Skip Ribbon Commands
Skip to main content
Mauritian National Computer Security Incident Response Team (CERT-MU)

FAQs

​​​​
​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​

About CERT-MU

01. What is CERT-MU?

CERT-MU is the Mauritian National Computer Security Incident Response Centre to handle major computer security incidents in its constituency i.e. Mauritian cyber community


02. What are the services provided by CERT-MU?

CERT-MU provides information and assistance to its constituents in implementing proactive measures to reduce the risks of information security incidents as well as responding to such incidents as and when they occur.

CERT-MU provides three types of services to its constituency. They are responsive services, awareness services and consultancy services. The responsive services include incident handling and vulnerability analysis while awareness services include the issuance of information security news, providing virus alerts, conducting seminars & workshops and providing a knowledgebase on our website. Services such as technical audits, penetration testing, disaster recovery and business continuity planning, advisory for national security policy development are covered in our consultancy services.


03. What are the main goals of CERT-MU?

            ·         handle security incidents and monitor security problems occurring within public and private sectors;

            ·         provide guidance to providers of critical information infrastructure to adopt best practices in information security;

            ·          warn and educate systems administrators and users by means of information distribution.


04. Who can report computer security incidents to CERT-MU?

All users, system administrators from public and private institutions,  parents and members of the public of Mauritian cyber community


05. What can be reported to CERT-MU?


 

             Users and System Administrators can report computer security incidents and vulnerabilities to CERT-MU.

1. If you encounter any of the violations given below, you may contact CERT-MU for technical assistance
        (i) Attempts (either failed or successful) to gain unauthorised access to a system or data therein 
       (ii) Disruption or denial of service

      (iii) Unauthorised use of a system for the processing or storage of data 
      (iv) Changes to system hardware, firmware, or software characteristics without owner's knowledge, instruction, or consent

       (v) Email-related security issues, spamming, mail bombing etc.


2. Users of different systems working on various platforms and using different applications may report any vulnerability found in these systems, platforms, applications, services and devices to CERT-MU.


06. How to report incidents to CERT-MU?
CERT-MU provides several channels to report an incident. You may fill the incident reporting form on our website, contact us through telephone, send us a fax or email us with the details of your incident.

Website

The incident can be reported by filling up incident reporting form on our website. Fill in as many of the fields as possible to enable us to assess the severity and nature of the incident and assist in recovery, as needed.

 

Electronic Mail

The CERT-MU email address for reporting incidents is:

 incidentEmail.png

 

Telephone Hotline

 

You can contact the CERT-MU on + (230) 800 2378

Fax

Incident report can be faxed to CERT-MU at  +(230) 208 0119


07. How to report a vulnerability to CERT-MU?

A vulnerability can be reported to CERT-MU by filling up the Vulnerability Reporting Form provided on our website. The information about a particular vulnerability can also be sent to CERT-MU by Fax or by e-mail:  

vulnerabilityEmail.png




About Important Terms on CERT-MU Website

01. What is a computer security incident?

A computer security incident is any real or suspected adverse event in relation to the security of computer systems or networks. It is an act of violating explicit or implied security policy resulting in, unauthorised access, denial of service/disruption, unauthorised use of a system for processing or storage of data or changes to system software, hardware, firmware characteristics without the owner's knowledge.


02. What is vulnerability?


A vulnerability is the existence of a flaw or weakness in hardware or software that can be exploited resulting in a violating of an implicitly or explicit security policy.


03. What is vulnerability scanning?

A vulnerability scanning looks for known vulnerabilities in your systems and reports potential exposures.  It is a necessary part of maintaining your information security and should be used more often.


04. What are security guidelines?

CERT-MU has prepared best practices & system specific security guidelines to help the Mauritian cyber community enhance security of their systems and networks.


05. What is an incident note?

An incident note is the information provided to its constituents by CERT-MU in response to wide spread exploitation of a specific vulnerability, which is based on statistical analysis of incidents reported to CERT-MU and our observations thereof.


06. ​What is an advisory?

An advisory is the information provided by CERT-MU in response to a critical vulnerability, affecting or potential to affect a large number of systems or networks in its constituency.

07. What is a vulnerability note?

A vulnerability note is the information provided by CERT-MU to its constituents in response to a new vulnerability discovered in a system, platform, service or device.


08. What is incident handling & response?

         CERT-MU will provide assistance to System Administrators in handling computer security incidents by providing advice and support in recovering from an incident, and containing the damage, restoring system to operation. Refer to Incident Reporting page.

  


09. What are FIRST and IMPACT?

FIRST is the international forum of incident response and security teams. Established in 1990, FIRST is a coalition that brings together a variety of security teams and computer security incident response teams from government, commercial, and academic organizations. Attending the yearly FIRST conferences can be a way for a new team to learn more about techniques and strategies for providing a response capability as well as to get in contact with established teams.

 

IMPACT – As the world’s first not-for-profit comprehensive global public-private partnership against cyber threats, the International Multilateral Partnership Against Cyber Threats (IMPACT) is the cybersecurity executing arm of the United Nations' specialised agency - the International Telecommunication Union (ITU). As the world’s first comprehensive alliance against cyber threats, IMPACT brings together governments, academia and industry experts to enhance the global community’s capabilities in dealing with cyber threats.



