Go
Cyber Security HomeSecurity AwarenessCyber Security For KidsPA-ISAC
Cyber Security
Security Awareness
Cyber Security for Kids
Security Advisories
Anti Virus
Security News
Best Practices
Security Projects
Events
Newsletters
Commonwealth Employees
Local Government
PA-CSIRT
Information Technology
 
Log In

Unsure who to contact? Have a question or issue?
Best Practices  
  • Adware
    Adware is software that is often deceptively loaded on your PC without notifying you that it will load and what it will do.  Usually this type of software collects information on web sites you have visited, provides additional popup windows with copies of your web browser running with unsolicited advertisements (hence the term adware) or automatically loads numerous web browser windows when you open your web browser (i.e., Internet Explorer) or potentially changes your list of Favorite web locations to visit or your home page of your web browser.  The objective is to target unsolicited advertisements to the PC user and tempt the user to visit the unsolicited site and/or purchase unsolicited products.  A more deceptive adware software tool may try to trick the user into supplying personal information (including user names, passwords, account names/numbers, banking information, etc.). These latter, more malicious adware and mass mailing techniques are referred to as Phishing.
     
     
    Steps to Prevent Adware from Being Loaded On Your PC:
    1. Adjust your Internet Explorer 6 (Web browser) security settings to a higher level
    2. Don't take downloads from strangers
    3. Look for signs of deceptive software on your computer
    4. Use a tool to help detect and remove unwanted software (many anti-virus software programs are beginning to include spyware/adware detection and cleaning within the anti-virus software itself)
    5. Keep Windows up to date
    Some useful information links and other information about spyware/adware from Microsoft can be found below:
     
     
    What is Adware?
    Adware typically displays advertisements. Often, these appear in your web browser as popups and additional web browser windows.  Some advertisers may covertly install adware on your system and generate a stream of unsolicited advertisements that can clutter your desktop and affect your productivity. The advertisements may also contain pornographic or other material that you might find inappropriate. The extra processing required to track you or to display advertisements can tax your computer and hurt your system performance.
     
    The key is whether or not you (or another user of your computer) have been properly notified of what the software will do and that you have provided consent to have that software installed on your computer. In other words, is the software being deceptive in what it does or how it gets onto your computer?
     
    What is deceptive software?
    Spyware and unauthorized adware are two examples of "deceptive" software. Deceptive software includes programs which take over your home page or search page without first getting your permission. There are a number of ways deceptive software can get on your system. A common trick is to covertly install the software during the installation of other software you want such as a music or video file sharing program.
     
    Whenever you are installing something on your computer, make sure you carefully read all disclosures, including the license agreement and privacy statement. Sometimes the inclusion of adware in a given software installation is documented, but it may appear at the end of a license agreement or privacy statement.
     
    Sometimes deceptive software gets silently installed on your system without any warning at all. If you use Internet Explorer as your Web browser, this can happen if your Internet Explorer security setting is set to its lowest value. Make sure to keep this setting at the medium level or higher. Doing so will help you control what is being installed on your computer. (We'll discuss this more in a moment.)
     
    Have you ever had an experience where you were repeatedly asked to accept a download even after you said "no"? Creators of deceptive software often use such tricks to get you to load their software. If this happens to you, do not click "yes". Instead, try to close the Web page that first asked you to accept the download by hitting the "X" in the corner of the window. Alternatively, quit Internet Explorer and restart it to begin browsing the Internet again. If you visit a Web page that continually displays these tricky pop-up windows, that Web site may not be worthy of your trust.
     
    Read on to learn how to help avoid infecting your computer with deceptive software and to find out what to do if you are already infected.
    top
  • Did you know...

    Based on recent statistics:

    - That the average unprotected computer can be compromised in a matter of minutes.

    - The majority of individuals who thought their computers were safe ... were wrong!

    top
  • Email Anti-Virus Tips
    The Office of Administration/Office for Information Technology (OA/OIT) has moved to strengthen the Enterprise Computer Network Security posture through an initiative known as Operation Secure Enterprise (OSE). This initiative involves a number of areas including Enterprise monitoring of Anti-Virus software, Security Awareness for all employees, improved methods of distributing software updates and security patches, as well as a number of other steps.
     
