UNITS Quarterly Meeting April 29, 2004
description
Transcript of UNITS Quarterly Meeting April 29, 2004
Northwestern University Information Technology
UNITS Quarterly MeetingApril 29, 2004
Network Security
Roger Safian
Northwestern University Information Technology
Agenda• Statistics
• Why these incidents occur– What can be done to prevent them
• Questions
Northwestern University Information Technology
Statistics
• FY 2002/2003– Virus = 1166
– Compromised = 727
– Total incidents = 3042
• 9/1/02 – 8/31/03
• FY 2003/2004– Virus = 1436
– Compromised = 261
– Total incidents = 2220
• 9/1/01 – 2/29/04
Northwestern University Information Technology
Statistics – Take 2Removing August (Blaster/Welchia)
• FY 2002/2003– Virus = 336
– Compromised = 646
– Total incidents = 2037
• 9/1/02 – 7/31/03
• FY 2003/2004– Virus = 1436
– Compromised = 261
– Total incidents = 2220
• 9/1/01 – 2/29/04
Northwestern University Information Technology
Statistics – Take 3Same time frames
• FY 2002/2003– Virus = 142
– Compromised = 342
– Total incidents = 1102
• 9/1/02 – 2/28/03
• FY 2003/2004– Virus = 1436
– Compromised = 261
– Total incidents = 2220
• 9/1/01 – 2/29/04
Northwestern University Information Technology
Why these incidents occur?
• Weak Passwords– All machines and accounts need passwords– Use rules similar to the NetID rules
• Opening viral attachments– Don’t open unexpected attachments– Only open specific types of extensions– Make sure to look at the LAST extension
Northwestern University Information Technology
Why these incidents occur? (2)
• Updates not applied– Ensure Windows update runs automatically– Don’t forget about layered products
• Network use– P2P– Be careful when clicking on links
Northwestern University Information Technology
Why these incidents occur? (3)
• Out of date anti-viral software– Ensure you install the NU supplied software– Set to update automatically EVERY day
• Blended Threats– Multiple attack vectors directed at hosts
• Home Networks– Frequently attacked with little monitoring
Northwestern University Information Technology
ISS Scans
• Internet Security Systems– Network scanner
• Produces HTML reports– Organized by severity
• Currently checks for ~1300 vulnerabilities
Northwestern University Information Technology
ISS Scans (2)
• Caveats– Not 100% accurate
• A pretty decent indicator though
– Doesn’t see through your firewall– Machine must be online– Only looks for vulnerabilities it knows about
Northwestern University Information Technology
ISS Scans (3)
• Recommend getting report once per quarter– Or any time you are suspicious
• Or have significant changes
• Request from [email protected]– Send IP addresses you wish scanned
• Can specify a range or subnet
Northwestern University Information Technology
Questions?
• Contact Information– 1-847-491-4058– 1-847-467-2222 (NOC 24x7)– [email protected]– [email protected]