Sazali bin Saidin,
Institut Perguruan Perlis, Perlis,
01000 Kangar, Perlis sazliem3p@yahoo.com
| 019-4548436
11 - 14 Jun 2007 Langkawi Seaview Hotel 1

Buying a PC
 Searching for appropriate model (looks and design).
 Desktop, notebook, palmtop
 We choose notebook
 Then …
 CPU Intel® Centrino® Duo mobile technology
 Hard Disk, LCD Display, Memory
 Design – looks & feel, weight
 Features included – OS preloaded, Card reader,
Bluetooth, Connectivity, Camera
11 - 14 Jun 2007 Langkawi Seaview Hotel 2

Installing Software
 OS – Windows XP or Windows Vista
 Office Applications – MS Office
 Graphics – Photoshop, Paintshop, etc
 Antivirus – Trend Micro, AVG, etc
 Utilities – Registry Mechanic, Disk
Keeper
11 - 14 Jun 2007 Langkawi Seaview Hotel 3

Happy hour…
 Create document
 Design graphics
 Surfing the www
 Creating html document
 Blog & forum
 Sending, sharing files, video, etc…
 Real-time communication IM, VM…etc
 Desktop Themes - Webshots, Screen
Saver etc…
11 - 14 Jun 2007 Langkawi Seaview Hotel 4

 Initially … everything goes smoothly
 Now …
 Pc boots too slow…
 Program takes longer time than normal to open…
 Pop up and ads…
 Junk emails
 Worms, trojans, virus, phising, etc…
 sluggishness
11 - 14 Jun 2007 Langkawi Seaview Hotel 5

Why…Why…Why it happens..
11 - 14 Jun 2007 Langkawi Seaview Hotel 6

Then we notice that …
 Too many programs at start up…
11 - 14 Jun 2007 Langkawi Seaview Hotel 7

Then we notice that …
 There may be also too many
Terminate and Stay Resident (TSR) running at background
11 - 14 Jun 2007 Langkawi Seaview Hotel 8

Then we notice that …
 Our door are still open…
11 - 14 Jun 2007 Langkawi Seaview Hotel 9

Then we notice that …
 Very rare we updates patches…
11 - 14 Jun 2007 Langkawi Seaview Hotel 10

Then we notice that …
 Our antivirus definition or pattern out of date…
 Lack of information viruses
 The First Generation: DoS Viruses (1986 -
1995)
 The Second Generation: Macro Viruses
(1995 - 2000)
 The Third Generation: Big Impact Worms
(1999 – 2005)
 The Fourth Generation: Malcode for Profit
(2004 – to present) http://www.cioupdate.com/article.php/3598621
11 - 14 Jun 2007 Langkawi Seaview Hotel 11

Then we notice that …
 We rarely do general maintenance to our notebooks..
 Do we…
 Clean up our junk / unneeded files
 Remove temporary files
 Scandisk and defrag
 Clean and compact our registry
11 - 14 Jun 2007 Langkawi Seaview Hotel 12

 Central database of information for general settings and preferences, software applications, and hardware drivers and devices.
 Keeping your registry in a good state of repair and conducting regular maintenance is imperative because the registry contains important data that is used all the time during system operation.
 As you continue changing preferences, installing and uninstalling software and hardware, the registry grows and becomes more complex. In addition, the chances of errors and missing, obsolete or corrupt entries increases exponentially.
11 - 14 Jun 2007 Langkawi Seaview Hotel 13

 The latest statistics shows 94% of computers have corrupt and possibly harmful files. On average, almost each PC will have about 150+ errors on them due to corrupt or missing registry entries.
 Removing software from your system, it is highly probable that residuals are still littering your hard drive and your registry.
 The result? Frequent error messages , slow startups, sluggishness, declining performance, system stalls, severe degradation in operating speed, unstable and frequent application errors and crashes, and, at times, even an inability to start
Windows.
11 - 14 Jun 2007 Langkawi Seaview Hotel 14

Sample Registry Attack…
11 - 14 Jun 2007 Langkawi Seaview Hotel 15

Top 10 Threats – SANS Inst.
 Web servers and services.
Default HTTP (Web) servers have had several vulnerabilities, and numerous patches have been issued over the past several years. Make sure all your patches are up to date, and do not use default configurations or default demonstration applications. These vulnerabilities may lead to denial-of-service attacks and other types of threats.
11 - 14 Jun 2007 Langkawi Seaview Hotel 16

