Security Consultant Scenario INFO 517-900 Term Project. Brad S. Brady. Drexel University



Similar documents
How to Use Windows Firewall With User Account Control (UAC)

Maintaining, Updating, and Protecting Windows 7

Unit 3 Research Project. Eddie S. Jackson. Kaplan University. IT540: Management of Information Security. Kenneth L. Flick, Ph.D.

Quick Start. Installing the software. for Webroot Internet Security Complete, Version 7.0

Preparing Your Personal Computer to Connect to the VPN

Malware, Spyware, Adware, Viruses. Gracie White, Scott Black Information Technology Services

Top Four Considerations for Securing Microsoft SharePoint

Symantec Endpoint Protection Analyzer Report

Computer Viruses: How to Avoid Infection

Avoiding Malware in Your Dental Practice. 10 Best Practices to Defend Your Data

Avoiding Malware in Your Dental Practice. 10 Best Practices to Defend Your Data

Computer Security Maintenance Information and Self-Check Activities

OCT Training & Technology Solutions Training@qc.cuny.edu (718)

Airtel PC Secure Trouble Shooting Guide

AVeS Cloud Security powered by SYMANTEC TM

ITSC Training Courses Student IT Competence Programme SIIS1 Information Security

User Manual. HitmanPro.Kickstart User Manual Page 1

Infocomm Sec rity is incomplete without U Be aware,

ViRobot Desktop 5.5. User s Guide

Driving Company Security is Challenging. Centralized Management Makes it Simple.

Spyware. Michael Glenn Technology Management 2004 Qwest Communications International Inc.

Top tips for improved network security

Spam, Spyware, Malware and You! Don't give up just yet! Presented by: Mervin Istace Provincial Library Saskatchewan Learning

Top five strategies for combating modern threats Is anti-virus dead?

Cyber Security Solutions for Small Businesses Comparison Report: A Sampling of Cyber Security Solutions Designed for the Small Business Community

October Is National Cyber Security Awareness Month!

Internet threats: steps to security for your small business

User Guide for PCs. SecureAnywhere AntiVirus SecureAnywhere Internet Security Plus SecureAnywhere Complete Endpoint Protection

Countermeasures against Spyware

Boston University Security Awareness. What you need to know to keep information safe and secure

Technical Product Overview. Employing cloud-based technologies to address security risks to endpoint systems

PC Security and Maintenance

NATIONAL CYBER SECURITY AWARENESS MONTH

ANDRA ZAHARIA MARCOM MANAGER

Ten Tips to Avoid Viruses and Spyware

What you can do prevent virus infections on your computer

Information Security

Kaseya White Paper. Endpoint Security. Fighting Cyber Crime with Automated, Centralized Management.

Best Practice Configurations for OfficeScan (OSCE) 10.6

Basic Computer Maintenance

Retail/Consumer Client. Internet Banking Awareness and Education Program

Seven for 7: Best practices for implementing Windows 7

NCS 330. Information Assurance Policies, Ethics and Disaster Recovery. NYC University Polices and Standards 4/15/15.

SECURE SHARING AND COMMUNICATION. Protection for servers, and collaboration

McAfee Global Threat Intelligence File Reputation Service. Best Practices Guide for McAfee VirusScan Enterprise Software

BitDefender Client Security Workstation Security and Management

FAKE ANTIVIRUS MALWARE This information has come from - a very useful resource if you are having computer issues.

Trend Micro OfficeScan Best Practice Guide for Malware

TIME TO LIVE ON THE NETWORK

Best Practice Configurations for OfficeScan 10.0

How to easily clean an infected computer (Malware Removal Guide)

SecuraLive ULTIMATE SECURITY

Security Intelligence Services.

Windows 8 Malware Protection Test Report

Get Started Guide - PC Tools Internet Security

Contents. McAfee Internet Security 3

Advanced Endpoint Protection Overview

Guideline for Prevention of Spyware and other Potentially Unwanted Software

Proactive Rootkit Protection Comparison Test

Windows Operating Systems. Basic Security

Client Guide for Symantec Endpoint Protection and Symantec Network Access Control

Data Management Policies. Sage ERP Online

INTERNET & COMPUTER SECURITY March 20, Scoville Library. ccayne@biblio.org

Know the Risks. Protect Yourself. Protect Your Business.

GlobalSign Malware Monitoring

Introduction to Computer Security Table of Contents

Welcome to Part 2 of the online course, Spyware and Adware What s in Your Computer?

Cyber Security Solutions:

PROTECT YOUR COMPUTER AND YOUR PRIVACY!