    Various portions of this initiative are affecting different agencies at different times.  However, some changes may affect the way all agencies exchange information even though a specific agency has not already migrated into the Enterprise environment or method of operations.
     
    One of the first areas that is being addressed is the implementation of Enterprise monitoring of Anti-Virus software.  As part of this process, some tighter controls are being implemented to scan for additional, potential sources of infection at the workstation and server level.
     
    For the most part, these tighter controls will be transparent to most users.  Occasionally, some documents or items will now trigger detection as a virus or a potential virus.  Because of this, some user education is necessary to avoid triggering these detections unnecessarily.
     
    As a user, you can take the following steps to work within these boundaries and still accomplish your agency's business needs:
     
    Issue: Documents with multiple file extensions are no longer permitted. 
     
    Many viruses attempt to spread by email attachments with multiple/nested file extensions.  For example, the Kournikova worm sent an attachment called "AnnaKournikova.jpg.vbs" - notice that second period?  It pretended to be a jpeg picture file while it was actually a Visual Basic Script.
    This is a common way that virus writers try to trick you into getting a virus.  Any file name containing more than one period in it should be treated as a probable virus and Commonwealth anti-virus filters are blocking or removing files that fail to comply.
    In general, try not to use the following characters in filenames:
    * <> [] = + " \ / , ; : or .
     
    Resolution: Avoid naming your documents with periods in the file names preceding the normal file extension. 
    Example: Instead of naming your document:   Job Desc. 01-31-2005.doc
                 Name it:                                     Job Description 01-31-2005.doc
     
    Agencies that send document attachments to an agency that has already been migrated into the Enterprise anti-virus environment should follow these same file naming practices.  This will ensure that documents are not screened out or deleted as potential virus carriers.  This information should also be communicated to outside business partners and entities that interact with the Commonwealth.
     
    Issue: Many users receive email messages from individuals who are not known to the recipient.  This process often utilizes what is known as Spam email.  The object of these messages is to entice the recipient to open the message and potentially follow a link within the message or view a picture or web site with malicious code embedded within the picture or web site.  This is a process referred to as "social engineering".
     
    As viruses and worms become more prevalent, simply opening an email message that is formatted in a particular way (using HTML or an embedded graphic) can expose the recipient to the malicious code.
     
    Resolution: Avoid opening messages from unknown recipients.  Simply delete the messages before opening them by reviewing the subject lines and the sender's address.  Also, turn off the message Preview Pane within Microsoft Outlook through the following steps:
     
    1. At the main Microsoft Outlook screen that displays your folders, highlight the folder that you wish to turn off the Preview for
    2. Click on the View menu at the top of the Outlook screen
    3. Click on the Preview Pane to turn off the preview of the message (this is the default view within Outlook and the list of messages in the upper right window will have the text of the message in the lower right window when Preview Pane is turned on)
    Note: This step must be performed separately for each folder
     
    Even if you follow these steps, you may accidentally open an email message from an unknown user.  Delete the message without following any links or clicking on any images or embedded message attachments.
     
    The OA/OIT scans all incoming email for viruses at the email gateway for viruses. While most viruses are screened out through this process, messages that do not contain malicious code directly within the message and that entice the user to visit an infected web site will still make it through these filters.  Your desktop anti-virus software will likely detect these malicious web sites, however, using these steps outlined above will further reduce your risk of introducing malicious code onto your machine and subsequently onto the entire Commonwealth network.
     
    Collectively, these techniques are in the categories of phishing, Spyware, adware, etc.
     
    Additional information regarding the OSE initiative will be provided.  Some of the information will come directly from OA/OIT.  Other information may be provided by your agency IT support staff.  Please review the information carefully to determine how the initiatives affect your specific situation.
    top
  • Firewalls

    Any machine connecting to the Internet should utilize a firewall. There are two types of firewalls. Software firewalls usually run on PCs. Hardware firewalls are separate devices designed to efficiently protect computers. They are usually used by businesses, organizations, schools and governments. All firewall protection creates a barrier between the computers and the Internet. Firewalls should be configured to filter out unauthorized or dangerous information and prevent intruders from scanning and retrieving personal or sensitive information from the computer. Periodically check your firewall manufacturer's web site for product updates and patches.

    top
  • Home Computer Protection

    Properly safeguarding your personal computer (PC) is one of the most important ways of protecting your information from corruption or loss.

