NewNet 66 Network Security

Similar documents
Malware, Spyware, Adware, Viruses. Gracie White, Scott Black Information Technology Services

How Spyware and Anti-Spyware Work

PC Security and Maintenance

What's the difference between spyware and a virus? What is Scareware?

Frequent Smart Updates: Used to detect and guard against new infections as well as adding enhancements to Spyware Doctor.

Security Practices Essentials. Viruses McAfee Virus Software Critical Windows Updates Network Settings. Spyware Adaware Spybot Windows Defender

Guideline for Prevention of Spyware and other Potentially Unwanted Software

Brazosport College VPN Connection Installation and Setup Instructions. Draft 2 March 24, 2005

MacScan. MacScan User Guide. Detect, Isolate and Remove Spyware

Airtel PC Secure Trouble Shooting Guide

Contents. McAfee Internet Security 3

Ohio University Computer Services Center October, 2004 Spyware, Adware, and Virus Guide

1 Introduction. Agenda Item: Work Item:

Payment Fraud and Risk Management

Quick Start. Installing the software. for Webroot Internet Security Complete, Version 7.0

Spyware and Adware What s in Your Computer?

Essentials of PC Security: Central Library Tech Center Evansville Vanderburgh Public Library

User Guide for the Identity Shield

Setting up VPN and Remote Desktop for Home Use

Frequently Asked Questions: Xplornet Internet Security Suite

Deter, Detect, Defend

Spyware and Viruses. There is a distinct difference between spyware and viruses.

ANDRA ZAHARIA MARCOM MANAGER

Corporate Account Takeover & Information Security Awareness

Security and Protection in Real-Time

THE HOME LOAN SAVINGS BANK. Corporate Account Takeover & Information Security Awareness

Welcome to Part 2 of the online course, Spyware and Adware What s in Your Computer?

Don t Fall Victim to Cybercrime:

When you listen to the news, you hear about many different forms of computer infection(s). The most common are:

HoneyBOT User Guide A Windows based honeypot solution

Setting up VPN and Remote Desktop for Home Use

Introduction to Computer Security Table of Contents

Countermeasures against Spyware

Mifflinburg Bank & Trust. Corporate Account Takeover & Information Security Awareness

Securing small business. Firewalls Anti-virus Anti-spyware

Remote Deposit Quick Start Guide

Computer Security Maintenance Information and Self-Check Activities

The information contained in this session may contain privileged and confidential information. This presentation is for information purposes only.

1 Introduction. Agenda Item: Work Item:

Server Internet Veiligheidspakket Administrator s guide. Administrator s Guide Internet Veiligheidspakket voor Server s

Spyware Doctor Enterprise Technical Data Sheet

System Administrator Guide

Trend Micro OfficeScan Best Practice Guide for Malware

System Compatibility. Enhancements. Operating Systems. Hardware Requirements. Security

National Cyber Security Month 2015: Daily Security Awareness Tips

Instructions for use the VPN at the Warsaw School of Economics

Get Started Guide - PC Tools Internet Security

Why is a strong password important?

F-Secure Anti-Virus for Mac 2015

Spyware: Securing gateway and endpoint against data theft

K7 Business Lite User Manual

TRAINING FOR AMERICAN MOMENTUM BANK CLIENTS. Corporate Account Takeover & Information Security Awareness

Online Banking Fraud Prevention Recommendations and Best Practices

WHY DOES MY SPEED MONITORING GRAPH SHOW -1 IN THE TOOLTIP? 2 HOW CAN I CHANGE MY PREFERENCES FOR UPTIME AND SPEED MONITORING 2

ANTIVIRUS AND SECURITY SOFTWARE

ESET CYBER SECURITY PRO for Mac Quick Start Guide. Click here to download the most recent version of this document

Security and Usability of Anti-spyware software

Understanding Spyware

Corporate Account Takeover & Information Security Awareness. Customer Training

User Guide. You will be presented with a login screen which will ask you for your username and password.

Tahoe Tech Group serves as your technology partner with a focus on providing cost effective and long term solutions.

Best Practices for Deploying Behavior Monitoring and Device Control

Aventail Connect Client with Smart Tunneling

Software. Webroot. Spy Sweeper. User Guide. for. Webroot Software, Inc. PO Box Boulder, CO Version 6.


