Viruses, Worms and Other PC Compromises - PowerPoint PPT Presentation

1 / 29
About This Presentation
Title:

Viruses, Worms and Other PC Compromises

Description:

Symantec AntiVirus site-license. Campus Firewall & Network Monitoring. 10 ... Use Symantec AntiVirus (SAV) at the office and at home. Update SAV weekly via LiveUpdate ... – PowerPoint PPT presentation

Number of Views:64
Avg rating:3.0/5.0
Slides: 30
Provided by: maryjeanfi
Category:

less

Transcript and Presenter's Notes

Title: Viruses, Worms and Other PC Compromises


1
(No Transcript)
2
Viruses, Worms and Other PC Compromises
3
Protecting Your Desktop Computer
  • Its a shared responsibility
  • CIT
  • Your Departments Techsup
  • You

4
Protecting Your Desktop Computer
  • Common Threats and Time-wasters
  • Common Points of Vulnerability
  • Defensive Measures

5
Common Threats
  • Viruses
  • Worms
  • Hacks

6
Time-wasters
  • Hoaxes
  • Spyware

7
Common Points of Vulnerability
  • Email attachments
  • - Documents (Word, Excel, etc.)
  • - Scripts
  • Network connections
  • - Port scans
  • - Shared network drives

8
Common Points of Vulnerability
  • Floppy disks, CD-ROMs, downloads
  • - File-swapping with colleagues
  • - software installation programs

9
Defensive Measures What CIT Does
  • WSU AccessID Email
  • - automatic virus scanning and eradication
  • - Junk Mail filter
  • Symantec AntiVirus site-license
  • Campus Firewall Network Monitoring

10
Defensive Measures What You Can Do
  • Know your departments techsup
  • support.wayne.edu/deptsupport
  • Dont have a techsup?
  • Contact the CIT Help Desk 313-577-4778

11
Defensive Measures What You Can Do
  • Activate the Junk Mail filter in AccessID E-mail
  • webmail.wayne.edu
  • Options Junk Mail Control Junk Mail Filter
  • set Filter Condition Normal (or Exclusive) and
  • follow the instructions on the screen
  • Periodically check the Junk Mail folder for
    false positives

12
Defensive Measures What You Can Do
  • Check the hoax warning lists before you
    forward an email warning
  • www.sophos.com/virusinfo/hoaxes
  • www.f-secure.com/virus-info/hoax
  • www.symantec.com/avcenter/hoax.html
  • hoaxbusters.ciac.org

13
Defensive Measures What You Can Do
  • Upgrade your operating system (OS) to Windows
    2000 or Windows XP
  • Use a strong password for the Windows
    Administrator account
  • Keep the OS up-to-date check regularly for
    Service Packs and Critical Updates

14
Defensive Measures What You Can Do
  • Network settings in Windows that you may not need
    . ask your techsup first
  • - File and Printer Sharing for Microsoft Networks
  • - Client for Microsoft Networks
  • Use the operating systems built-in firewall .
    ask your techsup first
  • Windows XP Internet Connection Firewall
  • Mac OS 10.2 System Preferences Sharing
    Firewall

15
Defensive Measures What You Can Do
  • Use Symantec AntiVirus (SAV) at the office and at
    home
  • Update SAV weekly via LiveUpdate
  • Run scans regularly

16
Defensive Measures What You Can Do
  • Turn off your PC at night and on the weekends
  • Shrinks the window of opportunity
  • Saves electricity, too
  • Back up your data regularly

17
Denial of Service Attacks
18
CERT Description of DoS
  • attempts to "flood" a network, thereby preventing
    legitimate network traffic
  • attempts to disrupt connections between two
    machines, thereby preventing access to a service
  • attempts to prevent a particular individual from
    accessing a service
  • attempts to disrupt service to a specific system
    or person

19
DoS Modes
  • consumption of scarce, limited, or non-renewable
    resources
  • destruction or alteration of configuration
    information
  • physical destruction or alteration of network
    components

20
Consumption of resources
  • Recent attacks appear to be aimed at bandwidth
    consumption, often this is accomplished with ICMP
    ECHO and is a reason for disabling ICMP
  • Can also be aimed at overwhelming a single
    computers network resources by sending lots of
    connections (SYN attack), usually in combination
    with source IP spoofing.

21
What are we doing?
  • Disabling network jacks of computers that have
    been compromised, or entire departments if
    needed.
  • Disabling internet connectivity at the firewall
    on a per computer basis (Security office)
  • Installing anti-spoofing filters on routers

22
Further Defense Network Firewall
  • A firewall is a device that can modify network
    traffic based on certain rules and criteria.
  • CIT currently has a large-scale firewall that
    sits at the front door of the network.
  • All traffic entering and leaving the University
    passes through the firewall.

23
The Firewall A Basic Layout
24
The Firewall What Was Changed?
  • Rules were added to block Microsoft-specific
    networking from entering the University from the
    outside world.
  • Numerous security holes in Microsoft-specific
    networking allow remote attackers to take
    fullcontrol of Windows machines on campus.
  • Puts an end to the most common Microsoft-based
    attacks from the outside world.
  • Does not affect or interrupt communication
    internal to the University or outbound traffic.

25
The Firewall What Was Changed?
  • The following ports are now blocked at the edge
    of the network
  • Ports 135-139 tcp and udp.
  • Windows file-sharing, authentication, printing,
    etc.
  • Enabled by default.
  • Port 445 tcp and udp.
  • The modern version of above. Used since Win2K.
  • Enabled by default.
  • Port 593 tcp.
  • The RPC endpoint mapper.
  • Disabled by default.

26
How Will This Affect You?
  • The following services are now disabled when
    attempting to access them from outside the
    University
  • Windows shares (i.e., mapping drives).
  • Remote domain logins.
  • Assorted NetBIOS services (e.g. pop-ups, Windows
    printers, etc).
  • Individuals using WSUs WayneConnectdial-in
    service are not affected.

27
Common questions
  • Can I still access my desktop from home?
  • Yes. The Remote Desktop feature found in Windows
    XP is still enabled.
  • Can I still map to a drive at the University
    while Im at home?
  • Only if you are using WSUs dial-in service or
    have a VPN client configured.
  • Do I need to change any settings for this?
  • No. This is done transparently by the firewall.

28
Solutions The VPN and TightVNC
  • The VPN is available for pilot testing.
  • Virtual Private Network puts you on campus.
  • Creates an encrypted tunnel between your
    computer and the University.
  • Allows your computer to appear as part of the
    University regardless of location.
  • Currently runs on Windows only.
  • VPN Pilot open to a small group now - free.
  • Goal is to have a VPN available to everyone for a
    nominal annual fee (to cover costs).
  • Interested? Send requests to security_at_wayne.edu.

29
Solutions The VPN and TightVNC
  • TightVNC can be used to access your desktop
    remotely.
  • Freely available and cross-platform.
  • Most of the same features as Remote Desktop.
  • Does not require Windows XP.
  • Does not require any special hardware or
    software.
  • http//www.tightvnc.com
  • Note This is not supported by the Help Desk.
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Viruses, Worms and Other PC Compromises" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!