Information Security
Well when we think of protection and/or security we think we could just buy a program and everything will be OK, AV programs have come a long way yes but without the operator to keep the functions updated, protocols checked, and don't forget some malware can still bypass the best AV programs but the best security is you yourself. This tutorial is to inform you and anyone else who wants to keep their privacy and keep information secure the best we can.
A.) Introduction to Malware / Information Stealing
Malware is software designed to secretly access a computer system without the owner's informed consent. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code. Software is considered to be malware based on the perceived intent of the creator rather than any particular features. Malware includes computer viruses, worms, Trojan horses, spyware, dishonest adware, shareware, most rootkits, and other malicious and unwanted software or program. In law, malware is sometimes known as a computer contaminant. These programs are deadly to your security and Can result into your network being compromised.
Tools and Tricks of Crackers
1.) Keyloggers
-What do Keyloggers do? Simple they enter into your system and logs everything you type such as usernames, email accounts, passwords, pin numbers, or even your simple school notes; pretty much every time your finger strikes a key it gets logged this becomes even worse when you make purchases online and you type in Your Credit Card number and Pin numbers because guess what that gets logged as well.
2.) Remote Administration Tool
-Well rats are both beneficial and destructive depending on whose hands a RAT is in. A Remote Administration Tool allows a user to access computers remotely and control that computer giving the operator full access, screen view, files, webcam, Messenger, logs, disable AV programs, See statistics, processes, IP, Owner Name, MAC ID, and even has a built in keyloggers so now they have live feed of activity and logs of everything you typed.
3.) Virus
-A virus is a program that can copy itself and infect a computer. The term "virus" is also commonly but erroneously used to refer to other types of malware, including but not limited to adware and spyware programs that do not have the reproductive ability. A true virus can spread from one computer to another; For instance because a user sent it over a network or the Internet via Torrent or P2P clients, or carried it on a CD, DVD, Blue-Ray or USB drive. Viruses can increase their chances of spreading to other computers by infecting files on a network file system that is accessed by another computer. Viruses are sometimes confused with worms and Trojan horses, which are technically different.
4.) Phishing
-What is Phishing? No it's not like stringing a fishing pole and going out for a fish, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.
Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing is typically carried out by e-mail or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one
5.) Social Engineering
-Social Engineering is that like building a Social Website? No. So if it's not that what is Social Engineering? Well Social Engineering is the act of psychologically manipulating people into performing actions or divulging confidential information, rather than by breaking in or using technical cracking techniques. While similar to a confidence trick or simple fraud, the term typically applies to trickery or deception for the purpose of information gathering, fraud, or computer system access.
6.) Dumpster Diving
-Why would anyone want to go through my trash? Well why not? Every day you through away some form of Information, maybe it's a piece of paper you wrote your passwords down on to remember, maybe its client information, maybe it's your router box or maybe it's just your jobs protocols any bit of data helps to exploit your system. "One man’s trash is another Man’s treasure." Remember to Shred your documents.
B.) Anti-Malware
So what are some Ways to prevent, remove, and/or avoid these forms of attack. Well it's actually very simple but you need to make sure you practice keeping everything secured so you can reduce attacks down to the minimum. So how do we prevent these attacks? Well there are many programs out there to help you remove or even stop an attack before it happens, but even though you have an Anti-Virus Program it does not mean it will keep you safe. So there are simple steps on how to protect your information. Anti-Malware works in two ways:
1. They can provide real time protection against the installation of malware software on a computer. This type of spyware protection works the same way as that of antivirus protection in that the anti-malware software scans all incoming network data for malware software and blocks any threats it comes across.
2. Anti-malware software programs can be used solely for detection and removal of malware software that has already been installed onto a computer. This type of anti-malware software scans the contents of the Windows registry, operating system files, and installed programs on a computer and will provide a list of any threats found, allowing the user to choose which files to delete or keep, or to compare this list to a list of known malware components, removing files that match.
Ok so you think you may have a RAT, Keyloggers, or some other Trojan program in your system, well it's best to use a program designed to sniff out these issue and many are free online.
