a guard, who checks everybody entering or going out of the home and based on some prior knowledge allows or disallows the people.
Once the personal firewall is being installed, it is continuously running in the background, watching out all the incoming and outgoing traffic. Simultaneously it reports to the user by giving a pop-up about the program which is trying to access the internet or conversely trying to access the user’s system. It is solely the discretion of the user that to whom or which program he wants to allow through the firewall.
Users should be exceptionally careful when allowing a particular program or file through the firewall. And have to be very considerate about which file is used by which particular program.
Why firewall is needed?
If the computer is not protected when the user connects to the Internet, hackers can gain access to personal information from the computer. They can install code on the computer that destroys files or causes malfunctions. They can also use user’s computer to cause problems on other home and business computers connected to the Internet. A firewall helps to screen out many kinds of malicious Internet traffic before it reaches to the user’s system.
Some firewalls can also help to prevent others from using user’s computer to attack other computers without user’s knowledge. Using a firewall is important no matter how the user connects to the Internet — dial-up modem, cable modem, or digital subscriber line (DSL or ADSL).
Microsoft Corporation provides Internet Connection Firewall for Windows XP SP2 users only. For the users running old versions of Windows (9x, NT or 2000), they have to select a desktop firewall according to their needs from third party.While Windows 2000 does not having a purpose-built firewall, it does have IP Security filters that can be used to make a static packet filter.
Figure-3: Protecting the Internet-connected Home PC
Continued......................
Anti-Spywares & Anti-Rootkits Basic to In-depth Home Computer Security Guide Page 3
Tools Available to Remove or Prevent Spyware in the System
Spyware Terminator, Spyware Blaster, Spyware guard, Advanced Spyware Removal, A-squared 2 Free, Spyware doctor, AVG Anti Spyware, Win pooch, Ad-ware SE personal 1.06, Spybot S&D 1.5, Doctor Spyware Cleaner 1.0, Zone Alarm Anti Spyware 7.0.408.
Rootkit
RootkitRevealer is an advanced rootkit detection utility. It runs on Windows NT 4 and higher and its output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit. RootkitRevealer successfully detects many persistent rootkits including AFX, Vanquish and HackerDefender (note: RootkitRevealer is not intended to detect rootkits like Fu that don't attempt to hide their files or registry keys). If you use it to identify the presence of a rootkit please let us know!
The reason that there is no longer a command-line version is that malware authors have started targeting RootkitRevealer's scan by using its executable name. We've therefore updated RootkitRevealer to execute its scan from a randomly named copy of itself that runs as a Windows service. This type of execution is not conducive to a command-line interface. Note that you can use command-line options to execute an automatic scan with results logged to a file, which is the equivalent of the command-line version's behavior.
What is a Rootkit?
The term rootkit is used to describe the mechanisms and techniques whereby malware, including viruses, spyware, and trojans, attempt to hide their presence from spyware blockers, antivirus, and system management utilities. There are several rootkit classifications depending on whether the malware survives reboot and whether it executes in user mode or kernel mode.
Types of Rootkit
* Persistent Rootkits
A persistent rootkit is one associated with malware that activates each time the system boots. Because such malware contain code that must be executed automatically each system start or when a user logs in, they must store code in a persistent store, such as the Registry or file system, and configure a method by which the code executes without user intervention.
* Memory-Based Rootkits
Memory-based rootkits are malware that has no persistent code and therefore does not survive a reboot.
* User-mode Rootkits
There are many methods by which rootkits attempt to evade detection. For example, a user-mode rootkit might intercept all calls to the Windows FindFirstFile/FindNextFile APIs, which are used by file system exploration utilities, including Explorer and the command prompt, to enumerate the contents of file system directories. When an application performs a directory listing that would otherwise return results that contain entries identifying the files associated with the rootkit, the rootkit intercepts and modifies the output to remove the entries.
The Windows native API serves as the interface between user-mode clients and kernel-mode services and more sophisticated user-mode rootkits intercept file system, Registry, and process enumeration functions of the Native API. This prevents their detection by scanners that compare the results of a Windows API enumeration with that returned by a native API enumeration.
* Kernel-mode Rootkits
Kernel-mode rootkits can be even more powerful since, not only can they intercept the native API in kernel-mode, but they can also directly manipulate kernel-mode data structures. A common technique for hiding the presence of a malware process is to remove the process from the kernel's list of active processes. Since process management APIs rely on the contents of the list, the malware process will not display in process management tools like Task Manager or Process Explorer.
Some Rootkit Removal Tools:
UnHackMe
http://www.greatis.com/unhackme.zip
The rootkit installs a backdoor giving the hacker a full control of the computer. It hides their files, registry keys, and process names, and network connections from your eyes. Your antivirus could not detect such programs because they use compression and encryption of its files. UnHackMe allows you to detect and remove Rootkits.
RootKit Hook Analyzer
http://www.resplendence.com/download/hookanlz.exe
RootKit Hook Analyzer is a security tool which checks if there are any rootkits installed on your computer which hook the kernel system services. Kernel RootKit Hooks are installed modules which intercept the principal system services that all programs and the operating system rely on. This program will display all kernel services and the responsible modules for handling them, along with company and product information.
