From the moment your computer starts booting up until you shut down your computer, it is a target that can be attacked. Viruses, keystroke loggers, spyware, malicious programs and scripts are just outside waiting to attack your computer.
If one of these types gets into your system, it means you have a lot of trouble. Your files can be destroyed or shared with many strangers or your computer can be used as a powerful tool to send spam or spread illegal files. others.
Whether or not to take your computer out of the reach of attackers is entirely up to you. If you are not on alert, sooner or later someone else will take complete control of your computer. The problem is that there is no sure sign of your system being compromised. Self-moving windows or CD-ROMs are automatically opened and closed, but the signs may be harder to see. System shutdowns, an unexploded natural hard drive and network malfunctions are the symptoms that most users have encountered.
Some intruders are really good thieves and it is easy for you to know that you have been harmed for years. If you notice a problem, such as an auto-shutdown, this is a time when you need to look more closely. Do not just stop at symptom management, but find the cause. If your hard drive is full, in addition to buying a new drive, find out why it's full.
Preventive measures
If your computer has not been hacked, you want to be forever. Preventing bad guys from entering and protecting your data requires a preventative dose. Start by making sure that your operating system and main applications are installed with the latest patches and are always kept up to date as new patches are released. Having the latest security advice about your operating system is the best way to keep up to date with new vulnerabilities and fixes.
A firewall is needed to prevent crackers, port scanner and other unwanted intruders from infiltrating the system. If you have a cable modem, DSL or an Internet connection always on, a hardware firewall router is best suited. If you connect to the Internet via a modem, it is not exempt. Use a software firewall to protect your computer. You should also back up your hard drives regularly and check these backups periodically to make sure they work. Also, close all ports and network services that you do not need.
Firewalls are important, but more importantly, users need to know what is running on their system and what not to do, including network interfaces that are not being used. . For example, if you do not use FTP and Postfix then you need to disable these services. If your firewall rules are incomplete or incorrect then the number of ports to the intruder system will exploit less.
No matter how hard you try, a Trojan horse, software worms, or other viruses can harm your system. So it would be wise to do a periodic system check to see what's going on behind the scenes. Develop a baseline that you can use to perform comparisons on your computer. Is the processor performance of the machine unusually high? Are the drives automatically unintentionally running? If you understand what is "normal" to your computer then you will be able to quickly find out the "abnormal" activity.
Monitor Internet connections
Spy software, viruses, backdoor intrusion programs, and other system threats will often use your Internet connection to steal information or distribute their information. to anywhere. Finding unusual activity in your network connection can be as simple as keeping track of the blinking LEDs on your modem or router. If there is an activity that you can not explain, then you probably have a problem.
The netstat command, available in Windows, Linux and Mac OS X operating systems, will display all open ports in your system that are currently connected and listening for connections. On a working Linux system with the root role, type netstat -p. From the command line of Windows XP or Mac OS, type netstat -an.
When you check the output of the program, everything that is listening on localhost, 127.0.0.1, is usually harmless, just the processes on your computer are talking to each other. Pay attention to anything labeled 0.0.0.0. These are waiting for connections from the outside world. If something is listening that you do not know, it's a clear sign that your system has been compromised.
Please read the netstat homepage for more information on its output. Tcpdump ( http://www.tcpdump.org ) and Snort ( http://www.snort.org ) are powerful tools to control your Internet connection. If you do not use your computer as an Internet server, you just need to disconnect your cable modem or DSL when you are not online.
Thorough study of system processes
In addition to consolidating your Internet connection, monitor the processes running on your machine to make sure that nothing is not going on behind you. A list of the processes will show all applications and devils running on the machine.
In Linux, type ps -ef in the command line. In Mac OS X, type ps -aux. To view the list of processes in WinXP, press the CTRL-ALT-DELETE key, click the Process tab, and select Show Processes From All Users. You should be familiar with the output from these commands before you suspect something is wrong with your computer. The output is really mysterious and you have to know what you are expecting.
A favorite game of cracking programs, trojans and worms is to hide the information they want to transmit in your legitimate software. On Red Hat Linux or any other Linux distro with RPM, you can validate the software on your computer against the RPM package management database. The rpm -qv option will check your installed binaries against the official versions. The first time you run it, you will get a lot of results, configuration files, so that's the thing that you need to run before you get infected with the virus and you get used to the output.
Tripwire ( http://www.tripwire.org ) is a better version of rpm -qv. It monitors the key attributes of the unmodified files, including binary size and signature. It is very well configured but slightly complicated. You can run it once a day to see what files have changed on your system or if new devices have been added to the / dev directory. Tripwire is pre-installed on Red Hat Linux but is available in all versions of Linux. On the website http://www.macguru.net/~frodo/Tripwire-osx.html A Mac OS X version is also available.
Anti-virus software
If you run Windows, you definitely need an anti-virus application. Even if you are very smart and follow the guidelines of not opening attachments and using other common security tools, the virus can still sneak in. On Linux and Mac OS, the virus survives but is less annoying. For these systems, anti-virus software is not really needed but if used it is still a good idea.
