Security Awareness and Incident Response at Emory University

3,525 views

Published on

Security Awareness and Incident Response at Emory University

Published in: Technology, Education

Security Awareness and Incident Response at Emory University

  1. 1. Information Technology at Emory Security / lwtrcarenress and lncictent Response in ca University Environment Jay D. Flanagan Security Team Lead Client Technology Services
  2. 2. Information Technology at Emory Who is Emory University? - Emory University is recognized internationally as an inquiry-driven. ethically engaged, and diverse community whose members work collaboratively or positive transformation in the world through courageous leadership in teaching. research. scholarship. health care, and social action. The University consists of an oulsiandincg liberal arts college, hi hly ranked professional schools, and one of the largest on more comprehensive ealthcare systems in the Southeast. Emory is enriched by the legacy and energy of Atlanta. whose downtown is located l5 minutes away. There are 12134 students enrolled at Emory, about half pursuing under raduate degrees in the liberal arts. nursin . or business and the rest enrolled in gro uate and professional programs. A palpa le sense of community and social connection exists on cam us; and because of Emory‘s size. students are nurtured in a way not possible a larger institutions. - Emory has a long tradition of emphasizing fine teaching. It is the most ethnicall and religiously diverse university of the top 20 national research universities an is the only one that remains religiously chartered. Emory was founded by the Methodist Church in 1836 at xford. Georgia. where Oxford College of Emory still operates. Academic and Administrative Information Technology Client Technology Services
  3. 3. Information Technology at Emory The Emory Environment I’ A very distributed environment — Multiple schools and departments that manage their own IT — Extensive research ongoing in many schools and departments — Multiple email servers (Over 40) - Multiple web and application servers Academic and Administrative information Technology Ciienf Technology Services
  4. 4. information Technology at Emory Wiiy is Security . 'i*. wcarel'iess li"i‘ip0i"l'Cii‘i'l‘? It Understand the threats in Know what to do in the event an incident occurs I" How to protect yourself It Perimeter protection is good, bui. ... in Desktop security tools are the final layer of protection against threats Academic and Administrative Information Technology Client Technology Services
  5. 5. Information Technology at Emory What has Emory Done? It Brochures 1* Newspaper Articles / Ads I‘ Email is Web Page * Conference ~ Posters I Presentations Academic and Administrative information Technology Client Technology Services
  6. 6. Information Technology at Emory Security Brochures in Strategically placed across campus In Part of new student packets - Student orientation sessions In HR orientation It Conferences in Presentations Academic and Administrative information Technology Client Technology Services
  7. 7. Information Technology at Emory Tl l "'1 ,5‘: ‘I? ’- u. :~. :': .. ; -:i: r.'i-. ‘»-9:" at "5 I ' Iv-4' 4 ii’: ‘__‘ ts - ' ‘rt — r : :30“, . . ",. I’: .-‘*1 I . >II-1;i. i<«. <er-. ‘L: I'w. _s. sr«»i. I.4i: lu, isg~I2.s . - ‘T 5'. ‘- t l «mu. ifieaéiiiaiiiufisszst I ; _9 L I cl , 3 1: 4., _I -~. : I f-» 4-’ lt~lFC"l. ‘.i. »‘«‘l'lClNl SECURITY AT EMCF-LY Academic and Administrative information Technology Client Technology Services
  8. 8. Information Technology at Emory Newspaper Articles / Ads in AAIT Services Newspaper for staff and students in Security articles in Emory Report (Staff / Faculty Newspaper) in Emory Wheel (Student Newspaper) Ads - Virus Protection - Vulnerabilities «r Emory Wheel Articles — Peer-to-Peer file sharing — Network Registration on Resnet Academic and Administrative Information Technology Client Technology Services