Acronis Privacy Expert Suite
http://download.acronis.com/PrivacyE...te9.0_d_en.exe
Acronis Privacy Expert Suite provides you with proactive, real time protection against malware; including spyware parasites, rootkits, adware, keyloggers, hidden dialers, browser hijackers, and other malicious programs. Our latest version, 9.0, adds key new features to ensure that your PC is not infected with malware.
Mamutu
http://download3.emsisoft.com/MamutuSetup.exe
Mamutu monitors in realtime all active programs for dangerous behavior and blocks malicious activities. It recognizes new and unknown Trojans, Backdoors, Keyloggers, Worms, Viruses, Spyware, Adware and Rootkits (Zero-Day attacks), without the need of daily signature updates. Mamutu gives you full control over internal system activities. It's small but very powerful. Mamutu saves resources and does not slow down the PC.
RemoveAny
http://heavenward.ru/files/removeanysetup_1.3.2.exe
RemoveAny finds spyware, adware, Trojan horses, key-loggers, rootkits on your computer. RemoveAny product recognizes malicious software by watching for suspicious behavior, not by searching for known signatures. It has constant protection that is always up-to-date without requiring signature updates. RemoveAny starts at system startup and monitors all drivers and processes run.
Continued.....................
Spyware Terminator, Spyware Blaster, Spyware guard, Advanced Spyware Removal, A-squared 2 Free, Spyware doctor, AVG Anti Spyware, Win pooch, Ad-ware SE personal 1.06, Spybot S&D 1.5, Doctor Spyware Cleaner 1.0, Zone Alarm Anti Spyware 7.0.408.
Rootkit
RootkitRevealer is an advanced rootkit detection utility. It runs on Windows NT 4 and higher and its output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit. RootkitRevealer successfully detects many persistent rootkits including AFX, Vanquish and HackerDefender (note: RootkitRevealer is not intended to detect rootkits like Fu that don't attempt to hide their files or registry keys). If you use it to identify the presence of a rootkit please let us know!
The reason that there is no longer a command-line version is that malware authors have started targeting RootkitRevealer's scan by using its executable name. We've therefore updated RootkitRevealer to execute its scan from a randomly named copy of itself that runs as a Windows service. This type of execution is not conducive to a command-line interface. Note that you can use command-line options to execute an automatic scan with results logged to a file, which is the equivalent of the command-line version's behavior.
What is a Rootkit?
The term rootkit is used to describe the mechanisms and techniques whereby malware, including viruses, spyware, and trojans, attempt to hide their presence from spyware blockers, antivirus, and system management utilities. There are several rootkit classifications depending on whether the malware survives reboot and whether it executes in user mode or kernel mode.
Types of Rootkit
* Persistent Rootkits
A persistent rootkit is one associated with malware that activates each time the system boots. Because such malware contain code that must be executed automatically each system start or when a user logs in, they must store code in a persistent store, such as the Registry or file system, and configure a method by which the code executes without user intervention.
* Memory-Based Rootkits
Memory-based rootkits are malware that has no persistent code and therefore does not survive a reboot.
* User-mode Rootkits
There are many methods by which rootkits attempt to evade detection. For example, a user-mode rootkit might intercept all calls to the Windows FindFirstFile/FindNextFile APIs, which are used by file system exploration utilities, including Explorer and the command prompt, to enumerate the contents of file system directories. When an application performs a directory listing that would otherwise return results that contain entries identifying the files associated with the rootkit, the rootkit intercepts and modifies the output to remove the entries.
The Windows native API serves as the interface between user-mode clients and kernel-mode services and more sophisticated user-mode rootkits intercept file system, Registry, and process enumeration functions of the Native API. This prevents their detection by scanners that compare the results of a Windows API enumeration with that returned by a native API enumeration.
* Kernel-mode Rootkits
Kernel-mode rootkits can be even more powerful since, not only can they intercept the native API in kernel-mode, but they can also directly manipulate kernel-mode data structures. A common technique for hiding the presence of a malware process is to remove the process from the kernel's list of active processes. Since process management APIs rely on the contents of the list, the malware process will not display in process management tools like Task Manager or Process Explorer.
Some Rootkit Removal Tools:
UnHackMe
http://www.greatis.com/unhackme.zip
The rootkit installs a backdoor giving the hacker a full control of the computer. It hides their files, registry keys, and process names, and network connections from your eyes. Your antivirus could not detect such programs because they use compression and encryption of its files. UnHackMe allows you to detect and remove Rootkits.
RootKit Hook Analyzer
http://www.resplendence.com/download/hookanlz.exe
RootKit Hook Analyzer is a security tool which checks if there are any rootkits installed on your computer which hook the kernel system services. Kernel RootKit Hooks are installed modules which intercept the principal system services that all programs and the operating system rely on. This program will display all kernel services and the responsible modules for handling them, along with company and product information.
Acronis Privacy Expert Suite
http://download.acronis.com/PrivacyE...te9.0_d_en.exe
Acronis Privacy Expert Suite provides you with proactive, real time protection against malware; including spyware parasites, rootkits, adware, keyloggers, hidden dialers, browser hijackers, and other malicious programs. Our latest version, 9.0, adds key new features to ensure that your PC is not infected with malware.
