1 © 2006 cisco systems, inc. all rights reserved. catherine b. nelson foothill-de anza college...
TRANSCRIPT
1© 2006 Cisco Systems, Inc. All rights reserved.Catherine B. Nelson
Foothill-De Anza College Security Awareness
Catherine Blackadar Nelson
Security AdvisorCisco Systems, Inc.
222© 2006 Cisco Systems, Inc. All rights reserved.Catherine B. Nelson
Agenda
• Introduction• Security In 2005• Vulnerabilities and Exploits• Social Engineering and Identity Theft• Physical Security• Desktop/Laptop Security• Data Classification and Protection• File System Security• Account and Password Security• Protecting Your Network• Wireless• Best Practices• FHDA Policy• Contacting ETS• Appendices
• Introduction• Security In 2005• Vulnerabilities and Exploits• Social Engineering and Identity Theft• Physical Security• Desktop/Laptop Security• Data Classification and Protection• File System Security• Account and Password Security• Protecting Your Network• Wireless• Best Practices• FHDA Policy• Contacting ETS• Appendices
333© 2006 Cisco Systems, Inc. All rights reserved.Catherine B. Nelson
IntroductionIntroduction
444© 2006 Cisco Systems, Inc. All rights reserved.Catherine B. Nelson
How Secure is Secure enough?How Secure is Secure enough?
“The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards.”
Gene Spafford
555© 2006 Cisco Systems, Inc. All rights reserved.Catherine B. Nelson
Security in 2005Security in 2005
666© 2006 Cisco Systems, Inc. All rights reserved.Catherine B. Nelson
Global Internet Usage
• What dot-com bust? Internet growth is still phenomenal!• What dot-com bust? Internet growth is still phenomenal!
World Regions
Population Population % of world
Internet Usage
Internet population penetration
Usage % of world
Usage Growth 2000-2005
Africa 896,721,874 14.0 % 23,917,500 2.7 % 2.5 % 429.8 %
Asia 3,622,994,130 56.4 % 332,590,713 9.2 % 34.2 % 191.0 %
Europe 804,574,696 12.5 % 285,408,118 35.5 % 29.3 % 171.6 %
Middle East 187,258,006 2.9 % 16,163,500 8.6 % 1.7 % 392.1 %
North America
328,387,059 5.1 % 224,103,811 68.2 % 23.0 % 107.3 %
Latin America
546,723,509 8.5 % 72,953,597 13.3 % 7.5 % 303.8 %
Oceania/ Australia
33,443,448 0.5 % 17,690,762 52.9 % 1.8 % 132.2 %
Totals 6,420,102,722 100.0 % 972,828,001 15.2 % 100.0 % 169.5 %
777© 2006 Cisco Systems, Inc. All rights reserved.Catherine B. Nelson
The Macroscopic BGP Autonomous System
888© 2006 Cisco Systems, Inc. All rights reserved.Catherine B. Nelson
New People, New Systems = New Targets
• 2004: 817 Million online
• 2005: 972 Million online
• 155 Million new people online
• 155 Million new targets
• 155 Million people who need to know about phishing, spyware, viruses, and patching
999© 2006 Cisco Systems, Inc. All rights reserved.Catherine B. Nelson
Online Crime and Costs
• According to the FBI, Online crime in the US alone caused $67.2bn in damages last year
• Cyber crime is more profitable than drug sales, $105 Billion – US Treasury Dept. December 29, 2005
• Of 2,066 polled organizations, nearly 90 per cent experienced a computer security incident over the past 12 months
• Over 64 per cent of the respondents incurred a financial loss as a result of the incident, at an average $24,000 per case
• Viruses (83.7 per cent) and spyware (79.5 per cent) posed the most common problems. Other incidents included port scans and data sabotage
• Companies and individuals spent $18 billion on computer-security hardware and software in 2005, up 19.2% from 2004
• According to the FBI, Online crime in the US alone caused $67.2bn in damages last year
