Disaster Victim Identification & Privacy The Privacy & Security ...
An Introduction To IT Security And Privacy - Servers And More
-
Upload
blake-carver -
Category
Technology
-
view
374 -
download
1
Transcript of An Introduction To IT Security And Privacy - Servers And More
Week One
• Passwords: L E N G T H & Unique
• Paranoia: Think Before You Click
• BackuPs: Frequent and Automatic
• Patches: Set to Auto
• Ponder Before Posting
Intro
Week Two• Privacy
Surveillance Is The Business Model Of The Internet
• Carry A Safe, Not A Suitcase
• Browsers
• Wi-Fi
• Social Media
• Mobile Devices
• Backups
Week Three
• Lock Things Down Grant least privilege Whitelisting - Patches – Limit Admins
• Assume your secrets are not safe• Build a Defensible Library• Threat Modeling Everything With An IP Address Matters
• Training New Instincts Never Without The WHY
Concordia University libraries hit
by security breachOfficials at Concordia University have filed a police report after recently noticing a security breach
at the university's Webster and Vanier libraries.
The university's library and technical staff recently found hardware devices called keyloggers
on some of its workstations.
"Hardware devices called keyloggers ... can capture computer keystrokes," said a statement
issued Monday by the university. "These keylogger devices can capture personal data such as
login information and passwords ... by tracking the keystrokes used at a workstation."
The affected computers are the ones at express workstations, which are available for
public use for a maximum of 10 minutes.
The university said that the security network of its 272 laptops on loan and its 432 library
workstations is intact.
"We want to reassure you that the hardware keyloggers were only found on express workstations
located on LB2 in the Webster Library … and on express workstations located in the Vanier
Library on VL1."
http://www.cbc.ca/news/canada/montreal/concordia-security-breach-1.3501415
School officials said they are beefing up
security in areas where public computers
are located.
"We are conducting regular visual
inspections and implementing several
other measures that include educating our
students, faculty and staff," the statement
said.
http://krebsonsecurity.com/2012/10/the-scrap-value-of-a-hacked-pc-revisited/?utm_source=feedburn
Server
Servers Are Better!
• Bigger
• Better
• Faster
• Always On
• Unattended
• Bigger Pipes!
• Full of stuff!!
• People come to visit!!!
Server Security
• Keep things updated • Passwords • Limit logins • Logs • Watch for file changes (IDS) • Firewall • Kill unneeded processes
Sever Side Security
• Use SSL• Secure Defaults• Look for old stuff, scripts• Writeable files are dangerous• Watch Who Is Connecting• Make sure it’s physically safe• Scan the server for malware• Scan the web pages• Run an IDS• Linux Malware Detect• Google hacking and robots.txt
– inurl:wp-content/themes/Ghost/
The vast majority of web
malware encounters actually
occur via legitimate browsing of
mainstream websites. In other
words, the majority of encounters
happen in the places that online
users visit the most—and think
are safe.2013 Cisco Annual Security Report
Large Angler Malvertising
Campaign Hits Top Publishers
https://blog.malwarebytes.org/malvertising-2/2016/03/large-angler-malvertising-campaign-hits-top-publishers/
Drive By Defense!
• Use Two & Keep EVERYTHING Updated• Know Your Settings
–Phishing & Malware Detection - Turned ON–Software Security & Auto / Silent Patching -
Turned ON
• A Few Recommended Plugins:–Something to Limit JavaScript –Something to Force HTTPS–Something to stop trackers–Something to Block Ads
Staying Safe Online
Privacy Badger uBlock
Origin
The attraction of attackers to CMS applications (which are attacked 3 times more often than
non-CMS applications) and in particular to WordPress is not new. CMS frameworks are mostly
open source, with communities of developers continuously generating sequences of plugins
and add-ons, without concerted focus towards security. This developer model constantly
increases the vulnerabilities in CMS applications, especially for WordPress which is also PHP
based. We found that WordPress was attacked 3.5 times more often than non-CMS
applications. Typically, WordPress and other CMS applications are derived from a common
template, enabling automated scanning attacks that work effectively on multiple sites.
IMPREVA’s 2015 Web Application Attack Report (WAAR)
https://www.imperva.com/docs/HII_Web_Application_Attack_Report_Ed6.pdf
http://venturebeat.com/2015/11/08/wordpress-now-powers-25-of-the-web/
WordPress now powers 25% of the Web
How Good Sites Go Bad
• Remote File Inclusion
• SQL Injection
• Local & Remote File Inclusion
• Cross Site Scripting (XSS)
• Directory Traversal
Sever Side Security
Web Shells
• Once the WebShell script is run, it provides a web interface for remote operations on the server, including, but not limited to:
– Server Information– File manager (access to file system)– Access to execute commands– SQL manager– PHP code execution – Bruteforce FTP, MySQL, PgSQL– Search files, search text in files– Malicious content upload – Mass code injection
How Do I Know My Site's Been
Hacked?
1. Errors on the pages
2. Errors In The Logs
3. New server side processes, users, jobs
4. Files have changed or appeared
5. You show up on black lists
Securing WordPress
• Stay Updated• Change DB Prefix• .htaccess
– Wp-config.php– Wp-admin
• WP Security Plugins• Limit Bruteforce• “admin” user name• Server Side File Permissions• robots.txt• Passwords• Backups
Bishop / PunkSPIDER browser plugins
Pastebin
Realtime DDOS map
(http://map.norsecorp.com/)
Low orbit ion canon DDOS tool (#loic search on
Twitter)
GHDB Google hacking DB at exploit-db
https://www.exploit-db.com/google-hacking-database/
Kali Linux https://www.kali.org/
Security4Lib: http://security4lib.org/
Some Tools & Sites
YouUse a password manager
Encrypt your disks in portable devices
(FileVault, BitLocker, TrueCrypt)
Using a public network? Use a VPN
Anti Malware
Browser Plugins
Updates / Patches
Don't run as root / admin
Firewalls
Remove Programs / Processes / Services
Clean Up Your Footprints
Your Library
Train Employees
Unacceptable Use
Thumb Drives
Incident Reporting
Common Attacks
Privacy
Have A Plan For Loss
Offer Training @ Your Library
Threat Modeling
Your LibraryLockdown
Hardware Security Checks
Thumb Drives
Limit Users - Least Privilege
Anti Malware
Browser Plugins
Updates / Patches
Networks
Whitelisting
Firewalls
Remove programs / Processes / Services
logging and auditing
Backup & Encrypt
Passwords
Library Website
Stay Current
Security4lib
Schneier on Security :
http://www.schneier.com/blog/
Naked Security – Sophos :
http://nakedsecurity.sophos.com/
Troy Hunt :
http://www.troyhunt.com/
SANS Reading Room :
http://www.sans.org/
Security Now Podcast :
http://grc.com/securitynow.htm
Full List
http://lisnews.org/keeping_current_it_security OR
http://lisnews.org/security
Conclusions