Securing small Securing small businessbusiness

FirewallsFirewallsAntiAnti--virusvirus

AntiAnti--spywarespyware

IntroductionIntroduction

Due to the phenomenal growth of the Internet Due to the phenomenal growth of the Internet in the last decade companies and individuals find in the last decade companies and individuals find it hard to operate without a presence on the it hard to operate without a presence on the Internet. This means that companies are Internet. This means that companies are exposed to threats, which can have a major exposed to threats, which can have a major business impact. The fact that one needs to business impact. The fact that one needs to protect company and individual computers from protect company and individual computers from unauthorized or unwanted access is considered a unauthorized or unwanted access is considered a common fact.common fact.

FIREWALLSFIREWALLS

Understanding the conceptUnderstanding the concept

In order to pick the right Firewall, In order to pick the right Firewall, understanding what a firewall does is crucial. understanding what a firewall does is crucial. I will quickly cover basic TCP/IP concepts and I will quickly cover basic TCP/IP concepts and then move on to picking the right device.then move on to picking the right device.

IP AttributesIP Attributes

TCP AttributesTCP Attributes

TCP runs on top of IP: TCP runs on top of IP: A TCP packet contains a port number:A TCP packet contains a port number:

A TCP packet contains a sequence number and A TCP packet contains a sequence number and a FLAG:a FLAG:

Firewalls Firewalls –– The Basic DescriptionThe Basic Description

A firewall is a perimeter defense device:A firewall is a perimeter defense device:This means that any firewall splits a network into a This means that any firewall splits a network into a trusted or protected, and untrusted or protected, and un--trusted or unprotected trusted or unprotected side.side.

A firewall filters traffic on a preA firewall filters traffic on a pre--defined set defined set of rules:of rules:

Any firewall is only as good as its configuration.Any firewall is only as good as its configuration.

Firewall limitsFirewall limits

These 2 factors limits the effectiveness of a firewall These 2 factors limits the effectiveness of a firewall dramatically and it is important to note that a firewall dramatically and it is important to note that a firewall does notdoes not::

Protect you from your internal network.Protect you from your internal network.Protect you from authorized intended or untended Protect you from authorized intended or untended malicious access. This entails using granted privileges malicious access. This entails using granted privileges or access for unintended operations.or access for unintended operations.

Protect you from Protect you from allall harmful attacks. Exploits found on harmful attacks. Exploits found on the Internet can use different techniques to penetrate the Internet can use different techniques to penetrate basic firewall protection.basic firewall protection.

What kind of Firewall?What kind of Firewall?

Features of a good firewall:Features of a good firewall:State full inspectionState full inspection--SPISPI

It does content checking, passing protocols It does content checking, passing protocols through a validation exercise.through a validation exercise.

It keeps a state of connections whereby it It keeps a state of connections whereby it monitors the state of a TCP connection and monitors the state of a TCP connection and allows traffic accordingly.allows traffic accordingly.

It does address translation.It does address translation.

It can authenticate connections.It can authenticate connections.

HardwareHardware--SoftwareSoftware

Hardware:Hardware:Most basic routers do not include SPIMost basic routers do not include SPIVPN routers doVPN routers doWiredWiredWireless (WEP encryption)Wireless (WEP encryption)

SoftwareSoftware

Most OS before Win XP do not include any Most OS before Win XP do not include any protection.protection.Win XP does not include SPI but offers some Win XP does not include SPI but offers some basic protectionbasic protection““Zone AlarmZone Alarm”” offers SPI.offers SPI.http://www.rockbridge.net/zonealarmhttp://www.rockbridge.net/zonealarm

Email AntiEmail Anti--virusvirus

EMAIL OriginsEMAIL Origins

OriginsOriginsEmail was created by researchers as a way for them Email was created by researchers as a way for them to communicate. This was many years before the to communicate. This was many years before the World Wide Web, what we now refer to as World Wide Web, what we now refer to as ““The The InternetInternet””..