Disposal of Computer Equipment with Sensitive Information

01. Is it possible to retrieve data deleted with the "delete" command?

A typical "delete" command merely deletes the pointer to a file. The data will not be overwritten until the storage area is reallocated and re-used. By using commonly available utilities, it is possible to retrieve the deleted data in a computer.


02. How about the "format" command?

The "format" command in many cases merely creates an empty root directory and a new blank indexing scheme for all allocation units on the storage media making it available for the storage of new files. There are commercially available utilities to recover lost data from storage media caused by accidental execution of the "format" command.


03. Are there tools or software available for the complete data deletion purpose and are they reliable?

Commercial software and services are available in the market to perform secure data deletion by means of writing over the storage media a number of times and with different patterns. Those software packages which overwrite the data space with a character, the complement of that character, then a random character can be considered as reliable and follow current industry best practice for secure data deletion. However, you may need to evaluate the capability and features of such products and consult their respective product vendors for details to see if they fulfill your specific requirements. Also, besides technical solution, necessary checks and balances should be in place to ensure that the secure deletion process is performed and is successful. Some of the possible measures which you may consider include proper approval/logging of the whole process, sample check/verification of erase hard disks, etc.


04. Is it possible to recover data from a computer after being overwritten by those secure deletion tools?

To recover or reconstruct data that has been deliberately overwritten usually requires specialised devices and/or environment. Data recovery and/or guessing would likely be uneconomical and hence impractical after the secure deletion procedures that follow the industry best practices are adopted. 

In fact, Secure data deletion is one form of security risk management, similar to other information security topics. The security risk level associated with data deletion and recovery would be related to the value of the data being protected, the resources required to delete/undelete the data, and the cost of the equipment to be reused.


05. How do I dispose of confidential data on my hard drive?

Disk wiping, degaussing, and physical destruction are all methods to remove confidential information from a hard drive. 




Email Security

01. What is spam email?

According to Coalition Against Unsolicited Commercial Email (CAUCE), most commonly seen unsolicited commercial emails (UCEs) are:

  ·         Chain letters

  ·         Pyramid schemes (including Multilevel Marketing, or MLM)

  ·         Other "Get Rich Quick" or "Make Money Fast" (MMF) schemes

  ·         Offers of phone sex lines and ads for pornographic web sites

  ·         Offers of software for collecting email addresses and sending UCE

  ·         Offers of bulk emailing services for sending UCE

  ·         Stock offerings for unknown start-up corporations

  ·         Quack health products and remedies

  ·         Illegally pirated software


02. What are the negative impacts of spam email on the Internet Community?

Every time a spammer sends out spam email, the entire Internet community has to bear the cost, in particular the recipients and the ISPs at the receiving end. Some Internet users are paying for their Internet access time by the minute, so they are forced to spend extra online time and, therefore, money in downloading unwanted spam email.

 Spam is also disruptive to email users, wasting their time, and ultimately making the email as a convenient tool less useful if the amount of spam continues to grow. Spam email also ties up bandwidth and resources on computers and routers all over the Internet. Every unwanted email message adds to the total cost of operating the networks of computers that form the path of delivery to recipients. Spam email can disrupt a network by crashing mail servers and filling up hard drives. It also constitutes an invasion of Internet users' online privacy


03. How does spam work?

Most spam is commercial advertising. Companies and advertisers rarely send spam directly. They would hire some spammers to do the work. Spammers obtained mailing lists from some email address harvesters. The harvesters can collect email addresses via scanning web sites, newsgroups and email lists. In addition, harvesters can also develop programs to generate random email addresses lists.

With these lists, harvesters can bombard a domain with messages and the harvesters can obtain validated email addresses if the recipients respond to the messages.

With the mailing lists, spammers can start their work using spamming tool available in the Internet. When spammers first started, they used to send bulk mails from their own IP addresses. However, as email administrators learn from experiences and start blocking email from their sites, spammers have to find a way of sending unsolicited commercial emails. Finally, they found an easy way to accomplish this - Third Party Mail Relay or Open Relay.


04. What is a third party relay email server?

A third party mail relay is an email server receiving email from an unknown sender and then sending it on to a recipient or recipients that are not users of that email system. Some email systems enable this relay feature in the default installation. Taking into account the large number of mail servers that exist on the Internet, this is still a considerable number of servers which allow the relay.

 

Spammers can simply collect lists of third party mail relay in the Internet through some scanning programs. With the lists, spammers can configure the spamming tool with a relay's address, so it obscures their identity from the recipients and places the burden of the work on an email server that they don't worry about overloading or crashing.



General

01. What is Information Security?

Information Security is protecting the confidentiality, integrity and availability of information and information systems from unauthorized access, use, disclosure, disruption, modification or destruction


02. What is IT Security?

There is no exact definition, but the general idea is to protect of any IT information and resources with respect to confidentiality, integrity, availability, non-repudiation and authentication


03. What should we do first to ensure IT Security?

It is recommended to use a systematic approach by first considering the security interest of the organization or department as a whole. First identify the security requirements of ther organization, and then establish the security policy followed by enforcement. But periodic and continuous review and monitoring are definitely necessary in order to have an effective and efficient security policy.


04. What is phishing?

Phishing attacks use 'spoofed' e-mails and fraudulent websites designed to fool recipients into divulging personal financial data such as credit card numbers, account usernames and passwords, social security numbers, etc. By hijacking the trusted brands of well-known banks, online retailers and credit card companies, phishers try to convince recipients to respond to them. 


