Measures against malware propagation

I read that malware could propagate among computers over USB sticks and like to learn the proper measures of defense. If one has a computer disconnected from the internet and transfer only text files to it, not using USB sticks but via TCP on a private WLAN, would that be secure or not? Thanks in advance.

M. K. Shen

Reply to
Mok-Kong Shen
Loading thread data ...

]User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20120824 Thunderbird/15.0

Microsoft Windows? Let's start at the beginning: I am _sure_ you recall having to use anti-mal-ware software of some kind to protect you from virus/trojan/bad-stuff that were passed around on floppy discs. Same concept. We have standing orders that if you find a floppy/tape/CD/DVD/USB-stick in the parking lot (or equal), you hand it to the security guards and let them deal with it, rather than you being a "Good Samaritan" and inserting it in your computer to see "what's on there" (and therefore be able to return it to the owner). No, that can get your ass fired for monumental stupidity. Why? Because the media may be infected and your computer (to help you, of course) is set to auto-run any executable found on removable media.

Hit your favorite search engine, and look for articles about the "Flame" and "Stuxnet" worms. One place to look is the "Risks Digest" from the "ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS". If your news server carries the group "comp.risks", look there, and read the last ~90 articles. "Stuxnet" was mentioned in risks-26.12 risks-26.39 risks-26.53 risks-26.96 risks-26.19 risks-26.42 risks-26.58 risks-26.97 risks-26.24 risks-26.44 risks-26.60 risks-26.31 risks-26.45 risks-26.85 risks-26.35 risks-26.47 risks-26.91 while Flame is mentioned in risks-26.85 risks-26.88 risks-26.97 risks-26.87 risks-26.89 See also the "Gauss" toolkit mentioned in risks-26.97.

Not very much in the way of technical details, but it should give you more keywords to search for. Note that most of the malware problems are a result of the users not wanting to think about what they are doing. "It's the computer's fault." Yeah, right.

What is your threat model? "Who's after you?" Are you worried about some government agency stealing the secret recipe for the "Chocolate Coated Cod Fish" you have hidden on your computer, or some h3X0r d00d down the street trying to impress his girl-friend, by using your computer to attack the Swiss Naval high command? The Flame virus has apparently managed to propagate using Bluetooth as well as other media and networks. But is that relevant to you? Transferring raw ASCII or ISO-8859 text files isn't the problem, so much as what _ELSE_ gets automatically transferred at the same time (intentionally or not).

If by "private WLAN" you mean some wireless networking setup, have you made certain that the link is encrypted with a "strong" passphrase that is changed on a regular basis? The words "Feind hört mit!" are often translated as "The Enemy is Listening" - but if they can hear and understand, they can also send and corrupt or destroy.

Old guy

Reply to
Moe Trin

Moe Trin wrote: [ a lot ]

You're wasting your time. The guy has been trolling German security newsgroups for a while now. He won't understand a single word of what you wrote.

cu

59cobalt
Reply to
Ansgar -59cobalt- Wiechers

Ansgar -59cobalt- Wiechers wrote in news: snipped-for-privacy@mid.individual.net:

Not an entire waste. At least this one lurker found it informative and learned a few things.

Brian

Reply to
Skywise

Am 05.09.2012 21:27, schrieb Moe Trin: [snip]

I meant something in principle. Maybe something to be protected is not just chocolate but a recipe to make Coke and the like.

But thank you anyway for the comments.

M. K. Shen

Reply to
Mok-Kong Shen

The recipe to make Coca Cola has been kept in a safe in the office of the Coca Cola company in Atlanta, Georgia, USA for more than a hundred-twenty years. There is no reason for the recipe to be _near_ a computer, so why would it be? If it's not available, it can't be stolen. Why are you putting "secret" material on a computer... or on a table, desk or similar, where it _can_ be stolen/copied/messed-up? Lock it up in a safe where it can't be accessed by unauthorized people.

"Who's after you?" If it's a government agency, they can do things you'd never think of, so the only way to protect the information is to use strong encryption to encode the secret keyphrase that actually is used to encrypt the stuff you're protecting (the government would not be interested in the recipe for Coke anyway). Lock it up, and don't forget the armed guards that you can trust. That kid down the block can be defeated more easily, but encryption is still the answer. The curious grandmother who lives across the street but doesn't know what a computer is... she wouldn't find the file, as long as you don't leave a print-out on your front door or broadcast it on the radio/TV.

Old guy

Reply to
Moe Trin

Am 08.09.2012 03:45, schrieb Moe Trin:

I was indicating that there could be modern documents as valuable as the recipe of Coke, e.g. some results of researches of chemical and pharmaceutical companies that are reasonable to be stored on computers for efficient processing by authorized persons of the companies (and not just in form of papers to be put in safes).

M. K. Shen

Reply to
Mok-Kong Shen

Ignoring official (government) classified materials (the handling rules for which are VERY exact) in this discussion, such documents are often restricted to "unconnected" (to the Internet) computers and/or networks to make unauthorized access much more difficult (but not impossible).

The other technique to protect the data is encryption. The file itself is encrypted, and access to the computer where the file is located is controlled/restricted. You don't have to give access to everyone.

Speaking just of IPv4, about 3 weeks ago there were 3454811936 (3.45e9) addresses on 118784 networks allocated or assigned in 235 countries by the five Regional Internet Registries. You really don't have to permit access from all of those addresses to your restricted data. Worried about zombies and bots in "your" country? There's really no sane reason to allow access from every address in "your" country either. If you look at the way Airbus Industries and Boeing are designing new aircraft, they HAVE to allow access to the drawings and specifications to those companies who are providing the parts and that access is via encrypted tunnels between specific systems. All systems at company "A" do _not_ have access to any/all systems at company "B". Heck, most systems at company "B" don't have access to most systems at company "B" either. No _need_ to access means no access allowed.