  9. 9. Information Technology at Emory '| iI, (f(i. lI: 'l'() . ’| ’()i{. i. 'l'i(). ' | {( §H. l )l . ( )( ii’ l'lSli )' Academic and Administrative Information Technology Client Technology Services
  10. 10. Information Technology at Emory as in ii‘ ‘ ‘, -§‘: - U R51 IT‘ Academic and Administrative information Technology Client Technology Services
  11. 11. Information Technology at Emory The next LAWSUIT may be against YOU! College students engaging in illegal file sharing have been fined ousands of dollars. This_ls but one of many risks associated with illegal file sharing. Additionally, Spyware is Installed alongside "nee" file sharing sotlware such as KaZaA. Examples of Spyware: SaveNow, HotBar, New. NET, B30 Pnojeaor, Deltln Media Viewer, the list ooes on. .. Spyware sends personal lnfornmation about you wtthout your perrnlsslon. Each year, savvranc is responsible for rnorc than 75°/ o of all student computing problems on campus. So Is the "free" illegal music realty risk free? No. One way or another. Y°N pay by losing your privacy or losing you" cash. Find out how to no yourself of Spywanc at: secu rEi: y.ii: .en10»r-y. eoi nu Academic and Administrative Information Technology Client Technology Services
  12. 12. Information Technology at Emory Attention Returning Students Ibeferacl yourself against viruses: read the follcpvvlrog raovv! Message One of Three Prevent possible DAMAGE to your computer Know where to GET the Spring EOL Disk Protect your computer against VIRUSES Know who to call for COMPUTER SUPPORT unplug your Vvlnclnvvn can-up-. -to-r tram can n-rwuru; VI-It nun can-npuu-renal»-oznua or nu. Curvuputlng Cantor at Cox nun; emu up . - copy or than sprung 2o 4 emur onunu co; Inn: -rl -1 Inlu yuur Lurv1pul—r and -n-.1.-u Vuviunlue AnlIVIrua-. Go online to vvindowsupdniq-. ni( ror-o'l. (urn; Click the ‘Scan for Updates‘ link, - Follow (ho Q-any update inntruclions In s-«curt» your vq-rnion of Nirdow§. St-Dy onlinqt and vi-nil www. rni( rovgulla urn/ -inn urily/ protq-< I/ ; Choose your NIndows version and print all the steps for securing. R-nu: [hot inqnunauns, [>¢Irf¢)rrn that . -.--. y rnloplu, and um an . .r. -. Nuw vi-nil -uuuzuriIy. il. nnInry. I-(In . -nu it. o-rrIovy. I-du/ Iniutioorlln-. ¢ rm; Read Infornlatlan pertaining to your network safety and sccurlty; Defend your personal network space with your newfound knowledge. If you need help Implementing your new dofonaoo and you llvc onecarnpus, please don't hesitate to 1 . call Cllont Services for technical support at: Academic and Administrative Information Technology Client Technology Services
  13. 13. Information Technology at Emory 5 Steps to Virus-Free Computing‘ I-<r1¢>II I'1eAr te eeferncl )r<>n_nrseIf lvlessage One l= -En I I , I2C)C4I- Protect your con1puter against VIRIJSES I(r| <)vv vvhere to (SET the Fall ESL [Disk Prevent IDAIVIAGE to your corngounter Knovv vvho to call for C()lV| PlJTER SUPPORT READ TDJESE FIVE POINTS BEFORE CONNECTING. TO ‘l’| IE RESIDENTIAL NEYWORKII Inslnll I050 soflvvnve Incluflod in the EOL Fall 2005 CD you received at chock In; x. .p window. xv p. ¢¢h. d, r. r.t~. n-.4, and updated uung xv‘. built In . ..uIus¢-. ~ Scan your cocnputov For virunon Croquontly using syrnnntoc Antivnrun includod in (GL1 SHARING NIIJSIC ILLEGALLV “IILL RESULT IN LAMISIJITS AND CONDUCT VIOLATIONSIT man -: tiv-iy proboa I'. rn4:ry'I Residential Manna-ct (Iicsfllot) tar p. ..—to—p. .c nharcli ‘those gharos are (on-nu-tonly hosted by students uung Koz: -A and o(hQr “lve¢" software; 1'». man Issues suopocrus without warning to stuoonts sharing music mogauy. IF VCDIJ YMINK Y()lJ IDDOPT NECK) RIlNI')C)%S HP AN! ) ()5 X VRSSWICHKDS. TDCINK AGAIN‘ For windows xv. enable a strong (6 to s chavoctel. alphanunlevlcl passwocd for all users. In os x. ovuablc a. strong (o to u <hava<lov. alphanunsoricl tool pauwous, Nithoul nun-tg p-. ..