How To Safeguard Your PC From Internet Attacks Be careful for what you download – Virus, SPAM, Spyware, Trojan, Zombie Be careful for what link you

How To Safeguard Your PC From Internet AttacksBe careful for what you download –

Virus, SPAM, Spyware, Trojan, ZombieBe careful for what link you click –

Phishing (identity theft, etc)FirewallBackup and RestoreSecurity for Wireless Router/Connection

04/19/23 by Vincent Chiu 1

NOTE: This PPT slides can also be downloaded from:http://www.ccmchurch.org/fyt/bsg/Moses

Virus - Types of Infection When you listen to the news, you hear about many different forms of electronic

infection. The most common are: Viruses - A virus is a small piece of software that piggybacks on real

programs. For example, a virus might attach itself to a program such as a spreadsheet program. Each time the spreadsheet program runs, the virus runs, too, and it has the chance to reproduce (by attaching to other programs) or wreak havoc.

E-mail viruses - An e-mail virus moves around in e-mail messages, and usually replicates itself by automatically emailing itself to dozens of people in the victim's e-mail address book.

Worms - A worm is a small piece of software that uses computer networks and security holes to replicate itself. A copy of the worm scans the network for another machine that has a specific security hole. It copies itself to the new machine using the security hole, and then starts replicating from there, as well.

Trojan horses - A Trojan horse is simply a computer program. The program claims to do one thing (it may claim to be a game, anti-spyware, system clean/fix tool ,etc) but instead does damage when you run it (it may erase your hard disk). Trojan horses have no way to replicate automatically.



Virus - Types of Infection(continue…) Rootkits –

A rootkit is a type of malicious software that is activated each time your system boots up. Rootkits are difficult to detect because they are activated before your system's Operating System has completely booted up.

A rootkit often allows the installation of hidden files, processes, hidden user accounts, and more in the systems OS. Rootkits are able to intercept data from terminals, network connections, and the keyboard.

Rootkits are so effective to hide Trojans, viruses and other malware from your anti-virus scanner and other security products. Unfortunately, they are extremely effective which means that some of you reading this will be infected even though you believe your PC to be totally clean.

Probably the most famous rootkit incident in 2005 was the Sony CD incident where Sony installed a rootkit onto music CD-ROMs. When the music CDs were played on a computer, the rootkit installed in order to provide digital rights management for the music on the CD. The problem was that the rootkit itself was not secure and it allowed other malware to piggyback onto it and also install onto a user's computer. An embarrassed Sony recalled a large number of music CDs and reissued them without the digital rights rootkit.

See http://www.sysinternals.com/Utilities/RootkitRevealer.html for more details.


Virus - Types of Infection(continue…) Exploits –

is a piece of software, a chunk of data, or sequence of commands that take advantage of a bug, glitch or vulnerability in order to get unintended or unanticipated behavior out of computer software, hardware, or something electronic (usually computerized). This frequently includes such things as gaining control of a computer system or allowing privilege escalation or a denial of service attack.

Often, when an exploit is published, the vulnerability is fixed through a patch and the exploit becomes obsolete for newer versions of the software.

Sometimes aren't really threats in and of themselves. Instead they are methods that can be used for good or bad just depending on what they are developed for. If you find any of these, it doesn't mean someone was trying to do something bad, but it is very likely that they were. If you get any of these, just get rid of them and be done with them.

False Positive - A false positive is another way of saying ‘mistake’. As applied to the field of anti-virus/anti-spyware programs, a false positive occurs when the program mistakenly flags an innocent file as being infected. This may seem harmless enough, but false positives can be a real nuisance. Usually, can be fixed or eliminated by updating definitions.

Virus - An Ounce of Prevention

You can protect yourself against viruses with a few simple steps:

If you are truly worried about traditional (as opposed to e-mail) viruses, you should be running a more secure operating system like UNIX. You never hear about viruses on these operating systems because the security features keep viruses (and unwanted human visitors) away from your hard disk.

If you are using an unsecured operating system, then buying virus protection software is a nice safeguard.

If you simply avoid programs from unknown sources (like the Internet), and instead stick with commercial software purchased on CDs, you eliminate almost all of the risk from traditional viruses. In addition, you should disable floppy disk booting -- most computers now allow you to do this, and that will eliminate the risk of a boot sector virus coming in from a floppy disk accidentally left in the drive.

You should make sure that Macro Virus Protection is enabled in all Microsoft applications, and you should NEVER run macros in a document unless you know what they do. There is seldom a good reason to add macros to a document, so avoiding all macros is a great policy.


