Protect Your ComputerProtect Your Work

Computing & Communications

We Are All Networked Now!

We connect to networks to do our work. Read email Use administrative applications Browse Web sites

Standalone (not networked) computers are rare.

Networked Computers are Vulnerable

Physical locks and a password-protected screensaver are not enough.

Attacks happen through the network: Through operating system weaknesses In email attachments Through shares and peer-to-peer programs

Attacked If You Do…

Open an unknown email attachment Believe everything your read, such as messages that

promise wealth if you open an attachment Believe that your bank account was compromised

because an email “from your bank” said so Download an unknown program from the Web (such

as a free screensaver) Trade lots of unknown files, such as with peer-to-peer

programs like Kazaa Share your password with others

Attacked If You Don’t…

Run an anti-virus program Keep up with anti-virus data updates Keep up with operating system updates (patches) Change default passwords (such as password for the

administrator account) Run a firewall either on your computer or on your

network

Once Infected, Your Computer is Dangerous

Your computer... Could be used to attack and infect other computers Could be used to send out thousands of spam email

messages in your name Could burden or disrupt campus networks with high

volumes of messages Could cause all of the University’s email to be

blocked by major service providers (AOL, Yahoo, Hotmail etc.)

Infected Computers May Be Blocked

C&C watches UW networks for infected computers If infected computers are not cleaned up promptly,

their network access may be blocked to protect other UW computers

When the computer is cleaned up, you can request that your network access be unblocked

What C&C Is Doing

Scanning UW email for viruses Removes around 1.6 million viruses a month from

UW email But not all email goes through C&C central

systems Limiting network access or disabling the network wall

ports of infected computers Working with support staff to respond to attacks

A Well Managed Computer IsA Secure Computer

Who Manages Your Computer?

Generally, people are in one of three situations: Network-managed workstations Supported workstations Do-it-yourself

What you do depends on which situation you are in.

Network-Managed Workstations

Software is installed and operating system updates are done through the network.

Example: Nebula (http://www.washington.edu/nebula/) Your role

Do not install or change anything without explicit permission. Do not change computer settings, such as turning the

firewall on or off. Do not shut down the computer. Log out instead so that

updates can be done while you are gone.

Supported Workstations

A specific person comes and does software installs and OS updates

Your role Discuss with your support person what you should

do and what you should not do. Should you run a firewall? When are operating system and anti-virus data

updated and how are the updates initiated (automatic, manual, etc.)?

Do-It-Yourself

You have no assigned support person. You and your friends must do it on your own.

In case of Windows XP, Service Pack 2 (SP2) is your friend. Use the new “Security Center”

Security management is your responsibility Operating system updates Software updates Anti-virus program (get it from the UWICK) Firewall Anti-spyware program

Which Situation Are You In?

Your situation Your Role

Network-Managed Workstations

Do not change anything without explicit permission

Supported Workstations Talk to your support person about what your role is

Do-it-Yourself Get patches from OS Vendor

Managing a Computer

Every computer needs management! BEFORE YOU CONNECT – Things to do before you

connect a new or rebuilt computer to UW Networks HAVE PROTECTION – Establish a security routine BE PREPARED – Be prepared for possible trouble BE SKEPTICAL – Don’t be fooled into helping

attackers

BEFORE YOU CONNECT

BEFORE connecting to any network, take the following steps:

Apply operating system updates Install anti-virus program Reset default passwords Turn off file sharing Turn on a firewall

The UWICK the anti-virus program.

HAVE PROTECTION

Establish a security routine. Automate your operating system updates Automate your anti-virus updates Use the XP SP2 Security Center to manage your

security settings Regularly do software updates Regularly run an anti-spyware program Run a firewall Do not use accounts with administrator rights to do

your daily work

BE PREPARED

Be ready for failures and infections. Backup your files regularly Be prepared to rebuild

Have installation CDs and software Have a plan for getting OS updates

In case of infection Obtain the most recent anti-virus updates Run scan/reboot/scan/reboot… until fixed You may have to rebuild your system

Plan for upgrading Support is fading for Win98 and MacOS8, Win2K or XP

without any service packs

BE SKEPTICAL

Do not open unexpected attachments Do not download unknown programs from the Web

(such as free screensavers) Do not trade lots of unknown files, such as with peer-

to-peer programs like Kazaa Do not share your password with anyone Do not “shoot the cockroach to get a free iPod” – do

not click on pop-up “free offers” Do not believe in amazing offers and unlikely stories

Which Situation Are You In?

Your situation Your Role

Network-Managed Workstations

Do not change anything without explicit permission

Supported Workstations Talk to your support person about what your role is

Do-it-Yourself Get patches from OS Vendor

Again...

Our Greatest Vulnerabilities

Unmanaged computers Spyware, “Spam-Bots” and Viruses Social Engineering Visitors Computers Donated, unsupported software

Unmanaged Computers

Computers that are not receiving regular, systematic care

Personal computers Home computers Older computers kept around “for whoever needs

them” The UWICK has anti-virus software

Spyware, “Spam-Bots” and Viruses

Spyware can disclose personal information such as passwords, credit card numbers, SSN, or PHI to third parties

“Spam-Bots” infect computers and relay thousands of spam emails through them, causing all of UW to become “blacklisted” by other email providers

Viruses can destroy data, open computers to outside control and cause network outages

Social Engineering

Attackers try to tempt or fool users into running malicious programs on their computer

Opening an infected attachment will run the file it contains Do not download and install unknown software

Cute screensavers can bring along nasty viruses and spyware

Looking authentic is not the same as being authentic Microsoft never sends out fixes by email Banks never send out email asking you to verify your

account data online Be suspicious of anyone who asks for your credit card

number, Social Security number, or PIN number C&C consultants never ask for your password

Visitors’ Computers

Visitors’ infected computers will try to attack other computers once they connect to our networks

Salesmen Visiting professors or speakers Visitors often not aware of security issues You are responsible if you help them connect

Is their operating system up-to-date? Are they running anti-virus software? Is their computer behaving oddly

Donated and Unsupported Software

Distributing software without good information on how to properly manage it is dangerous

If you provide software for students or staff, you are responsible for security issues May require updates after installation to be secure Example: SQL Server 2000 is susceptible to the Slammer

worm unless it is updated (patched) Do not recommend software you have not carefully evaluated

Much shareware comes with hidden spyware or viruses

Summary

Every computer connecting to UW networks should be managed

Be cautious Be suspicious Work together

A Well Managed ComputerIs a Secure Computer

C&C Security Team

http://www.washington.edu/computing/security

security@cac.washington.edu