runsafe by Mythri




JMU Security Briefing - August 2000


Today’s Situation – Universal Access…
 There are an estimated 600 million people with

Internet access…
 All 600 million of them can communicate with your

JMU connected computer.
 Any of the 600 million can rattle the door to your

computer to see if its locked.
 On the JMU network, someone tries several times a

8/10/2008 JMU Security Briefing - August 2000 2

Today’s Situation – Vulnerable Computers…
 A large number of computers are vulnerable to being

taken over remotely because of: – Unfixed software defects – Operating and configuration errors – Core architectural vulnerabilities
 Exploitation of vulnerable computers is increasingly

trivial, quick, and almost risk-free by relatively unsophisticated individuals. One person or one program can wreak havoc.
8/10/2008 JMU Security Briefing - August 2000 3

Today’s Situation – Opportunities for Abuse…
 Fraud, vandalism, and other crimes have historically

made use of communications and transportation systems as they’ve developed.
 Crimes increase with opportunities created by

accessibility and escape routes.


JMU Security Briefing - August 2000


Today’s Situation – Opportunities for Abuse…
 To break into a safe, the safe cracker needs to know something

about safes.
 To break into a computer, the computer cracker often only

needs to know where to download a program written by someone else who knows something about computers….
 …and they don’t need to go to the safe…they can break into a

target computer from anywhere in the world.
 Such programs are freely available all over the Net.


JMU Security Briefing - August 2000


Today’s Situation – Result
 The complexity, anonymity, speed, and global reach

of the Internet creates opportunities for abusers and nightmares for law enforcement.
 Mass computer break-ins, vandalism, and abuse are

a common occurrence.


JMU Security Briefing - August 2000


How Can the Situation Affect You?…
 A compromised computer provides access to all

accounts, keystrokes, and resident data. Account and keystroke information can be used to access other resources. – Operational Difficulties – Email and documents – Financial transactions – Identity Theft – Criminal Use of Computer


JMU Security Briefing - August 2000


What Are We Going to Do?


JMU Security Briefing - August 2000


Practical Aspects of Securing Our Computers…
 Security is the process of reducing risk. We can

never be risk free, hence we can never be 100% secure.
 We can secure something so well that it is unusable.
 “Security is a process, not a product.” Bruce Schneier
– We can’t buy security. We have to live it.


JMU Security Briefing - August 2000


Available Options…
 Education.
– “A computer lets you make more mistakes faster than any invention in human history - with the possible exceptions of handguns and tequila.“ - Mitch Ratliffe – A computer’s actions are controlled completely by software which any operator is free to download, configure, and run.

 Eliminate vulnerabilities.
– To a large extent, vulnerabilities go hand in hand with functionality, complexity, and the pace of change. – It would be politically and practically impossible to completely mandate and control everybody’s computer configuration. – We need a way to detect vulnerable computers and encourage people to fix them. – Most common computer break-ins are accomplished through preventable vulnerabilities.
8/10/2008 JMU Security Briefing - August 2000 10

…Available Options…
 Eliminate access.
– – – – If the bad guys can’t get to the computers, they can’t break in. Networks were created to communicate Freedom to communicate is paramount in an academic community. Nothing short of “no access” will provide 100% security.


JMU Security Briefing - August 2000


…Available Options
 Detect and react to events as they occur.
– In most day-to-day situations we don’t prevent crime – we deter it with reaction and response. – Effective detection and response of computer incidents requires automated tools. – Automated tools must be told what is “good” and what is “bad”. This is often not known, spelled out in policy, definable, or machine detectable. – Right now its like drinking from a fire hose. – Law enforcement is unable to handle the volume. Communications providers end up being pushed into acting as police and prosecutor in an uncertain legal climate.


