CENTER FOR DEVELOPMENTAL SCIENCEcds.web.unc.edu/files/2014/12/Presentation-to-CDS_tc.pdf ·...
Transcript of CENTER FOR DEVELOPMENTAL SCIENCEcds.web.unc.edu/files/2014/12/Presentation-to-CDS_tc.pdf ·...
its.unc.edu
CENTER FOR DEVELOPMENTAL SCIENCE
Tim Cline Information Security Office
Information Technology Services (ITS)
its.unc.edu 2
Outline of Today’s Presentation
§ 1. The Nature of Our Business
§ 2. The Current Threat
§ 3. What We Can All Do to Help
its.unc.edu 3
§ Information Security deals with the protection of three characteristics of information.
• Confidentiality – Keeping info private
• Integrity – Keeping info accurate
• Availability – Keeping info accessible (even in disasters)
The Nature of Our Business
its.unc.edu 4
Definition of Sensitive Information
§ “Sensitive Information” includes all data, in its original and duplicate form, which contains:
• “Personal Information,” as defined by the North Carolina Identity Theft Protection Act of 2005,
• “Protected Health Information” as defined by the Health Insurance Portability and Accountability Act of 1996 (HIPAA),
• Student “education records,” as defined by the Family Educational Rights and Privacy Act (FERPA),
• “Customer record information,” as defined by the Gramm Leach Bliley Act (GLBA),
• “Card holder data,” as defined by the Payment Card Industry (PCI) Data Security Standard,
• Confidential “personnel information,” as defined by the State Personnel Act, and
• Information that is deemed to be confidential in accordance with the North Carolina Public Records Act.
its.unc.edu 5
Definition of Sensitive Information
§ Sensitive Information also includes any information that is protected by University policy from unauthorized access. This information must be restricted to those with a legitimate business need for access. Examples of Sensitive Information may include, but are not limited to, research data, public safety information, financial donor information, information concerning select agents, system access passwords, information security records, and information file encryption keys.
§ http://help.unc.edu/help/what-is-sensitive-data/ What is Sensitive Information?
§ http://help.unc.edu/help/legal-references-for-sensitive-data/ Legal References for Sensitive Information
its.unc.edu 6
The Current Threat
§ We face a dangerous combination of known and unknown vulnerabilities, strong and rapidly expanding adversary capabilities and a lack of comprehensive awareness of the threat.
§ Sensitive information is stolen daily. Many incidents, if not most, do not get reported.
§ In opposition to us are nation states, terrorist networks, organized criminal groups, hacktivists, and individuals of varying levels of access and technical sophistication.
its.unc.edu 7
Why Would Anyone Hack
My Computer?
Diagram source: http://krebsonsecurity.com/2012/10/the-scrap-value-of-a-hacked-pc-revisited
Hostage A*acks
Financial Creden4als
Account Creden4als
BOT Ac4vity
Web Server
E-‐Mail A*acks
Virtual Goods
Character Hijacking
Spam Zombie DDoS Zombie ____ Click Fraud Zombie Anonymiza9on Proxy CAPTCHA Solving Zombie
Online Gaming Creden9als Web Site FTP Creden9als Skype/VOIP Creden9als Client Side Encryp9on Cer9ficates
eBay/PayPal Fake Auc9ons
Bank Account Data Credit Card Data Stock Trading Account
Fake An9virus
E-‐mail Account Ransom Ransomware
Mutual Fund/401K Account
Webcam Image Extor9on
Phishing Site
Malware Download Site Warez/Piracy Server
Child Pornography Server Spam Site
Webmail Spam Stranded Abroad Advance Scams
Harves9ng E-‐mail Contacts
Access to Corporate E-‐mail Harves9ng Associated Accounts
Opera9ng System License Key PC Game License Keys
Online Gaming Goods/Currency Online Gaming Characters
Facebook TwiUer LinkedIn Google+
its.unc.edu 8
Are EDUs Different?
§ Historically the mission supported, even required, openness.
§ State EDUs have greater requirements for openness.
§ Tend to have significantly more
bandwidth than commercial entities.
its.unc.edu 9
Network Attack Events
§ 2010 • We saw 1,000,000 connections denied by our network firewalls per
week (1% of campus firewalled). • More than 200,000 blocked connections per week by our Intrusion
Prevention Systems (IPS). § 2012
• We saw 35,000,000 connections denied by our network firewalls per week (3% of campus firewalled).
• Intrusion Prevention Systems blocked 3,000,000 million security events per week.
§ 2013
• We saw 100,000,000 connections denied by our network firewalls per week (5% of campus firewalled).
• Intrusion Prevention Systems blocked 7,000,000 connections last
week.
its.unc.edu 10
Network Attack Events
0
2
4
6
8
10
12
14
16
18
20
2010 2012 2013
Mill
ions
Normalized Weekly Firewall Denials
0
1
2
3
4
5
6
7
8
2010 2012 2013
Mill
ions
IPS Blocked Connections
its.unc.edu 11
August 2014 Stats
§ Firewalls Blocked 132 Million unwanted connections last week.
§ Tipping Points (intrusion prevention systen) blocked 9 Million security events last week.
§ Only about 25% of campus is behind a firewall.
its.unc.edu 12
How Does it Happen?
§ Loss or theft of an unencrypted device.
§ Clicking a phishing link or just visiting a compromised site = drive-by download.
§ Interception of credentials.
§ Missing patches -- vendor acknowledges a vulnerability and creates a solution but not yet installed -- intruder needs access which MAY be defeated with a firewall.
§ Zero day vulnerability -- vulnerability exists but vendor has not yet created a solution.
its.unc.edu 13
One Intrusion Profile Scenario
§ Intruders may search UNC-CH websites for roles/users who likely have access to sensitive data.
