computer security

Information TechnologyTraining Program

Session 1: SecurityDecember 21, 2010

Borough of West Chester

Technology Training

William MannInformation Technology Manager

Agenda:

Track-ItTech Blog

1. Passwords2. Viruses3. Trojan Horses4. Worms5. Spam

Track-ItThe following service related issues should be entered into Track-It.

• Software issues• Hardware issues• Printer issues• Application questions• Wireless issues (mobile phones)• Websense Change Requests• Toner Order Requests• Phone System Issues• Police – Recording Requests• Police – Radio System Issues• Police – Portable issues

http://cdmann-bench/TIWEB/scripts/TIWebPortal/TrackItUser.asp


Track-It


Be sure to enter the following information when entering a work order.

• Summary (title)• Priority• Type• Sub-type• Description

When a work order is created you will be sent updates and you will be able to follow the status of the work order request.


West Chester Employee’s Tech Blog

http://wctech.blogspot.com

Earlier this month I launched our new “tech blog”. The mission of this new blog is to simply offer and provide information from the world’s of technology and science. There will be a focus on current news as well as providing tips and tricks from the applications we all use everyday.

Information is power. I hope that as this tech blog grows it can help provide everyone with a little more information then you would normally have had.

http://wctech.blogspot.com/

http://wctech.blogspot.com/

Network Security

Network security is critical to everyone. Most of the information we deal with can not be released to the public and must be secure.

Network security is everyone’s responsibility.

There are many simple things you can do to help secure information.

Network SecurityPasswords

Passwords are not an “option” or “suggested. Using passwords is Borough policy.

Passwords help protect not only the employee, but the borough as well.


Here are some suggestions for coming up with some good passwords. Make sure your password does not contain words from ANY dictionary (forwards or backwards) - Most "Brute Force" programs use a list of common words and terms which they use to generate a list of possible passwords. Commonly, dictionaries from multiple languages and technical terms are used.

Use letters, numbers, AND symbols - Simply adding a string of numbers at the end of the password is typically not enough to guarantee security. The use of number and symbols through-out the password will strengthen it against "Brute Force" programs.


Make your password at least 8 characters long - The longer the password, the more tries it takes to guess the password. Keeping your password over 8 characters will increase the difficulty in guessing your password.

Avoid common number/letter replacements. (i.e. 1 and I, 3 and e) - Most "Brute Force" programs are aware of these replacements, and it uses them when creating a list of possible passwords to use.

Do not use any keyboard sequences (i.e. qwerty) - Keyboard strings are common in many passwords, and for this reason many "Brute Force" programs use them as well.


Do not use your own name - Using your own name in your password, even if it is followed by other words or numbers, increases the chance that a hacker can guess your password.

Avoid repeating small sequences of characters (i.e. abcabc) - Most "Brute Force" programs have a list of common sequences that they use when trying to generate a list of possible passwords.

Viruses, Trojan Horses and Worms Oh My!

Only knowledge and common sense can truly protect you in the virtual world so you better listen up!

Go Ahead – Dare Us!!

Yeah – You humans make us laugh! We hate

smart people!


Just like in the real world, threats come in all shapes and sizes and most don’t announce themselves or their intentions before striking.

Just like in the real world, you need to protect yourself using common sense.

You can go a long way in protecting yourself from these virtual bad guys by simply not opening any attachment you did not specifically ask for and by avoiding “questionable” websites.


Are there different types of Viruses?

Boot viruses: These viruses infect floppy disk boot records or master boot records in hard disks. They replace the boot record program (which is responsible for loading the operating system in memory) copying it elsewhere on the disk or overwriting it. Boot viruses load into memory if the computer tries to read the disk while it is booting.

Program viruses: These infect executable program files, such as those with extensions like .BIN, .COM, .EXE, .OVL, .DRV (driver) and .SYS (device driver). These programs are loaded in memory during execution, taking the virus with them. The virus becomes active in memory, making copies of itself and infecting files on disk

Unfortunately there are many types just like in the real world! Here are some of them.

YES!


Multipartite viruses: A hybrid of Boot and Program viruses. They infect program files and when the infected program is executed, these viruses infect the boot record. When you boot the computer next time the virus from the boot record loads in memory and then starts infecting other program files on disk.

Stealth viruses: These viruses use certain techniques to avoid detection. They may either redirect the disk head to read another sector instead of the one in which they reside or they may alter the reading of the infected file’s size shown in the directory listing. For instance, the Whale virus adds 9216 bytes to an infected file; then the virus subtracts the same number of bytes (9216) from the size given in the directory.