~-ra-. nrvyono 6.! ‘ log on to ya. " corriputcr caning tn- nutwaut. ENABLE YOUR BJILT*Il‘J FIREWALL IN VVINDOVVS XI’ AND 05 X. vn-Ivzxlt r-F‘4lIIH-Ii». -ranIVWILNI lHlll‘JIlI'l'vl'->(IriIlPI: |Vl~Y‘1II-.1 L'«r4tHlfJI| IlJlIV"' Tor Knutrutiionu-nd info. visit 2- . .. . ll", it and -- . i V. , . Additional Inforrnatlon Vvorn Nlltrosolt Is at . ~1.. ..I. .., _ . ,.t‘--I v i . it . .r . ... s~. ~.. . ‘Ir‘: fu-’l<»rxr-. «'O| I nzltnelvluzu: In-2-II koI. ; say no to It. nznA: kn. -bl- nrewou; update Ant| VIruI; Enable pnlsvvordsl If you need help with those doienscs wliothov on or of! ‘output, call Clionl s--wit. .. lot technical suppotl. an Academic and Administrative Information Technology Client Technology Services
  14. 14. Information Technology oi Emory Email in New students — Welcoming email discussing security considerations Alert lists — New vulnerabilities and viruses sent out to the Emory community l‘ Learnlink Conference — Students have the opportunity to send in security questions Academic and Administrative Information Technology Client Technology Services
  15. 15. Information Technology at Emory Welcome Erncsil to i~'ew S't'uclen'ts - Welcome to Emoryl - Practicing sate computing is the responsibility of everyone who uses Emory‘s shared resources. like email and Internet conneclivit . This means making sure the basics are covered. like securing at Emory accounts with s rang passwords. keepin antivirus software and system patches up to date. immediately dele ing unsolicited emai attachments without opening them and backingup important data frequently. - Belore you start classes, it‘s essential that you know about Emory‘s computing security guidelines, policies, standards and recommended practices. You'll find this information at: t‘ll: ;i. .»'l‘i' >‘: i‘tI; i-I‘i". t:‘i_3|J. ":rcV. Ll if r; l_r t: _le_= - Passwords are the keys to your computer. they help protect your information and Emory‘s shared computing systems tram attacks like viruses and hackers. if your password is in the dictionary. passwordcracking software can guess if ln seconds! Learn how to create strong passwords: http: //www. it. emory. edu/ showdocctm? docid=260i. To change your password: t‘tt: li'. _i,1ii-ifi, ’,. ,_xrl: .:C; W .74.’, .f‘''l‘ 5‘: "1 if-21L. - For tips on using antivirus software. installing Microsoft security patches or system updates and morergo to ITD‘s “Basic PC Security“ Web page: I~ ll‘. I r r“i: ‘.ir', = r . -I. l~ ~l-~-I“ --Irir r~_ri€. ’~'; l=l - Join the “IT Security O§. A" conlerence on LearnLink. where you can post and get answers to your computing security questions: |T_§r-; — _ I’ ~, -_: FF. ‘r I: rirrl in i”'Fl‘r: ri, i' rt. i - Make computing security a priority! The security and availability of Emory‘s shared computing systems depends on everyone working together to keep our resources safe. - — The ITD Security Team - P4tSn Don‘t forget to bookmark the ITD Information Security homepage: t‘ t_: fi‘, r', "’. ji: j I‘ t; ,v t : '’v‘i: f-r'‘; ,» if-"i. , Academic and Administrative Information Technology Client Technology Services
  16. 16. Information Technology at Emory Alert List Emails Please send out this information on a new MAC Worm that has been found in the wild. Definitions for this new worm should be available for Norton's MAC client anti-virus software. Be sure you have definitions dated 2/1 6/06 or later for your client. For more information. please go to the following URL: I‘: ' lrz» :5 r: -if u ti l y l ~: : 5 is C} rt 5:. .5 ‘I, -' : ::: Fl l= ::* : :: . :: : : ::» twin‘ -: :: : :: : :: Ti l n: :- r v: :- rt : : 1‘ a : ::i l 0 : ::- : = 'x' ‘: :: : ::: p . :: :i . l': ‘ 0SX. leap. A Discovered on: February to. 2006 Last Updated on: February I8, 2006 Oi: l5:52 PM OSX. Leap. A is a worm that targets installs of Macintosh OS X and spreads via iChat instant Messen er pro ram. . _ _ Note: It infects ties on he Macintosh OS X version 10.4. The worm. will execute on Intel Macs, but cannot spread to other systems from these machines. gxlso Knlown As: OSX/ Leap»A [Sophos], CME-4, OSX/ Leap [McAtee]. Leap. A [F- ecure Type: Worm Systems Affected: Macintosh OS X Academic and Administrative information Technology Client Technology Services
