I’ve had a few people ask me about computer safety. In fact, to help out, I’m going to present the NSM Arizona Learning Module that that will be used in our next monthly meeting in advance. It’s pretty thick, but contains a LOT of great information!
Cyber security involves protecting that information by preventing, detecting, and responding to attacks. There are many risks, some more serious than others. Among these dangers are viruses eating up and even erasing your entire system, someone breaking into your system and altering files, someone using your computer to attack others, or someone stealing your credit card information and making unauthorized purchases. Unfortunately, there's no 100% guarantee that even with the best precautions some of these things won't happen to you, but there are steps you can take to minimize the chances.
The first step in protecting yourself is to recognize the risks and become familiar with some of the terminology associated with them. The terms, ‘hacker,’ ‘attacker,’ or ‘intruder’ are applied to the people who seek to exploit weaknesses in software and computer systems for their own gain. Although their intentions are sometimes fairly benign and motivated solely by curiosity, their actions are typically in violation of the intended use of the systems they are exploiting.
The results can range from mere mischief (creating a virus with no intentionally negative impact) to malicious activity (stealing or altering information). Malicious code, sometimes called malware, is a broad category that includes any code that could be used to attack your computer.
Malicious code will often require you to do something before it infects your computer. Malicious codes can also be transmitted via email, websites, or network-based software. This action could be opening an email attachment or going to a particular web page. Some forms of malware propagate without intended user intervention, exploit one or more software vulnerability. Once the victim computer has been infected, the malicious code will attempt to find and infect other computers. Some malicious code might claim to be one thing while in fact doing something different behind the scenes.
Despite its name, the term ‘spyware doesn't refer to something used by undercover operatives, but rather by the advertising industry. In fact, spyware is also known as "adware." It refers to a category of software that, when installed on your computer, may send you pop-up ads, redirect your browser to certain web sites, or monitor the web sites that you visit. Some extreme, invasive versions of spyware may track exactly what keys you type. Attackers may also use spyware for malicious purposes. Because of the extra processing, spyware may cause your computer to become slow or sluggish. There are also privacy implications: What information is being gathered; Who is receiving it; and How is it being used?
The following symptoms may indicate that spyware is installed on your computer: you are subjected to endless pop-up windows, you are redirected to web sites other than the one you typed into your browser, new, unexpected toolbars appear in your web browser, new, unexpected icons appear in the task tray at the bottom of your screen, your browser's home page suddenly changed, the search engine your browser opens when you click "search" has been changed, certain keys fail to work in your browser (e.g., the tab key doesn't work when you are moving to the next field within a form), random or unexpected Windows error messages begin to appear, and your computer suddenly seems very slow when opening programs or processing tasks (saving files, etc.).
A program that claims it will speed up your computer may actually be sending confidential information to a remote intruder. Viruses and worms are also examples of malicious code. In most cases, vulnerabilities are caused by programming errors in software, or protections left open by the user. Attackers might be able to take advantage of these errors (or mistakes) to infect your computer, so it is important to apply updates or patches that address known vulnerabilities. As bizarre as it sounds, besides computer companies trying to find ways of ‘hacking into’ their programs and systems, some hackers actually call companies in advance to proudly admit their ‘success’ at hacking a program or system!
Botnet sounds like a cross between a Russian dance and a robot. Not quite. It’s a term derived from the idea of bot networks. In its most basic form, a bot is simply an automated computer program – in essence, like a robot. And botnets are just a bunch of bots that are able to control computers by one (or sometimes many) outside sources. An attacker usually gains control by infecting the computers with a virus or other malicious code that gives the attacker access. Your computer may be part of a botnet even though it appears to be operating normally. Botnets are often used to conduct a range of activities, from distributing spam and viruses to conducting denial-of-service attacks.
A rootkit is another word you should really know. It’s a piece of software that can be installed and hidden on your computer without your knowledge. It may be included in a larger software package, or installed by an attacker who has been able to take advantage of vulnerability on your computer or has convinced you to download it. Rootkits are not necessarily malicious, but they may hide malicious activities. Attackers may be able to access information, monitor your actions, modify programs, or perform other functions on your computer without being detected.
