Basic to Indepth Guide on Home Computer Security Guide

[ajaysinghnegi]

Hi Everybody, I hope this guide will help home computer users to secure themselves on cyber world, i will update this guide time-to-time. I have tried to upload the whole guide as an attachment but as i was having some problem in uploading it as attachment so I have uploaded it on mediafire server for easy downloading, mediafire also has resume capability so anyone can download it while resuming,please check the below mentioned link for downloading the whole guide.

Happy Learning

Regards
Ajay Singh Negi.


Download Basic to Indepth Home Computer Security Guide:
http://www.mediafire.com/?3neta32etektd79


Introduction

The Basic to In-depth Home Computer Security Guide is intended to prescribe basic countermeasures to the home computer users working with computer systems running Windows Operating System. The basic purpose of this document is to create awareness about Computer Security issues among home computer users and suggest them the tasks to be performed to secure their computer systems to protect their information assets.


Information security needs have to be addressed at all levels, from the individual user to an organization and beyond that to the government and the nation. Information Security is becoming synonymous with National Security as Computer Networking, which is vulnerable to Cyber attacks, forms the backbone of critical infrastructure of the country banking, power, communication network etc. It is, therefore, important to have secured Computer Systems and Networks.


Also, increased focus on outsourcing of IT and other services from developed countries is bringing the issue of data security to the fore. Furthermore, owing to the massive Internet boom, a lot of home users with little or no prior knowledge with the threats and their countermeasures are exposed to the Internet. This, the attacker, can exploit to expand their base of malicious activity and use innocent people for their schemes. Our aim to spread the education to school children, teachers, parents, senior citizens & every Individual to equip them with the knowledge needed to mitigate the threat.



Why Home Computers?

Home computers are typically not very secure and are easy to break-in. When combined with high-speed Internet connections that are always turned on, intruders can quickly find and then attack home computers. While intruders also attack home computers connected to the Internet through dial-in connections, high-speed connections (cable modems and DSL modems) are a favorite target. There may not be important data stored on the home computers but they are targeted by the intruders for launching attack against other computer systems.


How attackers do it?

In general, attack vectors which attackers use are :

• Through E-mail

• Through Un-trusted Websites

• Through Internet Shares


In some cases, they send email with a virus. Reading that email activates the virus, creating an opening that intruders use to enter or access the computer. In other cases, they take advantage of a flaw or weakness in one of the computer program’s vulnerability – to gain access. Once they’re on the computer, they often install new programs that let them continue to use the computer – even after user plug the holes they used to get onto user’s computer in the first place. These are known as “backdoors” and are usually cleverly disguised so that they blend in with the other programs running on user’s computer.


In general, they steal the information saved by the user on his system or use the system to launch attack on other computer systems.


What is Information Security?

Information security can be explained by the help of following example. If company sells bottled water purified using the process of reverse osmosis, the process is well known, and therefore it does not make good business sense for management to protect that information. However, if that company has a revolutionary process that cuts the cost and time for water purification in half, it would make sense to secure that information. There is a limit to the value of implementing protection so user must combine his knowledge of value, threats, vulnerabilities, and risks to put together a feasible plan.

Information security involves the measures and controls that ensure confidentiality, integrity, and availability of the information processed by and stored in a computer or system.


Confidentiality: Ensures that information is accessed only by authorized personnel.


Integrity: Ensures that information is modified only by authorized personnel.


Availability: Ensures that information and systems can be accessed when needed by authorized personnel.


This practice include policies, procedures, hardware and software tools necessary to protect the computer systems and the information processed, stored, and transmitted by the systems.


When the user combines efforts to provide data confidentiality, data integrity, and data availability with physical security, then he can provide a very effective security solution.

[ajaysinghnegi]

Importance of Cyber Security


Cyber security is important for the users because they have to protect themselves against identity theft. Organizations including government also need this security to protect their trade secrets, financial information, and some sensitive or critical data. Since all sensitive information that is mostly stored on a computer that is connected to the Internet, there is a need for information assurance and security. So in order to have Cyber Security, everyone should follow the Cyber Security standards that enable us to protect various Malware threats. A poor Cyber security practice arises because of some of the following reasons. Poor administrative practices of application, poor software coding which may be vulnerable and improper usage of Cyber Security practices.


Computer Ethics

• Ethics is a set of moral principles that govern individual or a group on what is acceptable behaviour while using a computer.

• Computer ethics is set of moral principles that govern the usage of computers. One of the common issues of computer ethics is violation of copyright issues.

• Duplicating the copyrighted content without the authors approval, accessing personal information of others are some of the examples that violate ethical principles.

