From eScan Wiki
Revision as of 05:55, 28 October 2010; view current revision
←Older revision | Newer revision→
←Older revision | Newer revision→
| · eScan · MailScan · Technologies | · Technical Info · Security Awareness · User Guides |
[edit]
Security Awareness
[edit]
Index
[edit]
Best Practices
- Virus scanning recommendations for Enterprise computers that are running currently supported versions of Windows
- Best practice for Internet Security
- Best Practices for Online Gaming
- Best Practices for Avoiding Spam
- Best Practices for Preventing Identity Theft
- Best Practices for Removing Malware from an Infected Computer
- Best Practices for Recovering from System Compromises
- Best Practices for Implementing the Principle of Least Privilege
- Best Practices for Unsubscribing from Unwanted E-mails
- Virus scanning recommendations for Enterprise computers that are running currently supported versions of Windows
Answer:
- Best Practices for Internet Security
Answer:
General Security Tips:
- a. Install eScan Anti-Virus application on your computer and ensure that it has the latest virus definitions.
- b. Make sure eScan firewall is enabled on your system.
- c. Do not download and install pirated software from illegal Web sites as these files may contain hidden malware.
- d. Ensure that the operating system and the softwares installed on your computer have the latest updates and hotfixes applied to them.
- e. Always read the End-Use License Agreement (EULA) before installing any software on your computer.
- f. While installing software packs, ensure that you perform a custom install to avoid installing unnecessary software programs.
- g. Always backup your files and important data at regular intervals.
- h. Scan your computer periodically, at least once a week for viruses, Trojans, and other malware.
- i. Delete unwanted files and data from your computer’s hard drive. This will free up space on your drive and help you back up your important data easily in the event of a malware infection.
- j. Ensure that you do not download files via P2P sharing, FTP sites, and unauthorized Web sites.
- k. Use a secure browser or adjust the security settings for your browser to block ActiveX programs and scripts from running automatically.
- l. Do not disclose your confidential information to strangers or on Web sites such as blogs or social networking Web sites. Similarly, do not enter sensitive information such as banking passwords, credit card numbers, and blog passwords from shared or public computers.
- m. Always use trusted Web sites for performing online transactions such as money transfers or shopping for goods.
- n. Always use complex passwords that are longer than 8 characters.
- o. Do not use the same password to log on to multiple Web sites.
E-mail Security Tips:
- a. Do not open e-mails from unknown senders.
- b. Turn off rich-text or html formatting for your e-mails.
- c. Avoid sending attachments whenever possible.
- d. Avoid clicking hyperlinks in e-mails.
Browser Security Tips:
- a. Do not click on banners or advertisements on Web sites.
- b. Do not visit untrusted or illegal Web sites.
- c. Do not click on any link that appears to be suspicious, such as a link to an .exe file.
- d. Do not configure your browser to run ActiveX components or scripts automatically.
- e. Clean your cache and temporary files regularly.
- f. Configure your browser to display warning messages whenever you open an untrusted Website or try to download an unknown application.
Malware Cleaning Tips:
- a. Your computer may be infected with malware when performance deteriorates, browser pop-ups appear, home pages change, firewall warnings are issued, etc.
- b. When cleaning malware infections get technical assistance from a technically savvy friend preferably who can visit at your home or experts at a security website
- c. Find out the name of the malware you are infected with (as you must clean uniquely based on how you are infected)
- d. VirusIntel.com offers a list of free online and command line scanners from many AV vendors
- e. Free Standalone cleaners may be available to remove some difficult malware agents
- f. Use SAFE MODE to remove difficult malware
- g. Change your passwords after an infection in case a backdoor agent transmitted it
Security Awareness and Education:
- a. Gain better general knowledge on security through articles, blogs, and security websites
- b. Stay informed - Follow the latest security developments on what to avoid or how to protect yourself against dangers
- c. Look for updates in any software you are running and install them promptly, so that you are always on the latest version
- d. Avoid email hoaxes circulating where you are asked to "pass on a special warning"
- e. Remember that there are "no free gifts" or "special bargains" for you from strangers on the Internet
- f Setup separate user accounts for your children and use Vista's Parental controls
- g. Educate your children, family members, and friends
- h. Use a "Lessons Learned" approach when you make mistakes to avoid them in the future
Recommended eMail Safety Tips:
- a. Avoid email attachments where possible
- b. Avoid clicking on any URLs in email (even to opt out of spam)
- c. Use plain text mode in email if possible
- d. Avoid links and files shared in Instant Messaging software
- e. Never open email from someone you don't know (line up all spam in your in-box and delete it)
- f. Avoid taking actions or clickin on URLs in official looking email from banks, government, etc. (verify by phone or on the primary website)
- g. Avoid e-cards which are not from a specific person (and check with the sender if you are unsure)
- h. Never install updates or free security software from an email attachment or URL
Recommended Browser Safety Tips:
- a. Avoid clicking on banner ads where possible
- b. Avoid visiting untrusted and inappropriate websites
- c. Be careful of Internet search results as malware authors are seeding malicious websites with malware
- d. Complementary browsers (e.g., Firefox, Opera) have good security track records, phishing filters, and other safety measures (e.g., NoScript) that can be used in addition to IE 7 with no conflicts. You can use these as a tool to cross-check questionable sites.
