Learning Center
Plans & pricing Sign in
Sign Out

Welcome to Session Title


									                                                                                              Edmodo code:


   Got a Network / Security Check List?
  I Do (You can too! Lots of Resources and Best Practices )
MS Information Assurance, CISSP, CWNA, CEH, MCSE, Security+, I-Net+, Network+, Server+, CNA, A+

 For legal advice contact legal
 counsel on your campus or
 your General Counsel’s Office.
 The information presented
 here is accurate to the best of
 my knowledge!
Cloud Vendor Security

  • On-premises Security Systems /Controls?
     – Outside Testing of Security systems
     – Backup verification / test in production
  • Authentication and Authorization
     –   Password strength (Length matters more than complexity)
     –   IP range blacklists/whitelists (IP Spoofing)
     –   Login hours /Timeouts
     –   Account Lockouts
     –   Access Control
           • By Vendor
           • By you
  • Encrypt ALL Communications between remote and corporate

Cloud Vendor Security 2
   • Encryption Internal/External
       –   HTTPS
       –   SSL/TLS for ODBC
       –   SSN and Passwords PII stored in a hashed format

   • Data Leak/Loss Prevention (DLP) @ your site
   • Information Leak/Loss Prevention (ILP)– @ Cloud vendors site
   • Both (DLP/ILP) Should be a part of your SLA with specific controls in place

   • Audit trails who did what when
   • Denial-of-service (DOS) protection
   • Never send unencrypted PII or confidential information by e-
   • Render PII Information unreadable whenever stored
Cloud Vendor Password

 • Should block known bad
 • Top ten bad passwords and
   abc123 & 123456 is in the top

 • Passwords should be at least
   10 Characters long

Best Practices with SSN’s

  • Assign Another Primary Identifier
  • Comply with State Regulations
      – (More Info & edmodo)
  • Inform Students
  • Remove Social Security Numbers
  • Updating the Computer System
  • Hash / Encrypt SSNs
  • Make sure all transmission of SSN’s is Secure (Use SSL or
    other form of encryption)
  • Some states classify academic records as Private and the PII
    laws protect that information

10 Common Security Flaws

 1.  Set it and forget it
 2.  Opening more firewall ports than necessary
 3.  Pulling double duty
 4.  Ignoring networks workstations
 5.  Failing to use SSL encryption where it counts
 6.  Using self-signed certificates
 7.  Excessive security logging
 8.  Randomly grouping virtual servers (Don’t put FW and
     Production on same physical hosts)
 9. Placing member servers in the DMZ
 10. Depending on users to install updates
Where we are Today
Network Security Shift

     • SaaS: Security as-a Service instead
       of appliances or Layer 7 Filtering
     • The changing face of NAC’s, URL
       filtering, gateway appliances,
Daily Security Checklist

  • Verify the current connections
  • Look at network traffic statistics
  • Look at your antivirus logs
  • Read the security logs on your domain
  • Check for new security patches
  • Meet and brief
  • Check more logs – Backup FW(outgoing)
      – I would set them to automatically go to your
        phone (Think Spiceworks free Helpdesk
  • Turn knowledge into action
Security Breach Now What

 • Carefully plan a layered defense (Before)
 • Consider hiring a computer forensic specialists
 • Assess the damages done and remove services
 • Alert your legal department (what legal requirements)
 • Document what you do
 • Begin locking down your system
 • Get bank involved if Credit Card info compromised
 • Contact any families, employers, and suppliers affected by
   the breach
 • Have a set of recovery plans in case a breach occurs again

             Keeping Data Thieves Out: Best practices in Data Security &
Staff Security Forms

 • 10 Things You Should Know about FERPA
 • Confidentiality: What Is Our Responsibility Power
     – GCA Privacy Training for Staff and Student workers quiz
 •   Confidentiality Pledge for Contractors
 •   Cyber Bullying Policy
 •   Fax Cover Sheet for Medical info
 •   Colorado Department of Education FERPA Checklist
 •   Cloud Security Guidance by IBM
 •   VCloud Security for VMware
Internal Audit Checklists

