Sunday, August 30, 2015

Ways to Defend Yourself Against Viruses and Malware

6 Ways to Defend Yourself Against Viruses and Malware

1) Be aware of virus symptoms, and attack vectors

This piece of advice might sound something beyond the realm of non-techies. However, non-techies had to learn how to use computers anyway, and learning a little about the basics of viruses won’t hurt. The information contained in this article is a good start.

(i) Be wary of suspicious, new process names in the list of running processes

Sometimes these processes have the same names as legitimate ones to disguise themselves (svchost.exe is an example). Sometimes they have similar names, like svvchost.exe and _services.exe (the legitimate ones have the names svchost.exe and services.exe). The username that’s running the process sometimes gives an indication of whether it’s a legitimate system process or not – a virus usually runs under the currently logged-in user’s name. If you’re a power user, you’d want to use Process Explorer, which will allow you to dive in more deeply when inspecting processes, such as figuring out which exact executable on the file system is responsible for the running process.

(ii) Emails from your friend may not have been actually sent by them

Be wary of opening email attachments, unless you were expecting them – even seemingly innocuous video files could cause your data to disappear. Take your precautions even when the attachment is expected – the anti-virus scanners embedded with the popular email providers provide a good defense.
On a similar note, be careful when downloading files randomly from the Internet. Executable (.exe or .com on Windows) files are the ones that can cause most harm.

(iii) Do not leave the Windows’ auto-run option enabled for portable drives

Auto-run has long been one of the most popular ways in which viruses spread – ensure that you keep it disabled. Never, ever, trust a portable drive that had been previously inserted into a machine that you don’t own, even if it has an anti-virus. Use your anti-virus to scan data that has arrived from external sources. Viruses won’t usually spread through text editors, so you can use these if you’re just inspecting simple files and don’t have an anti-virus at hand.

(iv) Watch out for typical virus symptoms, and gear up to protect yourself

These include:

Access disabled to Task Manager, the Registry Editor¹, or msconfig².
Spikes in CPU or GPU usage – these can be observed either through monitoring tools, such as the Task Manager for the CPU, or GPU-Z for the GPU, or by noticing the hardware fans spinning faster when there is no processor intensive program running.

A good tactic is to run anti-virus scans, preferably from outside your OS, such a Live CD, whenever you detect suspicious activity. Live CDs allow you to boot into them without having to load your OS, which might end up running the virus before any anti-virus can take effect (assuming that the anti-virus failed to detect the malware when it loaded itself onto the machine). Bitdefender Rescue CD is one such option. In addition to regular viruses, Bitdefender scans for rootkits – malware that reside deep within the core of the OS, evading detection while carrying out malicious activity.

(v) Safe online banking

Most Linux distributions, including Ubuntu, support booting from a Live CD and are great for providing added protection when banking online, since viruses cannot write to these disks permanently. Live CDs offer no compromise when it comes to your online browsing experience. These Linux distributions can also be installed on bootable USB sticks.

2) Choose to manually enable the running of plugins in your browser

Chrome and Firefox have the option of enabling “Click to Play” for plugins (i.e. either Flash or Java) within websites so that they run each time only with your permission which you provide by clicking on the area of the page in which . This will help prevent drive-by attacks from malicious code embedded in such plugins, which are almost always hidden from view, or use some sort of social engineering to trick users into downloading malware.
In Chrome, copy and paste chrome://chrome/settings/content into your address bar, and choose “Click to play” under “Plugins”.
Chrome Plugin Settings

In Firefox, go to about:plugins, and turn on the plugins.click_to_play option.

3) Update your OS, focusing on the security updates

They are called “security” for a reason. This is especially important for the Windows OS. Because of Windows’ popularity, hackers have been known to target security holes in Windows on unpatched machines by studying the fixes Microsoft sends out. This is becoming true even for Mac’s OS X; the recent Java malware is an example –though Apple actually released the update and fix after the Trojan was out in the wild. A Windows example: If you updated before Sasser arrived, you’d be 100% secure.

4) Use a firewall

This doesn’t offer much more protection from Internet worms than a NAT, but will be useful if you connect your laptop to a public network. It will also protect yourself from infected machines on your own network. A firewall would protect you from Sasser even if you didn’t install security updates at the time, and would offer partial protection against MSBlast.
While the built-in Windows Firewall provides decent protection, you could try out third-party solutions like ZoneAlarm for better control over what moves in and out of your computer.

5) Use an Anti-virus

This is important, but you must know where it stands – it cannot protect you against everything. In fact, most people skip it on the Mac and Linux, though it’s always recommended for Windows. Remember, you are worse off if you use an anti-virus but don’t know how viruses work.
I bet if you brush up your knowledge of viruses and run Windows without an anti-virus, you’d be infected fewer times than a noob running an anti-virus on a Windows and not knowing a thing about viruses. Anti-virus software are perfect if you realize that they work best for protecting against viruses that the software already knows about, and not so good at protecting new ones.

6) Backups

Whatever precautions you take, you might still lose the fight. Always ensure that you have important data backed-up, so that you can easily restore it in the case of an infection.
Even if there was no danger of infection, backups come in handy in the case of hardware failure, for which you should be prepared for anytime.
Footnotes

^{^}The Registry is a database of configuration settings and options related to the Microsoft Windows operating systems. It can be accessed by pressing Ctrl+R, typing regedit.exe and pressing Enter
^{^}MSConfig is a Microsoft Windows utility you can use to troubleshoot issues related to processes that are loaded on startup. Viruses often register themselves to start up automatically – you can remove the easier ones using msconfig or by editing the registry.

//////////////

Top 10 Tips to Protect Yourself Against Computer Viruses

August 5, 2012 by Mitz

When your computer gets infected with a virus it can be a devastating experience and this is exactly why you need to protect your computer from viruses. A virus can consume your precious computer files and even damage your computer hardware. Is this worth ignoring? I don’t think so! Anything you can do when protecting your computer from viruses has to be a good thing and is well worth spending your time on. We all know prevention is better than a cure so I am going to share my top 10 tips on how to protect your computer from viruses.

