[IS&T Security-FYI] SFYI Newsletter, April 10, 2008
Monique Yeaton
myeaton at MIT.EDU
Fri Apr 10 12:57:09 EDT 2009
In this issue:
1. Rogue DHCP / DNS Changer Virus
2. Least Privileges is Safer
------------------------------------------------
1. Rogue DHCP / DNS Changer Virus
------------------------------------------------
A virus has been making its rounds on campus that changes the network
setup information on computers using DHCP over wired or wireless
connections to get to the MIT network. If infected, what will happen
is that a web browser will be redirected to web sites spoofing
legitimate ones, and into which identity and financial information is
unknowingly entered. False network information may also prevent
network access, create an IP address conflict, or generate other
network-related error messages.
MIT is now blocking DHCP requests at the border to the known DNS
servers used by this malware. This may cause some users to have
difficulty accessing the network who had been using these DNS servers
without being aware of it. However, it greatly enhances the security
for users on the MIT network as it prevents these DNS servers from
sending false information in response to DNS requests (man-in-the-
middle attacks). It will also help the Computing Help Desk staff to
more quickly identify any networks with infected hosts because
machines that pick up the bogus DHCP and DNS info will not appear to
work normally anymore.
If you notice any of the following symptoms:
• IP address conflicts
• Failure to connect to the network
• Unexpected network configuration values, especially DNS settings
values
• "Normal" behavior with short blips of lost connectivity
please contact the IS&T Computing Help Desk at computing-help at mit.edu
or 617.253.1101.
----------------------------------
2. Least Privileges is Safer
----------------------------------
There is a principle that applies to computer security, which states
that running a computer with least access privileges makes the
computer safer from viruses and other attacks. In fact, one study
showed that 9 out of 10 viruses could have been thwarted, had the user
not been logged on as an administrator.
Why is this? When you run a computer with administrator access rights,
the computer makes the operating system's core features (such as
downloading or removing software, or changing core system settings)
available for you to use. When logged into that same computer with a
guest or standard user account, many of those core system features are
not accessible.
How does this protect your computer? Much of the malware out in the
wild take advantage of the fact that many Windows users run their
computers with administrator privileges. Having the core systems
settings available to anyone with access to the computer at the time
it is running allows any downloaded malware at the time to modify
those settings. It makes it extra difficult to remove the malware as
well. By the way, Mac OS X users are less affected because once an
administrator has been set up on the computer, the operating system
requires the administrator password to be used for these same core
system tasks for any user of the computer.
While it may be a detriment to some users to have limited access to a
computer through a standard user account, we must remember that web-
browsing and downloading from the Web opens our computer up to
possible infection. Giving guests a limited account makes sense in
these cases. Also, if your work computer contains sensitive data, you
may want to run that computer using a standard user account. This will
protect the data from possible modification or disclosure, in the
event you did something you didn't mean to do, or somehow the computer
got infected. Windows also has a Run As feature and Vista has the new
UAC feature, both of which basically use the same principle of least
privilege.
Next week I will have more information available online for those
interested in this topic. If you are concerned that these settings
will make it more difficult to carry out your everyday work tasks,
it's best to verify what using this feature would change as far as
accessiblity. Discuss with your desktop support person or the
Computing Help Desk how best to set up least privileges on your
computer. This is also something you will only want to try yourself if
you have an advanced level of computer technology knowledge.
=========================
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://web.mit.edu/ist/security
---------------------------------------
Important: DO NOT GIVE OUT YOUR PASSWORDS!
Ignore emails asking you to provide yours. IS&T will *NEVER* ask you
for your password.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20090410/fa121e69/attachment.htm
More information about the ist-security-fyi
mailing list