1 Securing small business Firewalls Anti-virus Anti-spyware
2 Introduction Due to the phenomenal growth of the Internet in the last decade companies and individuals find it hard to operate without a presence on the Internet. This means that companies are exposed to threats, which can have a major business impact. The fact that one needs to protect company and individual computers from unauthorized or unwanted access is considered a common fact.
4 Understanding the concept In order to pick the right Firewall, understanding what a firewall does is crucial. I will quickly cover basic TCP/IP concepts and then move on to picking the right device.
5 IP Attributes
6 TCP Attributes TCP runs on top of IP: A TCP packet contains a port number: A TCP packet contains a sequence number and a FLAG:
7 Firewalls The Basic Description A firewall is a perimeter defense device: This means that any firewall splits a network into a trusted or protected, and un-trusted or unprotected side. A firewall filters traffic on a pre-defined set of rules: Any firewall is only as good as its configuration.
8 Firewall limits These 2 factors limits the effectiveness of a firewall dramatically and it is important to note that a firewall does not: Protect you from your internal network. Protect you from authorized intended or untended malicious access. This entails using granted privileges or access for unintended operations. Protect you from all harmful attacks. Exploits found on the Internet can use different techniques to penetrate basic firewall protection.
9 What kind of Firewall? Features of a good firewall: State full inspection-spi It does content checking, passing protocols through a validation exercise. It keeps a state of connections whereby it monitors the state of a TCP connection and allows traffic accordingly. It does address translation. It can authenticate connections.
10 Hardware-Software Hardware: Most basic routers do not include SPI VPN routers do Wired Wireless (WEP encryption)
11 Software Most OS before Win XP do not include any protection. Win XP does not include SPI but offers some basic protection Zone Alarm offers SPI.
13 Origins Origins was created by researchers as a way for them to communicate. This was many years before the World Wide Web, what we now refer to as The Internet.
14 Security Why is it insecure? It was not originally intended for widespread use outside of research. It was designed to be simple and easy to operate with minimum restrictions. Security controls were afterthoughts that had to be pasted on to the system, instead of being part of the original design. Because of this, security is inefficient and incomplete.
15 Define SPAM General definition un-requested or unsolicited , usually designed to initiate a financial transaction or gather data for advertising Most legitimate companies do not engage in SPAM ing A SPAM is typically sent to many millions of addresses in the expectation that even if only a fraction of 1% generate a response, the SPAM will still produce an economic return
16 The new face of SPAM how it went from obnoxious to hazardous SPAM originally was mostly just advertisements As and Internet use have become more common since the late 1990 s, has become one of the primary ways to distribute viruses Recently, there has been increasing involvement of the criminal underworld Identity theft Credit fraud
17 Self installing viruses, or how to run an server without even trying Frequently used to deliver computer programs designed to infect your computer and send new copies of the virus to other addresses and/or seize control of the computer. Can automatically install without your knowledge Uses your contact lists and s for target addresses Very small and compact program
18 Someone else s s very own server on my computer Capable of sending many thousands of s per hour Severe impact on your Internet browsing performance Severe impact on your overall computer performance Spreads virus to your friends and many others May result in your address being blocked by potential recipients. May result in your ISP suspending your service until the problem is corrected.
19 Surprises in viruses In addition to installing an server on your computer and mass ing copies of the virus to others, most of the recent viruses also carry a separate payload which installs a program on your computer Silent install you are unaware that the program has been installed
20 Steal my data please! This program often carries a component that allows the program to receive orders from an outside source. This allows an unauthorized user to take control of your computer or steal your data Often installs a key logger,, a program that captures every keyboard entry you make and records it for future transmission to other parties
21 Stealing your identity The program can report back to the original sender Allows others to steal your data: Passwords Bank account information Credit card information Personal information
22 Putting down Roots A new type of virus is just being seen that is an even more serious threat. This is a Root Kit installer. Replaces key parts of your operating system Root Kit virus is almost impossible to detect Is able to take complete control of your computer Very few anti virus programs can even detect whether a Root Kit has been installed
23 Tearing out the Roots There are only a few anti-virus companies that have Root Kit detectors. F-Secure has a product in Beta testing called Blacklight (www.f-secure.com/blacklight)) that attempts to detect and remove Root Kits Currently, the only fully effective remedy if infected is to wipe the computer hard drive clean and reinstall everything Fortunately, Root Kits are still very rare, but that will rapidly change
24 What can we do? Don t t rely on a single defense use a layered approach Use your ISP s s virus filtering service, if available Use a hardware firewall Install a software firewall Install and maintain anti-virus software Use common sense.
