Presentation at Technology Solutions Conference

375 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
375
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
6
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Presentation at Technology Solutions Conference

  1. 1. Technology Solutions Conference School Security
  2. 2. Network Security Prevention Recovery Forensics Security Audit New Trends Security Issues
  3. 3. Firewalls Servers Desktops Network Applications User Training Policies Basic Assumptions Prevention
  4. 4. Prevention - Firewalls <ul><li>What data do you want to protect? </li></ul><ul><ul><li>Known databases such as student and financial information </li></ul></ul><ul><ul><li>Local databases kept on hard drives </li></ul></ul><ul><li>What is a firewall? </li></ul><ul><ul><li>Not a content filter </li></ul></ul><ul><li>Poor configurations and lack of patch maintenance very common </li></ul><ul><li>Personal firewalls for your home </li></ul>
  5. 5. Prevention - Firewalls <ul><li>Intrusion Detection Software </li></ul><ul><li>What is a DMZ? </li></ul><ul><li>Web server dilemmas </li></ul><ul><ul><li>Placement of server </li></ul></ul><ul><ul><li>Access for content management </li></ul></ul>
  6. 6. Prevention - Servers <ul><li>Keep up with server maintenance and security patches </li></ul><ul><ul><li>Nimda took advantage of known holes </li></ul></ul><ul><ul><li>Code Red, Polymorphic worms </li></ul></ul><ul><li>Subscribe to virus definitions and be sure to update </li></ul><ul><ul><li>Not all virus protection software is created equal </li></ul></ul>
  7. 7. Security - Servers <ul><li>Remove all generic and guest defaults after install </li></ul><ul><ul><li>Web server hacked via generic login </li></ul></ul><ul><li>Check for inactive web modules </li></ul><ul><ul><li>They can be accessed and generic setups abused </li></ul></ul>
  8. 8. Prevention - Desktops <ul><li>A: drive </li></ul><ul><ul><li>Vulnerable to infected floppy disks and other non-authorized files and applications </li></ul></ul><ul><li>C: drive </li></ul><ul><ul><li>Vulnerable to configuration changes, and access to restricted resources (students hid Internet access) </li></ul></ul><ul><li>FTP </li></ul><ul><ul><li>Vulnerable to downloads of infected files or other non-authorized files and applications </li></ul></ul>
  9. 9. Security & Hackers <ul><li>Internal Attacks: Students and Staff Hackers </li></ul><ul><li>External Attacks: Internet & e-Mail </li></ul><ul><li>Parasitic Attacks: Bandwith , Storage, Processing </li></ul><ul><li>Common Security Issues </li></ul>
  10. 10. Internal Attacks: Student & Staff Hackers <ul><li>Denial of Service </li></ul><ul><ul><li>Web server attacks </li></ul></ul><ul><li>Unauthorized Intrusions </li></ul><ul><ul><li>Admin server accounts </li></ul></ul><ul><ul><li>SASI Id’s </li></ul></ul><ul><li>Anonymous surfing </li></ul><ul><ul><li>Port 443 </li></ul></ul>
  11. 11. External Attacks: Internet & e-Mail <ul><li>Spamming and Smurfing </li></ul><ul><ul><li>Rejected e-mail </li></ul></ul><ul><li>e-Mail Viruses </li></ul><ul><ul><li>ILOVEYOU, Melissa, Anna K, Sircam </li></ul></ul><ul><ul><li>Back Orifice </li></ul></ul><ul><li>Worms </li></ul><ul><ul><li>Code Red </li></ul></ul><ul><ul><li>Nmda </li></ul></ul><ul><ul><li>Polymorhic worms </li></ul></ul>
  12. 12. Parasitic Attacks <ul><li>Bandwidth </li></ul><ul><ul><li>School T1 used fully 24 hours a day </li></ul></ul><ul><ul><li>Wireless access, NYC Antenna & Liverpool </li></ul></ul><ul><li>Resource consumption </li></ul><ul><ul><li>.exe files </li></ul></ul><ul><ul><ul><li>music </li></ul></ul></ul><ul><ul><ul><li>videos </li></ul></ul></ul><ul><ul><ul><li>games </li></ul></ul></ul>
  13. 13. Common Security Issues <ul><li>Kids used to maintain parts of network – (ie web server) </li></ul><ul><li>Virus subscription not purchased </li></ul><ul><li>Security patches not up to date on servers and workstations </li></ul><ul><li>Firewall: None, poorly configured, not up to date on patches </li></ul>
  14. 14. Common Security Issues <ul><li>Web server inside or outside Firewall </li></ul><ul><li>Applications and/or servers not set up correctly (leaving Guest ID’s, Anonymous users, FTP) </li></ul><ul><li>No disaster recovery and backups are not rigorous </li></ul>
  15. 15. Common Security Issues <ul><li>No restrictions on desktops for students </li></ul><ul><ul><li>Floppy access, FTP, loading software </li></ul></ul><ul><li>No policy for security: escalation, passwords, etc. </li></ul>
  16. 16. Prevention - Desktops <ul><li>Windows Explorer </li></ul><ul><ul><li>Students see all network resources </li></ul></ul><ul><li>Right Click </li></ul><ul><ul><li>Students can cut, paste, and delete important files including system configuration </li></ul></ul>
