Presentation at Making Links Conference 2010 in Perth, Western Australia. www.makinglinks.org.au

1. ‘‘How Secure Are Your ITHow Secure Are Your IT
Systems’Systems’
““What are the real threats and how to manage them”What are the real threats and how to manage them”
Darrell BurkeyDarrell BurkeyUnix Systems Administrator - GIAC Security Essentials CertificationUnix Systems Administrator - GIAC Security Essentials Certification
president@case.org.aupresident@case.org.au
Computing
ssistance
upport&
ducation
A
S
E
incorporated

2. CASE Inc 2
““IT Resources for theIT Resources for the
CommunityCommunity
by the Community”by the Community”
CASE was formed to assist individuals andCASE was formed to assist individuals and
community organisations in making bettercommunity organisations in making better
use of information technology to accomplishuse of information technology to accomplish
their goals.their goals.
Today’s discussions will be specific toToday’s discussions will be specific to
experiences from the community sector andexperiences from the community sector and
relate to systems and configurations mostrelate to systems and configurations most
commonly used by small to medium non-commonly used by small to medium non-
profit organisations.profit organisations.

3. CASE Inc 3
Limited resourcesLimited resources
Staff issuesStaff issues
Unpatched softwareUnpatched software
Outdated equipmentOutdated equipment
Viruses and malwareViruses and malware
False authorityFalse authority

4. CASE Inc 4
Define Your RiskDefine Your Risk
Risk = Threat x VulnerabilityRisk = Threat x Vulnerability
Defense in DepthDefense in Depth
No one solution will be effectiveNo one solution will be effective
What they wantWhat they want
Anything from random vandalism toAnything from random vandalism to
obtaining resources and informationobtaining resources and information
for use in organised crimefor use in organised crime

5. CASE Inc 5
Basic TheoryBasic Theory
The CASE Acid TestThe CASE Acid Test
Can you put an axe through it and continue to work withoutCan you put an axe through it and continue to work without
loss of data or productivity?loss of data or productivity?
How To Pass The TestHow To Pass The Test
Establish a robust, fault tolerant server-to-peer networkEstablish a robust, fault tolerant server-to-peer network
based on ‘best practice’ solutions maintained by qualifiedbased on ‘best practice’ solutions maintained by qualified
technical staff working to your specific needs and goals.technical staff working to your specific needs and goals.
Isolate WorkstationsIsolate Workstations
Proper network design will isolate your workstations fromProper network design will isolate your workstations from
connecting directly to external networksconnecting directly to external networks

6. CASE Inc 6
Basic TheoryBasic Theory
© Medical Networking Solutions LLC

7. CASE Inc 7
Social EngineeringSocial Engineering
A Typical Scam EmailA Typical Scam Email Intercepted by Server
Warning: This message has had one or more attachments removedWarning: This message has had one or more attachments removed
Warning: (3YMH6JJY.exe, 3YMH6JJY.zip).Warning: (3YMH6JJY.exe, 3YMH6JJY.zip).
Warning: Please read the "tucan_net-Attachment-Warning.txt" attachment(s) forWarning: Please read the "tucan_net-Attachment-Warning.txt" attachment(s) for
more information.more information.
Dear Microsoft Customer,Dear Microsoft Customer,
Starting 12/11/2009 the ‘Conficker’ worm began infecting Microsoft customersStarting 12/11/2009 the ‘Conficker’ worm began infecting Microsoft customers
unusually rapidly. Microsoft has been advised by your Internet provider that yourunusually rapidly. Microsoft has been advised by your Internet provider that your
network is infected.network is infected.
To counteract further spread we advise removing the infection using anTo counteract further spread we advise removing the infection using an
antispyware program. We are supplying all effected Windows Users with a freeantispyware program. We are supplying all effected Windows Users with a free
system scan in order to clean any files infected by the virus.system scan in order to clean any files infected by the virus.
Please install attached file to start the scan. The process takes under a minute andPlease install attached file to start the scan. The process takes under a minute and
will prevent your files from being compromised. We appreciate your promptwill prevent your files from being compromised. We appreciate your prompt
cooperation.cooperation.
Regards,Regards,
Microsoft Windows Agent #2 (Hollis)Microsoft Windows Agent #2 (Hollis)
Microsoft Windows Computer Safety DivisionMicrosoft Windows Computer Safety Division

8. CASE Inc 8
What Works for UsWhat Works for Us
Servers based on open source softwareServers based on open source software
maintained by qualified staff have the potentialmaintained by qualified staff have the potential
to address the most critical of issues:to address the most critical of issues:
 ReliabilityReliability
 Security - firewall, monitoring, reportingSecurity - firewall, monitoring, reporting
 Timely technical supportTimely technical support
 Low initial costsLow initial costs
 Low ongoing costsLow ongoing costs
 Services to meet a variety of needsServices to meet a variety of needs

9. CASE Inc 9
False AuthorityFalse Authority
““I swear this is true. It happened to myI swear this is true. It happened to my
brother. He opened the email and not onlybrother. He opened the email and not only
did it erase his hard drive but all his housedid it erase his hard drive but all his house
plants died and the food in his refrigeratorplants died and the food in his refrigerator
went off! Make sure you send this messagewent off! Make sure you send this message
to everyone in your address book to warn allto everyone in your address book to warn all
your friends so it doesn’t happen to them.”your friends so it doesn’t happen to them.”
““I don’t know anything about IT but here’sI don’t know anything about IT but here’s
what we are going to do because...”what we are going to do because...”

10. CASE Inc 10
Improved DecisionsImproved Decisions
 Ask for qualificationsAsk for qualifications
 Ask for examples of workAsk for examples of work
 Ask about membership to professionalAsk about membership to professional
bodies such as the ACS and SAGEbodies such as the ACS and SAGE
 Be aware of possible biasBe aware of possible bias
 Consider an IT auditConsider an IT audit

11. CASE Inc 11
Support Your StaffSupport Your Staff
 Do you have an Acceptable Use Policy?Do you have an Acceptable Use Policy?
 What training do you provide?What training do you provide?
 How well is your IT documented?How well is your IT documented?
 Do you have a password policy?Do you have a password policy?
 Knowledge empowers!Knowledge empowers!
 Ensure you have appropriate supportEnsure you have appropriate support

12. CASE Inc 12
Questions?
Questions?