Mamutu
http://download3.emsisoft.com/MamutuSetup.exe
Mamutu monitors in realtime all active programs for dangerous behavior and blocks malicious activities. It recognizes new and unknown Trojans, Backdoors, Keyloggers, Worms, Viruses, Spyware, Adware and Rootkits (Zero-Day attacks), without the need of daily signature updates. Mamutu gives you full control over internal system activities. It's small but very powerful. Mamutu saves resources and does not slow down the PC.
RemoveAny
http://heavenward.ru/files/removeanysetup_1.3.2.exe
RemoveAny finds spyware, adware, Trojan horses, key-loggers, rootkits on your computer. RemoveAny product recognizes malicious software by watching for suspicious behavior, not by searching for known signatures. It has constant protection that is always up-to-date without requiring signature updates. RemoveAny starts at system startup and monitors all drivers and processes run.
Continued.....................
Vulnerabilities in Home Computer Basic to In-depth Home Computer Security Guide Page 2
Vulnerabilities in Home Computer
A vulnerability is a weakness in user’s information security that could be exploited by a threat; that is, a weakness in user’s system and network security, processes, and procedures.
Computer vulnerability is flaw in the computer system. Which when exploited allows intruder to compromise the system’s integrity. The common types of vulnerabilities are logical errors in operating system or applications due to poor coding techniques, allowing intruder to exploit them and giving him heightened access to the user’s computer. Various security tools are available to secure the system like firewalls etc. These tools provide excellent security mechanism but having flaw in design that could lead to security breach. The term “security through obscurity” fits into this arena, being the system is secure because nobody can see hidden elements. All types of file encryption come under this category. By means of encrypting the data an additional layer of protection is being added to the computer system. In case a system is compromised, the critical data is still protected by encryption. And the intruder may not be able to steal the
information from the hacked system.
What is Intrusion?
The users of home computers normally connect to internet through dial-in modems or internet connection through cable. Intruders are always looking for new ways to break into computers connected to internet. They may attempt to breach the computer security defenses from remote locations. Intruders seek old, unpatched vulnerabilities as well as newly discovered vulnerabilities in operating systems, network services, or protocols1 and take advantage of each. They develop and use sophisticated automated programs to rapidly penetrate the systems, alive on the Internet. Once the attacker is able to find a vulnerable system, he exploits the system to steal information or to launch further attacks.
Indications of Infection
Some of the indications are given below:
• Poor system performance
• Abnormal system behavior e.g. system restarts or hangs frequently.
• Unknown services are running
• Crashing of applications
• Change in file extensions or contents
• Hard Disk is busy or its light glows continuously
Since we have discussed the basic terminologies and methodologies, now we can start discussing the defensive actions.
Malicious Code
Malicious code, or malware, is a common name applied to all forms of unwanted and destructive software, such as viruses, worms, and Trojans. The best way to protect from malicious code is to install virus scanners and keep virus definition2 (signature) files current.
Virus: A virus is malicious code that infects or attaches itself to other objects or programs. All viruses have some form of replication mechanism, which is how they propagate.
Worm: A worm is malicious code that replicates by making copies of itself on the same computer or by sending copies of itself to another computer. Worms, unlike viruses, do not infect other program files on a computer. All worms have some form of replication mechanism, which is how they propagate. A worm does not require any host program unlike virus to execute, they can run independently.
Trojan: A Trojan horse is seemingly useful (or harmless) programs that perform malicious or illicit action when activated, such as destroying files. For example, user downloads what appears to be a movie or music file but he unleash a dangerous program which can erase in disk or can send his credit card numbersor password files to intruders.These backdoor programs may also open certain ports on user computer allowing unauthorised access to user computer.
The malicious code usually propagates through email attachments.
Virus and Spyware Prevention
Virus and Its Threats
§A virus is a computer program which can copy itself or infect the system without the knowledge of the user. A virus can spread from on e system to the other system, whenever a file with virus in an infected system is accessed from another system.
§Some viruses may cause damage to the system by infecting the files, deleting the files, formatting the hard disk etc.
§To protect the system from virus one should have knowledge of each program or a file they download into their computer. Since it is difficult, we can use anti-virus software which can help the system by protecting it from virus.
Countermeasures and Tools to Prevent Virus into the System
* Keep you anti-virus software up to date and make sure that it is working properly.
* Scan the files with anti-virus software before you download it from the Internet and execute it.
* Be careful while exchanging the files between the systems through disks or through network. While using the disk make sure that it is write protected, so that it prevents from accidental deletion and changes made to the files on the disk.
* While using Microsoft office make sure that macro virus protection option is enabled.
Note: A Macro virus is a computer virus that infects Microsoft Word and similar application by inserting some undesirable text in to the documents or by making some changes to the documents.
* Take backup of important files. This will help you in recovering the file when it is affected by virus.
* Scan the system with anti-virus software daily and keep your operating system up to date with all the latest patches.
* Some virus start executing as soon as they appear on the Outlook Express preview pane. So disable that option.
* Beware of the latest virus threats which may help you in detecting them and take the appropriate action to avoid it.