10 Tips to Protect Your Computer From Viruses

There are many ways to protect your computer from nasty viruses invading. Protecting your computer is a number one concern for every computer user on earth. I do not know anyone that wants to have their computer crash due to a virus invasion. Here are 10 ways to protect your computer from viruses and keep your files and data safe.

1. Learn about viruses

The first thing that I recommend is to research and become knowledgeable about viruses. How can you protect your computer from viruses if you don’t even know what they are. Here are some previous tutorials I have written about viruses. See What is a Virus and how do I know if I have one? and What is the difference between a virus, spyware, Malware, and adware? How can you protect your computer from viruses if you don’t know what it is?

2. Arm yourself with the best Anti-virus software to suit your needs.

Not everyone can get away with using free Anti-virus software because it depends what you do on your computer. It depends on factors such as if you download files or not, if you open email attachments, and if you surf suspicious websites. See my reviews for the best Virus Removal Software. Lets face it, if you do not have protection against viruses installed on your computer, you will without a doubt, get a virus within the first hour of surfing the internet. It is that easy. For years I would remove a virus from my dads computer at least once a year, until finally I realized that he needed a paid Anti-virus program. He wasn’t good with computers and if a windows popped up and said he needed to take a scan, he would just do it. He would just presume it was the program I had installed to protect his computer. Now I have installed PC Matic on this computer and there has not been one problem since. This program offers full protection along with full computer maintenance. It never asks him to do anything and just works in the background silently.

If you currently have no protection or maintenance software I highly recommend you grab a free scan with PC Matic to see what it can do for you.

3. Regular Updates

Having a great Anti-virus program installed on your computer to protect your computer from viruses is great, however if you do not regularly update the virus definitions, then the program is useless. New viruses are produced daily and this is why we constantly have to update the viruses definitions and stay ahead of the bad guys. Most programs will update by itself as long as you haven’t turned this option off by accident. This is definitely something you should check.

4. Downloading

When surfing the internet avoid websites that contain illegal software downloads, sexual references, free screensavers, cracks or serials, etc. I am sure you get the picture. If you go near these sites you are immediately asking for trouble. Some other websites that you should stay away from include foreign websites where you cannot understand the language on them. This is because you cannot tell what is on the website. This is definitely included in the top 10 internet safety tips.

5. Windows Updates

Always update Windows when protecting your computer. These updates contain security updates that will help in your fight against viruses. If you do not perform regular Windows updates you are leaving your computer in a vulnerable state. You can simple check to see if your computer needs updates by going to he start menu and typing in “windows update”. See the screen shot below. You can also view recent Windows update history so you can be in control of the whole situation.
tips to protect your computer from viruses

tips to protect your computer from viruses

6. Opening Emails

Be careful when opening emails. There are obvious emails that you know you shouldn’t open, however what about the ones you get from people you know? What if your friend has a virus and it is spreading itself through emails? An email cannot be important enough to risk getting a virus. Delete the email and send a fresh email to your friend asking them if they actually did send you the email. It is better to be safe than sorry.

You can also create a whitelist so only certain emails get through. You will still have to be careful though, as you do not know what security the sender has installed on their computer. It’s like driving on the road, you need to watch how others are driving to stay safe.

7. Change your settings to protect your computer from viruses

If you are really serious about protecting your computer you can change your email settings and receive text emails only. You can also disable the ability to open email attachments. Virus travel in HTML enabled emails and file attachments. They cannot travel in text email messages. I know this sounds very boring, however, I would rather be boring and protect my computer from viruses.

8. Peer to Peer file sharing – ways to protect your computer

Do not use peer to peer (p2p) file sharing programs. These include programs such as Limewire, Bearshare, Gnutella, Morpheus, Torrents, etc. These programs let you download files from other computer users connected to their program network. You have no way of knowing what you are actually downloading until it is on your computer.
Even if you share files from a cd from a friend, it may have a virus. Protecting your computer from viruses is the most important priority for you and you do not want to risk your computer safety just because you trust your friend.

9. Do not download files from websites

Again, there is no way of knowing what you are downloading. The file can appear to be named like the file you want, however it could be anything. Most of the time, this is how a virus is unleashed, it usually seems like a harmless, familiar object. If you are looking for a driver for a certain brand of computer then make sure you are getting the download from the genuine website. Many websites on the Internet offer free driver downloads, however, many of them contain viruses. Everything is not what it seems, so be very careful. I would rather use a program to scan my drivers and update them for me. I would not risk downloading a device driver from just any old website. PC Pitstop offers a free driver scan.

10. Have Firewall Protection

Make sure you have a firewall enabled on your computer. Windows comes with an inbuilt firewall or you can use a third party firewall program like Zone Alarm. Either way, make sure the firewall is on…To check the Windows Firewall go to the security settings in your control panel.
If you are careful and are serious about learning how to protect your computer from viruses, it is possible to stay safe. My top 10 tips will help you keep your computer running smoothly, and virus free.

Notes on tips to protect your computer from viruses:

These 10 ways to protect your computer from viruses are extremely important tips to follow. If you have had a virus in the past you would know how devastating it is when you lose all of your files and your computer crashes.
People often try to install more than one anti-virus program to protect their computers from viruses. This is not how to protect your computer from viruses as installing more than one program always causes a problem. You can only install one virus removal program at any one time.

Please share how you protect your computer from viruses as I know there are many more ways to protect your computer?

Install a Program to Your Computer!

A software program will not upgrade your memory but it will clean out all the junk files, detect Malware, delete unused registry keys, Automatic Driver updates, and more. Not taking advantage of the latest updates and security patches can leave your computer vulnerable to attacks. At the moment I am using PC Matic to maintain everything for me and protect my computer. This program is so easy I have installed this on my Dad’s computer. This software is amazing and has won a number of top awards. You can get a free scan for your computer to see how it works before you buy.