Virus - An Ounce of Prevention- Disable Macro


Open the Options dialog from the Tools menu in Microsoft Word and make sure that Macro Virus Protection is enabled, as shown.

Virus - An Ounce of Prevention – be careful to open email attachments

You should never double-click on an attachment that contains an executable that arrives as an e-mail attachment. Attachments that come in as Word files (.DOC), spreadsheets (.XLS), images (.GIF and .JPG), etc., are data files and they can do no damage (noting the macro virus problem in Word and Excel documents mentioned above; but some might use Exploits to embed harmful programs into these documents). A file with an extension like EXE, COM, BAT, PIF or VBS is an executable, and an executable can do any sort of damage it wants. Once you run it, you have given it permission to do anything on your machine. The only defense is to never run executables that arrive via e-mail.


Virus - An Ounce of Prevention Keep your protection up-to-date

Update “Windows Update” regularly(or turn on Windows Auto-update)

Update Anti-Virus software definition regularly Schedule Anti-Virus scan regularly

*** Anti-virus software in use today is fairly effective - but only if it's kept updated and the user takes precautions (such as not opening unfamiliar documents or programs.)


Virus - An Ounce of Prevention Virus Protection Software

Free version from Avast, AVG: http://www.avast.com/eng/download-avast-home.html,http://free.grisoft.com Anti-virus software review

http://www.anti-virus-software-review.toptenreviews.com/


SPAM-The Source of Spam

One of the problems with spam, and the reason why there is so much of it, is that it is so easy to create.


SPAM-How Do They Get My Email Address?

The first is newsgroups and chat rooms, especially on big sites like AOL. People (especially first-time users) often use their screen names, or leave their actual e-mail addresses, in newsgroups. Spammers use pieces of software to extract the screen names and e-mail addresses automatically.

The second source for e-mail addresses is the Web itself. There are tens of millions of Web sites, and spammers can create search engines that spider the Web specifically looking for the telltale "@" sign that indicates an e-mail address. The programs that do the spidering are often called spambots.

The third source is sites created specifically to attract e-mail addresses. For example, a spammer creates a site that says, "Win $1 million!!! Just type your e-mail address here!" In the past, lots of large sites also sold the e-mail addresses of their members. Or the sites created "opt-in" e-mail lists by asking, "Would you like to receive e-mail newsletters from our partners?" If you answered yes, your address was then sold to a spammer.

Probably the most common source of e-mail addresses, however, is a "dictionary" search of the e-mail servers of large e-mail hosting companies like MSN, AOL or Hotmail. In the article Hotmail: A Spammer's Paradise?, the author describes the process:

A dictionary attack utilizes software that opens a connection to the target mail server and then rapidly submits millions of random e-mail addresses. Many of these addresses have slight variations, such as "[email protected]" and "[email protected]." The software then records which addresses are "live," and adds those addresses to the spammer's list. These lists are typically resold to many other spammers.

E-mail addresses generally are not private (just like your phone number is not private if it is listed in the phone book). Once a spammer gets a hold of your e-mail address and starts sharing it with other spammers, you are likely to get a lot of spam.

Unusual one but might happen frequently than we thought: identify theft. Customer database has been comprised/hacked from some legitimate company. Hackers then use huge customers’ email database to send out mass-emails.


SPAM-How Antispam Software Works

Blacklist It: A real-time blacklist identifies the IP address of the spam sender's computer, then advises its subscribers' ISPs to block mail from that address. This method is very effective, but it inevitably leads to a cat-and-mouse game between spammers and blockers - and legit messages sometimes get bounced.

Vote It Off the Island: Distributed identification lets a community of peer-to-peer users flag spam for one another. Once enough recipients object to a particular message, it's automatically transferred to everyone else's spam folders.

Profile It: Heuristic analysis software looks for invalid message IDs, bugs, and other telltale spam traits - as defined by an evolving set of rules - and develops a numerical score for each incoming email. If the score hits a designated limit, the email is blocked. Sometimes legitimate messages get velvet-roped as well.

Outsmart It: Bayesian filtering, the most promising new technique, doesn't adhere to any particular set of rules - it learns and relearns how to spot spam by scanning the mail you've read and the mail you've rejected. The AI filter calculates probabilities based on each email's most unusual characteristics. Before long, it knows what kind of email to deliver - and what to toss. Popular in the open source community and expected to be adopted commercially in the next year, this method filters out more than 99 percent of unwanted messages.


