802 - Chapter 29: Securing Computers

Ace your homework & exams now with Quizwiz!

Malware recovery tips

1. Recognize 2. Quarantine 3. Search and destroy 4. Remediate 5. Educate

Checksum

A number generated by the antivirus software based on the contents of the file rather than the name, date, or size of that file.

Trojan Horse

A piece of malware that looks or pretends to do one thing while at the same time doing something evil. Can turn an infected computer into a server and then open TCP or UDP ports so a remote user can control the infected computer. Can be used to capture keystrokes, passwords, files, credit cards info, and more. Does not replicate.

Polymorphic/Polymorph

A polymorph virus attempts to change its signature to prevent detection by antivirus programs, usually by continually scrambling a bit of useless code. The scrambling code can be identified and used as the signature--once the antivirus makers become aware of the virus. Antivirus programs can create a checksum to make sure the drive contents are similar and not infected.

Virus

A program that has 2 jobs, to replicate (make copies of itself) and activate (when the virus does something). Does not replicate over a network and needs a human action in order to spread.

Macro

A type of virus that exploits application macros to replicate and activate.

Port forwarding

Allows you to open a port in the firewall and direct incoming traffic on that port to a specific IP address on your LAN.

How to clear the SSL cache

Browser settings. Internet Explorer: Internet Options > Content tab > click the 'Clear SSL state' button

Dealing with malware

Anti-malware programs, training and awareness, patch management, and remediation.

Malware

Any program or code that's designed to do something on a system or network that you don't want done.

Vista/7 advanced firewall settings

Can customize firewall settings futher by clicking on the Advanced Settings option in the Firewall applet via the tool Windows Firewall with Advanced Security. Vista/7 includes custom rules for both inbound and outbound data. Rule always includes at least the following: -name of the program -Group: an organizational group that helps sort all the rules -The associated profile (All, Domain, Public, Private) -Enabled/disabled status -Remote and local address -Remote and local port number

DMZ

Demilitarized zone. Puts systems with the specified IP address outside the protection of the firewall, opening all ports and enabling all incoming traffic.

Firewalls

Devices or software that protect an internel network from unauthorized access to and from the Internet at large. Use a variety of methods, such as hiding IP addresses and blocking TCP/IP ports. Hardware firewalls are often built into routers, software firewalls run on your computers.

Port triggering

Enables you to open an incoming connection to one computer automatically based on a specific outgoing connection. The trigger port defines the outgoing connection, and the destination port defines the incoming connection.

Vista network locations

Firewall configuration and network type remain the same for every connection. Not good for laptops which could constantly change networks.

Application encryption

Most famous is Netscape's Secure Sockets Layer (SSL) security protocol, which is used to create secure web sites. Incorporated into HTTPS. To make a secure connection, your web browser and the web server must encrypt their data. The server sends a public key (digital certificate) to your web browser so the browser knows how to decrypt the incoming data.

Remediate

Fixing things the virus or other malware has harmed. If you can't start Windows after the malware scan is finished, you need to boot to the Recovery Console (XP) or from the Windows Preinstallation Environment into the Windows Recovery Environment (Vista/7). Recovery Console -can fix the boot sector/boot blocks through the fixmbr and fixboot commands. -can run bootcfg to rebuild a corrupted boot.ini file WRE -will have access to Startup Repair, System Restore, Complete PC Restore, and command prompt Remember to re-enable System Restore at this point to create a new restore point once the system has been repaired.

Worm

Functions similarly to viruses, though it replicates exclusively through networks.

Hijacked email accounts

Hackers can hit both email clients and Webmail users. If you start receiving some fishy emails, change your Webmail username and password or scan your PC for malware.

Hardware firewalls

Hides and separates your LAN from outside connections like the Internet by using Network Address Translation (NAT).

Stealth virus

Most stealth viruses are boot sector viruses that use various methods to hide from antivirus software.

Recognize & Quarantine

If you're monitoring network traffic and one computer starts spewing email, that is a sign of infection. Or someone complains that a previously fast computer is running really slow. Software such as PacketFence automatically monitors network traffic and can cut a machine off the network if it starts sending suspicious packets. Can quarantine a computer manually by unplugging the Ethernet cable. Disable system restore, so a virus won't be included in restore points. XP: right-click My Computer > Properties > System Restore tab, turn it off Vista/7: Right-click Computer > Properties > click on System protection link > in the Protection Settings section, select a drive and click on Configure > in the System Protection dialog box that opens, select 'Turn off system protection' Repeat for each hard drive.

