No Worms or Viruses Allowed

How to keep your computer Lab/Classroom computers Safe and

Secure:

Ernest Staats erstaats@gcasda.org MS Information Assurance, MCSE, CNA, CWNA, CCNA, Security+, I-Net+, Network+, Server+, A+ also known as NerdResources available @ http://www.gcasda.org/tech/index.asp?id=118

Look at Physical Issues:

• Clean Inside/Outside

• Vacuum keyboards and other parts

• Clean Mice

• Environment around the computer

• Physical Security

Protection from Spyware and other forms of Malware:

• Software– OS locking software– Imaging – Eliminate unneeded

services– Update the OS– AV and Spyware tools

• Hardware– Filtering appliances– Removal of access

methods – Gateway firewalls – Network based

IDS/IPS

Software Options to protect from Malware-

• Firewalls – Desktop Firewall solutions

• Antivirus it’s all about the updates and notification abilities

• Desktop locking software

• Browser Replacements and securing – Firefox (or others) over IE – Updates for IE

Locking down workstations:

• Clean Slate - Fortress Grand

• Deep Freeze - Faronics

• Shared Computer Toolkit – Microsoft• (This product is free but only works with XP SP2

(pro or home))

• ZEN - Novell

Establish a Standardized Image:

• Ghost– Most options excellent control center

• Novell ZEN – Works well if you have the Novell Products

• True Image – Less expensive but still a good set of features

• Snapshot – One of the cheapest products but works well

• Windows • A list of windows services can be located on tech republics website.

– Windows XP• http://techrepublic.com.com/5138-10877-5747817.html?tag=search

– Windows 2003 server • http://techrepublic.com.com/5138-10879-5766252.html?tag=search

• Linux– Linux 101: A comprehensive list of Linux services..

• http://techrepublic.com.com/5139-3513-6018189.html

• Macintosh– Securing your computer: Macintosh Quick-Click Guide

• http://computing.geology.ucdavis.edu/security/CyberSafety-MacQuickClick.php#checklist

Eliminate Unneeded Services:

Windows • Services are removed from Windows systems by either

uninstalling them with the Add/Remove Programs, by turning them off with a control panel or registry setting, or by disabling them with the Services control panel found under administrative tools.

• Running the command netstat –a gives a list of all open ports on a system.

• A list of windows services can be located on tech republics website. – Win XP http://techrepublic.com.com/5138-10877-5747817.html?tag=search

– Windows 2003 server http://techrepublic.com.com/5138-10879-5766252.html?tag=search

Linux• Linux services can be started or stopped either from the command line

or form a graphical configuration tool – The command line requires one editing files in the /etc/rc.d sub-

directories The most common places are in /etc/inetd.conf, in the /etc/rc1.d, /etc/rc2.d, etc. directories, and in the startup scripts. Services available through the inetd service are turned on and off by simply commenting them out of the /etc/inetd.conf file

– While there are several different graphical tools depending on the Linux flavor you are using most of them will run ntsysv which can be used to check or uncheck services to run at start up (Run level specific.)

• Some versions of Linux use Service Configuration (serviceconf) gui program to turn services on and off.

• To completely remove a service, delete the executable files from the system that start the service. Common services are in /usr/sbin and have names that start with “in.” and end with “d”. in.ftpd

• The netstat –a command lists all open ports

Macintosh• Macintosh running OS 9 and earlier has all of its services

controlled with a control panel.• Services can be turned on and off with the control panel

and the software can be removed using the Extensions Manager control panel to remove the control panel or extension that maintains the service.

• OS X common services are turned on and off using System Preferences.

• Allow Remote Login check box turns on the ssh protocol. (Know what you are turning on)

• open a terminal window and execute the netstat –a command to display all open network ports.

