UNITS Quarterly Meeting April 29, 2004
12
Northwestern University Information Technology UNITS Quarterly Meeting April 29, 2004 Network Security Roger Safian [email protected]
description
UNITS Quarterly Meeting April 29, 2004. Network Security Roger Safian [email protected]. Statistics Why these incidents occur What can be done to prevent them Questions. Agenda. FY 2002/2003 Virus = 1166 Compromised = 727 Total incidents = 3042 9/1/02 – 8/31/03. FY 2003/2004 - PowerPoint PPT Presentation
Transcript of UNITS Quarterly Meeting April 29, 2004
Northwestern University Information Technology
UNITS Quarterly MeetingApril 29, 2004
Network Security
Roger Safian
Northwestern University Information Technology
Agenda• Statistics
• Why these incidents occur– What can be done to prevent them
• Questions
Northwestern University Information Technology
Statistics
• FY 2002/2003– Virus = 1166
– Compromised = 727
– Total incidents = 3042
• 9/1/02 – 8/31/03
• FY 2003/2004– Virus = 1436
– Compromised = 261
– Total incidents = 2220
• 9/1/01 – 2/29/04
Northwestern University Information Technology
Statistics – Take 2Removing August (Blaster/Welchia)
• FY 2002/2003– Virus = 336
– Compromised = 646
– Total incidents = 2037
• 9/1/02 – 7/31/03
• FY 2003/2004– Virus = 1436
– Compromised = 261
– Total incidents = 2220
• 9/1/01 – 2/29/04
Northwestern University Information Technology
Statistics – Take 3Same time frames
• FY 2002/2003– Virus = 142
– Compromised = 342
– Total incidents = 1102
• 9/1/02 – 2/28/03
• FY 2003/2004– Virus = 1436
– Compromised = 261
– Total incidents = 2220
• 9/1/01 – 2/29/04
Northwestern University Information Technology
Why these incidents occur?
• Weak Passwords– All machines and accounts need passwords– Use rules similar to the NetID rules
• Opening viral attachments– Don’t open unexpected attachments– Only open specific types of extensions– Make sure to look at the LAST extension
Northwestern University Information Technology
Why these incidents occur? (2)
• Updates not applied– Ensure Windows update runs automatically– Don’t forget about layered products
• Network use– P2P– Be careful when clicking on links
Northwestern University Information Technology
Why these incidents occur? (3)
• Out of date anti-viral software– Ensure you install the NU supplied software– Set to update automatically EVERY day
• Blended Threats– Multiple attack vectors directed at hosts
• Home Networks– Frequently attacked with little monitoring
Northwestern University Information Technology
ISS Scans
• Internet Security Systems– Network scanner
• Produces HTML reports– Organized by severity
• Currently checks for ~1300 vulnerabilities
Northwestern University Information Technology
ISS Scans (2)
• Caveats– Not 100% accurate
• A pretty decent indicator though
– Doesn’t see through your firewall– Machine must be online– Only looks for vulnerabilities it knows about
Northwestern University Information Technology
ISS Scans (3)
• Recommend getting report once per quarter– Or any time you are suspicious
• Or have significant changes
• Request from [email protected]– Send IP addresses you wish scanned
• Can specify a range or subnet
Northwestern University Information Technology
Questions?
• Contact Information– 1-847-491-4058– 1-847-467-2222 (NOC 24x7)– [email protected]– [email protected]