Top 10 Threats – SANS Inst.
 Workstation
service. An attacker can obtain full control over a computer by compromising the
Windows Workstation service, which is normally used to route user requests.
11 - 14 Jun 2007 Langkawi Seaview Hotel 17

Top 10 Threats – SANS Inst.
 Windows remote
access services. A variety of remote access methods are included by default on most systems.
These systems can be very useful, but also very dangerous, and an attacker with the right tools can easily gain control over a host.
11 - 14 Jun 2007 Langkawi Seaview Hotel 18

Top 10 Threats – SANS Inst.
 Windows
authentication. Most
Windows systems use passwords, but passwords can be easily guessed or stolen. Creating stronger, more difficult to guess passwords, not using default passwords, and following a recommended password policy will prevent password attacks.
11 - 14 Jun 2007 Langkawi Seaview Hotel 19

Top 10 Threats – SANS Inst.
 Web browsers. Your window to the Internet, a Web browser contains many vulnerabilities.
Common exploits may include disclosure of "cookies" with personal information, the execution of rogue code that could compromise a system, and exposure of locally-stored files.
Configuring the browser's security settings for a setting higher than the default value will prevent most Web browser attacks.
11 - 14 Jun 2007 Langkawi Seaview Hotel 20

Top 10 Threats – SANS Inst.
 File sharing applications.
Peer-to-peer (P2P) programs are commonly used to share files. In a P2P system, computers are open to others in the P2P network to allow for all participants to search for and download files from one another. Many corporations forbid use of
P2P networks because of the obvious risk of compromised data.
11 - 14 Jun 2007 Langkawi Seaview Hotel 21

Top 10 Threats – SANS Inst.
 LSAS exposures. The
Windows Local Security
Authority Subsystem (LSAS) has a critical buffer overflow that can be exploited by an attacker to gain control over the system. Again, proper configuration and application of patches will prevent most exploits.
11 - 14 Jun 2007 Langkawi Seaview Hotel 22

Top 10 Threats – SANS Inst.
 Instant messaging. Many corporations also block employees from using instant messaging, not only because of the technical threats but also because of the possibility of lost productivity. Configuring IM properly, applying all the latest patches, and taking control over any file transfers that occur over
IM will prevent most attacks.
11 - 14 Jun 2007 Langkawi Seaview Hotel 23

 Port scanners
 Network/OS vulnerability scanners
 Application/database vulnerability scanners
 Password crackers
 File searching tools
 Network analyzers
 Exploit tools
11 - 14 Jun 2007 Langkawi Seaview Hotel 24

SuperScan version 3 www.foundstone.com/ resources/proddesc/su perscan3.htm
Very fast and easy to use port scanner that can find live systems, look for open ports and running services , grab banner information including software versions
SoftPerfect Network
Scanner www.softperfect.com/ products/networkscan ner
11 - 14 Jun 2007
Maps
Langkawi Seaview Hotel
MAC addresses to IP addresses which can help you locate rogue wired and wireless systems
25

NetBIOS Auditing Tool
(NAT) www.cotse.com/tools/ netbios.htm
Neat tool for cracking passwords on
Windows network shares
QualysGuard www.qualys.com
11 - 14 Jun 2007
The ultimate in ease of use and comprehensive network/OS vulnerability scanning -checks for thousands of old and current exploits
Langkawi Seaview Hotel 26

Metasploit www.metasploit.org
A great tool to exploit those Windows-based vulnerabilities that other tools find
Cain & Abel www.oxid.it
A nice tool for misc. password cracking
11 - 14 Jun 2007 Langkawi Seaview Hotel 27

The simple rules…
 Apply regular updates and patches as they become available.
 Employ security software and hardware such as firewalls and authentication servers.
 Do not use default passwords and other values that are provided with your software
Virus primer New viruses
11 - 14 Jun 2007 Langkawi Seaview Hotel 28

Best Practices…
Automatic detect, clean & update pattern.
11 - 14 Jun 2007 Langkawi Seaview Hotel 29

 Group Policy
 Active
Directory
Thanks you..!
11 - 14 Jun 2007 Langkawi Seaview Hotel 30