General Internet Security for Windows |
Article is yet to be rated |
|
| Author:
| RadEvil
|
|
| Submitted: |
28-Apr-2007 19:41:03 |
| Imported From: |
The CyberArmy University (original author: )
|
| This tutorial shows the common threats that normal users of Internet are exposed daily, and tries to give the basic knowledge of how when they are victims of an abuse by Internet.
|
|
1. Overview
2. Threats on the Internet
2.1. Cookies
2.2. Denial of service
2.3. File and Print Sharing
2.4. Spyware
2.5. CTRL key in Internet Explorer
2.6. Trojans
3. Safe navigation
3.1. Proxies and utilities
*************************
1. OVERVIEW
This tutorial shows the common threats that normal users of Internet are exposed daily, and tries to give the basic knowledge of how when they are victims of an abuse by Internet.
2. THREATS ON THE INTERNET
2.1. Cookies
A cookie, is a small text file placed on your computer by a web server to tell that web server that you have returned to that particular web page and sometimes they can be used to track your movement not only when you return to the site, but when you surf, or exit that particular website and only that website as well. It is like your personal identification card that can only be read by the web server that gave it to you. They are normally kept in a file called Cookies in your windows directory.
Web sites also use cookies to keep your account information up-to-date. Then for instance when you visit your e-mail webbased account without being unlogged some hours later, you find yourself being logged on, even if you turn off your computer. Your login and password was simply stored on your harddrive in cookie file. This is security threat, in case that there is more persons who have the access to your computer.
Some web sites can retrieve info about your email using cookies, that's why when you visit a porn site you start receiving spam in your webbased inbox.
2.2. Denial of Service (DoS)
A Denial of Service (DoS) attack occurs when a malicious person(s) sends another user or server a large amount of data for the sole purpose of disconnecting the connection from the internet, slowing down or disabling their services, or crashing the remote system. DoS attacks are mainly just used to cause destruction from a single person or a group a people who wish to flood another person, websites, or servers of companies or organizations.
To businesses, an attack on the company website could render the site unreachable for hours or more by its consumers which could cause the business to lose money or even damage the website servers Protecting your computer from one of these attacks is not easy. People on dial-up are the easy targets since their connections are slower and more people nowadays use cable or DSL connections, which are much faster and can easily send more data to a host to slow it down, disconnect it, or crash it. The best way to protect yourself is to update your computer with the necessary patches and install a good firewall. This should protect you from a few of the attack tools that some attackers use online. For more information on the tools these attackers use and patches for them, visit http://www.irchelp.org or check the download section of www.ca-cia.org. The best way to keep secure your PC from this attacks is staying anonymous while you're connected to the internet, this tutorial shows how to do that in the third section.
2.3 File and Print Sharing
File and print sharing is an option that is part of the windows networking which enables a user to share files an printers with any person over a network or over the internet. When this option is turned on, the port 139 opens on your computer). This is the port in which file and print sharing takes place on. Though this port serves a valuable purpose, it is also one of the most dangerous ports there is and the port that most hacks occur on. Malicious hackers love this port because it is very easy to gain entry to another person's Windows computer when the file and print sharing option is activated without a password protecting it. If you are not using file and print sharing for anything then I strongly urge you to make sure it is disabled in the networking options. If you are on a connection that is online 24/7, such as cable or DSL, and file and print sharing is enabled without your knowledge and your system has no firewall, then sooner or later you will be hacked. To enable/disable file and print sharing on Windows 9x:
1. Go to Start, and then to Settings, then press Control Panel.
2. Double click on the Network icon.
3. In the Network window that pops up click File and Print Sharing at the bottom.
4. Make sure both boxes are de-selected then press OK, then Ok again.
5. Reboot your computer only if the boxes were checked.
To enable/disable file and print sharing on Windows NT/2000:
1. Go to Start, and then to Settings, then press Control Panel.
2. (Windows 2000 Only) Double click Administrative Tools.
3. Double click Services, then Server.
4. Select Disabled for Startup Type, then click Apply, then OK.
If you have a local network in your house or bussiness, you must protect the shared resources with passwords, and use a firewall that protect the 139 port in case if somebody crack the password security.
