Computer Systems Security Part II ET4085 Keamanan Jaringan Telekomunikasi Tutun Juhana School of...
-
Upload
chad-price -
Category
Documents
-
view
220 -
download
3
Transcript of Computer Systems Security Part II ET4085 Keamanan Jaringan Telekomunikasi Tutun Juhana School of...
Computer Systems SecurityPart II
ET4085 Keamanan Jaringan TelekomunikasiTutun Juhana
School of Electrical Engineering and InformaticsInstitut Teknologi Bandung
3
Preventing and Troubleshooting Viruses
• Every computer should have antivirus software running on it– Update the antivuris (AV) engine and the definitions manually or
automatically (better)– Scan the entire system periodically
• Make sure that the computer has the latest service packs and updates available– For the OS and applications
• Make sure that a firewall is available, enabled, and updated– A firewall closes all the inbound ports to your computer (or
network) in an attempt to block intruders.– You might need to set exceptions for programs that need to access
the Internet
4
• Separation of OS and data – This method calls for two hard drives or using two
partitions on the same drive. – The operating system is installed to the C: drive, and
the data is stored on the D: drive (or whatever letter you use for the second drive)
– This compartmentalizes the system and data, making it more difficult for viruses to spread and easier to isolate them when scanning
– It also enables for easy reinstallation without having to back up data
5
• Educate users as to how viruses can infect a system– Instruct them on how to screen their e-mails and
tell them not to open unknown attachments– Show them how to scan removable media before
copying files to their computer, or set up the computer to scan removable media automatically
6
• Some typical symptoms of viruses– Computer runs slower than usual.– Computer locks up frequently or stops responding
altogether.– Computer restarts on its own or crashes
frequently.– Disk drives and applications are not accessible or
don’t work properly.– Strange sounds occur.
7
• Some typical symptoms of viruses (cont.)– You receive unusual error messages.– Display or print distortion occurs.– New icons appear or old icons (and applications)
disappear.– There is a double extension on a file attached to an
e-mail that was opened, for example: .txt.vbs or .txt.exe.
– Antivirus programs will not run or can’t be installed.– Files have been corrupted or folders are created
automatically.
8
Before making any changes to the computer, make sure that you back up critical data and verify that the latest updates have been installed to the OS and the AV software
• Then, perform a thorough scan of the system using the AV software’s scan utility; if allowed by the software, run the scan in Safe Mode.
• In the case that the AV software’s scan does not find the issue, or if the AV software has been infected and won’t run, you can try using an online scanner
9
• Another option is to move the affected drive to a “clean machine” (a computer that is used solely for the purpose of scanning for malware, that does not connect to the Internet)
• This can be done by slaving the affected drive to an IDE, SATA, or eSATA port
10
• In rare cases, you might need to delete individual files and remove Registry entries.– This might be the only solution when a new virus
has infected a system and there is no antivirus definition released
11
Preventing and Troubleshooting Worms and Trojans
• Worms and Trojans can be prevented and troubleshot in the same manner as viruses
12
Preventing and Troubleshooting Spyware
• Preventing spyware works in much the same manner as preventing viruses when it comes to updating the operating system and using a firewall– Because spyware has become
much more common, antivirus companies have begun adding antispyware components to their software
13
• A few more things to do– Download and install antispyware protection
software– Adjust web browser security settings– Uninstall unnecessary applications and turn off
superfluous services (for example, Telnet and FTP if they are not used)
14
• Educate users on how to surf the web safely– Access only sites believed to be safe, and
download only programs from reputable websites. – Don’t click OK or Agree to close a window; instead
press Alt+F4 on the keyboard to close that window.
– Be wary of file-sharing websites and the content stored on those sites.
– Be careful of e-mails with links to downloadable software that could be malicious.
15
• Consider technologies that discourage spyware
• Use a browser that is less susceptible to spyware.
• Consider running a browser within a virtual machine
• Take it to the next level and use a thin-client computer
16
Some common symptoms of spyware• The web browser’s default home page has been modified.• A particular website comes up every time you perform a
search.• Excessive pop-up windows appear.• The network adapter’s activity LED blinks frequently when
the computer shouldn’t be transmitting data.• The firewall and antivirus programs turn off automatically.• New programs, icons, and favorites appear.• Odd problems occur within windows (slow system,
applications behaving strangely, and such).• The Java console appears randomly.
17
Preventing and Troubleshooting Rootkits
• A successfully installed rootkit enables unauthorized users to gain access to a system acting as the root or administrator user
• Rootkits are copied to a computer as a binary file– this binary file can be detected by signature-
based and heuristic-based antivirus programs• However, after the rootkit is executed, it
can be difficult to detect– This is because most rootkits are collections
of programs working together that can make many modifications to the system
17
18
• The best way to identify a rootkit is to use removable media (USB flash drive, or a special rescue CD-ROM) to boot the computer– This way, the operating system is not running, and
therefore, the rootkit is not running, making it much easier to detect by the external media
• Programs that can be used to detect rootkits include the following:– Microsoft Sysinternals Rootkit Revealer:
http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx (for Windows systems)
– chkrootkit: www.chkrootkit.org/ (for UNIX-based systems)
18
19
• Unfortunately, because of the difficulty involved in removing a rootkit, the best way to combat rootkits is to reinstall all software
• It usually takes less time than attempting to fix all the rootkit issues, plus it can verify that the rootkit has been removed completely
20
Preventing and Troubleshooting Spam
• Use a spam filter• Close open mail relays• Remove e-mail address links from the
company website• Use whitelists and blacklists• Train your users
22
• Spam filter can be purchased• Network administrators should also block any e-
mails that include attachments that do not comply with company rules
• On the client-side, you can configure Outlook and other mail programs to a higher level of security against spam
• Spam filters can also be installed on individual clients
• Many popular antivirus suites have built-in spam filtering
24
SMTP servers can be configured as open mail relays, this enables anyone on the Internet to send e-mail through the SMTP server (not just mail destined to or originating from known users)
25
• Open mail relays should either be closed or configured in such a way that only customers and properly authenticated users can use them
• Open mail relays also known as SMTP open relays
27
• Replace emails with online forms (secure PHP or CGI forms) that enable a person to contact the company but not enable them to see any company e-mail addresses
• Use a separate advertising e-mail address for any literature or ads– Consider changing this often– Marketing people might already do this as a form
of tracking leads
29
• Whitelists are lists of e-mail addresses or entire e-mail domains that are trusted,
• Blacklists are lists of e-mail addresses or entire e-mail domains that are not trusted
• These can be set up on e-mail servers, e-mail appliances, and within mail client programs such as Outlook
31
• Have them create and use a free e-mail address whenever they post to forums and newsgroups, and not to use their company e-mail for anything except company-related purposes.
• Make sure that they screen their email carefully (this is also known as e-mail vetting) – E-mail with attachments should be considered volatile
unless the user knows exactly where it comes from. • Train your employees never to make a purchase
from an unsolicited email.• Explain the reasoning behind using BCC when
sending an e-mail to multiple users
33
• In this case, the data should be backed up (if necessary by removing the hard drive and slaving it to another system)
• The operating system and applications reinstalled• The BIOS of the computer should also be flashed• After the reinstall, the system should be thoroughly checked
to make sure that there were no residual effects and that the system’s hard drive performs properly