Avoiding the Dark Alleys of the Internet Extension in the Connected Age NC Cooperative Extension March 24, 2009 Presented by Greg Parmer Alabama Cooperative Extension System

Security is kind of like air. It is easy to take for granted until it goes missing.

Security is kind of like air. It is easy to take for granted until it goes missing.

Security Topics Updates/Patches Passwords E-Mail Surfing Router/Firewall

Updates/Patches

Passwords

E-Mail

Surfing

Router/Firewall

Updates/Patches Why “if it ain’t broke, don’t fix it” doesn’t apply here!

Updates/Patches Operating System Anti-virus Applications

Operating System

Anti-virus

Applications

@Risk Example Widely Deployed Software (1) CRITICAL: Adobe Acrobat and Reader JavaScript Method Buffer Overflow Vulnerability (APSB09-04) (2) CRITICAL: Autonomy KeyView SDK "wp6sr.dll" Buffer Overflow Vulnerability (3) MODERATE: GNOME glib Base64 Functions Mutiple Integer Overflow Vulnerabilities (4) MODERATE: PPLive Multiple URI Handlers Code Execution Vulnerabilities

Widely Deployed Software

(1) CRITICAL: Adobe Acrobat and Reader JavaScript Method Buffer Overflow Vulnerability (APSB09-04)

(2) CRITICAL: Autonomy KeyView SDK "wp6sr.dll" Buffer Overflow Vulnerability

(3) MODERATE: GNOME glib Base64 Functions Mutiple Integer Overflow Vulnerabilities

(4) MODERATE: PPLive Multiple URI Handlers Code Execution Vulnerabilities

MS Windows Security Install virus protection software Turn on the Windows firewall Turn on Windows updates Use Windows Security Center Use limited accounts Use password for every account

Install virus protection software

Turn on the Windows firewall

Turn on Windows updates

Use Windows Security Center

Use limited accounts

Use password for every account

Virus Protection Software Install & routinely update virus protection software Sophos McAfee AVG ClamAV

Install & routinely update virus protection software

Sophos

McAfee

AVG

ClamAV

Windows Firewall Choose “On” Only unblock programs that you trust

Choose “On”

Windows Updates Select “Automatic (recommended)” Select “Everyday” Choose an appropriate time Leave computer on! (check sleep/ hibernate)

Select “Automatic (recommended)”

Select “Everyday”

Choose an appropriate time

Leave computer on! (check sleep/ hibernate)

Security Center Ensures: Firewall is on Automatic updates are installed Virus protection installed & up-to-date

Ensures:

Firewall is on

Automatic updates are installed

Virus protection installed & up-to-date

Security Center Click on the shield to fix the problem You don’t want the RED or Yellow shield

Limited Accounts Prohibited from installing software Prevents installation of malware/viruses User has access to currently installed software Prohibited from accessing Administrator’s documents & settings Prevents changes to administrator password Prevents access to Administrator’s Documents, Desktop, etc. Create/modify system accounts under “ Control Panel/User Accounts ”

Prohibited from installing software

Prevents installation of malware/viruses

User has access to currently installed software

Prohibited from accessing Administrator’s documents & settings

Prevents changes to administrator password

Prevents access to Administrator’s Documents, Desktop, etc.

Create/modify system accounts under “ Control Panel/User Accounts ”

Limited Accounts Easily switch between accounts Leave programs running while others login (windows-L)

Easily switch between accounts

Leave programs running while others login (windows-L)

Passwords? How to stop the sharing madness

Passwords HR system controls your $$ Banks control your $$ No reason to share passwords because you can use: Network file shares Shared files/folders Remote Desktop E-mail Proxy Web 2.0 products

HR system controls your $$

Banks control your $$

No reason to share passwords because you can use:

Network file shares

Shared files/folders

Remote Desktop

E-mail Proxy

Web 2.0 products

Managing Passwords Trade-offs Different passwords for different systems Require passwords to change Password Managers Password Safe http://passwordsafe.sourceforge.net Others http://www.lifehack.org/articles/technology/10-free-ways-to-track-all-your-passwords.html Choosing a good pass phrase “ 1wbiDCH” (I was born in Dale County Hospital) http://www.aces.edu/extconnections/2006/10/

