Transcript TITISAN ILMIAH

TITISAN ILMU
MYSCHOOLNET
Sazali bin Saidin,
Institut Perguruan Perlis, Perlis,
01000 Kangar, Perlis
[email protected] | 019-4548436
11 - 14 Jun 2007
Langkawi Seaview Hotel
1
Buying a PC
 Searching for appropriate
model (looks and design).
 Desktop, notebook, palmtop
 We choose notebook
 Then …




CPU - Intel® Centrino® Duo mobile technology
Hard Disk, LCD Display, Memory
Design – looks & feel, weight
Features included – OS preloaded, Card reader,
Bluetooth, Connectivity, Camera
11 - 14 Jun 2007
Langkawi Seaview Hotel
2
Installing Software





OS – Windows XP or Windows Vista
Office Applications – MS Office
Graphics – Photoshop, Paintshop, etc
Antivirus – Trend Micro, AVG, etc
Utilities – Registry Mechanic, Disk
Keeper
11 - 14 Jun 2007
Langkawi Seaview Hotel
3
Happy hour…








Create document
Design graphics
Surfing the www
Creating html document
Blog & forum
Sending, sharing files, video, etc…
Real-time communication IM, VM…etc
Desktop Themes - Webshots, Screen
Saver etc…
11 - 14 Jun 2007
Langkawi Seaview Hotel
4
Ku Sangka Panas Hingga ke Petang
Rupanya Hujan di tengahari…
 Initially … everything goes smoothly
 Now …
 Pc boots too slow…
 Program takes longer
time than normal
to open…
 Pop up and ads…
 Junk emails
 Worms, trojans, virus, phising, etc…
 sluggishness
11 - 14 Jun 2007
Langkawi Seaview Hotel
5
Why…Why…Why it happens..
11 - 14 Jun 2007
Langkawi Seaview Hotel
6
Then we notice that …
 Too many programs at start up…
11 - 14 Jun 2007
Langkawi Seaview Hotel
7
Then we notice that …
 There may be also too many
Terminate and Stay Resident (TSR)
running at background
11 - 14 Jun 2007
Langkawi Seaview Hotel
8
Then we notice that …
 Our door are
still open…
11 - 14 Jun 2007
Langkawi Seaview Hotel
9
Then we notice that …
 Very rare we
updates patches…
11 - 14 Jun 2007
Langkawi Seaview Hotel
10
Then we notice that …
 Our antivirus definition
or pattern out of date…
 Lack of information viruses
 The First Generation: DoS Viruses (1986 1995)
 The Second Generation: Macro Viruses
(1995 - 2000)
 The Third Generation: Big Impact Worms
(1999 – 2005)
 The Fourth Generation: Malcode for Profit
(2004 – to present)
http://www.cioupdate.com/article.php/3598621
11 - 14 Jun 2007
Langkawi Seaview Hotel
11
Then we notice that …
 We rarely do general
maintenance to our notebooks..
 Do we…




Clean up our junk / unneeded files
Remove temporary files
Scandisk and defrag
Clean and compact our registry
11 - 14 Jun 2007
Langkawi Seaview Hotel
12
What is the Windows
Registry?
 Central database of information for general
settings and preferences, software applications,
and hardware drivers and devices.
 Keeping your registry in a good state of repair
and conducting regular maintenance is
imperative because the registry contains
important data that is used all the time during
system operation.
 As you continue changing preferences, installing
and uninstalling software and hardware, the
registry grows and becomes more complex. In
addition, the chances of errors and missing,
obsolete or corrupt entries increases
exponentially.
11 - 14 Jun 2007
Langkawi Seaview Hotel
13
When and Why do Registry
Problems occur?
 The latest statistics shows 94% of computers
have corrupt and possibly harmful files. On
average, almost each PC will have about 150+
errors on them due to corrupt or missing registry
entries.
 Removing software from your system, it is highly
probable that residuals are still littering your
hard drive and your registry.
 The result? Frequent error messages, slow startups, sluggishness, declining performance, system
stalls, severe degradation in operating speed,
unstable and frequent application errors and
crashes, and, at times, even an inability to start
Windows.
11 - 14 Jun 2007
Langkawi Seaview Hotel
14
Sample Registry Attack…
11 - 14 Jun 2007
Langkawi Seaview Hotel
15
Top 10 Threats – SANS Inst.
 Web servers and services.
Default HTTP (Web) servers have
had several vulnerabilities, and
numerous patches have been
issued over the past several
years. Make sure all your
patches are up to date, and do
not use default configurations or
default demonstration
applications. These
vulnerabilities may lead to
denial-of-service attacks and
other types of threats.
11 - 14 Jun 2007
Langkawi Seaview Hotel
16
Top 10 Threats – SANS Inst.
 Workstation
service. An attacker
can obtain full control
over a computer by
compromising the
Windows Workstation
service, which is
normally used to
route user requests.
11 - 14 Jun 2007
Langkawi Seaview Hotel
17
Top 10 Threats – SANS Inst.
 Windows remote
access services. A
variety of remote access
methods are included by
default on most systems.
These systems can be
very useful, but also very
dangerous, and an
attacker with the right
tools can easily gain
control over a host.
11 - 14 Jun 2007
Langkawi Seaview Hotel
18
Top 10 Threats – SANS Inst.
 Windows
authentication. Most
Windows systems use
passwords, but passwords
can be easily guessed or
stolen. Creating stronger,
more difficult to guess
passwords, not using
default passwords, and
following a recommended
password policy will
prevent password attacks.
11 - 14 Jun 2007
Langkawi Seaview Hotel
19
Top 10 Threats – SANS Inst.

