Information Security


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Information Security

  1. 1. Information Security Session October 23, 2006 Bill Eaheart Network Security Coordinator DePaul University
  2. 2. Information Security at DePaul <ul><li>Who we are </li></ul><ul><ul><li>Information Services - Business Continuity and Security Group (BCS) </li></ul></ul><ul><li>Web Site </li></ul><ul><ul><li> </li></ul></ul><ul><li>Email Addresses for BCS team </li></ul><ul><ul><li>Bill Eaheart - </li></ul></ul><ul><ul><li>Arlene Yetnikoff – </li></ul></ul><ul><li>Reporting security incidents </li></ul><ul><ul><li>[email_address] </li></ul></ul><ul><ul><li>[email_address] </li></ul></ul>
  3. 3. Today <ul><li>Provide practical information </li></ul><ul><li>General guidelines for secure computing </li></ul><ul><li>Question and Answer </li></ul><ul><li>Presentation available on this web page: </li></ul><ul><li> </li></ul>
  4. 4. Truths about computers <ul><li>Computers (all operating systems) is vulnerable to attacks </li></ul><ul><li>Connecting a computer to the Internet allows the Internet to connect to your computer </li></ul><ul><li>Good news – real time access to news, collaboration, information, videos, applications … </li></ul><ul><li>Bad news – vulnerable to attacks from viruses, worms and individuals </li></ul>
  5. 5. Survival Time <ul><li> </li></ul>
  6. 6. Types of Attacks <ul><li>Coordinated </li></ul><ul><ul><li>Your computer is specifically targeted </li></ul></ul><ul><li>Opportunistic </li></ul><ul><ul><li>Software available to conduct: </li></ul></ul><ul><ul><ul><li>Random scans looking for Windows open file and printer shares </li></ul></ul></ul><ul><ul><ul><li>Searches for known vulnerabilities and unsecured services </li></ul></ul></ul><ul><ul><li>Allows individuals to: </li></ul></ul><ul><ul><ul><li>Exploit vulnerabilities </li></ul></ul></ul><ul><ul><ul><li>Crack passwords </li></ul></ul></ul><ul><li>Most attacks for home users are opportunistic </li></ul><ul><ul><ul><li>Easy steps to avoid opportunistic attacks </li></ul></ul></ul><ul><ul><ul><li>Coordinated attacks are difficult to stop </li></ul></ul></ul>
  7. 7. Typical Day at DePaul <ul><li>Timestamp -- 2006-10-x </li></ul><ul><li>Possible External Hosts: unauthorized scans </li></ul><ul><li>Count Src Addr Port </li></ul><ul><li>---------------------------------------------------- </li></ul><ul><li>38600 5900 </li></ul><ul><li>41160 135 </li></ul><ul><li>38599 22 </li></ul><ul><li>2393 139 </li></ul><ul><li>2094 445 </li></ul>
  8. 8. What can we do? <ul><li>Protecting your Computer </li></ul><ul><ul><ul><li>Windows Update </li></ul></ul></ul><ul><ul><ul><li>Virus and Spyware Protection </li></ul></ul></ul><ul><ul><ul><li>Use a Host Based Firewall </li></ul></ul></ul><ul><ul><ul><li>Account and Password Security </li></ul></ul></ul><ul><ul><ul><li>Microsoft Baseline Security Analyzer </li></ul></ul></ul><ul><li>Using Public Computers </li></ul><ul><li>Social Engineering </li></ul><ul><ul><ul><li>Email </li></ul></ul></ul><ul><ul><ul><li>Downloads </li></ul></ul></ul><ul><ul><ul><li>Peer to Peer Sharing </li></ul></ul></ul>
  9. 9. Windows Update <ul><li>Microsoft provides security patches and updates </li></ul><ul><li>Check for updates at least once per month </li></ul><ul><ul><li>Security fixes released on the second Tuesday of each month </li></ul></ul><ul><li>Manual Update </li></ul><ul><ul><li>Open Internet Explorer  </li></ul></ul><ul><li>Windows Automatic Updates makes this easy </li></ul><ul><ul><li>Start  Control Panel  Automatic Updates </li></ul></ul><ul><li>DePaul makes it even easier </li></ul><ul><ul><li>Software Update Services (SUS) server </li></ul></ul>
  10. 10. Virus and Spyware Protection <ul><li>Malware (MALicious softWARE) – designed to make life unhappy (virus, trojan horse) </li></ul><ul><li>Install Anti-virus software </li></ul><ul><li>Regularly update anti-virus signatures </li></ul><ul><li>Available products </li></ul><ul><ul><li>Commercial </li></ul></ul><ul><ul><ul><li>McAfee Antivirus - </li></ul></ul></ul><ul><ul><ul><li>Norton Antivirus - </li></ul></ul></ul><ul><ul><li>Commercial/Freeware </li></ul></ul><ul><ul><ul><li>Avast! - </li></ul></ul></ul><ul><ul><ul><li>AVG – </li></ul></ul></ul><ul><li>DePaul makes it even easier </li></ul><ul><ul><li>McAfee Anti-virus and McAfee ePolicy Orchestrator (ePO) </li></ul></ul><ul><ul><li>Student download - </li></ul></ul><ul><li>Spyware </li></ul><ul><ul><li>Gathers information without your knowledge </li></ul></ul><ul><ul><li>Available products </li></ul></ul><ul><ul><ul><li>Ad-aware - </li></ul></ul></ul><ul><ul><ul><li>Spybot Search and Destroy - </li></ul></ul></ul><ul><ul><ul><li>Spycop - </li></ul></ul></ul>