EMAIL SecurityEMAIL Security

Why is it insecure?Why is it insecure?It was not originally intended for widespread use It was not originally intended for widespread use outside of research.outside of research.It was designed to be simple and easy to operate It was designed to be simple and easy to operate with minimum restrictions.with minimum restrictions.Security controls were afterthoughts that had to be Security controls were afterthoughts that had to be pasted on to the email system, instead of being part pasted on to the email system, instead of being part of the original design. Because of this, email security of the original design. Because of this, email security is inefficient and incomplete.is inefficient and incomplete.

Define SPAMDefine SPAM

General definition General definition –– unun--requested or unsolicited requested or unsolicited email, usually designed to initiate a financial email, usually designed to initiate a financial transaction or gather data for advertisingtransaction or gather data for advertising

Most legitimate companies do not engage in SPAM Most legitimate companies do not engage in SPAM emailingemailingA SPAM email is typically sent to many millions of A SPAM email is typically sent to many millions of email addresses in the expectation that even if only a email addresses in the expectation that even if only a fraction of 1% generate a response, the SPAM email fraction of 1% generate a response, the SPAM email will still produce an economic returnwill still produce an economic return

The new face of SPAM The new face of SPAM –– how it went how it went from obnoxious to hazardousfrom obnoxious to hazardous

SPAM originally was mostly just advertisementsSPAM originally was mostly just advertisementsAs email and Internet use have become more As email and Internet use have become more common since the late 1990common since the late 1990’’s, email has become s, email has become one of the primary ways to distribute virusesone of the primary ways to distribute virusesRecently, there has been increasing involvement Recently, there has been increasing involvement of the criminal underworldof the criminal underworld

Identity theftIdentity theftCredit fraudCredit fraud

Self installing viruses, or how to run Self installing viruses, or how to run an email server without even tryingan email server without even trying

Frequently used to deliver computer programs Frequently used to deliver computer programs designed to infect your computer and send new designed to infect your computer and send new copies of the virus to other email addresses copies of the virus to other email addresses and/or seize control of the computer.and/or seize control of the computer.

Can automatically install without your knowledgeCan automatically install without your knowledgeUses your contact lists and emails for target Uses your contact lists and emails for target addressesaddressesVery small and compact programVery small and compact program

Someone elseSomeone else’’s very own email server s very own email server on my computeron my computer

Capable of sending many thousands of emails per hourCapable of sending many thousands of emails per hourSevere impact on your Internet browsing performanceSevere impact on your Internet browsing performanceSevere impact on your overall computer performanceSevere impact on your overall computer performanceSpreads virus to your friends and many othersSpreads virus to your friends and many othersMay result in your email address being blocked by May result in your email address being blocked by potential recipients.potential recipients.May result in your ISP suspending your service until the May result in your ISP suspending your service until the problem is corrected.problem is corrected.

““SurprisesSurprises”” in email virusesin email viruses

In addition to installing an email server on your In addition to installing an email server on your computer and mass emailing copies of the virus computer and mass emailing copies of the virus to others, most of the recent email viruses also to others, most of the recent email viruses also carry a separate carry a separate ““payloadpayload”” which installs a which installs a program on your computerprogram on your computerSilent install Silent install –– you are unaware that the program you are unaware that the program has been installedhas been installed

Steal my data please!Steal my data please!

This program often carries a component that This program often carries a component that allows the program to receive orders from an allows the program to receive orders from an outside source.outside source.

This allows an unauthorized user to take control of This allows an unauthorized user to take control of your computer or steal your datayour computer or steal your dataOften installs a Often installs a ““key loggerkey logger””, a program that , a program that captures every keyboard entry you make and records captures every keyboard entry you make and records it for future transmission to other partiesit for future transmission to other parties

Stealing your identityStealing your identity

The program can report back to the original The program can report back to the original sendersender

Allows others to steal your data:Allows others to steal your data:PasswordsPasswordsBank account informationBank account informationCredit card informationCredit card informationPersonal informationPersonal information

Putting down Putting down ““RootsRoots””

A new type of email virus is just being seen that A new type of email virus is just being seen that is an even more serious threat. This is a is an even more serious threat. This is a ““Root Root KitKit”” installer.installer.

Replaces key parts of your operating systemReplaces key parts of your operating systemRoot Kit virus is almost impossible to detectRoot Kit virus is almost impossible to detectIs able to take complete control of your computerIs able to take complete control of your computerVery few anti virus programs can even detect Very few anti virus programs can even detect whether a Root Kit has been installedwhether a Root Kit has been installed

Tearing out the Tearing out the ““RootsRoots””

There are only a few antiThere are only a few anti--virus companies that have virus companies that have Root Kit detectors.Root Kit detectors.