Sophos Endpoint Security and Control Help. Product version: 11

HoneyBOT User Guide A Windows based honeypot solution

McAfee Internet Security Suite Quick-Start Guide

The evolution of virtual endpoint security. Comparing vsentry with traditional endpoint virtualization security solutions

Best Practices for Deploying Behavior Monitoring and Device Control

Product Guide. McAfee Endpoint Protection for Mac 2.1.0

Comodo Endpoint Security Manager SME Software Version 2.1

Barracuda Spam Firewall

NETWORK AND INTERNET SECURITY POLICY STATEMENT

Why you need. McAfee. Multi Acess PARTNER SERVICES

Spyware Doctor Enterprise Technical Data Sheet

Why is a strong password important?

Online Cash Manager Security Guide

F-Secure Anti-Virus for Mac 2015

WEB PROTECTION. Features SECURITY OF INFORMATION TECHNOLOGIES

Security Practices Essentials. Viruses McAfee Virus Software Critical Windows Updates Network Settings. Spyware Adaware Spybot Windows Defender

How To Protect A Virtual Desktop From Attack

Transcription:

Security Consultant Scenario INFO 517-900 Term Project Drexel University Author Note This paper was prepared for INFO-517-900 taught by Dr. Scott White.

Table of Contents ABSTRACT.1 THE INTERVIEW...2 THE SCENARIO.2 RESEARCHING THE SPYWARE.3 REMOVING THE EXISTING SPYWARE 3 PROTECTING THE WORKSTATIONS FROM FURTHER SPYWARE ATTACKS.4 EMPLOYEE TRAINING.6 CONCLUSION.7 REFERENCES.9

Abstract The purpose of this paper is that as an information security consultant, I am asked to provide an example scenario in which a company, an international investment firm, may be attacked. After giving the potential scenario attack, I will provide how the attack may occur through the organizations email server and infect vulnerable workstations and from whom the attack could occur from. I will explain in detail what to do with infected workstations as far as detection of spyware, researching the spyware to better understand the threat assessment and how it occurred and best practices for removing and preventing it from occurring. Last I will explain how I would defend against further attacks and what training is needed to provide to employees about not opening questionable attachments or links. For the purposes of this paper I am basing my scenario off the investment firm having 250+ Windows workstations (Windows 7 Enterprise) and using Windows 2008 server R2 for file server, Exchange 2013, print server, DNS server, virus management, etc.

The Interview An international investment company has requested an interview with me for a potential security consulting position. During the interview process I am asked to give a scenario in which their company may be attacked. I am also asked what I would do to determine who attacked them and how they attacked them. In addition to their specific questions I will provide them with ways to prevent similar attacks in the future. The Scenario For my scenario, I give my interviewers an example of a malicious software or malware attack, where a program is inserted into a system, usually covertly, with the intent of compromising the confidentiality, integrity, or availability of the victim s data, applications, or operating system or otherwise annoying or disrupting the victim (Stallings & Brown, 2012). I inform the people interviewing me that malware is designed to damage, destroy, or deny service to the target systems (Whitman & Mattord, 2012). To be a little more specific the type of malware I would imagine a hacker would use on an investment firm to gain access to sensitive information would most likely be a form of spyware. For those in the interview, I explain what

spyware is exactly and how spyware is not always malicious software that just tracks our Internet habits but has evolved into Malware that can cause significant damage to a company s data. Spyware collects information from a computer and transmits that information to another system by monitoring key strokes, screen data, and or network traffic or by scanning files on the system for sensitive information. Researching the Spyware After the spyware has been detected on the system(s) it is a good idea to research what exactly that particular spyware can do to a system. Using an anti-malware program such as Norton to provide the name of the cookie, executable file, DLL etc. on the infected PC(s). Once the name of the spyware has been determined, perform a search (Google it) with the name of the infected file. This search will typically find the technical description of the spyware in addition to the threat assessment of that particular spyware. Websites such as SpywareInfo.com is also a great site for finding information out about that particular spyware as well as informative forums and tutorials on the most successful ways to remove the spyware from the computer. Removing the Existing Spyware In my experience, most freeware tools are not very reliable when it comes to removing malicious software such as spyware and the best way to remove spyware is by installing a commercial spyware and removal software such as Symantec Endpoint Protection (Symantec Endpoint Protection, 2013) or Barracuda (Barracuda Web Filter, 2013). Before installing any

spyware removal software, it is important to cleanup as much of the spyware as possible by using tools such as Norton Power Eraser. It is also a good idea to create a system restore point in case during the removal process something goes wrong, you can always return the system to its former state (Tittel, n.d.). The following steps are used to remove spyware from a Windows based machine: Shut down all open applications Delete temporary Internet files Run spyware removal application (i.e. Norton Power Eraser) from external device (USB drive) Run an antispyware program such as Norton s or Barracuda which runs a system scan and create and save a log file with time/date stamp to the My Documents folder. View results and select any potential infected files and select delete, quarantine or fix/repair this file(s). Reboot machine and see if everything appears to be working correctly. If not perform a system restore. If the system doesn t boot at all press F8 during the boot process and select Last Known Good Configuration. After the system boots, then roll back the machine to the restore point.