List of Anti Virus Tools available for Preventing Virus in to the system are given below:
AVG Antivirus Free, Quick Heal, Avira Antivirus, Clean Win Antivirus, Cleaner4.2, AVG Internet Security, Bit Defender Free edition, Bit defender Antivirus 2008, Avast 4 Home edition, McAfee Avert Stinger 3.8.0, Calm Win (open source) Free Antivirus.
Key loggers
Key loggers are software application (or hardware based as well) which are able to capture the key logging events and can mail them to remote intruder via email. These are invisible and undetectable to users so there is a huge risk of sending important information such as credit card numbers passwords to the remote intruders. The set program can be combined with useful applications like that whenever user install that application the key logger program also get installed along with that application.
Bots
The term Bot is derived from the word “Robot”. Robot comes from the Czech word "robot," which means "worker". In computer world Bot is a generic term used to describe an automated process.
Bots are being used widely on the Internet for various purposes. Bot functionality may vary from search engines to game bots and IRC channel bots.Google bot is one such famous search bot, which crawls through the web pages on the net to collect information and build database to enable variety of searches. Computer controlled opponents and enemies in multiple player video games are also a kind of bot, where the computer process tries to emulate the human behavior.
However, the usage of bots is not limited to good purpose only. Bots are widely used to perform malicious activities ranging from information stealing to using as a launching pad for distributed attack. Such software’s gets installed on user’s computer without their knowledge. Some bot infected machines, pass the control of the machine to a remote attacker and act as per the attackers command.
Such machines are popularly known as zombie machines.
Adware and Spyware
Adware is 'freeware', whereby ads are embedded in the program. These ads will show up whenever user opens the program. Most adware authors provide the free version with ads and a registered version whereby the ads are disabled.
As such, the users have the choice, either to use the freeware with ads served or purchase the registered version.
Spyware, as the name suggest is the software installed on user’s computer which is constantly sending user information to the mother website.
Spyware, however, is published as 'freeware' or as 'adware', but the fact that an analysis and tracking program (the 'spyware' agent, which reports user’s activities to the advertising providers' web site for storage and analysis) is also installed on user’s system when a user install this so-called 'freeware', and this is usually not mentioned. Even though the name may indicate so, spyware is not an illegal type of software. But what the adware and spyware providers do with the collected information and what they're going to 'feed' the user with, is beyond his control. And in some cases it all happens without the user’s consent.
For a comprehensive list of spywares, please refer:
http://www.spywareguide.com
Spyware and Methods to Identify It
* Spy ware is a program that secretly observes the users behaviour and sometimes interfere with the users control of the computer for downloading some additional software and for redirecting the web pages to malicious sites.
* Spy ware gets installed into the system without the user’s knowledge from downloaded software, Cd's etc.
* Anti-Spy ware helps us to avoid Spy ware entering into the system in two ways.
1. Anti-Spy ware works in real time by avoiding the Spy ware getting installed into the system. It scans all the packets coming in to the system and drops the packets if they are malicious.
2. Another way of removing the spy ware from the system is by detecting the Spy ware if
it is already present on the system and remove it, if it is found.
Symptoms that we Can Observe When a System is Infected by Spyware are
§A number of pop up windows while browsing Internet.
§ Redirection to other website without our control.
§Search engines, we use in the browser may get replaced with the other ones.
§We notice new tool bars present on the web browser.
§The surfing speed of Internet may go down and even slow down the system.
Tips and Tools to Prevent Spyware
§Do not click on anywhere inside the pop up window while browsing Internet, because this may contain some Spy ware that can get in to the system with a single click inside the pop up window.
§Beware of freely downloadable softwares and also make sure that the softwares are downloaded from the trusted website. Downloading the software from an untrusted site may automatically introduce the Spy ware in to the system along with the software.
§Do not follow the links that offer free anti Spy ware software.
§Block the pop up windows that are not trust worthy by going in to web browser settings.
§Run the anti-spy ware program and anti-virus program periodically depending upon the Internet usage .
Continued......................
A vulnerability is a weakness in user’s information security that could be exploited by a threat; that is, a weakness in user’s system and network security, processes, and procedures.
Computer vulnerability is flaw in the computer system. Which when exploited allows intruder to compromise the system’s integrity. The common types of vulnerabilities are logical errors in operating system or applications due to poor coding techniques, allowing intruder to exploit them and giving him heightened access to the user’s computer. Various security tools are available to secure the system like firewalls etc. These tools provide excellent security mechanism but having flaw in design that could lead to security breach. The term “security through obscurity” fits into this arena, being the system is secure because nobody can see hidden elements. All types of file encryption come under this category. By means of encrypting the data an additional layer of protection is being added to the computer system. In case a system is compromised, the critical data is still protected by encryption. And the intruder may not be able to steal the
information from the hacked system.
What is Intrusion?
The users of home computers normally connect to internet through dial-in modems or internet connection through cable. Intruders are always looking for new ways to break into computers connected to internet. They may attempt to breach the computer security defenses from remote locations. Intruders seek old, unpatched vulnerabilities as well as newly discovered vulnerabilities in operating systems, network services, or protocols1 and take advantage of each. They develop and use sophisticated automated programs to rapidly penetrate the systems, alive on the Internet. Once the attacker is able to find a vulnerable system, he exploits the system to steal information or to launch further attacks.