    1. Log off or lock your computer when you are away from your PC. In most cases hitting the 'Control-Alt-Delete' keys and then selecting "Lock Computer" will keep others out. You will need your password to sign back in, but doing this several times a day will help you to remember your password.

    2. If you have a modem, make sure it does not accept incoming calls (auto-answer should be off).

    3. When possible, remove your personal or sensitive information before allowing your workstation equipment to be repaired off-site or replaced by an outside vendor. If your home computer is being used for work purposes, consult your manager on how best to do this.

    4. Install firewall and anti-virus software. If you have multiple machines, have this software on all of them.

    top
  • Malicious Code Protection

    Malicious code can take forms such as a virus, worm or Trojan. It can hide behind an infected web page or disguise itself in a downloadable game, screen saver or email attachment.
    Computer viruses are programs that spread or self-replicate. They usually require interaction from someone to be activated. The virus may arrive in an email message as an attachment or be activated by simply opening a message or visiting a malicious web site. Some viruses consume storage space or simply cause unusual screen displays. Others destroy information. If a virus infects your PC, all the information on your hard drive may be lost and/or compromised. Also, a virus in your PC may easily spread to other machines that share the information you access.
    Viruses can exhibit many different symptoms. If your computer behaves erratically, employees are advised to contact their organization computer support representative. At home, disconnect the PC from the Internet and run a full virus scan.

    1. Check that your anti-virus software is updated at least every week or set it for automatic updates. New, fast spreading worms and viruses are released every day.

    2. Before implementing or using software from any source, check it for viruses with a current virus scanner. Employees, if you do not have a virus scanner installed on your PC, call your organization representative.

    3. Store removable media as CDs/thumb drives/diskettes as "write protected" whenever possible to prevent infection by viruses.

    4. Do not load free software on your computer from an untrusted source.

    5. Consider blocking extensions such as: .bat, .cmd, .com, .exe, .pif, .scr, or .zip through content filtering software.

    6. Depending on the extent of the infection, you may need to re-install your operating system.

    Worms are similar to viruses because they self-replicate, however, they do not require any user interaction to be activated. Worms spread because of vulnerabilities or "holes" in software.

    1. Install either a software or hardware firewall. A well configured firewall can stop propagation of a worm.

    2. Anti-virus software will often detect worms. Keep your anti-virus software up-to-date.

    3. Know where to find your anti-virus vendor's "rescue" web site for your home computer.

    4. Keep your PC and servers "patched."

    Trojans (also known as backdoors) are malicious code hidden in a legitimate program that, when executed, performs some unauthorized activity or function. This can range from stealing your password and credit card information to allowing someone to take control of your computer. To prevent installation of Trojans on your machine:

    1. Run anti-virus software on your desktop and follow the best practices for using it.

    2. Be careful about downloading games, screensavers and other files. Download only from trusted Internet sources.

    3. Be careful about file and music sharing services because you can inadvertently share files you did not intend to share. Downloaded files can contain viruses and other malicious code.

    A denial-of-service attack is an assault upon a network or web site that floods it with so many additional requests that regular services are either slow or completely interrupted. In some instances, a group of remotely controlled, compromised desktops are combined to jointly attack a target system.


    Spyware and related "adware," are software sometimes downloaded from a web page, by following a link in an email or are installed with freeware or shareware software without the user's knowledge. Spyware is used to track your Internet activity, redirect your browser to certain web sites or monitor sites you visit.

    Spyware may also record your passwords and personal information to send to a malicious web site.

    1. Read the freeware and shareware license agreement to see if adware or spyware is mentioned before installing the software.

    2. Choose to "Close" any pop up windows by clicking on the "X."

    3. Do not respond to any dialogue boxes that appear unexpectedly; click on "X". Clicking on "No" or "Cancel" sometimes installs spyware.

