- What is Information Security ?
- What is IT Security ?
- What should we do first to ensure IT Security ?
- How to identify your security requirements ?
- What is a Security Policy ? How is it related to security standards, guidelines and procedures ?
- What should be considered first when drafting a security policy ?
- Who should be involved in development of a Security Policy ?
- How to develop a Security Policy ?
- What can I include into my Security Policy ?
- What are the benefits of having a Security Policy ?
- What should I consider when implementing Security Policy ?
- What is meant by Security Assessment ?
- What is a Security Audit ?
- How often should a Security Audit be performed ?
- Who should perform a Security Audit ?
- What is an IT Security Incident ?
- How to handle a security incident ?
- What is an intrusion ?
- Why do I need an Intrusion Detection System (IDS) if my network already has a firewall ?
- What doesn't Intrusion Detection do ?
- What is a network firewall and what can a firewall protect against ?
- What are the security risks that affect the Web servers ?
- What general security precautions should I take for my web servers running on UNIX and NT systems ?
- How can I protect the personal computer and public network against virus ?
- What are the general considerations for protecting the network ?
- What is meant by physical security ?
- What is meant by application security?
- What can be considered for Internet Security?
- How to protect my privacy online?
- How to ensure that the user passwords are secure?
- What is spam email ?
- What are the negative impacts of spam email on the Internet Community ?
- How does spam work ?
- What is a third party relay email server ?
- How do the Internet services providers (ISP) react on the issue of email spamming ?
- Is it possible to retrieve data deleted with the "delete" command ?
- How about the "format" command ?
- Are there tools or software available for the complete data deletion purpose and are they reliable ?
- We understand that there are tools that claim to be capable of retrieving data even from a hard disk that was burnt by fire. Is it true ?
- Is it possible to recover data from a computer after being overwritten by those secure deletion tools ?
- Is degaussing an acceptable method for secure data deletion for magnetic media such as hard disks, floppy disks and magnetic tapes ?
- Are there any considerations regarding the use of degaussers for secure data deletion ?
- What is a Virus ?
- How can virus affect us ?
- What are CARO and EICAR ?
- What is the Wild List ?
- How to prevent virus ?
- How to detect virus ?
- Are there CMOS viruses ?
- Are there BIOS viruses ?
- How to clean virus ?
- Do we have to fear virus ?
- Are there PDA viruses ?
- Are there mobile phone viruses ?
- Can data files be infected ?
- What is a macro virus and how does it spread ?
- What's the worst damage a macro virus can do ?
- How to minimize Word macro viruses' destruction to hard disks and files ?
- Will viruses infect Access ?
- Cannot save files, Word Basic Error 7 occurs while saving a file ?
- Will I be infected when I access Internet FTP Server? Will virus be downloaded during file downloading ?
- Will virus infect my machine if I connect to the Internet and view Web pages/download programs ?
- Can email message be infected ?
- Can firewalls detect virus ?
- What is a clean boot disk. How to create a clean boot disk ?
- What are rescue disks ?
- What is scan engine ? Why do I have to update signature file as well as the scan engine of my antivirus software ?
- Why some viruses can be detected but not cleaned with the anti-virus software ?
- How to prevent unauthorized Wi-Fi access?
- How to prevent hacking of insecure default configuration?
- How to prevent hacking via weak protocol?
- How to prevent clients sniffing each other?
- How to minimize the exposure of corporate network via Wi-Fi for guest?
- How to minimize the exposure of internal Wi-Fi?
- How to plan and deploy secure corporate Wi-Fi network?
- How to ensure continuous security of corporate Wi-Fi network?
- Should I use free public Wi-Fi without encryption?
- How to avoid connecting to malicious Wi-Fi AP?
- How to secure communication via public Wi-Fi?
- How to communicate sensitive information over public Wi-Fi?