Indications of Infection
Some of the indications are given below:
• Poor system performance
• Abnormal system behavior e.g. system restarts or hangs frequently.
• Unknown services are running
• Crashing of applications
• Change in file extensions or contents
• Hard Disk is busy or its light glows continuously
Since we have discussed the basic terminologies and methodologies, now we can start discussing the defensive actions.
Malicious Code
Malicious code, or malware, is a common name applied to all forms of unwanted and destructive software, such as viruses, worms, and Trojans. The best way to protect from malicious code is to install virus scanners and keep virus definition2 (signature) files current.
Virus: A virus is malicious code that infects or attaches itself to other objects or programs. All viruses have some form of replication mechanism, which is how they propagate.
Worm: A worm is malicious code that replicates by making copies of itself on the same computer or by sending copies of itself to another computer. Worms, unlike viruses, do not infect other program files on a computer. All worms have some form of replication mechanism, which is how they propagate. A worm does not require any host program unlike virus to execute, they can run independently.
Trojan: A Trojan horse is seemingly useful (or harmless) programs that perform malicious or illicit action when activated, such as destroying files. For example, user downloads what appears to be a movie or music file but he unleash a dangerous program which can erase in disk or can send his credit card numbersor password files to intruders.These backdoor programs may also open certain ports on user computer allowing unauthorised access to user computer.
The malicious code usually propagates through email attachments.
Virus and Spyware Prevention
Virus and Its Threats
§A virus is a computer program which can copy itself or infect the system without the knowledge of the user. A virus can spread from on e system to the other system, whenever a file with virus in an infected system is accessed from another system.
§Some viruses may cause damage to the system by infecting the files, deleting the files, formatting the hard disk etc.
§To protect the system from virus one should have knowledge of each program or a file they download into their computer. Since it is difficult, we can use anti-virus software which can help the system by protecting it from virus.
Countermeasures and Tools to Prevent Virus into the System
* Keep you anti-virus software up to date and make sure that it is working properly.
* Scan the files with anti-virus software before you download it from the Internet and execute it.
* Be careful while exchanging the files between the systems through disks or through network. While using the disk make sure that it is write protected, so that it prevents from accidental deletion and changes made to the files on the disk.
* While using Microsoft office make sure that macro virus protection option is enabled.
Note: A Macro virus is a computer virus that infects Microsoft Word and similar application by inserting some undesirable text in to the documents or by making some changes to the documents.
* Take backup of important files. This will help you in recovering the file when it is affected by virus.
* Scan the system with anti-virus software daily and keep your operating system up to date with all the latest patches.
* Some virus start executing as soon as they appear on the Outlook Express preview pane. So disable that option.
* Beware of the latest virus threats which may help you in detecting them and take the appropriate action to avoid it.
List of Anti Virus Tools available for Preventing Virus in to the system are given below:
AVG Antivirus Free, Quick Heal, Avira Antivirus, Clean Win Antivirus, Cleaner4.2, AVG Internet Security, Bit Defender Free edition, Bit defender Antivirus 2008, Avast 4 Home edition, McAfee Avert Stinger 3.8.0, Calm Win (open source) Free Antivirus.
Key loggers
Key loggers are software application (or hardware based as well) which are able to capture the key logging events and can mail them to remote intruder via email. These are invisible and undetectable to users so there is a huge risk of sending important information such as credit card numbers passwords to the remote intruders. The set program can be combined with useful applications like that whenever user install that application the key logger program also get installed along with that application.
Bots
The term Bot is derived from the word “Robot”. Robot comes from the Czech word "robot," which means "worker". In computer world Bot is a generic term used to describe an automated process.
Bots are being used widely on the Internet for various purposes. Bot functionality may vary from search engines to game bots and IRC channel bots.Google bot is one such famous search bot, which crawls through the web pages on the net to collect information and build database to enable variety of searches. Computer controlled opponents and enemies in multiple player video games are also a kind of bot, where the computer process tries to emulate the human behavior.
However, the usage of bots is not limited to good purpose only. Bots are widely used to perform malicious activities ranging from information stealing to using as a launching pad for distributed attack. Such software’s gets installed on user’s computer without their knowledge. Some bot infected machines, pass the control of the machine to a remote attacker and act as per the attackers command.
Such machines are popularly known as zombie machines.
Adware and Spyware
Adware is 'freeware', whereby ads are embedded in the program. These ads will show up whenever user opens the program. Most adware authors provide the free version with ads and a registered version whereby the ads are disabled.
As such, the users have the choice, either to use the freeware with ads served or purchase the registered version.
Spyware, as the name suggest is the software installed on user’s computer which is constantly sending user information to the mother website.
Spyware, however, is published as 'freeware' or as 'adware', but the fact that an analysis and tracking program (the 'spyware' agent, which reports user’s activities to the advertising providers' web site for storage and analysis) is also installed on user’s system when a user install this so-called 'freeware', and this is usually not mentioned. Even though the name may indicate so, spyware is not an illegal type of software. But what the adware and spyware providers do with the collected information and what they're going to 'feed' the user with, is beyond his control. And in some cases it all happens without the user’s consent.
For a comprehensive list of spywares, please refer:
http://www.spywareguide.com
Spyware and Methods to Identify It
* Spy ware is a program that secretly observes the users behaviour and sometimes interfere with the users control of the computer for downloading some additional software and for redirecting the web pages to malicious sites.