• Cyber crime is more profitable than drug sales, $105 Billion – US Treasury Dept. December 29, 2005
• Of 2,066 polled organizations, nearly 90 per cent experienced a computer security incident over the past 12 months
• Over 64 per cent of the respondents incurred a financial loss as a result of the incident, at an average $24,000 per case
• Viruses (83.7 per cent) and spyware (79.5 per cent) posed the most common problems. Other incidents included port scans and data sabotage
• Companies and individuals spent $18 billion on computer-security hardware and software in 2005, up 19.2% from 2004
101010© 2006 Cisco Systems, Inc. All rights reserved.Catherine B. Nelson
Vulnerabilities and ExploitsVulnerabilities and Exploits
111111© 2006 Cisco Systems, Inc. All rights reserved.Catherine B. Nelson
The Vulnerability Flood Continues
• CERT/CC: 3,780 vulnerabilities in 2004 http://www.cert.org/stats/cert_stats.html
• 5,990 vulnerabilities in 2005, a 12% increase
• The National Vulnerability Database (CVE) published avg 20 vulnerabilities per day
• SANS Top 20 now includes network devices, Macintosh, Mozilla, application-level, security software and other non-Windows, non-UNIX issues http://www.sans.org/top20/
121212© 2006 Cisco Systems, Inc. All rights reserved.Catherine B. Nelson
Vulnerabilities are being exploited faster
Nimda
Patch: MS00-078Oct.17, 2000 Sept. 18, 2001
336 Days
MSBlaster.A
Aug. 11, 2003Patch: MS03-026
Jul. 16, 2003
26 Days
Sasser.A
Apr. 30, 2004Patch: MS04-011Apr. 13th, 2004
17 Days
Oct 11, 2005Patch: MS05-051
Oct 11, 2005
0 DaysMSTDC/COM+
131313© 2006 Cisco Systems, Inc. All rights reserved.Catherine B. Nelson
2005 in Viruses and Malware
• Virus infections down 50%, even though number of viruses grew 40%. Anti-virus efforts seem to be working
• There were only six major outbreaks in 2005, vs 33 in 2004
• But the threat is becoming more aggressive, 97% of the hosts got infected with slammer the first 15 minutes
• But is “The death of the global computer virus” good news?
• Motivations of virus writers have changed. “Noisy” viruses and worms do not create useful botnets or spam relays
141414© 2006 Cisco Systems, Inc. All rights reserved.Catherine B. Nelson
There are New Targets and Attackers
• Viruses now in the wild formobile phones
• Some are past the ‘proof-ofconcept’ stage
• Cabir was found on mobilephones in 23 countries,tens of thousands infected
• Trojans have been found for the Nintendo DSand the PSP
• Sony compromised machines on ~568,200 networks
Skulls.l, a Symbian phone virus
151515© 2006 Cisco Systems, Inc. All rights reserved.Catherine B. Nelson
Viruses, Worms, Trojans, Bots & Spyware
What is the difference and how do they work?
• Virus – executable bad code, that needs you to do some action to activate and propagate it
• Worm – can activate and propagate by itself• Trojan – backdoor program installed on the system• Bot – automated program, often dormant, installed on
system to be activated at a later time action• Spyware – sends info back to mothership about you
and your uses
What type of damage can they cause? • Loss of data, stolen passwords & personal info• Damage to the system• Installation of programs for nefarious purposes• Use of system for CPU power and propagation
161616© 2006 Cisco Systems, Inc. All rights reserved.Catherine B. Nelson
Viruses, Worms, Trojans, Bots & Spyware cont.
How do they get on my computer?
• Downloading from the internet• Visiting bad Websites• Opening Email attachments• Using Filesharing programs• Through software and OS vulnerabilities
How do I stop them?