Very Interesting Computer Web Site Quizzes

http://www.studystack.com/hungrybug-1299028

Preparing a disk for use

Before a disk can be used by a computer it must undergo three separate processes. It is only the last of these (high level formatting) which creates the file system specific to an operating system e.g. the FAT 16 or FAT 32 systems used by Windows and MSDOS or the NTFS file system used by Windows XP.

Low level formatting
Partitioning
High level formatting (Creation of a file system)
What a disk looks like after it has been fully prepared

Hard Disk Mechanics

Throughout this lesson you may find the following diagram of the internal workings of a hard disk useful:

Low level formatting

Hard disks are laid out in blocks.
the number of blocks on a disk is calculated by the formula
heads X sectors X tracks.
Each block will usually hold 512 bytes of information.
The laying out of this track and sector information together with finding and marking any bad areas of the disk is called low level formatting. This will be done at the factory before the disk is sold.
If we review the image below from our earlier lesson. The low level format is that time at which the tacks and sectors are laid out:

Partitioning

Before a disk can be used by a computer a partition table must be created on the disk. This tells the computers BIOS whether the disk should be used as a single disk of whether it should be split into two or more logical disks. The partition table also tells the BIOS which part of the disk an operation system boot sector can be found on.
New disks have to be partitioned manually before they can be used. The most common tool used to partition disks is an MSDOS utility called FDISK.
Because there are restrictions that are placed on some file system types, in particular. the maximum size of FAT16 partitions is 2.1Gigabytes, the FDISK program will only create partitions of up to 2.1 Gigabytes if FAT16 file systems are to be used, even though the file system itself is not laid out at this point. When the program starts, FDISK will ask if large partitions are required, if you answer 'Y' to this then the partitions will be created and marked to be used for FAT32 file systems, and the size restriction will not be applied.
All hard drives can hold up to 4 partitions these partitions are described is a simple textual table which is called the partition table. This partition table is held in the Master Boot Area of a hard drive (usually sector 0, track 0 side 0). This table will contain up to 4 entries (1 for each partition). Only 1 of the four partitions can be marked as active. Only the active partition can be used to load an operating system. While up to 4 partitions can be used it is more usual for a disk to contain only 1 or 2 partitions with the other partitions just being left empty.
A partition table for a 14578 sector disk will could something like this:

Partition Number	Active (Y/N)	Start Sector	End Sector	Partition Type
1	Y	1	12002	PRIMARY DOS
2	N	12003	14577	EXTENDED DOS
3
4

Windows Operating systems support only two kinds of partition, PRIMARY DOS and EXTENDED DOS. Primary DOS partitions hold individual file systems and are used to load operating systems (such as Windows XP). Extended Dos partitions are used to hold up top three logical drives. These logical drives each can hold their own file system and act as if they are "mini partitions". Extended partitions and logical drives cannot be made active and cannot be used to load and operating system. Only primary DOS partitions can be made active/bootable.

Formatting

Sometimes called high level formatting. Formatting a disk lays out a file system. The file system format selected will make a disk usable by any operating system the supports the file system being used. MSDOS and WINDOW 9X and Windows XP all use what are called File Allocation Table (FAT) file systems. There are two types of FAT systems FAT 16 and FAT32 each of which will have benefits under different circumstances. Windows XP, however, works best with NTFS, which has some similarities to the internal working of FAT file systems, but has a more advanced structure (dynamic linked list) for allocating clusters and which also allows for additional file attributes, properties and security.
A completed file system

File allocation tables file systems

FAT systems group together the blocks of a disk into work units called clusters. Each cluster will be a group of one or more disk blocks. As each block will be 512 bytes, the capacity of the cluster will be 512 X the number of blocks per cluster.
The cluster is the basic unit of storage. Each file stored on a FAT formatted disk will take up at least one cluster. No two files can ever be stored in the same cluster.
This means that a FAT disk which is using 30 blocks per cluster will have clusters that take up 15 Kilobytes of disk space. Any file stored on this disk will therefore take up at least 15K no matter how small the file is. If a FAT disk is using 60 blocks per cluster then the cluster will take up 30K and each file on this disk will use up 30K of disk space no matter how small the file is. This means that the more blocks per cluster that are used, the more space small files take up.
The result of this is that is that is the contents of a 90% full one gigabytes disk is copied on to a two gigabyte disk, the new disk will often end up 60 - 70 % full!
Because of this problem there are currently two FAT file-system types FAT 16 and FAT 32.
Pretty much all file systems use some derivative of the FAT system. The two main tables employed by all operating systems are:
1) The Free list, which keeps track of all the clusters and which has a Boolean flag indicating which of the clusters are currently in use and which are available for storage of new material.
2) The File Allocation Table (FAT) The file allocation table is like a directory structure which keeps track of the names and Cluster used to store each file. Basic FAT system keep only the name of the first cluster used to store a file. The first cluster must, therefore, be read through to its end where a "continued at" pointer will point to the next cluster used. More advanced file systems, such as NTFS, use more advanced FAT tables, which allow the OS to keep tack of all clusters used by a file so that the file can be directly accessed at any point, without the need to read though all prior clusters first. This makes it easier to allocate new file store contiguously and helps prevent problems such as file cluster fragmentation. File cluster fragmentation is where the clusters used to store a file are stored in non continuous clusters. This results in much slower file access. Fragmentation a far bigger problem on older FAT file systems than it is when NTFS is used.

FAT 16

FAT 16 file systems use a 16 bit number to index the file allocation table. The largest 16 bit number is 65536. This means that a FAT 16 disk can have no more than 65536 clusters, no mater how big the disk is. Bigger disks simply use more blocks per cluster. This means that very often bigger disks will not hold that much more than smaller disks because each file, no matter how small will be using more space. The maximum size of a windows 95 FAT16 disk has been restricted to 2.1 Gigabytes because of this problem.