"Source from the Office of the Government Chief Information Officer (OGCIO) of the Government of the Hong Kong Special Administrative Region"
|Q:||What is IT Security ?|
|A:||There is no exact definition, but the general idea is to protect of any IT information and resources with respect to confidentiality, integrity, availability, non-repudiation and authentication.|
|Q:||What is meant by physical security ?|
|A:||Physical security refers to the protection of hardware and computer equipment from external physical threats.|
|Q:||What is meant by application security ?|
|A:||Application security refers to the additional security measures built in the application itself to provide a more secure environment. It is highly related with system developers.|
|Q:||What is a Virus ?|
|A:||Since the first PC virus was found in 1986, the total number of virus has been rocketing to an enormous figure. As many may have known, computer virus is a piece of malicious program which is able to affect the normal operation of a computer system. Why we call these malicious codes computer virus? Computer scientists have found a number of similarities between biological virus (like " H5N1 " ) and computer virus. First of all, both of them need a host for residence. In case of computer virus, the host is usually the infected file / disk. Secondly, both of them are capable of self-replicate from one host to another. Finally, both of them may cause damage to the host. But there is at least one difference: computer viruses are created by human while biological viruses are not. When a virus strikes, the results range from merely annoying screen displays to disastrous and extensive data corruption. With the growing popularity of microcomputers, the threat of virus should definitely not be negligible. To further complicate the story, a new type of virus, named " Macro Virus " , emerged into computing world in 1995. Its ability to infect document files has broken the golden rule that " virus can affect program files only " . Also, the ubiquity of interchanging documents among computer users has fuelled up the spreading of the macro virus further. Notwithstanding, with appropriate counter-measures in place, we are still able to prevent/minimize the loss from computer infection.|
|Q:||How can virus affect us ?|
|A:||Computer virus affects the health of your computer just like their biological counterparts make you sick. Typical payload of computer virus includes creating some annoyances (e.g. affects your mouse / keyboard), removing files from your hard disk and formatting your hard disk. It' s only the discovery of CIH virus that corruption to BIOS data has been added to the list of payloads. Computer virus may seem remote from you. It may be true in the old days, when few of us have PC at home and virus spread slowly with the exchange of floppy disks. But time has changed; virus can now reach us through a number of routes. They may arrive from the shared files in the server, mails from your colleagues, files downloaded from the Internet and BBS. And worst still, some vendors delivered the machines / CD ROMS with virus pre-installed. So, we are at stake. This is illustrated by the results of a survey conducted by ICSA (International Computer Security Agency, a US-based company) in 1998 over 580,000 desktop workstations and 12,000 application and file servers. ICSA found that virtually all large and midsize North American Corporations (>99%) have encountered computer infections. In addition, the outbreak of the Melissa virus proved that virus could spread around the globe just with hours. Do you think that virus is remote to you anymore?|
|Q:||What are CARO and EICAR ?|
CARO - Computer Anti-Virus Researchers Organisation. An invitation-only group of technical researchers, mostly representing anti-virus vendors. CARO approves ' standard ' names for viruses. Some people tend to mistrust the fact that CARO members often share virus samples: however, CARO membership is a convenient yardstick by which other members can judge whether an individual can be trusted with samples. In general, users at large benefit this way: anti-virus vendors with CARO members can include most known viruses in their definitions databases.
EICAR - European Institute for Computer Anti-Virus Research. Membership of which comprises academic, commercial, media, governmental organisations etc., with experts in security, law etc., combining in the pursuit of the control of the spread of malicious software and computer misuse. Membership is more open, but members are expected to subscribe to a code of conduct. And yes, this is the origin of the EICAR test file. EICAR has a web page at http://www.eicar.com.
|Q:||What is the Wild List ?|
|A:||The Wild List is a list of the most common viruses infecting computers worldwide, and is compiled by the well-known antivirus researcher Joe Wells. Wells works closely with antivirus research teams around the world to update the list regularly.|
A product that detects 90 percent of ' in the wild ' viruses will detect 90 percent of the viruses on this list - or 90 percent of the most common viruses circulating.