2.4. Spyware
Spyware, also known as adware, is a program that is downloaded without the user's knowledge when he/she downloads certain types of free programs from the Internet. The spyware application runs in the background of the user's computer without the user ever knowing it has been downloaded. Spyware applications are created by the software authors to make money from the product you downloaded through advertisements. Spyware contacts its server constantly while you are on the internet, literally turning your computer into a small server, sending its own server information about you which can be anything from the sites you search, to information about your computer, personal information such as your email addresses, home addresses, phone numbers, or possibly your credit card numbers. there are anti-spyware programs for you to download that will find and remove spyware programs from your computer. One of the best spyware removal programs is called Ad-aware, which can be found at http://www.lavasoftusa.com/aaw.html or in the download section of www.ca-cia.org.
2.5. CTRL key in Internet Explorer
Recently Microsoft was warned about a dangerous exploit that directly attacks internet explorer's users. Pressing CTRL in IE may result in arbitrary local file to be uploaded to a remote server (no exact path needed). If special sensitive information is uploaded, it may be used to run remote programs.
A special crafted webpage can retrieve any local file using simple JavaScript. This is possible by performing the following steps:
1. When a user presses the CTRL key an OnKeydown event can be set to fire. In the event function the key pressed is changed to 'V'. The result will be a paste operation with fewer restrictions.
2. The content of the clipboard is altered and focus is changed to a hidden file upload form. The paste operation will be performed into the form, yielding a change of value for the file upload field (not normally allowed).
3. The upload form is submitted automatically (legal JavaScript operation).
It isn't necessary to know the exact path to local files because it's possible to refer to a file with "..\filename". Further on, if the local file "..\LOCALS~1\TEMPOR~1\CONTENT.IE5\index.dat" is uploaded, then the random directories needed to get the exact path to the temporarily internet folders can be retrieved. Knowing the exact path a compiled help file .chm can be dumped and launched with showHelp() (old .chm attack). The compiled help file is allowed to have instructions to execute arbitrary programs.
Vendor status:
02-06-16 Microsoft was contacted about the issue.
02-07-23 Microsoft sent the following statement:
"After investigation, our product team has confirmed that this does not
meet the bar of a security vulnerability. We will not be releasing a hotfix or patch for this issue."
They proposed the following possible workarounds:
1. Disable or set to prompt - "Submit non encrypted form data" option
2. Disable "allow paste operations via script" (best)
3. Disable active scripting"
2.6. Trojans
"Derived from Greek legend in which the Greeks won the Trojan War by hiding in a large, hollowed out horse to gain entrance to the City of Troy, the computer version of a trojan will come off as (hidden inside of) a useful application such as a free screensaver or chat program, only to later display harmless messages, destroy files, or create a backdoor in your system for an intruder to gain access to your computer. A trojan is not a virus because it does not replicate itself." You can get a trojan on your computer in many of the same ways you can get a virus, but one of the main purposes of the trojan is for an intruder to access your computer remotely and even control it. You do not want one of these things on your system at all. If an attacker installs a trojan on your computer by getting you to download some application, he/she can browse through your files and even your registry, format your hard drive, spy on you by viewing what you type on chats or instant messengers, spy on you through your webcam, listen to you talking through your own microphone, read your email messages, etc. Basically, just about anything you can do on your computer locally, the attacker can do remotely. Possible signs and symptoms due to trojan infections:
- Your CD-ROM door opening and closing by itself (classic sign).
- Messages start popping up on your monitor screen that appear to be talking to you.
- Your printer may print out strange messages on its own.
- Your mouse pointer may start having a life of its own.
- An unknown person starts typing in your instant message window when you are talking to a friend.
- Anything weird and out of the ordinary that your Windows PC does (excluding the errors, screen freezes, and blue screens of death).
If you think you have a trojan than you should turn off your computer. Once you sign on again (offline) you can find out if you have one by seeing if there are any common trojan ports open by going to the DOS prompt and type in the command netstat a.
For a list of common Windows ports that trojans run on, you can go http://www.doshelp.com/trojanports.htm. You can find more info here
3. SAFE NAVIGATION
3.1. Proxies and utilities
Proxies are servers you use for an anonymous navigation, you can find the info you need about proxies and how to use them checking here. You can find many utilities in the download section of www.ca-cia.org and if you need some help with one of this software go to #msd in irc.cyberarmy.com
Note: by Radevil
This article was originally published by CyberArmy.net in the CyberArmy Library.
|
|
You must be logged in to vote on an article
|
About Us | Privacy Policy | Mission Statement | Help
|