Antimalware Programs:
Malwarebytes Anti-Malware
SUPERAntiSpyware
OTL
HiJackThis
These are just a few I use myself to test my network for infections. The best thing you can do with these programs is set it up for auto run quick scan once a week, but you should always run a Full Scan at least once a month; I run mine every other week.
Well let’s get into the Steps on how to remove infections. For my examples I will use Malwarebytes and SUPERAntiSpyware
Step 1.
Open up Malwarebytes
Next Run Full Scan
Let it Finish
Save Log File
Remove all Selected Items
Your Computer will Restart
Open Malwarebytes again
Click on the Quarantine Tab
Click Delete All
Step 2.
Open up SUPERAntiSpyware
Run Complete Scan
If anything is found remove it.
and Save the log files
Running both programs Will increase the chances of finding the program, and to make sure nothing was missed.
C.) Anti-Virus
AV companies search for Virus Programs, Worms, Logic Bombs, and other Malware programs so they can obtain them store them re-engineer them so they can create the anti program to remove and quarantine, the problem from your computer while uploading and storing the malware securely into their database. Anti-Virus Programs have a lot of benefits; live updates, blocks attacks before they happen and an added firewall.
AV Programs:
Ad-Aware
AVAST!
AVG
Avira
BitDefender
BullGuard
Comodo
ESET NOD32
F-Secure
Intego VirusBarrier
Kaspersky
McAfee
MSE
Norton
Panda
PC Tools
So all you have to do is run the program and it will search all your files searching for viruses, worms, and any other malicious program that might be installed on your machine. Then you quarantine and delete the program you might or might not have to restart but after a program is removed I restart the system myself. This is a Reminder to always update your programs if Windows gives you an update don't hold off let it run the update and finish, there are reasons for updates either new viruses have been added to database or a bug was removed, or the infrastructure was improved making it harder to get into a system. Updates are important.
D.) Protecting Your Integrity
Well this part is tricky because people are very clever, some people just feel that it's safe enough on the internet if they are talking to your friends and a random link is posted well it's not that safe you may be linked back to the site but what you didn't know is that innocent looking site you friend posted is not really a safe site at all but a phishing site so they can get your information and take over, or you or your parents see a print out, a piece of paper, or your boss tells you go through out the piece of paper or files, may be they didn't know that accounts and passwords, clients, or delicate information on these files and well guess what your network has just been exploited.
Protection against Phishing Sites:
Well this one is pretty simple the best way to protect yourself from this attack, simply just don't click random links, "If something is good to be true well more than likely it is". If your on Facebook and you get a random link and the user logs off it's a phishing link or a virus so just don't click it.
1.) Look for a Third Party Signature such as VeriSign. Some phishing and scam sites will copy the images and program the data to mirror the real thing
so what in order to make sure the site is true grab the VeriSign number or the website name go to VeriSign and search for the website to see if it has been added to VeriSign.
2.) If you don't trust the site then leave and don't give your information. If you’re going to purchase then do it from a trusted site.
Keeping Safe from Social Engineering:
Well Social Engineering is difficult to protect against since a person will have a story ready to go and will understand how you or your company may work. This is like walking into a Car Dealership and they guy is trying to sell you the nicest car he knows how to grab your attention and get what he wants. All you can do is be prepared for this form of attack.
Steps to prevent this attack:
1.) If your asked to check something from someone let your manager know he should be able to stop it from happening.
2.) If someone makes you an offer don't give up your information simply ask for references.
3.) IF a person calls saying there from a company, make sure they are on a list of approved companies.
4.) Just be smarter than the other person, make sure you’re the boss and try reversed social engineering to get his information which should cancel their attacks.
Stop the Trash digging:
Well one thing is for sure unless you’re a target you shouldn't have to worry too much about dumpster diving; many investigators and crackers will use this trick to get an insight of how you live or look for documents and files you got rid of to find out who you really are and what information they can extract. Every month or everyday you get a bill, a record, junk mail, or credit information sent and you open it, read it, pay it, and through it away and guess what you just gave your information out to whoever wants to grab it. On your record statements and bills you get information such as your name address, and the way you made your payments.
Steps to prevent this:
1.) Shred your bills, accounts, passwords, and any vital information
2.) Mix the shredded paper up.
