You are either not logged in or not registered with our community. Click here to register.
 
December 11, 2016, 04:05:17 AM

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length

Click here if you are having problems.
Default Wide Screen Beige Lilac Rainbow Black & Blue October Send us your theme!

Hark!  The Herald!
Holiday Issue 2016

Wiki Blogs Dicebot

Author Topic: Google-fu? I need help with research -o-  (Read 748 times)

0 Members and 1 Guest are viewing this topic.

Online IzuTopic starter

Google-fu? I need help with research -o-
« on: January 10, 2012, 09:00:48 AM »
I need your help again. I think that either my google-fu is dead or I am just not using the right terms in English while searching.

I need to find information about how to secure a computer/network from Crimeware. I need to find information about:
- proactive defense - securing it before it gets infected, preventing from getting invecting
- active defense - how to secure it, save it, what to do if it's already infected
- postactive defense - what to do afterwards to make sure it won't get infected again.

Help.. pls... I need a paragraph or two for each of these -__- but my mind is just refusing to cooperate with me and my research ;.;

Offline jouzinka

  • Elf Guardian of the Blind Unbowed,Unbent,Unbroken. Law, Hr nn, dollen i Rw
  • Lady
  • Addict
  • *
  • Join Date: Nov 2008
  • Location: Surely wielding my mad makeup skillz somewhere
  • Gender: Female
  • The E mantra: Sip, swallow, scroll, sip, swallow..
  • My Role Play Preferences
  • View My Rolls
  • Referrals: 1

Online IzuTopic starter

Re: Google-fu? I need help with research -o-
« Reply #2 on: January 10, 2012, 09:07:09 AM »
I don't think so... I need to find more of 'What-to-do' before, during and after infection, and this looks more like history of the term?

Offline jouzinka

  • Elf Guardian of the Blind Unbowed,Unbent,Unbroken. Law, Hr nn, dollen i Rw
  • Lady
  • Addict
  • *
  • Join Date: Nov 2008
  • Location: Surely wielding my mad makeup skillz somewhere
  • Gender: Female
  • The E mantra: Sip, swallow, scroll, sip, swallow..
  • My Role Play Preferences
  • View My Rolls
  • Referrals: 1
Re: Google-fu? I need help with research -o-
« Reply #3 on: January 10, 2012, 09:09:37 AM »
Aha, I see. I thought it was supposed to be an essay or something. :-[ Will read better the next time.

Sorry I couldn't help. :-(

Online IzuTopic starter

Re: Google-fu? I need help with research -o-
« Reply #4 on: January 10, 2012, 09:11:03 AM »
No... it's a paper... -sighs and hugs- thanks for trying...

Offline jouzinka

  • Elf Guardian of the Blind Unbowed,Unbent,Unbroken. Law, Hr nn, dollen i Rw
  • Lady
  • Addict
  • *
  • Join Date: Nov 2008
  • Location: Surely wielding my mad makeup skillz somewhere
  • Gender: Female
  • The E mantra: Sip, swallow, scroll, sip, swallow..
  • My Role Play Preferences
  • View My Rolls
  • Referrals: 1
Re: Google-fu? I need help with research -o-
« Reply #5 on: January 10, 2012, 09:12:06 AM »
*hugs* I'm sure you'll beat it anyway, Izu, t'will just take time. *more hugs*

Offline Vandren

Re: Google-fu? I need help with research -o-
« Reply #6 on: January 10, 2012, 12:26:34 PM »
Aha, I see. I thought it was supposed to be an essay or something. :-[ Will read better the next time.

Probably shouldn't be using Wikipedia for an essay anyway.  :)

I assume you've tried your school library catalog and chatted with the reference librarians?

Online IzuTopic starter

Re: Google-fu? I need help with research -o-
« Reply #7 on: January 10, 2012, 12:27:33 PM »
We can use wiki -.- And there is no material in the library.

Offline Vandren

Re: Google-fu? I need help with research -o-
« Reply #8 on: January 10, 2012, 01:49:15 PM »
Here are some results from Worldcat:

http://www.worldcat.org/search?q=crimeware&qt=notfound_page&search=Search

Includes 4 eBook results

Online IzuTopic starter

Re: Google-fu? I need help with research -o-
« Reply #9 on: January 10, 2012, 02:18:34 PM »
*nods* Those are the books that I've been using so far for my paper. But they are not really talking all that much about the actual defense... or maybe when I was reading it my mind had already went poof and I didn't really understood anything... -English is not my native- I'll re-read it tomorrow again, but if you or anyone else find anything else about those things... please let me know.

And thanks...

Online Vekseid

Re: Google-fu? I need help with research -o-
« Reply #10 on: January 10, 2012, 05:30:50 PM »
I need your help again. I think that either my google-fu is dead or I am just not using the right terms in English while searching.