  • Internal Audit Review update ( A high level overview designed
    to help administration understand what should be done)
  • Self Audit General Controls Rev Jan 2011 (The backup for
    documentation for the Internal Audit Review)
  • MS Security Compliance Management Toolkit
  • HRP-330 - WORKSHEET - FERPA Compliance
  • HRP-331 - WORKSHEET - HIPAA Authorization
  • Auditor’s Data Systems Checklist
Computer Help Desk Lists

 •   10 Things HP (Best Printer Trouble shooting Checklist)
 •   Computer Account Access Form (Tech Republic)
 •   Server Deployment Migration Checklist (Tech
 •   Tune-Up Checklist (Tech Republic)
 •   Malware Removal Checklist (Tech Republic)
 •   NATO Codes
 •   Laptop Checkout Form
 •   Imaging Check Sheet
Server Maint. Daily

    Daily Checklist
    • Check the following things each day:
    • Server health status of all the servers
    • Backup results - normal
    • E-mail queue and throughput -
    • Virus scan results
    • Time synchronization on the servers (Very Important on
Server Maint. Weekly

   Weekly maintenance checklist we include the following
      – check event logs;
      – check server performance;
      – check security logs for possible attacks;
      – check antivirus alerts;
      – install software updates;
      – install system/kernel updates (reboot scheduled with
      – Backup up “Important” data over SSL encrypted session
        stored on a remote location server
      – Security issues - for example, use the weekly reports from
Server Maint. Monthly

   • Monthly maintenance checklist we include the following
      –   check hdd fragmentation and health;
      –   check RAID health;
      –   verify RPM database integrity;
      –   perform full security audit
      –   Full Backup of ALL VM’s and take them offsite
      –   Delete all old VM Snapshots
Switches/Routers Weekly

   • Weekly maintenance checklist we include the following
   • check event logs;
   • check device performance;
   • check security logs for possible attacks;
   • check links throughput;
   • interface errors (collisions, input errors, etc.);
   • install security updates;
   • install system/kernel updates (reboot scheduled with the
Switches/Routers Monthly

   • Monthly maintenance checklist we include the
     following routines:
      – perform configuration backup;
      – perform configuration consistency audit;
      – perform full security audit.
Network Checklists

 • Checklist Deploying a Windows Server 2008
   Forest Root Domain
 • Employee Separation Checklist (Tech Republic)
 • Network Documentation Checklist a good
   baseline or starting point (Tech Republic)
 • Maintenance Checklist ( A more comprehensive
 • Secure Mac OS X and beyond Server and workstation
 • Apple iOS hardening Checklist
Network Checklists II

 • Network Maint Checklist ( a brief checklist by a
   typical vendor)
 • New User Form Checklist (Tech Republic ?)
 • Windows Security Survival Guide 2008 (Tons of
   links and resources from Microsoft)
 • Server Change Control Form
 • Cloud Security Guidance by IBM
Know Your System

   • What is the hardware?
   • What software is installed?
       – What versions?
       –   What is the licensing?
   • What services are running and why? * Each service
     takes up system resources.
       – What services are exposed to the Internet and why?
   •   Document systems, as well as any maintenance tasks.
   •   What antivirus is installed, is it up to date
   •   Perform updates of software
   •   Apply patches to servers
   •   Check system resources (CPU, Memory)
Know Your System II

  •   What firewalls?
      – What version of firmware?
      –   How are they configured?
      –   What are they allowing into the network and why?
  • What switches?
  • What Printers
      – What Firmware
      – Web interface disabled
  • SNMP? V3
  • Kill all Telnet options (Phones can sniff and connect to Telnet)
  •   Understand and Document Physical to Virtual – Understand both
Trouble Shooting VPNs

 •   Find out who is affected
 •   Determine whether users can establish a VPN connection
 •   Look for policies that may be preventing connectivity
 •   Don’t rule out the client
 •   Check to see if the user can log in locally
 •   Check to see if the users are behind NAT firewalls
 •   Check for Network Access Protection
 •   Try accessing various resources on the network
 •   Try accessing resources by IP name rather than server name
 •   Is the connection not working, or just painfully slow?
Fix These Security Leaks
 •   Unauthorized smart phones on your WIFI network
 •   Open ports on a network printers
 •   Custom web applications with bad code
 •   Social network spoofing
 •   Employees downloading illegal movies and music
 •   SMS spoofs and malware infections
 •   Disable Telnet SNMP v1

Top Web Hacks of 2010

 • The ASP. Net cookie has been changed, leaving a
 • Evercookie - can enable a Java script to hide 8 different
   cookies in your browser
 • Hacking Auto complete - A script that forces auto complete to
   hand over personal information stored on your computer
 • Attacking HTTPS with Cache Injection
 • Bypassing CSRF protections with Click Jacking and HTTP
   Parameter Pollution
 • Universal XSS in IE8

Web Hacks cont.