To avoid unintentionally installing malware yourself, follow these good security practices: Don't click on links within pop-up windows - Because pop-up windows are often a product of spyware, clicking on the window may install spyware software on your computer. To close the pop-up window, click on the "X" icon in the titlebar instead of a "close" link within the window. Choose "no" when asked unexpected questions - Be wary of unexpected dialog boxes asking whether you want to run a particular program or perform another type of task. Always select "no" or "cancel," or close the dialog box by clicking the "X" icon in the titlebar. Be wary of free downloadable software - There are many sites that offer customized toolbars or other features that appeal to users. Don't download programs from sites you don't trust, and realize that you may be exposing your computer to spyware by downloading some of these programs. Don’t follow email links claiming to offer anti-spyware software - Like email viruses, the links may serve the opposite purpose and actually install the spyware it claims to be eliminating.
The attacker may be able to modify files on your computer, so while it seems logical, simply removing the malicious files may not solve the problem. <You may not be able to safely trust a prior version of a file.> Sometimes trojans and worms actually change their name, and move around to another file(s). Some vendors are developing products and tools that may remove a rootkit from your computer. If the software cannot locate and remove the infection, you can try 'recoveryware,' like the Antimalware from EMSISOFT
, and in most cases, THAT should work. But, the worst-case scenario is that you may need to reinstall your operating system, usually with a system restore disk that is often supplied with a new computer.
Note that reinstalling or restoring the operating system typically erases all of your files and any additional software that you have installed on your computer. Also, the infection may be located at such a deep level that it cannot be removed by simply reinstalling or restoring the operating system. Unfortunately, if there is a rootkit on your computer or an attacker is using your computer in a botnet, you may not know it. Even if you do discover that you are a victim, it is difficult for the average user to effectively recover.
But, the main problem with both botnets and rootkits is that they are hidden. Although botnets are not hidden the same way rootkits are, they may be undetected unless you are specifically looking for certain activity. If a rootkit has been installed, you may not be aware that your computer has been compromised, and traditional anti-virus software may not be able to detect the malicious programs. Attackers are also creating more sophisticated programs that update themselves so that they are even harder to detect.
Attackers can use rootkits and botnets to access and modify personal information, attack other computers, and commit other crimes with the trojans or worms they create, all while remaining undetected themselves! By using multiple computers, attackers increase the range and impact of their crimes. Because each computer in a botnet can be programmed to execute the same command, an attacker can have each of them scanning multiple computers for vulnerabilities, monitoring online activity, or collecting the information entered in online forms. This is kind of how a Distributed Denial of Service attack happens, but more about that later. But, if you practice good security habits, you should be able to reduce the risk that your computer will be compromised.
Install a firewall. Firewalls may be able to prevent most types of infection by blocking malicious traffic before it can enter your computer, and by limiting the traffic you send to someone else’s computer. Some operating systems actually include a firewall, but you need to make sure it is enabled.
Use and maintain anti-virus software. Anti-virus software recognizes and protects your computer against most known viruses, so you may be able to detect and remove the virus before it can do any damage. Keep software up to date. Install software patches so that attackers can't take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. If this option is available, you should enable it. Because attackers are continually writing new viruses, it is important to keep your malware (anti-virus/Trojan/worm) definitions up to date. Some anti-virus vendors also offer anti-rootkit software as well.
Create ‘safe’ passwords - Select passwords that will be difficult for attackers to guess, and use different passwords for different programs and devices. Do not choose options that allow your computer to remember your passwords. Here is a review of tactics to use when choosing passwords:
•Don't use passwords that are based on personal information that can be easily accessed or guessed.
•Don't use words that can be found in any dictionary of any language.
•Develop a mnemonic for remembering complex passwords.
•Use both lowercase and capital letters.
•Use a combination of letters, numbers, and special characters.
•Use passphrases when you can.
•Use different passwords on different systems.
Fake antiviruses is another type of malicious software (malware) designed to steal information from unsuspecting users by mimicking legitimate security software. The malware makes numerous system modifications making it extremely difficult to terminate unauthorized activities and remove the program. It also causes realistic, interactive security warnings to be displayed to the computer user. Criminals distribute this type of malware using search engines, emails, social networking sites, internet advertisements and other malware. They leverage advanced social engineering methodologies and popular technologies to maximize number of infected computers. The presence of pop-ups displaying unusual security warnings and asking for credit card or personal information is the most obvious method of identifying a fake antivirus infection.
Be cautious when visiting web links or opening attachments from unknown senders. Keep software patched and updated. To purchase or renew software subscriptions, visit the vendor sites directly. Monitor your credit cards for unauthorized activity. But, there are other, human-based, forms of computer/internet attacks.