Ethical Rules for the Computer Users


Some of the rules that the individuals should follow while using computer are listed below:

• Do not use computer to harm other users.

• Do not use computers to steal other's information.

• Do not access files without the permission of owner.

• Do not copy copyrighted softwares without the author’s permission.

• Always respect copyright laws and policies.

• Respect the privacy of others, just as you expect the same from others.

• Do not use other user's computer resources with out their permission.

• Use Internet ethically.

• Complain about illegal communication and activities, if found, to Internet service Providers and local law enforcement authorities.

• Users are responsible for safeguarding their User Id and passwords.

• They should not write them on paper or anywhere else for remembrance.

• Users should not intentionally use the computers to retrieve or modify the information of others which may include password information, files etc.

Copyrights


§ Copyright is the legal right granted to the author to exclusively modify, copy, distribute his work.
Other people who want to use the author work to perform same actions have to get permission
from the author.

§ Copyright is given to the author according to the law, as soon as he completes his work.

[ajaysinghnegi]

Threats to the home computers

A threat, for information security, is any activity that represents possible danger to user’s information.

Intruders want the information stored by the users which are personal and sensitive, such as credit card numbers, PINs, passwords etc. By stealing this information the malicious intruders commonly referred to hackers may gain financially. The intruders also use the resources of the compromised systems for their own purposes and for attacking other computer systems connected to the Internet. Recent trends in computer security threats show that the attackers are compromising the home computers and installing malicious code such as Bots in these systems, which may then be used as Zombies to further launch large scale attacks on critical information systems. This type of attack is known as Distributed Denial of Service (DDOS).


Vulnerabilities in home computer

A vulnerability is a weakness in user’s information security that could be exploited by a threat; that is, a weakness in user’s system and network security, processes, and procedures.

Computer vulnerability is flaw in the computer system. Which when exploited allows intruder to compromise the system’s integrity. The common types of vulnerabilities are logical errors in operating system or applications due to poor coding techniques, allowing intruder to exploit them and giving him heightened access to the user’s computer. Various security tools are available to secure the system like firewalls etc. These tools provide excellent security mechanism but having flaw in design that could lead to security breach. The term “security through obscurity” fits into this arena, being the system is secure because nobody can see hidden elements. All types of file encryption come under this category. By means of encrypting the data an additional layer of protection is being added to the computer system. In case a system is compromised, the critical data is still protected by encryption. And the intruder may not be able to steal the information from the hacked system.


What is Intrusion?

The users of home computers normally connect to internet through dial-in modems or internet connection through cable. Intruders are always looking for new ways to break into computers connected to internet. They may attempt to breach the computer security defenses from remote locations. Intruders seek old, unpatched vulnerabilities as well as newly discovered vulnerabilities in operating systems, network services, or protocols1 and take advantage of each. They develop and use sophisticated automated programs to rapidly penetrate the systems, alive on the Internet. Once the attacker is able to find a vulnerable system, he exploits the system to steal information or to launch further attacks.


Indications of Infection


Some of the indications are given below:

• Poor system performance


• Abnormal system behavior e.g. system restarts or hangs frequently.


• Unknown services are running


• Crashing of applications


• Change in file extensions or contents


• Hard Disk is busy or its light glows continuously


Since we have discussed the basic terminologies and methodologies, now we can start discussing the defensive actions.

[ajaysinghnegi]

Malicious Code

Malicious code, or malware, is a common name applied to all forms of unwanted and destructive software, such as viruses, worms, and Trojans. The best way to protect from malicious code is to install virus scanners and keep virus definition2 (signature) files current.



Virus: A virus is malicious code that infects or attaches itself to other objects or programs. All viruses have some form of replication mechanism, which is how they propagate.



Worm: A worm is malicious code that replicates by making copies of itself on the same computer or by sending copies of itself to another computer. Worms, unlike viruses, do not infect other program files on a computer. All worms have some form of replication mechanism, which is how they propagate. A worm does not require any host program unlike virus to execute, they can run independently.



Trojan: A Trojan horse is seemingly useful (or harmless) programs that perform malicious or illicit action when activated, such as destroying files. For example, user downloads what appears to be a movie or music file but he unleash a dangerous program which can erase in disk or can send his credit card numbersor password files to intruders.These backdoor programs may also open certain ports on user computer allowing unauthorised access to user computer.


The malicious code usually propagates through email attachments.



Virus and Spyware Prevention

Virus and Its Threats


§ A virus is a computer program which can copy itself or infect the system without the knowledge of the user. A virus can spread from on e system to the other system, whenever a file with virus in an infected system is accessed from another system.