Well now we have removed anything that could give away your information let’s move on.
E.) Protecting Files
Ok so we figured out how to protect your information with the use of programs and some knowledge on how overcome the external obstacles so what if you did get penetrated? Well this is actually easy to do as long as you make put sensitive data into a file, lock the file, and encrypt the file use multiple different passwords and make sure the encryption key is not mathematically able to be broke, information about yourself, or about someone close to you.
Steps to protecting your Files:
1.) Make a File for storing Sensitive data, Accounts, Passwords, Clients, or anything that could jeopardize you or your company.
2.) Name the file something Cheesy or Random like Pictures7x2
3.) Password Protect the File (8-16 characters, Caps, and Symbols)
4.) Encrypt your File
5.) Transfer to a Floppy (outdated), CD, DVD, Blue-Ray, External Hard Drive, or USB
This will remove the information from the computer and even if it does get stolen it would take longer for the information to be extracted giving you time to inform your clients and change your information.
F.) Securing your Wifi
Well when it comes down to it if someone can get access to your wifi connection then they are able to connect to your router and open up your ports and start making there way into your network and well let’s face it take over, If they don't take over there is another issue with people getting into your local Wifi connection and it's that fun little thing balled bandwidth and more people connected means slower connection. So how do we protect yourself from this simple little issue? Well here you go.
Step to securing your Wifi:
1.) Open up your router in the Browser via IP
2.) Run the Wizard
3.) Choose 128bit encryption
4.) Finish the wizard
There are more advanced settings but this is just the basics on how to secure your infrastructure.
G.) Use of Honeypots
A honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer, data, or a network site that appears to be part of a network, but is actually isolated and monitored, and which seems to contain information or a resource of value to attackers. There are different honeypots for different functions such as research, production, Spam versions, Email Trap, and Database. But there are issues with honeypots as well mostly on the ethic side or leak side of things.
Well here is a link to more information and products:
Honeypots
Project Honeypot
Make sure everything is updated, Back up your information, be smarter than the attacker, and remember to The best Security is yourself
Well when we think of protection and/or security we think we could just buy a program and everything will be OK, AV programs have come a long way yes but without the operator to keep the functions updated, protocols checked, and don't forget some malware can still bypass the best AV programs but the best security is you yourself. This tutorial is to inform you and anyone else who wants to keep their privacy and keep information secure the best we can.
A.) Introduction to Malware / Information Stealing
Malware is software designed to secretly access a computer system without the owner's informed consent. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code. Software is considered to be malware based on the perceived intent of the creator rather than any particular features. Malware includes computer viruses, worms, Trojan horses, spyware, dishonest adware, shareware, most rootkits, and other malicious and unwanted software or program. In law, malware is sometimes known as a computer contaminant. These programs are deadly to your security and Can result into your network being compromised.
Tools and Tricks of Crackers
1.) Keyloggers
-What do Keyloggers do? Simple they enter into your system and logs everything you type such as usernames, email accounts, passwords, pin numbers, or even your simple school notes; pretty much every time your finger strikes a key it gets logged this becomes even worse when you make purchases online and you type in Your Credit Card number and Pin numbers because guess what that gets logged as well.
2.) Remote Administration Tool
-Well rats are both beneficial and destructive depending on whose hands a RAT is in. A Remote Administration Tool allows a user to access computers remotely and control that computer giving the operator full access, screen view, files, webcam, Messenger, logs, disable AV programs, See statistics, processes, IP, Owner Name, MAC ID, and even has a built in keyloggers so now they have live feed of activity and logs of everything you typed.
3.) Virus
-A virus is a program that can copy itself and infect a computer. The term "virus" is also commonly but erroneously used to refer to other types of malware, including but not limited to adware and spyware programs that do not have the reproductive ability. A true virus can spread from one computer to another; For instance because a user sent it over a network or the Internet via Torrent or P2P clients, or carried it on a CD, DVD, Blue-Ray or USB drive. Viruses can increase their chances of spreading to other computers by infecting files on a network file system that is accessed by another computer. Viruses are sometimes confused with worms and Trojan horses, which are technically different.