FAT 32

FAT 32 disks use 32 bit numbers to index their file allocation table. This means that fewer blocks per cluster can be used. This means that small files will take up much less space. Large file will however load slightly slower as they will be split into more clusters as each cluster will hold less information.

Benefits of FAT 16 vs. FAT 32

FAT 16 disk can be used by a wide range of operating systems, e.g. Windows NT, Linux , Windows 95, MSDOS etc. FAT 32 can only be used by Windows 98, Windows 2000 and some service releases of Windows 95.
FAT 32 disks can be larger the 2.1 Gigabytes. FAT 16 disks must be smaller than 2.1 Gigabytes (or 3.5 Gigabytes if used with Windows NT)
Small files take up less room on FAT 32 disks. FAT 32 disks can therefore hold more information.
Large files tend to load slightly faster from FAT 16 disks than FAT 32 disks.
FDISK can create up to four partitions per disks. This means that the largest disk that can be used with FAT16 is 8.4G (4 X 2.1 G). To use disk larger than this FAT32 must be used.

What a disk looks like after it has been fully prepared

After it has been prepared a hard disk can be thought of as a logical list of blocks/sectors. The Master boot record (MBR) will be in the Master Boot Area (MBA) which is usually sector 0, side 0 track 0.
The MBR consists of the partition table+ a bootstrap program.
The bootstrap program is normally placed in the MBR when a disk is formatted or an operating system is installed, the bootstrap program is loaded and run by the BIOS when the computer starts up. The bootstrap program will be specific to a version of an operating system (OS). The bootstrap program will, therefore, look for the specific kernel and user interface files for its OS (within the active partition). When the kernel and user interface files are found they are loaded into memory in order to complete the boot process.
In the case of some more modern operating systems, such as Windows XP, the bootstrap program will look for and load a more complex boot loader rather than an operating system (e.g., ntloader.sys). When this new boot-loader had been loaded into memory the user can be given the option of loading (booting) a range of kernels for any partition, active or not. In this case the partition used to load the bootstrap program is usually referred to as the system partition or system disk. and the partition used to load the selected OS Kernel is usually referred to as the Boot Partition or boot disk.
Consider the following diagram which represents a representative 21 sector (10.5K Hard Disk).

If we assume a working file system with a bootable operating system has been install then this diagram shows the following:
Area A is the MBA which contains the MBR. The MBR is the partition table + the Bootstrap program
Area B contains the file system tables (The Free list and the File allocation table)
Area C, (which is all the clusters from 1 through 4) is used to store files. The total storage space on this 10.5K disk is therefore only 8K (clusters 1 through 4). This area is used to hold all files including the operating system kernel and user interface files.

Thursday, August 27, 2015

Cryptographic hash function

//
A cryptographic hash function (specifically, SHA-1) at work. Note that even small changes in the source input (here in the word "over") drastically change the resulting output, by the so-called avalanche effect.
//
A cryptographic hash function is a hash function which is considered practically impossible to invert, that is, to recreate the input data from its hash value alone. These one-way hash functions have been called "the workhorses of modern cryptography".^[1] The input data is often called the message, and the hash value is often called the message digest or simply the digest.
The ideal cryptographic hash function has four main properties:

it is easy to compute the hash value for any given message
it is infeasible to generate a message from its hash
it is infeasible to modify a message without changing the hash
it is infeasible to find two different messages with the same hash.

Cryptographic hash functions have many information security applications, notably in digital signatures, message authentication codes (MACs), and other forms of authentication. They can also be used as ordinary hash functions, to index data in hash tables, for fingerprinting, to detect duplicate data or uniquely identify files, and as checksums to detect accidental data corruption. Indeed, in information security contexts, cryptographic hash values are sometimes called (digital) fingerprints, checksums, or just hash values, even though all these terms stand for more general functions with rather different properties and purposes.
//

//
https://en.wikipedia.org/wiki/Cryptographic_hash_function

encryption methods: hashing, symmetric cryptography, and asymmetric cryptography.

There are three basic encryption methods: hashing, symmetric cryptography, and asymmetric cryptography. Each of these encryption methods have their own uses, advantages, and disadvantages. Hashing, for example, is very resistant to tampering, but is not as flexible as the other methods. All three forms of encryption rely on cryptography, or the science of scrambling data.

Basic Function

People use encryption to change readable text, called plaintext, into an unreadable secret format, called ciphertext. Encrypting data provides additional benefits besides protecting the confidentiality of a message. These advantages include ensuring that messages have not been altered during transit and verifying the identity of the sender. All of these benefits can be realized by using any of these encryption methods.

Hashing Encryption

The first encryption method, called hashing, creates a unique, fixed-length signature for a message or data set. Hashes are created with an algorithm, or hash function, and people commonly use them to compare sets of data. Since a hash is unique to a specific message, even minor changes to that message result in a dramatically different hash, thereby alerting a user to potential tampering.

A key difference between hashing and the other two encryption methods is that once the data is encrypted, the process cannot be reversed or deciphered. This means that even if a potential attacker were able to obtain a hash, he or she would not be able to use a decryption method to discover the contents of the original message. Some common hashing algorithms are Message Digest 5 (MD5) and Secure Hashing Algorithm (SHA).

Symmetric Methods

Symmetric cryptography, also called private-key cryptography, is one of the oldest and most secure encryption methods. The term "private key" comes from the fact that the key used to encrypt and decrypt data must remain secure because anyone with access to it can read the coded messages. A sender encodes a message into ciphertext using a key, and the receiver uses the same key to decode it.
People can use this encryption method as either a "stream" cipher or a "block" cipher, depending on the amount of data being encrypted or decrypted at a time. A stream cipher encrypts data one character at a time as it is sent or received, while a block cipher processes fixed chunks of data. Common symmetric encryption algorithms include Data Encryption Standard (DES), Advanced Encryption Standard (AES), and International Data Encryption Algorithm (IDEA).