  17. 17. Prevention - Network <ul><li>Require specific logons </li></ul><ul><ul><li>Lab aid giving generic logons so students could bypass system </li></ul></ul><ul><ul><li>Pornography found on C: drive in teachers’ room </li></ul></ul><ul><li>Secure your remote access to network </li></ul><ul><ul><li>Maintenance done by third parties </li></ul></ul><ul><ul><li>Virtual Private Networks (VPNs) </li></ul></ul><ul><li>Are your hubs and switches physically secure? </li></ul>
  18. 18. Prevention - Network <ul><li>Configure your routers with access lists </li></ul><ul><li>Check hubs, switches and routers for web management modules and change default passwords </li></ul>
  19. 19. Prevention - Applications <ul><li>Microsoft Office – “save as” </li></ul><ul><ul><li>Can student see network drives? </li></ul></ul><ul><li>Microsoft Office and Encarta templates </li></ul><ul><ul><li>Students get Internet access and can download unauthorized Microsoft patches </li></ul></ul><ul><li>Downloads of plugins and other software </li></ul><ul><li>Programming courses such as C++ and Visual Basic </li></ul><ul><ul><li>Have access to basic network functions </li></ul></ul>
  20. 20. Prevention - Policies <ul><li>.exe files </li></ul><ul><ul><li>Slow Internet and/or network performance </li></ul></ul><ul><ul><li>Overwhelmed hard drives and network servers </li></ul></ul><ul><li>Passwords </li></ul><ul><ul><li>No policy on changing </li></ul></ul><ul><ul><li>Fewer passwords for ease of use purposes </li></ul></ul><ul><ul><li>“ Shoulder surfing” , yellow stickies, etc. </li></ul></ul>
  21. 21. Prevention - Policies <ul><li>Loading software locally </li></ul><ul><ul><li>Technical issues – not in “Ghost image” </li></ul></ul><ul><ul><li>Printing and application support issues </li></ul></ul><ul><ul><li>Copyright issues </li></ul></ul><ul><ul><li>Accidentally “blow out” system </li></ul></ul><ul><li>Docking home computers </li></ul><ul><ul><li>Students running “cracking” programs and access SASI passwords </li></ul></ul>
  22. 22. Prevention - Policies <ul><li>Disks from home </li></ul><ul><ul><li>Technical vulnerabilities </li></ul></ul><ul><ul><li>Copyright vulnerabilities </li></ul></ul><ul><li>Students doing maintenance </li></ul><ul><ul><li>May compromise security intentionally or unintentionally </li></ul></ul>
  23. 23. Prevention - Policies <ul><li>Removal of access when someone leaves </li></ul><ul><ul><li>E-mail, Calendar, network logon, etc. </li></ul></ul><ul><li>Early notification of problems such as viruses </li></ul><ul><ul><li>What process in place to notify users of new viruses, etc. </li></ul></ul><ul><li>More than one person with key knowledge and access. </li></ul><ul><ul><li>Network backdoors setup </li></ul></ul><ul><ul><li>Secret backups and password changes done before termination </li></ul></ul><ul><ul><li>18 months rebuilding system because of no documentation </li></ul></ul>
  24. 24. Prevention – Policies <ul><li>Enforcement of policies </li></ul><ul><ul><li>If practice doesn’t follow policy than policies are not valid. </li></ul></ul>
  25. 25. Recovery <ul><li>Save to the network </li></ul><ul><ul><li>Saving to the C: drive means no backups </li></ul></ul><ul><li>Verify that they are done </li></ul><ul><ul><li>Who is responsible? Who is their backup? </li></ul></ul><ul><li>External backups vs internal </li></ul><ul><li>Proper tape rotation </li></ul><ul><li>Off-site storage </li></ul><ul><li>Periodic backup check before and emergency </li></ul>
  26. 26. Recovery <ul><li>Damaged servers </li></ul><ul><ul><li>RAID drives </li></ul></ul><ul><ul><li>Maintenance contract or spare drives </li></ul></ul><ul><ul><li>Mirrored or backup servers </li></ul></ul><ul><ul><li>Hot site </li></ul></ul><ul><li>Routers, switches, hubs </li></ul><ul><ul><li>Maintenance contract of replacements </li></ul></ul>
  27. 27. Recovery <ul><li>Applications media archived </li></ul><ul><li>Escalation procedure to move to recovery quicker and to limit damages </li></ul><ul><ul><li>May need to isolate problem </li></ul></ul><ul><ul><li>May need to change passwords </li></ul></ul>
  28. 28. Forensics <ul><li>Log files: </li></ul><ul><ul><li>Intrusion detection logs </li></ul></ul><ul><ul><li>Firewall logs </li></ul></ul><ul><ul><li>Router logs </li></ul></ul><ul><ul><li>Server logs </li></ul></ul><ul><ul><li>Application logs </li></ul></ul>
  29. 29. Forensics <ul><li>Unique log-ins </li></ul><ul><li>Isolate systems </li></ul><ul><li>Notify authorities </li></ul><ul><li>Print screens (IM’ing, chat, e-mail, etc.) </li></ul><ul><ul><li>Terror threat to local HS </li></ul></ul><ul><ul><li>Ballad of an e-mail terrorist </li></ul></ul><ul><li>Hard Dive recovery </li></ul><ul><li>Anonymizer sites </li></ul>

×