In a social engineering attack, an attacker uses human interaction (social skills) to obtain or compromise information about an organization or its computer systems. An attacker may seem unassuming and respectable, possibly claiming to be a new employee, repair person, or researcher and even offering credentials to support that identity. However, by asking questions, he or she may be able to piece together enough information to infiltrate an organization's network. If an attacker is not able to gather enough information from one source, he or she may contact another source within the same organization and rely on the information from the first source to add to his or her credibility.
Phishing is a form of social engineering. Phishing attacks use email or malicious websites to solicit personal information by posing as a trustworthy organization. For example, an attacker may send email seemingly from a reputable credit card company or financial institution that requests account information, often suggesting that there is a problem. When users respond with the requested information, attackers can use it to gain access to the accounts. Phishing attacks may also appear to come from other types of organizations, such as charities. Attackers often take advantage of current events and certain times of the year, such as: natural disasters (e.g., Hurricane Katrina, Indonesian tsunami), epidemics and health scares (e.g., H1N1), economic concerns (e.g., IRS scams), major political elections, holidays. Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about employees or other internal information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company.
Do not provide personal information or information about yourself, any organization you might belong to, or your business, including its structure or networks, unless you are certain of a person your corresponding with having the authority to possess that information. That authority comes from your verification of that person, and permission by your superiors to give out such information to verified individuals. Do not reveal personal or financial information in email (unless it is verifiably to (or from) the appropriate entity. And do not respond to general email solicitations for this type of information. This includes following links sent in email.
If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a website connected to the request; instead, check previous statements for contact information. Information about known phishing attacks is also available online from groups such as the Anti-Phishing Working Group (http://www.antiphishing.org).
In fact, don't send sensitive information over the Internet before checking a website's security. Pay attention to the address (URL) of a website. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net). Even for a legitimate website, any web page asking for you to submit personal data should be “https” in its address. For example, when you visit New Saxon, the website address comes up as http://newsaxon.org/
(the ‘www’ doesn’t always have to show up). But, the second you click on Login, the web address becomes: https://newsaxon.org/user/login/
-- the ‘s’ after the http means that the website is using secure technology. Generally, the password is encrypted, or electronically broken up, and (to further thwart) ‘bad people,’ the transmission of your login name and password is also sent to another computer (while it’s encrypted), before it’s sent to the main computer to verify and continue with your session. But, email is an older security issue.
Some of the characteristics that make email attachments convenient and popular are also the ones that make them a common tool for attackers: Email is easily circulated - Forwarding email is so simple that viruses can quickly infect many machines. Most viruses don't even require users to forward the email—they scan a users' computer for email addresses and automatically send the infected message to all of the addresses they find. Attackers take advantage of the reality that most users will automatically trust and open any message that comes from someone they know; Email programs try to address all users' needs - Almost any type of file can be attached to an email message, so attackers have more freedom with the types of viruses they can send; and email programs offer many ‘user-friendly’ features. (Some email programs have the option to automatically download email attachments, which immediately exposes your computer to any viruses within the attachments.)
Be wary of unsolicited attachments, even from people you know - Just because an email message looks like it came from your mom, grandma, or boss doesn't mean that it did. Many viruses can ‘spoof’ the return address, making it look like the message came from someone else. If you can, check with the person who supposedly sent the message to make sure it's legitimate before opening any attachments. This includes email messages that appear to be from your ISP or software vendor and claim to include patches or anti-virus software. ISPs and software vendors do not send patches or software in email. Install software patches so that attackers can't take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. If this option is available, you should enable it.
If an email or email attachment seems suspicious, don't open it, even if your anti-virus software indicates that the message is clean. Attackers are constantly releasing new viruses, and the anti-virus software might not have the signature. At the very least, contact the person who supposedly sent the message to make sure it's legitimate before you open the attachment. However, especially in the case of forwards, even messages sent by a legitimate sender might contain a virus. If something about the email or the attachment makes you uncomfortable, there may be a good reason. Don't let your curiosity put your computer at risk.