05. How to identify your security requirements?

First of all, it is necessary to identify what is going to be protected, such as equipment and assets. Then, to find out the related threats, the impact of each threat and the chance of their occurrence. To identify the threats which are often of different natures, a process namely risk analysis is normally used. Through this process, one can identify what assets to protect, their relative importance, and the priority ranking for urgency and level of protection required. As a result, a list of security requirements can be defined for one’s organization.


06. What is a Security Policy? How is it related to security standards, guidelines and procedures?


Security policy sets the basic mandatory rules and principles on information security. It should be observed throughout an organization and should be in accordance with your security requirements and organization's business objectives and goals. Security standards, guidelines and procedures are tools to implement and enforce security policy such that more detailed managerial, operational and technical issues can be considered. Standards, guidelines and procedures may require more frequent reviews than security policy.


07. What should be considered first when drafting a security policy?

These include:

·            Goals and direction of the organization

·            Existing policies, rules, regulations and laws of the Government

·            Organization's own requirements

·            Implementation, distribution and enforcement issues


08. Who should be involved in development of a Security Policy?

Developing a Security Policy requires an active support and ongoing participation of individuals from multiple ranks and functional units. A working group or task force to develop the Policy should be formed. But the exact group of personnel required depends on the organization's requirements. In general, this group may include empowered representatives from management, technical personnel, system developers, operational personnel, officers or users. Management represents the interests of the organization's goals and objectives, and can provide the overall guidance, assessment and decision making. Technical personnel can provide technical support for various security mechanisms or technological aspects. Users represent the users of related systems who may be directly affected by the Policy. Sometimes, a third party may get involved to review the Policy drafted.


09. How to develop a Security Policy?

First of all, the group of people involved in developing the Policy should be identified. Second, make all necessary plans for activities, resources acquired and schedules. Then determine the security requirements, and establish the Security Policy. It is required to go through several iterations of review and refinement for the Policy before a complete one can be established. As technology, environment and requirements often change, continuously reviewing and monitoring of the Security Policy should be regularly practiced in order to make it effective and useful for your organization.


10. What can I include into my Security Policy?

Typical contents may include the policy objectives and scope, the assets to be protected, the roles and responsibilities of the involved parties, the DO and DON'T rules and security incidents reporting and handling. However, the exact contents and level of details depend on the security requirements and the organization's business objectives. Before drafting your security policy, one should also consider the goals and directions of the organisation, the existing policies, rules, regulations and laws, and implementation, distribution and enforcement issues.


11. What are the benefits of having a Security Policy?

Entire staff can clearly understand what is and is not permitted in the organisation relating to the protection of IT resources. This also helps to raise the level of security consciousness and to provide a baseline on which detailed guidelines and procedures can be established. It may also help to support the decision of prosecution against security violations.


12. What should I consider when implementing Security Policy?

You must first observe your organization's procedures, rules and regulations for implementation. However, no policy is considered to be implemented unless users or related parties have commitment and communication. This can be done through briefing, orientation and ongoing training. Make them aware that the Policy can create benefits to their daily work and if possible, invite them to participate in the process of developing the Policy. This can gain their commitment and acceptance of the Policy.​


13. What is meant by Security Assessment?

Security assessment here is defined as the methods to assess the security of the network or system. Security assessment software is specially designed to reduce the chance of internal abuse by searching and eliminating unnecessary security risks and vulnerabilities on internal hosts and workstations. These assessment tools are often used for security audit.


14. What is a Security Audit?

A security audit is performed in order to check and review the effectiveness and completeness of the security controls, the security policy, standards, guidelines and procedures. It will identify any inadequacies of the policy and related standards, and will find out if there are any security vulnerabilities of IT resources. Recommendations and remedy actions on security measures will be provided. In fact, a security audit should be an on-going process which should be performed periodically or regularly as there may be new vulnerabilities coming up daily.


15. How often should a Security Audit be performed?

A Security Audit only provides a snapshot of the vulnerabilities revealed at a particular point of time. But technology and your environment changes daily. There may be vulnerabilities found in the future even if all existing vulnerabilities have been identified. So,periodic and ongoing review is inevitably required.


16. Who should perform a Security Audit?

As Security Audit is a complex task and requires skilled and experienced personnel accommodated with existing system administrators, it must be planned carefully. A third party is recommended to perform the audit. This third party can be another group of in-house staff or an external audit team depending on the staff's skills and the sensitivity of the information being audited.


17. What is an IT Security Incident?

An IT Security Incident is any event that could pose a threat to the availability, integrity and confidentiality of a computer system. Such incidents can result in the destruction of data and disclosure of information.


18. How to handle a security incident?

A security incident handling plan should be defined to identify as far as possible all kinds of security incidents that may occur. The plan should be set up with a set of goals and objectives. When a security incident occurs, try to follow the procedures stated in the security incident handling plan. The plan may list all the activities such as the person to notify, the actions to protect the evidence and logs, the ways to limit the effect of the incident and the recovery procedures with minimal user impact. Evaluation of the incident should not be omitted as this can review the existing security measures, and ensure the completeness of these security measures.


19. What is an intrusion?

An intrusion is a set of actions which attempt to compromise the availability, confidentiality and integrity of an information resource. Generally speaking, intrusion detection is the methodology by which intrusions are detected. This includes detection of intruders breaking into a system or users misusing the system resources.