FF--Secure has a product in Beta testing called Secure has a product in Beta testing called ““BlacklightBlacklight””((www.fwww.f--secure.com/blacklightsecure.com/blacklight) that attempts to detect and ) that attempts to detect and remove Root Kitsremove Root Kits

Currently, the only fully effective remedy if infected is Currently, the only fully effective remedy if infected is to wipe the computer hard drive clean and reinstall to wipe the computer hard drive clean and reinstall everythingeverythingFortunately, Root Kits are still very rare, but that will Fortunately, Root Kits are still very rare, but that will rapidly changerapidly change

What can we do?What can we do?

DonDon’’t rely on a single defense t rely on a single defense –– use a layered use a layered approachapproach

Use your ISPUse your ISP’’s email virus filtering service, if s email virus filtering service, if availableavailableUse a hardware firewallUse a hardware firewallInstall a software firewallInstall a software firewallInstall and maintain antiInstall and maintain anti--virus softwarevirus software

Use common sense.Use common sense.

The MultiThe Multi--level Defenselevel Defense

ISP EmailFiltering

Firewall Anti-virussoftware

YOU

AntiAnti--virus programsvirus programs

Install and keep up to date at least one antiInstall and keep up to date at least one anti--virus virus programprogram

What capabilities should it have?What capabilities should it have?Real time file checking Real time file checking –– should be able to check every file should be able to check every file you use on your computer, as you open ityou use on your computer, as you open itReal time email checking Real time email checking –– should be able to check all should be able to check all incoming and outgoing emailincoming and outgoing email

Are two better than one?Are two better than one?

Some AntiSome Anti--virus programs require more resources on virus programs require more resources on your computer than othersyour computer than others

Norton and McAfee are resource intensive and will not Norton and McAfee are resource intensive and will not ““play play wellwell”” with other antiwith other anti--virus programs. Consider the virus programs. Consider the ““horsepowerhorsepower”” of your computer before installing a second of your computer before installing a second program, especially if you are using one of these packages.program, especially if you are using one of these packages.

AntiAnti--virus programs that appear to work reasonably virus programs that appear to work reasonably well together are (there may be other programs as well):well together are (there may be other programs as well):

Authentium/Command Antivirus (Authentium/Command Antivirus (www.authentium.comwww.authentium.com))AVG (AVG (www.grisoft.comwww.grisoft.com))FF--Prot (Prot (www.fwww.f--secure.comsecure.com))

The Last Line of Defense: YOUThe Last Line of Defense: YOU

Learn how to identify common attributes of SPAM and Learn how to identify common attributes of SPAM and virus emails. Listed below are some common virus emails. Listed below are some common SPAM/virus email traits but this is not a complete list.SPAM/virus email traits but this is not a complete list.

Unusual characters in the Subject lineUnusual characters in the Subject lineEmail that asks you to provide confidential information, Email that asks you to provide confidential information, either in a reply email or by asking you to go to a website. Beeither in a reply email or by asking you to go to a website. Bevery careful about providing information such as:very careful about providing information such as:

Credit Card number / Bank Account numberCredit Card number / Bank Account numberSocial Security numberSocial Security number

YouYou’’re still the last line of defensere still the last line of defense

If it sounds too good to be true, it probably is.If it sounds too good to be true, it probably is.No, there really isnNo, there really isn’’t a former Nigerian government official t a former Nigerian government official that wants to share his $20,000,000 with you.that wants to share his $20,000,000 with you.Do you really want to buy stock or bonds from someone Do you really want to buy stock or bonds from someone who makes his living sending unsolicited email? If the stock who makes his living sending unsolicited email? If the stock was really that good (or even existed), he wouldnwas really that good (or even existed), he wouldn’’t need to t need to spend his time trying to get you to buy it.spend his time trying to get you to buy it.How much do you want to entrust your health to a pill or How much do you want to entrust your health to a pill or lotion you saw in a SPAM email, from an undocumented lotion you saw in a SPAM email, from an undocumented source, with no safety inspection or valid certification? source, with no safety inspection or valid certification?