Asymmetric Forms

Asymmetric, or public key, cryptography is, potentially, more secure than symmetric methods of encryption. This type of cryptography uses two keys, a "private" key and a "public key," to perform encryption and decryption. The use of two keys overcomes a major weakness in symmetric key cryptography, since a single key does not need to be securely managed among multiple users.
In asymmetric cryptography, a public key is freely available to everyone and used to encrypt messages before sending them. A different, private key remains with the receiver of ciphertext messages, who uses it to decrypt them. Algorithms that use public key encryption methods include RSA and Diffie-Hellman.

Viruses that target the BIOS aren’t new

In many worst case scenarios, a hard drive wipe is the final solution to ridding a system of an infection. But the absolute worst case scenario is if a virus attacks the BIOS, making detection and cleaning an incredible challenge.

Viruses that target the BIOS aren’t new, but often they are specific to a type of hardware. Researchers have now demonstrated a new type of attack that could install a rootkit on the BIOS of common systems, making it very lethal and effective.

Anibal L. Sacco and Alfredo A. Ortego of Core Security Technologies released a presentation detailing the exploit of this “persistent BIOS infection.”  Through the use of a 100-line piece of code written in Python, a rootkit could be flashed into the BIOS and be run completely independent of the operating system.

"We tested the system on the most common types of Bios," said Ortega in a vunet story. "There is the possibility that newer types of Extensible Firmware Interface Bios may be resistant to the attack, but more testing is needed."

Flashing a system’s BIOS requires administrative control, but that could first be obtained through a more ‘innocent’ virus that could reside on the hard disk drive. Once an attacker has admin rights, the rootkit could be flashed onto the BIOS and would remain effective even if the original virus on the hard disk were removed. Even a complete format wouldn’t rid the system of the virus.

"You would need to reflash the Bios with a system that you know has not been tampered with," he said. "But if the rootkit is sophisticated enough it may be necessary to physically remove and replace the Bios chip."

There is defense against such an attack, however, as the researchers say that a password or physical lock against BIOS flashes could block the install of the rootkit.

"The best approach is preventing the virus from flashing onto the Bios," said Sacco. "You need to prevent flashing of the bios, even if it means pulling out jumper on motherboard."

What is a firewall? hardware software

What is a firewall?

A firewall is a piece of hardware and/or software that "sits" between your computer and the Internet in order to filter the traffic going back and forth. It acts, as a security checkpoint so that unauthorized data transfer doesn't occur. If this kind of transfer does take place, it could allow a black-hat hacker or a script kiddy to gain remote access to your computer or let a Trojan horse (see Anti-Trojan) exploit your computer. Go Back to Top

How does a firewall work?

When a web page is requested or you are chatting on the Internet, the information is sent back and forth in little envelopes called packets. It works much like our postal system using an envelope with the destination and return information on the outside and the actual letter or data on the inside. This is how information is passed back and forth over the Internet.

The firewall then checks the envelopes and the data to make sure that it is authorized to go to the person it is addressed to and that the person or application sending the data is authorized to use the Internet. For instance, Internet explorer or AOL would be authorized to send data, but a Trojan horse or some other unknown application would be prohibited from doing so until it could be verified why it is using the Internet. Go Back to Top

Why do I need a firewall?

A firewall provides that extra level of protection that you canâ€™t get from an anti-virus program. In fact, the general public regards firewalls the way anti-virus software was viewed during the early 1990â€™s. At that time, no one would purposely go out and buy the software unless a virus had attacked their computer. The same mistake should not be made with firewalls, because the consequences could be much greater if your computer is exploited.

Some people say, â€œI don't care if I get hacked, I don't have anything on here anyway.â€ Well, a hacker may not be interested in your computer directly, but use it indirectly for their criminal purposes. If your computer is hacked, it can be used to gain others and cover the tracks of the hacker, leaving you "holding the bag.â€

There really isn't any excuse not have a firewall. There are even some "lite" versions, which are distributed for free and provide adequate protection. However, if you have a high-speed connection (dsl, adsl, or cable) then you need a hardware firewall as well.

/////////////

Software Firewalls

A software firewall is a program that examines data packets on a network to deter- mine whether to forward them to their destination or block them. You can use fire- walls to protect only against inbound threats (one-way firewall) or against both unauthorized inbound and outbound traffic (two-way firewall). The standard fire- wall in Windows XP and Windows Vista is a one-way firewall. However, many third-party firewall programs, such as Zone Alarm, are two-way firewalls.

You can configure a software firewall to permit traffic between specified IP ad- dresses and to block traffic to and from the Internet except when permitted on a per-program basis.
Corporate networks sometimes use a proxy server with a firewall as the sole direct connection between the Internet and the corporate network and use the firewall in the proxy server to protect the corporate network against threats.

What is antivirus software?

What is antivirus software?
How does antivirus software work?
Why do I need antivirus software?
What should I look for in antivirus software?
Antivirus software recommendations

NOTE: Visit SurferBeware Viruses for more information on:
Virus Threats, Virus Removal Tools, Virus Hoaxes,
How to Protect Yourself from Viruses, Anti-Virus Reviews, Anti-Virus FAQs, Anti-Virus Checklist, Anti-Virus Top 10 Tips, Anti-Virus Tutorial, Kazaa the Virus Desktop, Worms vs. Viruses, and Anti-Virus Links.

What is a computer virus and antivirus software?

Antivirus software is the countermeasure program used to "inoculate" computer viruses. Computer viruses are programs that mimic the attributes of their real-world counterparts. Computer viruses replicate, cause damage to an otherwise healthy system, and can spread from host to host. Like real-world viruses, a computer virus needs a host, a means of transportation. In the digital world this can be in e-mail, other programs, or media (cd/floppy/tape). There is one caveat however - computer viruses need to be activated. Much the same way that carcinogens in our bodies won’t give us cancer unless they are activated, computer viruses need to be activated as well, usually via a click or open command.
Go Back to Top

How does antivirus software work?