4.) Phishing
-What is Phishing? No it's not like stringing a fishing pole and going out for a fish, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.
Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing is typically carried out by e-mail or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one
5.) Social Engineering
-Social Engineering is that like building a Social Website? No. So if it's not that what is Social Engineering? Well Social Engineering is the act of psychologically manipulating people into performing actions or divulging confidential information, rather than by breaking in or using technical cracking techniques. While similar to a confidence trick or simple fraud, the term typically applies to trickery or deception for the purpose of information gathering, fraud, or computer system access.
6.) Dumpster Diving
-Why would anyone want to go through my trash? Well why not? Every day you through away some form of Information, maybe it's a piece of paper you wrote your passwords down on to remember, maybe its client information, maybe it's your router box or maybe it's just your jobs protocols any bit of data helps to exploit your system. "One man’s trash is another Man’s treasure." Remember to Shred your documents.
B.) Anti-Malware
So what are some Ways to prevent, remove, and/or avoid these forms of attack. Well it's actually very simple but you need to make sure you practice keeping everything secured so you can reduce attacks down to the minimum. So how do we prevent these attacks? Well there are many programs out there to help you remove or even stop an attack before it happens, but even though you have an Anti-Virus Program it does not mean it will keep you safe. So there are simple steps on how to protect your information. Anti-Malware works in two ways:
1. They can provide real time protection against the installation of malware software on a computer. This type of spyware protection works the same way as that of antivirus protection in that the anti-malware software scans all incoming network data for malware software and blocks any threats it comes across.
2. Anti-malware software programs can be used solely for detection and removal of malware software that has already been installed onto a computer. This type of anti-malware software scans the contents of the Windows registry, operating system files, and installed programs on a computer and will provide a list of any threats found, allowing the user to choose which files to delete or keep, or to compare this list to a list of known malware components, removing files that match.
Ok so you think you may have a RAT, Keyloggers, or some other Trojan program in your system, well it's best to use a program designed to sniff out these issue and many are free online.
Antimalware Programs:
Malwarebytes Anti-Malware
SUPERAntiSpyware
OTL
HiJackThis
These are just a few I use myself to test my network for infections. The best thing you can do with these programs is set it up for auto run quick scan once a week, but you should always run a Full Scan at least once a month; I run mine every other week.
Well let’s get into the Steps on how to remove infections. For my examples I will use Malwarebytes and SUPERAntiSpyware
Step 1.
Open up Malwarebytes
Next Run Full Scan
Let it Finish
Save Log File
Remove all Selected Items
Your Computer will Restart
Open Malwarebytes again
Click on the Quarantine Tab
Click Delete All
Step 2.
Open up SUPERAntiSpyware
Run Complete Scan
If anything is found remove it.
and Save the log files
Running both programs Will increase the chances of finding the program, and to make sure nothing was missed.
C.) Anti-Virus
AV companies search for Virus Programs, Worms, Logic Bombs, and other Malware programs so they can obtain them store them re-engineer them so they can create the anti program to remove and quarantine, the problem from your computer while uploading and storing the malware securely into their database. Anti-Virus Programs have a lot of benefits; live updates, blocks attacks before they happen and an added firewall.
AV Programs:
Ad-Aware
AVAST!
AVG
Avira
BitDefender
BullGuard
Comodo
ESET NOD32
F-Secure
Intego VirusBarrier
Kaspersky
McAfee
MSE
Norton
Panda
PC Tools
So all you have to do is run the program and it will search all your files searching for viruses, worms, and any other malicious program that might be installed on your machine. Then you quarantine and delete the program you might or might not have to restart but after a program is removed I restart the system myself. This is a Reminder to always update your programs if Windows gives you an update don't hold off let it run the update and finish, there are reasons for updates either new viruses have been added to database or a bug was removed, or the infrastructure was improved making it harder to get into a system. Updates are important.
D.) Protecting Your Integrity
Well this part is tricky because people are very clever, some people just feel that it's safe enough on the internet if they are talking to your friends and a random link is posted well it's not that safe you may be linked back to the site but what you didn't know is that innocent looking site you friend posted is not really a safe site at all but a phishing site so they can get your information and take over, or you or your parents see a print out, a piece of paper, or your boss tells you go through out the piece of paper or files, may be they didn't know that accounts and passwords, clients, or delicate information on these files and well guess what your network has just been exploited.