Web browsers. Your window to
the Internet, a Web browser
contains many vulnerabilities.
Common exploits may include
disclosure of "cookies" with
personal information, the
execution of rogue code that
could compromise a system, and
exposure of locally-stored files.
Configuring the browser's security
settings for a setting higher than
the default value will prevent
most Web browser attacks.
11 - 14 Jun 2007
Langkawi Seaview Hotel
20
Top 10 Threats – SANS Inst.

File sharing applications.
Peer-to-peer (P2P)
programs are commonly
used to share files. In a P2P
system, computers are open
to others in the P2P network
to allow for all participants
to search for and download
files from one another. Many
corporations forbid use of
P2P networks because of
the obvious risk of
compromised data.
11 - 14 Jun 2007
Langkawi Seaview Hotel
21
Top 10 Threats – SANS Inst.

LSAS exposures. The
Windows Local Security
Authority Subsystem (LSAS)
has a critical buffer overflow
that can be exploited by an
attacker to gain control over
the system. Again, proper
configuration and application of
patches will prevent most
exploits.
11 - 14 Jun 2007
Langkawi Seaview Hotel
22
Top 10 Threats – SANS Inst.

Instant messaging. Many
corporations also block
employees from using instant
messaging, not only because of
the technical threats but also
because of the possibility of lost
productivity. Configuring IM
properly, applying all the latest
patches, and taking control over
any file transfers that occur over
IM will prevent most attacks.
11 - 14 Jun 2007
Langkawi Seaview Hotel
23
Windows systems for security
vulnerabilities
 Port scanners
 Network/OS vulnerability scanners
 Application/database vulnerability
scanners
 Password crackers
 File searching tools
 Network analyzers
 Exploit tools
11 - 14 Jun 2007
Langkawi Seaview Hotel
24
Top 15 security tools for testing
Windows
SuperScan version 3
www.foundstone.com/
resources/proddesc/su
perscan3.htm
Very fast and easy to use
port scanner that can find
live systems, look for open
ports and running services,
grab banner information
including software versions
SoftPerfect Network
Scanner
www.softperfect.com/
products/networkscan
ner
Maps MAC addresses
to IP addresses which
can help you locate
rogue wired and
wireless systems
11 - 14 Jun 2007
Langkawi Seaview Hotel
25
Top 15 security tools for testing
Windows
NetBIOS Auditing Tool
(NAT)
www.cotse.com/tools/
netbios.htm
Neat tool for cracking
passwords on
Windows network
shares
QualysGuard
www.qualys.com
The ultimate in ease of
use and comprehensive
network/OS
vulnerability scanning -checks for thousands of
old and current exploits
11 - 14 Jun 2007
Langkawi Seaview Hotel
26
Top 15 security tools for testing
Windows
Metasploit
www.metasploit.org
A great tool to exploit
those Windows-based
vulnerabilities that
other tools find
Cain & Abel
www.oxid.it
A nice tool for misc.
password cracking
11 - 14 Jun 2007
Langkawi Seaview Hotel
27
The simple rules…
Virus primer New viruses
 Apply regular updates and
patches as they become
available.
 Employ security software
and hardware such as
firewalls and
authentication servers.
 Do not use default
passwords and other
values that are provided
with your software
11 - 14 Jun 2007
Langkawi Seaview Hotel
28
Best Practices…
11 - 14 Jun 2007
Langkawi Seaview Hotel
Automatic detect,
clean & update
pattern.
29
Deploy Windows Server Update
Services
 Group Policy
 Active
Directory
Thanks you..!
11 - 14 Jun 2007
Langkawi Seaview Hotel
30