Workstation, Server and Network Security

1
Workstation, Server and Network Security

• Technology Series 1
• A review of Spyware, Malware, Trojan, Worm, and
  Virus threats and how to detect and stop them

2
Learning How to Secure Information Systems

• Learning by doing
• There is really only one way to learn how to do
  something and that is to do it. If you want to
  learn to throw a football, drive a car, build a
  mousetrap, design a building, cook a stir-fry, or
  be a management consultant, you must have a go at
  doing it. Throughout history, youths have been
  apprenticed to masters in order to learn a trade.
  We understand that learning a skill means
  eventually trying your hand at the skill. When
  there is no real harm in simply trying we allow
  novices to "give it a shot."
• Parents usually teach children in this way. They
  don't give a series of lectures to their children
  to prepare them to walk, talk, climb, run, play a
  game, or learn how to behave. They just let their
  children do these things. We hand a child a ball
  to teach him to throw. If he throws poorly, he
  simply tries again. Parents tolerate sitting in
  the passenger seat while their teenager tries out
  the driver's seat for the first time. It's
  nerve-wracking, but parents put up with it,
  because they know there's no better way.
• When it comes to school, however, instead of
  allowing students to learn by doing, we create
  courses of instruction that tell students about
  the theory of the task without concentrating on
  the doing of the task. It's not easy to see how
  to apply apprenticeship to mass education. So in
  its place, we lecture.

3
Learning How to Secure Information Systems

• Information Systems are Inherently Complex
• Because of their Complexity, there is no simple
  or easy way to learn how these systems function.
  One must have a good understanding of all aspects
  of Information Systems being an expert on one or
  more parts of the system is not sufficient.

4
Learning How to Secure Information Systems

• Learn Information Security in 24 hours?
• Walk into any bookstore, and you'll see how
  to Teach Yourself Java in 7 Days alongside
  endless variations offering to teach Visual
  Basic, Windows, the Internet, and so on in a few
  days or hours.
• The conclusion is that either people are in a
  big rush to learn about computers, or that
  computers are somehow fabulously easier to learn
  than anything else. There are no books on how to
  learn Beethoven, or Quantum Physics, or even Dog
  Grooming in a few days.

5
Learning How to Secure Information Systems

• Learning how to secure your Computer
• Learning How to secure Information Systems Is
  not an easy task. In fact even determining
  potential risks or threats is not easy. This
  workshop will cover Information System Security
  from a Global Perspective, but will focus on
  securing Individual Computers. The Principals
  governing Information Systems and the Computer
  System which functions as your workstation are
  similar but security for the individual
  workstation will be much easy to accomplish (and
  probably of greater use to most people,
  especially those who are not Technicians or
  Systems people).

6
Securing Information Systems

• Securing the Workstation or Local Computer?
• There are three basic types of ISS (Information
  Systems Security) methods
• Centralized ISS which depends upon securing the
  network at its point of entry
• Local or Distributed ISS which focus security on
  the individual Workstations and Servers in the
  Network
• And a Blended ISS which focuses certain aspects
  of Security at either the Network or Local levels
• Each Approach has good and not so good attributes
  especially when one is attempting to optimize
  Network, Workstation and Server performance

7
What is Optimization with respect to ISS?

• All Systems Management strives for Optimization
• Optimization considers Resource Utilization
  from the perspective of Efficiency
• How well the system functions or its
  effectiveness
• And the best mix of resource allocation
  (efficiency) and System Effectiveness (How well
  the system is functioning).

8
What are Security threats?

• Anything which either directly or indirectly
  effects legitimate user control over their
  Network, Workstation or Server
• Information systems security (INFOSEC and/or
  ISS) The protection of information systems
  against unauthorized access to or modification of
  information, whether in storage, processing or
  transit, and against the denial of service to
  authorized users, including those measures
  necessary to detect, document, and counter such
  threats.

9
ISS (Information Systems Security)

• Applies to all aspects of Information Systems
• There are many different types of Security
  threats. While there were always Security threats
  present in Information Systems they were
  generally not public knowledge until the
  appearance of the Internet in the early 1990s

10
ISS (Information Systems Security)

• What is Systems Security
• Systems Security is the process of preventing and
  detecting unauthorized use of your computer.
  Prevention measures help you to stop unauthorized
  users (also known as "intruders") from accessing
  any part of your computer system. Detection helps
  you to determine whether or not someone attempted
  to break into your system, if they were
  successful, and what they may have done.

