Security

For computers

Analyzing the Threat

• Unauthorized access

• Data destruction, accidental or deliberate

• Administrative access

• System crash or hardware failure

• Virus or Spyware

• Environmental threats

Unauthorized Access• Occurs when a person accesses resources

without permission– Data– Applications– Hardware

• Opens up option to alter or delete (or enhance) information

• Can use intrusion to figure out passwords, accounts, etc.

• Need some sort of access control• Dumpster diving for information

Social Engineering• Process of using, or manipulating, people inside the

network• Humans using other humans to gain access to restricted

resources• Infiltration: Gain unauthorized physical access to office;

tailgating – following someone as though you belong• Telephone scams: “Hi, I forgot my password”• Phishing: trying to get usernames, passwords, etc.• Administrative access: Too easy to get Admin access to

computers and thus data.

Physical Theft

• Don’t hack into it – just take the server!

• Need to protect, with lock and key, valuable server resources

• Don’t forget the router and modem

Environmental Threats

• Power – lack of it, or too much

• Air conditioning, proper ventilation, air filtration

• Dirty air – dust forms a nice warm blanket around components

• If you can stand the temperature, so can the computer

• Be wary of toxic chemicals, treat with care

Access Control

• Lock the door to computer room

• Use ID badges

• Privacy filter – have to be in front of screen

• What is on the desk that should not be there? Documents, passwords, etc.

Getting secure• It’s Windows-L to lock a system• Authentication: How do I know who you are?

– Software: Passwords– Hardware: Smart cards or biometric device

• Knowledge factor – something you know• Ownership factor – something you own• Inherent factor – something part of user• Use NTFS not FAT32 – can convert FAT to

NTFS

Software Authentication

• Use passwords – strong passwords and not the same one everywhere

• Change CMOS settings; lock you out of CMOS

• Stealing a hard drive…

• Don’t tape password to bottom of mouse pad

• Smart cards and security tokens

Users and Groups

• Accounts should have minimum permissions to get the job done

• Use groups, not accounts for permissions

• Permissions are combined

• Everyone group has full access by default

• Permissions control access to resources

Policies• Policies are permissions for activities

• Local Security Policy on local system

• Group Policy on domain server

• Policies:– Prevent Registry Edits– Prevent Access to the Command prompt– Log on locally– Shut down system– Minimum Password length– Disable Windows Installer – Printer browsing

Data Classification

• Public, internal use only, confidential, top secret, etc.

• Sarbanes-Oxley impose limits on what people can do with information

• Affects how you recycle equipment, too

Auditing

• Auditing means to tell Windows to create an entry in the Security Log

• Event auditing – log on/off

• Object access auditing – access to file/folder– Local Security Policy in Administrative Tools– Select Local Policies then Audit Policy – Go to object and enable auditing

Incidence Reporting

• Leaving a paper trail of what you did

• Companies often have forms or use tracking software

• Job not done until paperwork is compete!

Evidence Handling• Ignore personal information in and around

computer• Anything said or seen is personal confidence• Identify action or content as prohibited – use

common sense, too• Report through proper channels – your

supervisor – don’t talk to person• Data preservation – unplug and move

system

Virus and Spyware

• Should always have protection for both – your third purchase (computer and OS)

• Floppies used to be a good way to spread viruses – USB drives now do it better

• Still the network is the best way to spread a virus

Grayware• Neither good nor bad by itself…• Peer-to-peer file sharing programs: Bittorrent• A new class of software with dangerous

potential• Pop-ups – surprise windows that appear

automatically• Spyware – run in the background, tracking

your activity• Most of the “search bars” in IE

Spyware

• Distributed computing applications• Fake-ware – Says one thing, does another

– The “free” antivirus scans that find virus and want money to remove them

• The FBI, you are running illegal software scam

• Don’t install what you don’t know• Most antivirus software now includes

spyware filters.

Spyware

• Greed (something for free – Kazaa) is the root cause of most spyware infections

• Don’t install something you don’t know about – ask others first

• Be careful how you close pop-up windows• Run Ad-aware regularly or Spybot Search

and Destroy• “Hostage-ware” comes with most new

computers

Spam

• Unwanted emails

• Huge percentage of Internet traffic

• Can use third-party filter

• Never unsubscribe to email

Malware• Virus: Attached to another program; runs

when that program is run (i.e. opening attachment to email message)

• Trojans: Should do one thing, does something else. Standalone program

• Worms: Replicate themselves and over-whelm system or network. Standalone.