    4. Beware of visiting web pages which are untrusted.

    5. Install software to detect spyware and adware on your PC.

    Hoaxes are email messages that resemble chain letters, offer free money, or contain dire warnings and offers that seem to be too good to be true. If you receive a hoax via email, delete it. Sharing hoaxes slows down mail servers and may be a cover for a hidden virus or worm.

    top
  • Mobile Computing Security

    Computers are now accessible via a variety of means. A person can even download data from the Internet to a cell phone. While convenient and fun to use, some good practices will help protect your information.
    Laptops, PDAs and Cell Phones are more easily stolen or misplaced because of their size. Remember, if your laptop is gone, your data is too. Small computer devices carry information that must be protected.
    If you use a laptop, remember the following:

    1. Secure it with a cable lock or store it in a locked area or locked drawer.

    2. Backup your data.

    3. Encrypt confidential information stored on it.

    4. Keep it with you during air and vehicle travel until it can be locked up safely. Do not forget to retrieve it after passing through airport security.

    5. Treat all your portable devices in the same careful manner you use with your laptop and keep an eye on them.

    top
  • Possible Symptoms of a Compromised Computer

    Is your machine:

    - Slow or non-responsive? Experiencing unexpected behavior?
    - Running programs that you weren't expecting?
    - Showing signs of high level of activity to the hard drive that is not the result of anything you initiated?
    - Displaying messages on your screen that you haven't seen before?
    - Running out of disk space unexpectedly?
    - Unable to run a program because you don't have enough memory - and this hasn't happened before?
    - Program constantly crashing ?
    - Rejecting a valid and correctly entered password?

    Is your organization:

    - Finding all of its email refused (bounced back)?
    - No longer receiving any email or visitors to your web site?
    - Experiencing a number of employees calling the help desk saying their password doesn't work anymore?
    - Receiving complaints from the system administrators that their passwords don't work anymore?
    - Getting complaints from your users that the network has slow response time?
    - Finding there are new processes running on the web server?

    Home users may wish to call their ISP and/or anti-virus vendor.

    top
  • Patching

    People are constantly finding security holes (i.e. vulnerabilities) in computer software which could be used to infect your computer with a virus, spyware or worse. When vulnerabilities are discovered, the software vendor typically issues a fix (i.e. patch) to correct the problem. This fix should be applied as soon as possible because the average time for someone to try to exploit this security hole can be as little as a few days.

    1. Newer software and operating systems can be set to automatically apply updates. If your software supports this, set up the automatic updates.

    2. For older software, the software vendor typically makes the patches available on their web site. Check the web site at least once a month for updates and follow the instructions to apply them. If the vendor provides email notification, subscribe to the notifications and follow the instructions in the email to apply the patch as soon as possible.

    3. Many organizations may already have a process for automatically applying patches so check with your help desk before applying patches on your work computer.

    top
  • Phishing

    What is Phishing?
    Phishing attacks use 'spoofed' e-mails and fraudulent websites designed to fool recipients into divulging personal financial data such as credit card numbers, account usernames and passwords, social security numbers, etc. By hijacking the trusted brands of well-known banks, online retailers and credit card companies, phishers are able to convince up to 5% of recipients to respond to them.

    As with most scams of this type, the recent US Bank and Citicorp scams attempt to obtain personal information from bank customers. Phishing scams attempt to obtain information such as account numbers, credit card numbers, user-id's, passwords, social security numbers, phone numbers, addresses and other personal information.
    If you receive an email that requests this type of sensitive information, you should be suspicious of it. Banks, credit card companies, Paypal, Ebay, Stock brokerage companies, and most companies doing   business online will not request personal account information via an email or a link in an email. If you have doubts phone the institution directly and use a url entered yourself to access their web site.
     
    Reporting Phishing Scams and Other Resources on this type of fraud:
    Internet Crime Complaint Center (FBI and the National White Collar Crime Center):
    Federal Trade Commission: http://www.consumer.gov/idtheft 
       & by email:  uce@ftc.gov
     
    Anti-Phishing Working Group: http://www.antiphishing.org

    More Information on Phishing is available from Microsoft at
    What you need to know about Phishing:
    Steps that you can take to help identify and to help protect yourself from deceptive (spoofed) Web sites and malicious hyperlinks: http://support.microsoft.com/?id=833786
    How to Tell If a Microsoft Security-Related Message Is Genuine: http://www.microsoft.com/security/incident/authenticate_mail.mspx
     