11
Types or Categories of Security Threats

• Human or Social-Based Threats
• Physical or Hardware-Based Threats
• Programming or Software-Based Threats

12
Types or Categories of Security Threats

• Human or Social-Based Threats
• Essentially involve what Hackers like to call
  Social Engineering based threats. Leaving
  passwords in an obvious place, using weak
  passwords, or allowing other individuals to
  access the machine.
• Surprisingly, these types of Security breaches
  are the most common and, also the easiest to
  prevent.

13
Types or Categories of Security Threats

• Physical or Hardware-Based Threats
• Having machines exposed in non-secure
  environments, especially servers containing
  critical information and data
• Using old or unstable hardware which could lead
  to loss of critical data
• Lack of sufficient Backup of Critical Information
  could cause a serious loss in the event of
  Network Disruption of Compromise

14
Types or Categories of Security Threats

• Programming or Software-Based Threats
• These threats can be caused by insecure Operating
  Systems, insecure or bug-laden Software
  Applications
• A major problem with Windows-based Operating
  Systems is the close integration between OS
  components and Software Application (Office)
  components. This allows a threat which
  compromises the Application to easily access and
  compromise the OS.
• Specific Software which is written and designed
  to Compromise Systems Security. These include
  Spyware, Malware, Trojan, Worm, and Virus threats.

15
Types or Categories of Security Threats

• Malware is Hardware, software, or firmware that
  is intentionally included or inserted in a System
  for a harmful purpose. Malware can be classified
  in several ways, including on the basis of how it
  is spread, how it is executed and/or what it
  does. The main types of Malware include Worms,
  Viruses, Trojans, Backdoors, Spyware, Rootkits
  and Spam.

16
Types or Categories of Security Threats

• Spyware and Adware Spyware or Adware is
  software that in installed in a computer for the
  purpose of covertly gathering information about
  the computer, its users and/or or other computers
  on the network to which it is connected. The
  types of information gathered typically are user
  names and passwords, web browsing habits,
  financial data (e.g., bank account and credit
  card numbers) or trade secrets. A common
  application of spyware is to provide pop-up
  advertisements that are targeted at individual
  users based on their web surfing habits.

17
Types or Categories of Security Threats

• Worms and Viruses are Computer Programs that
  replicate themselves without human intervention.
  The difference is that a virus attaches itself
  to, and becomes part of, another Executable
  (i.e., runnable) program, whereas a worm is
  self-contained and does not need to be part of
  another program to replicate itself. Also, while
  viruses are designed to cause problems on a local
  system and are passed through Boot Sectors of
  disks and through e-mail attachments and other
  files, worms are designed to thrive in a Network
  environment. Once a worm is executed, it actively
  seeks other computers, rather than just parts of
  systems, into which to make copies of itself.

18
Types or Categories of Security Threats

• Trojans or Trojan Horses is software that is
  disguised as a legitimate program in order to
  entice users to download and install it. In
  contrast to worms and viruses, trojans are not
  directly self-replicating. They can be designed
  to do various harmful things, including corrupt
  files (often in subtle ways), erase data and
  install other types of malware.

19
Types or Categories of Security Threats

• Backdoor - A backdoor (usually written as a
  single word) is any hidden method for obtaining
  remote access to a computer or other system.
  Backdoors typically work by allowing someone or
  something with knowledge of them to use special
  passwords and/or other actions to bypass the
  normal authentication (e.g., user name and
  password) procedure on a remote machine (i.e., a
  computer located elsewhere on the Internet or
  other network) to gain access to the all-powerful
  root (i.e., administrative) account. Backdoors
  are designed to remain hidden to even careful
  inspection.

20
Types or Categories of Security Threats

• Rootkit - A rootkit is software that is secretly
  inserted into a computer and which allows an
  intruder to gain access to the root account and
  thereby be able to control the computer at will.
  Rootkits frequently include functions to hide the
  traces of their penetration, such as by deleting
  log entries. They typically include backdoors so
  that the intruder can easily gain access again at
  a later date, for example, in order to attack
  other systems at specific times.

21
Types or Categories of Security Threats

• Spam - Spam is unwanted e-mail which is sent out
  in large volume. Although people receiving a few
  pieces of spam per day might not think that it is
  anything to be too concerned about, it is a major
  problem for several reasons, including the facts
  that its huge volume (perhaps half or more of all
  e-mail) places a great load on the entire e-mail
  system, it often contains other types of malware
  and much of its content is fraudulent.
  Organizations typically have to devote
  considerable resources to attempting to filter
  out and delete spam while not losing legitimate
  e-mail, thereby distracting them from their
  primary tasks.