According to experts, other operating systems do not need such anti-virus software. OS X and Linux users are very secure with a tool like Tripwire. It's more comprehensive than a virus checking program. However, free virus checking programs are currently available for Linux, so you can also install a program. Antivirus applications can also help in a multi-OS environment or if you have a Samba shared drive.
For OS X and Linux users interacting with Windows users, a virus checker is required.
If you are attacked
What will you do if you discover that your system has been compromised? First, disconnect the Internet from the infected computer. Then back up your data (if you have not already done so), find out the problem and remove it if you can.
Move the hard drive data to another machine in the network, then reinstall it. If you are attacked, the virus removal tools are no longer trusted. A compromised system basically means having a security hole. You can not know what has been taken.
Booting from an operating system on a CD-ROM will allow you to use trusted applications to investigate and hopefully be able to solve the problem. If you need help, consider using FIRE (fire.dmzs.com; Forensic and Incident Response Environment), which is a bootable Linux CD that can help you investigate and repair Windows systems and Linux. The CD includes a virus scanner, search tools for deleted files, and data recovery from lost partitions (hard disk space) and much more.
Although it will be very troublesome for you, but the best remedy is to regularly clean up your hard drive and start over again. If you have ever been hacked into root, you can not simply assume that the attacker has not yet embedded malicious code on all of your systems. Administrators often try to recover the computer after an intruder by deleting strange, unnecessary files on the machine. As a result, the computer will run unstable and will often be hacked back in just a few days.
Firewalls, system monitoring, and virus testing can cost you a lot of money and effort when using a computer. Although these preventive measures take a lot of time to develop and use, consider them as a drop in the sea compared to the painful problems that a compromised system has. can bring you.
Enhance the security of your computer
If you think keeping your computer safe is a day job, be ready to work overtime. Other devices, including cell phones and PDAs (personal digital assistants), also have vulnerabilities that are vulnerable to attack.
Take, for example, bluejacking, which is the use of Bluetooth to sneak up the message on the mobile phone and PDA of strangers. It can be used as a benign playful joke to confuse the recipient and also to send spam to the surrounding victims. The fix is to enhance the Bluetooth security settings on your device or disable all of them. You can find more information on the website http://bluejackq.com
Although not as prolific as computer viruses, PDA viruses still exist. And with the increasing confidence in wireless connectivity, anyone near you can discover your email password and the content of the message you send and receive from your PDA. myself. The biggest threat to a PDA user is the loss of his PDA. After all, a PDA is more likely to be stolen than a desktop computer. Consider using encryption software like F-Secure FileCrypto ($ 65; http://www.f-secure.com/products/filecrypto so that thieves can not get data if the hardware falls into their hands.
There are countless users with broadband Internet connections have discovered that their computers have become the FTP site for pirated and pornographic software. They usually only detect this after the Internet service provider has disabled their account. Other users have discovered belatedly that their computers have become the medium to send e-mails, mass mailing spam.
In addition, there are effects of "botnets," in which thousands of computers are harmed listening on an IRC channel to receive directives. With a command, a cracker can make all of those machines execute his commands, such as performing a DoS attack.
Top 5 vulnerabilities are vulnerable to intrusion
Every year, the SANS Institute and the Federal Bureau of Investigation (FBI) publish a list of the most commonly exploited vulnerabilities in Windows and Linux / Unix systems. The complete list, along with information on how to protect these vulnerabilities, is available at the website http://www.sans.org/top20 . Here are five top security vulnerabilities extracted from Windows and Linux lists.
Windows
Internet Information Services. By default, uninstalled IIS installations on Windows XP Pro, 2000 Server, and NT4 can expose private data to the outside world and allow the crackers to gain control over the server. Install new patches when these patches are released and use the IIS Lockdown Tool http://www.microsoft.com/technet/security/tools/locktool.asp ).
Microsoft SQL Server. SQL Server can allow attackers (and worms) to alter database content, download private information, or take control of all servers. Disable SQL / MSDE Monitor Service on UDP port 1434 and install the latest patch.
Windows authentication. This flaw is not entirely a problem for Windows; It is also a problem with the users. The easy-to-steal passwords (which are easily guessed or obtained from brute-force cracking software) are one of the causes. SANS recommends that you disable the insecure Windows For LAN Manager authentication system and prevent the password from being saved and copied.
Internet Explorer. Being the most popular web browser means having to face a series of security incidents. ActiveX vulnerabilities, Web site spoofing, and buffer overflow are some of the myriad of IE problems. If you are using version 5.5 or earlier, download version 6.0. Install the latest patches and keep them current. Use IE's security options to squeeze in ActiveX security.
Windows Remote Access Services. A range of Windows-NetBIOS services, anonymous logins, remote Registry access, and remote procedure calls-can allow others to view your data, control your computer, or use your computer. Calculate your count as a participant in a DoS attack. Disabling network shares and logging in anonymously and blocking infected ports can minimize these problems.
Linux / Unix
According to the SANS Institute, the following vulnerabilities are in the top 5 positions on Linux / Unix systems.
BIND Domain Name System. This extensive implementation of DNS (Domain Name System) is often used in DoS attacks. If your system does not need to be a DNS server, disable BIND. In the case of the reverse, patch the latest version.
