Go Back   OC3D Forums > [OC3D] Hardware & Software > Networks & Security
Reply
 
Thread Tools Display Modes
 
  #1  
Old 07-07-05, 12:33 PM
PV5150 PV5150 is offline
OC3D Elite
 
Join Date: Mar 2005
Posts: 9,934
Guide: Diagnosis, course of action and prevention of being hacked

G'day Guys

In this day and age virus's are the least of your worries: hackers and spyware are by far the most virulent and cunning of all online security threats. Let me show you how to declare war on the enemy, by first diagnosing you and your PC's threat, taking the correct course of action and then implementing preventative measures to minimise the risk of it happening again. Online threats are no longer restricted to just bringing down your PC; cybercriminals are now capable of tracking your every move and targeting web sites, such as those of banks, where you log personal data. Understanding the basics of how hackers work , is the first step in arming yourself against your system being compromised.

No PC - and no PC user - is safe from assault. Faster, always on internet connections, make it quick and easy to send or receive information, but the downside of broadband is that it increases the potential for net crime. Larger companies with a healthy bank balance are an obvious target for high-tech criminals, but such denials of service involves banks of computers sending out bogus requests simultaneously. To do this, the hackers need control of multiple PC's and are therefore constantly on the lookout for suitable hosts.

As well as exploiting your PC'sweb connection for destructive acts, hackers may also find the data stored on your PC invaluable. Malware in the form of keystroke-logging software hides itself within your PC and reports everything you type to the person that planted it there. If a hacker takes over your computer, they can have a rummage around for themselves, investigating any unencrypted files or folders, uncovering financial details and any personal data.

Most recently, there have been numerous scams to get you to reveal bank or credit card details (commonly known as 'phishing'). Data searches to find unencrypted passwords are very common too. In the wrong hands, such personal details can be used to 'impersonate' you, take out loans using your good credit rating and so on. There is, however, a number of ways you can protect your computer from virus's, scams and hackers. Lets look at the tools to help you clean up and protect your PC from trojans and other attacks designed to compromise your system.

How to diagnose if you've been hacked

If the icon for modem or network connections shows constant activity even when you are not actively using the internet, you are not necessarily being hacked: automatic updates for Windows and other programs often occur whenever you go online. However, updates that occur constantly are unlikely and, in such cases, your PC may be part of a DDoS. There are sveral ways to tell if you have been hacked.

1. Keep abreast of when you're online: to display modem/network connection details go to My Network Places and right click on the icons for Dial-up or LAN settings under View Network Connections. Select Properties and tick the box beside "Show icon in the notification area when connected".



2. High CPU activity or services: a sluggish computer could be a sign that background applications or services are running, some of which may be malware. To check performance, hit Ctrl-Alt-Del and click the Performance tab in Task Manager. When applications are running, the graph for CPU usage will peak quite regularly (mine is at 100%, due to my [email protected] programs running in the background). Leave the performance monitor on when nothings running. If CPU usage remains high, check under the Processes tab to see which services are running in the background. www.theeldergeek.com/services_guide.htm lists those that should be on your PC.



3. Performance logging and alerts: use Windows XP's more advanced tools to monitor your system. Go to Start-Settings-Control Panel, double click Administrative Tools and select Performance to load the appropriate Management Console. Click Performance Logs and Alert-Alerts, then right click in the empty pane and select New Alert Settings. Give your alert a name and, under the General tab, click Add to include a counter. In the dialogue box that is displayed, select RAS (Remote Access Services) Total and Bytes Transmitted and then, under General, set an alert when the value exceeds the amount you specify. Alerts will now be logged and you can see them by going to the Performance Management Console to view suspicious activity.



Closing the Gaps

Large companies should implement an IDS (Intrusion Detection System) - a line of defence that detects hostile activity on a network. While such systems are expensive, and sometimes hard to use, you can create an ad hoc IDS by combining a firewall, anti-virus software and vulnerability assessment utilities. It's possible to scan for potential security gaps using two processes that are commonly employed by hackers themselves. Port scanning checks against the some 65,000-plus ports a PC can use to communicate across networks. Packet sniffing software analyses data as it travels across networks and is used legitimately by network administrators to monitor network traffic and identify bottlenecks. Unfortunately, unencrypted usernames and passwords are also often transmitted across networks; hackers can use packet sniffing software to detect such important data.