What else can we do?What else can we do?

DonDon’’t reward SPAMt reward SPAMMy own personal policy is to never visit a website or My own personal policy is to never visit a website or purchase a product as a result of SPAM. purchase a product as a result of SPAM.

Take responsibility for your computer and use Take responsibility for your computer and use common sensecommon sense

Self reliance and common sense are your most Self reliance and common sense are your most effective tools. Remember, what happens to your effective tools. Remember, what happens to your computer is your responsibility. No software or computer is your responsibility. No software or hardware can properly protect your computer hardware can properly protect your computer without your help.without your help.

SpyWareSpyWare……Who is Watching Me?Who is Watching Me?

SpyWare, Adware & MalwareSpyWare, Adware & Malware

•• SpyWare SpyWare is any technology that aids in gatheringis any technology that aids in gatheringinformation about a person or organizationinformation about a person or organizationwithout their knowledge.without their knowledge.

•• AdWare AdWare is any software application in whichis any software application in whichadvertising banners are displayed while theadvertising banners are displayed while theprogram is running.program is running.

•• MalWare MalWare is short for is short for malmalicious softicious softwareware,,software designed specifically to damage orsoftware designed specifically to damage ordisrupt a system, such as a virus or a Trojandisrupt a system, such as a virus or a Trojanhorse.horse.

How did I get this?How did I get this?

•• SpyWareSpyWare applications are typically bundledapplications are typically bundledas a hidden component of freeware oras a hidden component of freeware orshareware programs that can beshareware programs that can bedownloaded from the Internet.downloaded from the Internet.

•• Trojans/MalwareTrojans/Malware can be installed without the user's consent, can be installed without the user's consent, as a as a ““drivedrive--by downloadby download””, or as the result of clicking some , or as the result of clicking some option in a deceptive popoption in a deceptive pop--up window.up window.

Typical SpyWare/Maleware Developer Typical SpyWare/Maleware Developer TricksTricks

•• Hide it inside anotherHide it inside anotherprogram's installer.program's installer.

•• Keep asking to install until the Keep asking to install until the user says user says YesYes..

•• Create a false pretenseCreate a false pretensefor the user needing the for the user needing the software.

•• Hide software out in group Hide software out in group directories on peerdirectories on peer--to peer to peer networks.networks.

•• Design it to look essential, or Design it to look essential, or to be invisible.to be invisible.

•• Design it not to uninstall, even Design it not to uninstall, even when asked.when asked.

software.

Common Applications thatCommon Applications thathave or are SpyWarehave or are SpyWare

•• Comet CursorComet Cursor

•• Bonzi BuddyBonzi Buddy

•• InterInterNet GamesNet Games

•• CoolWebSearchCoolWebSearch

•• Weather BugWeather Bug

•• IncredimailIncredimail

•• Snood & Dynomite

•• Web Search ToolbarsWeb Search Toolbars

•• Instant MessengersInstant Messengers

•• File Sharing ProgramsFile Sharing Programs

•• KazaaKazaa

•• MorpheusMorpheus

Snood & Dynomite

Things SpyWare/Malware can doThings SpyWare/Malware can do•• Leave a backdoor openLeave a backdoor open

for hackersfor hackers

•• Install other programsInstall other programsdirectly onto you PCdirectly onto you PC

•• Load adult orientatedLoad adult orientatedimages on your PCimages on your PC

•• Dial a service, most likely adult Dial a service, most likely adult content sites, for which you content sites, for which you will be billed!

•• Monitor your keystrokesMonitor your keystrokes

•• Collect information aboutCollect information aboutyou and your surfingyou and your surfinghabitshabits

•• Modify system settingsModify system settings

•• Redirect your browserRedirect your browser

•• Send/Receive cookies to other Send/Receive cookies to other SpyWare programs will be billed!SpyWare programs

Signs of SpyWare/MalwareSigns of SpyWare/Malware

•• Does your computer seem slow?Does your computer seem slow?

•• Do you see programs you donDo you see programs you don’’ttremember installing?remember installing?