Protection against Phishing Sites:
Well this one is pretty simple the best way to protect yourself from this attack, simply just don't click random links, "If something is good to be true well more than likely it is". If your on Facebook and you get a random link and the user logs off it's a phishing link or a virus so just don't click it.
1.) Look for a Third Party Signature such as VeriSign. Some phishing and scam sites will copy the images and program the data to mirror the real thing
so what in order to make sure the site is true grab the VeriSign number or the website name go to VeriSign and search for the website to see if it has been added to VeriSign.
2.) If you don't trust the site then leave and don't give your information. If you’re going to purchase then do it from a trusted site.
Keeping Safe from Social Engineering:
Well Social Engineering is difficult to protect against since a person will have a story ready to go and will understand how you or your company may work. This is like walking into a Car Dealership and they guy is trying to sell you the nicest car he knows how to grab your attention and get what he wants. All you can do is be prepared for this form of attack.
Steps to prevent this attack:
1.) If your asked to check something from someone let your manager know he should be able to stop it from happening.
2.) If someone makes you an offer don't give up your information simply ask for references.
3.) IF a person calls saying there from a company, make sure they are on a list of approved companies.
4.) Just be smarter than the other person, make sure you’re the boss and try reversed social engineering to get his information which should cancel their attacks.
Stop the Trash digging:
Well one thing is for sure unless you’re a target you shouldn't have to worry too much about dumpster diving; many investigators and crackers will use this trick to get an insight of how you live or look for documents and files you got rid of to find out who you really are and what information they can extract. Every month or everyday you get a bill, a record, junk mail, or credit information sent and you open it, read it, pay it, and through it away and guess what you just gave your information out to whoever wants to grab it. On your record statements and bills you get information such as your name address, and the way you made your payments.
Steps to prevent this:
1.) Shred your bills, accounts, passwords, and any vital information
2.) Mix the shredded paper up.
Well now we have removed anything that could give away your information let’s move on.
E.) Protecting Files
Ok so we figured out how to protect your information with the use of programs and some knowledge on how overcome the external obstacles so what if you did get penetrated? Well this is actually easy to do as long as you make put sensitive data into a file, lock the file, and encrypt the file use multiple different passwords and make sure the encryption key is not mathematically able to be broke, information about yourself, or about someone close to you.
Steps to protecting your Files:
1.) Make a File for storing Sensitive data, Accounts, Passwords, Clients, or anything that could jeopardize you or your company.
2.) Name the file something Cheesy or Random like Pictures7x2
3.) Password Protect the File (8-16 characters, Caps, and Symbols)
4.) Encrypt your File
5.) Transfer to a Floppy (outdated), CD, DVD, Blue-Ray, External Hard Drive, or USB
This will remove the information from the computer and even if it does get stolen it would take longer for the information to be extracted giving you time to inform your clients and change your information.
F.) Securing your Wifi
Well when it comes down to it if someone can get access to your wifi connection then they are able to connect to your router and open up your ports and start making there way into your network and well let’s face it take over, If they don't take over there is another issue with people getting into your local Wifi connection and it's that fun little thing balled bandwidth and more people connected means slower connection. So how do we protect yourself from this simple little issue? Well here you go.
Step to securing your Wifi:
1.) Open up your router in the Browser via IP
2.) Run the Wizard
3.) Choose 128bit encryption
4.) Finish the wizard
There are more advanced settings but this is just the basics on how to secure your infrastructure.
G.) Use of Honeypots
A honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer, data, or a network site that appears to be part of a network, but is actually isolated and monitored, and which seems to contain information or a resource of value to attackers. There are different honeypots for different functions such as research, production, Spam versions, Email Trap, and Database. But there are issues with honeypots as well mostly on the ethic side or leak side of things.
Well here is a link to more information and products:
Honeypots
Project Honeypot
Make sure everything is updated, Back up your information, be smarter than the attacker, and remember to The best Security is yourself
0 comments:
Post a Comment