  17. 17. information Technology at Emory Lecirniiitk Security Conlereitce 'r" l'1—4L2.". E(If, C14’--i‘11-iri. ’. __ _ I, ‘1. Fltr» Ed-I Forrnut Na» . r.. zgr« iLaILabcir. .t-> Vn -w H: sip :2’; .9 '-"-. - of er at: 6 2. it: tn? 5 “ca '1] Daemon 0 files I0 Folder: Learrltnk ' Jay Flanagan 1 Sam Fin H": I [‘§r I- " .4’ i want ink rmmignas. 0-=77--9°-3 W‘ 1'30"-‘ T’: F ' fr _ Q Learf‘tLI'k New and Into (5-73 rr S-xcu xv QSA wad: F Getting rslanoa as is (_Zr: Il‘lvo| lI_Iv (T. - 1,1,: lechnctlclay _e . . . _._, F = ’.'. ‘- [5551 Public Conference: pmn, V A, -,, -., .,, -.. —,. ,.. .., -,. ,. I nun : i.-lecterfi. Academic and Administrative Information Technology Client Technology Services
  18. 18. Learnlink Security _ IT Security QOA : Le-'Ir. nLtr1k Ella Eat Focrnaix message cpllxcu-an Klerov nob 8.? ‘is .0 C lu‘a‘«5acl'lE. 'Ia= r--~BB>| can-var-an 43 Plan 1 rad-r L‘Irl'ILll'It' Xrvsnn N V-up aw I'IIun~¢~ Jana O uiu-. Br! -I 0 arm- Nuben r Rhodes Svnnb fichnnrucuodtl recur. M Medan i-nose. -u -at--«mu at in 9-s-1.. .. Nu uni-um -in-i Eluvkll lZlv| v in name. " uroouoon hvflhll xnnnnruootfl Av-I N -,9-oovseuo Reason 5 o-mu-mac on-n P was» or-in-vi r. v-an Mu! H Ronni. -eh aw l’i-n-even M-n-an c in-c-wvin-.4 -u-- r--wan lfivfiv o-rian 1 - ovnc. Anldny L Vk. InO—dnU Juy i-i-n-y-n snow 0 has Mariam r: . ranarmua ciruannegnaaogy mun. an-sun I DION! OQUQGGII. HIM! !!HEHIHIIllllillllllllllll' ! !¥5t'¥t‘. !!¥¥5t¥H¥i€¥¥! !§§¥¥5i! !¥: l§¥! ¥I viunrrvo vwuvi cw we now :1 -uio Ncvv I7 3-. tears): tr-me: ear He(3I Ira I61.-senior Rt-xii ornmou-ctcu nu llnl‘II¢. llI: Ic1 i. .m. ~-. -4.. . urn Diwv . s. I II-Din nrv tw---mm-. maw as n spans my iyvnca-c Antwa- nu zymunuc A: -emvux Liv-ups-1 »_-syn-it-c amt-wuo Liv-upu-oi km‘ 4) ~ru. -an-an n. -mr R012) '&AP¢d‘ 03". ‘ nu ‘nuns: -I numr -». ..u. . do mm-—~ n-w rqum in no N. ht-w awn-sii . :19 New ewptui in xv ptnnltun «an u-inn-w-q nyvnarvlor. mom. -n won unnn-1-no lvvnurlcc cu--«en about usu-van: uueeuon abosl ~. a-uvc-A--u now on-can mm; anus N-(P) n-gm in -= ---vi man no’ mgru m -can H. -mu panama vinu n-imugn llnnll RI upy IXC He saw a-e uw om Conference . . . _-. -.¢i_. - ‘I‘iv1V»-CMVKVJ : -:1-in-run 1-I-II-M Anna: -up 111 an mew. ..-s. Hi}? ! 2 E‘i: AJNl'lE 5;; nnuuiu inflame crzuzusc ln'Vf. 'rilI utzntxrm unnooa 4 iaarzouo r § § 1gx; ::§: “ua: ian‘ giiitmz 12f77I9D0fl flI7AAl t7I77I7I'I0fi :7aA~i I7‘I7l'| I7fIl'F| II uni-M Iarzliuuuh Ina! -I-1 Iztaacns :12:-M izruauus ruu2AM 1'. -(cause 1 24!-M IJIIIJCIZIG 1o31A. u vw-ha; nap lar zcuuu-ca in cox an Ihurxu I Ioanoo: B :0 AM war? » swimmer urctxluvvwu Hr-inn-one 51! Au Academic and Administrative information Technology Client Technology Services
  19. 19. Information Technology at Emory Web Page hit : securit . it. emor . edu What's available — Information on Phishing — Security How-To's — Security News — Security Vulnerabilities and Viruses — Operating System Baselines - Vulnerability Scanning Self Service — Security Policy Information — Security Statistics — Links to other important Security sites Academic and Administrative information Technology Client Technology Services
  20. 20. Information Technology at Emory Security Mini-Conference + The Security Mini-Conference is held annually in the spring of each year — Send out mailers — Web Page — Email — Require registration - Different Themes each year — This year was identity theft and privacy — Speakers that speak to the themed issues ~ For faculty, staff and students — This year included our Healthcare side - Food provided — Continental Breakfast — Lunch Academic and Administrative information Technology Client Technology Services