Domain

If your computer is on a domain, it won't see the option in the network location dialog box. When you join a domain, Windows automatically sets your network location to Domain.

Rootkit

Is a trojan horse that takes advantage of very low-level operating system functions to hide itself from all but the most aggressive of anti-malware tools. Gains privileged access to the computer. Can strike OSs, hypervisors, and even firmware.

Data encryption

Microsoft's encryption method is called IPsec (IP Security). Provides transparent encryption between the server and the client. Also works in VPNs.

Grayware

Programs that intrude unwanted into your computing experience but don't actually do any damage to your systems or data. E.g. internet banner ads, pop-ups, spyware, etc.

Spyware

Programs that run in the background on your PC, sending information about your browsing habits to the company that installed it on your system. Can use your computer's resources to run distributed computing applications, capture your keystrokes to steal passwords, reconfigure your dial-up settings to use a different phone number at a much higher connection charge, or even use your Internet connection and email address list to propagate itself to other computers in virus-like fashion.

Network types in regards to software firewall settings

Since Windows Firewall in XP didn't separate trustworthy networks from untrustworthy networks, Microsoft then developed three network types in Vista/7: Domain, Private, Public. Domain -A Windows network controlled by a Windows domain controller. The domain controller itself tells your machine what it can and cannot share. Private -enables you to share resources, discover other devices, and allow other devices to discover your PC. Public -prevents your computer from sharing and disables all discovery protocols.

SPI

Stateful Packet Inspection. Used by hardware firewalls to inspect each incoming packet individually. Also blocks any incoming traffic that isn't in response to your outgoing traffic.

Software Firewalls

Such as Windows Firewall. Can be accessed in XP by: Control Panel > Windows Firewall applet

Rogue anti-malware program

Supposed anti-malware applications that actually are malware.

Educate

Talk to users about how to avoid such problems in the future. Have users run antivirus and antispyware programs regularly.

TSRs

Terminate-and-stay resident programs that run every time the PC is booted (included in all antivirus programs).

7 network locations

The Set Network Location dialog box appears every time you connect to a new network.

Signature

The code pattern of a known virus.

Definition file

The file that has the list of virus signatures your antivirus program can recognize.

Spam

Unsolicited email sent to you from an unknown entity.

Search and Destroy

Try booting into Safe Mode and run anti-malware software. If you think its a boot sector virus, turn to an anti-malware bootable CD or thumb drive. Can download a copy of Linux that offers a live CD option such as Ubuntu. The OS then runs from the RAM, never touching or accessing the hard drive.

To take care of more malicious malware

Use a bootbale CD or flash drives from anti-malware companies (or make one) that enable you to boot from a known-clean OS and run the same anti-malware software, but this time not corrupted by your system.

Malware prevention tips

Use your antivirus shield. Scan PCs daily for possible virus attacks. Know the source of any software before you download it. Keep definition files updated. Keep the engine (the core anti-malware software programming) updated periodically.

Malware symptoms

Whenever properly functioning items stop working. If Windows Update stops working, preventing you from patching your PC, you've got malware.

Recommended anti-malware programs

Windows Defender Microsoft Security Essentials Malwarebytes Anti-Malware Lavasoft Ad-Aware Spybot Seach & Destroy AVG Anti-Virus

Public location

Windows disables Network Discovery and File and Printer Sharing as exceptions.

Private location (Home or Work)

Windows enables Network Discovery and File and Printer Sharing as exceptions.

Anti-malware programs

Works in both an active seek-and-destroy mode and passive sentry mode. Also referred to as anti-virus programs, that include a virus shield. Detect boot sector viruses by comparing the boot sector to a standard boot sector since most are similar. Some programs make a copy of the boot sector and will replace an infected one.


Related study sets

CWTS-2-Introduction to Wireless Local Area Networking

View Set

Lección 15 Lesson Test Review 1-Escuchar; 2- Imágenes; 3-Completar; 4-Opciones; 5-Oraciones; 6-Completar; 7-Escoger; 8-Oraciones; 9-Ayer; 10 Lectura"Beber Alcohol" (corrected)

View Set

Chapter 23: Adult Women and Men (FINAL EXAM)

View Set

Module 5 Speaking Questions : Questions - French

View Set

UNMC health assessment exam 4 practice questions

View Set

el gran robo argentino sentences

View Set

Advanced algorithms & complexity

View Set