Protecting the Workstations from further Spyware Attacks The first line of defense for any organization is to protect themselves from the threat of spyware is by using a firewall. Many organizations to not make proper use of their firewall and therefore leave their systems vulnerable to malicious attacks and risk data and sensitive information from being compromised. Since the investment company has 250 + workstations, using group policy is the most effective and efficient way In order to protect the corporate email server vulnerabilities (Exchange 2013) from spyware and emailing it out to employees, Microsoft (Microsoft, 2013) offers several anti-malware protections in Exchange 2013: Built-in anti-malware protection: This basic service can be turned off, replaced or paired with a cloud-based service to provide a layered defense from spyware threats. Cloud-hosted anti-malware protection: It is recommended to purchase the Microsoft Forefront Online Protection of Exchange (FOPE) hosted email filtering service. This service leverages partnerships with the best of breed anti-malware engines, providing efficient, cost effective, multi layered anti-malware protection. Third-party anti-malware protection: You may also want to use a third-party antimalware protection program such as Barracuda in addition to the anti-malware programs provided by Microsoft.

Employee Training Odds are spyware is going to slip through even the best most comprehensive antimalware protection there is on the market. That being said, one of the best ways to prevent spyware is to educate users on the dangers of spyware and requiring security awareness training for users from the top executives to the receptionists, janitors, etc. basically anyone within the organization that uses a computer. Employees should be made aware of the dangers of opening suspicious emails or browsing the Internet and clicking on suspect webpages. Failure to adhere to safe practices can lead to compromised data. Employees must be made aware that attackers know the value of data to an organization and that it motivates attackers to steal, sabotage, or corrupt data (Whitman & Mattord, 2012). After training has been completed, employees should be required to sign an acceptable use policy, showing that they understand what is required of them to help protect the company s assets, and an explanation of how security measurements will be carried out and enforced (Dubin, 2005) This training should occur at least once a year and should be training should be reinforced with monthly newsletters that cover security awareness tips. Awareness training should cover the following: Safe web surfing Acceptable uses for the Internet Policies for downloading software

Tips on spotting potentially infected desktops When to contact the help desk. In addition to training and monthly IT newsletters, employees should be tested by having the IT department email employee s suspicious emails (an email that appears out of the scope of their job) to see how the employees respond to the suspicious email. If they click on the link or open the attachment, it will send the employee a notification that they should not have either clicked on the link or opened the attachment and they will be sent a follow up email explaining the dangers of opening suspicious emails and that he or she can expect another suspicious email within a certain time frame to see if they follow the organizations security policy for employees. If the employee does not open the email, then he or she will be commended for following the correct security procedure. Conclusion In concluding my scenario, I felt the best approach for me was to cover all of the bases regarding malware, particularly spyware. The first step was to determine that spyware is indeed on the computer(s), followed by the recommended steps for removing the spyware and determining which files are infected and can those infected files be cleaned and restored or need to be deleted and will deleting those files compromise the computers performance. After

cleaning the system or having to reimage the computer, it is important to make sure that computer is protected as well as determine if other systems within the organization are infected as well. During this time it is of even of more importance to make sure the organizations systems are fully protected with the latest anti-malware/virus definitions as well as securing up any holes that may exist with the systems firewall, Exchange server and so on. The last item in my scenario was employee training. I felt employee best practices and thorough training is the best way to prevent malware, viruses, and other dangerous threats from infecting employee workstations and that maintaining those training concepts throughout the year is the best defense against system threats.

References Barracuda Web Filter. (2013). Retrieved from Barracuda: https://www.barracuda.com/products/webfilter?&a=google-na_webfilter- General_SpywareRemoval&kw=spyware%20removal&gclid=CL7dr_Da9roCFdBlOgod_UcAVQ Dubin, J. (2005, September ). Security awareness training: How to educate employees about spyware. Retrieved from Search Security: http://searchsecurity.techtarget.com/tip/security-awarenesstraining-how-to-educate-employees-about-spyware Microsoft. (2013, August 7th). Anti-Malware Protection. Retrieved from Technet: http://technet.microsoft.com/en-us/library/jj150547(v=exchg.150).aspx Stallings, W., & Brown, L. (2012). Computer Security: Principals and Practice. Upper Saddle River, NJ: Pearson. Symantec Endpoint Protection. (2013). Retrieved from Symantec: http://www.symantec.com/endpointprotection Tittel, E. (n.d.). How to detect spyware on corporate PCs. Retrieved from Search CIO-Midmarket: http://searchcio-midmarket.techtarget.com/tip/how-to-detect-spyware-on-corporate-pcs Whitman, M. E., & Mattord, H. J. (2012). Principals of Information Security. Boston: Course Technology.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information