20. Why do I need an Intrusion Detection System (IDS) if my network already has a firewall?

Firewalls are only part of the total integrated security system. They do have limitations. They can neither alert on ALL intrusions nor stop ALL security breaches. They are frequently and easily misconfigured. Organizations are dynamic. People, technology and process often change. Unless you are constantly monitoring for intrusions, you cannot know if your firewall is working properly. Hence, the IDS is a vital tool to monitor your network 7 days x 24 hours per day. But bear in mind that IDS is just an addition to the firewall.


21. What doesn't Intrusion Detection do?

Intrusion Detection cannot help you to solve or fix the problem. It can neither tell you exactly who and how the attack occurred nor the intention of the attacker. It can only provide you with logs about the origin of the attack and who is making the attack, but most often these logs may not be able to tell you who is the real attacker.


22. What is a network firewall and what can a firewall protect against?

A firewall is a group of systems that enforce an access control policy between two networks. In principle, the firewall can block traffic from the outside to the inside and permit traffic from the inside to communicate to the outside world. The firewall can also provide logging and auditing functions to record all traffic passing through it. In other words, a firewall can protect the internal network against any attacks from outside by defining an access control policy to permit or deny traffic. However, the firewall cannot protect against attacks that do not go through it and cannot protect against things like viruses or data driven attacks. It should be noted that firewalls are only part of the overall network security and the proper configuration of the firewall plays a very important role as well.


23. What are the security risks that affect the Web servers?

Once you install a Web server at your site, you have opened a door into your local network for external visitors. From the view of the network administrators, you are opening up potential security hole. You have to bear the risks associated with this opening. Bugs or misconfiguration of the Web server can allow unauthorised remote users to access information which is not intended for them. Hackers may even execute server commands to modify the system, gain information about the Web server's host machine or launch attacks. Client side browsers may be attacked by these hackers and their personal information may be retrieved by these hackers through the hole. Network data sent from browser to Web server or vice versa may be intercepted by eavesdropping. Hence, all your information is vulnerable to interception if there is no proper system security on both browser and server sides.


24. What general security precautions should I take for my web servers running on UNIX and NT systems?

In general, there are many precautions that can be taken. For example, you can limit the number of user accounts available on the machine. Try to ensure that users select good passwords. Remove all unused services, shells and interpreters. Configure your web servers correctly and ensure that the file permissions are granted to those authorised parties. Regularly check for system and Web logs for suspicious activity.


25. How can I protect the personal computer and public network against virus?

A virus is a piece of code that can replicate itself and spread to other computers via floppy diskettes or data communication channels such as emails. It is recommended to install a memory-resident anti-virus program to continuously monitor the microcomputer. Virus protection should also be done on servers as well. Administrators are required to install some server-based anti-virus package into the servers with proper settings. A virus scanning software should be installed into the server's boot-up drive, and be activated at all times to prevent boot sector from infection. Administrators should also include a virus prevention and detection process into their daily routine. Of course, regular updates on the version of the virus prevention and detection software are essential to ensure the accuracy of detection and coverage for new classes of virus.


26. How can I protect the personal computer and public network against virus?

A virus is a piece of code that can replicate itself and spread to other computers via floppy diskettes or data communication channels such as emails. It is recommended to install a memory-resident anti-virus program to continuously monitor the microcomputer. Virus protection should also be done on servers as well. Administrators are required to install some server-based anti-virus package into the servers with proper settings. A virus scanning software should be installed into the server's boot-up drive, and be activated at all times to prevent boot sector from infection. Administrators should also include a virus prevention and detection process into their daily routine. Of course, regular updates on the version of the virus prevention and detection software are essential to ensure the accuracy of detection and coverage for new classes of virus.


27. What are the general considerations for protecting the network?

It is desirable to limit the connection to outside networks to those hosts which do not store sensitive information. All access to and from the local network must be made through a single host computer that acts as a firewall. Keep the network simple by minimizing the number of network interface points between the internal and external network. Only authorised traffic is allowed to pass via the internal network. If possible, use multiple authentication systems to monitor the users. However, network security only covers a small area in the overall security system; the data owner is also responsible for the security of the data.


28. What is meant by physical security?

Physical security refers to the protection of hardware and computer equipment from external physical threats.


29. What is meant by application security?

Application security refers to the additional security measures built in the application itself to provide a more secure environment. It is highly related with system developers.


30. What can be considered for Internet Security?

Internet security covers a wide range of issues such as identification and authentication, virus protection, software licensing, remote access, dial-up access, physical security, firewall implementation and other aspects relating to the use of Internet.


31. How to protect my privacy online?

There are many ways to protect your privacy online. For example, you should not share your personal information such as your name and address with anyone online, unless you want them to know. Think carefully before giving out your personal information online, as this information about yourself may end up being used for other purposes. Secure your email by digitally signing and encrypting it before transmission and storage. Safeguard your personal computer at work and at home because it is physically open to attack or theft. Often change your password and keep it secret. Try not to use passwords that are your obvious names or easy to guess.


32. How to ensure that the user passwords are secure?

This depends on the password mechanisms and how the user himself keeps his own password. User should select a password that is difficult to guess and keep the password as secret as possible. He should also change his own password immediately after system recovery or upon receipt of the new password. Administrator should ensure that each new user is granted with a good initial password instead of using a default one. Procedures should be set up to ensure that only the real person is requesting the new or change password and gets that password. No passwords should be displayed on the screen at any time. User passwords which are used for authentication and administration should be encrypted before stored.