25 The Multi-level level Defense ISP Filtering Firewall Anti-virus software YOU
26 Anti-virus programs Install and keep up to date at least one anti-virus program What capabilities should it have? Real time file checking should be able to check every file you use on your computer, as you open it Real time checking should be able to check all incoming and outgoing
27 Are two better than one? Some Anti-virus programs require more resources on your computer than others Norton and McAfee are resource intensive and will not play well with other anti-virus programs. Consider the horsepower of your computer before installing a second program, especially if you are using one of these packages. Anti-virus programs that appear to work reasonably well together are (there may be other programs as well): Authentium/Command Antivirus (www.authentium.com( AVG (www.grisoft.com( F-Prot (www.f(
28 The Last Line of Defense: YOU Learn how to identify common attributes of SPAM and virus s. Listed below are some common SPAM/virus traits but this is not a complete list. Unusual characters in the Subject line that asks you to provide confidential information, either in a reply or by asking you to go to a website. Be very careful about providing information such as: Credit Card number / Bank Account number Social Security number
29 You re still the last line of defense If it sounds too good to be true, it probably is. No, there really isn t t a former Nigerian government official that wants to share his $20,000,000 with you. Do you really want to buy stock or bonds from someone who makes his living sending unsolicited ? If the stock was really that good (or even existed), he wouldn t t need to spend his time trying to get you to buy it. How much do you want to entrust your health to a pill or lotion you saw in a SPAM , from an undocumented source, with no safety inspection or valid certification?
30 What else can we do? Don t t reward SPAM My own personal policy is to never visit a website or purchase a product as a result of SPAM. Take responsibility for your computer and use common sense Self reliance and common sense are your most effective tools. Remember, what happens to your computer is your responsibility. No software or hardware can properly protect your computer without your help.
31 SpyWare Who is Watching Me?
32 SpyWare, Adware & Malware SpyWare is any technology that aids in gathering information about a person or organization without their knowledge. AdWare is any software application in which advertising banners are displayed while the program is running. MalWare is short for malicious software, software designed specifically to damage or disrupt a system, such as a virus or a Trojan horse.
33 How did I get this? SpyWare SpyWare applications are typically bundled as a hidden component of freeware or shareware programs that can be downloaded from the Internet. Trojans/Malware can be installed without the user's consent, as a drive-by download,, or as the result of clicking some option in a deceptive pop-up window. Trojans/Malware
34 Typical SpyWare/Maleware Developer Tricks Hide it inside another program's installer. Keep asking to install until the user says Yes. Create a false pretense for the user needing the software. Hide software out in group directories on peer-to peer networks. Design it to look essential, or to be invisible. Design it not to uninstall, even when asked.
35 Common Applications that have or are SpyWare Comet Cursor Bonzi Buddy InterNet Games CoolWebSearch Weather Bug Incredimail Snood & Dynomite Web Search Toolbars Instant Messengers File Sharing Programs Kazaa Morpheus
36 Things SpyWare/Malware can do Monitor your keystrokes Collect information about you and your surfing habits Modify system settings Redirect your browser Send/Receive cookies to other SpyWare programs Leave a backdoor open for hackers Install other programs directly onto you PC Load adult orientated images on your PC Dial a service, most likely adult content sites, for which you will be billed!
37 Signs of SpyWare/Malware Does your computer seem slow? Do you see programs you don t remember installing? When you start your Internet browser, does it open to a page you've never seen before? Do you see a sudden increase in popup advertisements on pages where you've never seen them before? Antivirus messages keep popping up.
38 Ways to avoid SpyWare/Malware Keep Windows up to date. Keep your Antivirus up to date. Install software only from Web sites you trust. Read the fine print on free software. There is no such thing as a free lunch Use a tool to help detect and remove unwanted software.
39 IE Defense Set your Internet Security settings to at least Medium. Open Internet Explorer and click the Tools menu and then the Internet Options...sub sub-menu. Click on the Security tab at the top. Next click on the Internet icon. The Security Level bar should be set to Medium. Next click on the Restricted Sites icon. The Security Level bar should be set to High. Next click on the Trusted Sites icon. The Security Level bar should be set to Low.
40 Pop up Blockers The Google Toolbar - for IE Maxthon Tabbed Browser
41 Spybot (Search & Destroy)
42 Ad-Aware Aware
44 Tools of Defense Set up IE in a secure fashion A good popup blocker A good Antivirus A good removal tool SpySweeper (by Webroot) Spybot-Search Search & Destroy (by Spybot) Ad-aware (by Lavasoft)
45 SpyWare Don t t Be A Victim! Questions?
46 What does RGV do to protect you?
47 Two Layered Protection RGV Outsourcers mail Filtering Spam Viruses RGV Implements its own filtering Spam Viruses Port filtering
48 August 18, 2005 Combined Domain Messages Bytes % of Bytes Blocked Msgs % of Msgs rockbridge.net 30, ,495, , Domain Viruses Quarantined rockbridge.net 180
49 What Next? RGV will introduce a new free service in October
50 Web Filtering Residential Customers Parental Control Parents will be able to control and limit their children s s use
51 Web Filtering SMB Customers Will be able to control and limit use of each employee.
52 Protect yourself Develop a policy Implement the policy Evaluate the solution Cost less in the long run Patch, Patch, Patch