SPAM-How Antispam Software Works Words to Avoid:

Top 25 subject-line words and symbols:Fwd, Free, Get, FREE, $, !, SPAM, You, Your, Norton, Credit, Save, 000, Now, Check, Year, Make, Sale, Money, DVD, just, now, Lose, software, Earn

Top 25 phrases in body text:opt-in, now!, offers, most, partners, 999, fulfillment, yamato, naviant, partner, removal, recurring, mailings, free!, assistant, enjoy, grocers, mailing, subscriber, cash, sun, rewarding, buy, today!, marketing

***Not that efficient any more as more recent SPAMs have been using “graphic” text(texts shown as graphics) to get away from this filtering***

Never Click ANYTHING In A Spam E-mail. User should never click on the opt-out link in SPAM. These might be lies. Yes, lies. By clicking on any of these, you send a message to the spammer's server which says that your email is valid. You have just proven to the spammer that your email address works. Here is the new, worse reason. Clicking on this link exposes you to an Internet Explorer exploit that allows trojans/spyware to be installed on your system... without you knowing it.

Use good SPAM protection webmail like – Yahoo, Gmail, MSN Hotmail, Att.net, Comcast.net, etc. If you’re using MS Outlook or Outlook Express, make sure to run Windows Update to keep Junk Email Filter up-to-date.

by Vincent Chiu 13

SPAM-How Spam Works


http://spam-filter-review.toptenreviews.com/

Spyware

Has your computer ever become so slow that you can fix yourself a snack in the time it takes your word processor or internet browser to open? Spyware may be to blame.


Spyware has been known to masquerade as a prize-notification pop-up window.

Spyware

Spyware is a category of computer programs that attach themselves to your operating system in nefarious ways. They can suck the life out of your computer's processing power. They are designed to track your Internet habits, nag you with unwanted sales offers or generate traffic for their host Web site.


Spyware - What is Spyware? What is Spyware?

Some people mistake spyware for a computer virus. A computer virus is a piece of code designed to replicate itself as many times as possible, spreading from one host computer to any other computers connected to it. It usually has a payload that may damage your personal files or even your operating system. Spyware, on the other hand, is generally not originally designed to damage your computer. Spyware is broadly defined as any program that gets into your computer without permission and hides in the background while it makes unwanted changes to your user experience. The damage it does is more a by-product of its main mission, which is to serve you targeted advertisements or make your browser display certain sites or search results.


Other "Ware"•Malware - a general term for any program that makes changes (does malicious or "bad" things) without your express permission •Adware - programs designed specifically to deliver unrequested advertising •Stealware - specific spyware designed to capture clicks or Web-site referral credits •Keylogger - specific spyware designed to capture keystrokes to steal information•Browser hijacker - a malicious program that becomes deeply embedded in your browser's code and core functionality

Spyware – become worse, and worse

But recently, Spyware contains varying levels of threats from the very minor to others that are probably worse that all of the above malware. Often these also contain trojans but other malware can also be included.

Antivirus programs seldom can effectively clean this and really isn't made for these. While spyware's may contain say a trojan, there are more parts to a spyware and these parts are not what an antivirus aren't made to clean up.

In addition, some people actually use some items that would fall into this category - Spyware. Many P2P (peer-to-peer) programs(eMule, BitTorrent, etc) install spyware as do programs made to monitor your workers or even children's activity on the computer. So removing this type of potential malware requires that you know what you are dealing with before you remove them.


Spyware-How Did it Get on Your Computer? Piggybacked software installation - Some

applications -- particularly peer-to-peer file-sharing clients -- will install spyware as a part of their standard install. If you don't read the installation list closely, you might not notice that you're getting more than the file-sharing application you want. This is especially true of the "free" versions that are advertised as an alternative to software you have to buy. There's no such thing as a free lunch.

Disguised as some free tool to help(it might or might not) you solve computer problems but also installed as spyware – make sure you search web to know if it’s adware/spyware free. If you’re not sure, don’t install it and ask your friends that it might have a better way to solve your computer problems.


Spyware-How Did it Get on Your Computer?


While it officially claims otherwise, Kazaa has been known to include spyware in its download package.


Don’t click that “X”! It’s not what you think to CLOSE that unwanted window … Use “Alt-F4” or sometimes need to kill it with “Task Manager” but might terminate your Browser which spawns that window04/19/23 by Vincent Chiu 21


Driven-by download - This is when a Web site or pop-up window automatically tries to download and install spyware on your machine. The only warning you might get would be your browser's standard message telling you the name of the software and asking if it's okay to install it.