Old guy

Reply to
Moe Trin

Am 09.09.2012 05:52, schrieb Moe Trin:

I didn't say anything about official classified materials, but was in the above concerning about much more mundane but nonetheless highly valuable commercial documents that are to be well guarded because of the (popularly well known) spionage financed by competing firms. (We refrain from considering here rumored cases where certain governments were said to have helped in such spionage.)

But then one has the inconvenience of decryption every time one reads the documents or maybe worse when modifications are to be done. Further there are concerns of the quality of the encryption algorithm used and key management problems to be taken care of.

M. K. Shen

Reply to
Mok-Kong Shen

Many commercial companies are _aware_ that the officially classified materials have special rules, and try to emulate them. The "due dilligence" requirements of public companies give incentive to at least attempt to take reasonable care of commercial documents. While I have network administration responsibilities, I don't have unlimited access to the financial, advertising and sales department networks because those areas are deemed "sensitive". Yet I am an employee.

Oh, it's terrible - I have to carry a _key_ to enter my house or use my car. Is the information sensitive? Then you have to protect it.

That's part of the price of doing business, just as having to have a key to open locks meant to keep others out.

Old guy

Reply to
Moe Trin

Am 10.09.2012 00:37, schrieb Moe Trin:

Sorry, I don't understand what you mean above in the present context. The fact that you are an employee and not a CEO surely has no relevance to the general discussion of how a certain security measure should best be in a certain situation, or has it? You yourself raised the encryption issue and certainly therefore know also that encryption keys used in firms etc. must be managed. If so, what's the point of the key for your house or car?

M. K. Shen

Reply to
Mok-Kong Shen

The CEO (Chief _Executive_ Officer) is a business person - they have less knowledge of technical matters, never mind IT. On the other hand, the people in IT are supposed to maintain the networks. But neither CEO or IT are given any more access than is needed to perform their job. Others who lack that need are given no access. The CEO may make overall decisions about security ("protect stuff") and may make crude statements of how ("lock doors", "encrypt stuff"), but the actual implementations are the responsibility of those lower in organization chart with more specialized skills/knowledge.

That's the job of the IT people. The executives know nothing about it, and lack the skills to evaluate the strength of an encryption algorithm (heck, many of them can't decode EBG13, never mind something stronger). Encryption is not the _total_ answer - it is part of the answer only. Access is also important - if "the bad guys" don't have access, (both physical and electronic), they have more difficulty. This is why the sensitive data is kept encrypted and why it's not kept on accessible systems where some idiot can install mal-ware through stupid actions like surfing his favorite pr0n or gaming site.

Do you leave your house unlocked? If not, do you give a key to the house to anyone who asks? This is no different than the management of the encryption keys, the configuration of the computers and networks or the physical/electronic access to the facility where sensitive information is used and/or stored.

Old guy

Reply to
Moe Trin

Am 10.09.2012 22:04, schrieb Moe Trin:

If a certain building complex as a whole is guarded, the doors there could well be left open so that the workers could easily move around, no?

M. K. Shen

Reply to
Mok-Kong Shen

Ansgar was right. My obtuseness detector is going crazy.

Brian

Reply to
Skywise

It depends, but often "no". The previous facility I worked at had guards at the property entrance, more guards at the building entrances and the offices are locked and even the desks and file cabinets have locks. There are guards patrolling the property. That's a bit more security than the industry normal, because it is a research facility. The facility I work in now lacks the guards at the property entrance but is otherwise similar. I was in to visit my stock broker recently: a guard at the building entrance and individual locked offices.

You can freely move from office/lab/work-area to the rest-rooms, cafeteria, break-rooms, hall-ways, etc., but access to the work areas is restricted/controlled. The computers in the office/lab/work-areas are all password protected with screen-locks. The servers and network hardware are in locked rooms with limited access. The computers that can be accessed by the public (from the world) are not even in this facility. (And no, this isn't government or military related.)

Why so many hoops? Access to "everything" is NEVER needed to do your job. You have access to what you need, and no more. That way, you can't learn the secrets of new products being worked on in the other departments. If you don't know, you can't leak the information. The concept has been in use for centuries. Without access, you also can not bring in mal-ware. That concept has only been around for decades.

Want to check your (personal) email, surf the web, or have other non-business access to the Internet? No problem - the employee association has a number of computers in the break-rooms and cafeteria that are not connected to the company network - use those (that's where I'm posting from now) or use your own computer at home.

Old guy

Reply to
Moe Trin

Am 11.09.2012 21:49, schrieb Moe Trin:

The analogy with the building was not in the sense of one-to-one but is simply used to stress that encryption is not sensible in general, if the access to the one computer containing the sensible documents is sufficiently restricted/protected. Unlike looking to a tiny recipe (e.g. that of Coke), people doing research nowadays, say, in organinc chemistry, have to look into much stuffs at a time and even have to do team work concurrently. That's why my point. Even to the issue of buildings: I don't think that any defense ministry of any country the world is such that doors of each its rooms is locked all the time. For that simply paralyses any useful work from being done at all.

M. K. Shen

Reply to
Mok-Kong Shen

Disable autorun for all drives. Yahoo it. []'s

-- Don't be evil - Google 2004 We have a new policy - Google 2012

Reply to
Shadow

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.