• Stay on top of system updates/patches• Stay on top of virus updates• Cleaning programs (Ad aware, Spybot)
171717© 2006 Cisco Systems, Inc. All rights reserved.Catherine B. Nelson
Virus Specific snap shots Mac/Windows
Norton Updater
See Appendices A&B for Virus update
details
181818© 2006 Cisco Systems, Inc. All rights reserved.Catherine B. Nelson
Social Engineering & Identity TheftSocial Engineering & Identity Theft
191919© 2006 Cisco Systems, Inc. All rights reserved.Catherine B. Nelson
Beware the Social Engineer!
• Social engineering is still the #1 way to bypass security
• Be suspicious if anybody asks you for:Your passwordCredit card numbersYour co-workers names/extensionsYour salaryInformation about your projects
• Be suspicious if anybody callsclaiming to represent management or to know a colleague
202020© 2006 Cisco Systems, Inc. All rights reserved.Catherine B. Nelson
Privacy Takes Center Stage
• Privacy and identity theft is a hot issue
• 130 major breaches exposed the information for 55 million people
• Disclosure laws having an effect and becoming more prominent
• Phishing and pharming attacksgrew, and have started to targetnon-US, non-English speakers
• Education and vigilance are stillthe best ways to maintain privacy
AFP published this untouched photograph of a Hurricane Katrina evacuee and her debit card. What
happened next was no surprise
212121© 2006 Cisco Systems, Inc. All rights reserved.Catherine B. Nelson
Identity Theft
• What is Identity Theft, Phishing, Pharming?
• What makes a site secure?– Data transmission
– Data Storage
• How do I protect myself and my confidential data while using the Internet?
– Entering credit cards and personal data
– Protect confidential email’s with encryption
– Protect personal databases with encryption
• Keep secure personal practices off the Internet (mailboxes, document disposal, providing information over phone, paper etc)
222222© 2006 Cisco Systems, Inc. All rights reserved.Catherine B. Nelson
Your Role In Security…Your Role In Security…
232323© 2006 Cisco Systems, Inc. All rights reserved.Catherine B. Nelson
Physical SecurityPhysical Security
Physical access to equipment means “game over”
• The main computer center, and other secured areas, Admissions and Records, information systems, any secure voice data closet, need a card/key
• If someone needs access like a vendor, call ETS for access.
• Don’t prop open doors or let people in behind you
• Challenge strangers - if you are uncomfortable with this, call campus police FH x7313, DA x5555
• Escort all visitors all the time
242424© 2006 Cisco Systems, Inc. All rights reserved.Catherine B. Nelson
Desktop/Laptop Security
Protecting data on your systems is as important as physical protection
To minimize risk to your data:
• Maintain your system properly
1. Run a standardized operating system image on your computer
2. Use provided security tools for additional protection
3. Make sure your system stays updated with current patches
4. Never turn off virus checking and keep it updated
252525© 2006 Cisco Systems, Inc. All rights reserved.Catherine B. Nelson
Desktop/Laptop Security cont.
• Screen Lock your system when you walk away from your desk
• Physically lock all computers (including laptops) to your desk with a lock cable. ETS will help with this
• Shut down your computer when you leave
• If you use sleep mode – make sure you use a password
• Keep track of portable devices such as PDAs and smart phones, MP3 players, PSPs, USB Keys
• Be very careful with systems used both at home and work
• Control the media you back up to. ETS is looking at a centralized way to do this for future
262626© 2006 Cisco Systems, Inc. All rights reserved.Catherine B. Nelson
Data Classification and Protection
• Public: Open to the public• Confidential: Information that is okay for FHDA staff
and general college. This might be college processes, policy etc.