22
Types or Categories of Security Threats

• Poorly Written Software - Similar damage can
  result from poorly written software, which, like
  malware, is extremely common. Although the
  distinction between the two at times can be
  subtle, in general the difference is that malware
  is created entirely or mainly for the purpose of
  doing harm or otherwise benefiting its creator at
  the expense of others, whereas the desire to do
  harm is not the main purpose of poorly written
  software.

23
Types or Categories of Security Threats

• Poorly Written Software - The continuous
  existence of numerous and serious security holes
  and other defects in some of the most popular
  commercial software might, in fact, do as much,
  or even more, damage to the economy as malware.
  No reliable data is available, although the cost
  of each is clearly in the multiple billions of
  dollars per year, according to most industry
  sources. One reason for the lack of reliable data
  is that many victims, including large
  corporations, are reluctant to reveal the
  existence or extent of damage. Another is the
  difficulty in determining how to allocate the
  damage between malware and poorly written
  software, as the two are often intimately related.

24
Types or Categories of Security Threats

• Poorly Written Software - There has been much
  speculation as to why security remains such a big
  problem for some of the most widely used
  commercial software. The most likely explanation
  is that there is no strong incentive to improve
  it. This may be in part because a full-scale
  cleanup would be very costly, as much of the
  software is extremely large and complex. But also
  to be kept in mind is the fact that the computer
  security business, including the sale of
  security-related software (e.g., anti-virus
  programs), the use of security consultants, and
  the sale of new, supposedly more secure versions
  of defective software, are very large and
  profitable businesses.

25
Types or Categories of Security Threats
Protection

• Poorly Written Software - Among the various ways
  in which this is accomplished is through the use
  of a fine-grained system of ownership and
  permissions for each file, directory and other
  object on the system, thereby giving an added
  layer of protection to critical system files.
  Another is by making the source code freely
  available on the Internet for programmers from
  around the world to inspect for possible security
  holes and other problems, rather than attempting
  (often unsuccessfully) to keep the code secret.

26
Types or Categories of Security Threats
Protection

• Poorly Written Software - There are a number of
  steps that computer users can take to minimize
  the chances of becoming infected by malware. They
  include using relatively secure software,
  providing physical security for computers and
  networks, enforcing the use of strong passwords,
  employing firewalls, using malware detection
  programs, avoiding opening e-mail attachments of
  unknown origin, avoiding the downloading of
  dubious programs and avoiding use of the root
  account except when absolutely necessary.

27
Protection on The Desktop

• Use of Multiple-Application or a Blended
  Protection Strategy
• There are many proprietary applications which
  promise to protect you computer from the various
  types of Malware. While some applications may
  function well for specific types of threats, none
  works well with all threats. The best approach is
  to run several applications on the same machine.
  This is not necessarily and easy task since often
  it is found that the scanners for many
  applications interfere with other types of
  applications.

28
Protection on The Desktop

• Use of Multiple-Application or a Blended
  Protection Strategy
• To find a mix of applications which works
  together and at the same time provides optimal
  protection requires research, study and testing
  since there are many applications available in
  both proprietary and Open-Source flavors.

29
Protection on The Desktop

• Use of Multiple-Application or a Blended
  Protection Strategy

30
Protection on The Desktop

• Use of Multiple-Application or a Blended
  Protection Strategy
• Symantec Client Security http//www.symantec.com/
  index.htm is a combination Firewall and
  Antivirus Application. The Firewall functions
  just as a firewall on the network would. It
  allows the user to restrict Port access,
  Application access from and to the Internet, and
  scans for Trojans and Worms which may be resident
  on the machine. The Virus program is automated
  and both programs can be set to update
  automatically. Symantec is a relatively good
  general purpose product, but can cause problems
  with Email disappearing if its settings are not
  correct.

31
Protection on The Desktop

• Use of Multiple-Application or a Blended
  Protection Strategy
• Symantec Client Security Also it (the newer
  versions) creates hidden user directories which
  themselves can be the target of Security
  exploits. One must follow the instructions
  carefully and become aware of how to set the
  various protect levels within the application.

