CompTIA Security_ Deluxe Study Guide_ SY0-201 - Emmett Dulaney [58]
The second method of preventing viruses is education. Teach your users not to open suspicious files and to open only those files that they’re reasonably sure are virus free. They need to scan every disk, e-mail, and document they receive before they open them.
Real World Scenario
A Virus Out of Control
A large private university has over 30,000 students taking online classes. These students use a variety of systems and network connections. The instructors of this university are being routinely hit with the Klez32 virus. Klez32 (specifically, in this case, the W32/Klez. mm virus) is a well-known and documented virus. It uses Outlook or Outlook Express to spread. It grabs a name randomly from the address book and uses that name in the header. The worm then uses a mini-mailer and mails the virus to all the people in the address book. When one of these users opens the file, the worm attempts to disable their antivirus software and spread to other systems. Doing so opens the system to an attack from other viruses, which might follow later.
You’ve been appointed to the IT department at this school, and you’ve been directed to solve this problem. Ponder what you can do about it.
The best solution would be to install antivirus software that scans and blocks all e-mails that come through the school’s servers. You should also inspect outgoing e-mail and notify all internal users of the system when they attempt to send a virus-infected document using the server.
These two steps—installing antivirus scanners on the external and internal connections and notifying unsuspecting senders—would greatly reduce the likelihood that the virus could attack either student or instructor computers.
Understanding Social Engineering
In the previous sections, you learned how attacks work. You also learned about TCP/IP and some of its vulnerabilities. And you were exposed to the issues that your users will face so you can help them from a technical perspective. A key method of attack that you must guard against is called social engineering.
Social engineering is a process in which an attacker attempts to acquire information about your network and system by social means, such as talking to people in the organization. A social engineering attack may occur over the phone, by e-mail, or in person. The intent is to acquire access information, such as user IDs and passwords.
Always think of a social engineering attack as one that involves people who are unwitting.
These types of attacks are relatively low-tech and are more akin to con jobs. Take the following example: Your help desk gets a call at 4:00 a.m. from someone purporting to be the vice president of your company. She tells the help desk personnel that she is out of town to attend a meeting, her computer just failed, and she is sitting in a Kinko’s trying to get a file from her desktop computer back at the office. She can’t seem to remember her password and user ID. She tells the help desk representative that she needs access to the information right away or the company could lose millions of dollars. Your help desk rep knows how important this meeting is and gives the vice president her user ID and password over the phone. You’ve been hit!
Another common approach is initiated by a phone call or e-mail from someone claiming to be your software vendor, telling you that they have a critical fix that must be installed on your computer system. If this patch isn’t installed right away, your system will crash, and you’ll lose all your data. For some reason, you’ve changed your maintenance account password, and they can’t log on. Your systems operator gives the password to the person. You’ve been hit again.
Users are bombarded with e-mails and messages on services such as AOL asking them to confirm the password they use. These attacks appear to come from the administrative