• Adware: Tracks what you do on the Internet and reports to somewhere

• Rootkit – hides in very low level OS functions

Anti-Virus

• Scan for viruses once a week (daily?)• Monitor computer activity all the time• Compares files to signature file(s)• Polymorphs attempt to change code to escape

detection• Stealth: Boot sector viruses• Keep this current• Zero Day threats: Hole and virus on same day

Malware Symptoms

• Computer slows down, one-time crash, home page change in IE

• Keep antivirus up to date and always on

• Watch for security alerts that are from antivirus or Windows program

• Keep systems patched and up to date

Malware Prevention

• Keep anti-virus up to date

• TSR – terminate and stay resident – you will find these in Startup in msconfig; don’t turn these off

• Know the source of software before you load it

Recovery Tips

• Recognize – Identify that you have malware infection; turn off System Restore

• Search and destroy – Your anti-virus program should eliminate problem

• Remediate – fix what got broken; startup repair most often used

• Educate users to limit exposure

Firewalls - Hardware

• Protect from unauthorized access to computer

• Hardware – routers

• Software – XP Service Pack 2

• Stateful Packet Inspection – look at each packet as it comes in

• Port Forwarding – open a port and direct to a specific IP address

Firewalls - software

• Windows Firewall in Control Panel

• Create exceptions to firewall (i.e. allowed traffic)

• XP firewall only has one setting; 7 allows one for each network

Network Authentication

• Kerberos from MIT used by Windows and Mac for user name and password

• Microsoft uses IPSec(urity) for data encryption

• Application – Netscape’s Secure Sockets Layer (SSL); results in HTTPS

Wireless Issues

• Encryption – WEP, WPA or WPA2

• Disable DHCP

• Filter by MAC address

• Change default user name and password

• Update firmware as needed

Backup• Systems in your care should have regular

backups performed

• Essential data: My Documents, Outlook (Express) data and address book and Favorites (web bookmarks); Quickbooks data can be almost anywhere

• Backup System State on servers

• Keep a copy of backup offsite – usually under lock and key

Migrating and Retiring

• What do you do with old system or hard disk drive?

• Use Documents and Settings Transfer Wizard to get most data to new system in secure setting

• Remove data remnants from hard drives

• Recycle old equipment – don’t trash it

That old hard drive

• Once the data is moved, it’s not removed

• A run of FDISK and delete partitions is a good start (and often good enough)

• Window Washer or other scrubbing software can make data even harder to find. Often necessary on corporate systems

Recycle

• Keep as much out of the landfill as possible

• Recycle place on Del Norte, just above 5th Street

• Consider donation(s) if equipment is current enough

Network Share Permissions

• When you share a resource (folder), you can set Permissions to:

• Full Control: Can perform any and all functions on all files and folders

• Change: Can read and execute, change and delete files and folders

• Read: Can read and execute files and folders; cannot modify or delete

File Permissions

• Read: Can view the contents• Write: Can create new file or subfolder; to

change must also have Read; can append• Read and Execute: Both Read and run

applications and can traverse a folder• Modify: Read and Execute and delete• Full Control: Do anything and take

ownership• List Folder Contents: See what is there

Security Policies

• Permissions for activities (Run… command, install software, shutdown system)

• Group Policies set on groups, organization units (OU) and domain

• Requires server software

• Local Security policy can be set on a user, but might be over-ridden by GP of domain

Defense

• Up to date anti-virus software (Norton, AVG Free)

• Up to date anti-adware software (Ad-Aware or equal)

• Firewall, either in hardware (router) or software

• Check regularly for security patches and system updates

Email

• Good way to get malware

• Turn off Preview Pane – this can load virus

• Delete suspect email without opening it

• Consider a third-party spam blocker rather than Outlook Express filter

• 2-300 spam messages per day

Browser Problems

• Pop-ups: Be careful how you close/exit these to prevent more from showing up. Not so much of this anymore as browser takes care to remove it

• Spyware: Run in the background, send information to another computer

• Adware: Display ads on your system

Encryption

• Authentication to domain uses Kerberos• Server controls dial-up encryption• Remote Access Systems:

– Password Authentication Protocol (PAP) is old, kept around for Telnet; no encryption at all

– Challenge Handshake Authentication Protocol (CHAP) is most common; challenges remote system (usually password)

– MS-CHAP is Microsoft’s version; more advanced encryption protocol; can encrypt the whole session

Data Encryption

• Microsoft uses IPSec (IP Security) for long distance (public) networks

• Virtual Private Network (VPN) uses Internet for part of the cable– DES (56-bit encryption)– DES3 (168-bit encryption) – Encryption of the

encryption of the encryption of the message

Application Encryption

• Browsers and HTTPS (HTTP over SSL)

• Server sends public key to browser with digital certificate from trusted authority

• Browser has list of trusted authorities

• Clear SSL Cache in Internet Explorer– Internet Options | Content | Clear SSL Cache– Do this once every three years