Polymorphic viruses: A virus that can encrypt its code in different ways so that it appears differently in each infection. These viruses are more difficult to detect.

Macro Viruses: A macro virus is a new type of computer virus that infects the macros within a document or template. When you open a word processing or spreadsheet document, the macro virus is activated and it infects the Normal template (Normal.dot)-a general purpose file that stores default document formatting settings. Every document you open refers to the Normal template, and hence gets infected with the macro virus. Since this virus attaches itself to documents, the infection can spread if such documents are opened on other computers.


Active X: ActiveX and Java controls will soon be the scourge of computing. Most people do not know how to control there web browser to enable or disable the various functions like playing sound or video and so, by default, leave a nice big hole in the security by allowing applets free run into there machine. There has been a lot of commotion behind this and with the amount of power that JAVA imparts, things from the security angle seem a bit gloom.

These are just a few broad categories. There are many more specialized types. But let us not go into any more detail. We are here to learn to protect ourselves. I do not want to bore you with any more details!


If viruses are not scary enough watch out for Trojan Horses!


That’s a great question. I’m so glad you asked!

A “Trojan Horse” is a destructive program that masquerades as a benign application. Unlike viruses, Trojan horses do not replicate themselves but they can be just as destructive. One of the most insidious types of Trojan horse is a program that claims to rid your computer of viruses but instead introduces viruses onto your computer.

The term comes from the a Greek story of the Trojan War, in which the Greeks give a giant wooden horse to their foes, the Trojans, ostensibly as a peace offering. But after the Trojans drag the horse inside their city walls, Greek soldiers sneak out of the horse's hollow belly and open the city gates, allowing their compatriots to pour in and capture Troy.

Trojan horses are broken down in classification based on how they breach systems and the damage they cause.

What exactly is a Trojan Horse anyway?


There a seven main types of Trojan horses:

Remote Access TrojansData Sending TrojansDestructive TrojansProxy TrojansFTP Trojanssecurity software disabler Trojansdenial-of-service attack (DoS) Trojans

Trojan Horse IRC/Backdoor.SdBot4.FRV is a threat displayed as a threat detected by rogue program Virus Alarm. Trojan Horse IRC/Backdoor.SdBot4.FRV is not really present on computers, instead it was an exaggerated reports to scare computer users.

A Nasty Example for You

http://www.precisesecurity.com/blogs/2009/03/26/virus-alarm/


There are several ways you can protect yourself from Trojan Horses!

Don’t Panic!

What I mean is if, when you download pirated software, you often get infected by trojan horses, worms, viruses and other things. To determine a suspect site, or an entire network as well is quite easy. You just have to use a little common sense.

If you on one site are granted a link to download the information you want, but you cannot seem to find it after your download is complete, this should definitely ring a bell.

Then if you click a link they provide to another site that will have the information you seek, and the same thing happens again, then leave immediately. Often you'll get a file after you have downloaded, but when you click it nothing happens. Congratulations, your infected. Probably with a Trojan horse.

This defines a suspect network, and you should never return. Forget them and go back to Google, or whatever search engine you use. You have to start all over again, and now you also need a trojan remover to get rid of these things.

Stay away from “suspect” sites!

Viruses, Trojan Horses and Worms Oh My!Don’t Panic!

Thousands of people use P2P (peer to peer) networks to spread trojan horses and other threats. What they do is to create files packed with malicious software, and then rename them to files people often search for.

Be aware that these people are very creative, so the files that have most sources are often fake. The same thing happens here. You download the file... run it... and nothing seems to happen. Well, Something happens, that's for sure. The file you just downloaded is packed with loads of trojan horses, viruses or other types of malicious software. To ensure your computers stability and your personal data, it is essential that you get your hands on a real good protection software.

Another tip is: Protect Your Email! Do NOT open emails from people you don't know that has attachments, as this could very well be trojan horses or other malicious software.A spam filter is always a useful thing to have, but they are not foolproof at all. New ways are also tried out in order to get past them. So my advice to you is that you use your common sense again.

Use caution!

If viruses & trojan horses don’t scare you maybe computer worms

will!


What exactly is a computer worm anyway?


Computer Worms are reproducing programs that run independently and travel across network connections. The main difference between viruses and worms is the method in which they reproduce and spread.

A virus is dependent upon a host file or boot sector, and the transfer of files between machines to spread, while a worm can run completely independently and spread itself through network connections.