•• When you start your Internet browser,When you start your Internet browser,does it open to a page you've neverdoes it open to a page you've never

seen before?seen before?•• Do you see a sudden increase in popupDo you see a sudden increase in popupadvertisements on pages where you'veadvertisements on pages where you've

never seen them before?never seen them before?•• Antivirus messages keep popping up.Antivirus messages keep popping up.

Ways to avoid SpyWare/MalwareWays to avoid SpyWare/Malware

•• Keep Windows up to date.Keep Windows up to date.

•• Keep your Antivirus up to date.Keep your Antivirus up to date.

•• Install software only from Web sites you trustInstall software only from Web sites you trust..•• Read the fine print on free software.Read the fine print on free software.

““There is no such thing as a free lunchThere is no such thing as a free lunch””•• Use a tool to help detect and removeUse a tool to help detect and remove

unwanted softwareunwanted software..

IE DefenseIE Defense

•• Set your Internet Security settings to at least Medium.Set your Internet Security settings to at least Medium.

•• Open Internet Explorer and click the Open Internet Explorer and click the Tools Tools menu andmenu andthen the then the Internet Options...Internet Options...subsub--menu.menu.

•• Click on the Click on the Security Security tab at the top. Next click on thetab at the top. Next click on theInternet Internet icon. The icon. The Security Level Security Level bar should be set tobar should be set toMedium.Medium.

•• Next click on the Next click on the Restricted Sites Restricted Sites icon. The icon. The SecuritySecurityLevel Level bar should be set to High.bar should be set to High.

•• Next click on the Next click on the Trusted Sites Trusted Sites icon. The icon. The Security LevelSecurity Levelbar should be set to Low.bar should be set to Low.

Pop up BlockersPop up Blockers

The Google ToolbarThe Google Toolbar -- for IEfor IEhttp://toolbar.google.com/http://toolbar.google.com/

MaxthonMaxthon –– Tabbed BrowserTabbed Browserhttp://www.maxthon.comhttp://www.maxthon.com

Spybot (Search & Destroy)Spybot (Search & Destroy)

AdAd--AwareAware

SpySweeperSpySweeper

Tools of DefenseTools of Defense

•• Set up IE in a secure fashionSet up IE in a secure fashion•• A good popup blockerA good popup blocker•• A good AntivirusA good Antivirus•• A good removal toolA good removal tool

SpySweeper (by Webroot) SpySweeper (by Webroot) http://www.rockbridge.nethttp://www.rockbridge.net

SpybotSpybot--Search & Destroy (by Spybot) Search & Destroy (by Spybot) http://www.download.comhttp://www.download.com

AdAd--aware (by Lavasoft)aware (by Lavasoft)http://www.download.comhttp://www.download.com

SpyWareSpyWare……DonDon’’t Be A Victim!t Be A Victim!

Questions?Questions?

What does RGV do to What does RGV do to protect you?protect you?

Two Layered ProtectionTwo Layered Protection

RGV Outsourcers mail FilteringRGV Outsourcers mail FilteringSpamSpamVirusesViruses

RGV Implements its own filteringRGV Implements its own filteringSpam Spam VirusesVirusesPort filteringPort filtering

August 18, 2005 CombinedAugust 18, 2005 Combined

DomainDomain MessagesMessages BytesBytes% of % of

BytesBytesBlocked Blocked

MsgsMsgs% of % of

MsgsMsgs

rockbridge.netrockbridge.net 30,13630,136 369,495,216369,495,216 62.0 62.0 21,697 21,697 78.7 78.7

DomainDomainViruses Viruses

QuarantinedQuarantined

rockbridge.netrockbridge.net 180180

What Next?What Next?

RGV will introduce a new free service RGV will introduce a new free service in Octoberin October

Web FilteringWeb Filtering

Residential Customers Parental Control Residential Customers Parental Control Parents will be able to control and limit their Parents will be able to control and limit their childrenchildren’’s uses use

Web FilteringWeb Filtering

SMB CustomersSMB CustomersWill be able to control and limit use of each Will be able to control and limit use of each employee.employee.

Protect yourselfProtect yourself

Develop a policyDevelop a policyImplement the policyImplement the policyEvaluate the solutionEvaluate the solutionCost less in Cost less in thethe long long runrunPatch, Patch, PatchPatch, Patch, Patch