Internet Explorer security warning


Browser add-ons - These are pieces of software that add enhancements to your Web browser, like a toolbar, animated pal or additional search box. Sometimes, these really do what they say they do but also include elements of spyware as part of the deal. Or sometimes they are nothing more than thinly veiled spyware themselves. Particularly nasty add-ons are considered browser hijackers -- these embed themselves deeply in your machine and take quite a bit of work to get rid of.




Bonzi Buddy is an "add-on" application that includes spyware in its package.


Masquerading as anti-spyware - This is one of the cruelest tricks in the book. This type of software convinces you that it's a tool to detect and remove spyware.



Ads shown on the download page – be careful when you click “downlaod”




04/19/23by Vincent Chiu

28



04/19/23by Vincent Chiu

29



When you run the tool, it tells you your computer is clean while it installs additional spyware of its own.

Spyware-What Does it do When it Gets There?

Spyware can do any number of things once it is installed on your computer. At a minimum, most spyware runs as an application in the background as soon as you start your computer up, hogging RAM and processor power. It can generate endless pop-up ads that make your Web browser so slow it becomes unusable. It can reset your browser's home page to display an ad every time you open it. Some spyware redirects your Web searches, controlling the results you see and making your search engine practically useless. It can also modify the DLLs (dynamically linked libraries) your computer uses to connect to the Internet, causing connectivity failures that are hard to diagnose.

Certain types of spyware can modify your Internet settings so that if you connect through dial-up service, your modem dials out to expensive, pay telephone numbers. Like a bad guest, some spyware changes your firewall settings, inviting in more unwanted pieces of software. There are even some forms that are smart enough to know when you try to remove them in the Windows registry and intercept your attempts to do so. The point of all this from the spyware makers' perspective is not always clear. One reason it's used is to pad advertisers' Web traffic statistics. If they can force your computer to show you tons of pop-up ads and fake search results, they can claim credit for displaying that ad to you over and over again. And each time you click the ad by accident, they can count that as someone expressing interest in the advertised product.

Another use of spyware is to steal affiliate credits. Major shopping sites like Amazon.com and Ebay.com offer credit to a Web site that successfully directs traffic to their item pages. Certain spyware applications capture your requests to view sites like Amazon and Ebay and then take the credit for sending you there.


Spyware-“Zombie” – a new type of attackA zombie computer, abbreviated zombie, is a computer attached to the Internet that has been

compromised by a security cracker, a computer virus, or a trojan horse. Generally, a compromised machine is only one of many in a "botnet", and will be used to perform malicious tasks of one sort or another under remote direction. Most owners of zombie computers are unaware that their system is being used in this way. Because the vector tends to be unconscious, these computers are metaphorically compared to a zombie. Infected zombie computers — predominantly Windows PCs — are now the major delivery method of spam.


Anti-Spyware-Solutions

Use a real-time anti-spyware detector/scanner. And regularly scan and remove spyware if found by anti-spyware software.

Use a pop-up blocker. Disable Active-X. Be suspicious of installing new software. Use the Alt-F4 (or advanced, using “Task Manager”

to kill process) instead of clicking "X“ to close pop-up windows.

Install Windows XP SP2 and regularly run “Windows Update” to apply other security patches update


Spyware-Solutions-Anti-Spyware


•Download free version – Microsoft Anti-Spyware Beta,

Ad-Aware Personal: www.lavasoft.com, Spybot Search & Destroy: www.safer-networking.org

http://anti-spyware-review.toptenreviews.com/

Phishing

In computing, phishing is the fraudulent acquisition, through deception, of sensitive personal information such as passwords and credit card details, by masquerading as someone trustworthy with a real need for such information.

The term "phishing" is sometimes said to stand for password harvesting fishing, though this is likely a backronym, a retroactively-coined acronym.

Still other theories accredit the term "phishing" to originate from the name "Brien Phish" who was the first to allegedly use psychological techniques to steal credit card numbers in the 1980s. Others believe that "Brien Phish" was not a real person but a fictional character used by scammers to identify each other.

The term was coined in the mid 1990's by crackers attempting to steal AOL accounts. An attacker would pose as an AOL staff member and send an instant message to a potential victim. The message would ask the victim to reveal his or her password, for instance to "verify your account" or to "confirm billing information". Once the victim gave over the password, the attacker could access the victim's account and use it for criminal purposes, such as spamming.


Phishing

Today, online criminals put phishing to more directly profitable uses. Popular targets are users of online banking services, and auction sites such as eBay. Phishers usually work by sending out spam e-mail to large numbers of potential victims. These direct the recipient to a Web page which appears to belong to their online bank, for instance, but in fact captures their account information for the phisher's use.