    Other Useful Information Links on Phising:
     
    Five tips on phishing protection from the Microsoft:
    Here's what you can do to help protect yourself from phishing
    Just as they do in the physical world, scam artists will continue to develop new and more sinister ways to trick you online. But following these five easy steps will help protect you and your information.
    • Never respond to requests for personal information via e-mail. If in doubt, call the institution that claims to have sent you the e-mail.
    • Visit Web sites by typing the URL into your address bar.
    • Check to make sure the Web site is using encryption.
    • Routinely review your credit card and bank statements. 
    • Report suspected abuses of your personal information to the proper authorities.
    top
  • Protecting Your Information

    During an emergency or disruption, critical information - the information necessary to run your organization's systems, record activities or satisfy legal and/or business requirements - may be damaged. The best way to protect information is to copy it and store it in a secure location.

    1. If you are connected to a network, store your files in folders set aside for you. (For employees, check with your LAN administrator for the schedule of backups).

    2. If you are not connected to a network, save your files to CDs or floppy disks regularly and after all significant changes.

    3. The frequency of the backup cycle should be consistent with the frequency with which you modify the information.

    4. Save your original installation CDs/diskettes to use as the backup for your PC software.

    top
  • Remote Access

    Remote Access allows users to access data from outside locations using dial-up equipment and public telephone lines or cellular/wireless phones on the Internet. Because this form of access is designed for off-site use that may extend after normal business hours, extra measures are required to prevent unauthorized access.

    1. Keep dial-up numbers confidential.

    2. Remote access to the office via the Internet should use encryption such as Secure Socket Layer (SSL) or Virtual Private Network (VPN).

    top
  • Security Breaches

    Information is a critical asset. Therefore, it must be protected from unauthorized modification, destruction and disclosure. Security breaches can take several forms. The best defense against security breaches are conscientious and alert users. You are the most important person for early detection and prevention. Examples of breaches include:

    - Damage to equipment, facilities or utilities.
    - Loss or misplacement of media (e.g. disks, tapes, paper) containing confidential/highly restricted information.
    - Inappropriate use of the computing environment.
    - Unauthorized access or attempted unauthorized access to information or computing resources.

    If you discover a security breach, you should report the breach to your Information Security Officer or manager immediately.

    top
  • Social Engineering

    Social Engineering is an approach to gain access to information through misrepresentation. It is the conscious manipulation of people to obtain information without their realizing that a security breach is occurring. It may take the form of impersonation via telephone or in person and through email. Some emails entice the recipient into opening an attachment that activates a virus.

    1. Before providing information to a telephone caller, check if the individual is authorized to receive that information.

    2. Employees should report any suspicious calls to the appropriate individual in your organization.

    3. Before opening an email attachment or clicking on a link, verify it is from someone you know, ensure your anti-virus software is current and that the message in the email makes sense for you to receive. If all the parts don't add up, the attachment may contain a virus. Delete it.

    top
  • Spyware
    Spyware is software that is often deceptively loaded on your PC without notifying you that it will load and what it will do.  Usually this type of software collects personal information (including web sites visited, user names, passwords, etc.) without the knowledge of the user.  This information is collected by remote computers without the users knowledge and can be used to perform illegal activities and/or subject the user to unwanted communications from companies that they have no desire to interact with.  Spyware is related to adware, however, it is often embedded in software downloads for free software without informing the user that it will be included in the download/installation process.
     
     
    Steps to Prevent Spyware from Being Loaded On Your PC:
    1. Adjust your Internet Explorer 6 (Web browser) security settings to a higher level
    2. Don't take downloads from strangers
    3. Look for signs of deceptive software on your computer
    4. Use a tool to help detect and remove unwanted software (many anti-virus software programs are beginning to include spyware/adware detection and cleaning within the anti-virus software itself)
    5. Keep Windows up to date

    Some useful information links and other information about spyware from Microsoft can be found below:
     
     
    What is Spyware?
    Spyware is software that collects personal information from you without first letting you know what it's doing and without letting you decide whether this is OK or not. The information spyware collects can range from all the Web sites you visit to more sensitive information like usernames and passwords. You might be the target of spyware if you download music from file-sharing programs, free games from sites you don't trust, or other software programs from an unknown source.
     