Keep Your Systems Up-to-Date:

• Updating Windows systems

• Updating Linux systems

• Updating Macintosh systems

• Is your Antivirus current – do you know for sure

Updating Windows Systems• Windows Update Site

http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us • The Microsoft Baseline Security Analyzer is a tool that

includes some additional checks of some critical security settings.. This tool also checks to see,– That file systems are all NTFS– If accounts have unexpiring passwords– How many administrator accounts are on this machine– If any accounts have weak passwords– That the guest account is disabled– That autologin is disabled– That restrict anonymous is set as high as possible– That Login success and failure is being audited

• Download MBSA http://www.microsoft.com/technet/security/tools/mbsahome.mspx

Updating Linux Systems

• Maintaining Linux systems is much like maintaining Windows systems in that there is an automatic update service available for most versions of Linux.

• Security Tip: Don’t install patches for services you are not using. Running the patch program will sometimes install the service. If the service is installed and you don’t need it, simply uninstalling it removes the vulnerability.

Updating Macintosh Systems

• Newer Macintosh systems (OS 9 and OS X) come with the Software Update service. This service automatically checks with the Apple website for software updates.

• You can get information about security updates on the Apple Security Updates web page http://docs.info.apple.com/article.html?artnum=61798

• Subscribe to the Apple Security-Announce mailing list http://www.info.apple.com/subscribe/index.html

Windows Live Safety Center

• Check for and remove viruses

• Learn about threats – What ports are open on your PC

• Improve your PC's performance – Disk defrag and other tune up settings

• Get rid of junk on your hard disk

http://safety.live.com/site/en-US/default.htm

Windows Defender

• Windows Defender is a free program that helps protect your computer against pop-ups, slow performance, and security threats caused by spyware and other unwanted software.

• It is a bit of memory hog when scanning– http://www.microsoft.com/athome/security/

spyware/software/default.mspx

Hardware Options to protect from Malware-

• A Content filtering appliance• Eliminate Floppy , USB, or CD ROM boot access• Develop school wide policies for controlling who

has access to what resources (The most important step in the process & administration must endorse policies)

• Gateway Firewall to protect the network perimeter • Network based IDS/IPS to detect a local infection

on the network

Suggested Practices• Use a defense in Depth strategy

– Gateway firewalls and content scanners

– Server protection• Firewall, AV, spyware scanning, OS updating

• Imaging

– Desktop protection • Lock the workstations

• AV and OS updated daily

• Eliminate unneeded services

• Install anti-spyware software that will scan daily

• Make an image of the systems

• Use Microsoft’s Baseline Security Analyzer to test systems

How to clean an infected machine:

• Specialized Boot disk– UBCD4Win - http://www.ubcd4win.com/

• Microsoft AntiSpyware and Windows Defender (free)

• Other AntiSpyware• Antivirus Boot disk repair• Trend Micro House Call/ one time cleaning• Last resort Reformat the computer

Resources

• Connecting to the Internet Securely; Protecting Home

Networks (

http://www.ciac.org/ciac/documents/CIAC-2324_Connecting_to_the_Internet_Securely_Protecting_Home_Networks.pdf)

• A list of windows services can be located on tech republics website. – Windows XP

• http://techrepublic.com.com/5138-10877-5747817.html?tag=search

– Windows 2003 server • http://techrepublic.com.com/5138-10879-5766252.html?tag=search

• Linux 101: A comprehensive list of Linux services..– http://techrepublic.com.com/5139-3513-6018189.html

Resources Continued • This PPT and a list of resources

– http://www.gcasda.org/tech/index.asp?id=118 • Step by step instructions for networking

http://www.homenethelp.com/web/howto/index.asp • Common Ports used by trojans (2006)

– http://www.doshelp.com/Ports/Trojan_Ports.htm • MS Windows Defender

– http://www.microsoft.com/athome/security/spyware/software/default.mspx

• MS Windows Live Safety Center– http://safety.live.com/site/en-US/default.htm

• MS Shared PC tool Kit– http://www.microsoft.com/downloads/details.aspx?familyid=7256D456-E

3DA-42EA-857D-92B716077A84&displaylang=en

• Home PC Firewall Guide (excellent reviews) – http://www.firewallguide.com/