* Spy ware gets installed into the system without the user’s knowledge from downloaded software, Cd's etc.
* Anti-Spy ware helps us to avoid Spy ware entering into the system in two ways.
1. Anti-Spy ware works in real time by avoiding the Spy ware getting installed into the system. It scans all the packets coming in to the system and drops the packets if they are malicious.
2. Another way of removing the spy ware from the system is by detecting the Spy ware if
it is already present on the system and remove it, if it is found.
Symptoms that we Can Observe When a System is Infected by Spyware are
§A number of pop up windows while browsing Internet.
§ Redirection to other website without our control.
§Search engines, we use in the browser may get replaced with the other ones.
§We notice new tool bars present on the web browser.
§The surfing speed of Internet may go down and even slow down the system.
Tips and Tools to Prevent Spyware
§Do not click on anywhere inside the pop up window while browsing Internet, because this may contain some Spy ware that can get in to the system with a single click inside the pop up window.
§Beware of freely downloadable softwares and also make sure that the softwares are downloaded from the trusted website. Downloading the software from an untrusted site may automatically introduce the Spy ware in to the system along with the software.
§Do not follow the links that offer free anti Spy ware software.
§Block the pop up windows that are not trust worthy by going in to web browser settings.
§Run the anti-spy ware program and anti-virus program periodically depending upon the Internet usage .
Continued......................
Introduction to Basic to Indeepth Home Computer Security Guide Page 1
Introduction
This document is intended to prescribe basic Countermeasures to the home computer users working with computer systems running Windows Operating System. The basic purpose of this document is to create awareness about Computer Security issues among home computer users and suggest them the tasks to be performed to secure their computer systems to protect their information assets.
Information security needs have to be addressed at all levels, from the individual user to an organization and beyond that to the government and the nation. Information Security is becoming synonymous with National Security as Computer Networking, which is vulnerable to Cyber attacks, forms the backbone of critical infrastructure of the country banking, power, communication network etc. It is, therefore, important to have secured Computer Systems and Networks. Also, increased focus on outsourcing of IT and other services from developed countries is bringing the issue of data security to the fore. Furthermore, owing to the massive Internet boom, a lot of home users with little or no prior knowledge with the threats and their countermeasures are exposed to the Internet. This, the attacker, can exploit to expand their base of malicious activity and use innocent people for their schemes. Our aim to spread the education to school children, teachers, parents, senior citizens & every Individual to equip them with the knowledge needed to mitigate the threat.
Why Home Computers?
Home computers are typically not very secure and are easy to break-in. When combined with high-speed Internet connections that are always turned on, intruders can quickly find and then attack home computers. While intruders also attack home computers connected to the Internet through dial-in connections, high-speed connections (cable modems and DSL modems) are a favorite target.There may not be important data stored on the home computers but they are targeted by the intruders for launching attack against other computer systems.
How attackers do it?
In general, attack vectors which attackers use are :
• Through E-mail
• Through Un-trusted Websites
• Through Internet Shares
In some cases, they send email with a virus. Reading that email activates the virus, creating an opening that intruders use to enter or access the computer. In other cases, they take advantage of a flaw or weakness in one of the computer program’s vulnerability – to gain access. Once they’re on the computer, they often install new programs that let them continue to use the computer – even after user plug the holes they used to get onto user’s computer in the first place. These are known as “backdoors” and are usually cleverly disguised so that they blend in with the other programs running on user’s computer.
In general, they steal the information saved by the user on his system or use the system to launch attack on other computer systems.
What is Information Security?
Information security can be explained by the help of following example. If company sells bottled water purified using the process of reverse osmosis, the process is well known, and therefore it does not make good business sense for management to protect that information. However, if that company has a revolutionary process that cuts the cost and time for water purification in half, it would make sense to secure that information. There is a limit to the value of implementing protection so user must combine his knowledge of value, threats, vulnerabilities, and risks to put together a feasible plan.
Information security involves the measures and controls that ensure confidentiality, integrity, and availability of the information processed by and stored in a computer or system.
Confidentiality: Ensures that information is accessed only by authorized personnel.
Integrity: Ensures that information is modified only by authorized personnel.
Availability: Ensures that information and systems can be accessed when needed by authorized personnel.
This practice include policies, procedures, hardware and software tools necessary to protect the computer systems and the information processed, stored, and transmitted by the systems.
When the user combines efforts to provide data confidentiality, data integrity, and data availability with physical security, then he can provide a very effective security solution.
Importance of Cyber Security
Cyber security is important for the users because they have to protect themselves against identity theft. Organizations including government also need this security to protect their trade secrets, financial information, and some sensitive or critical data. Since all sensitive information that is mostly stored on a computer that is connected to the Internet, there is a need for information assurance and security. So in order to have Cyber Security, everyone should follow the Cyber Security standards that enable us to protect various Malware threats. A poor Cyber security practice arises because of some of the following reasons. Poor administrative practices of application, poor software coding which may be vulnerable and improper usage of Cyber Security practices.
Computer Ethics
* Ethics is a set of moral principles that govern individual or a group on what is acceptable behaviour while using a computer.
