Operating System Images

Computer SecurityChris HughesChairman NTC1NLT Meeting Aug 2014TAX-AIDETAX-AIDE1Computer SecurityPhysical securityStolen computersElectronic securityTheft via softwareTheft via networks2NLT Meeting Aug 2014TAX-AIDE2014 Security IncidentsThis year in the AARP Foundation Tax-Aide program there were:35 taxpayer forms lost Eight (8) confirmed laptops reported stolen/lostThere was data and a disclosed password on one of the stolen computersMany state laws do not require notification when computers and/or devices are encrypted

NLT Meeting Aug 20143TAX-AIDEConsequences of Data LossAffected taxpayers individually contacted and given free credit monitoring for a year at programs expense

NLT Meeting Aug 20144TaxWise Online - no data stored on computersTAX-AIDESecurity What You Can DoALL computers used for Tax-Aide must be password protected. Passwords must not be shared outside the program.Written password reminders must be kept away from the computers.

2014 SMT/TCS Training - Dallas5TAX-AIDEAdditional information located in Policy Manual Section 8: CONFIDENTIALITY AND SECURITY OF TAXPAYER DATA5Data Security PasswordPassword guidelines:Minimum length eight (8) characters for Windows, and TaxWise accounts. At least one letter and one number in the password.Choose a password that is not a dictionary word or someones name.Do not use TaxWise, TW, Tax-Aide, AARP or any word in the password similar to something that is obviously related to the program.

2014 SMT/TCS Training - Dallas6TAX-AIDEAdditional information located in Policy Manual Section 8: CONFIDENTIALITY AND SECURITY OF TAXPAYER DATA

6

The Rising Malware Threat7NLT Meeting Aug 2014TAX-AIDE8NLT Meeting Aug 2014

http://www.mcafee.com/us/resources/reports/rp-economic-impact-cybercrime.pdfTAX-AIDEIn other words there is a huge amount of money available to hire good malware software developers, and for the social engineering required to infect organizations rather than individuals8What is Malware?Trojan, Virus, Worm, Backdoor, BotnetsRansomWarePersonal and account information theftBank account withdrawal, credit card usage, loan falsificationAd clicking for Dollars9NLT Meeting Aug 2014TAX-AIDEMethods of infectionEmail attachmentsEmail web linksInfected web sitesFlash drivesAdding an infected system to a network (Windows XP)Java installed rapidly becoming one of biggest risks (this is different than javascript).10NLT Meeting Aug 2014TAX-AIDENightmare ScenarioA key loggerCaptures every account loginSends every keystroke made on the computer to a criminal enterprise Server.Every tax return done on the computer will result in identity theft on those SSNs

11NLT Meeting Aug 2014TAX-AIDEEffects of Identity TheftFor victims of identity theft, consequences can last for years; causing financial problems, credit issues, benefit losses, and legal problems. Cost to the AARP Foundation Tax-Aide program reputation and the good work that you all do. Cost of credit protection.

NLT Meeting Aug 201412TAX-AIDEInfected System RecognitionAnti-virus software increasingly ineffectivePolymorphic and kit virus productionWhere one virus exists there will be many due to backdoor accessLook forExcessive ads, multiple IE toolbars, unusual home pages, slow system performance, problems running anti-virus scansSilent key loggers are the most dangerous and most undetectableIf Tax-Aide becomes targeted, we will be infected and there is nothing we can do except re-image13NLT Meeting Aug 2014IF IN DOUBT RE-IMAGETAX-AIDEExplain polymorphic and kitsTargeted examples are target and other stores(Target, Neiman Marcus, Michaels, Barnes and Noble etc), stuxnethttp://malwaretips.com/threads/iranian-hackers-use-fake-facebook-accounts-to-spy-on-us-and-other-countries.27640/College re-imaging anecdote13Windows XPThe tech industry is assuming that every single existing Windows XP system will become infected with malware over the next few months.Infected websitesFlash drivesEmail14NLT Meeting Aug 2014TAX-AIDEWhat Can You DoMake sure all computers are running the Windows 7 or8; this includes personal and site computers. Windows Vista not supported by CCHIf a personal or site computer cannot be upgradedThey must not be used for Tax-Aide purposes.They cannot be on the same network segment as Taxaide computers.If necessary contact the National Office.

NLT Meeting Aug 201415TAX-AIDEWhat Can Be Done?Do all Windows, Adobe updates immediatelyUse anti-malware software like MSE and MalwareBytesIf installed, remove JavaStick to mainstream, branded websites on Tax-Aide systemsRe-Image systems regularlyRun as a standard user see later16NLT Meeting Aug 2014Too much effort for many we have infected systems in the program right now!!TAX-AIDEIf you are scared for the program that is the correct reaction!! Anecdote about infected systems that I have encountered16Site VisitsAll site visits by RCs and SCs should include the questionAre any Windows XP systems being used?If yes take whatever action necessary to remove themAre any systems behaving oddly?Request technical help to check out the system.17NLT Meeting Aug 2014TAX-AIDEWhat else can be done?A policy changeWindows user account passwords must be changed yearly90% plus of malware will be stopped by using a standard Windows account!! this includes silent key logger installation!!

18NLT Meeting Aug 2014TAX-AIDEhttp://www.tomsguide.com/us/standard-accounts-stop-malware,news-18326.htmlhttp://blog.trendmicro.com/trendlabs-security-intelligence/new-banking-malware-uses-network-sniffing-for-data-theft/ - malware requires DLL injection and registry access that is impossible for a standard user18Windows UsersAdministrative User (e.g. Volunteer)Our everyday default, allows easy program and update installationStandard UserAllows all usage of TaxWise and other softwareDoes NOT allow any software installation or updating to be done. An Administrator user password must be entered to allow installation and updates19NLT Meeting Aug 2014TAX-AIDENTC RecommendationUse a standard User Volunteer Account for all everyday purposesOnly a best practice recommendation, not mandatoryWill be in this falls Sharenet documents update.20NLT Meeting Aug 2014TAX-AIDEWhy RecommendationThe changes are simple if the user is comfortable using Windows Control PanelMany of our volunteers are not capable of this!!The change causes the inconvenience of having to type in a password to do the required Windows updatesMany volunteers will find this unacceptableThis change ONLY prevents new infections!Re-imaging is the only way to remove existing anti-virus proof infections!21NLT Meeting Aug 2014TAX-AIDEDiscussion & Questions???22NLT Meeting Aug 2014TAX-AIDE