Antivirus software works in two ways. The first and the staple of the industry is based on signature files. When a computer virus is reported, the virus is examined and a signature file is created for inoculating the virus. This inoculation is added to the antivirus software database (.dat file) and is used when scanning computers to identify and destroy viruses. Unfortunately this is a reactive process so someone has to be the guinea pig and get infected. The other more progressive way of identifying viruses is called heuristics. This method will be the future of the industry and is basically the only hope we have in eliminating computer viruses. Heuristics monitor all activity on your computer and if a program is "acting" like a virus, then a red flag is raised and it is destroyed or contained and reported. The biggest hurdle for advancement in this area is the difficulty of determining what constitutes virus-like activity. For instance, replication is a common attribute of virus activity, but there can also be valid replication, like in program association. During program association, programs check to see whether or not they are the default. If they are not and you want them to be, then the program will change all of the files, which is akin to replication.
Go Back to Top

Why do I need antivirus software?

Computer viruses are the most common threat in the digital world right now. If you don't have antivirus software, you will eventually get a virus and probably lose data that you have had on your computer for years. If you have antivirus software, not only can you save your data, but you’ll save yourself the migraine you'll get when you discover the havoc wreaked upon your computer by a virus, which could be as bad as an infection in your boot record or BIOS, rendering your computer completely useless. antivirus software is worth every penny, giving you peace of mind and insurance against certain trouble.
Go Back to Top

What should I look for when purchasing antivirus software?
There are many different vendors of antivirus software, and you are probably wondering which one is the best. There is unfortunately no simple answer to that question. Whatever solution you choose for your computer, make sure of the following specifications:

The software can automatically update itself
The vendor provides updated virus definitions regularly
The software can integrate into your email program
Virus scans can be scheduled to run automatically
The software has a proven track record
The vendor releases timely and accurate information about new viruses

GateKeeper Locks Your Computer when You are AFK

//

https://www.youtube.com/watch?v=KI5_t0qDz3E

macro-related threats

How do macro-related threats arrive?

We have observed that macro-based attacks often start with spammed messages. These spammed messages often use attention-grabbing topics, mostly related to finances. For this specific spam run that hit Europe, we saw that the messages were about remittance and invoice notifications.

Network security

Network security consists of the policies adopted to prevent and monitor authorized access, misuse, modification, or denial of a computer network and network-accessible resources.

Users are assigned an ID and password or other authenticating information

something the user has a security token or 'dongle', an ATM card, or a mobile phone

A security token (or sometimes a hardware token, authentication token, USB token, cryptographic token, software token, virtual token, or key fob) may be a physical device that an authorized user of computer services is given to ease authentication. The term may also refer to software tokens.

Key Fobs
Key Fobs

A fob, or more commonly called a key fob, is a small security hardware device with built-in authentication used to control and secure access to network services and data.

The key fob displays a randomly generated access code, which changes periodically,

A user first authenticates themselves on the key fob with a personal identification number (PIN), followed by the current code displayed on the device.

//
New Technology File System (NTFS)

NTFS supports the creation of user and group accounts with different levels of access to folders and files and the use of the Encrypting File System (EFS) for user-specific encryption of individual files and folders.

///

///

Wednesday, August 26, 2015

Servers and Hosts

In Servers

Computer Topolgies

Topologies

Networking topologies are organized by the way in which information "flows" across a network. Below are the basic topologies:
At the core of the Network+ exam and networking concepts in general is the idea of topology, or more specifically, the manner in which data is exchanged over the network. Network topology is mainly a conceptual topic - when we speak of "star" networks or "ring" networks, we are really speaking in terms of the manner in which information is exchanged and not their physical setup. Remember that each topology/network type has its unique advantages and disadvantages that will be tested on the Network+ exam in the form of asking you "which is the most appropriate." Don't try to memorize the perks of each - rather, try to understand the manner in which each allows the exchange of information; then, the advantages and disadvantages will seem only logical to you.

Bus - This is the most simplistic topology in which the nodes of the network are individually linked up to two successive other nodes or another node and a terminating node or terminator. This is considered now an archaic topology, because of the difficulty of troubleshooting network issues (how do you know which node is causing the connection issue?), redundancy issues (if one node fails, the network as a whole can fail), the need for terminators, and the amount of traffic created (every node between A and B must receive the packet that A sends). The nodes linked in this topology are often referred to as "daisy-chained."

Ring - Similar to a bus network in that nodes are linked to each other, but dissimilar in that the ends of a ring network are not terminated because, well, there are no ends! A ring network is something like a "circular" network in which each and every node is linked to two other nodes. This shares many of the same weaknesses as the bus topology, including troubleshooting difficulty, redundancy issues, and traffic created, and also adds an additional difficulty - the difficulty of adding a node to a token ring network.

Star - This is the most typical and practical network setup. In a star network, each node maintains an individual connection to a switch, where all other nodes are connected. Traffic between two known nodes, therefore, only goes through the switch and not through other nodes. This increases the redundancy of the network (one computer faltering will not cause the network to fail), increases data privacy (unicast traffic does not travel through all nodes), and is a relatively easy-to-use setup. Disadvantages include reliance on the switch (a fail-point) and the amount of wiring necessary.

Mesh/"Ad Hoc" - This is a rarely occurring configuration in which every node is connected to every other node; it usually occurs only in wireless networks in "ad hoc" mode, which will be discussed later; in this mode, each wireless card maintains a connection to each other wireless node it wishes to connect with, forming a "mesh" of a network. This is a relatively easy to understand option but is inefficient, requires a large amount of overhead, and is difficult to manage.

Combined or Hybrid - This is simply a topology referring to the case where more than one topology is utilized. For example, you may have three token ring networks connected to a central hub, forming a star of token rings. This is one of many possibilities of a hybrid network.

