Small Office/Home Office (SOHO) Computer and Network Security Sinclair Community College CIS...
-
date post
19-Dec-2015 -
Category
Documents
-
view
213 -
download
0
Transcript of Small Office/Home Office (SOHO) Computer and Network Security Sinclair Community College CIS...
Small Office/Home Office (SOHO)Computer and Network Security
Sinclair Community College
CIS Department
Small Office/Home Office (SOHO)Computer and Network Security
Bob ShermanPatty GillilanAssociate Professors, CIS DepartmentMultiple Microsoft and Cisco
certifications
Why SOHO Computer and Networking Security is Important
Personal informationPrivate filesFinancial informationHaving your systems “high jacked” Invasion of privacy, e.g., Spyware Identity theft
Why SOHO Computer and Networking Security is Important
Identity theft is a very large and growing concern
Gartner Research Group estimates seven million victims of ID theft in the US in the past twelve months
http://www.consumer.gov/idtheft/ http://www.usdoj.gov/criminal/fraud/idtheft.
html http://www.idtheftcenter.org/index.shtml
Why SOHO Computer and Networking Security is Important
Spyware: a new and growing threatSpyware can…
Manipulate your systemRecord your habitsFacilitate theft of your passwords, credit
card info and identity Adware, key loggers and Trojan
horses
Why SOHO Computer and Networking Security is Important
Signs of spyware on your PCHome page changesNew favorites appearSystem is noticeably slowerNew toolbars appear in IE
Why SOHO Computer and Networking Security is Important
SpywareFile sharing services, e.g., Kazaa or
GroksterClicking on pop-up adsOpening infected emails
Spy Sweeperhttp://www.webroot.com
Objectives
Familiarize the computer users with the following: What it means to be “online”
The door to the Internet swings both ways
What are common risks and vulnerabilities? How to protect against threats Maintaining vigilance by staying current
Nine Critical Steps in Securing SOHO Computers and Networks
Install, use and update anti-virus programs
Treat all email attachments with cautionKeep current with operating system
updatesUse host based Intrusion Detection
Systems
Nine Critical Steps in Securing SOHO Computers and Networks
Use a firewallHost based or dedicated firewall
Regularly backup your data Use an operating system with strong
authentication and passwordsUse file access controls and data
encryptionMake a recovery/boot disk
Nine Critical Steps in Securing SOHO Computers and Networks
Install, use and update anti-virus programs
Treat all email attachments with caution Keep current with operating system updates Use host based Intrusion Detection Systems
Install, use and update anti-virus programs
The single most important thing you can do to protect your systemMost common exposure
Email attachments Connections to web servers
Make sure the program you select also protects against Worms and Trojans
Install, use and update anti-virus programs
Some popular antivirus productsSymantecMcAfeeComputer Associates
http://www.symantec.com/sabu/nis/nis_pe/ http://us.mcafee.com/default.asp http://www.my-etrust.com
Install, use and update anti-virus programs
Norton antivirus output and optionsSystem statusReportsScheduled system scan
Nine Critical Steps in Securing SOHO Computers and Networks
Install, use and update anti-virus programs
Treat all email attachments with caution
Keep current with operating system updates Use host based Intrusion Detection Systems
Treat All Email Attachments with Caution
Email Viruses are becoming more prevalent all of the time
If you haven't gotten an email virus, chances are you will, if you don’t take the appropriate steps
Preventing email viruses begins with common sense and ends with a virus detection program
Treat All Email Attachments with Caution
The Common sense approach:Make sure you are familiar with the
sender of the emailNote the names of the file attachments
Do they make sense to you? Some names are designed to entice you to
open the attachment– AnnaKournikova.jpg.vbs (Worm)
Treat All Email Attachments with Caution
The common sense approach: If the attachment has one of the following
file extensions, be very suspect .scr, .pif, .vb, .vbe, .vbs, exe
Delete suspect attachments immediately and empty the “Recycle Bin”
Nine Critical Steps in Securing SOHO Computers and Networks
Install, use and update anti-virus programs Treat all email attachments with caution
Keep current with operating system updates
Use host based Intrusion Detection Systems
Keep current with operating system patches
“A fix or modification to a program bug in the Operating System. A patch is an actual piece of object code that is inserted into (patched into) an executable program.” -- webopedia.com
Many operating system patches are related to system security.