• Private: Information limited to a need to know only basis - student grades/records, performance reviews, any personnel information
• What happens if the data becomes lost or stolen
• What happens if the data becomes unavailable
• What happens if the data becomes modified
• Contact the call center to help protect any private data
272727© 2006 Cisco Systems, Inc. All rights reserved.Catherine B. Nelson
File Security
• File sharing is dangerous
• Do not leave open file shares on your computer
• If you must share a file only do it when needed, then turn it off
• Don’t use file-sharing tools (Morpheus, Kazaa, Limewire etc.) on the network
• Do not down load music and movies or have file sharing servers
282828© 2006 Cisco Systems, Inc. All rights reserved.Catherine B. Nelson
Account and Password Security
• Why is protecting your account and password so important?
• How can a weak or missing password be exploited?
• Everyone has their own account – it’s your personal identity – don’t share it!
• Nobody is allowed to know your password except you
292929© 2006 Cisco Systems, Inc. All rights reserved.Catherine B. Nelson
Good Password Practices
• Password cracker can do 65,000 words per second
• 25% of the passwords are “crackable” – don’t be one of them
• Choose good passwords
• Change them often
• Keep them a secret! - Don’t write them down
• Use different passwords for work and home
• Put a good password on all Guest and Admin accounts
303030© 2006 Cisco Systems, Inc. All rights reserved.Catherine B. Nelson
Choosing Good Passwords
• Don’t have a password that contains a word that might be found in any dictionary (any language) or personal information
• Minimum of eight characters, uses letters (both cases), numbers, punctuation, and isn’t a recognizable pattern.
• Use a song lyric or phrase as a mnemonic to remember…
• Use number/character substitution for. (“5” for “s”, “@” for “a”, “7” for “t” etc.)
• “Just Sit Right Back And You’ll Hear a Tale” becomes “J5>b&Yh@7” – and you can’t forget this so long as you remember the Gilligan’s Island theme.
313131© 2006 Cisco Systems, Inc. All rights reserved.Catherine B. Nelson
Protecting Your Network
• You are allowed unlimited access to the Internet - be responsible!
• Do not put the college at risk by bad behavior on the Internet
• Do not post information that may be confidential, illegal, or violate privacy laws
• Do not download software that is dangerous, or violates copyright laws
• Do not unplug lab machines and connect personal machines. Report it if you see it to ETS or police
• Don’t bring in hubs for extra ports – this can bring down networks, and be hard to track down
• Do not use the system for large uploads or downloads
• Don’t use it for personal or any type of business
• You are allowed unlimited access to the Internet - be responsible!
• Do not put the college at risk by bad behavior on the Internet
• Do not post information that may be confidential, illegal, or violate privacy laws
• Do not download software that is dangerous, or violates copyright laws
• Do not unplug lab machines and connect personal machines. Report it if you see it to ETS or police
• Don’t bring in hubs for extra ports – this can bring down networks, and be hard to track down
• Do not use the system for large uploads or downloads
• Don’t use it for personal or any type of business
323232© 2006 Cisco Systems, Inc. All rights reserved.Catherine B. Nelson
Wireless
• Access point vs. wireless on your laptop
• There are a small number of hotspots for specific classrooms on both campuses and also some guest access at the KCI at Foothill
• It is important not to hook up rogue wireless devices
• Be aware of wireless at home. Make sure it is properly secured
• Cities, airports, hotels and internet café’s are actively installing hotspots and these can be dangerous
• Access point vs. wireless on your laptop
• There are a small number of hotspots for specific classrooms on both campuses and also some guest access at the KCI at Foothill
• It is important not to hook up rogue wireless devices
• Be aware of wireless at home. Make sure it is properly secured
• Cities, airports, hotels and internet café’s are actively installing hotspots and these can be dangerous
333333© 2006 Cisco Systems, Inc. All rights reserved.Catherine B. Nelson
Best Practices
• Patch your systems
• Use antivirus software
• Use a firewall at home, ETS manages firewalls for FHDA
• Use good passwords and change often
• Beware the social engineer, via email, snailmail, your PSP/phone or a party
• Shred your documents
• Protect your wireless
• Be careful traveling
• … And don’t panic
343434© 2006 Cisco Systems, Inc. All rights reserved.Catherine B. Nelson
Good Internet Practices
• Internet Cafés, airports, public terminals, public WiFi networks, Internet telephony can be dangerous
• Be wary of any service that provides something automatically to your computer
– data storage backups
– auto updating services
• Search engines, like Google, Yahoo, store everything, and once posted on the net, can find anything
• Think before you click!