Introduction to Free Computer Tools

Ad-Aware Antivirus Overview

How to Use Remote Access Using Internet Explorer

Reliance Bank Fraud Prevention Best Practices

Statistical Analysis of Internet Security Threats. Daniel G. James

Spam, Spyware, Malware and You! Don't give up just yet! Presented by: Mervin Istace Provincial Library Saskatchewan Learning

Business Internet Banking / Cash Management Fraud Prevention Best Practices

USER GUIDE: MaaS360 Services

Business ebanking Fraud Prevention Best Practices

How Do People Use Security in the Home

Malware & Botnets. Botnets

FortKnox Personal Firewall

Virus Definition and Adware

FAKE ANTIVIRUS MALWARE This information has come from - a very useful resource if you are having computer issues.

Cox Business Premium Security Service FAQs

McAfee Labs Combating Fake Alert infections. - Amith Prakash, Global Threat Response

How to easily clean an infected computer (Malware Removal Guide)

OCT Training & Technology Solutions Training@qc.cuny.edu (718)

ViRobot Desktop 5.5. User s Guide

LifeCyclePlus Version 1

Using XP Service Pack 2 with Cameleon

Net Protector Admin Console

Infocomm Sec rity is incomplete without U Be aware,

CamGuard Security System CamGuard Security System Manual

RAPID BROADBAND INSTALLATION RAPID BROADBAND SUPPORT CONTACT DETAILS. AND TROUBLESHOOTING GUIDE. Tel:

Recognizing Spam. IT Computer Technical Support Newsletter

Keeping you and your computer safe in the digital world.

Interacting with Users

F-Secure Anti-Virus for Windows Servers. Administrator's Guide

Web Plus Security Features and Recommendations

AHS Computing. IE 7 Seminar

Charter Business Desktop Security Administrator's Guide

Security from the Ground Up eblvd uses a hybrid-asp model designed expressly to ensure robust, secure operation.

F-Secure Internet Security 2012

VPN: Using WebVPN SSL Client This document outlines the process for using the WebVPN SSL with Internet Explorer and Firefox

Transcription:

NewNet 66 Network Security Spyware... Understanding the Threat What is Spyware? Spyware is an evolved term. In the mid 90s, it was used to refer to high-tech espionage gadgets. By the late 90s, it became a computer security term, when the concern about companies tracking individual computer usage first erupted into a serious issue. By early 2000, it had become an allencompassing term; it was used broadly to refer to software that delivers ads, programs that silently install, applications that are tough to get rid of, or remote access tools that lock a person out of his or her own computer. Since then, the term has continually gained notoriety. So really, what is it? Spyware can be understood on two levels. First, it is a general term, ranging from applications that may upon installation carry harmful programs, to downright malicious programs like Trojans and dialers. Second, it is conceptually defined as an application that affects a user s privacy, performs surveillance, or poses significant harm without appropriate consent in proportion to that harm. Is Spyware profitable? (You bet it is!) To gain a clear understanding of how companies make money using spyware read the article located at the link below. While this article was written in November of 2003, it's accuracy regarding the monetary value of Spyware is still valid today. http://msnbc.msn.com/id/3541497 IT surveys from many companies around the globe have determined that Spyware falls into three categories. Percentages may vary but the magnitude of the threats are still the same. Severe Threats - 15% of spyware threats send private information gathered from the end user currently logged on to the infected system: logging the user's keystrokes, logged-on user name, hash of the administrator passwords, email addresses, contacts, instant messengers login and usage, and more. Moderate Threats - 25% of spyware sends information gathered from the victim's operating system, including the computer (host) name, domain name, logs of all processes running in memory, installed programs, security applications, client's internal IP address, OS version, the existence and versions of service packs and security updates, TCP ports the spyware is listening to, computer Security Identifier (SID), default browser's homepage, browser plug-ins, etc. Minor Threats - 60% of spyware transmits gathered commercial-value information about the end user's browsing habits. This includes keywords used in search enngines, browsing habits and ratings of frequently visited websites, shopping reports etc.

The Signs of Computer Spyware Recognizing the signs of spyware infection on your computer is an important step in securing your interests. These signs include: 1. Significant increase in network activity 2. Significant decrease in PC performance 3. Strange, dialog boxes, asking suspicious questions 4. New modem dialup connections 5. System instability 6. Excessive pop-up windows 7. Website re-direction 8. New toolbars, menus or buttons 9. Persistent homepage address changes 10. Default search engine change 11. New taskbar icons 12. New items in Favorites 13. Excessive hyperlinks added to webpages What does Spyware do when it infects your machine? Spyware can do any number of things once it is installed on your computer. At a minimum, most spyware runs as an application in the background as soon as you start your computer up, hogging RAM and processor power. It can generate endless pop-up ads that make your Web browser so slow it becomes unusable. It can reset your browser's home page to display an ad every time you open it. Some spyware redirects your Web searches, controlling the results you see and making your search engine practically useless. It can also modify the DLLs (dynamically linked libraries) your computer uses to connect to the Internet, causing connectivity failures that are hard to diagnose. Certain types of spyware can modify your Internet settings so that if you connect through dial-up service, your modems dials out to expensive, pay telephone numbers. Like a bad guest, some spyware changes your machine's firewall settings, inviting in more unwanted pieces of software. There are even some forms that are smart enough to know when you try to remove them in the Windows registry and intercept your attempts to do so. Below are some examples of how spyware gets into a computer.