§ Some viruses may cause damage to the system by infecting the files, deleting the files, formatting the hard disk etc.

§ To protect the system from virus one should have knowledge of each program or a file they download into their computer. Since it is difficult, we can use anti-virus software which can help the system by protecting it from virus.


Countermeasures and Tools to Prevent Virus into the System

• Keep you anti-virus software up to date and make sure that it is working properly.

• Scan the files with anti-virus software before you download it from the Internet and execute it.

• Be careful while exchanging the files between the systems through disks or through network. While using the disk make sure that it is write protected, so that it prevents from accidental deletion and changes made to the files on the disk.

• While using Microsoft office make sure that macro virus protection option is enabled.

Note: A Macro virus is a computer virus that infects Microsoft Word and similar application by inserting some undesirable text in to the documents or by making some changes to the documents.

• Take backup of important files. This will help you in recovering the file when it is affected by virus.

• Scan the system with anti-virus software daily and keep your operating system up to date with all the latest patches.

• Some virus start executing as soon as they appear on the Outlook Express preview pane. So disable that option.

• Beware of the latest virus threats which may help you in detecting them and take the appropriate action to avoid it.

[ajaysinghnegi]

List of Anti Virus Tools available for Preventing Virus in to the system are given below:

AVG Antivirus Free, Quick Heal, Avira Antivirus, Clean Win Antivirus, Cleaner4.2, AVG Internet Security, Bit Defender Free edition, Bit defender Antivirus 2008, Avast 4 Home edition, McAfee Avert Stinger 3.8.0, Calm Win (open source) Free Antivirus.


Key loggers

Key loggers are software application (or hardware based as well) which are able to capture the key logging events and can mail them to remote intruder via email. These are invisible and undetectable to users so there is a huge risk of sending important information such as credit card numbers passwords to the remote intruders. The set program can be combined with useful applications like that whenever user install that application the key logger program also get installed along with that application.



Bots

The term Bot is derived from the word “Robot”. Robot comes from the Czech word "robot," which means "worker". In computer world Bot is a generic term used to describe an automated process.



Bots are being used widely on the Internet for various purposes. Bot functionality may vary from search engines to game bots and IRC channel bots.Google bot is one such famous search bot, which crawls through the web pages on the net to collect information and build database to enable variety of searches. Computer controlled opponents and enemies in multiple player video games are also a kind of bot, where the computer process tries to emulate the human behavior.



However, the usage of bots is not limited to good purpose only. Bots are widely used to perform malicious activities ranging from information stealing to using as a launching pad for distributed attack. Such software’s gets installed on user’s computer without their knowledge. Some bot infected machines, pass the control of the machine to a remote attacker and act as per the attackers command.

Such machines are popularly known as zombie machines.


Adware and Spyware

Adware is 'freeware', whereby ads are embedded in the program. These ads will show up whenever user opens the program. Most adware authors provide the free version with ads and a registered version whereby the ads are disabled.

As such, the users have the choice, either to use the freeware with ads served or purchase the registered version.

Spyware, as the name suggest is the software installed on user’s computer which is constantly sending user information to the mother website.



Spyware, however, is published as 'freeware' or as 'adware', but the fact that an analysis and tracking program (the 'spyware' agent, which reports user’s activities to the advertising providers' web site for storage and analysis) is also installed on user’s system when a user install this so-called 'freeware', and this is usually not mentioned. Even though the name may indicate so, spyware is not an illegal type of software. But what the adware and spyware providers do with the collected information and what they're going to 'feed' the user with, is beyond his control. And in some cases it all happens without the user’s consent.



For a comprehensive list of spywares, please refer:

http://www.spywareguide.com


Spyware and Methods to Identify It

• Spy ware is a program that secretly observes the users behaviour and sometimes interfere with the users control of the computer for downloading some additional software and for redirecting the web pages to malicious sites.

• Spy ware gets installed into the system without the user’s knowledge from downloaded software, Cd's etc.

• Anti-Spy ware helps us to avoid Spy ware entering into the system in two ways.

[ajaysinghnegi]

1. Anti-Spyware works in real time by avoiding the Spy ware getting installed into the system. It scans all the packets coming in to the system and drops the packets if they are malicious.



2. Another way of removing the spy ware from the system is by detecting the Spy ware if
it is already present on the system and remove it, if it is found.



Symptoms that we Can Observe When a System is Infected by Spyware are

§ A number of pop up windows while browsing Internet.

§ Redirection to other website without our control.

§ Search engines, we use in the browser may get replaced with the other ones.

§ We notice new tool bars present on the web browser.

§ The surfing speed of Internet may go down and even slow down the system.