Typically, a phishing email will appear to come from a trustworthy company and contain a subject and message intended to alarm the recipient into taking action. A common approach is to tell the recipient that their account has been de-activated due to a problem and inform them that they must take action to re-activate their account. The user is provided with a convenient link in the same email that takes the email recipient to a fake webpage appearing to be that of a trustworthy company. Once at that page, the user enters her personal information which is then captured by the fraudster.


How does phishing work?

!!! Deceiving !!! Look closely at each LINK you click or type

Make sure your link is https:// when you enter your credentials/financial info; usually you can tell there’ll be “locked” icon somewhere on your browser


Phishing-URL Spoofing There are several types of URL spoofing An IP address, e.g.

http://69.147.114.210, (www.yahoo.com IP address)http://1167291090 andhttp://0x459372D2 (Base10 and Base16 , both translated to www.yahoo.com IP address, also http://%77%77%77%2E%79%61%68%6F%6F%2E%63%6F%6D (ASCII code, translated to

http://www.yahoo.com)http://paypal.com@1167291090 (take advantage of http://username:[email protected]

format, if website doesn’t authenticate, anything between http:// and “@” will be ignored)This relies on the user ignoring the URL bar completely, or being confused by its complexity.

A completely different domain, e.g. https://www.randomdomain.com/This relies on the user just not looking at the domain at all.

A plausible-sounding but fake domain, e.g. https://www.paypal-secure.comThis relies on the user not knowing their exact destination.

A visible-to-the-eye letter substitution, e.g. https://www.paypa1.comThis relies on the user not looking too closely at individual letters.

An invisible letter substitution (punycode attack) by making use of fault in IDN(International Domain Name), e.g. http://中文.tw is legitimate web site. This sort are currently almost undetectable.(Update: Now IE7 can detect IDN domain) E.g., http://www.paypal.com links to http://www.pаypal.com/ Note: а is Azeri character/font.

An address with username that looks like a domain name, e.g. http://[email protected]


Phishing-URL Spoofing An address that uses wildcard DNS record characters to disguise the domain name (

http://news.netcraft.com/archives/2005/03/07/phishers_use_wildcard_dns_to_build_convincing_bait_urls.html). Some examples include:

http://barclays.co.uk|snc9d8ynusktl2wpqxzn1anes89gi8z.dvdlinKs.at/pgcgc3p/ http://barclays.co.uk|YJ3EMOHOqljQ8J5oW2ZKyTaRMQOahSWaxTrFTEQK9l9VVQj6jDtyq10d24r2h0bijh2 http://barclays.co.uk|34fdcb4rvdnp9phxbahhvbs6l56a2uyx%2edivxmovies%2ea%74/41pvaw3/

Checking the URL in the address bar of the browser may NOT be sufficient, as, in some browsers, that can be faked as well. However, the file properties feature of several popular browsers may disclose the real URL of the fake webpage. But it’s still hard to detect like http://www.pаypal.com/ which contains IDN character.

Redirection URLs: One recent attack saw fraudsters exploiting one vulnerability on the Visa web site: http://usa.visa.com/track/dyredir.jsp?rDirl=http://200.251.251.10/.verified/The URL redirected users to a phishing site hosted at http://200.251.251.10/.verified/ , and used a common browser vulnerability to spoof the real URL in the address bar.

*** See more phishing examples from www.netcraft.com ***


Phishing-DNS hacking “hosts” file manipulation - When accessing a device by name, the networking

system will attempt to locate the name within the “hosts” file if it exists. Typically, this is used as a first means of locating the address of a system, before accessing the DNS(Internet domain name system) In Windows NT/2000/XP/Vista: %SystemRoot%\system32\drivers\etc\ is the default location for “hosts” file. Example: the entry inside “hosts” - “192.168.0.6 www.bankone.com”, when you type www.bankone.com, your browser will try to find if www.bankone.com is listed inside “hosts”, if found, it’ll go to “192.168.0.6” instead of using DNS to resolve. This mechanism gives hackers a way to tamper with your “hosts” to route legitimate domain to a specific server which will host “phishing” pages to deceive. Some anti-spyware like SpySweeper or toolbar like AT&T Security Toolbar can detect such “hosts” manipulation.