– E-mail attachments can contain viruses
– Think before you visit any site or download any software
– Make sure it’s what you think it is and from a trusted source
353535© 2006 Cisco Systems, Inc. All rights reserved.Catherine B. Nelson
Learning About FHDA Policy
It’s your responsibility to become familiar with the FHDA Network and Computer Use policy
http://ets.fhda.edu/etac/stories/storyReader$151
The policy covers proper use of :
• Proper network and Internet use
• Computer and communication systems usage
• Voicemail, email and telephones usage
• Harassment
• Commercial use
363636© 2006 Cisco Systems, Inc. All rights reserved.Catherine B. Nelson
Contact ETS when
ETS contact info: [email protected], x8324(tech), ETS.FHDA.EDU
…you suspect FHDA confidential information has been compromised
…you suspect that your computer or network has been hacked (or is being attacked!)
…you are adding a new machines, labs, or networking equipment
…you need help updating your operating system
…you need help with getting patches, updates
…making sure your virus checker is up to date
…you want to clean off spyware
373737© 2006 Cisco Systems, Inc. All rights reserved.Catherine B. Nelson
Questions…
383838© 2006 Cisco Systems, Inc. All rights reserved.Catherine B. Nelson
Appendix A:Mac Virus Checker DetailsAppendix A:Mac Virus Checker Details
393939© 2006 Cisco Systems, Inc. All rights reserved.Catherine B. Nelson
404040© 2006 Cisco Systems, Inc. All rights reserved.Catherine B. Nelson
414141© 2006 Cisco Systems, Inc. All rights reserved.Catherine B. Nelson
424242© 2006 Cisco Systems, Inc. All rights reserved.Catherine B. Nelson
434343© 2006 Cisco Systems, Inc. All rights reserved.Catherine B. Nelson
444444© 2006 Cisco Systems, Inc. All rights reserved.Catherine B. Nelson
454545© 2006 Cisco Systems, Inc. All rights reserved.Catherine B. Nelson
Appendix B:Windows Virus Checker DetailsAppendix B:Windows Virus Checker Details
464646© 2006 Cisco Systems, Inc. All rights reserved.Catherine B. Nelson
Bottom Bar - Norton Icon
Norton Icon(double click to open updater)
474747© 2006 Cisco Systems, Inc. All rights reserved.Catherine B. Nelson
Live Update Pg 1
Check date
484848© 2006 Cisco Systems, Inc. All rights reserved.Catherine B. Nelson
Live Update Pg 2
Select next
494949© 2006 Cisco Systems, Inc. All rights reserved.Catherine B. Nelson
Live Update Pg 3
Select finish
505050© 2006 Cisco Systems, Inc. All rights reserved.Catherine B. Nelson
Live Update Pg 4
Select exit (you are done)
515151© 2006 Cisco Systems, Inc. All rights reserved.Catherine B. Nelson
Schedule Updates Pg 1
525252© 2006 Cisco Systems, Inc. All rights reserved.Catherine B. Nelson
Schedule Updates Pg 2
535353© 2006 Cisco Systems, Inc. All rights reserved.Catherine B. Nelson
Schedule Updates Pg 3
545454© 2006 Cisco Systems, Inc. All rights reserved.Catherine B. Nelson
Microsoft Updates Pg 1
Machine needs Microsoft updates
555555© 2006 Cisco Systems, Inc. All rights reserved.Catherine B. Nelson
Microsoft Updates Pg 2
565656© 2006 Cisco Systems, Inc. All rights reserved.Catherine B. Nelson