DACS General Meeting By Dave Mawdsley JEFF SETARO RETURNS AFTER SURGERY for an update on the world of computers and Internet security. Jeff presented numerous and detailed ways to use a computer on the Internet in a safe manner and focused on three main topics: Threats, Solutions and Tools. Prefacing his presentation, Jeff told the audience at the general meeting the critical need to change the mindset of users who use computers with no regard to how they work, required maintenance tasks or securing them from the problems the Internet can bring to a computer user. The weakness mentality of 'plug it in and just use it' is the main challenge to overcome if computers can ever be made safe to use with the Internet. Reviewing the threats that occurred during 2010, Jeff told that there were no major virus outbreaks. However, Facebook and Twitter became major targets of attacks since they are where so many folks hang out. Especially crafted attacks occurred against Google and RSA that year. Further, the malware writers and spammers ramped up their collaborations. On the good side, the year was a good one for arrests of malware writers and distributors. There also were botnet command and control center takedowns. Looking at the growth of viruses and malware showed a much darker picture. Malware has grown at doubling rates each year since about 2005--and the growth rates for malware aren't slowing down. More problems in the future will come for older Windows platforms, attacks similar to Stuxnet, more malware targeting smart phones, jailbroken iOS devices and compromised social networks. Facebook spam has circled the globe and spear phishing has increasingly targeted corporations. Spam and malware writers created more misery by cooperating in DDoS attacks. (Distributed Denial of Service attacks bombard servers with so many packets of data the servers must process that they can't function normally.) While DACS members in the audience by a show of hands seemed to be paying attention to securing their routers using wireless encryption along with changing the administrative password, a number of attendees indicated that they were behind on this front. Members were cautioned that unprotected wireless networks could lead to legal liabilities if their routers were to relay spam, allow the distribution of child pornography, etc. WPA2 wireless encryption rather than WEP encryption was preferred for routers. A question from the audience about cookies led to the suggestion to simply delete them weekly to stop the tracking they entail. Once deleted, the tracking trail from your computer is broken. Adobe Flash includes cookies that are difficult to delete, however. Ransomware, a fairly new kind of malware, holds a computer hostage demanding a small payment for the restoration of private files that were made unusable or encrypted by the malware. The best defense is to not let the ransomware into the computer in the first place, and to have a recent backup of important files. Extortion is a police matter, but police prefer not to get involved with small-dollar crimes unless many people report them. Jeff emphasized that all malware consist of computer programs and as such cannot do damage unless they are allowed to run. This leads to the main observation that the USER is the PROBLEM. Malware doesn't depend upon bugs or operating system vulnerabilities; it is instead a security issue. All OS platforms (Windows, Mac, Linux) are capable of infection. It's up to the users to do their best to not let the infections happen. Phishing attacks were described with an example showing how they work with fake and real webpages for PayPal look- alike. The fake site, but looking real, requests lots of personal information so as to 'verify your credentials' and thus steal any of the information supplied. Jeff emphasized that banks never ask for information from users or account holders this way. Don't even play with the fake credentials webpage, although supplying the wrong information and password might engage the phisher in lots of useless activity. Pharming attacks change the real DNS (Domain Name Server) lookup numbers of a webpage domain name to point to a rogue server that then delivers a page not used by the owner of the domain name. ('www.usatoday.com' should use '159.54.238.69') There is little a typical user can do to protect against this kind of attack as it's really an issue for the people who manage the compromised DNS server hosting the domain name's address information. Pharming attacks are often linked with a phishing attack so as to use a fake bank site. If a webpage doesn't look or feel right it would be safer to not use it. People who use online banking should watch for any small changes in the appearance of a bank's webpage with perhaps a call to the bank to verify that the change was legitimate. Compromised computers called Zombies can act as spam relays, host rogue programs or contribute to DDoS attacks and continue to proliferate. A home router that's always showing lots of Internet traffic even though the computers are turned on in the system but aren't being used could signal a zombie problem or they may simply be getting anti-virus or other automated update. Always investigate high Internet traffic passing through a router. As for solutions to the virus/malware issues, Jeff indicated that, "There are no magic bullets." Solutions rest with the user and risk mitigation tools. Risk mitigation of the malware problem include: dumping Internet Explorer 6 for the latest version of Internet Explorer, using Firefox or Opera as a browser instead, keeping your system patched, keeping Adobe products such as Flash and Reader updated, and using an integrated package to handle anti-virus, anti-spam, firewall, etc. Don't use password caching in browsers. Don't use coffee shop Wi-Fi to do online banking. Remember that while risk mitigation of the problems is possible, there is no 'Solution' as such. Risk mitigation tools include: anti-malware software, personal firewall software, encryption software along with broadband router/firewall appliances. Users simply have to be pro-active to minimize risk. Discussion became lengthy on the general email spam problem. Jeff said that approximately 90% of all email is spam. While users can work with spam junk filters, they generally work only partially because the spam filtering really needs to be done at the ISP level. Basically pay attention and guard your personal information while using the Internet--not disclosing what you don't have to. Block 3rd party cookies and log out of sites when done with them. Don't open an attachment in an email from a person you don't know. eff continued his remarks about 'Safe Hex' on the topic of encrypting confidential documents. Windows, Mac and Linux all support an open source, encryption program called 'TrueCrypt' which does an excellent job with the encryption of documents. Install it and use it. As for mobile devices, install anti-malware on them and use the same 'Safe Hex' behaviors with them. Jeff indicated that the Android may become the most exploited system because it's an open system. It's much like the Wild, Wild West on the Internet with no gatekeeper. Jeff further suggested that routers should not be configured to use internal addresses starting with 192.168.x.x, but use other NAT reserved blocks such as the one beginning with 10.x.x.x or the one beginning with 172.16.x.x. The reason for doing this is to mitigate risks with automated software trying to crack into routers. In his final remarks, Jeff told of 'What If Disaster Strikes.' Primarily, don't panic, disconnect from the network and walk away. The must-have tools include: current backups, having a disaster recovery plan (know where your important disks and product keys are), use F-Secure's Bootable Rescue CD, a thumb drive with recovery tools and SpywareBlaster. The later slides during the presentation detail Internet links for the additional resources that were suggested. Returning to the thread of changing the user mindset, 'Security is a process not a destination.' and 'Technology is not a panacea.' So practice 'Safe Hex.' In order to view and/or download the PDF slide show of his presentation, look for the May 2011 presentation on the DACS Downloads page.
|
 Click Here |
 |
 |
DacsGear!
|