* Computer ethics is set of moral principles that govern the usage of computers. One of the common issues of computer ethics is violation of copyright issues.
* Duplicating the copyrighted content without the authors approval, accessing personal information of others are some of the examples that violate ethical principles.
Ethical Rules for the Computer Users
Some of the rules that the individuals should follow while using computer are listed below:
* Do not use computer to harm other users.
* Do not use computers to steal other's information.
* Do not access files without the permission of owner.
* Do not copy copyrighted softwares without the author’s permission.
* Always respect copyright laws and policies.
* Respect the privacy of others, just as you expect the same from others.
* Do not use other user's computer resources with out their permission.
* Use Internet ethically.
* Complain about illegal communication and activities, if found, to Internet service
Providers and local law enforcement authorities.
* Users are responsible for safeguarding their User Id and passwords.
* They should not write them on paper or anywhere else for remembrance.
* Users should not intentionally use the computers to retrieve or modify the
information of others which may include password information, files etc.
Copyrights
§Copyright is the legal right granted to the author to exclusively modify, copy, distribute his work. Other people who want to use the author work to perform same actions have to get permission from the author.
§Copyright is given to the author according to the law, as soon as he completes his work.
Threats to the home computers
A threat, for information security, is any activity that represents possible danger to user’s information.
Intruders want the information stored by the users which are personal and sensitive, such as credit card numbers, PINs, passwords etc. By stealing this information the malicious intruders commonly referred to hackers may gain financially. The intruders also use the resources of the compromised systems for their own purposes and for attacking other computer systems connected to the Internet. Recent trends in computer security threats show that the attackers are compromising the home computers and installing malicious code such as Bots in these systems, which may then be used as Zombies to further launch large scale attacks on critical information systems. This type of attack is known as Distributed Denial of Service (DDOS).
Continued....................
This document is intended to prescribe basic Countermeasures to the home computer users working with computer systems running Windows Operating System. The basic purpose of this document is to create awareness about Computer Security issues among home computer users and suggest them the tasks to be performed to secure their computer systems to protect their information assets.
Information security needs have to be addressed at all levels, from the individual user to an organization and beyond that to the government and the nation. Information Security is becoming synonymous with National Security as Computer Networking, which is vulnerable to Cyber attacks, forms the backbone of critical infrastructure of the country banking, power, communication network etc. It is, therefore, important to have secured Computer Systems and Networks. Also, increased focus on outsourcing of IT and other services from developed countries is bringing the issue of data security to the fore. Furthermore, owing to the massive Internet boom, a lot of home users with little or no prior knowledge with the threats and their countermeasures are exposed to the Internet. This, the attacker, can exploit to expand their base of malicious activity and use innocent people for their schemes. Our aim to spread the education to school children, teachers, parents, senior citizens & every Individual to equip them with the knowledge needed to mitigate the threat.
Why Home Computers?
Home computers are typically not very secure and are easy to break-in. When combined with high-speed Internet connections that are always turned on, intruders can quickly find and then attack home computers. While intruders also attack home computers connected to the Internet through dial-in connections, high-speed connections (cable modems and DSL modems) are a favorite target.There may not be important data stored on the home computers but they are targeted by the intruders for launching attack against other computer systems.
How attackers do it?
In general, attack vectors which attackers use are :
• Through E-mail
• Through Un-trusted Websites
• Through Internet Shares
In some cases, they send email with a virus. Reading that email activates the virus, creating an opening that intruders use to enter or access the computer. In other cases, they take advantage of a flaw or weakness in one of the computer program’s vulnerability – to gain access. Once they’re on the computer, they often install new programs that let them continue to use the computer – even after user plug the holes they used to get onto user’s computer in the first place. These are known as “backdoors” and are usually cleverly disguised so that they blend in with the other programs running on user’s computer.
In general, they steal the information saved by the user on his system or use the system to launch attack on other computer systems.
What is Information Security?
Information security can be explained by the help of following example. If company sells bottled water purified using the process of reverse osmosis, the process is well known, and therefore it does not make good business sense for management to protect that information. However, if that company has a revolutionary process that cuts the cost and time for water purification in half, it would make sense to secure that information. There is a limit to the value of implementing protection so user must combine his knowledge of value, threats, vulnerabilities, and risks to put together a feasible plan.
Information security involves the measures and controls that ensure confidentiality, integrity, and availability of the information processed by and stored in a computer or system.
Confidentiality: Ensures that information is accessed only by authorized personnel.
Integrity: Ensures that information is modified only by authorized personnel.
Availability: Ensures that information and systems can be accessed when needed by authorized personnel.
This practice include policies, procedures, hardware and software tools necessary to protect the computer systems and the information processed, stored, and transmitted by the systems.
When the user combines efforts to provide data confidentiality, data integrity, and data availability with physical security, then he can provide a very effective security solution.
Importance of Cyber Security
Cyber security is important for the users because they have to protect themselves against identity theft. Organizations including government also need this security to protect their trade secrets, financial information, and some sensitive or critical data. Since all sensitive information that is mostly stored on a computer that is connected to the Internet, there is a need for information assurance and security. So in order to have Cyber Security, everyone should follow the Cyber Security standards that enable us to protect various Malware threats. A poor Cyber security practice arises because of some of the following reasons. Poor administrative practices of application, poor software coding which may be vulnerable and improper usage of Cyber Security practices.