Pharming - is a hacker's attack aiming to redirect a website's traffic to another (bogus) website. Pharming can be conducted either by changing the hosts file on a victim’s computer or by exploitation of a vulnerability in DNS server software. A study shows a possible attack(See Change Your Router Password NOW! ) combined with JavaScript and default router password(Default Router Passwords Database can be found here) to change your router’s DNS setting to point a bogus DNS server. If you suspect you have encountered pharming of a site (one that still pretends to be the other site), a simple procedure in Windows will help tell.

Open a command prompt: From the Start menu, choose Run..., type cmd and press Enter.

Look up the IP address: Type nslookup 123.45.67.89 and press Enter, replacing 123.45.67.89 with the IP address you find questionable.


Phishing-Example


Phishing-Example


Phishing-Help prevent identity theft from phishing scams Notice in the following example that resting the mouse

pointer on the link reveals the real Web address, as shown in the box with the yellow background. The string of cryptic numbers looks nothing like the company's Web address, which is a suspicious sign.


Phishing-Help prevent identity theft from phishing scams

Another common technique that con artists use is a Uniform Resource Locator (URL) that at first glance appears to be the name of a well-known company but is slightly altered by intentionally adding, omitting, or transposing letters. For example, the URL "www.microsoft.com" could appear instead as:

www.micosoft.comwww.mircosoft.comwww.verify-microsoft.com


Phishing – Part of blacklist from AT&T security feedsca.hs.kr/alerts.bankofamerica.comaccesacc.hksignin.ebay.com.g3mc.com/ebayisapi.dllmistyteal.com61.19.213.82/budgetpaypal.com.pifthemilliondollarformula.comlocked-member.netunbeguiled.comciti-alert.us0x44e4c532:122/scb/index.htmlppwebscr.com/paypal211.240.40.175/cgi-binwebscr.cmd=login-rununilo-wamu.comdivinitytemplates.combuprep.comchasetrustbank.comcf.geocities.com/zifuh68393888ebayboom.com/ebay_oshtml_9132006signin.ebay.u-uo.comebay.com.updateinformationsslcgi.cominset-boy.com


202.162.34.21/.www.ebay.comau.clerkdokut.hk/detailsconfirm.aspblueribbonteeth.comshoboalisn.com/wachoviathevioletpatch.comlogin-w9.com/...horrido-lerche.de/login.htmloakleafsystems.com/signin.ebay.comaplus.net/wachoviawww.kuehnleasing.ru/webscr.php00-12.us203.194.145.77/.paypal.com12-222-59-185.client.insightbb.com:82/index.php3530146002/.chaseonline.chase.com/login.php

Firewall-How Firewalls Work

Basically, a firewall is a barrier to keep destructive forces away from your property. In fact, that's why its called a firewall. Its job is similar to a physical firewall that keeps a fire from spreading from one area to the next. As you read through this article, you will learn more about firewalls, how they work and what kinds of threats they can protect you from.

If you have been using the Internet for any length of time, and especially if you work at a larger company and browse the Web while you are at work, you have probably heard the term firewall used. For example, you often hear people in companies say things like, "I can't use that site because they won't let it through the firewall."

If you have a fast Internet connection into your home (either a DSL connection or a cable modem), you may have found yourself hearing about firewalls for your home network as well. It turns out that a small home network has many of the same security issues that a large corporate network does. You can use a firewall to protect your home network and family from offensive Web sites and potential hackers.


Firewall-How Firewall Does

A firewall is simply a program or hardware device that filters the information coming through the Internet connection into your private network or computer system. If an incoming packet of information is flagged by the filters, it is not allowed through.

Firewalls use one or more of three methods to control traffic flowing in and out of the network:

Packet filtering - Packets (small chunks of data) are analyzed against a set of filters. Packets that make it through the filters are sent to the requesting system and all others are discarded.

Proxy service - Information from the Internet is retrieved by the firewall and then sent to the requesting system and vice versa.

Stateful inspection - A newer method that doesn't examine the contents of each packet but instead compares certain key parts of the packet to a database of trusted information. Information traveling from inside the firewall to the outside is monitored for specific defining characteristics, then incoming information is compared to these characteristics. If the comparison yields a reasonable match, the information is allowed through. Otherwise it is discarded.


Firewall-Making the Firewall Fit Firewalls are customizable. This means that you can add or remove filters based on several

conditions. Some of these are: IP addresses - Each machine on the Internet is assigned a unique address called an IP

address. IP addresses are 32-bit numbers, normally expressed as four "octets" in a "dotted decimal number." A typical IP address looks like this: 216.27.61.137. For example, if a certain IP address outside the company is reading too many files from a server, the firewall can block all traffic to or from that IP address.