Types of Networks (Access Models)

The Network+ examination is interested in your ability to identify network access models, generally referred to as types of networks. This does not suggest the way in which network nodes are connected or the way that information flows (as do topologies), but rather, the manner and mode in which nodes communicate with each other and share information. There are three basic types:

Decentralized - Often referred to as "peer to peer" network, a decentralized network does not contain any distinctions between client and server. In a decentralized network, every node acts as a client and/or a server depending on the task at hand. For example, many file sharing networks are considered "decentralized" because nodes both download and upload (serve) files. The ease of adding nodes and the ease of setup is a drawing point of decentralized networks, but the pivotal downfall of these networks is their difficulty of maintenance (a setting must be changed on each node to reflect a setting change on the whole network).

Client-Server Access - In this type, nodes can either act as "clients" or "servers," requesting or handing out information. Do not confuse the model with the star topology; though the star topology often utilizes the client-server access model, this does not infer that every client-server network utilizes the star topology. In a client-server network, management is easy and the network can offer services that decentralized networks cannot, but this comes at the expense of difficulty in setup, setup cost, and server reliance.

Centralized - A centralized network is a modified client-server network in which the clients have no individual control; that is, all maintenance and setup occurs at the server level. The extreme ease of management and ability to micromanage is a drawing point of this access method, but the prohibitive cost and inflexibility of the method deter many from employing it.

Dual-Ring Topology

Definition - What does Dual-Ring Topology mean?

Dual-ring topology is a network redundant topology where nodes are connected using two concentric rings with four branches. Dual-ring topology is ideal for applications with cabling issues or small networks that are not frequently reconfigured.

Though more expensive than star or extended star topologies, dual-ring is the most cost-efficient redundant topology.

Techopedia explains Dual-Ring Topology

Dual-ring topology is made up of two rings connected to a network. Each ring works independently until one is disabled when the network fails. When this takes place, the functioning ring automatically wraps around the disabled ring to ensure data flow.

Ring topology advantages include:

Speed and reliability
Uninterrupted long distance communication
Terminators are not required

Ring topology disadvantages include:

Network issues from bad ports or malfunctioning Media Access Unit (MAU) cards
Negative network impact from any added,altered or damaged device

Network Categories

TDP/IP includes a wide range of protocols which are used for a variety of purposes on the network. The set of protocols that are a part of TCP/IP is called the TCP/IP protocol stack or the TCP/IP suite of protocols.

Considering the many protocols, message types, levels, and services that TCP/IP networking supports, I believe it would be very helpful to categorize the various protocols that support TCP/IP networking and define their respective contribution to the operation of networking. Unfortunately I have never seen this done to any real extent, but believe it would be worthwhile to help those learning networking understand it faster and better. I cannot guarantee that experts will agree with the categorizations that will be provided here, but they should help the reader get the big picture on the various protocols, and thus clarify what the reason or need is for each protocol.
As mentioned previously, there are four TCP/IP layers. They are link, network, transport, and application. The link layer is the hardware layer that provides ability to send messages between multiple locations. In the case of this document, Ethernet provides this capability. Below I define several categories some of which fit into the 4 layer protocol levels described earlier. I also define a relative fundamental importance to the ability of the network to function at all. Importance includes essential, critical, important, advanced, useful.

Essential - Without this all other categories are irrelevant.
Critical - The network, as designed, is useless without this ability.
Important - The network could function, but would be difficult to use and manage.
Advanced - Includes enhancements that make the network easier to use and manage.
Useful - Functionality that you would like to be able to use as a network user. Applications or some functionality is supported here. Without this, why build a network?

The categories are:

Name(layer)	Importance	Names of protocols	What it does
Hardware(link)	Essential	ethernet, SLIP, PPP, Token Ring, ARCnet	Allows messages to be packaged and sent between physical locations.
Package management(network)	Essential	IP, ICMP	Manages movement of messages and reports errors. It uses message protocols and software to manage this process. (includes routing)
Inter layer communication	Essential	ARP	Communicates between layers to allow one layer to get information to support another layer. This includes broadcasting
Service control(transport)	Critical	TCP, UDP	Controls the management of service between computers. Based on values in TCP and UDP messages a server knows what service is being requested.
Application and user support	Important	DNS, RPC	DNS provides address to name translation for locations and network cards. RPC allows remote computer to perform functions on other computers.
Network Management	Advanced	RARP, BOOTP, DHCP, IGMP, SNMP,RIP, OSPF, BGP, CIDR	Enhances network management and increases functionality
Utility(Application)	Useful	FTP, TFTP, SMTP, Telnet, NFS, ping, Rlogin	Provides direct services to the user.

Computer Network Topology

Expanded Star Topology
//

//
Bus Network Topology Diagram

Ring Topology

//

Star Network

//

Hybrid

//

Mesh
//

//
Tree Network
//

Fig. 1. Linear Bus topology

Advantages of a Linear Bus Topology

Easy to connect a computer or peripheral to a linear bus.
Requires less cable length than a star topology.

//
There are seven basic topologies:^[4]

Point-to-point topology
Bus (point) topology
Star topology
Ring topology
Tree topology
Mesh topology
Hybrid topology

Considerations When Choosing a Topology

Money. A linear bus network may be the least expensive way to install a network; you do not have to purchase concentrators.
Length of cable needed. The linear bus network uses shorter lengths of cable.
Future growth. With a star topology, expanding a network is easily done by adding another concentrator.
Cable type. The most common cable in schools is unshielded twisted pair, which is most often used with star topologies.

A network topology is how computers, printers, and other devices are connected over a network. It describes the layout of wires, devices, and routing paths. Essentially there are six different common topologies you should familiarize yourself with: Bus, Ring, Star, Extended Star, Hierarchical, and Mesh.

Although it is usually easier to start connecting wires and setting up your network, you’ll appreciate the level of organization these models provide- especially when your network grows in size. And if you’re looking to do well on networking exams, consider these topologies essential to both learn and memorize.