33. How do I protect myself from identity theft?

Spyware is software installed on your computer without your consent to monitor or control your computer use. Clues that spyware is on a computer may include slow performance when opening programs or saving files, toolbars or icons on your computer desktop that you didn't place there, random error messages, and in some cases, there may be no symptoms at all. 


34. What is Identity theft?
Identity theft is the unauthorized collection and use of   your personal information, usually for criminal purposes. Your name, date of birth, address, credit card,  and other personal identification numbers can be used to open credit card and bank accounts, redirect mail, establish cellular phone service, rent vehicles, equipment, and accommodation.



35. How to fight identity theft?
  • Minimize the risk. Be careful about sharing personal information or letting it circulate freely.
  • When you are asked to provide personal information, ask how it will be used, why it is needed, who will be sharing it and how it will be safeguarded.
  • Give out no more than the minimum, and carry the least possible with you.
  • Be particularly careful about your NID; it is an important key to your identity, especially in credit reports and computer databases.
  • Don't give your credit card number on the telephone, by electronic mail, or to a voice mailbox, unless you know the person with whom you're communicating or you initiated the communication yourself, and you know that the communication channel is secure.
  • Take advantage of technologies that enhance your security and privacy when you use the Internet, such as digital signatures, data encryption, and “anonymizing” services.
  • If credit card or utility bills fail to arrive, contact the companies to ensure that they have not been illicitly redirected.
  • Notify creditors immediately if your identification or credit cards are lost or stolen.
  • Ask that your accounts require passwords before any inquiries or changes can be made, whenever possible.
  • Choose difficult passwords – not your mother's maiden name. Memorise them, change them often. Don't write them down and leave them in your wallet, or some equally obvious place.
  • Key in personal identification numbers privately when you use direct purchase terminals or ATM machines.
  • Be careful what you throw out. Burn or shred personal financial information such as statements, credit card offers, receipts etc


General Virus Protection

01. What is a Virus?

Since the first PC virus was found in 1986, the total number of virus has been rocketing to an enormous figure. As many may have known, computer virus is a piece of malicious program which is able to affect the normal operation of a computer system. Why we call these malicious codes computer virus? Computer scientists have found a number of similarities between biological virus (like “H1N1 “) and computer virus. First of all, both of them need a host for residence. In case of computer virus, the host is usually the infected file / disk. Secondly, both of them are capable of self-replicate from one host to another. Finally, both of them may cause damage to the host. But there is at least one difference: computer viruses are created by human while biological viruses are not. When a virus strikes, the results range from merely annoying screen displays to disastrous and extensive data corruption. With the growing popularity of microcomputers, the threat of virus should definitely not be negligible. Notwithstanding, with appropriate counter-measures in place, we are still able to prevent/minimize the loss from computer infection.


02. How can virus affect us?

Computer virus affects the health of your computer just like their biological counterparts make you sick. Typical payload of computer virus includes creating some annoyances (e.g. affects your mouse / keyboard), removing files from your hard disk and formatting your hard disk. It’s only the discovery of CIH virus that corruption to BIOS data has been added to the list of payloads. Computer virus may seem remote from you. It may be true in the old days, when few of us have PC at home and virus spread slowly with the exchange of floppy disks. But time has changed; virus can now reach us through a number of routes. They may arrive from the shared files in the server, mails from your colleagues, files downloaded from the Internet. And worst still, some vendors delivered the machines / CD ROMS with virus pre-installed. In addition, the outbreak of the Melissa virus proved that virus could spread around the globe just within hours. 


03. What is the Wild List?

The Wild List is a list of the most common viruses infecting computers worldwide, and is compiled by the well-known antivirus researcher Joe Wells. Wells works closely with antivirus research teams around the world to update the list regularly.

A product that detects 90 percent of ' in the wild ' viruses will detect 90 percent of the viruses on this list - or 90 percent of the most common viruses circulating.


04. How to prevent virus?

Computer virus is around you and me. Nevertheless, we could minimize the chance of being infected by taking sufficient preventive measures. The following provides some guidelines on preventing computer virus:

 ·         DO NOT use Illegal software under any circumstances.

  ·        Connection to Internet should be controlled.

  ·         DO NOT run programs downloaded from Internet / doubtful origin. If it is necessary to do so, you should scan the file with an up-to-date virus scanner.

  ·         Scan files attached in e-mails with up-to-date anti-virus program before use.

  ·         Set C: as the default boot up drive (by changing the settings in the CMOS setup). This will decrease the chance of infecting boot sector virus.

  ·         Check floppy diskettes and files (especially those of unknown origin) with a virus scanning programs before use.

  ·         Write-protect all floppy diskettes that you do not expect to write to and remove floppy diskettes from drive slots when they are not being referenced.

  ·         Make sure that you backup your files regularly so that you can recover them after a virus attack.


05. How to detect virus?


New viruses are being developed every day. New techniques may render existing preventive measures insufficient. The only truth in virus and anti-virus field is that there is no absolute security. However, we can minimize the damage by identifying virus infections before they carry out their payload. The following lists some ways to detect virus infections:

·         Watch out for any changes in machine behaviour. Any of the following signs could be symptoms of virus activity:

o    Programs takes longer time than usual to execute,

o    Sudden reduction in system memory available or disk space

·         A memory-resident anti-virus program can be employed to continuously monitor the computer for viruses.