|Q:||How to prevent virus ?|
Computer virus is around you and me. Nevertheless, we could minimize the chance of being infected by taking sufficient preventive measures. The following provides some guidelines on preventing computer virus:
|Q:||How to detect virus ?|
New viruses are being developed every day. New techniques may render existing preventive measures insufficient. The only truth in virus and anti-virus field is that there is no absolute security. However, we can minimize the damage by identifying virus infections before they carry out their payload. The following lists some ways to detect virus infections:
|Q:||Are there CMOS viruses ?|
|A:||Although a virus can write to (and corrupt) a PC's CMOS memory, a virus can NOT ' hide ' there. The CMOS memory is not ' addressable '. Data stored in CMOS would not be loaded and executed on a PC. A malicious virus can alter the values in the CMOS as part of its payload causing the system to be unable to reboot, but it cannot spread or hide itself in the CMOS. |
A virus could use CMOS memory to store part of its code, but executable code stored there must first be moved to the computer's main memory in order to be executed. Therefore, a virus cannot spread from, or be hidden in CMOS memory. And there is no known virus that stores code in CMOS memory.
There had been reports of a trojanized AMI BIOS. It is not a virus, but a ' joke ' program which does not replicate. The malicious program is not on the disk, nor in CMOS, but was directly coded into the BIOS ROM chip on the system board. If the date is the 13th of November, it stops the boot up process and plays ' Happy Birthday ' through the PC speaker.
|Q:||Are there BIOS viruses ?|
|A:||Theoretically, it is possible to have a virus that hide in BIOS and be executed from BIOS. Current technology enables programs to write codes into BIOS. BIOS is the place for storing the first piece of program to be executed when a PC boots up.|
|Q:||How to clean virus ?|
Virus has been found? Don' t panic! The following is some pieces of advice about removing computer virus:
|Q:||Do we have to fear virus ?|
|A:||Computer viruses are not Devils. They are just computer programs with self-replication function. That means they are able to make copy of itself. Since the process is automatic, the program is able to spread inside a computer or inside a network. Anti-virus software is designed by international companies to detect and clean such virus programs. With up-to-date virus signature, almost all viruses can be detected and removed easily. For new viruses not detected by anti-virus software, a new virus signature update will usually be available within a week.|
|Q:||Are there PDA viruses ?|
|A:||As with any computing platform, handheld devices are also susceptible to virus attacks. Thus far, there have already been some reports of minor viruses attacks on mobile devices. For more information, see Types of Virus.|
|Q:||Are there mobile phone viruses ?|
Mobile phones that do not allow user to install new applications on the device and are limited to using only the on-board applications burned into ROM (read only) or Flash memory chips are not susceptible to classical computer virus attacks. However, the new generation of smart phones are essentially mobile-enabled PDAs. These devices permit the user to install new software on the device at any time. Therefore, as with any computing platform, smart phones are also susceptible to virus attacks. Thus far, there have already been some reports of minor viruses attacks on mobile devices. For more information, see Types of Virus.
|Q:||Can data files be infected ?|
|A:||Usually not. The exception is data files that contain executable code, which can be infected by viruses. A good example of this is a Microsoft Word file (.DOC, .DOT). Although Word files are technically data files, they may contain macros, which are executable and therefore susceptible to infection.|
|Q:||What is a macro virus and how does it spread ?|
|A:||Macro viruses are special macros that self-replicate in the data files of applications such as Microsoft Word and Excel. The majority of macro viruses infect Word document files. When a file containing infected macros is opened, the virus usually copies itself into Word's global template file (typically NORMAL.DOT). Any document opened or created subsequently will be infected.|
Macro viruses become part of the document itself, and are transferred with the file via floppy disks, file transfer, and e-mail attachments.