1. Microsoft's scanner:

Most security scanner software is aimed at large companies with price tags to match, but there are a few free applications including the Microsoft Baseline Security Analyser 1.2.1, although it is quite difficult to use.

http://www.microsoft.com/technet/sec.../mbsahome.mspx





2. No holes with NeWT 2.1:

Of the free tools available, this is by far the simplest to use

www.tenablesecurity.com/newt.html

Languard Network Security Scanner www.gfi.com/lannetscan is another good free package. After installing NeWT, go to Start-Programs-Tenable Network Security-Tenable NeWT-NeWT Security Scanner. This will check through more than 4000 common security vulnerabilities. To do this, click New Scan Task.

The free version can only check a local network and, for standalone users, you will see the name Localhost listed on the drop-down menu. Select this and click Next, then choose "Enable all but dangerous plugins" before starting your scan. Note that the report generated by NeWT will only be useful if you have advanced knowledge of ports and network connections.



3. Symantec Security Check:

Symantec offers a free online service to check the levels of protection on your PC. Log onto http://security.symantec.com/sscv6/d...d=ie&venid=sym and select the links that appear on the SSC (Symantec Security Check) page to see if your PC has been compromised by hackers or viruses. After you click each link you will be expected to install the Security Check applet (choose Yes when prompted), then a page will appear with your IP address. Click the scan button at the bottom of the page to start the check. If your PC is insecure, the SSC will tell you how and why. Unsurprisingly, the solution is to buy Symantec's Security software lol



4. Open door policy:

A good firewall will protect you from inbound attacks, while also monitoring the applications running on your PC when they make outbound connections to remote systems. (Trojan horse programs, spyware and other malware that sneaks onto your PC often employ your internet link to connect clandestinely to remote servers.) Windows XP's firewall only monitors inbound connections, offering no protection from malware already on your PC. The latest versions of Sygate Personal Firewall or Zonealarm are effective. If you have a broadband internet connection, you may also wish to use a hardware based firewall in conjunction with a software version. Many cable and DSL modems and routers-wireless routers included-have a firewall that you can configure from your PC. Because these hardware firewalls are external to your system, they can't monitor which apps are opening outbound connections, so in reality they can't replace a software firewall running on your PC.

If you would like to see how well your firewall stands up against the nasties on the www, you can go and get yourself tested at some of the links below. Ultimately you need to have all ports blocked, stealthed or non-responsive to the tests:

Shields Up

Sygate security check

PC flank

You need to patch to protect

Most PC's become infected when files and apps sneak in via your web connection. To avoid future breaches, first ensure your browser abd email client are as secure as possible. Common techniques for compromising computers include spoofing a web address (passing off a dangerous site as one that is more respectable) or exploiting loopholes in Internet Explorer's security to pass protected information to sites that are not secure.

1. Detecting Trojans:

Install the latest Windows patches and fixes - that means SP2 if you're running XP. And remember, SP2 does not protect you from all future security flaws so you will still have to update your PC regularly with patches and security fixes. After you have installed SP2, go to Start-Windows Update to access the site: you will be prompted to download a new interface that, among other things, simplifies the process of installing critical security fixes.



2. Safer surfing:

Many loopholes in IE stem from the ActiveX applets the browser allows to run on your machine and, potentially, access your data. To make your surfing more secure, go to Tools-Internet Options and click on the Security tab. Next slide the security level up to High or click the Custom Level tab and disable the options next to various ActiveX controls. If you use Outlook Express, go to Tools-Options and, under the Security tab, check the options that do not allow OE to open possibly infected files via the preview pane or (with SP2) display images in HTML messages.



3. Firefox

IE's popularity along with it's security flaws means it's an obvious attack target, so I recommend you use FireFox instead. FF is fast, responsive and compatable with most pages that IE will display. Common plug-ins such as Flash and Quicktime are not part of the standard installation, however. Some pages need ActiveX controls to display properly - but I've already recommended disabling those applets to surf safely. You can get the latest version of FF here: SysXtreme downloads

along with the Thunderbird email client. If you require anything else for FF, for example plug-ins, they can be found at the browsers home page here FireFox home page

Beware of Trojans

Hackers usually try to take control of your PC by installing Trojans - files that load themselves as part of another innocent-looking program or Web page. Many powerful Trojans, such as SubSeven, are backdoor Trojans and their purpose is to allow a remote party to gain unauthorised access to a PC.

