|
|
|
|
NSE/BigPlanet Rep: Brad Smith
|
|
|
|
  
Wondering if that e-mail you just received is for real? Use the links below to find out the latest on current threats & hoaxes. Based on what I've learned,
(1) as a general rule, any e-mail that tells you to forward to everyone you know is probably a hoax, but check it out anyway
(2) many of the recent virii/worms use the victim's address book to propagate, so just because you receive an e-mail from someone you know doesn't mean it or its attached file(s) are virus-free - use a good antivirus program & keep it current!
General Virus Information
CERT® Coord.Center
McAfee Virus Information
Symantec Virus Encyclopedia
Virus Bulletin
Avoid Email-born Viruses and Malicious Code
The SANS Institute
International Computer Security Association (ICSA.net)
Federal Computer Incident Response Capability (FedCIRC)
US-CERT
|
Common Virus Hoaxes
CERT® Coord.Center
CIAC Full Hoax Index
Data Fellows Hoax Page
McAfee Hoax Page
Symantec Hoax Page
TrendMicro Hoax Page
ICSA.net
Virus Bulletin
Rob Rosenberger's Computer Virus/Hoax Myths
Urban Legends search engine (snopes.com)
Truth or Fiction.com
Break the Chain.org
|
Data Fellows F-Secure
McAfee VirusScan
Symantec's Norton Antivirus
Trend Micro's PC-Cillin
Free online scanners:
Symantec (Norton), Trend Micro, & Panda Software
Seven Simple Computer Security Tips
for Small Business and Home Computer Users
- Use strong passwords. Choose passwords that are difficult or impossible to guess. Give different passwords to all accounts.
- Make regular backups of critical data. Backups must be made at least once each day. Larger organizations should perform a full backup weekly and incremental backups every day. At least once a month the backup media should be verified.
- Use virus protection software. That means three things: having it on your computer in the first place, checking daily for new virus signature updates, and then actually scanning all the files on your computer periodically.
- Use a firewall as a gatekeeper between your computer and the Internet. Firewalls are usually software products. They are essential for those who keep their computers online through the popular DSL and cable modem connections but they are also valuable for those who still dial in.
- Do not keep computers online when not in use. Either shut them off or physically disconnect them from Internet connection.
- Do not open e-mail attachments from strangers, regardless of how enticing the Subject Line or attachment may be. Be suspicious of any unexpected e-mail attachment from someone you do know because it may have been sent without that person’s knowledge from an infected machine.
- Regularly download security patches from your software vendors.
NATIONAL INFRASTRUCTURE PROTECTION CENTER
HIGHLIGHTS, 10 Nov 2001 (page 4/4 below)
Connect It and They Will Come: No Grace Period for Internet-connected Hosts
New Internet victim or host computers can be located by malicious parties in a short period of time. Computer systems which are not properly secured may be compromised within days or even minutes of connecting to the Internet due to the increased usage of automated scanning tools. The hypothesis that newly connected Internet hosts can be quickly found by hackers has been confirmed by researchers from the Honeynet Project, a computer security research group. In a study published earlier this year, the group reported the following observations:
· One of the project’s research computer systems was compromised a mere 15 minutes after being connected to the Internet.
· Seven computers running default installations of a popular Linux distribution were attacked within three days of connecting to the Internet.
· A default Windows 98 system was compromised five times in less than four days.
These and other observations belie the common misconceptions many users and some system administrators have about connecting to the Internet:
· Misconception 1: “I won’t tell anyone about my computer, so no one will ever even find it.”
· Misconception 2: “There are millions of computers connected to the Internet, so the odds against anyone targeting my computer are very low.”
· Misconception 3: “With all the other important and high-profile servers out there on the Internet, no one would want to break into my computer.”
The impact of automated scanning tools allows individuals to scan tens of thousands of Internet addresses in a short time. Like many home systems, the computers used in the Honeynet Project were not advertised or associated with a particular company. No one had any way of knowing the systems were connected to the Internet except by discovering them through scanning ranges of Internet addresses, looking for vulnerable hosts to exploit. After compromising the targets, intruders can examine the victimized computer for exploitable information such as personal information that can be used for identity theft, or they can utilize the host to attack other systems on the Internet. Many users hook up to the Internet with the intent of implementing security measures in the future.
It is imperative that users plan on security before they connect their computers to a public network. |
|
|
|
|