Dark Alleys Part2

1,236 views

Published on

Internet security tips for network administrators

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,236
On SlideShare
0
From Embeds
0
Number of Embeds
36
Actions
Shares
0
Downloads
25
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • This is a presentation for system network administrators. Administrators should help teach their users proper security methods.
  • Dark Alleys Part2

    1. 1. Dark Alleys of the Internet Part 2 ACE/NETC 2007 June 19, 2007 Albuquerque, NM Do the Right Thing!
    2. 2. Attack Statistics <ul><li>AU Border Firewall </li></ul><ul><ul><li>Packets blocked by 1000s </li></ul></ul><ul><li>Intrusion Prevention System (blocking recommended attacks) (week of 5/28-6/02) </li></ul><ul><ul><li>90,540 – blocked packets </li></ul></ul><ul><ul><li>25,147 – suspicious packets </li></ul></ul><ul><ul><li>3,893 – possibly successful </li></ul></ul>
    3. 3. Passwords on a Sticky Note? How to stop the sharing madness
    4. 4. Passwords <ul><li>No reason to share passwords because you can use: </li></ul><ul><ul><li>Shared files/folders </li></ul></ul><ul><ul><li>Permissions settings </li></ul></ul><ul><ul><li>Remote Desktop </li></ul></ul><ul><ul><li>E-mail Proxy </li></ul></ul><ul><ul><li>Web 2.0 products </li></ul></ul>
    5. 5. Managing Passwords <ul><li>Trade-offs </li></ul><ul><ul><li>Different passwords for different systems </li></ul></ul><ul><ul><li>Require passwords to change </li></ul></ul><ul><li>Password Managers </li></ul><ul><ul><li>Password Safe </li></ul></ul><ul><ul><ul><li>http://passwordsafe.sourceforge.net </li></ul></ul></ul><ul><ul><li>Others </li></ul></ul><ul><ul><ul><li>http://www.lifehack.org/articles/technology/10-free-ways-to-track-all-your-passwords.html </li></ul></ul></ul><ul><li>Choosing a good pass phrase </li></ul><ul><ul><li>“ 1wbiDCH” (I was born in Dale County Hospital) </li></ul></ul><ul><ul><li>http://www.aces.edu/extconnections/2006/10/ </li></ul></ul>
    6. 6. Network Protocols Help protect users
    7. 7. Secure All Protocols <ul><li>Telnet -> SSH </li></ul><ul><li>FTP -> SFTP </li></ul><ul><li>SSL Certificates </li></ul><ul><ul><li>LDAP -> LDAPS </li></ul></ul><ul><ul><li>HTTP -> HTTPS </li></ul></ul><ul><li>Require Secure Protocols for New Applications </li></ul>
    8. 8. Plain-text Protocols
    9. 9. Secure Protocol
    10. 10. SSL Certificates <ul><li>Recognized Certificate Authority -$$ </li></ul><ul><li>Pre-installed </li></ul><ul><ul><li>Verisign </li></ul></ul><ul><ul><li>CyberTrust </li></ul></ul><ul><ul><li>Thawte </li></ul></ul><ul><li>Self-signed Certificates – free </li></ul><ul><li>Manual Install </li></ul><ul><ul><li>eXtension </li></ul></ul><ul><ul><li>AU </li></ul></ul>VS
    11. 11. Root Certificates <ul><li>Internet Explorer </li></ul><ul><ul><li>Internet Options </li></ul></ul><ul><ul><li>Content </li></ul></ul><ul><ul><li>Certificates </li></ul></ul>
    12. 12. Self-Signed Certificates <ul><li>Products </li></ul><ul><ul><li>Microsoft Certificate Authority </li></ul></ul><ul><ul><li>Mac OS - Keychain </li></ul></ul><ul><ul><li>Linux - OpenSSL </li></ul></ul><ul><li>Importing </li></ul><ul><ul><li>Active Directory </li></ul></ul><ul><ul><li>Download </li></ul></ul><ul><ul><li>Script </li></ul></ul>
    13. 13. Secure Network Access For the Road Warriors
    14. 14. Virtual Private Network <ul><li>VPN provides unlimited access to campus network </li></ul><ul><li>Prevent eavesdropping </li></ul><ul><li>Treat off-campus just like WiFi </li></ul><ul><ul><li>An insecure transmission medium </li></ul></ul>
    15. 15. Public/Private WiFi <ul><li>Restrict open WiFi ports/protocols </li></ul><ul><li>Encourage VPN </li></ul><ul><ul><li>Better encryption </li></ul></ul><ul><ul><li>Unrestricted access </li></ul></ul><ul><ul><li>Restrict OS announcements </li></ul></ul><ul><ul><li>Gain benefit of University border firewall </li></ul></ul><ul><ul><li>Restrict services to internal Ips </li></ul></ul><ul><li>Enable Security </li></ul><ul><ul><li>Prevent stealing bandwidth </li></ul></ul><ul><ul><li>Add some security to insecure sites </li></ul></ul>
    16. 16. Remote Access <ul><li>Remote Desktop </li></ul><ul><li>Shared space access </li></ul><ul><li>Printer access </li></ul><ul><li>Internal websites </li></ul>
    17. 17. Other References <ul><li>Bruce Schneier’s http://www.schneier.com </li></ul><ul><li>SANS’ “@RISK: The Consensus Security Alert” </li></ul>
    18. 18. Thank You Jonas Bowersock , Greg Parmer “ Until it goes missing, security is a boring obstacle to productivity in the minds of most.” -Greg Parmer

    ×