Tips and Tools to Prevent Spyware


§ Do not click on anywhere inside the pop up window while browsing Internet, because this may contain some Spy ware that can get in to the system with a single click inside the pop up window.


§ Beware of freely downloadable softwares and also make sure that the softwares are downloaded from the trusted website. Downloading the software from an untrusted site may automatically introduce the Spy ware in to the system along with the software.


§ Do not follow the links that offer free anti Spy ware software.


§ Block the pop up windows that are not trust worthy by going in to web browser settings.


§ Run the anti-spy ware program and anti-virus program periodically depending upon the Internet usage .



Tools Available to Remove or Prevent Spyware in the System

Spyware Terminator, Spyware Blaster, Spyware guard, Advanced Spyware Removal, A-squared 2 Free, Spyware doctor, AVG Anti Spyware, Win pooch, Ad-ware SE personal 1.06, Spybot S&D 1.5, Doctor Spyware Cleaner 1.0, Zone Alarm Anti Spyware 7.0.408.



What is a Rootkit?

The term rootkit is used to describe the mechanisms and techniques whereby malware, including viruses, spyware, and trojans, attempt to hide their presence from spyware blockers, antivirus, and system management utilities. There are several rootkit classifications depending on whether the malware survives reboot and whether it executes in user mode or kernel mode.



Types of Rootkit

• Persistent Rootkits

A persistent rootkit is one associated with malware that activates each time the system boots. Because such malware contain code that must be executed automatically each system start or when a user logs in, they must store code in a persistent store, such as the Registry or file system, and configure a method by which the code executes without user intervention.

• Memory-Based Rootkits

Memory-based rootkits are malware that has no persistent code and therefore does not survive a reboot.

[ajaysinghnegi]

• User-mode Rootkits

There are many methods by which rootkits attempt to evade detection. For example, a user-mode rootkit might intercept all calls to the Windows FindFirstFile/FindNextFile APIs, which are used by file system exploration utilities, including Explorer and the command prompt, to enumerate the contents of file system directories. When an application performs a directory listing that would otherwise return results that contain entries identifying the files associated with the rootkit, the rootkit intercepts and modifies the output to remove the entries.


The Windows native API serves as the interface between user-mode clients and kernel-mode services and more sophisticated user-mode rootkits intercept file system, Registry, and process enumeration functions of the Native API. This prevents their detection by scanners that compare the results of a Windows API enumeration with that returned by a native API enumeration.

• Kernel-mode Rootkits

Kernel-mode rootkits can be even more powerful since, not only can they intercept the native API in kernel-mode, but they can also directly manipulate kernel-mode data structures. A common technique for hiding the presence of a malware process is to remove the process from the kernel's list of active processes. Since process management APIs rely on the contents of the list, the malware process will not display in process management tools like Task Manager or Process Explorer.



Some Rootkit Removal Tools:


UnHackMe

The rootkit installs a backdoor giving the hacker a full control of the computer. It hides their files, registry keys, and process names, and network connections from your eyes. Your antivirus could not detect such programs because they use compression and encryption of its files. UnHackMe allows you to detect and remove Rootkits.

http://www.greatis.com/unhackme.zip


RootKit Hook Analyzer

RootKit Hook Analyzer is a security tool which checks if there are any rootkits installed on your computer which hook the kernel system services. Kernel RootKit Hooks are installed modules which intercept the principal system services that all programs and the operating system rely on. This program will display all kernel services and the responsible modules for handling them, along with company and product information.

http://www.resplendence.com/download/hookanlz.exe


Acronis Privacy Expert Suite

Acronis Privacy Expert Suite provides you with proactive, real time protection against malware; including spyware parasites, rootkits, adware, keyloggers, hidden dialers, browser hijackers, and other malicious programs. Our latest version, 9.0, adds key new features to ensure that your PC is not infected with malware.

http://download.acronis.com/PrivacyE...te9.0_d_en.exe


Mamutu

Mamutu monitors in realtime all active programs for dangerous behavior and blocks malicious activities. It recognizes new and unknown Trojans, Backdoors, Keyloggers, Worms, Viruses, Spyware, Adware and Rootkits (Zero-Day attacks), without the need of daily signature updates. Mamutu gives you full control over internal system activities. It's small but very powerful. Mamutu saves resources and does not slow down the PC.

http://download3.emsisoft.com/MamutuSetup.exe


RemoveAny

RemoveAny finds spyware, adware, Trojan horses, key-loggers, rootkits on your computer. RemoveAny product recognizes malicious software by watching for suspicious behavior, not by searching for known signatures. It has constant protection that is always up-to-date without requiring signature updates. RemoveAny starts at system startup and monitors all drivers and processes run.