·         Scan your hard disk with an anti-virus utility. You should make sure that an up-to-date virus signature has been applied and you should update the signature at least once a month.

Employ server-based anti-virus software to protect your network. You should also consider employing application-based anti-virus software (e.g. those running on Lotus Notes) to further protect your machine.

06. Are there CMOS viruses?

Although a virus can write to (and corrupt) a PC's CMOS memory, a virus can NOT ' hide ' there. The CMOS memory is not ' addressable '. Data stored in CMOS would not be loaded and executed on a PC. A malicious virus can alter the values in the CMOS as part of its payload causing the system to be unable to reboot, but it cannot spread or hide itself in the CMOS.

 

A virus could use CMOS memory to store part of its code, but executable code stored there must first be moved to the computer's main memory in order to be executed. Therefore, a virus cannot spread from, or be hidden in CMOS memory. And there is no known virus that stores code in CMOS memory.

 

There had been reports of a trojanized AMI BIOS. It is not a virus, but a ' joke ' program which does not replicate. The malicious program is not on the disk, nor in CMOS, but was directly coded into the BIOS ROM chip on the system board. If the date is the 13th of November, it stops the boot up process and plays ' Happy Birthday ' through the PC speaker


07. Are there BIOS viruses?


Theoretically, it is possible to have a virus that hide in BIOS and be executed from BIOS. Current technology enables programs to write codes into BIOS. BIOS are the place for storing the first piece of program to be executed when a PC boots up.



08. How to clean virus?

Virus has been found? Don’t panic! The following is some pieces of advice about removing computer virus:

  ·   All activities on infected machine should be stopped (and it should be detached from the network) as the payload may be triggered at any time.               Continuing the use of the infected machine help the suspected virus spread further.

    ·     Recover from backup is the most secure and effective way to recover the files.

    ·     In some cases, you may recover the boot sector, partition table and even the BIOS data using the emergency recovery disk.

In case you do not have the latest backup of your files, you may try to remove the virus using anti-virus utilities


09. Do we have to fear virus?

Computer viruses are not Devils. They are just computer programs with self-replication function. That means they are able to make copy of itself. Since the process is automatic, the program is able to spread inside a computer or inside a network. Anti-virus software is designed by international companies to detect and clean such virus programs. With up-to-date virus signature, almost all viruses can be detected and removed easily. For new viruses not detected by anti-virus software, a new virus signature update will usually be available within a week.


10. Are there mobile phone viruses?
Mobile phones that do not allow user to install new applications on the device and are limited to using only the on-board applications burned into ROM (read only) or Flash memory chips are not susceptible to classical computer virus attacks. However, the new generation of smart phones are essentially mobile-enabled PDAs. These devices permit the user to install new software on the device at any time. Therefore, as with any computing platform, smart phones are also susceptible to virus attacks. Thus far, there have already been some reports of minor viruses attacks on mobile devices. 

11. Can data files be infected?
Usually not. The exception is data files that contain executable code, which can be infected by viruses. A good example of this is a Microsoft Word file (.DOC, .DOT). Although Word files are technically data files, they may contain macros, which are executable and therefore susceptible to infection.

12. Do we have to fear virus?

Computer viruses are not Devils. They are just computer programs with self-replication function. That means they are able to make copy of itself. Since the process is automatic, the program is able to spread inside a computer or inside a network. Anti-virus software is designed by international companies to detect and clean such virus programs. With up-to-date virus signature, almost all viruses can be detected and removed easily. For new viruses not detected by anti-virus software, a new virus signature update will usually be available within a week.


13. Are there mobile phone viruses?

Mobile phones that do not allow user to install new applications on the device and are limited to using only the on-board applications burned into ROM (read only) or Flash memory chips are not susceptible to classical computer virus attacks. However, the new generation of smart phones are essentially mobile-enabled PDAs. These devices permit the user to install new software on the device at any time. Therefore, as with any computing platform, smart phones are also susceptible to virus attacks. Thus far, there have already been some reports of minor viruses attacks on mobile devices. For more information, see Types of Virus


14. Can data files be infected?
Usually not. The exception is data files that contain executable code, which can be infected by viruses. A good example of this is a Microsoft Word file (.DOC, .DOT). Although Word files are technically data files, they may contain macros, which are executable and therefore susceptible to infection.

15. What is a macro virus and how does it spread?

Macro viruses are special macros that self-replicate in the data files of applications such as Microsoft Word and Excel. The majority of macro viruses infect Word document files. When a file containing infected macros is opened, the virus usually copies itself into Word's global template file (typically NORMAL.DOT). Any document opened or created subsequently will be infected.

Macro viruses become part of the document itself, and are transferred with the file via floppy disks, file transfer, and e-mail attachments.

 


16. What's the worst damage a macro virus can do?

Like all computer viruses, macro viruses can destroy data. For most users, the worst thing a macro virus might do is to reformat their computer hard drives. While most of the known macro viruses are not destructive, many cause a considerable loss of productivity and time.



17. How to minimize Word macro viruses' destruction to hard disks and files?

Of course the most secure method is to back up your data regularly and use antivirus software that is able to scan your documents before Word startup.


18. Will viruses infect Access?

Yes. The first Access macro virus JETDB_ACCESS-1 infects Chinese, English, Japanese and other versions of Access. This virus once infects a database will search and infect all .MDB files in the current directory.