  21. 21. Protecting hlomntton prtncy and pvcvmthg Idamxy theft an up security zhnllongu lacing the U. S. loduy. lnorfl Fannnl hlommlon hcurtly Avrann-u Mlnl-Conlunlu Information Security Avaréness Mini-Conference APRIL 5, 2006, 8:30 a. m. - 1:00 p. m. will offer lxully, ml! and mad-nu the opponmny to lurn wan to secure Iholr dbgtul lnlolllnliovl, pcouu thclr tniqnkilfl prtvxv, wold boconlng vktlru of Idonuty mm and wlffltl nspovwbh tonpullnq when Iulng Enoly'| networked lo- murun. The (antenna Is nupomoud by A¢adunl( and Adnlnlnrntlvo Inlan- mauan Todmoloqy (AAIT), Nat: -an Corlnunltlllanl (Hartman, and Emory nun» nu Inlumatton Suvtcu (INC lS). Yhcro are no Ins, but ngnrauon II nqulvod. Vlsll Ilu Ivrblllc lot more lnlurnunan and lo R-glllrv lot Ihuonlurontc. EMORY
  22. 22. lniormalion Technology crl Emory lnforrnation Security Awareness 2006 MiniZ(on1erence Apri 5. 2006. 8-.3oa. rn. - I:00p. vn. 3&9 FLOOR RALLIU-CM (OK I-Mll. {IN AS-RUIN Cllifili, EVOITV lINl‘ER$| TY wuo suoum ATTEND: Emoryl. -ulry, -.ufl. n11ud-mi MINI-CONIKITE NC! INCIIIDES: (c-nrmenrzl Bre«)lfas1‘l| IrId1>_V: -n with Fearue-1 Speak-.1 ' ‘isessiom TOP IC 5 INC l ll 05: SIN-0-fansalgz ’| '~( | ‘kvlIryTIieh ‘ ki-mlty Mamgement ‘Sal-ayuardmg hwa<y ‘Phlimug 5-: ams‘HlPPA‘ Frau: Delevvt I UN (H! OH SPEA K! R: l. ynnCu: ~:: devi-: IoiI_VIs: ePirsnkr11_ Iniumanon Piracy Holt-?1I: -n_II~bI(ov1tincw~u| It! -Ilfi Cmup GUI 5' PI 5 S E N I III S JaryFIar. s;an_ ll’ S»-'umyToam l. >'-:01 AAIT ' Sine Muizuil , Pruitt! Ms nag, -: E'p Resnet-: l ajye Du-_1It: l 9.»: any ‘Wu. Op. -mug Peru-Lx by flu; Ii. p.l A. lleIu1.-La, F9-D, ‘IE! Pin-Jam IIJI IT and CK), Ernrvy R ECI STRATIOII: Thuudenohvmbullcghlrnnonn nquiod. Cc-nfvwnro sch-fiulv and Ir-aiivmrn r F-umanon mo pm! -1 ml re at http . 'Jrr. emo-y e-awse-: uny_c4:-n is-a. nce_. V)cr3 The rL: w:IIn-he luv Iegisllaiuvl n Vanda z9_ moo SPONSORED BY: Academic 3--:1 Adrninnstvativa-: ¥nfovm2to:4I Te. IvuL-; y IAMT, I-. ~nn-. rIy lIDJ_ Péivou-I (urn niuu -.110.-an INe'. CuuI znd Em: -ry I-Ivor}-: ::: lnfmmatmvi SM»: -vs «GK IS: Academic and Administrative Information Technology Clienf Technology Services
  23. 23. Information Technology at Emory Security Posters «r Put up around campus during back to school it Themed — Viruses — Vulnerabilities — Peer-to-Peer file sharing “ Security Incidents Events — Security Mini-Conference — Security Presentations Academic and Administrative Information Technology Client Technology Services
  24. 24. Information Technology c: -"I Emory Ex: -an. ..--‘r—'itr J'. 'I'fi'l'-'3:-Kw-he-‘t’ nTa r5"é°’a§‘§; "afi°. ‘a"s"r; %5'5 5 Individuals engaging in ILLEGAL file sharig and softvvarqs duplrcation have been fin thousands of dollars- Nu tf1o<r r Jr1Iv-‘E-ollfir u: -.v‘1:3roy»ao-x nor ob. -s ucs. -nu-u ruuvu unq- rtc) 1!. to rep ucu : .o vvurc r:4L~d by u_-><tL~rrI. a co¢'9or. ‘.LAon' . ?5>. '.‘;5 ; '$? ?’. ',. ~." . '». L'. ’n'w' LEIGH 5T'<‘1.'. .’y‘T.1:. l1 "T. .'l"i ‘ILI". '/i7'_' . . . :u . x‘7L}' . ‘.1'x. (""p. "."<'; v‘. IEK"(o"'s '. oIi(')'o¢' "9: poi. .. r r n . .. ._¢. . 1|ru' . —nnn. ..y . -4 Additionally, '€(vvnI4-<r‘- In I-ace; -no-cs uncanny-. o:o— “few-o--' nun no-uoronq; —4fI‘fI'1av: ‘rw- -7.. u'—f1 nr. bf. -I/ .-sl qruvuvi-yr -=1-rhrlcu pecwonnl Invocvrnntoon nrno-ut W. .. vv-dsout your ponwvs qqioro. 2-an-ope. -— or ' on-; :. av1:Ncn~, lO(. )&L>¢al, roe. -u~. NL1*, u_)¢_1 r~u; uLu_u, Du-urn rnuu-a flrv1fill’T, and rrw- nun qncwu can u. .. n y. ».. ._ . ..v~. u~. 5. evucgv-rhdvollhlc fair anon. -non 7-s-A. .—. r . .u «.1.-I-»-xv . ,._. . . .9”; -. . ._. 9. -, .un. .,—. V . - L. .. Lc1v - iL'I_l‘A_ so on than "ft: -—u: oII—9-I -run: -he —r1:1 -cdtvv-rt -duly res-sq. htm? hen. C): -« vvny ()1 occurs on, vxnl [3-av I-y kl-ur<| ycuur gwlvn-‘(V an lxrxu-1) yuan (’IlI. run: |. ). :l lI| Jv-V nu ; )v. .rlxaI. y1.. |Ar: u1~lV . >1_; -InI3.l Lu. yyn. __. un»- 2 -nr---»g. ,~uu: .u . - securimr- i'l: -<'_= _rIr1 or-3/-<2clI. .1 Academic and Administrative Information Technology Client Technology Services