http://heavenward.ru/files/removeanysetup_1.3.2.exe


RootkitRevealer

RootkitRevealer is an advanced rootkit detection utility. It runs on Windows NT 4 and higher and its output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit. RootkitRevealer successfully detects many persistent rootkits including AFX, Vanquish and HackerDefender (note: RootkitRevealer is not intended to detect rootkits like Fu that don't attempt to hide their files or registry keys).

http://download.sysinternals.com/Fil...itRevealer.zip


RKHunter

RKHunter is an Unix Rootkit Detector its an scanning tool that checks for signs of various pieces of nasty software on your system like rootkits, backdoors and local exploits. It runs many tests, including MD5 hash comparisons, default filenames used by rootkits, wrong file permissions for binaries, and suspicious strings in LKM and KLD modules.

http://space.dl.sourceforge.net/proj...r-1.3.8.tar.gz


CHKRootkit

CHKRootkit locally checks for signs of a rootkit is a flexible, portable tool that can check for many signs of rootkit intrusion on Unix-based systems. Its features include detecting binary modification, utmp/wtmp/lastlog modifications, promiscuous interfaces, and malicious kernel modules.

ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz

[ajaysinghnegi]

Securing home computers with Defense in depth strategy

To ensure that the information is secured during process, storage and transmission certain security measures are to be taken by the users of that information.

Following sections will describe certain tasks that are to be performed by the user to secure the computer systems being used at home and information stored or processed therein.

These tasks broadly involve steps to prevent computer security incidents.


The Defense in Depth Approach for the Home User

A defense in depth strategy is the traditional one adopted to afford the defended area the strongest and most resilient protection. In the case of the home Internet user, the defended area is the user’s data. As shown in Figure 1, defense in depth for the home user consists of defensive measures adopted in four layers, namely: network access; the operating system; user applications; and data. At the center of the defended area is the most valued component of the defended area – the user’s data.

http://img46.imageshack.us/i/figure1.png

Figure-1: Most common Intruder methods used against home computers



Attacks Defensive Layers

Figure-1: Most common Intruder methods used against home computers This layered approach is required since even the most expensive firewall controlling network access cannot effectively control traffic content. For example, most firewalls will allow an e-mail attachment containing viruses. These viruses may be cleaned at the operating system layer by anti-virus software if they are recognized. However, if they are of an unknown type, then the final defense is at the data layer where the user opens the e-mail attachment with care. Apart from this, user data is protected by means of rights & privileges and encryption techniques.

To be effective, defensive measures at each layer must be based on the threats to the defended area. The recommended defensive measures at each layer of the defense vary as shown in Figure 2.

Of course home user should consult their system support personnel for advice.


Defensive Measures

http://img811.imageshack.us/i/figure2t.png


Figure-2: Defense in Depth – Defensive Actions at each layer

The defensive actions have been identified at each layer, it is necessary to discuss how these actions will be carried out for a Windows-based home Internet user. It is also

important to keep in mind that the defensive posture is weakened when one does not
implement the entire defense in depth strategy that is being advocated. For example,
using a firewall but having either no or outdated antivirus software, leaves the system
vulnerable.


Defensive Measures at Network Access Layer

This is the first layer of the defense in depth model. The defensive measures that have to be taken at this layer are:


Use a Firewall.



Disconnect from the Internet when not using it.


Use a Firewall

A firewall places a virtual barrier between the computer and hackers, who might seek to delete information from the computer, make it crash, or even steal personal information.

The firewall serves as the primary defense against a variety of computer worms that are transmitted over the network. It helps to protect the computer by hiding it from external users and preventing unauthorized connections to the computer.

For home users, a firewall typically takes one of two forms:

Personal firewall - specialized software running on an individual computer, e.g. ZoneAlarm and in-built Windows Internet Connection Firewall (ICF) etc.

Hardware firewall - a separate device designed to protect one or more computers, e.g. Linksys EtherFast Cable/DSL Router.

If user is having a home network, it is recommended that he should have both types of firewall installed i.e. hardware firewall at the router3 and personal firewall at each system using that network. But if the user is using a stand-alone PC only, then it is recommended that he should have at least a personal firewall installed on the PC.

[prashant_uniyal]

great~~!! after reading this, I hope everyone will be protected

[ajaysinghnegi]

I also hope so bro btw its not yet completed bro approx 50 more pages I have written for posting....... but I was having some problem in uploading the screenshots they are in .png format and when I upload or gave there links they are not getting displayed .....so I am submitting those screenshots links .