  11. 11. Host Based Firewall <ul><li>Best PC firewalls </li></ul><ul><ul><li>Track incoming and outgoing traffic </li></ul></ul><ul><ul><li>Allow you to set up rules </li></ul></ul><ul><li>Windows XP </li></ul><ul><ul><li>Internet Connection Firewall (ICF) </li></ul></ul><ul><ul><li>Inspects incoming traffic only </li></ul></ul><ul><ul><li>Start  Control Panel  Network Connections  Change Windows Firewall settings </li></ul></ul><ul><li>Commercial Products </li></ul><ul><ul><li>Sygate Personal Firewall </li></ul></ul><ul><ul><li>ZoneAlarm </li></ul></ul><ul><ul><li>Tiny Personal Firewall </li></ul></ul><ul><ul><li>Norton Personal Firewall </li></ul></ul><ul><ul><li>BlackIce PC Protection </li></ul></ul>
  12. 12. Account and Password Security <ul><li>All accounts must have strong passwords </li></ul><ul><ul><li> </li></ul></ul><ul><li>Weak or no password accounts are an open invitation to hackers </li></ul><ul><li>If possible do not run your computer as administrator </li></ul><ul><li>Disable any used accounts </li></ul><ul><li>Strong passwords </li></ul><ul><ul><li>Special characters (*!$+) mixed with letters and numbers </li></ul></ul><ul><ul><li>Mixed upper- and lower-case letters and Punctuation characters </li></ul></ul><ul><ul><li>Nonsense words that are easy to pronounce but aren't in any dictionary </li></ul></ul><ul><ul><li>Eight or more characters </li></ul></ul><ul><li>Use a password sentence or passphrase </li></ul><ul><ul><li>I need to visit the Kmart at 4:00  In2vtK@4: </li></ul></ul><ul><ul><li>My #1 Password! </li></ul></ul><ul><ul><li>Do not use either of these passwords  </li></ul></ul>
  13. 13. Microsoft Security Analyzer <ul><li>Microsoft Baseline Security Analyzer </li></ul><ul><ul><li> </li></ul></ul><ul><li>Free, vulnerability assessment tool for the Microsoft platform </li></ul><ul><li>Download Software </li></ul><ul><li>Installation Wizard </li></ul><ul><li>Scan your computer </li></ul>
  14. 14. Using Public computers Security <ul><li>Public Computers </li></ul><ul><ul><li>Use caution when using public computers - cannot trust </li></ul></ul><ul><ul><li>Do not save your logon information </li></ul></ul><ul><ul><li>Do not leave the computer unattended </li></ul></ul><ul><ul><li>Erase your tracks </li></ul></ul><ul><ul><li>Watch for over-the-shoulder snoops </li></ul></ul><ul><ul><li>Do not enter sensitive information </li></ul></ul><ul><ul><li>* </li></ul></ul><ul><li>Wireless Networks </li></ul><ul><ul><li>Wireless traffic can be captured </li></ul></ul><ul><ul><li>Man in the middle attacks </li></ul></ul><ul><ul><li>Should not transmit sensitive data </li></ul></ul><ul><ul><li>* </li></ul></ul>
  15. 15. Social Engineering <ul><li>What is Social Engineering </li></ul><ul><ul><li>Collection of techniques used to manipulate people into performing actions or divulging confidential information </li></ul></ul><ul><li>Social Engineering Attacks </li></ul><ul><ul><li>By phone, office visits, email, web sites, instant messaging, irc … </li></ul></ul><ul><li>Do not be a victim </li></ul><ul><ul><li>Be suspicious of unsolicited phone calls, visits or email messages </li></ul></ul><ul><ul><li>Do not provide personal information or organizational information </li></ul></ul><ul><ul><li>Do not reveal personal or financial information in an email and do not respond to email solicitations </li></ul></ul><ul><ul><li>Don’t send sensitive information over the Internet before checking a web sites security </li></ul></ul><ul><ul><li>Pay attention to web sites – malicious sites look legit </li></ul></ul><ul><ul><li>If you have any doubts contact the company directly </li></ul></ul><ul><li>Web Sites </li></ul><ul><ul><li>http:// / </li></ul></ul><ul><ul><li> </li></ul></ul><ul><ul><li> </li></ul></ul>
  16. 16. References <ul><li>Home Computer Security and Privacy by Patrick Crispen </li></ul>
  17. 17. The End! <ul><li>Thank you </li></ul><ul><li>Any questions </li></ul><ul><li>[email_address] </li></ul>