JMU Security Briefing - August 2000


Why R.U.N.S.A.F.E. ?…
 We can’t protect ourselves from a threat very well if

we’re not aware of it.
 Nobody can do it for us. Our ability to communicate

with anyone around the world, our ability to load and configure our computers as we see fit, and our computers’ ability to perform any action based on the software we load means our security depends upon our behavior…
 …unless we’re willing to give up some of that

8/10/2008 JMU Security Briefing - August 2000 13

…Why R.U.N.S.A.F.E…. ?
 Our dependence on computers is increasing:

– Communications – Functionality – Service Access
 The way we operate our computers increasingly

affects our network neighbors.


JMU Security Briefing - August 2000


…Why R.U.N.S.A.F.E. …?
 A free society depends upon the cooperation and

behavior of its members. So does an open network. Uncooperative members can disrupt and ruin it for all of us.
 The Internet makes it easy for uncooperative

members to strike quickly and anonymously.
 How would our behavior change if our wallets,

homes, and mail boxes could be accessed from around the world like our computers can?
8/10/2008 JMU Security Briefing - August 2000 15

 REFUSE to Run Unknown Software  UPDATE Software Regularly

 NULLIFY Unneeded Risks  SAFEGUARD Your Identity and Password  ASSURE Proper System Care  FACE Insecurity  EVERYBODY Needs to Do Their Part
8/10/2008 JMU Security Briefing - August 2000 16

Basic Security Recommendations…
 There is no substitute for common sense.
– Giving out bank or credit card numbers over the Internet is no different than giving them out over the telephone. – Taking action based on the apparent sender of email is little different than taking action based on the return address of a typewritten postcard. – Running a program from an unknown source is little different than eating food found on the street. – Not maintaining our computers is little different than not maintaining broken windows and doors. Unfortunately, computers need much more maintenance than the spiffy ads on TV suggest.


JMU Security Briefing - August 2000


Basic Security Recommendations…
 An unprotected Windows computer will likely be

infected or hacked within minutes of connecting it to the Internet. Follow StartSafe guidelines for setting up a computer.
 Treat all email attachments with caution.  Executable or unfamiliar email attachments should be

treated like hazardous waste!  Treat file downloads with caution. Remember the food on the road analogy.
8/10/2008 JMU Security Briefing - August 2000 18

…Basic Security Recommendations…
 If you receive unwanted email don’t reply to it. Just delete it. If it

continues, save copies and notify your Internet Service Provider. If it is threatening, contact law enforcement.
 Don’t believe everything you see on the Internet. Email addresses are

easily falsified. Professional looking web pages can be put up by almost anyone these days.
 Be careful where you type your passwords or any other personal

information. Never do so on the basis of unsolicited e-mail.
 Choose strong passwords. Use different passwords for different

 Don’t ignore warnings from your computer.


JMU Security Briefing - August 2000


…Basic Security Recommendations…
 Keep track of software defect announcements from

your vendors.
 If you install add-on software, you’ll be responsible to

make sure that subsequent security updates are installed. Things like instant messaging, media players, P2P, and document viewers are as prone to security defects as other programs.
 Be extremely careful with using or providing network

file sharing
8/10/2008 JMU Security Briefing - August 2000 20

Server Recommendations…
 If you run a server, requirements for safe operation

increase at least tenfold.
 A Microsoft IIS web server, newly installed from a

CD, will likely become infected with an Internet worm within minutes of being connected to the network and compromised by opportunistic criminals within days.
 Many linux based servers are similarly vulnerable

straight from the installation CD.
8/10/2008 JMU Security Briefing - August 2000 21

…Server Recommendations.
 Read and understand the R.U.N.S.A.F.E. guidelines

pertaining to server operators and the best practices documents for the server software you’re running. If you are unable to follow the the recommendations because they are too technical or tedious, you probably shouldn’t be running a server without further training. If you bring up a server without proper care, your server, its data, and other networked computers are exposed to a high risk of compromise and/or abuse. Its your call…for now.


JMU Security Briefing - August 2000


To top