Computer Ethics
* Ethics is a set of moral principles that govern individual or a group on what is acceptable behaviour while using a computer.
* Computer ethics is set of moral principles that govern the usage of computers. One of the common issues of computer ethics is violation of copyright issues.
* Duplicating the copyrighted content without the authors approval, accessing personal information of others are some of the examples that violate ethical principles.
Ethical Rules for the Computer Users
Some of the rules that the individuals should follow while using computer are listed below:
* Do not use computer to harm other users.
* Do not use computers to steal other's information.
* Do not access files without the permission of owner.
* Do not copy copyrighted softwares without the author’s permission.
* Always respect copyright laws and policies.
* Respect the privacy of others, just as you expect the same from others.
* Do not use other user's computer resources with out their permission.
* Use Internet ethically.
* Complain about illegal communication and activities, if found, to Internet service
Providers and local law enforcement authorities.
* Users are responsible for safeguarding their User Id and passwords.
* They should not write them on paper or anywhere else for remembrance.
* Users should not intentionally use the computers to retrieve or modify the
information of others which may include password information, files etc.
Copyrights
§Copyright is the legal right granted to the author to exclusively modify, copy, distribute his work. Other people who want to use the author work to perform same actions have to get permission from the author.
§Copyright is given to the author according to the law, as soon as he completes his work.
Threats to the home computers
A threat, for information security, is any activity that represents possible danger to user’s information.
Intruders want the information stored by the users which are personal and sensitive, such as credit card numbers, PINs, passwords etc. By stealing this information the malicious intruders commonly referred to hackers may gain financially. The intruders also use the resources of the compromised systems for their own purposes and for attacking other computer systems connected to the Internet. Recent trends in computer security threats show that the attackers are compromising the home computers and installing malicious code such as Bots in these systems, which may then be used as Zombies to further launch large scale attacks on critical information systems. This type of attack is known as Distributed Denial of Service (DDOS).
Continued....................
Securing Home Computers with Defense In-Depth Strategy Basic to Indeepth Home Computer Security Guide Page 4
Securing Home Computers with Defense In-Depth Strategy
To ensure that the information is secured during process, storage and transmission certain security measures are to be taken by the users of that information.
Following sections will describe certain tasks that are to be performed by the user to secure the computer systems being used at home and information stored or processed therein.
These tasks broadly involve steps to prevent computer security incidents.
The Defense in Depth Approach for the Home User
A defense in depth strategy is the traditional one adopted to afford the defended area the strongest and most resilient protection. In the case of the home Internet user, the defended area is the user’s data. As shown in Figure 1, defense in depth for the home user consists of defensive measures adopted in four layers, namely: network access; the operating system; user applications; and data. At the center of the defended area is the most valued component of the defended area – the user’s data.
Figure-1: Most common Intruder methods used against home computers
Attacks Defensive Layers
Figure-1: Most common Intruder methods used against home computers This layered approach is required since even the most expensive firewall controlling network access cannot effectively control traffic content. For example, most firewalls will allow an e-mail attachment containing viruses. These viruses may be cleaned at the operating system layer by anti-virus software if they are recognized. However, if they are of an unknown type, then the final defense is at the data layer where the user opens the e-mail attachment with care. Apart from this, user data is protected by means of rights & privileges and encryption techniques.
To be effective, defensive measures at each layer must be based on the threats to the defended area. The recommended defensive measures at each layer of the defense vary as shown in Figure 2.
Of course home user should consult their system support personnel for advice.
Defensive Measures
Figure-2: Defense in Depth – Defensive Actions at each layer
Continued................
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
To ensure that the information is secured during process, storage and transmission certain security measures are to be taken by the users of that information.
Following sections will describe certain tasks that are to be performed by the user to secure the computer systems being used at home and information stored or processed therein.
These tasks broadly involve steps to prevent computer security incidents.
The Defense in Depth Approach for the Home User
A defense in depth strategy is the traditional one adopted to afford the defended area the strongest and most resilient protection. In the case of the home Internet user, the defended area is the user’s data. As shown in Figure 1, defense in depth for the home user consists of defensive measures adopted in four layers, namely: network access; the operating system; user applications; and data. At the center of the defended area is the most valued component of the defended area – the user’s data.
Figure-1: Most common Intruder methods used against home computers
Attacks Defensive Layers
Figure-1: Most common Intruder methods used against home computers This layered approach is required since even the most expensive firewall controlling network access cannot effectively control traffic content. For example, most firewalls will allow an e-mail attachment containing viruses. These viruses may be cleaned at the operating system layer by anti-virus software if they are recognized. However, if they are of an unknown type, then the final defense is at the data layer where the user opens the e-mail attachment with care. Apart from this, user data is protected by means of rights & privileges and encryption techniques.
To be effective, defensive measures at each layer must be based on the threats to the defended area. The recommended defensive measures at each layer of the defense vary as shown in Figure 2.
Of course home user should consult their system support personnel for advice.
Defensive Measures
Figure-2: Defense in Depth – Defensive Actions at each layer
Continued................
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
Subscribe to:
Comments (Atom)