- e. Completely clean your browser cache regularly of all temporary files, history, cookies, passwords, etc.
- f Enhance your browser from automatic processing to prompt warnings where possible (advanced security settings in IE)
- a. Install eScan Anti-Virus application on your computer and ensure that it has the latest virus definitions.
- Best Practices for Online Gaming
Answer:
Now a days, several Web sites allow users to play online games. But most of them allow users to access the games hosted on them so long as they register with the site. The membership is usually made available to users for a fee. Some gaming sites allow users to save their points. Users can then redeem these points for gifts or convert them into money. Therefore, such Web sites are often targeted by hackers.
Here is a list of best practices that you can follow to protect your gaming accounts:
- a. Always ensure that your password is longer than eight characters and contains a combination of alphanumeric and special characters (To check the password how secure it is .
- b. Change your password regularly.
- c. Never use the user id and password of your gaming account on any other Web site.
- d. Do not share your passwords with anyone.
- e. Do not use shared or public computers to log on to your gaming account.
- f. Always ensure that your Anti-Virus program is updated and has the latest virus definitions.
- Best Practices for Avoiding Spam
Answer:
- a. Never disclose your e-mail address on untrusted Web sites, social networking sites, or discussion forums.
- b. Use a separate e-mail address for newsletters, forums, and chat.
- c. If you need to specify your e-mail address consider including it in an image or spell out your e-mail address including the “@” symbol and “.”.
- d. Set up filters in your mail box to block spam e-mails. Consider installing an Anti-Spam software to reduce the number of spam e-mails.
- e. Do not reply to spam e-mails.
- f. Do not contact the spammers or buy anything from them.
- g. Do not subscribe to newsletters on untrusted Web sites.
- h. Do not use the unsubscribe link to unsubscribe from newsletters. Instead, set up your filter to recognize the e-mail as spam by blacklisting the sender.
- i. Always ensure that the address of the Web site does not appear to be suspicious to avoid falling prey to phishing.
- Best Practices for Preventing Identity Theft
Answer:
- a. Always sign your credit cards.
- b. Cancel the credit cards that you do not use.
- c. Report lost or stolen credit cards immediately.
- d. Always use credit cards to pay while shopping at merchant sites.
- e. Never lend your credit card to family or friends.
- f. Destroy credit card bills, bank statements, and credit card applications if you do not require them.
- g. Memorize your banking ids and passwords. Do not write them down anywhere.
- Best Practices for Removing Malware from an Infected Computer
Answer:
Here is a list of best practices that you can follow to remove malware from an infected computer:
- a. Back up all your important documents and data.
- b. Update the Anti-Virus software installed on the computer. After updating the software, stop and then start the program to ensure that it is running with the latest Anti-Virus definitions.
- c. Unplug the network cable.
- d. Close any open Web browser windows.
- e. Log on with administrative privileges.
- f. Disable System Restore.
- g. Delete the temporary files and clear your browser’s cache.
- h. Restart your computer in the Safe Mode.
- i. Configure the Anti-Virus to take appropriate action and then scan the computer.
- j. Write down the path of the infected file.
- k. Compress the infected file, add a password to it, and send it to an Anti-Virus vendor.
- l. Turn on System Restore.
- m. Reboot the computer.
- n. Re-scan your computer to check whether the malware is present on the computer.
- Best Practices for Recovering from System Compromises
Answer:
Here is a list of best practices that you can follow to recover from system compromises:
- a. Read the description of the malware. If confidential information is stored on the computer, back up the data, format the hard disk, and then reinstall the programs.
- b. Notify your bank or credit card company immediately.
- c. Cancel your existing credit cards or ask for replacement cards with new numbers.
- d. Change the passwords of the Web sites that you accessed while your computer was compromised.
- Best Practices for Implementing the Principle of Least Privilege
Answer:
The principle of least privilege (POLP) involves providing users with access to the bare minimum features of an application that will allow them to perform their tasks without any inconvenience.
Here is a list of best practices that you can follow to implement the Principle of Least Privilege:
- a. Always use an account without any administrative privileges to perform day-to-day tasks.
- b. Do not allow all applications to execute under all accounts.
- c. Do not provide users with the rights to perform administrative tasks.
- d. While removing restrictions on accounts, ensure that the restrictions are removed for the minimum possible time.
- e. Remove unused guest accounts with weak passwords from your computer.
- Best Practices for Unsubscribing from Unwanted E-mails
Answer:
Here is a list of best practices that you can follow to unsubscribe from unwanted e-mails:
- a. Add the sender to the blacklist of your Anti-Spam program.
- b. If the sender’s e-mail id varies but has specific keywords that identify the e-mail, create an inbox rule to move the messages to the spam mail folder. Also save that email as .eml file and then attach that file to your drafted email and send it to
- c. Do not open spam e-mails.
- d. If the domain names in the header and body of the e-mail do not match the, do not unsubscribe from the message. Instead, add the domain name to the blacklist.
- e. If the URL in the unsubscribe link does not appear to be familiar, do not unsubscribe. Instead, add the sender to the black list.
- f. If the sender of the spam e-mail is always same, blacklist the sender.