Domain names - Because it is hard to remember the string of numbers that make up an IP address, and because IP addresses sometimes need to change, all servers on the Internet also have human-readable names, called domain names. For example, it is easier for most of us to remember www.howstuffworks.com than it is to remember 216.27.61.137. A company might block all access to certain domain names, or allow access only to specific domain names.

Protocols - The protocol is the pre-defined way that someone who wants to use a service talks with that service. The "someone" could be a person, but more often it is a computer program like a Web browser. Protocols are often text, and simply describe how the client and server will have their conversation. The http in the Web's protocol. Some common protocols that you can set firewall filters for include:

IP, TCP, HTTP, FTP, UDP, ICMP, SMTP, SNMP, Telnet A company ,might set up only one or two machines to handle a specific protocol and ban that protocol on all

other machines. Ports - Any server machine makes its services available to the Internet using numbered

ports, one for each service that is available on the server (see How Web Servers Work for details). For example, if a server machine is running a Web (HTTP) server and an FTP server, the Web server would typically be available on port 80, and the FTP server would be available on port 21. A company might block port 21 access on all machines but one inside the company.

Specific words and phrases - This can be anything. The firewall will sniff (search through) each packet of information for an exact match of the text listed in the filter. For example, you could instruct the firewall to block any packet with the word "X-rated" in it. The key here is that it has to be an exact match. The "X-rated" filter would not catch "X rated" (no hyphen). But you can include as many words, phrases and variations of them as you need.


Firewall-Proxy Servers and DMZ

A function that is often combined with a firewall is a proxy server. The proxy server is used to access Web pages by the other computers. When another computer requests a Web page, it is retrieved by the proxy server and then sent to the requesting computer. The net effect of this action is that the remote computer hosting the Web page never comes into direct contact with anything on your home network, other than the proxy server. Proxy servers can also make your Internet access work more efficiently. If you access a page on a Web site, it is cached (stored) on the proxy server. This means that the next time you go back to that page, it normally doesn't have to load again from the Web site. Instead it loads instantaneously from the proxy server.


Firewall-Proxy Servers and DMZ

There are times that you may want remote users to have access to items on your network. Some examples are:

Web site Online business FTP download and upload area

In cases like this, you may want to create a DMZ (Demilitarized Zone). Although this sounds pretty serious, it really is just an area that is outside the firewall. Think of DMZ as the front yard of your house. It belongs to you and you may put some things there, but you would put anything valuable inside the house where it can be properly secured. Setting up a DMZ is very easy. If you have multiple computers, you can choose to simply place one of the computers between the Internet connection and the firewall. Most of the software firewalls available will allow you to designate a directory on the gateway computer as a DMZ.


Firewall-Solution

Hardware – Router/gateway with built-in Firewall protection(make sure you look up manual to have firewall feature turned on)

Software – Firewall software(see Appendix for free Firewall software); Windows XP with SP2 update has built-in Firewall but only block inbound traffic

*** Note: most Firewall software will slow down performance as it’ll constantly check inbound and outbound traffic


Firewall-XP SP2 built-in Firewall


Software – Firewall software(see Appendix for free Firewall software); Windows XP with SP2 update has built-in Firewall but only block inbound traffic - You can access this via “Start->All Programs->Accessories->System Tools->Security Center->Firewall”

Firewall-Solution


http://personal-firewall-software-review.toptenreviews.com/

How do I know if I got infected? Most anti-virus/spyware software has Real-time detect feature so

it’ll prompt you right away if virus/spyware is detected. Try to select “heal” or “quarantine” first, if can’t, then the only option is “delete” or “remove”.

Scan your system regularly with your antivirus/spyware software. If you notice your system slows down for some reason when

you’re online or even when not online, still see lots of internet or hard drive traffic going on.

Your internet(wired or wireless) connection isn’t working. Your browser somehow always links to some homepage or via

search engine without your permission. Your browser might be hijacked. Or unknown Toolbar installed on top of your browser. Some anti-spyware like SrySweeper will prompt you if it detect browser’s (particularly Internet Explore) settings (like default home page, BHO-BrowserHelperObject), have been changed somehow.


What if I got infected? Try to run your anti-virus/spyware software to scan and quarantine.

(or better boot PC in Windows Safe mode– during PC boot, press “F8” and choose Safe mode before see Windows logo - to run anti-virus/spyware software )

***Note: some tricky viruses/spyware/trojans can’t be detected and removed under Windows even under Safe mode, might need to boot from clean floppy disk or CD to detect and clean them – “Avast” has a feature to run itself before Widows starts.) Actually, when you install Avast the very first time, it’ll ask you if you want to run DOS boot-scan. Leave it as YES.

