Tuesday 10 February 2015

              
               Operating System Hardening & Network Hardening   
 
                       Operating System Hardening   

The hardening of operating systems involves ensuring that the system is configured to limit the possibility of either internal or external attack. While the methods for hardening vary from one operating system to another the concepts involved are largely similar regardless of whether Windows, UNIX, Linux, MacOS X or any other system is being baselined. Some basic hardening techniques are as follows:

  • Non-essential services - It is important that an operating system only be configured to run the services required to perform the tasks for which it is assigned. For example, unless a host is functioning as a web or mail server there is no need to have HTTP or SMTP services running on the system.

  • Patches and Fixes - As an ongoing task, it is essential that all operating systems be updated with the latest vendor supplied patches and bug fixes (usually collectively referred to as security updates).

  • Password Management - Most operating systems today provide options for the enforcement of strong passwords. Utilization of these options will ensure that users are prevented from configuring weak, easily guessed passwords. As an additional levels of security include enforcing the regular changing of passwords and the disabling of user accounts after repeated failed login attempts.

  • Unnecessary accounts - All guest, unused and unnecessary user accounts must be disabled or removed from operating systems. It is also vital to keep track of employee turnover so that accounts can be disabled when employees leave an organization.

  • File and Directory Protection - Access to files and directories must be strictly controlled through the use of Access Control Lists (ACLs) and file permissions.

  • File and File System Encryption - Some filesystems provide support for encrypting files and folders. For additional protection of sensitive data it is important to ensure that all disk partitions are formatted with a file system type with encryption features (NTFS in the case of Windows).

  • Enable Logging - It is important to ensure that the operating system is configured to log all activity, errors and warnings.

  • File Sharing - Disable any unnecessary file sharing. 
              
                         Network Hardening 

Network hardening can be achieved using a number of different techniques:

  • Updating Software and Hardware - An important part of network hardening involves an ongoing process of ensuring that all networking software together with the firmware in routers are updated with the latest vendor supplied patches and fixes.

  • Password Protection - Most routers and wireless access points provide a remote management interface which can be accessed over the network. It is essential that such devices are protected with strong passwords.

  • Unnecessary Protocols and Services - All unnecessary protocols and services must be disabled and, ideally, removed from any hosts on the network. For example, in a pure TCP/IP network environment it makes no sense to have AppleTalk protocols installed on any systems.

  • Ports - A hardened network should have any unneeded ports blocked by a firewall and associated services disabled on any hosts within the network. For example, a network in which none of the hosts acts as a web server does not need to allow traffic for port 80 to pass through the firewall.

  • Wireless Security - Wireless networks must be configured to highest available security level. For older access points WEP security should be configured with 128-bit keys. Newer routers should implement WPA security measures.

  • Restricted Network Access - A variety of steps should be taken to prevent unauthorized access to internal networks. The first line of defense should involve a firewall between the network and the internet. Other options include the use of Network Address Translation (NAT) and access control lists (ACLs). Authorized remote access should be enabled through the use of secure tunnels and virtual private networks.

 

                       COMPUTER VIRUS 

   What is computer virus ?

A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. Viruses can also replicate themselves. All computer viruses are man-made. A simple virus that can make a copy of itself over and over again is relatively easy to produce. Even such a simple virus is dangerous because it will quickly use all available memory and bring the system to a halt. An even more dangerous type of virus is one capable of transmitting itself across networks and bypassing security systems.
Since 1987, when a virus infected ARPANET, a large network used by the Defense Department and many universities, many antivirus programs have become available. These programs periodically check your computer system for the best-known types of viruses.
Some people distinguish between general viruses and worms. A worm is a special type of virus that can replicate itself and use memory, but cannot attach itself to other programs


  What do computer viruses do?

Through the course of using the Internet and your computer, you may have come in to contact with computer viruses. Many computer viruses are stopped before they can start, but there is still an ever growing concern as to what do computer viruses do and the list of common computer virus symptoms. A computer virus might corrupt or delete data on your computer, use your email program to spread itself to other computers, or even erase everything on your hard disk.
Computer viruses are often spread by attachments in email messages or instant messaging messages. That is why it is essential that you never open email attachments unless you know who it's from and you are expecting it.
Viruses can be disguised as attachments of funny images, greeting cards, or audio and video files.
Computer viruses also spread through downloads on the Internet. They can be hidden in illicit software or other files or programs you might download.
To help avoid computer viruses, it's essential that you keep your computer current with the latest updates and antivirus tools, stay informed about recent threats, run your computer as a standard user (not as administrator), and that you follow a few basic rules when you surf the Internet, download files, and open attachments.
Once a virus is on your computer, its type or the method it used to get there is not as important as removing it and preventing further infection.


 Antivirus protection and how to avoid viruses

Is your computer running more slowly than usual? Does it stop responding, freeze often, or display other odd behavior? It might have a virus. Fortunately, if you update your computer regularly and use antivirus software, you can help permanently remove unwanted software and prevent it from being installed in the first place.

  Steps to be taken for Virus Detection and Prevention

  • Do not open any files attached to an email from an unknown, suspicious or untrustworthy source.
  • Do not open any files attached to an email unless you know what it is, even if it appears to come from a friend or someone you know. Some viruses can replicate themselves and spread through email. Confirm that your contact really sent an attachment.
  • Do not open any files attached to an email if the subject line is questionable or unexpected.
  • Delete chain emails and junk email. Do not forward or reply to any to them. These types of email are considered spam - unsolicited, intrusive messages that clog up the inboxes and networks.
  • Do not download any files from strangers.
  • Exercise caution when downloading files from the Internet. Ensure that the source is a legitimate and reputable one. Verify that an anti-virus program checks the files on the download site.
  • Update your anti-virus software regularly. .
  • Back up your files on a regular basis. If a virus destroys your files, at least you can replace them with your back-up copy. You should store your backup copy in a separate location from your work files, one that is preferably not on your computer.
  • When in doubt, always err on the side of caution and do not open, download, or execute any files or email attachments. Not executing is the more important of these caveats. Check with your product vendors for updates for your operating system, web browser, and email.

