Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Dark Alleys Part2

1,285 views

Published on

Internet security tips for network administrators

Published in: Technology
  • DOWNLOAD FULL MOVIE, INTO AVAILABLE FORMAT ......................................................................................................................... ......................................................................................................................... ,DOWNLOAD FULL. MOVIE 4K,FHD,HD,480P here { https://tinyurl.com/yybdfxwh }
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Dark Alleys Part2

  1. 1. Dark Alleys of the Internet Part 2 ACE/NETC 2007 June 19, 2007 Albuquerque, NM Do the Right Thing!
  2. 2. Attack Statistics <ul><li>AU Border Firewall </li></ul><ul><ul><li>Packets blocked by 1000s </li></ul></ul><ul><li>Intrusion Prevention System (blocking recommended attacks) (week of 5/28-6/02) </li></ul><ul><ul><li>90,540 – blocked packets </li></ul></ul><ul><ul><li>25,147 – suspicious packets </li></ul></ul><ul><ul><li>3,893 – possibly successful </li></ul></ul>
  3. 3. Passwords on a Sticky Note? How to stop the sharing madness
  4. 4. Passwords <ul><li>No reason to share passwords because you can use: </li></ul><ul><ul><li>Shared files/folders </li></ul></ul><ul><ul><li>Permissions settings </li></ul></ul><ul><ul><li>Remote Desktop </li></ul></ul><ul><ul><li>E-mail Proxy </li></ul></ul><ul><ul><li>Web 2.0 products </li></ul></ul>
  5. 5. Managing Passwords <ul><li>Trade-offs </li></ul><ul><ul><li>Different passwords for different systems </li></ul></ul><ul><ul><li>Require passwords to change </li></ul></ul><ul><li>Password Managers </li></ul><ul><ul><li>Password Safe </li></ul></ul><ul><ul><ul><li>http://passwordsafe.sourceforge.net </li></ul></ul></ul><ul><ul><li>Others </li></ul></ul><ul><ul><ul><li>http://www.lifehack.org/articles/technology/10-free-ways-to-track-all-your-passwords.html </li></ul></ul></ul><ul><li>Choosing a good pass phrase </li></ul><ul><ul><li>“ 1wbiDCH” (I was born in Dale County Hospital) </li></ul></ul><ul><ul><li>http://www.aces.edu/extconnections/2006/10/ </li></ul></ul>
  6. 6. Network Protocols Help protect users
  7. 7. Secure All Protocols <ul><li>Telnet -> SSH </li></ul><ul><li>FTP -> SFTP </li></ul><ul><li>SSL Certificates </li></ul><ul><ul><li>LDAP -> LDAPS </li></ul></ul><ul><ul><li>HTTP -> HTTPS </li></ul></ul><ul><li>Require Secure Protocols for New Applications </li></ul>
  8. 8. Plain-text Protocols
  9. 9. Secure Protocol
  10. 10. SSL Certificates <ul><li>Recognized Certificate Authority -$$ </li></ul><ul><li>Pre-installed </li></ul><ul><ul><li>Verisign </li></ul></ul><ul><ul><li>CyberTrust </li></ul></ul><ul><ul><li>Thawte </li></ul></ul><ul><li>Self-signed Certificates – free </li></ul><ul><li>Manual Install </li></ul><ul><ul><li>eXtension </li></ul></ul><ul><ul><li>AU </li></ul></ul>VS
  11. 11. Root Certificates <ul><li>Internet Explorer </li></ul><ul><ul><li>Internet Options </li></ul></ul><ul><ul><li>Content </li></ul></ul><ul><ul><li>Certificates </li></ul></ul>
  12. 12. Self-Signed Certificates <ul><li>Products </li></ul><ul><ul><li>Microsoft Certificate Authority </li></ul></ul><ul><ul><li>Mac OS - Keychain </li></ul></ul><ul><ul><li>Linux - OpenSSL </li></ul></ul><ul><li>Importing </li></ul><ul><ul><li>Active Directory </li></ul></ul><ul><ul><li>Download </li></ul></ul><ul><ul><li>Script </li></ul></ul>
  13. 13. Secure Network Access For the Road Warriors
  14. 14. Virtual Private Network <ul><li>VPN provides unlimited access to campus network </li></ul><ul><li>Prevent eavesdropping </li></ul><ul><li>Treat off-campus just like WiFi </li></ul><ul><ul><li>An insecure transmission medium </li></ul></ul>
  15. 15. Public/Private WiFi <ul><li>Restrict open WiFi ports/protocols </li></ul><ul><li>Encourage VPN </li></ul><ul><ul><li>Better encryption </li></ul></ul><ul><ul><li>Unrestricted access </li></ul></ul><ul><ul><li>Restrict OS announcements </li></ul></ul><ul><ul><li>Gain benefit of University border firewall </li></ul></ul><ul><ul><li>Restrict services to internal Ips </li></ul></ul><ul><li>Enable Security </li></ul><ul><ul><li>Prevent stealing bandwidth </li></ul></ul><ul><ul><li>Add some security to insecure sites </li></ul></ul>
  16. 16. Remote Access <ul><li>Remote Desktop </li></ul><ul><li>Shared space access </li></ul><ul><li>Printer access </li></ul><ul><li>Internal websites </li></ul>
  17. 17. Other References <ul><li>Bruce Schneier’s http://www.schneier.com </li></ul><ul><li>SANS’ “@RISK: The Consensus Security Alert” </li></ul>
  18. 18. Thank You Jonas Bowersock , Greg Parmer “ Until it goes missing, security is a boring obstacle to productivity in the minds of most.” -Greg Parmer

×