Save and scan any attachments before opening them - If you have to open an attachment before you can verify the source, take the following steps: Be sure the signatures in your anti-virus software are up to date; Save the file to your computer or a disk; Manually scan the file using your anti-virus software; If the file is clean and doesn't seem suspicious, go ahead and open it; Turn off the option to automatically download attachments. (To simplify the process of reading email, many email programs offer the feature to automatically download attachments. Check your settings to see if your software offers the option, and make sure to disable it.); Consider creating separate accounts on your computer - Most operating systems give you the option of creating multiple user accounts with different privileges. Consider reading your email on an account with restricted privileges. Some viruses need ‘administrator’ privileges to infect a computer; and apply additional security practices (You may be able to filter certain types of attachments through your email software or a firewall.).
Install and maintain anti-virus software, firewalls, and email filters to reduce some of this traffic. Take advantage of any anti-phishing features offered by your email client and web browser. If you believe you might have revealed sensitive information about your organization, report it to the appropriate people within the organization, including network administrators. They can be alert for any suspicious or unusual activity.
If you believe your financial accounts may be compromised, contact your financial institution immediately and close any accounts that may have been compromised. Watch for any unexplainable charges to your account. Immediately change any passwords you might have revealed. If you used the same password for multiple resources, make sure to change it for each account, and do not use that password in the future. Watch for other signs of identity theft. Consider reporting the attack to the police, and file a report with the Federal Trade Commission (http://www.ftc.gov/).
As an additional good security practice, especially if you are concerned that you might have spyware on your machine and want to minimize the impact, consider taking the following action: Adjust your browser preferences to limit pop-up windows and cookies - Pop-up windows are often generated by some kind of scripting or active content. Adjusting the settings within your browser to reduce or prevent scripting or active content may reduce the number of pop-up windows that appear. Some browsers offer a specific option to block or limit pop-up windows. Certain types of cookies are sometimes considered spyware because they reveal what web pages you have visited. You can adjust your privacy settings to only allow cookies for the web site you are visiting.
Unfortunately, there is no one, sure-fire way to blatantly identify that your computer has been infected with malicious code. Like we noted before, some infections may completely destroy files and shut down your computer, while others may only subtly affect your computer's normal operations. Be aware of any unusual or unexpected behavior(s) in your computer. If you are running anti-virus software, it may alert you that it has found malicious code on your computer. The anti-virus software may be able to clean the malicious code automatically, but if it can't, you will need to take additional steps.
How do you remove spyware, adware, trojans, viruses, worms, etc? Uupdate the virus definitions (if possible), and perform a manual scan of your entire system. If you do not have anti-virus software, you should be able to download it, or purchase it at a local computer store.
Some anti-virus software will find and remove spyware, but it may not find the spyware when it is monitoring your computer in real time. Set your anti-virus software to prompt you to run a full scan periodically.
Run a legitimate product specifically designed to remove spyware. Many vendors offer products that will scan your computer for spyware and remove any spyware software. Popular products include Lavasoft's Ad-Aware, Microsoft's Windows Defender (rather ‘basic,’ but generally adequate), Webroot's SpySweeper, and Spybot Search and Destroy (one of my favorites). Make sure that your anti-virus and anti-spyware software are compatible. Anti-virus software recognizes and protects your computer against most known viruses. However, attackers are continually writing new viruses, so it is important to keep your anti-virus software current, before you get hit. Take a phased approach to installing the software to ensure that you don't unintentionally introduce problems.
If the software can't locate and remove the infection, you may need to reinstall your operating system, usually with a system restore disk that is often supplied with a new computer. Note that reinstalling or restoring the operating system typically erases all of your files and any additional software that you have installed on your computer. After reinstalling the operating system and any other software, install all of the appropriate patches to fix known vulnerabilities.
If you are at work and have access to an IT department, contact them immediately. The sooner they can investigate and clean your computer, the less damage to your computer and other computers on the network. If you are on your home computer or a laptop, disconnect your computer from the internet. By removing the internet connection, you prevent an attacker or virus from being able to access your computer and perform tasks such as locating personal data, manipulating or deleting files, or using your computer to attack other computers.
Dealing with the presence of malicious code on your computer can be a frustrating experience that can cost you time, money, and data. The following recommendations will build your defense against future infections: use and maintain anti-virus software.
You end up having to change your passwords, because your original passwords may have been compromised during the infection. <This includes passwords for web sites that may have been cached in your browser.> And, always maintain backups of your files on CDs or DVDs so that you have saved copies if you do get infected. But, ‘big’ computer systems can be attacked, too.