An example of a worm is the famous internet worm of 1988: Overnight the worm copied itself across the internet, infecting every Sun-3 and VAX system with so many copies of itself that the systems were unusable. Eventually several sites disconnected themselves from the internet to avoid reinfection.

Are there different types of worms?


Sadly.. Yes!

Spreading goes via infected email messages. Any form of attachment or link in an email may contain a link to an infected website. In the first case activation starts when the user clicks on the attachment while in the second case the activation starts when clicking the link in the email. Known methods to spread are:- MS Outlook services- Direct connection to SMTP servers using their own SMTP API- Windows MAPI functions

This type of worms is known to harvest an infected computer for email addresses from different sources. - Windows Address Book database [WAB]- MS Outlook address book- Files with appropriate extensions will be scanned for email like strings Be aware that during spreading some worms construct new sender addresses based on possible names combined with common domain names. So, the sender address in the email doesn't need to be the originator of the email.

Email Worms


The spreading used is via instant messaging applications by sending links to infected websites to everyone on the local contact list. The only difference between these and email worms is the way chosen to send the links.

Instant Messaging Worms

Nasty ones. These ones will scan all available network resources using local operating system services and/or scan the Internet for vulnerable machines. Attempt will be made to connect to these machines and gain full access to them. Another way is that the worms scan the Internet for machines still open for exploitation i.e. not patched. Data packets or requests will be send which install the worm or a worm downloader. If succeeded the worm will execute and there it goes again!

Internet Worms


Chat channels are the main target and the same infection/spreading method is used as above - sending infected files or links to infected websites. Infected file sending is less effective as the recipient needs to confirm receipt, save the file and open it before infection will take place.

IRC Worms

Copies itself into a shared folder, most likely located on the local machine. The worm will place a copy of itself in a shared folder under a harmless name. Now the worm is ready for download via the P2P network and spreading of the infected file will continue.

File Sharing Worms


OK – that’s a lot of scary information so I want to help you protect your computer… and yourself.

1. Never open a file attachment sent to you from an unknown source. In most cases, the safest thing to do is delete them as soon as you see them in your mailbox.

2. Understand that patches and updates for programs are rarely distributed by email. (Microsoft and other reputable companies use other means, which are more secure.)


3. Never open a file unless you know what it is. If you've received it from someone you know, ask him or her about it. (They may have a virus infection that is mailing out copies of itself without their knowledge.)

4. Files containing virus content are always sent disguised in some way. For example, the message may say a screensaver, bill or invoice is attached.

5. Always use Windows Update to ensure that the latest security patches from Microsoft are installed on your system. If you don't do that then make regular visits to Microsoft's web site to check for update patch availability. (Go to www.microsoft.com and select Windows Update from the left side menu.)

http://www.microsoft.com/


6. Last, and most important, every computer must have anti-virus software installed and running whenever the computer is switched on - and without fail, the virus definition programs should be kept up to date each and every week. Some programs such as Symantec, McAfee AntiVirus or AVG can be configured to automatically check for updates several times a day while some programs require manual updating by connecting to the product update site. If you have not updated your viral signatures recently then go to the program supplier's web site and download any updates now!

The good news is that the borough network is protected by industry standard Anti-Virus software but make sure you have good protection at home as well!


Protect Yourself at Home! For Free!

There is no reason to pay for anti-virus software at home.

There are many free solutions that work just fine (if you keep them updated that is).

My Top 4 Free Suggestions

AVG Anti-Virus Free EditionAvira AntiVir Personal EditionMicrosoft Security Essentials Avast! Free Antivirus

What is Spam ?

Spam is flooding the Internet with many copies of the same message, in an attempt to force the message on people who would not otherwise choose to receive it.

Most spam is commercial advertising, often for dubious products, get-rich-quick schemes, or quasi-legal services. Spam costs the sender very little to send -- most of the costs are paid for by the recipient or the carriers rather than by the sender.

Postini and your Work Email

The borough utilizes the google service, “Postini” to help us combat spam and keep your inboxes as clean as possible.

You should log into Postini from time to time and check your “junk mail”.

You can also increase the levels (1 to 5) of the spam filters if necessary.

https://login.postini.com/exec/login

https://login.postini.com/exec/login

Future IT Training

Additional employee training will be available on a quarterly basis starting in 2011, with each training session focusing on a specific area.

Does anyone have any ideas or suggestions for future IT training sessions?