Remote procedure calls. Remote procedure calls (RPCs) allow a computer to execute programs on another computer and so they are vulnerable to abuse, especially in DoS attacks. Turn off any RPC services you do not need and install the latest patches.
Apache Web Server. Apache is the most popular Web server, so it becomes a popular target for crackers who can use it to deceive your Web site, perform a DoS attack, or Scout in your server. Install the latest patches and disable the scripting languages you do not need.
Unix authentication accounts do not have a weak password or password. The vulnerable passwords are a security hole on every operating system. The best approach is to replace these passwords with unencrypted passwords.
Clear text services. FTP, telnet, POP and other network services transmit unencrypted data as an easy target for sniffing packets. Disable these services and replace them with secure services, such as SFTP, SSH, and secure email tunnel to ensure the privacy of your confidential data.
Mac OS X
Mac OS X also has its flaws and some of them are derived from its Unix root. Here are five vulnerabilities in Mac OS X.
Trusted directory authentication. By default, Mac OS 10.3 believes the LDAP directory information is detected during DHCP (Active Configuration Protocol). If Mac OS X is forced to a directory server about credentials, the server can provide access to the admin account for the Panther client without having to "crack" or add any. Which user account? " Fixes are listed at the website http://docs.info.apple.com/article.html?artnum=32478
FileVault's insecure file deletion. When you enable FileVault to encrypt your root directory contents, the original files are removed in an insecure manner and can be restored using standard disk recovery tools.
Trivial password reset. Anyone who has a Mac OS X installation CD can reset the admin password by rebooting from the CD and using the Password Reset Utility. While this is not a flaw, the user needs to understand that unless their computer is physically secure, anyone can access their system. You can use Apple's firmware security tools to disable booting from a CD.
Loose restrictions on sudo. The dependency of the Mac OS on sudo as a means of executing command line operations has brought about security instability. Users who have become satisfied with system administration can open the door to harmful scripts.
Private file sharing guest access. By default, personal file sharing allows remote users to store data in a user's Dropbox without his / her knowledge. This can be used to bypass a user's storage quota or fill up a Mac's hard drive.
Deploy a protective coat
As such, the dangers to your system are present, but there are a number of measures you can take that will at least reduce the risk of attack. For example, anti-virus software is very important for all operating systems, but is a requirement for Windows users.
Also, if you do not have a hardware firewall, download ZoneAlarm - a software-based firewall. Free version ( http://www.zonelabs.com ) works on a broadband connection or modem. The $ 49.95 professional edition adds scanning features including email attachments, ad blocking, and file safeguards.
You should also consider installing Norton Internet Security 2004 ($ 69.95; www.symantec.com ); It includes a firewall, anti-virus utilities, spam filters and a privacy protection utility. Basically, this is a suite of software that deserves to protect your Windows computer from major security risks.
In Mac OS X, BrickHouse (shared software costs $ 25; http://www.securemac.com/brickhouse.php ) is a frontend of the ipfw firewall built into the Mac OS X operating system. BrickHouse offers more features than the basic ipfw interface in System Preferences and includes A set of built-in filters for dial-up users, users who are running a LAN and other common configurations. If you do not want to use ipfw, go to Firewalk X 2 (shared software costs $ 34.99; http://www.pliris-soft.com ), a firewall is full of features and does not depend on ipfw. It provides real-time alerts, which can restrict network access to specific applications and detect port scanning programs.
IPNetSentryX ($ 40; http: //www.sustw orks.com/site/prod_sentryx_overview.html ) takes an unusual approach to prevent bad guys from entering your Mac by quietly tracking suspicious behavior. When it is activated, it sets up a firewall, blocking intruders outside. You do not have to worry about having to work around a firewall because it will not be there until you need it. If you want a secure network of a virus checker, try McAfee Virex ($ 35; http://www.nai.com ). This software will scan and remove the viruses of Windows and Mac. The program also comes with a .Mac account. http://www.mac.com
For Linux systems, netfilter and iptables form a framework that provides packet filtering and NAT (network address translation), two important tools to protect your computer from the outside world. You can use them to build a firewall and share a single IP address for your LAN. The advantage of netfilter and iptables is that they are already part of the Linux 2.4 kernel (and later). The downside is that installing them is not easy. Let's start with the guide at the website http://www.netfilter.org/documentation
Firewall Builder ( http://www.fwbuilder.org ), which is geographically front-facing iptables, is a firewall configuration management tool. With it, you can create a set of objects that describe your firewall, servers, and subnets of your network and then drag those objects into the behavioral rules for deployment. Your firewall. That's a lot easier than fixing the configuration files manually and it's open source.
If you need a portable and secure Linux installer, use Tinfoil Hat Linux ( http://tinfoilhat.shmoo.com ). Distro Linux on a floppy disk is ideal for defeating keyboard loggers and other system snoopers. Because it does not support networking, you can rest assured that it will block all Internet crackers.
Finally, F-Prot ( http://www.f-prot.com/products ) is a virus prevention utility can find more than 102,000 kinds of viruses. This is a free utility when used for personal purposes.
Minh Chung