Staying current can be automated on recent versions of Windows
Keep current with operating system patches
Windows operating systems are frequently “patched or updated”Windows Update
Service Packs (SPs) are a collection of patches and updates
Keep current with operating system patches
Before updating a system make sure of the followingThe update is required for your systemThe update won’t harm your system or any
applications running on itYou can uninstall the update
Get used to performing these updatesMany security compromises are a result of
unpatched systems
Keep current with operating system patches
Using the Windows Update featureClick the Start menu
Then choose Windows Updatehttp://v4.windowsupdate.microsoft.co
m/en/default.asp
Windows Update options in Windows 2000 Pro:
Keep current with operating system patches
First click Scan for Updates Then click Review and Install UpdatesThree categories of updates
Critical updates and service packsUpdates for your version of WindowsDriver updates
Keep current with operating system patches
Click on Critical Updates and Service Packs
Remove those updates not applicable to your system
Click Install NowSome updates will require restarting
your computer
Keep current with operating system patches
Configuring Automatic UpdatesControl Panel or System PropertiesUpdate options
Only notify of updates Download and notify of updates Download and install on a specified schedule
Keep current with operating system patches
Software Update ServiceAvailable on more recent versions of
WindowsCreates a single point internally as the
source of updatesConserves bandwidth
Keep current with operating system patches
Microsoft Technet ServiceSource for a variety of security and
related detailshttp://www.microsoft.com/technet/def
ault.aspKnowledge Base articles
Keep current with operating system patches
Blaster WormKnowledge Base article #823980Exploits a buffer overflow flaw in
WindowsPatch released by Microsoft on July
16, 2003Updated August 25, 2003
Keep current with operating system patches
State of Maryland BMV shut down on August 13, 2003
Many other large networks affectedhttp://www.microsoft.com/technet/tree
view/?url=/technet/security/bulletin/MS03-026.asp
Keep current with operating system patches
Sasser Worm and multiple variations over several weeks in April 2004
Knowledge Base articles# 835732 to prevent future infections# 841720 to clean infected systems
Windows 2000 and Windows XP only
Keep current with operating system patches
Test patches first, then installRemoving patches and operating
system updatesControl PanelAdd/Remove ProgramsApplications and patches all listed hereSelect the desired item, click Remove
Nine Critical Steps in Securing the Home Network
Install, use and update anti-virus programs Treat all email attachments with caution Keep current with operating system updates
Use host based Intrusion Detection Systems
Use Host Based Intrusion Detection Systems
Most intrusion detection systems (IDS) take either a network or a host-based approach
IDS looks for attack signatures, i.e., specific network traffic patterns that may indicate an attack
Host based is appropriate for SOHO environments
Use Host Based Intrusion Detection Systems
Host based intrusion detection analyzes all incoming and outgoing network information for data patterns typical of an attack
Host based intrusion detection uses the writing to log files or audit files
Logs changes made to the system
Use Host Based Intrusion Detection Systems
The information the IDS collects is based on the monitoring of operating system, application software and security events.
Built-in capabilitiesEvent Viewer in Windows
Must review log files regularly
Nine Critical Steps in Securing SOHO Computers and Networks
Use a firewallHost based or dedicated firewall
Regularly backup your data Use an operating system with strong authentication
and passwords Use file access controls and data encryption Make a boot disk to recover the system
Use a Firewall
Firewalls are used to filter network trafficAllow or block traffic based on criteria
selectedWell known ports
Port 80 for HTTPPort 443 for HTTPSPorts 20/21 for FTPPort 25 for Mail
Use a Firewall
Firewalls can be implemented at the host network interface or on an intermediary system such as a router
Firewalls implemented at the host are software based
Firewalls implemented at a router are hardware basedYou can use either or both
Use a Firewall
Firewalls can be implemented at the host network interface or on an intermediary system such as a router
SOHO router products from Linksys, D-Link and others
All allow for configuring to meet your needs
Nine Critical Steps in Securing SOHO Computers and Networks
Use a firewall Host based or dedicated firewall
Regularly backup your data Use an operating system with strong authentication
and passwords Use file access controls and data encryption Make a boot disk to recover the system
Regularly Backup Your Data
Back up your files regularlyBacking up means to copy data files
from a local hard drive to another deviceTape, external hard drive, CD/DVD, ZIP
driveApplication software can be restored
from the original media
Regularly Backup Your Data
Most operating systems include a backup and restore utility
Numerous third party products availableVeritas, Computer Associates
Hard drives have a finite life span and will eventually fail
Regularly Backup Your Data
If your system is compromised by malicious acts or physical failure data backup is your only solution
Multiple copies of the backup media stored on-site and off-site
Multiple media sets
Regularly Backup Your Data
Restoring or recovering the data is equally importantPractice data restores
These don’t have to be full-blown system restores but restoring sample data files
Nine Critical Steps in Securing SOHO Computers and Networks
Use a firewall Host based or dedicated firewall
Regularly backup your data
Use an operating system with strong authentication and passwords
Use file access controls and data encryption Make a boot disk to recover the system
Use an operating system with strong user authentication and passwords
Choose operating systems such as
Win XP, Win2000 Pro or LinuxRename the administrator or root
accountRequire long and strong passwordsChange passwords over time
Use an operating system with strong user authentication and passwords
Manage passwords by policyLocal security policy or Group PolicySome tools
Password cracking toolsMicrosoft Baseline Security Analysis tool
http://www.microsoft.com/downloads/details.aspx?FamilyID=9a88e63b-92e3-4f97-80e7-8bc9ff836742&DisplayLang=en
Nine Critical Steps in Securing SOHO Computers and Networks
Use a firewall Host based or dedicated firewall
Regularly backup your data Use an operating system with strong authentication
and passwords
Use file access controls and data encryption
Make a boot disk to recover the system
Use File Access Controls, Data Encryption
Set permissions on data files of importance
Permissions define “who” can do “what” with a folder or file
Permissions are also called Access Control Lists (ACLs)
Use File Access Controls, Data Encryption
You can also encrypt files for an additional layer of file access protectionEncryption is built-in to the NTFS file
system Found only with NT, W2K and XP Can use third party tools
Nine Critical Steps in Securing SOHO Computers and Networks
Use a firewall Host based or dedicated firewall
Regularly backup your data Use an operating system with strong authentication
and passwords Use file access controls and data encryption
Make a boot disk to recover the system
Make a Boot Disk to Recover the System
Create a system boot diskHow to create one depends on the
Operating SystemUseful in resolving start up problems
due to corrupt or missing filesUpdate the boot disk regularly
Summary
Install, use and update antivirus programs
Treat email attachments with cautionKeep current with operating system
patchesUse host based intrusion detection
systemsUse a host based or dedicated firewall
Summary
Regularly backup your data Use an operating system with strong
user authentication and passwordsUse file access controls and data
encryptionMake a boot disk for system recovery
References
The CERT® Coordination Center (CERT/CC) is a center of Internet security expertise at the Software Engineering Institute, a federally funded center operated by Carnegie Mellon University
www.cert.org
Conclusion
Thanks for your attendanceCommit yourself and your
organization to secure your networks and computers
Expect more from Sinclair Community College on these topics in the months to come