In a denial-of-service (DoS) attack, an attacker attempts to prevent legitimate users from accessing information or services. By targeting your computer and its network connection, or the computers and network of the sites you are trying to use, an attacker may be able to prevent you from accessing email, websites, online accounts (banking, etc.), or other services that rely on the affected computer. The most common and obvious type of DoS attack occurs when an attacker ‘floods’ a network with information. When you type a URL for a particular website into your browser, you are sending a request to that site's computer server to view the page. The server can only process a certain number of requests at once, so if an attacker overloads the server with requests, it can't process your request. This is a ‘denial of service,’ because you can't access that site.
An attacker can use spam email messages to launch a similar attack on your email account. Whether you have an email account supplied by your employer or one available through a free service such as Yahoo or Hotmail, you are assigned a specific quota, which limits the amount of data you can have in your account at any given time. By sending many, or large, email messages to the account, an attacker can consume your quota, preventing you from receiving legitimate messages.
In a distributed denial-of-service (DDoS) attack, an attacker may use your computer to attack another computer. By taking advantage of security vulnerabilities or weaknesses, an attacker could take control of your computer. He or she could then force your computer to send huge amounts of data to a website or send spam to particular email addresses. The attack is "distributed" because the attacker is using multiple computers, including yours, to launch the denial-of-service attack.
Unfortunately, there are no effective ways to prevent being the victim of a DoS or DDoS attack, but there are steps you can take to reduce the likelihood that an attacker will use your computer to attack other computers: Install and maintain anti-virus software; Install a firewall, and configure it to restrict traffic coming into and leaving your computer; and Follow good security practices for distributing your email address. Applying email filters may also help you manage unwanted traffic.
Not all disruptions to service are the result of a denial-of-service attack. There may be technical problems with a particular network, or system administrators may be performing maintenance. However, the following symptoms could indicate a DoS or DDoS attack: unusually slow network performance (opening files or accessing websites), unavailability of a particular website, inability to access any website, dramatic increase in the amount of spam you receive in your account.
Even if you do correctly identify a DoS or DDoS attack, it is unlikely that you will be able to determine the actual target or source of the attack. If you notice that you cannot access your own files or reach any external websites from your work computer, contact your network administrators. This may indicate that your computer or your organization's network is being attacked. If you are having a similar experience on your home computer, consider contacting your internet service provider (ISP). If there is a problem, the ISP might be able to advise you of an appropriate course of action.
And,’ don’t forget to physically protect your computer, too -- against power surges and brief outages. Aside from providing outlets to plug in your computer and all of its peripherals, some power strips protect your computer against power surges. Many power strips now advertise compensation if they do not effectively protect your computer. Power strips alone will not protect you from power outages, but there are products that do offer an uninterruptible power supply when there are power surges or outages. During a lightning storm or construction work that increases the odds of power surges, consider shutting your computer down and unplugging it from all power sources. Shielded, uninterruptable power supply back-up systems are good for businesses, too. But, one of the seemingly least understood things out there today is the impact of how the information we put on the internet is and can be used by others.
View the Internet as a novel, not a diary. Make sure you are comfortable with anyone seeing the information you put online. Expect that people you have never met will find your page; even if you are keeping an online journal or blog, write it with the expectation that it is available for public consumption. Some sites may use passwords or other security restrictions to protect the information, but these methods are not usually used for most websites. If you want the information to be private or restricted to a small, select group of people, the Internet is probably not the best forum.
Be careful what you advertise. In the past, it was difficult to find information about people other than their phone numbers or address. Now, an increasing amount of personal information is available online, especially because people are creating personal web pages with information about themselves. When deciding how much information to reveal, realize that you are broadcasting it to the world. Supplying your email address may increase the amount of spam you receive. Providing details about your hobbies, your job, your family and friends, and your past may give attackers enough information to perform a successful social engineering attack.
Realize that you can't take back something you publish online; it is available to other people and to search engines. You can change or remove information after something has been published, but it is possible that someone has already seen the original version. Even if you try to remove the page(s) from the Internet, someone may have saved a copy of the page or used excerpts in another source. Some search engines ‘cache’ copies of web pages; these cached copies may be available after a web page has been deleted or altered. Some web browsers may also maintain a cache of the web pages a user has visited, so the original version may be stored in a temporary file on the user's computer. Think about these implications before publishing information—once something is out there, you can't guarantee that you can completely remove it.
NOW, TAKE THE QUIZ TO SEE HOW MUCH YOU'VE LEARNED -- http://newsaxon.org/kevinjames2/quiz/basic-compute...