So how did it get into my computer? Spyware usually gets onto your machine because of something you do, like clicking a button on a pop-up window, installing a software package or agreeing to add functionality to your Web browser. These applications often use trickery to get you to install them, from fake system alert messages to buttons that say "cancel" when they really do the opposite. It is very important to remember that you can get spyware by visiting many web sites you trust and visit frequently. You don't have to visit a site "you shouldn't have" to get spyware! Piggybacked software installation - Some applications -- particularly peer-to-peer filesharing clients -- will install spyware as a part of their standard install. If you don't read the installation list closely, you might not notice that you're getting more than the filesharing application you want. This is especially true of the "free" versions that are advertised as an alternative to software you have to buy. There's no such thing as a free lunch. While it officially claims otherwise, Kazaa has been known to include spyware in its download package.

Drive-by download - This is when a Web site or pop-up window automatically tries to download and install spyware on your machine. The only warning you might get would be your browser's standard message telling you the name of the software and asking if it's okay to install it. Internet Explorer security warning If your security settings are set low enough, you won't even get the warning.

Browser add-ons - These are pieces of software that add enhancements to your Web browser, like a toolbar, animated pal or additional search box. Sometimes, these really do what they say they do but also include elements of spyware as part of the deal. Or times they are nothing more than thinly veiled spyware themselves. Particularly nasty add-ons are considered browser hijackers -- these embed themselves deeply in your machine and take quite a bit of work to get rid of. Bonzi Buddy is an "add-on" application that includes spyware in its package. Masquerading as anti-spyware - This is one of the cruelest tricks in the book. This type of software convinces you that it's a tool to detect and remove spyware. When you run the tool, it tells you your computer is clean while it installs additional spyware of its own.

Network Security. Now that we have an understanding of what spyware is, how it is used, and how it attacks your computers and networks lets think about network security in K12. Almost every school district records student information to some sort of server. This information is generally inputed to student information servers by staff members and administrators for reporting purposes. Let's do some "what if" scenarios. 1. What if - your student information server gets infected with spyware and it's the type of spyware that gathers information on the server and sends it to the bad guys. Your student records are now compromised! 2. What if - your server gets infected with spyware and it's the type that records the administrators username and password. Now who owns your student information server? 3. What if - your server is not protected by a firewall and has become infected by spyware. At this point your entire network is at risk. 4. What if - you allow peer-to-peer file sharing on your network. The above brings up some important questions that should be addressed by every school district. A. Is a firewall enough and will it protect my entire district? (probably not) B. Is my antivirus software protecting me against spyware? C. How do I really know for sure my district does not have spyware? D. What network tools are in place to protect our student information servers and how do I monitor them? E. What network tools are in place to monitor/report on spyware and other network attacks? F. Is my school district being proactive about network security? G. My school district has network security policies in place. Are they being enforced and if so, how do I know this? It is not enough to just say that "I have a firewall" or "I have virus/worm software" installed on every workstation. You must know that it is working and something must tell you when your network has been attacked. Remember; attacks can come from the "inside" or the "outside." Real World Example. Below is an example of a school district that has spyware on a workstation in their district. This district has a firewall and the firewall is configured to only allow the users in the school to access the internet using http, https, and a few other services. Spyware has taken over one workstation and the firewall logged the results.

Firewall Logs Obtaining and implementing a firewall is the first step in preventing spyware and many other network attacks. Below is a log from a Juniper NetScreen firewall indicating a server or workstation on a K12 network that is infected with spyware. The workstation or server is on IP address 192.168.1.2 and is trying to "phone home" to "the Mother Ship" on the Internet and possibly send confidential information. Note that the attempts were stopped by the firewall as no data was transferred. No Bytes Sent or Bytes Received. It is interesting to note where this server or workstation is trying to go. Destinations are in the red boxes. Rogers Cable Inc, USA TELUS Canada Companhia, Brasil Montevideo, Uruguay AAFES/Barracks, USA Quebec, Canada Canberra, Australia Bresnan Com., USA TELUS COM, BC In the example above the firewall did stop this workstation or server from "phoning home" however it is very important to understand that the spyware is also phoning home using http which is allowed in the firewall policy. In other words, the firewall stopped some of the attacks but not all.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information