Recommendations of KZ-CERT for the removal and prevention of information security incidents

Kazakhstan Computer Emergency Response Team (KZ-CERT) conducts the work on requests submission, triggering the alerts and prevention and advising related to following types of incidents:

- Denial of Service (DoS, DDoS);

- Breaching/attack of Internet-resources;

- Malware implementation and distribution;

- Phishing within the Internet;

- Viruses;

- Botnets and etc.;

In order to acknowledge people about computer incidents below we are performing measures of their prevention and elimination.

Measures to prevent and eliminate web-sites breaching:

For network administrations and owners of Internet-resources:

- regular change the passwords of accounts that have access to control system (in particular, after the discharge of employees that had access to the web-site);

- prohibit the storage of passwords on a computer connected to the Internet;

- separate the permission rights of employees who work with the web-site (e.g. site content editor should have access only to the content, unlike other sections of web-site);

- update antivirus programs and firewalls etc;

- limit the physical access to server, switching equipment and computers of employees, who have the rights to manage the servers and web-site.

For users:

- keep the antivirus program updated by periodical check of computer for the presence of viruses;

- protect a database from information theft;

- regularly update the operating system, browser and other software from the reliable site;

- don`t receive files from unknown users;

- don`t open attachments sent from unknown resources;

- download files with caution;

- check the downloaded software before installation;

- ignore the links within spam, instant messages or chat.

Measures to prevent and eliminate the incidents related to malware implementation and distribution:

For network administrations and owners of Internet-resources:

- install an antivirus program, check all site’s files to presence of viruses, not forgetting to save the backup copy of the site;

- install and remove the cause of the site infection;

- keep antivirus programs periodically checking the site to presence of viruses;

- install firewall;

- keep the antivirus program updated by periodical check of computer for the presence of viruses;

- don`t receive files from unknown users;

- don`t open attachments sent from unknown resources;

- download files with caution;

- check the downloaded software before installation;

- ignore the links within spam, instant messages or chat;

- periodically change all passwords: ftp, ssh, mysql, passwords of web-site administration accounts (cms passwords) and use complicated hard to crack passwords.

For users:

- keep the antivirus program updated by periodical check of computer for the presence of viruses;

- protect a database from information theft;

- regularly update the operating system, browser and other software from the reliable site;

- don`t receive files from unknown users;

- don`t open attachments sent from unknown resources;

- download files with caution;

- check the downloaded software before installation;

- ignore the links within spam, instant messages or chat.

Measures to prevent and eliminate the incidents related to phishing:

For network administrations and owners of Internet-resources:

- remove phishing-link, block the page with phishing-link;

- recommendations are the same as in the case of breaching.

For users:

- keep the antivirus program updated by periodical check of computer for the presence of viruses;

- protect a database from information theft;

- regularly update the operating system, browser and other software from the reliable site;

- don`t receive files from unknown users;

- don`t open attachments sent from unknown resources;

- download files with caution;

- check the downloaded software before installation;

- ignore the links within spam, instant messages or chat.

Measures to prevent and eliminate the incidents related to botnets:

- install firewall;

- regularly update the operating system, browser and other software from the reliable site;

- don`t receive files from unknown users;

- don`t open attachments sent from unknown resources;

- download files with caution;

- check the downloaded software before installation;

- ignore the links within spam, instant messages or chat;

- ignore the messages where you asked to enter the login, password and number of bank card. Legitimate systems do not send such letters. In order to clarify the situation you should contact to support service where you get the offer;

- don`t open your passwords to unknown people;

- don`t transfer private information to anyone via phone, personally or via e-mail while you get the evidence that it is precisely those people who should have the access to it;

- check up the level of data confidentiality installed on the web-site before transmitting your personal information to it;

- use protected mode HTTPS within the browser while making a payment on the Internet-resources. You should also check the certificate of web-site with available HTTPS mode.

Measures to prevent and eliminate the incidents related to phishing DDoS attacks:

For network administrations and owners of Internet-resources:

- receive the logs of attacked system;

- analyze the logs. Determine the type of DoS or DDoS attack.

- apply the methods of narrowing the channel, closing certain ports, disabling certain protocols, adding special rules to ignore spam messages, etc.

- notify the owners of IP addresses involved in DoS or DDoS attack, or hosting providers about incidents related to botnets or spam.

- consult the owner of the attacked resource about measures to prevent and eliminate of this type of incidents (improvement of the general security policy of enterprise).

Security tips for smartphones

- Keep it locked. Make sure your phone’s screen lock is on – at all times – so there’s less at risk if your phone falls into the hands of a cybercriminal.

- Encrypt your sensitive information. If your phone includes data encryption features, make sure you use them. In the event of your phone being stolen, criminals will not be able to access the personal information that’s stored on your phone – if that information has already been encrypted.

- Monitor how apps behave on your phone. Be aware of permission access / requests from applications running on your phone.

- Protect your phone and your data. Make sure you use an antivirus program and ensure the antivirus databases are regularly updated.

- Be aware of the risks of jailbreaking / rooting. Although it might be tempting to root or jailbreak your phone – in order to access specific apps or services – this will strip away the security. To help keep your phone and your data secure… don’t root or jailbreak your phone.

- Switch off Bluetooth when you can. If you’re not using your Bluetooth connection, it’s a great idea to switch it off.

- Choose a smartphone security solution with anti-theft features. Some smartphone security products include a range of anti-theft features that give you remote access to your lost or stolen phone – so you can lock the phone, wipe data from it, and find its location.

Wireless Security tips to keep safe data on public Wi-Fi

- Be aware, that Public Wi-Fi is inherently insecure.

- Remember, that any device could be at risk.

- Treat all Wi-Fi links with suspicion. Don’t just assume that the Wi-Fi link is legitimate. It could be a bogus link that has been set up by a cybercriminal that’s trying to capture valuable, personal information from unsuspecting users. Question everything – and don’t connect to an unknown or unrecognized wireless access point.

- Try to verify it’s a legitimate wireless connection. Some bogus links – that have been set up by malicious users – will have a connection name that’s deliberately similar to the coffee shop, hotel, or venue that’s offering free Wi-Fi. If you can speak with an employee at the location that’s providing the public Wi-Fi connection, ask for information about their legitimate Wi-Fi access point – such as the connection’s name and IP address.

- Use a VPN (virtual private network). By using a VPN when you connect to a public Wi-Fi network, you’ll effectively be using a ‘private tunnel’ that encrypts all of your data that passes through the network. This can help to prevent cybercriminals – that are lurking on the network – from intercepting your data.

- Avoid using specific types of website. It’s a good idea to avoid logging into websites where there’s a chance that cybercriminals could capture your identity, passwords, or personal information – such as social networking sites, online banking services, or any websites that store your credit card information.

- Consider using your cell phone. If you need to access any websites that store or require the input of any sensitive information – including social networking, online shopping, and online banking sites – it may be worthwhile accessing them via your cell phone network, instead of the public Wi-Fi connection.

- Protect your device against cyberattacks. Make sure all of your devices are protected by a rigorous anti-malware and security solution – and ensure that it’s updated as regularly as possible.