  25. 25. Information Technology c: -i’ Emory V . re cl Ll a «rd I“i"i I Create a §E‘C: Ljl§E . Av§l"l"'liIi"l («or root) passvvao-rd! A SECURE passvvorcl is 6 to 8 characters long and contains at least one nurnber or non-alpl1abetic character- oars’: u-a havoc-da en-c ara found In a dlctlonau-VI If you don't cra-ta pauauuoran for all usarnarwsau on your corwwputur, anyana can ac-ca-o your C. I)li; )u_: Lx: v '-I nu. --. vvllli .3 raw ». u--pr“ Icon)! ’-. . vvltnoat oaaavvorda for all uaaarnanoaa, you can Ioaa everything on your cornpucnr nID1<‘r you rrlay noon It rnoct. fr)! ‘ -urnralu cur. -rein: --s on ¢—-g-nennq . - 3:: (T1)! !! ran-s-cvvcarrl, vi-ue se<: I.. Iri-1:3/-it-en11oI-3r-ed 1.: Academic and Administrative Information Technology Client Technology Services
  26. 26. Information Technology c: -i’ Emory E‘) iizxr J: I—ni'-‘en-r-nv-Ina-E‘ «=11-no If 66) lcnzams. I1:«oslI: eess‘? Run Vvindovvs ILJ pdate lvlany virLlse5_e)¢ Ioit the vveaknesses in on-updated VV-n ovvs Operating Syautenfisl Llodata your wacalon of AIIn¢1ovvs liege: vvi I"IC. - ovvsu -9 C. -.3 : ;<e- run I ca-oso . ’2;-co Pt‘- Pv-otect vourcalft l‘1:lT<)vv l'I-<3 | ._a| )Ll. nl1: ¢_Ivr1.: ¢_lD¢_>I-‘A LEVI hare-c_r. ¢_; (t': . vva: Lr.4rlI_- and Lu: aura: mu Inntall all c-1uq= —I upaata. Eounllng your uuadatoad Vvlnsdown E(>_o~r. -_t: Iv-59 Swat. -no vvltlu Synda ntec lrtnIu runs vvlll an-u-— you cugpca-ca-you 1». na(AIaa'| ( aafaly and nacsaraly. IVIM r1$". lif‘ rt-| v<¢| -4*-. lintiitin (if Elricirruvn Féfilalritf Enftin tvvdullflly, cyrruuneac -s-an. .. csozasc or viral oounrcc-vvso. -sun‘. vvvontnly. VVI1 er (J be a lVIac8r PC, _ 3: ear I. I ate your [aerating Sy. -ztierrl- I I‘-lT‘lI l I H H I‘ : II)l—lI I(rpI | )t'K)iI'( ‘llltl Y‘I)llI‘d"f l“’lI"“a' Ilr‘ll*¢"u All : :1*. -:«: - ‘ : /- ; - _: “ ‘Dry/ _-_: »<: _ Academic and Administrative Information Technology Client Technology Services
  27. 27. Information Technology at Emory Eedznar-It? Infcxrrrnatlcnn Install and L! Syn1antec Ant: Irus The $yn1antec Antivirus scpftvvarie is available on the EOL Cl) and online at Eaclu oav, --any uluu-an apgxaan on 11-. global lialvwo-I1. I’: otac voueaall: I inrsn rs yr“ . r Ant-V-n . —. —, rwe~n. -F nnrl r1Ir —. yv. +c-rn r, rrIr1V. rinlly en atop ulna In Of»-only’ Q-gurus Becvveen August 17 and August 27, THREE Dilajol’ IIl1Aa¢= -a vwreakecl fiavoc on rlotnrorka anrotnnd tlie vvond- anon-oy so vi. uoeg 0. . » . .—«-. :~. wr. -"1 . .». —.. .u . -y n . . . —.. .. ,1 . .r. . u, u—. .'~ y-: ~.w. syn--"ecu. rate-ca cxnauiln-vaoaaaorn an; -A--e. ALL or 791294. s-xryou tinn-on «,1 nIn, or Vang‘. .. nu gown pa-ea—'— boxgcgrx-gurus. an. -vn nu»-u animus! run. -w | >lI>tlV<Ilvv() V4)-1rl<-av" . «.. --nu: / Ivl<wv- . u— Academic and Administrative Information Technology Client Technology Services
  28. 28. Iniormcriion Technology at Emory ‘ [l<{&%. JZé)é’3A fig AQCDDQQ (Ca-mm(6.] film rrim<@§_s{‘c. ' cF; «:=3sE5C= ;~. §-5,, [lIL. fl_. i‘_-f». @§3AlL. )) Tfiwrte rfiu-4?. -><'7"4: nmway . —., ‘run-svigh-~ The HIAA nzvioeoy pa: -he; zynr-ry's Resklentlal Metwovk Ina. -ween for p-eeo to peer snares. Tho». CMAVOQ 4.-an nmun-only lbnstod by uuraonu unln-u KAZAA and on--z ‘no. ’ suuuuuo, Yr-o RIAA Issue: lubpocnll unthout warning to Itoddflii sharing inuuc All. -on-Hy. $§"§I"1_-ti LNVE WW1’ [MUST C i"'_i_‘E': ~_I w‘ _l_‘. ' MN’ '| _'l_ '1 E$. '_. "yi’_-l‘ iir'l l_@-. I"-JS‘LJI-i‘. "§ IX {V H)’ :3‘ ' F: L. ’l-: }7 [.1377 |5:}‘if1S>lH too. ... n.. u «wooing In ILLEGAL ma umrlnq no-as oolnn-rt dogs! -cation have on-u nneo (lo-ouxnvkin or 1.9435154» Ilodihcv I u-any un-on-cury 0-tnghloyoos not no uudonqo bnvo Iho nut“ to mg-yo-tux. ooftworo Iuonaqa t-y oitovnul rnrpc-v. .t| .:n-. A£<oId- an u. s. copy: -gm L. -.. . pdvunil who . --0.-. an . .n-mo. o.u. a (Buy A. Iunhlo to us. Kopyvlqhl own-c lav nxtu daunngun and pouhtu at sxpunary dnlnau-5 oi up 1:: 3| 50,000.00 plus xautl zone: and nttnrl-ouy I--s. Additionally. spywnru In Inn-II-us alongnlclc -Ir---' flu- -h-rh-I? nofluoovo -ugh an «.2.-A. Spyvvalo p:1ol)¢§ . -nun». pcttuuial lnfulnxailuni about you av lhoul your pun nusuon. I IIHIIQIICQ GI 55371509: SJIICIOIIG. Nctflliy NCW. $l"l’. H16 Pvu)¢<Icr. °C"IlI XOdilV&fiCl. Id‘-Ii (II- III! fdi owl. .. - -sh y. ... , . ¢y. ..u. 4. . -.. ».o. u.a- lo: luau- nun loan or . u . c._n. m colvlpulirlq pmmom. on c-lnpun. so 1. ch. -on--~ lung-n usual: —rI¢$ gore. ..-n. runny rt-I. 0--—r Nu. on- uygy or -nannur. you pgy by Io-Inq your pg-no-gy mar Io-ing your xanli. I Find ruqnt our-nu to fvuriiart y. —.. .a. -nv -. .-. n-- r. ..~v: ... n.-- I111:-I1-; arIal1V Qt- ‘§‘t a . Academic and Administrative Information Technology Client Technology Services