I need to find information about how to secure a computer/network from Crimeware. I need to find information about:
- proactive defense - securing it before it gets infected, preventing from getting invecting

Basic concept in proactive defense is to reduce points of entry, and to provide additional defenses to those points that must remain open.

So this has to do with disabling various unnecessary programs that are installed (unused libraries can also be a possible point of entry, though this is a rather rare vector lately), making sure that additional programs can't be run without permission, and ideally, to have a good understanding of what programs do get run on the machine.

This is also where the firewall is placed, both to prevent against incoming attacks, and to prevent a program that would have otherwise compromised the machine to be able to communicate back to an attacker.

Once the points of possible entry have been reduced to a known list (e.g. your web browser), you can focus on securing those points of entry, things like Noscript for Firefox, making sure plugins like Java and flash are up to date, code-auditing general server code, etc.

It can also involve replacing 'typical' programs with more secure variants, like replacing Adobe's pdf reader with Sumatra PDF or similar.

So, on Elliquiy's server, I have a full understanding of every running service that provides 'points of entry'
- sshd (SSH)
- Dovecot (IMAP)
- Postfix (SMTP)
- nginx (HTTP)
- MySQL (only connected to the slave server)
- Scripting processes (PHP mostly, have some Python and Ruby at various points, though).

A custom IPTables script works as my firewall, which prevents connections to unauthorized ports, has some fun with scan attempts (random drops, tarpitting and rejecting, etc), and secures the ports used by the above against abuse.

Because scripting processes are themselves points of entry, I also make sure that the users they run under are also similarly restricted. The /home, /var, /var/tmp, /data, /tmp, and /staff directories are all mounted nosuid, nodev, preventing them from exploiting setuid or device exploits. I have a tiny whitelist of programs that are allowed setuid root, the others get setuid turned off.

Similarly, on my Windows machines, I go through the Add/Remove Programs/Programs and Features to get rid of anything I don't need. Then anything that I need that autostarts at startup, I keep from autostarting unless it has to. I also disable extraneous services (this is less necessary in Windows 7 than it was previously, but pre-loaded bloatware is a common terror of the home user purchase). When securing a customer's machine, I usually try to train them on Flashblock and similar features, though it doesn't always work.

Virus protection is more useful on Windows than it is on Linux, but even on Windows, a good, up to date antivirus will only catch new malware about half the time (based on retrospective testing). This means that your best defense is really about having behavior that doesn't let you get infected. It also means that people who abandon their antivirus of choice just because 'it failed them' are probably going to repeat that betrayal until they learn.

Another aspect of proactive defense is being aware of spearphishing and other social engineering techniques.

Quote
- active defense - how to secure it, save it, what to do if it's already infected

Well to me 'active defense' involves monitoring and logging. For Elliquiy's server I run logcheck and Tiger to check for suspicious changes (though they pump out lots of dirty data) and ninja to autokill unauthorized processes that have somehow escalated to root. I get mailed when the user that can su to root logs in, and again on root logins. But almost all of these are various monitoring situations - learning what is going on as fast as possible.

'Reactive defense' usually involves an assessment of the sort of threat I'm facing. With 'nuke and pave' becoming more common, a lot of malware authors have given up and are just letting their malware get uninstalled normally.

Others take to ground in the system, and get more and more clever about hiding themselves. The result is 'nuke and pave'-
- Disconnect the hard drive
- Make sure whatever you're plugging it into doesn't autorun
- Plug it into another machine
- Back up what you need to
- Erase the infected drive's MBR
- Format infected drive
- Reinstall.

Sometimes I can get away with utilities like Combofix, but I never do this on any system where I can't be sure I know the threat has been eliminated.

Quote
- postactive defense - what to do afterwards to make sure it won't get infected again.

If this happened to -me- (and it hasn't for roughly a decade and a half at this point), I'd evaluate where I fucked up, and take measures to ensure it didn't happen again.

Usually, I perform the basic security steps on the client's computer then consult with them about 'good Internet practices'. Unfortunately, these change.

Hopefully that helps provide a starting point for additional terms to look for.

Online IzuTopic starter

Re: Google-fu? I need help with research -o-
« Reply #11 on: January 10, 2012, 05:38:29 PM »
It does, thank you. A lot.

Online Vekseid

Re: Google-fu? I need help with research -o-
« Reply #12 on: January 10, 2012, 07:49:26 PM »
Oh, another thing that could be meant by 'postactive' is damage recovery strategies, some of which require active preparation
- Making and restoring from backups
- Having a legal team
- etc.

Online IzuTopic starter

Re: Google-fu? I need help with research -o-
« Reply #13 on: January 11, 2012, 03:11:36 AM »
Thank you, Veks. I think this will be enough. I will take a look into the things you've pointed out, search them and maybe add a lil more info about those things, but as a whole it should be alright.