§ Try to discover computers associated with those users.
§ Phish, drive-by-download, intercept credentials, or leverage vulnerabilities against those users or computers.
§ Once compromised, lurk and understand the system they own without tripping over a wire that would alert us.
its.unc.edu 14
What We Can All Do to Help
§ Above all: do not store sensitive information if you don’t need it.
§ Mask, delete, or otherwise de-identify the sensitive information.
§ Archive the data offline.
its.unc.edu 15
1. Patch Your Device
2. Don’t Get Phished
3. Use Strong Passwords
4. Use Anti-Virus and a
Firewall
5. Use Secure Networks
Top 10 Tips for
Securing Sensitive Information
6. Lock Your Computer
7. Observe Acceptable Use Policy
8. Protect Sensitive Information
9. Use Safe Web Browsing
Strategies
10. Protect Your Data
its.unc.edu 16
Keep your operating system and application
software patched and up to date.
• Hackers can exploit known vulnerabilities in
outdated software to gain access to your
computer.
• Your best defense is a patched and up-to-date
computer.
Patch Your Device
its.unc.edu 17
Never respond to email, text messages or phone
calls requesting passwords, account names or
any sensitive or confidential information.
• Reputable organizations will never ask you for
confidential information such as login credentials.
• E-Mail is easily forged and web sites can be
obscured with Tiny URLs. (Where is
http://bit.ly/1agWmbn?)
• If in doubt, reach out!
Don’t Get Phished
its.unc.edu 18
Use strong and unique passwords that are at least eight (8) characters in length with a mix of alphanumeric characters and symbols.
• Do not use dictionary words.
• Use a phrase (e.g. “We’re off to see the Wizard,
the wonderful Wizard of OZ!” = Wo2stWtwWoO!).
• Do not share your password.
• Do not write your password down.
• Do not use it in automated scripts.
• Do not ask the system to “save” your password.
Use Strong Passwords
its.unc.edu 19
Install Anti-Virus and Firewall software on your
computer.
• Update your Anti-Virus definitions frequently to
detect new virus signatures.
• Use host-based Firewalls.
• Anti-Virus software can be downloaded from
https://shareware.unc.edu or installed by AD
policy.
Use Anti-Virus and Firewall
its.unc.edu 20
Use secure network connections.
• When on campus use UNC-Secure wireless or a
hardwired port.
• Secure your home router.
• Use the campus Virtual Private Network (VPN)
when using any public, unsecured network access
point. For information about the VPN visit
http://help.unc.edu.
Use Secure Networks
its.unc.edu 21
Don’t leave your computer logged in and
unattended.
• You are responsible for any activity that occurs on
your computer.
• Logoff or lock your computer when you are not
present.
Lock Your Computer
its.unc.edu 22
Do not use unlicensed or illegal copies of
software or other electronic media.
• Use of unlicensed or illegal material is a violation
of the UNC – Chapel Hill Acceptable Use Policy.
• Beware of using peer-to-peer file sharing software
as it can easily lead to copyright violations and/or
getting malware installed on your system or
device.
Observe Acceptable Use Policy
its.unc.edu 23
If you must have sensitive University information on a portable device, the device must be encrypted.
• ITS offers PGP encryption for laptop computers. • Don’t send sensitive information unencrypted to
locations outside the UNC – CH network. • You can use Microsoft Office or WinZip to encrypt
the data and set a password. • Sensitive University information cannot be stored
on mobile devices without the approval of the department head (or their delegate) and the device must be encrypted.
Protect Sensitive Information
its.unc.edu 24
Keep your web browser up-to-date with the
latest patches. • Use tools like https://browsercheck.qualys.com
to help keep your browser and add-ons up-to-date
• Consider using an add-on such as NoScript for
Firefox for added protection.
• Set the browser security settings to medium or
high and whitelist desirable sites that get
blocked.
• Bookmark sites you frequently visit to guard
against redirection to a malevolent site.
Safe Web Browsing
its.unc.edu 25
If you follow these tips and still get malware
there is a possibility that your data may be lost.
• The most effective remedy for this is a good
backup.
• Commercial services are available or backups can
be stored on a flash drive or USB hard drive, or
written to DVD(s).
• Backups should be stored in a secure remote
location.
Protect Your Data
its.unc.edu 26
If you have a ques4on or suspect a problem : • 919-843-2594 (ORIS Help Line - applications) .
• 919-962-ORIS: desktop support.
• Call the campus IT Response Center (ITRC) at 919-962-HELP. They are available 24/7, 365 days a year.
If you believe that sensi4ve University informa4on is at risk you must:
• No4fy the ITRC and either your supervisor or your Informa4on Security Liaison (the Liaison for ORIS is Scott Wilber: (919) 962-2447, [email protected]).
• Stop, Drop, and Roll. If University equipment is stolen:
• No4fy your supervisor and campus police (919-‐962-‐8100).
Get Help! 962-HELP http://help.unc.edu
its.unc.edu 27
Summary
§ Know what sensitive information is and where it resides … and why.
§ Delete, archive, or safely store sensitive information.
§ Patch and configure correctly (vulnerability scan to verify).
§ Diversify and safely store credentials.
§ Encrypt or de-identify sensitive information and only use when needed.
§ Adopt less risky behaviors – be careful with browsing on sensitive systems, diversify passwords, etc.
§ Encrypt mobile devices that store sensitive information.
§ When in doubt about safety of sensitive information, ask.
its.unc.edu
QUESTIONS?
SUGGESTIONS?
TCLINE [AT] UNC.EDU