Post on 16-Jul-2015
Troubleshooting security threats.
Page 2
Instructor, PACE-IT Program – Edmonds Community College
Areas of Expertise Industry Certifications
PC Hardware
Network Administration
IT Project Management
Network Design
User Training
IT Troubleshooting
Qualifications Summary
Education
M.B.A., IT Management, Western Governor’s University
B.S., IT Security, Western Governor’s University
Entrepreneur, executive leader, and proven manger
with 10+ years of experience turning complex issues
into efficient and effective solutions.
Strengths include developing and mentoring diverse
workforces, improving processes, analyzing
business needs and creating the solutions
required— with a focus on technology.
Page 3
– Common symptoms.
– Common security tools.
– Remediation best practices.
PACE-IT.
Page 4
Troubleshooting security threats.
Page 5
– There can be just a few symptoms of a
compromised system.» Alternatively, there can be many symptoms. It really all
depends upon the breach and purposes of the malware.
– Pop-ups.» Uncontrolled pop-ups are a major annoyance.
– Browser redirection.» Even after resetting the home page.
– Security alerts.» Alerts can be from your antivirus or Windows OS.
Troubleshooting security threats.
Page 6
– Slow performance.» The malware is consuming node resources.
– Internet connectivity issues.» The malware is interfering with the node’s connectivity.
– PC lock up.» The intention of the malware might not be to lock up the
PC, but, then again, it still might.
– Windows Update failure.» Especially problematic if the malware has exploited a
zero day vulnerability.
– Rogue antivirus.» What better way to monetize the process than to infect
the PC and get paid to fix it.
Troubleshooting security threats.
Page 7
– Spam.» Can be excessive receiving or manifest itself as sending.
– Renamed system files. a» Makes it more difficult to repair or restore the system.
– Files disappearing.» Usually not the intention, but it has been known to
happen.
– File permission changes.» If they are not the permissions that have been
established.
– Hijacked email.» Hijacked email accounts are a great way to send spam.
– Access denied.» Makes it more difficult to repair or recover the system.
Troubleshooting security threats.
Page 8
Troubleshooting security threats.
Page 9
– Antivirus (spyware, malware) software.» Part of the first line of defense.
» Can all be rolled into one application, or can be separate
applications.
– Event Viewer.» Reviewing logs can help to determine if unusual activity is taking
place and help to determine what the cause is.
– System Restore.» Can roll a system back to a previous state (before infection).
– Recovery Console.» Access recovery and repair tools (like safe mode and the C:\>).
– Preinstallation Environment (PE).» PE is used during the installation process and in some recovery
processes.
» PE with antivirus is often called offline scanning and is effective.
Troubleshooting security threats.
Page 10
Troubleshooting security threats.
Page 11
Steps
1) Identify the symptoms.
2) Quarantine the infected system.» Remove the network cable or shut down wireless.
3) Disable System Restore.» Only make a backup of the infected system if you want to do research.
4) Remediate the infected system.» Update antivirus software and remove the infection.
5) Schedule scans and updates.
6) Enable System Restore and create a restore point.
7) Educate end users.
Troubleshooting security threats.
Page 12
Troubleshoot security threats.
Pop-ups, browser redirection, security alerts, slow performance,
connectivity issues, lock ups, update failures, rogue antivirus, spam,
renamed system files, missing files or permissions changed, hijacked email,
and denied access all point to a malware infection.
Topic
Common symptoms.
Summary
Anti-malware applications are the first line of defense. The Recovery
Console, System Restore, PE, and Event Viewer can all help in either the
identification or recovery process.Common tools.
Follow the seven-step process: identify, quarantine, disable restore,
remediate the infection, reschedule scans and updates, enable restore and
create a restore point, and finish up by educating the end user.Remediation best practices.
Page 13
THANK YOU!
This workforce solution was 100 percent funded by a $3 million grant awarded by the
U.S. Department of Labor's Employment and Training Administration. The solution was
created by the grantee and does not necessarily reflect the official position of the U.S.
Department of Labor. The Department of Labor makes no guarantees, warranties, or
assurances of any kind, express or implied, with respect to such information, including
any information on linked sites and including, but not limited to, accuracy of the
information or its completeness, timeliness, usefulness, adequacy, continued availability
or ownership. Funded by the Department of Labor, Employment and Training
Administration, Grant #TC-23745-12-60-A-53.
PACE-IT is an equal opportunity employer/program and auxiliary aids and services are
available upon request to individuals with disabilities. For those that are hearing
impaired, a video phone is available at the Services for Students with Disabilities (SSD)
office in Mountlake Terrace Hall 159. Check www.edcc.edu/ssd for office hours. Call
425.354.3113 on a video phone for more information about the PACE-IT program. For
any additional special accommodations needed, call the SSD office at 425.640.1814.
Edmonds Community College does not discriminate on the basis of race; color; religion;
national origin; sex; disability; sexual orientation; age; citizenship, marital, or veteran
status; or genetic information in its programs and activities.