Vectors Attack

With all of the computers on our campus network, it is rare that there are no infected machines. Students and visitors connecting their laptops to the network provide a constant source of machines over which we have no control. In addition, with the thousands of machines on our network, it is easy to imagine that one or two are vulnerable. As a result, you should assume that there are ALWAYS infected machines on our campus network.

Methods used to infect your machine

• Attacking vulnerabilities in the operating system
• Attaching itself to another program
• Getting you to run something
• Brute force password guessing

Defence mechanisms against these methods are simple

As mentioned, worms and viruses employ multiple vectors of attack to try and infect your machine. To counteract this, there are multiple defence mechanisms at your disposal. 

• Antivirus (Anti-virus options)
• Firewall
• Automatic updates
• Being careful
• Well-chosen password

Antivirus: Antivirus software examines every file you download or try to run. If it recognizes a file as well-known malware, it locks it down and prevents it from being executed. Since new viruses appear each day, antivirus companies are continually adding new ones to their file of signatures. In order to keep your antivirus software up-to-date, you must regularly download updated signatures. This can be done automatically.

A personal firewall prevents remote machines from connecting to your computer. By default, the firewall is configured to prevent all access. You should not disable it.

Automatic updates: From time to time, a bug is discovered in the operating system which allows a remote attacker to gain control of your machine. There is no defense against this except to patch your software as soon as the patch is available. No matter what operating system you are using, this can be done automatically. Automatic updates are essential.

Antivirus software, firewall, and automatic updates are all available through the Windows Security Center, which is accessible from Start | Control Panel | Security Center. Check to ensure they are all enabled.

These three defences are technical, and compliance is easy. Once they’re set up, the computer does the work for you. Criminals know that these three methods provide protection to your computer. Instead, they work on the next weak link of the chain: YOU.

Malware looks for computers it can connect with for file shares, printer shares, logging on, etc. Once it finds one, it tries brute force password checking. This goes on in the background (users are not aware that this is going on), and tens of thousands of guesses can be made each hour. These brute force attempts work from a 100,000 word dictionary and they will try words forwards, backwards, with numbers appended to them, etc… It is essential that you have a well-chosen password.

A newer, more state-of-the-art method is to use a pass-phrase on systems which allow them. Many systems allow for 40-100 character passwords. A full sentence is more secure and easier to remember than a shorter, complicated password.

Finally, criminals will try to trick you into running something, and there are many ways this can be done. There is a constant barrage of spam/email enticing you to visit a website, which will have you downloading software. P2P software is also a great source of unwanted downloads. Be suspicious of anything you receive. Don’t run things from unknown websites. Don’t provide information to emails requesting it. Show criminals that you’re smarter than they are.