 • JavaSnoop - A Java agent that communicates with the Java
   Snoop tool to test applications for security weaknesses
 • CSS History Hack in Firefox without JavaScript for Intranet
   Port Scanning
 • Java Applet DNS Rebinding

Help Desk Systems

1.    Know your budget
2.    Prioritize the features you need
3.    Check email compatibility
4.    Think Database
5.    Don’t forget security
6.    Personalize your email templates
7.    Consider the need for a Web interface
8.    Evaluate ticket management features
9.    Be sure you’re branded
10.   Make it easy
11.   Spiceworks (FREE) Network Inventory, Help Desk, Mapping,
          Reporting, Monitoring and Troubleshooting and more
Top 12 VMware Tweaks

     • Use Veeam FastSCP
     • Use Unsupported console for SSH/SCP access
     • Use VMware Tools
     • Defrag Your Virtual Disks
     • Disable Windows Visual Effects
     • Run VMware in Full Screen Mode (Ctrl-Alt-Enter)
     • Disable the CDROM in VMware
     • Separate Out Virtual Swap Files Onto Separate
       Virtual Disks
     • Split Virtual Disks Among Multiple Hard Disks (Count
         Spindles) Unless SSD Delete up old snapshots
     • Upgrade Your Hard Disk
     • Upgrade Your CPU
     • Upgrade Your RAM
Debunk Internet Hoaxes

   1.    Snopes --
   2.    About Urban Legends --
   3.    Break The Chain --
   4.    Truth Or Fiction --
   5.    Sophos --
   6.    Hoax-Slayer --
   7.    Vmyths --
   8.    Symantec --
   9.    Hoax Busters --
   10.   Virus Busters --
Using remote access to hack

 • BackTrack4 -
    – Owning Vista with Backtrack http://www.offensive-
    – How to put BT4 on a USB
 • Mobile devices
    – Iphone I-Touch
    – Droid PS2 others
 • Metasploit
Troubleshooting Slow PC’s

    1.    Processor overheating
    2.    Bad RAM
    3.    Hard disk issues
    4.    Disk type and interface
    5.    BIOS settings
    6.    Windows services
    7.    Runaway processes
    8.    Disk fragmentation
    9.    Background applications
    10.   File system issues and display options
Avoid Viruses & Spyware

 1.    Train Your Users STAFF & Students
 2.    Install quality antivirus (not always $$)
 3.    Install real-time anti-spyware protection
 4.    Keep anti-malware applications current
 5.    Perform daily scans
 6.    Disable auto run
 7.    Disable image previews in Outlook
 8.    Don’t click on email links or attachments
 9.    Surf smart
 10.   Use a hardware-based Firewall and Software on local system
 11.   Deploy DNS protection
Windows 7 Shortcuts

  1.   WinKey + Home
       •   Minimizes all but the current   6.   WinKey + Alt + 1 to 0
           window                               •   Accesses the Jump List of
  2.   WinKey + Space                               programs on the taskbar that
                                                    correspond to the number
       •   Preview Desktop (makes all
           open windows transparent)       7.   WinKey + T
  3.   WinKey + Up or Down Arrow                •   Cycles through the items on
                                                    the Taskbar
       •   Maximizes or
           minimizes/restores the          8.   WinKey + 1 to 0
           current window                       •   Launches or accesses a
  4.   WinKey + Left or Right Arrow                 program on the Taskbar
       •   Tiles the window on the left    9.   WinKey + Shift + 1 to 0
           or right of the screen               •   Launches new instance of a
                                                    program on the taskbar
  5.   WinKey + P
                                           10. WinKey + Ctrl + 1 to 0
       •   Chooses a Network Projector
                                                •   Accesses the last active instance
           presentation display mode                of a program pinned on the
Help PC’s Run Better