1. Detecting Trojans

Not all anti-virus software looks for Trojans. If such hacks are of concern, use a dedicated scanner such as TDS-3 , Trojan Hunter or (a)squared

Alternatively, scan your PC for Trojans with the online scanner at websecurity trojan scan. Simply go to the site and click "Scan my computer for Trojans".

2. Search and Destroy



Download and install a freeware version of (a) squared from www.emisoft.com/en/software/free then click the Scan button to check your computer for nasties. Of the anti-Trojan apps mentioned, Trojan Hunter and (a) squared are probably the easiest to use, while TDS-3 probably has the largest anti-Trojan database available to any program. It's interface and complexity will be intimidating to new users, but I can highly recommend it for experts who want complete control over Trojans and malware.

If you require more info on other net nasties and how to prevent them, you can read my guide How to remove Browser Hijacks, viruses and spyware with an 'Hijack this' inclusion.

Well I hope this has given you a little more knowledge, if anything, I have tried to keep it as simple as possible. Finally, if there is anything else you want included, pls don't hesitate to ask.

PV

__________________
Quote:
Originally Posted by name='Jim'
"Jonathan 'Fatal1ty' Wendel may be 12-time world gaming champ, but how does he cope inside a 50c hot box sucking on a heavy load?":rocker::rocker:
Reply With Quote
  #2  
Old 07-07-05, 12:58 PM
FarFarAway FarFarAway is offline
Newbie
 
Join Date: Mar 2005
Posts: 0
The master og guides does it again!!

Nice PV
Reply With Quote
  #3  
Old 07-07-05, 01:29 PM
bloodthirst bloodthirst is offline
OC3D Elite
 
Join Date: Apr 2005
Posts: 2,391
yeah great guide PV i used what is there and im paitently waiting for the remainder of it tomorow great guide should be stickied
Reply With Quote
  #4  
Old 07-07-05, 01:47 PM
PV5150 PV5150 is offline
OC3D Elite
 
Join Date: Mar 2005
Posts: 9,934
Thanks guys, I appreciate it. I'll have the rest done tomorrow, as I'm off to bed now.
__________________
Quote:
Originally Posted by name='Jim'
"Jonathan 'Fatal1ty' Wendel may be 12-time world gaming champ, but how does he cope inside a 50c hot box sucking on a heavy load?":rocker::rocker:
Reply With Quote
  #5  
Old 07-07-05, 01:55 PM
bloodthirst bloodthirst is offline
OC3D Elite
 
Join Date: Apr 2005
Posts: 2,391
Quote:
Originally Posted by name='PV5150'
Thanks guys, I appreciate it. I'll have the rest done tomorrow, as I'm off to bed now.
no problem mate, yeah ill be needing the rest of it tomorow enjoy your sleep cya tomorow
Reply With Quote
  #6  
Old 07-07-05, 01:59 PM
limqareb limqareb is offline
OC3D Elite
 
Join Date: Mar 2005
Posts: 1,908
good guide pv
__________________


Reply With Quote
  #7  
Old 07-07-05, 02:38 PM
NickS NickS is offline
OC3D Elite
 
Join Date: Mar 2005
Posts: 5,430
Noice job, m8!
__________________
Laptop

Sony VAIO CS110E 14.1" :: Core 2 Duo T5800

3GB DDR2-800 :: 250GB HDD :: Intel Media Accelerator

HTPC

Gateway GT4024 :: Intel Pentium D 805 :: 1GB DDR2-667

700GB of Storage :: ATi Xpess200 :: Sharp AQUOS 32" 720p





Reply With Quote
  #8  
Old 07-07-05, 04:43 PM
JN JN is offline
OC3D Elite
 
Join Date: Mar 2005
Posts: 13,678
What a top guide PV...i love it
Reply With Quote
  #9  
Old 08-07-05, 06:53 AM
enVias enVias is offline
OC3D Elite
 
Join Date: Mar 2005
Posts: 2,925
tis great pv!

^^ that's all i have to say
__________________
Reply With Quote
  #10  
Old 08-07-05, 10:38 AM
PV5150 PV5150 is offline
OC3D Elite
 
Join Date: Mar 2005
Posts: 9,934
Thank you guys, it's finished....I think lol
__________________
Quote:
Originally Posted by name='Jim'
"Jonathan 'Fatal1ty' Wendel may be 12-time world gaming champ, but how does he cope inside a 50c hot box sucking on a heavy load?":rocker::rocker:
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump










All times are GMT. The time now is 11:17 PM.
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2019, vBulletin Solutions, Inc.