Bus Topology

The bus topology was fairly popular in the early years of networking. It’s easy to setup- not to mention inexpensive. All devices on the Bus Topology are connected using a single cable. If you need help remembering how the Bus Topology operates, think of it as the route a bus takes throughout a city.
It is extremely important to note that both ends of the main cable need to be terminated. If there is no terminator, the signal will bounce back when it reaches the end. The result: a bunch of collisions and noise that will disrupt the entire network.
The Bus Topology is less common these days. In fact, this topology is commonly used to network computers via coaxial cable- when’s the last time you can say you’ve done that?

Ring Topology

The Ring Topology is a very interesting topology indeed. It is a lot more complex that it may seem- it looks like just a bunch of computers connected in a circle! But behind the scenes, the Ring Topology is providing a collision-free and redundant networking environment.
Note that since there is no end on a Ring Topology, no terminators are necessary. A frame travels along the circle, stopping at each node. If that node wants to transmit data, it adds destination address and data information to the frame. The frame then travels around the ring, searching for the destination node. When it’s found, the data is taken out of the frame and the cycle continues.
But wait- it gets better! We have two types of Ring Topologies in networking: the one we just reviewed, and Dual-Ring Topology. In a Dual-Ring Topology, we use two rings instead of one. This creates a sense of redundancy so that if any point in the network fails, the second ring will (hopefully) be able to pick up the slack. If both rings were to fail at separate locations, we can even use the opposite ring at each point to “patch” the downed node.

In the above diagram, you can see that although the outer ring and inner ring failed at separate parts of the network. Thanks to redundancy, the network is still fully operational. This is generally more expensive to implement than other topologies- so it isn’t as common as the Star or Extended Star Topology.

Star / Extended Star Topology

One of the most popular topologies for Ethernet LANs is the star and extended star topology. It is easy to setup, it’s relatively cheap, and it creates more redundancy than the Bus Topology.
The Star Topology works by connecting each node to a central device. This central connection allows us to have a fully functioning network even when other devices fail. The only real threat to this topology is that if the central device goes down, so does the entire network.

The Extended Star Topology is a bit more advanced. Instead of connecting all devices to a central unit, we have sub-central devices added to the mix. This allows more functionality for organization and subnetting- yet also creates more points of failure. In many cases it is impractical to use a Star Topology since networks can span an entire building. In this case, the Extended Star Topology is all but necessary to prevent degraded signals.
Whereas the Star Topology is better suited for small networks, the Extended Star Topology is generally better for the larger ones.

Hierarchical Topology

The Hierarchical Topology is much like the Star Topology, except that it doesn’t use a central node. Although Cisco prefers to call this Hierarchical, you may see it as instead referred to as the Tree Topology.
This type of topology suffers from the same centralization flaw as the Star Topology. If the device that is on top of the chain fails, consider the entire network down. Obviously this is impractical and not used a great deal in real applications.

Mesh Topology

If you haven’t noticed, we’ve had a little problem with a fully redundant network. The Dual-Ring Topology helped, but it wasn’t perfect. If you are looking for a truly redundant network, look no further than the Mesh Topology. You will see two main types of Mesh Topology: Full-Mesh and Partial-Mesh.
The Full-Mesh Topology connects every single node together. This will create the most redundant and reliable network around- especially for large networks. If any link fails, we (should) always have another link to send data through. So why don’t we use it more often? Simple: how many wires would it take to link a computer to every device on a network of over 100 devices? Now multiply that for every device on the network- not a pleasant number is it? Obviously you should only use this in smaller networks. Alternatively, you could try a Partial-Mesh Topology.

The Partial-Mesh Topology is much like the full-mesh, only we don’t connect each device to every other device on the network. Instead we only implement a few alternate routes. After all- what are the odds a network will fail in multiple times near the same device?
You’ll see the Partial-Mesh Topology in backbone environments, since these are often vital networks that depend on redundancy to keep services running (such as an Internet Service Provider). Full-Mesh Topology is commonly seen in WANs between routers, yet also on smaller networks that depend on a redundant connection.

Closing Comments

Keep in mind that network topology isn’t limited to the above examples. There are hybrids and variations of the topologies mentioned above.
Oddly enough, Cisco fails to categorize Point-to-Point Topology in their course material- but don’t worry, it’s just a simple connection between two endpoints. Perhaps it was considered too simple to include in the course material- either way, make sure you commit the above topologies to memory. You’ll be expected to know them when exam day comes- not to mention it could save you from a disorganized mess of a network!

/////////////////////////////////////////////////////

In the bus network topology, every workstation is connected to a main cable called the bus. Therefore, in effect, each workstation is directly connected to every other workstation in the network.
In the star network topology, there is a central computer or server to which all the workstations are directly connected. Every workstation is indirectly connected to every other through the central computer.
In the ring network topology, the workstations are connected in a closed loop configuration. Adjacent pairs of workstations are directly connected. Other pairs of workstations are indirectly connected, the data passing through one or more intermediate nodes.
If a Token Ring protocol is used in a star or ring topology, the signal travels in only one direction, carried by a so-called token from node to node.
The mesh network topology employs either of two schemes, called full mesh and partial mesh. In the full mesh topology, each workstation is connected directly to each of the others. In the partial mesh topology, some workstations are connected to all the others, and some are connected only to those other nodes with which they exchange the most data.
The tree network topology uses two or more star networks connected together. The central computers of the star networks are connected to a main bus. Thus, a tree network is a bus network of star networks.
Logical (or signal) topology refers to the nature of the paths the signals follow from node to node. In many instances, the logical topology is the same as the physical topology. But this is not always the case. For example, some networks are physically laid out in a star configuration, but they operate logically as bus or ring networks.

//
http://www.comptechdoc.org/independent/networking/guide/nethardware.html

http://www.webopedia.com/quick_ref/topologies.asp
http://compnetworking.about.com/od/networkdesign/ig/Computer-Network-Topologies/

//

Total Pageviews