|Q:||What's the worst damage a macro virus can do ?|
|A:||Like all computer viruses, macro viruses can destroy data. For most users, the worst thing a macro virus might do is to reformat their computer hard drives. While most of the known macro viruses are not destructive, many cause a considerable loss of productivity and time.|
|Q:||How to minimize Word macro viruses' destruction to hard disks and files ?|
|A:||Of course the most secure method is to backup your data regularly and use antivirus software that is able to scan your documents before Word startup.|
|Q:||Will viruses infect Access ?|
|A:||Yes. The first Access macro virus JETDB_ACCESS-1 infects Chinese, English, Japanese and other versions of Access. This virus once infects a database will search and infect all .MDB files in the current directory.|
|Q:||I cannot save files, Word Basic Error 7 occurs while saving a file ?|
Error 7 in Word Basic means out of memory. If you are using Word only, and there is no large image in the document, this error should not occur. You should check the macros in the global template to see if there is a Prank Macro virus or other Word macro virus. You can see the macro in the Normal template by choosing Tools | Macros menu item (if the ' Macros ' option disappears, your machine is likely infected with some macro virus). If there is suspicious macro in the Normal template, you should scan your machine with anti-virus software to see if there is any macro virus.
|Q:||Will I be infected when I access Internet FTP server ? Will virus be downloaded during file downloading ?|
|A:||The files on the FTP server may be infected with computer virus(es). Your computer will be infected if you run / open the infected file(s). Therefore, you should scan files downloaded from the Internet before use.|
|Q:||Will virus infect my machine if I connect to the Internet and view Web pages/download programs ?|
If you' re only viewing web pages written with HTML only (i.e. no Active X, active scripting, JAVA, etc.) and that your computer has been patched with the latest security patches, the answer is ' No ' . However, if your computer is not fully patched or if you run Active X controls, active scripting and JAVA applets, or run programs downloaded from the Internet, it is possible that these programs contain viruses and affect your machine. Computer users should take the following security measures when surfing the Internet:
|Q:||Can e-mail message be infected ?|
|A:||Plain electronic mail messages with pure text containing no executable code will not be infected. However, HTML e-mails which can contain executable scripts as well as files attached to the e-mail message may be infected. Most anti-virus software nowadays can be configured to scan e-mails and their attachments.|
|Q:||Can firewalls detect virus ?|
|A:||Firewalls do not screen computer viruses. As the location of firewalls within a network is usually a good place for virus scanning, some firewalls have plug-in virus-scanning modules. And some programs are also available for scanning viruses at a point either before or after a firewall. |
You may wish to note that scanning FTP or HTTP traffic adds heavy network overhead but blocks only one of the sources of virus, as virus can get into the local intranet through floppy disks, CDROM or even a brand new PC.
|Q:||What is a clean boot disk. How to create a clean boot disk ?|
A boot disk is one which contains the necessary operating system files (e.g. MSDOS.SYS, IO.SYS) to boot up the machine. It is useful when scanning and cleaning virus, because even if the hard disk becomes inaccessible, you can still boot up the machine to attempt some repairs. If you are running DOS / Windows 3.x, you could create a boot disk (in drive A:) using the following command:
FORMAT /S A:
If you' re running Windows 95 / 98, you could create a system disk by selecting ' Add / Remove Programs ' in Control Panel, choose the ' Startup Disk ' tab, and then click the ' Create Disk ' button. After creating the boot disk, make sure it is *write-protected* so that it would not be infected by virus.
|Q:||What are rescue disks ?|
Many anti-virus and disk repair utilities can make a (usually bootable) rescue disk for a specific system. This needs a certain amount of care and maintenance, especially if you have made more than one of these for a single PC with more than one utility. Make sure you update *all* your rescue disks when you make a significant change, and that you understand what a rescue disk does and how it does it before you try to use it. Don' t try to use a rescue disk made from one PC on another PC, unless you' re very sure of what you' re doing, otherwise you may risk losing valuable data/files on your computer.