32
Protection on The Desktop

• Use of Multiple-Application or a Blended
  Protection Strategy
• AdawareSE http//www.lavasoftusa.com/software/ad
  aware/
• Ad-Aware Personal provides advanced protection
  from known data-mining, aggressive advertising,
  Trojans, dialers, malware, browser hijackers, and
  tracking components. This software is
  downloadable free of charge. It is particularly
  targeted towards spyware for commercial use
  through cookies.

33
Protection on The Desktop

• Use of Multiple-Application or a Blended
  Protection Strategy
• Counterspy http//www.sunbelt-software.com/Counte
  rSpy.cfm
• One of the most comprehensive products for
  detecting and deleting malicious spyware and
  adware it can be run from a server, protecting
  each workstation on a network. Counterspy will
  run with Symantec, Spybot and Trojan Hunter,
  allowing four automated scans without
  interference, just set them to run at different
  times.

34
Protection on The Desktop

• Use of Multiple-Application or a Blended
  Protection Strategy
• SpyBot Search and Destroy
• http//www.safer-networking.org/en/support/index.h
  tml
• can detect and remove spyware of different kinds
  from your computer. Spyware is a relatively new
  kind of threat that common anti-virus
  applications do not yet cover. If you see new
  toolbars in your Internet Explorer that you
  didn't intentionally install, if your browser
  crashes, or if you browser start page has changed
  without your knowing, you most probably have
  spyware. But even if you don't see anything, you
  may be infected, because more and more spyware is
  emerging that is silently tracking your surfing
  behavior to create a marketing profile of you
  that will be sold to advertisement companies. It
  is an open source application.

35
Protection on The Desktop

• Use of Multiple-Application or a Blended
  Protection Strategy
• Trojanhunter
• http//www.misec.net/
• As its name implies it is optimized for finding
  and eliminating Trojan worms and other types of
  maleware.

36
Protection on The Desktop

• Use of Multiple-Application or a Blended
  Protection Strategy
• CLAMWIN
• http//www.clamwin.com/content/view/136/52/
• ClamWin is the windows version of ClamAV.
• Mozilla Thunderbird mailbox files are not removed
  or quarantined if an infected email is detected
  inside a mailbox as is currently done in Symantec
  Client Security. This is a freely available open
  source Application and can run with most other
  scanners.

37
Protection on The Desktop

• Use of Multiple-Application or a Blended
  Protection Strategy
• Small Applications such as Netsky.exe Which can
  be downloaded from the Internet and run against
  specific Malware threats. These usually are
  available when a new critical agent is detected.

38
Protection on The Desktop

• Use of Multiple-Application or a Blended
  Protection Strategy
• Regular Updating Of Operating Systems software,
  Applications, etc. Windows, Linux, and Apple OS
  and most applications have automated Update
  systems available for patching and addressing
  critical security issues.

39
Protection on The Desktop

• Use of Multiple-Application or a Blended
  Protection Strategy
• Registry and disk repair tools
• Symantec has a product called System Works, which
  can be run from the CDROM or Hard Drive, it does
  not have to be installed into the OS. It will
  perform disk defragmentation, disk drive repair,
  and registry and other repairs to Windows OS.

40
Protection on The Desktop

• Use of Multiple-Application or a Blended
  Protection Strategy
• Registry and disk repair tools Used after
  running Malware tools
• Registrytoolkit http//www.registrytoolkit.com/S
  cans your registry and hardrive for invalid
  registry keys and program shortcuts.
• Startup management helps you to customize your
  system startup to suit your needs. BHO manager
  lets you remove unused internet explorer
  plug-ins, to ensure a faster internet experience.
  Keeps backups of any registry change made by
  Registry Toolkit, so you can always go back and
  restore it.
• Repairs frequent windows rebooting problems and
  system freezes.

41
Protection on The Desktop

• Use of Multiple-Application or a Blended
  Protection Strategy
• Registry and disk repair tools Used after
  running Malware tools
• PcBugdoctorhttp//www.bugdoctor.com/
• This is the most comprehensive product out there
  for repairing windows errors It can be set to
  scan on schedule.

42
Protection on The Desktop

• Use of Multiple-Application or a Blended
  Protection Strategy
• Registry and disk repair tools Used after
  running Malware tools
• StarDefraghttp//kevin.gearhart.com/startdefrag/
  
• This is a Windows Defragmentor schedule, it will
  help increase the performance of the computer by
  restoring fragmented files.