    Spyware is often associated with software that displays advertisements, called adware. Some advertisers may covertly install adware on your system and generate a stream of unsolicited advertisements that can clutter your desktop and affect your productivity. The advertisements may also contain pornographic or other material that you might find inappropriate. The extra processing required to track you or to display advertisements can tax your computer and hurt your system performance.
     
    The key is whether or not you (or another user of your computer) have been properly notified of what the software will do and that you have provided consent to have that software installed on your computer. In other words, is the software being deceptive in what it does or how it gets onto your computer?
     
    What is deceptive software?
    Spyware and unauthorized adware are two examples of "deceptive" software. Deceptive software includes programs which take over your home page or search page without first getting your permission. There are a number of ways deceptive software can get on your system. A common trick is to covertly install the software during the installation of other software you want such as a music or video file sharing program.
     
    Whenever you are installing something on your computer, make sure you carefully read all disclosures, including the license agreement and privacy statement. Sometimes the inclusion of adware in a given software installation is documented, but it may appear at the end of a license agreement or privacy statement.
     
    Sometimes deceptive software gets silently installed on your system without any warning at all. If you use Internet Explorer as your Web browser, this can happen if your Internet Explorer security setting is set to its lowest value. Make sure to keep this setting at the medium level or higher. Doing so will help you control what is being installed on your computer. (We'll discuss this more in a moment.)
     
    Have you ever had an experience where you were repeatedly asked to accept a download even after you said "no"? Creators of deceptive software often use such tricks to get you to load their software. If this happens to you, do not click "yes". Instead, try to close the Web page that first asked you to accept the download by hitting the "X" in the corner of the window. Alternatively, quit Internet Explorer and restart it to begin browsing the Internet again. If you visit a Web page that continually displays these tricky pop-up windows, that Web site may not be worthy of your trust.
     
    Read on to learn how to help avoid infecting your computer with deceptive software and to find out what to do if you are already infected.
    top
  • User IDs and Passwords

    1. Your password should be changed periodically.

    2. Don't reuse your previous passwords.

    3. Don't use the same password for each of your accounts.

    4. Never tell or share your password with ANYONE.

    5. When your computer prompts you to save your password, click on "No."

    6. Never use a word found in a dictionary (English or foreign.)

    7. If you think your password has been compromised, change it immediately. Employees should notify the information security officer or manager at their organization.

    8. Make your password as long as possible - eight or more characters. Create a password that's hard to guess but easy for you to remember. When possible, use a mix of numbers and letters, special characters or use only the consonants of a word. If you have difficulty in thinking of a password that you can remember, try using the first letter of each word in a phrase, song, quote or sentence. For example, "The big Red fox jumped over the Fence to get the hen?" becomes TbRfjotF2gth?.

    top
  • Wireless Security

    Wireless networks and laptops are very popular for their ease of use and portability. The Internet can be reached via radio waves without having to plug your machine into a network. It is with the same ease of connecting that malicious individuals connect to unprotected networks. Attackers conduct drive-by eavesdropping, called 'war driving' to listen in on unsecured devices in homes and businesses. Take the following steps to secure any wireless equipment. Consult your equipment's manual for specific details.

    1. Change the default passwords and default SSID, which is an identifier that is sometimes referred to as the 'network name'. Each wireless device comes with its own default settings, some of which inherently contain security vulnerabilities. Most default passwords are known to hackers.

    2. SSIDs should not contain the organization's name or any other identifying information about the organization, the department in which it is located, or its function.

    3. Turn off broadcasting the SSID if possible; this will make it more difficult for a hacker to gather your SSID information.

    4. Turn on encryption - Encryption settings should be set for the strongest encryption available in the product.

    5. Change the default cryptographic key - Many vendors use identical shared keys in their factory settings.

    6. Use MAC ACL filtering - Networks use a unique hardware address identifier called a MAC, to help regulate communications between machines on the same network. The MAC Access Control List (ACL) can permit certain MAC addresses access to the network while denying access to other MAC addresses, limiting access to only authorized computers.

    7. All organizations should have a policy regarding use of wireless devices.

    top