|Q:||What is scan engine ? Why do I have to update signature file as well as the scan engine of my antivirus software ?|
|A:||A virus scanning engine is the program that does the actual work of scanning and detecting viruses while signature files are the ' fingerprints ' used by the scan engines to identify viruses. New scan engine versions are released for a number of reasons. About 6 to 8 new viruses are found everyday around the world. New types of viruses may not be detected by the old engine. New versions of scan engine usually also enhance scanning performance and detection rates. Some vendors provide updates for both the scan engine and signature file in a single file while others will provide them in separate files .You may find the link to update your anti-virus software in the following web page.|
|Q:||Why some viruses can be detected but not cleaned with the anti-virus software ?|
Anti-virus software not only detect viruses, but also other types of malicious codes, which may not be cleanable. For example, trojan horse is a type of malicious code that should be deleted instead of cleaned. In other cases, the virus may have corrupted the file and made it impossible to be cleaned / recovered. Nevertheless, there are some tips you can do to maximize the likelihood of recovering the file using anti-virus software:
|Q:||How to prevent unauthorized Wi-Fi access?|
To prevent unauthorized Wi-Fi access, you can consider implementing the following measures on your wireless access point (AP).
|Q:||How to prevent hacking of insecure default configuration?|
To prevent unauthorized Wi-Fi access, you can consider implementing the following measures on your wireless access point (AP).
|Q:||How to prevent hacking via weak protocol?|
Use WPA2-PSK (Preshared Key) with AES protocol for the data encryption. WPA2 is more secure than WPA and WEP and those algorithms had been broken. To protect against brute force attacks, minimum 20 characters should be used and passphrase should contains at least one capital letter and one numeric letter. Apart from the data encryption, user should disable the service (SNMP and WPS) which is not in use and upgrade the firmware regularly.
|Q:||How to prevent clients sniffing each other?|
Some AP has built-in function to isolate connection between clients. This function has different name in different products (e.g. AP Isolation, Privacy Separator). In addition, make sure you use https connection as possible while browsing the Internet.
|Q:||How to minimize the exposure of corporate network via Wi-Fi for guest?|
If you provide Wi-Fi connection to guest, you should separate them into an isolated Wi-Fi network. Guest should have limited access to Internet only (Web browsing) and not able to access internal resources, such as file server. System administrator should review the traffic and audit log regularly, as it can help in the detection of security incident.
|Q:||How to minimize the exposure of internal Wi-Fi?|
Below are some suggestions that you can implement to minimize the exposure of internal Wi-Fi.
|Q:||How to plan and deploy secure corporate Wi-Fi network?|
Wireless network provides the mobility for user to work within the company. It also provides a way for you to allow visitors to access Internet with their mobile devices. Planning and deploying is more complicated than just plug in the wireless AP within your corporate. You need to establish policies for the usage and control of Wi-Fi network, select the security measure to minimize the risk in Wi-Fi networks and secure Wi-Fi communications.
You may reference the below for planning and deploying Wi-Fi network.
Wi-Fi location and network design:
|Q:||How to ensure continuous security of corporate Wi-Fi network?|
Security requires ongoing maintenance and education, it is important to regularly maintain the wireless network for highest level of security.
|Q:||Should I use free public Wi-Fi without encryption?|
You should avoid using free public Wi-Fi without encryption, if you do so, you should avoid login to your email, online shopping or e-banking web sites.
|Q:||How to avoid connecting to malicious Wi-Fi AP?|
To avoid connecting to malicious Wi-Fi AP, you should be aware of the SSID you are connecting. Do not connect to a SSID called “Free Public Wi-Fi”, this is usually an ad-hoc network created by another laptop or a trap that trick you to connect to a harmful network and then infect your laptop or steal personal data. Some wireless AP requires you to accept the usage agreement on the landing page, you should verify their certificate by clicking the SSL Lock icon ( ) before you accept the usage agreement. Finally you should turn off the Wi-Fi device when it is not in use to avoid it automatically connect to unknown AP.
|Q:||How to secure communication via public Wi-Fi?|
Public Wi-Fi access is generally treated as insecure connection. Many public Wi-Fi are completely unencrypted so that users can connect to it easily. Intruder could easily see all data being transmitted if it is unencrypted. Therefore, you should only connect to a Wi-Fi hotspot with encryption enabled. Below are some tips which help you access public Wi-Fi safely.
|Q:||How to communicate sensitive information over public Wi-Fi?|
We do not recommend sending sensitive information such as financial information and bank account, at public Wi-Fi hotspot. If you do, make sure you are connecting to a legitimate hotspot and web sites with encryption enabled.