Download - Information Security
Information Security Session
October 23, 2006
Bill EaheartNetwork Security Coordinator
DePaul University
04/08/23 Information Security 2
Information Security at DePaul Who we are
Information Services - Business Continuity and Security Group (BCS)
Web Site http://is.depaul.edu/security/information_security/
Email Addresses for BCS team Bill Eaheart - [email protected] Arlene Yetnikoff – [email protected]
Reporting security incidents [email protected] [email protected]
04/08/23 Information Security 3
Today
Provide practical information
General guidelines for secure computing
Question and Answer
Presentation available on this web page:http://is.depaul.edu/security/information_security/presentations.asp
04/08/23 Information Security 4
Truths about computers
Computers (all operating systems) is vulnerable to attacks
Connecting a computer to the Internet allows the Internet to connect to your computer
Good news – real time access to news, collaboration, information, videos, applications …
Bad news – vulnerable to attacks from viruses, worms and individuals
04/08/23 Information Security 5
Survival Time
http://isc.sans.org/survivalhistory.php
04/08/23 Information Security 6
Types of Attacks
1. Coordinated Your computer is specifically targeted
2. Opportunistic Software available to conduct:
Random scans looking for Windows open file and printer shares Searches for known vulnerabilities and unsecured services
Allows individuals to: Exploit vulnerabilities Crack passwords
3. Most attacks for home users are opportunistic Easy steps to avoid opportunistic attacks Coordinated attacks are difficult to stop
04/08/23 Information Security 7
Typical Day at DePaul
Timestamp -- 2006-10-x
Possible External Hosts: unauthorized scans
Count Src Addr Port
----------------------------------------------------
38600 81.115.44.75 5900
41160 81.244.148.101 135
38599 218.247.185.218 22
2393 59.112.85.220 139
2094 59.112.85.220 445
04/08/23 Information Security 8
What can we do?
1. Protecting your Computer Windows Update Virus and Spyware Protection Use a Host Based Firewall Account and Password Security Microsoft Baseline Security Analyzer
2. Using Public Computers
3. Social Engineering Email Downloads Peer to Peer Sharing
04/08/23 Information Security 9
Windows Update Microsoft provides security patches and updates
Check for updates at least once per month Security fixes released on the second Tuesday of each month
Manual Update Open Internet Explorer http://windowsupdate.microsoft.com
Windows Automatic Updates makes this easy Start Control Panel Automatic Updates
DePaul makes it even easier Software Update Services (SUS) server
04/08/23 Information Security 10
Virus and Spyware Protection Malware (MALicious softWARE) – designed to make life unhappy (virus, trojan horse) Install Anti-virus software Regularly update anti-virus signatures Available products
Commercial McAfee Antivirus - http://www.mcafee.com/us/ Norton Antivirus - http://www.symantec.com/
Commercial/Freeware Avast! - http://www.avast.com/ AVG – http://www.grisoft.com/us/us_index.php
DePaul makes it even easier McAfee Anti-virus and McAfee ePolicy Orchestrator (ePO) Student download - http://netauth.depaul.edu/virusscan/
Spyware Gathers information without your knowledge Available products
Ad-aware - http://www.lavasoftusa.com/ Spybot Search and Destroy - http://www.safer-networking.org/ Spycop - http://www.spycop.com/
04/08/23 Information Security 11
Host Based Firewall Best PC firewalls
Track incoming and outgoing traffic Allow you to set up rules
Windows XP Internet Connection Firewall (ICF) Inspects incoming traffic only Start Control Panel Network Connections Change Windows Firewall settings
Commercial Products Sygate Personal Firewall ZoneAlarm Tiny Personal Firewall Norton Personal Firewall BlackIce PC Protection
04/08/23 Information Security 12
Account and Password Security All accounts must have strong passwords
http://www.microsoft.com/athome/security/privacy/password.mspx
Weak or no password accounts are an open invitation to hackers
If possible do not run your computer as administrator
Disable any used accounts
Strong passwords Special characters (*!$+) mixed with letters and numbers Mixed upper- and lower-case letters and Punctuation characters Nonsense words that are easy to pronounce but aren't in any dictionary Eight or more characters
Use a password sentence or passphrase I need to visit the Kmart at 4:00 In2vtK@4: My #1 Password! Do not use either of these passwords
04/08/23 Information Security 13
Microsoft Security Analyzer Microsoft Baseline Security Analyzer
http://www.microsoft.com/technet/security/tools/mbsahome.mspx
Free, vulnerability assessment tool for the Microsoft platform
Download Software
Installation Wizard
Scan your computer
04/08/23 Information Security 14
Using Public computers Security
Public Computers Use caution when using public computers - cannot trust Do not save your logon information Do not leave the computer unattended Erase your tracks Watch for over-the-shoulder snoops Do not enter sensitive information* http://www.microsoft.com/athome/security/privacy/publiccomputer.mspx
Wireless Networks Wireless traffic can be captured Man in the middle attacks Should not transmit sensitive data* http://www.microsoft.com/athome/security/privacy/wirelessnetwork.mspx
04/08/23 Information Security 15
Social Engineering What is Social Engineering
Collection of techniques used to manipulate people into performing actions or divulging confidential information
Social Engineering Attacks By phone, office visits, email, web sites, instant messaging, irc …
Do not be a victim Be suspicious of unsolicited phone calls, visits or email messages Do not provide personal information or organizational information Do not reveal personal or financial information in an email and do not respond to email
solicitations Don’t send sensitive information over the Internet before checking a web sites security Pay attention to web sites – malicious sites look legit If you have any doubts contact the company directly
Web Sites http://www.snopes.com/ http://www.antiphishing.org/ http://hoaxbusters.ciac.org/
04/08/23 Information Security 16
References Home Computer Security and Privacy by Patrick Crispen