Pace IT - Troubleshooting Security

Troubleshooting security threats.

Instructor, PACE-IT Program – Edmonds Community College

Areas of Expertise Industry Certifications

PC Hardware

Network Administration

IT Project Management

Network Design

User Training

IT Troubleshooting

Qualifications Summary

Education

M.B.A., IT Management, Western Governor’s University

B.S., IT Security, Western Governor’s University

Entrepreneur, executive leader, and proven manger

with 10+ years of experience turning complex issues

into efficient and effective solutions.

Strengths include developing and mentoring diverse

workforces, improving processes, analyzing

business needs and creating the solutions

required— with a focus on technology.

– Common symptoms.

– Common security tools.

– Remediation best practices.

PACE-IT.

– There can be just a few symptoms of a

compromised system.» Alternatively, there can be many symptoms. It really all

depends upon the breach and purposes of the malware.

– Pop-ups.» Uncontrolled pop-ups are a major annoyance.

– Browser redirection.» Even after resetting the home page.

– Security alerts.» Alerts can be from your antivirus or Windows OS.


– Slow performance.» The malware is consuming node resources.

– Internet connectivity issues.» The malware is interfering with the node’s connectivity.

– PC lock up.» The intention of the malware might not be to lock up the

PC, but, then again, it still might.

– Windows Update failure.» Especially problematic if the malware has exploited a

zero day vulnerability.

– Rogue antivirus.» What better way to monetize the process than to infect

the PC and get paid to fix it.


– Spam.» Can be excessive receiving or manifest itself as sending.

– Renamed system files. a» Makes it more difficult to repair or restore the system.

– Files disappearing.» Usually not the intention, but it has been known to

happen.

– File permission changes.» If they are not the permissions that have been

established.

– Hijacked email.» Hijacked email accounts are a great way to send spam.

– Access denied.» Makes it more difficult to repair or recover the system.


– Antivirus (spyware, malware) software.» Part of the first line of defense.

» Can all be rolled into one application, or can be separate

applications.

– Event Viewer.» Reviewing logs can help to determine if unusual activity is taking

place and help to determine what the cause is.

– System Restore.» Can roll a system back to a previous state (before infection).

– Recovery Console.» Access recovery and repair tools (like safe mode and the C:\>).

– Preinstallation Environment (PE).» PE is used during the installation process and in some recovery

processes.

» PE with antivirus is often called offline scanning and is effective.


Steps

1) Identify the symptoms.

2) Quarantine the infected system.» Remove the network cable or shut down wireless.

3) Disable System Restore.» Only make a backup of the infected system if you want to do research.

4) Remediate the infected system.» Update antivirus software and remove the infection.

5) Schedule scans and updates.

6) Enable System Restore and create a restore point.

7) Educate end users.


Troubleshoot security threats.

Pop-ups, browser redirection, security alerts, slow performance,

connectivity issues, lock ups, update failures, rogue antivirus, spam,

renamed system files, missing files or permissions changed, hijacked email,

and denied access all point to a malware infection.

Topic

Common symptoms.

Summary

Anti-malware applications are the first line of defense. The Recovery

Console, System Restore, PE, and Event Viewer can all help in either the

identification or recovery process.Common tools.

Follow the seven-step process: identify, quarantine, disable restore,

remediate the infection, reschedule scans and updates, enable restore and

create a restore point, and finish up by educating the end user.Remediation best practices.

THANK YOU!

This workforce solution was 100 percent funded by a $3 million grant awarded by the

U.S. Department of Labor's Employment and Training Administration. The solution was

created by the grantee and does not necessarily reflect the official position of the U.S.

Department of Labor. The Department of Labor makes no guarantees, warranties, or

assurances of any kind, express or implied, with respect to such information, including

any information on linked sites and including, but not limited to, accuracy of the

information or its completeness, timeliness, usefulness, adequacy, continued availability

or ownership. Funded by the Department of Labor, Employment and Training

Administration, Grant #TC-23745-12-60-A-53.

PACE-IT is an equal opportunity employer/program and auxiliary aids and services are

available upon request to individuals with disabilities. For those that are hearing

impaired, a video phone is available at the Services for Students with Disabilities (SSD)

office in Mountlake Terrace Hall 159. Check www.edcc.edu/ssd for office hours. Call

425.354.3113 on a video phone for more information about the PACE-IT program. For

any additional special accommodations needed, call the SSD office at 425.640.1814.

Edmonds Community College does not discriminate on the basis of race; color; religion;

national origin; sex; disability; sexual orientation; age; citizenship, marital, or veteran

status; or genetic information in its programs and activities.

Pace IT - Troubleshooting Security

Education

Transcript of Pace IT - Troubleshooting Security