                              Social Engineering


     What is social engineering ?

     Social engineering is a non-technical method of intrusion hackers use that relies heavily on human interaction and often involves tricking people into breaking normal security procedures. It is one of the greatest threats that organizations today encounter.

   Why social engineering is performed ?

 Social engineering is a component of many -- if not most -- types of exploits. Virus writers use        social engineering tactics to persuade people to run malware-laden email attachments, phishers use social engineering to convince people to divulge sensitive information, and scareware vendors use social engineering to frighten people into running software that is useless at best and dangerous at worst.

How social engineering is performed ?

A social engineer runs what used to be called a "con game." For example, a person using social engineering to break into a computer network might try to gain the confidence of an authorized user and get them to reveal information that compromises the network's security. Social engineers often rely on the natural helpfulness of people as well as on their weaknesses. They might, for example, call the authorized employee with some kind of urgent problem that requires immediate network access. Appealing to vanity, appealing to authority, appealing to greed, and old-fashioned eavesdropping are other typical social engineering techniques.

    Types of social engineering attacks

  • Baiting. Baiting is when an attacker leaves a malware-infected physical device, such as a USB flash drive or CD-ROM, in a place it is sure to be found. The finder then picks up the device and loads it onto his or her computer, unintentionally installing the malware.
  • Phishing. Phishing is when a malicious party sends a fraudulent email disguised as a legitimate email, often purporting to be from a trusted source. The message is meant to trick the recipient into installing malware on his or her computer or device, or sharing personal or financial information.
  • Pretexting. Pretexting is when one party lies to another to gain access to privileged data. For example, a pretexting scam could involve an attacker who pretends to need personal or financial data in order to confirm the identity of the recipient.
  • Quid pro quo. A quid pro quo is when an attacker requests personal information from a party in exchange for something desirable. For example, an attacker could request login credentials in exchange for a free gift.
  • Spam. Spam is unsolicited junk email.
  • Spear phishing. Spear phishing is like phishing, but tailored for a specific individual or organization. In these cases, the attacker is likely trying to uncover confidential information specific to the receiving organization in order to obtain financial data or trade secrets.
  • Tailgating. Tailgating is when an unauthorized party follows an authorized party into an otherwise secure location, usually to steal valuable property or confidential information. This often involves subverting keycard access to a secure building or area by quickly following behind an authorized user and catching the door or other access mechanism before it closes.

    How to counter social engineering ?

Security awareness training can go a long way in preventing social engineering attacks. If people know what form a social engineering attack is likely to take, they will be less likely to fall victim to one. Organizations also perform penetration testing using social engineering techniques. This allows security teams to know which users pose a risk and thus can take steps to remediate that risk. The Social Engineering Toolkit (SET) is a useful tool to create social engineering attacks.

Examples of social engineering attacks

Another aspect of social engineering relies on people's inability to keep up with a culture that relies heavily on information technology. Social engineers rely on the fact that people are not aware of the value of the information they possess and are careless about protecting it. Frequently, social engineers will search dumpsters for valuable information, memorize access codes by looking over someone's shoulder (shoulder surfing), or take advantage of people's natural inclination to choose passwords that are meaningful to them but can be easily guessed.
Prevention includes educating people about the value of information, training them to protect it and increasing people's awareness of how social engineers operate.

 

Protect Your Facebook Account From Hacking

Things to do if  Your Facebook Account Gets Hacked

Go to https://www.facebook.com and follow the instructions on-screen. You’ll go through three steps:
  1. Verify your account and change password.  You’ll be asked to identify your account, change your password, and change the password associated with the e-mail account that you use for Facebook.
  2. Review and fix anything thehacker Changed.
  3. Unlock account.

  Prevent Your Facebook Account From Being Hacked

Security settings are the key. Log into Facebook and update these settings.
From Account settings, click on Security.  The following settings for the highest level of security.

1. Secure Browsing – enabled.

2. Login Notifications – enabled.

3. Login Approvals – enabled.  This feature requires that you have a cell phone capable of receiving text messages.  When enabled, you will receive a code via text message if your account is accessed from an unrecognized location.
This is important for teens.  They may use computers at a friend’s house, the library, or other public locations.  As an example, if you are logging in to Facebook from a computer in the library, you’ll be asked to enter in a code.  You’ll receive the text message, know that it’s you using Facebook, and enter the code.  If you receive the text message and you were not trying to log into Facebook, you’ll know there is a problem.  And the hacker trying to get into your account will not have the code.

4. App Passwords – If you don’t have many apps associated with your Facebook account, you can probably leave this off.  If you do enable login approvals as described above, and you do use apps such as Skype through Facebook, then you may want to set app passwords.  You can read about this feature on Facebook Help and Inside Facebook.

5. Recognized Devices – if there is anything listed here that doesn’t look familiar, or the date is not recent, remove it.

6.  Active Sessions – remove all except Current session.

Your Security Settings page should now look something like this:
Facebook Security settings in the locked-down position

As a last step, go to General Account settings and change your Facebook password.  And Please  finally, log out of Facebook when not in use.