  29. 29. Informaiion Technology at Emory l — E I'1“I Z I'’ V _ i j LI ' <: ()rIr1<-<_'t: c<Jrt1rru. Ir1ic. a(«- : cOl| -abor~1t- ~: <_: r:-. IEINJAILE . ;>@§§w@m©u§g 5:31.796] satay “c§g@@<-illbyce [}fiEa? I@[KC: “,[f‘. "—S" ‘IFYOU Ti-I I'NI(YOU DON’? NEED VVINDCMVS XP AND OS X PPLS$'iVORI)S, THllN'lK AGAIN- For Windows XP, enable a strong (6 to 8 character, alph. -nurnoric) password for all users. In 05 X, enable a strong (6 to 8 character, alphanurrsericl root password. Without -stro-rug passwords, anyoru-9 can log on to your counpurts-r using the network. ‘Dov-3': Ll, ‘-I‘ . -r()l'C5s 1 1.xl; «nr. > EOL; at: 1|‘: ‘~. c. iCl. ir: )Ifi. un‘y! If you don’! (roato p. -ussvvords for all osornaunns on your colnputor, anyone can access your ¢ornputur's files with a few sirnpic to-ols. Without passwords for all | .l$ef'l'I. sl11~5, you (.311 lose everything on your cornputo-r wh-on you rnay need it lrsost. F¢s¢ unsplo (lira-¢ll¢_>ri$ on <_ro. nll1r. . an SECLIRI: .---sa. ~u¢u, vosn '* “l l‘ L’ 4" Academic and Administrative Information Technology Client Technology Services
  30. 30. Informcriion Technology oi‘ Emory g _ 1 tip 3 I’ 3’ _ 2 <5’ I; " rnnnr-r~l* 2 (—(')r1‘Il’I‘II ll’1l¢‘, riI’¢-: r‘C)I| r1I‘)CIr‘.4(r-: C‘l'‘r-r‘IlTe- % @ KVJWEI’m3Ci]@>ww§Q (mg Qn[; ®cd]. :ai: c=s: -09., . v ¢ . .,, u~. ‘ « . s . :v : ::» . (Ema fiole da I Iy Fuutto—5Jfp-dates) ‘ IVI: -ny viruses exploit the weaknesses in un-updated Vvindovvs PCS! Update your version of Vvindovvs here: | vvindovvsupaclntc--: -rsicr<>soft-con1 Follow the update Instructions on NIl¢rosoft‘s website and be sure to always install all the critical updates. Coupllnq your updated Vlllndovvs Operatln? Systern with Syrnanlec AntlVirus will ensure you experience the I(-t~ork so ely and securely. {Err-<2 ‘o' e yo-.1 " : >I. .J 551.‘ Is“. 7' ? R'EVVP| _"_I! Ivllcrosoft releases dozens of Vvlndows Security Patches vnonthly. Synmantec releases dozens of Antlvlrus updates rrtonthly. Vvhcther you use a llflac or PC, please update your Operating Systern. T I Lo-arr! tv¢)r-- aizucput ')rc>t--¢ tlrq_; y(Ilare-If against Pxfslrblts ant: Academic and Administrative Information Technology Client Technology Services
  31. 31. Information Technology at Emory §L)l’Itl’1<': _ICZSJTIW-—I: :|. .I_JT%It-: (_7m-1l; ()| $:l‘fl’I: ::‘ ” ‘ ‘ ’ Sf: © [Q M ii rr= uJ7 T . c>)Q? :‘f}"<§>> rr'<: :e -£1: l}“n $S‘fi: ©>[‘§) '3y<: >:»L1.n! l fia‘us'&a. fifi asarrmfi Lfigaapfiqnfie aw-tec fikrmtmxrarurs It's . '-II on your EOL CD! ‘l"h-- BEST tools to pr--vs-nt vlrusos {rorn getting the best of you- Get the ESL CC) frown the bookstore- Run tin-~ EOL CD as soon as you get It back to your cornput-~r! ! Each DAY. dozens of Increaoslr-ugly nsanllclous vlruses appear on the global n-etvvork causlnq prlc-less lrr»-vs, -rslt>I« d-inaug-I Our netvvork Is NOT lrusrnuruc to attacks- Protect yourself: rjgy-I . w. yqplll Ilr| /| ~'II- v. '.tt-/ _~n. .-11¢! r'll y~ t- r11 .4'. -r- . ‘ nI' II: .lr_); ‘- Inr1_l' . - in 10:. Or’ II . r;| < In the past year. thousands of lvlajor Viruses vvroako-cl havoc on <on1putcr netvvorks around the ‘world. Syrnantec released <ountorrVIoasurcs against ALI. CF ‘I'D-IEIVI- Learn Ivloro about protecting yourself agalnst Vlruses at: , __— a» » --. , , .- . . , _x _. an —. - _. . _ -_ _ ' Academic and Administrative Information Technology Client Technology Services