***Some steps you might want to take:1. Schedule boot-scan like Avast DOS boot-scan or other bootable CD like

UltimateBootCD which has anti—virus tools2. Scan with several different anti-virus/spyware programs to make sure the system is

clean3. Update anti-virus/spyware definitions; Run Windows Update4. Re-Scan with several different anti-virus/spyware programs to make sure the system

is clean after update


What if I got infected? Run “Avast” – DOS scan Right-click System Tray icon “Avast” and

select “Start avast! Antivirus” Schedul Boot-Time Scan


The Last Defense-Backup and Restore

“Prevention is the Best Cure”! But in case, you got infected…

Backup your hard drive frequently Strategy

C: drive as system drive D: or other removable media as data, backup drive/media

Backup/restore software Built-in Windows System Restore

by default Windows will create restore point whenever you install new software/hardware) To restore: click Start->All Programs->Accessories->System Tools->System

Restore (Note: Not guaranteed to work as those system-backup files might get infected/corrupted as well)

Symantec Norton Ghosthttp://www.symantec.com/sabu/ghost/ghost_personal/

Acronis True Imagehttp://www.acronis.com/homecomputing/products/trueimage/

Features: Both can run backup tasks background Incremental backup Schedule backup jobs


Wireless Router-Security

Change default password/SSID Turn on Firewall(usually On as default) SSID(Service Set Identifier)- Turn Off SSID

broadcasting(enter SSID manually for your wireless adapters from your client PCs)

WEP(Wired Equivalent Protocol), WPA(WiFi Protected Access), or more secured WPA2 PCMCIA/PCI/USB wireless adapter on the PC end

will need to configure with the above matched SSID/WEP/WPA Key to be able to get assigned IP and get internet access

IP/MAC Filtering


Wireless Router-Security


Note: WEP - 10 HEX chars(0-9, A-F) for 64 bit, 26 HEX chars for 128 bit security

Wireless Router-Security MAC/IP Filtering


AT&T DSL – 2Wire wireless router setup Find “default gateway”

Start->Run->cmd->type “ipconfig” Write down “default gateway”, most likely will be

“172.16.0.1” or “192.168.1.254” Open browser, type the address as “http://default gateway”,

e.g., http://172.16.0.1 or http://192.168.1.254


AT&T DSL – 2Wire wireless router setup


















Wireless Adapter Setup












Appendix: “Anti-Virus Comparative” – Feb. 07’s Test Result






Appendix: Free Anti-Virus/Spam/Spyware/Phishing/Firewall software

Safeguard your PC from internet attack(for free):Check your ISP which might offer you commercial security software for freeSome company offers stripped down version(some even more powerful and useful than other

commercial ones) for free as below:(note: Right-click the link and choose “Open Hyperlink”, also posted to http://www.ccmcchurch.org/fyt/bsg/Moses)

Free Anti-Virus Software Grisoft's AVG antivirus Avast Home edition (has DOS boot-scan feature) Avira AntiVir® PersonalEdition

Free Anti-Spyware SpyCatcher Grisoft's AVG antispyware Lavasoft Ad-Aware Personal Edition Spybot Search & Destroy Microsoft Windows Defender Spywareblaster


Appendix: Free Anti-Virus/Spam/Spyware/Phishing/Firewall software (continue…)

Free Anti-Spam - Spampal Free Firewall -

Comodo Zone Lab's Basic ZoneAlarm Firewall

Free Anti-Rootkit F-Secure BlackLight Sophos Anti-Rootkit RootkitRevealer

AT&T Security Toolbar 2.x: block Popups, blacklists from several security feeds, Zombie, numerical/dynamic IP, IDN, Inconsistent link, “hosts” tempered, etc


Conclusion Install Anti-Virus/SPAM/Spyware/Firewall software(all can be

free, see next slide for free but powerful and useful as commercial version)***Very Important***: Run their Data Definitions Update regularly as there are

new virus/spywares created everyday Separate your financial email from others Always suspicious with any request for login/password, etc.

financial/security info from emails or web pages – call to talk to a person if not sure

Run “Windows Update” regularly(IE->Tools->Windows Update, can turn on Auto-update option)

Run System Backup regularly Last but not least Check your bank/credit card account

regularly and report immediately if found any unauthorized charge


Documents

How To Safeguard Your PC From Internet Attacks Be careful for what you download – Virus, SPAM, Spyware, Trojan, Zombie Be careful for what link you