 • Auto runs shows every program that runs at system boot
 • Ccleaner - registry cleaner (use portable version)
 • Recuva (save your behind or someone else's)
 • PC Decrapifier   (Lists all third party software makes a restore point)
 • WinPatrol   (Large database of apps lists)
Useful utilities

  • Auslogics Registry Cleaner -

  • PuTTY: Telnet and SSH for Windows and
  • FileZilla: Open source FTP client and server.
  • VMware: Virtualization technology products.
      – Veamm Fast SCP

  •   Paint.NET: Image and photo editing software.
  •   ColorPic: "Superb" pop-up color picker control
  •   FireBug: Web debugging
  •   KeePass: Password manager
Easy Website Testing

  • Netsparker delivers detection, confirmation and
    exploitation of vulnerabilities
  • Exploitation of SQL Injection Vulnerabilities
  • Getting a reverse shell from SQL Injection vulnerabilities
  • Exploitation of LFI (Local File Inclusion) Vulnerabilities
  • Downloading the source code of all the crawled pages via
    LFI (Local File Inclusion)
  • Downloading known OS files via LFI (Local File Inclusion)
Live CDs and VMs

• Backtrack (Security OS of Choice)

• Samurai WTF (web pen-testing )

• DEFT Linux (Computer Forensics)
Staying up to date on trends
and exploits

    • Milw0rm
    • SANS Internet Storm Center
    • PacketStorm
    • BugTraq
    • RootSecure
Security Checklists,
Certifications and Requirements

  • National Security Checklists
  • Sarbanes Oxley (SOX) compliance (see 103, 302, 404)
  • PCI Security Standards Council
  • Common Criteria for Information Technology Security Evaluation
  • Common Methodology for Information Technology Security
  • Cardholder Information Security Program
Operating System Hardening

    •   Red Hat Linux Security Guide
    •   Debian Linux Security
    •   Securing SuSe Linux
    •   Gentoo Linux security handbook
    •   SANS Linux Security Checklist
    •   Windows Server 2003 Security Guide
Known vulnerabilities ongoing

Password Security

   • Don’t tell anyone your password.
   • Don’t write your password down
   • Make sure your password cannot be
     easily guessed.
   • If you think there is even a slight chance
     someone knows your password, change
   • Don’t let someone see what you are
     entering as your password.
Passwords: Length Matters

•    The secret: If you password is long enough, it doesn’t need to be
     complex. Long passwords defeat common password crackers

•    How long should your passwords be?
      – Passwords should be a minimum of 10- 15 characters to be considered

•    A password of 15 characters or longer is considered secure for most
     general-purpose business applications. i.e. a “pass phrase”

• Disable the storage of weak cached LM password hashes in
  Windows, they are simple to break

    Fun example: Denver1broncosrulethenhl
Don’t Use a Weak One:

  • With fewer than eight characters.
  • That could be found in a dictionary.
  • That uses public information about you or
    your family or friends (Soc Sec #; birth
    date; credit card number; telephone
    number, etc.).
  • That you have used before.
  • That is a variation of your user ID.
  • That is something significant about you.
Use a Strong Password:

 • That is at least 12 characters long.
 • That contains uppercase and lowercase letters.
 • That contains at least one number or special
 • That is not a dictionary word in any language,
   slang, or jargon.
 • That cannot be easily guessed and is easy to
 Remember to change your password every 180 days.
Weak Passwords (examples):

 •   abc123 dog diego querty hart heat heart mary
 •   1dennis2 hartelephone lintelco hartwell
 •   eednyw ydnew kayak palindrome
 •   september superman mickeymouse r2d2
 •   aaaabbbccd 12345678 a1b2c3d4 zxcvbnm
 •   bonvoyage mercibeaucoup volkswagen
 •   mircrosoft colorprinter

Mnemonics Made Easy

  • Take a phrase that is easy for you to remember
    and convert it into characters.
  • It could be the first line of a poem or a song
  • “Water, water everywhere and not a drop to
    drink” (Rhyme of the Ancient Mariner) converts
    to Wwe&nadtdGL
  • “We Three Kings from Orient Are “date "Birth
    Year” converts to w3KfOr3691BY.
      (3691 is the year 1963 spelled backward to
         extend beyond six characters.)
   Step 1: Go to
Step 2: Select session number, session title, and

To top