  32. 32. Information Technology at Emory lntormrztion Swcurity A‘. -war. r1r: ~.: . . - - "“ “’ . ‘ ISA 2005 Mini-Conference 7‘ rjl ' . . h. -. C,8:. "-X ‘ _. , “,5-1;” " " 1" IN. ‘-'OI>‘. MATlON : :.r, £.lJi-. I LMOI-i‘r' . ~'_ :23." .1) v" ' I / ~v I 1 lAvFuuAr. An V‘ -. ;v (I v: v.. '. ‘ "Cu! -. _'z ‘Ina draw i. [flfV‘ 'r‘ l1"‘I‘ r ; m prrlrrl Km 41' mm; --o rm -rw mm. . w| |4'l ‘.0.-(1 k-"l, 'l 71,4!“ w~_r'u- n. .,. .. ; u.. .,. . -rt] Vi); -'3 Wednesday 0¢tob~ r 21, 2004 3:00 p. m. - 4:00 p. m. cummu A in Fran (a. pal snmuycnw '17 um vlwvusov om , c.. .;u. -mm 3 fl DESIGNED FOR FACULTY 0 STAFF - STUDENTS l"" g rr. _ rrr. *'| l 1‘ rt. -Ir IL. .~4i‘ruI4»Im, ‘w. ' ll L. “J 3 REGISTER‘ rnp In I mmy «: r.w| SA2DO5 rm. E Eouvnvu . . ». um. .. . . ». . -. ... .,. . . . . ... ... .,. -.. ... ... . act- I ‘ . .. ... ... ... ... v«. ... .., o.. .. Academic and Administrative Information Technology Client Technology Services
  33. 33. Information Technology at Emory Security Presentations it Done regularly — IT Briefing - New security tools being deployed - Security architecture — Tech Talks - Vendor products — F5 Firepass SSL VPN — Vendor Presentations ~ SpiDynamics — Web application vulnerabilities Academic and Administrative Information Technology Client Technology Services
  34. 34. Information Technology at Emory incident Response ~ Must have a process in place — Simple is best — 2 ways to handle incidents ~ Port status and IPS block is Notify different groups, gather information and send to local support contact — Manage the process F Who is responsible as the ticket moves through the Help Desk queue Academic and Administrative Information Technology Client Technology Services
  35. 35. Information Technology at Emory incident Response - Port Status and IPS Block Receive a complaint about a machine that may be infected, hacked, etc. — Email (c: bi_,5.C> '9 Omar cdu) — Help Desk Ticket — Phone call — Other means A help desk ticket is created (if not already done) The IP address of the machine is blocked via our IPS (Intrusion Prevention Service) gaitkfor call back from customer responsible for machine about oc Send ticket to l_oca| support to clean/ fix machine or request customer to bring machine to our clean room Local support cleans/ fixes machine or clean room cleans/ fixes machine and sends ticket back to security Security unblocks machine from IPS and closes ticket. Academic and Administrative Information Technology Client Technology Services
  36. 36. Information Technology at Emory Incident Response - Notification « Receive Ci complaint about a machine that may be infected, hacked. e c. — Email (Cii3n, l‘‘»E '1 en'ici"v. er. ::. J) — Help Desk Ticket — Phone call — Other means - A help desk ticket is created (if not already done) - The IP address of the machine is blocked via our IPS (Intrusion Prevention Service) - Ticket is sent to the NOC (Network Operations Center) for more information on the machine and its location, including MAC address. - Security gets the ticket back and sends on to the appropriate local support contact to clean/ fix - Local support contact cleans/ fixes the problem and sends ticket back to security ° Security unblocks machine from IPS and closes ticket. Academic and Administrative information Technology Client Technology Services
  37. 37. information Technology at Emory Summary is Many different ways to get out the message about security awareness is Awareness should be fun ~ Get everyone involved is incident Response is a process — Make the process simple — Involvement from across the University Academic and Administrative Information Technology Client Technology Services
  38. 38. Information Technology at Emory Contact Information to Jay D. Flanagan, Security Team Lead — Email « )flanag@emom. edu '‘ Jay. d.flanagan@emaQg. edu < SecurityTearn-L@| istserv. emog. edu — Phone v 404-727-4962 Academic and Administrative Information Technology Client Technology Services
  39. 39. Information Technology at Emory Academic and Administrative Information Technology Client Technology Services

×