Trade-offs

Different passwords for different systems

Require passwords to change

Password Managers

Password Safe

http://passwordsafe.sourceforge.net

Others

http://www.lifehack.org/articles/technology/10-free-ways-to-track-all-your-passwords.html

Choosing a good pass phrase

“ 1wbiDCH” (I was born in Dale County Hospital)

http://www.aces.edu/extconnections/2006/10/

Safely Using Email Avoid hoaxes and phishing attempts

Hoaxes Trickery Please forward Usually harmless Waste time and resources

Trickery

Please forward

Usually harmless

Waste time and resources

Phishing Clues Return address appears to be legitimate Warns of consequences unless urgent action is taken No personal info or account name/number in message Name of link doesn’t match destination Name of link: https://www.firstnational.com Destination of link: http://www.sargonas.con/firstnational/login.htm http://www.wikipedia.org/wiki/Phishing http://jdorner.blogspot.com/2007/03/every-now-and-then-i-come-across.html http://www.aces.edu/extconnections/2006/12

Return address appears to be legitimate

Warns of consequences unless urgent action is taken

No personal info or account name/number in message

Name of link doesn’t match destination

Name of link: https://www.firstnational.com

Destination of link: http://www.sargonas.con/firstnational/login.htm

http://www.wikipedia.org/wiki/Phishing

http://jdorner.blogspot.com/2007/03/every-now-and-then-i-come-across.html

http://www.aces.edu/extconnections/2006/12

Viruses & Trojans When you receive an attachment via e-mail, think about it before you click to open. Is there ANYTHING suspicious about the message? Just because you know the “sender” doesn’t mean the message is legitimate.

When you receive an attachment via e-mail, think about it before you click to open. Is there ANYTHING suspicious about the message?

Just because you know the “sender” doesn’t mean the message is legitimate.

Don’t Become A Victim “ Google” a sentence from the message to see if it’s a hoax or phishing attempt – add snopes to the search terms Be wary of any web links you get via e-mail

“ Google” a sentence from the message to see if it’s a hoax or phishing attempt – add snopes to the search terms

Be wary of any web links you get via e-mail

Surfing Read the Warnings

S is for secure Passwords deserve “ https” Check the SSL box “ imaps” “ pops”

Passwords deserve

“ https”

Check the SSL box

“ imaps”

“ pops”

Read & Heed

Plain-text Protocols

Secure Protocol

Home Routers Insurance that works for you!

Home Routers One internet connection, multiple computers Firewall protection Access restrictions

One internet connection, multiple computers

Firewall protection

Access restrictions

One Internet Connection

Firewall Protection One-way valve that lets you out, but doesn’t let intruders in Prevents unauthorized access to your computer(s) Hides your computer(s) from the internet while still allowing access to the internet

One-way valve that lets you out, but doesn’t let intruders in

Prevents unauthorized access to your computer(s)

Hides your computer(s) from the internet while still allowing access to the internet

Access Restrictions Control when a computer can access the internet Deny/Allow by website or keyword Multiple configurations Everyday or only on school days etc. All the time, or only between 4p.m. & 10p.m, etc.

Control when a computer can access the internet

Deny/Allow by website or keyword

Multiple configurations

Everyday or only on school days etc.

All the time, or only between 4p.m. & 10p.m, etc.

Secure Wireless Disable wireless, if you’re not using it Most routers can be configured w/a CD What can be done manually? Change the SSID (wireless network name) Disable SSID Broadcast (make it invisible) Require a password to join the wireless network Restrict by MAC address

Disable wireless, if you’re not using it

Most routers can be configured w/a CD

What can be done manually?

Change the SSID (wireless network name)

Disable SSID Broadcast (make it invisible)

Require a password to join the wireless network

Restrict by MAC address

Other References SANS https://www.sans.org/newsletters/ The National Institute on Media and the Family http://www.mediafamily.org/network_guides.shtml Bruce Schneier “ Beyond Fear” http://www.schneier.com

SANS

https://www.sans.org/newsletters/

The National Institute on Media and the Family

http://www.mediafamily.org/network_guides.shtml

Bruce Schneier

“ Beyond Fear”

http://www.schneier.com

Thank You Greg Parmer gparmer @ auburn.edu