Desktop Computing Security _ NAU

Document Sample
Desktop Computing Security _ NAU Powered By Docstoc
					Desktop Computing
Security @ NAU
Ricky Roberts
      Director of Client Computing
Lanita Collette
      PC Support Team Lead
         Integrity              Confidentiality

    At the           Availability

Hear Ye, Hear Ye!!!

  “Attacks at Universities
   Raise New Security
 “Netsky Takes Gold,
   Silver and Bronze in
• “New Windows Worm on the Way?”
• “UCLA Says Laptop With Blood Donor Data
• RIAA complaint, student
worker using full time staff
• April Fools bomb threat
• Laptop without updates
contained back door
• NAU surplus systems found at
Property Control and Computer
•Statewide student selling
account for Internet access
Close to Home

   University-owned systems
    – No expectation of privacy
      (especially email)
    – Even Presidents are no exception!
   Sensitive Info
    – Laptops especially vulnerable
   So more secure with
    professional help than without
        Threat Capabilities:
  More Dangerous and Easier to Use

                                                   Packet Forging/
High                                       Stealth Diagnostics       Worms
                                 Back    Sweepers                    Sophistication
                                                        Sniffers     of Hacker
           Exploiting Known
       Self Replicating
                          Password                                   Technical

Low           1980                   1990                  2000

    Almost 10 percent of all email messages
     carry a malicious virus of some type.
    NAU‟s incoming mail screened on server
     – mail only, Hotmail, etc. bypasses
     – Updated every 15 minutes from McAfee
     – Substitute.txt
    Individual system software provides
More Antivirus

   Currently must be auto configured for
    – Version and signature files daily,
      randomized around 8:30 am
    – Scan Fridays, randomized around noon
   Central console in place
    – Soon will protect from Spyware also
   NAU‟s
   Inbox mail resides
    on server
    – Backed up
    – No snychro worries
    – Can create other
      folders or save on   Email
      individual system    server

   All mail downloaded
    on each access to
    your computer
   Backup individually
   Must synchro
   Complicated config
    for psuedo-IMAP
Email: Can’t live with it…
And more SPAM

   US email filtering firm Postini
    found 79% of all emails it
    processed in January of 2004
    were SPAM
   Prevention tips in handouts
   ISP‟s blocking spam relays
   AOL bars own members
NAU’s filter
    Email manager tool:

NAU Email Manager

    Running POP?

Check your spam folder at webmail:

    Going to Webmail
Evolving Threat

   “Canned Spam” act allows one so they do,
    then, form a new company, do it again!
   Only 1% of unsolicited email circulating on the
    Internet in May 2004 complied with Can-Spam
   First 2 criminal cases against spammers 4/04
   MS (8 filed in 6/04), Earthlink, AOL and U.S.
    Federal Trade Commission (2) have
    successfully sued but they reorg and start over
Some Room for Hope

   “Buffalo Spammer” sentenced to 3.5-7 years
    in prison plus civil judgement of $16M in May
   April FTC ruling means porn spam must
    contain: “SEXUALLY EXPLICIT”
   German teen author of Sasser and possibly
    Netsky captured after MS reward
   AOL employee accused of selling 92 mil
    screen names to spammer
    – Facing up to 5 yrs, $250,000 fines
Don’t be a SPAM Zombie!

   ISP‟s now secure, so. . .
   Now target high bandwidth, home
    users as unwitting spam proxy servers
    – comprise 80% of email spam
    – work with virus writers
   Prevention:
    – Current antivirus software
      and firewalls, updates
Bagel vs. Netsky

   215 countries, infected > 1 million PCs
   Estimated $85 billion lost productivity
   Bagel: 21 variants in 2 mo., now Bagel.AE
   Netsky: 18 variants, now Netsky.b@MM
   “Bagel. . .opens a backdoor and he makes a
    lot of money. Netsky not, Netsky is Skynet, a
    good software. Good guys behind it.”
   “Hey Netsky…don‟t ruine our business, wanna
    start a war?”
The new Black Market

   Previous: Viruses written by anti-social
   Current: financial gain, hackers-for-
    hire write viruses
   Deliver infected machines to
   Going rate: $600 per 10,000 machines
    per week

   Earthlink scan, 1st 3 months of 2004, 1
    million PCs

   Average of almost 28 spyware programs on
    each computer

   30 percent contained Trojan Horses or
    system monitoring programs
Nefarious Code
• Yahoo‟s testing toolbar antispyware svc (5/04)
• On Campus: McAfee, to be improved
• At Home: Adaware, Spybot, etc.
• U.S. House Subcommittee approves Securely
      Protect Yourself Against Cyber Trespass Act
      (SPY ACT) 6/2004
   •Fines to $3 mil
   •Can‟t collect personal info, divert browsers,
   deliver pop-ups without consent
   •Must notify user of install, get consent, and
   provide easy uninstall
Helpful Home Use Site

Identity Theft
   Affected up to 4.7% of Americans (1.78M)
   “Phishing”: collecting private info through
    various scams, ~ 3.2% of current emails
   Exploding: 76% of all known attacks in last 6
    mo., 92% within 12, $1.2B toll to US banks,
    credit card companies
   Desired success rate: 3%
   Typical: starts with email purporting to be
    from established company (eBay, bank, etc.)
   For more info:
   Dear Citibank member,
    As part of our continuing commitment to protect your account
    and to reduce the instance of fraud on our Web site, we are
    undertaking a period review of our member accounts.
    You are requested to visit our site, logon to your account and fill
    in the required information.
   Dear AOL member,
    We regret to inform you, but the credit card information for your
    account has expired.
    To enjoy your AOL experience and keep your account active, you
    must enter new *valid* credit card information within 24 hours
    of receiving this e-mail.
   Dear eBay user,
    During our regular update and verification of the accounts, we
    couldn‟t verify your current information. Either your information
    has changed or it is incomplete.
    As a result, your access to bid or buy on eBay has been
    restricted. To start using your eBay account fully, please update
    and verify your information by clicking below:
Automatic Windows
   “The Blaster Effect”
    – Windows update push at NAU
    – How it works
    – At home: Start->Windows Update->
                   accept critical updates

   More info:
Strong Passwords

   Weak passwords cracked in seconds
   Choose a combination of letters,
    numbers, caps/lowercase, and non-
    alpha-numeric (Special characters)
   Sharing is bad (sorry Mom)
File Sharing/Guest Access

   If you share data from
    your machine
    – Proper permissions
    – As needed only, no
      open Guest access
NAU Shares

   Easier to use than sharing files locally

   Secure, robust back-up routine

   1 GB per department person for free,
    low cost for more

   Far more cost-effective than additional
    staffing and equipment
Non-NAU Software

   Downloading software is risky

   Guidelines:
    – Do you really need it?
    – Are you sure it is from a trusted vendor?
    – Call us if you‟re not sure

   NAU owns license for Kerio
   Recommended for machines with critical data
    (Ferpa, HIPAA, GLB)
   Configuration is tricky – beware of false sense
    of security
Virtual Private Network
   NAU has VPN solution

   Creates a secure tunnel for

   More info:
House Keeping

   Lock/Log Off/Turn Off
    – Lock when you walk away
    – Log Off overnight
    – Turn Off for the weekend
   Back Up and Clean Up
    – Lost work
    – NAU data found on surplus property
Have a plan

   Have critical data?
    – What would your response be if lost or stolen?
    – Consider appointing an incident response manager
      and developing a plan.