19. Will I be infected when I access Internet FTP server? Will virus be downloaded during file downloading?

The files on the FTP server may be infected with computer virus(es). Your computer will be infected if you run / open the infected file(s). Therefore, you should scan files downloaded from the Internet before use.


20.Will virus infect my machine if I connect to the Internet and view Web pages/download programs?

If you are only viewing web pages written with HTML only (i.e. no Active X, active scripting, JAVA, etc.) and that your computer has been patched with the latest security patches, the answer is ' No ' . However, if your computer is not fully patched or if you run Active X controls, active scripting and JAVA applets, or run programs downloaded from the Internet, it is possible that these programs contain viruses and affect your machine. Computer users should take the following security measures when surfing the Internet:

 

   ·         Ensure that the operating system and software on your computer have been applied with the latest security patches.

   ·         Enable real-time scanning of anti-virus software and use the latest virus signature.

   ·         Avoid visiting suspicious/untrusted websites.

   ·         Do not execute unsigned ActiveX control or ActiveX control from un-trusted sources.

   ·         If possible, disable running active scripting in browser setting.

Avoid downloading programs from un-trusted websites, since they have high risk of causing virus infection.



21. Can e-mail message be infected?

Plain electronic mail messages with pure text containing no executable code will not be infected. However, HTML e-mails which can contain executable scripts as well as files attached to the e-mail message may be infected. Most anti-virus software nowadays can be configured to scan e-mails and their attachments.


22. Can firewalls detect virus?
Firewalls do not screen computer viruses. As the location of firewalls within a network is usually a good place for virus scanning, some firewalls have plug-in virus-scanning modules. And some programs are also available for scanning viruses at a point either before or after a firewall.

 

You may wish to note that scanning FTP or HTTP traffic adds heavy network overhead but blocks only one of the sources of virus, as virus can get into the local intranet through floppy disks, CDROM or even a brand new PC.


23. What is scan engine? Why do I have to update signature file as well as the scan engine of my antivirus software?
A virus scanning engine is the program that does the actual work of scanning and detecting viruses while signature files are the ' fingerprints ' used by the scan engines to identify viruses. New scan engine versions are released for a number of reasons. About 6 to 8 new viruses are found everyday around the world. New types of viruses may not be detected by the old engine. New versions of scan engine usually also enhance scanning performance and detection rates. Some vendors provide updates for both the scan engine and signature file in a single file while others will provide them in separate files    .You may find the link to update your anti-virus software in the following web page.

24. Why some viruses can be detected but not cleaned with the anti-virus software?
Anti-virus software not only detect viruses, but also other types of malicious codes, which may not be cleanable. For example, trojan horse is a type of malicious code that should be deleted instead of cleaned. In other cases, the virus may have corrupted the file and made it impossible to be cleaned / recovered. Nevertheless, there are some tips you can do to maximize the likelihood of recovering the file using anti-virus software:

 

    ·         Check whether the virus signature files and scan engine are up-to-date.

    ·         Make sure there is enough free space on the disk.

    ·         Check if removal instructions or automatic removal tool is available from anti-virus vendor web sites.

If still unsuccessful, obtain a virus sample and send it to anti-virus vendors for recommended actions


Wi-Fi Security

01. How to prevent unauthorized Wi-Fi access?

To prevent unauthorized Wi-Fi access, you can consider implementing the following measures on your wireless access point (AP).

  ·    Change the default setting such as, user name and password of Access Point (AP).

  ·   Turn on wireless data encryption WPA2-PSK (Preshared key) with AES protocol; with minimum 20 characters passphrase contains at least one capital letter and one numeric letter.

  ·   Enable the MAC address filtering feature on AP and only allow devices with pre-registered MAC address to connect.

  ·   Do not broadcast the service set identifiers (SSID).

  ·   Turn off the AP when not in use.

 


02. How to prevent hacking of insecure default configuration?
To prevent unauthorized Wi-Fi access, you can consider implementing the following measures on your wireless access point (AP).

   ·     Change the default setting such as, user name and password of Access Point (AP).

  ·    Turn on wireless data encryption WPA2-PSK (Preshared key) with AES protocol; with minimum 20 characters passphrase contains at least one    capital letter and one numeric letter.

   ·      Enable the MAC address filtering feature on AP and only allow devices with pre-registered MAC address to connect.

   ·      Do not broadcast the service set identifiers (SSID).

   ·     Turn off the AP when not in use.


03. How to prevent hacking via weak protocol?

Use WPA2-PSK (Preshared Key) with AES protocol for the data encryption. WPA2 is more secure than WPA and WEP and those algorithms had been broken. To protect against brute force attacks, minimum 20 characters should be used and passphrase should contains at least one capital letter and one numeric letter. Apart from the data encryption, user should disable the service (SNMP and WPS) which is not in use and upgrade the firmware regularly.


04. How to prevent clients sniffing each other?
Some AP has built-in function to isolate connection between clients. This function has different name in different products (e.g. AP Isolation, Privacy Separator). In addition, make sure you use https connection as possible while browsing the Internet.

05. How to minimize the exposure of corporate network via Wi-Fi for guest?

If you provide Wi-Fi connection to guest, you should separate them into an isolated Wi-Fi network. Guest should have limited access to Internet only (Web browsing) and not able to access internal resources, such as file server. System administrator should review the traffic and audit log regularly, as it can help in the detection of security incident.


06. How to minimize the exposure of internal Wi-Fi?
Below are some suggestions that you can implement to minimize the exposure of internal Wi-Fi.

  ·         Change the AP default user name and password.

  ·         Do not broadcast the SSID of the AP.

  ·         Only allow registered wireless network devices to connect.

  ·         Turn on wireless data encryption.

  ·         Classified Wi-Fi networks as untrusted networks and password protect your computers and files.

  ·         Use firewall and network intrusion detection to detect and defend network attack.

  ·         Periodically check AP logs for abnormal traffic and rogue users.

  ·         Turn off wireless cards and APs when not in user.


07. How to plan and deploy secure corporate Wi-Fi network?
Wireless network provides the mobility for user to work within the company. It also provides a way for you to allow visitors to access Internet with their mobile devices. Planning and deploying is more complicated than just plug in the wireless AP within your corporate. You need to establish policies for the usage and control of Wi-Fi network, select the security measure to minimize the risk in Wi-Fi networks and secure Wi-Fi communications.

You may reference the below for planning and deploying Wi-Fi network.

  Security Polices:

       ·  Define the usage of the Wi-Fi network and security requirement of the Wi-Fi connection

     ·   Define the type of information that is not allowed to send over wireless network.

       ·   Define the procedure of reporting the loss of WLAN device.

       ·   Keep an accurate inventory of all WLAN devices

       ·   Remove all configuration and sensitive information from the WLAN device before disposal.

 

  Wi-Fi location and network design:

       ·    Wireless site survey should be conducted to tune the power of APs to provide just sufficient coverage and roam capability.

       ·     Treated Wi-Fi network as untrusted network and segment the wireless traffic in a separate network.

 

 Security protection:

    ·    Deploy Network Intrusion system (WIPS/WIDS) which support rouge AP Identification and Denial of Service protection such as AP flooding.

    ·    Disable all insecure and unused management protocols of AP and configure it for least privilege.

    ·    Enable the AP access threshold parameters, such as inactivity timeouts and maximum supported associations.

    ·    Enable the AP logging features and forward the log entries to a remote logging server

    ·    Disable the ad-hoc mode of wireless client device.

    ·    Incorporate the enterprise login system (such as RADIUS and Kerberos) for authentication

    ·    Adopt the latest authentication option, such as Extensible Authentication Protocol (EAP) to get the higher protection level.

   ·     Limit the services provided in WLAN, especially guest WLAN. Apply access control and quality of service control to ban unallowed traffic or unwanted overuse of bandwidth.


 Ongoing maintenance:

  ·  Wireless vulnerability assessment should be performed regularly to look for the enforcement of security policy, unknown wireless devices or security          threat due to mis-configuration or device vulnerability.

    ·  Regular review of access and traffic of AP for abnormal traffic and rogue users.

    ·  Update the firmware of wireless devices periodically.

 


08. How to ensure continuous security of corporate Wi-Fi network?
Security requires ongoing maintenance and education, it is important to regularly maintain the wireless network for highest level of security.

   ·   Regular review of access and traffic of AP for abnormal traffic and rogue users.

   ·   Update the firmware of wireless devices periodically

   ·   Perform wireless vulnerability assessment regularly to look for the enforcement of security policy, unknown wireless devices or security threat due to   mis-configuration or device vulnerability.

   ·   Subscribe wireless security newsletter and alert and attend security seminar to keep abreast of new security trend.


09. Should I use free public Wi-Fi without encryption?

You should avoid using free public Wi-Fi without encryption, if you do so, you should avoid login to your email, online shopping or e-banking web sites.

 


10. How to avoid connecting to malicious Wi-Fi AP?
To avoid connecting to malicious Wi-Fi AP, you should be aware of the SSID you are connecting. Do not connect to a SSID called “Free Public Wi-Fi”, this is usually an ad-hoc network created by another laptop or a trap that trick you to connect to a harmful network and then infect your laptop or steal personal data.

Some wireless AP requires you to accept the usage agreement on the landing page, you should verify their certificate by clicking the SSL Lock icon ( ) before you accept the usage agreement. Finally you should turn off the Wi-Fi device when it is not in use to avoid it automatically connect to unknown AP.


11. How to secure communication via public Wi-Fi?
Public Wi-Fi access is generally treated as insecure connection. Many public Wi-Fi are completely unencrypted so that users can connect to it easily. Intruder could easily see all data being transmitted if it is unencrypted. Therefore, you should only connect to a Wi-Fi hotspot with encryption enabled. Below are some tips which help you access public Wi-Fi safely.

   ·     Avoid sending financial / personal information over public Wi-Fi network. If you must enter your sensitive information, make sure you are connecting to https web site. There is a lock icon in the browser windows and the site’s address begins with “https”

   ·     Turn off file and printer sharing on computer when connecting to public network.

   ·      Make sure your Internet browser, computer and antivirus signature are up-to-dated and turn on your system firewall.


12. How to communicate sensitive information over public Wi-Fi?
We do not recommend sending sensitive information such as financial information and bank account, at public Wi-Fi hotspot. If you do, make sure you are connecting to a legitimate hotspot and web sites with encryption enabled.

13. What is an IP number?

The IP address is a number unique to each computer, used to identify you on the internet. For example: 192.0.2.1



14. What should I do when my program report that someone tried to break into my machine?

You should make a complaint to the network where the attack came, containing all logs related to the attack reported that their program.