the new riskmetrics group brand - university of...
TRANSCRIPT
Risk Management
Workstation Security
As Implemented for the Risk Management Business Unit
3/28/13
PresenterSam Cook, Danny Fielder, Zach Grimmett
www.riskmetrics.com 2Risk Management
Welcome to RiskMetrics
You have been chosen to join the RiskMetrics Group family.
You have been given an extraordinary opportunity to
change the world and better mankind.
But before you get to work, some things you should know...
www.riskmetrics.com 3Risk Management
Us vs. World
The world is cruelWe are under constant attack
www.riskmetrics.com 4Risk Management
The Threats
Enemy elements target our information
They will employ spies...
and hackers...
with all kinds of tools.
www.riskmetrics.com 5Risk Management
Your Role
You are inexperienced in information warfare...
but by the end of your training, you will be our first line of defense.
www.riskmetrics.com 6Risk Management
The Workstation
A workstation is any device that allows a user (you) to interact with data
Obvious ones likeYour computer or laptop
Your smartphone
Less obviousPrinterCopier
Fax Machine
www.riskmetrics.com 7Risk Management
Securing the Workstation
Check your workstation surroundingsMake sure your cables are in safe places, don't trip over them
Plug all devices into a surge protector... to protect them from power surges
Surge protector - good
Cable spaghetti - bad
Don't put your computer on top of, or under, a heating vent
Ensure that your computer has adequate space for ventilationFire is bad
www.riskmetrics.com 8Risk Management
Some Statistics
According to the 2011 Verizon Breach Report98% of recorded data breaches were caused by an external agent
81% used some form of hacking
69% used some form of malware
10% of breaches were physical attacks
7% of breaches utilized social engineering
97% of all breaches could have been prevented by simple measures
www.riskmetrics.com 9Risk Management
Physical Security
Physical attacks make up 10% of breaches
A few simple guidelines can reduce that risk substantiallyMake sure your monitor isn't easily visible from the door
Anyone who walks past can easily see anything you're working on
This is important not only to help prevent physical attacks, but also to be compliant with Federal security guidelines
Use strong passwords8 characters minimum 1234 – bad... bad bad bad
At least one number character abcdefgh - badMix upper and lower case abcdefg1 – bad
At least one special character Abcdefg1 - badNo dictionary words or proper nouns Dog?123 - bad
No personally identifiable information Wife6/3/98 - badNo common patterns zH#7&Jn9 - good
No repeat passwords
www.riskmetrics.com 10Risk Management
Physical Security (cont)
Printers, faxes, copiers, and trash cans are rich sources of information
If you print something, go get it immediatelydo not leave a document unattended, it can easily be taken
Do not leave documents in the copier
Retrieve your faxes immediately
Lock your computer when you leave
Shred any documents you no longer need
These simple steps can eliminate most physical attacks
www.riskmetrics.com 11Risk Management
Malware
Malware is the most common attack vector (69%)
There are many forms of malware, but the most common are: Viruses
Worms Trojans
Malicious Mobile Code
www.riskmetrics.com 12Risk Management
Virus
A computer virus is similar to a biological virus
A virus self replicates by inserting copies of itself into host files
Viruses are often triggered by opening infected host files
SubcategoriesCompiled Virus: works in the system OS to infect programs or boot sectors
Interpreted Virus: works in applications to infect files or scripts used by the OS
www.riskmetrics.com 13Risk Management
Worms
A worm is similar to a virus
Both are self replicating
Worms are self contained, they do not need host files
SubcategoriesNetwork Worms: uses a network vulnerability to infect all connected systems
Mailing Worm: travels via e-mail, infects any computer that downloads it
www.riskmetrics.com 14Risk Management
Trojans
Trojans are self contained non-replicating programs
Trojans often mimic other harmless programs
Trojans contain a covert malicious payload
Trojans can create a new program or replace an existing program
Trojans are often used to deliver several attacker tools to a system
www.riskmetrics.com 15Risk Management
Malicious Mobile Code
MMC is malicious software that is transmitted from a remote host and
executed without the users permission.
Java is a popular language for MMC, but there are othersJava advertises, “Over 3 billion devices run Java.”
MMC can exist in advertisements on websites
MMC is a delivery vector for other attacker tools
www.riskmetrics.com 16Risk Management
Delivery Vectors
Malware is usually an attack of opportunity
The most common delivery methods are
Untrusted websitesMay contain MMC
Untrusted e-mailMay contain viruses or worms
Untrusted downloadsMay contain viruses, worms, or be a trojan
www.riskmetrics.com 17Risk Management
Malware Prevention
Understanding malware is key to preventing malware infection
You may have noticed a common theme in the last slideUntrusted sources may contain malware
To combat this, here are some simple guidelinesIf something feels suspicious, trust that feeling and leave it alone
That random e-mail from somebody you've never heard ofIf it wasn't expected and isn't work related, delete it
If it is work related or you just can't resist, open it in a safe environment
That website with some new hot song free to downloadThis is a trap. Do. Not. Go. There.
This e-mail from a friend with the zip file full of cute cuddly kittens!Call your friend, did they send this intentionally?Open it in a safe environment, just to be sure.
www.riskmetrics.com 18Risk Management
Anti-virus is Your Friend
Anti-virus software scans every file, e-mail, and website you use
It checks those against a list of known malicious code segments
If it finds a match, it will tell you
All work computers and laptops must have up-to-date anti-virusDo not ignore that flashing icon in the corner, update often
The anti-virus must be runningDo not turn it off, no matter how annoying it gets
Listen to the anti-virusWhen it says an e-mail or website is infected, do not open them
The anti-virus is trying to protect you, and the company, from malware
www.riskmetrics.com 19Risk Management
Anti-virus Limitations
Anti-virus software does not prevent virusesOpening a file against the anti-virus warning may give you malware
Anti-virus software does not remove malwareIf you do become infected, the anti-virus cannot fix it
Anti-virus is only a warning system, malware prevention relies on you
www.riskmetrics.com 20Risk Management
Virtualization: a Safe Environment
Virtualization is a wonderful tool for security
A section of memory can be partitioned off from the rest
A virtual copy of the OS can be created in this partitionMalware infection within this virtual OS can be easily purged
Malware on the partition cannot access any external data
www.riskmetrics.com 21Risk Management
Virtualization as Workspace
Virtualization can be used to run multiple OS on a single computer
A company can keep a master OS on a secure serverEmployees can work in a virtual clone of this master OS
www.riskmetrics.com 22Risk Management
Storage Encryption
No system is ever 100% secure
Encryption ensures the security of data even if it is stolenEncryption is a methodical way to scramble information
Scrambled information is unreadable and useless
Certain encryption methods are virtually impossible to break
www.riskmetrics.com 23Risk Management
Encryption (cont)
Encryption can be performed on any size volume: 1 file – entire disk
Encryption can be unlocked with a password, make it strong
Any time a system is shared or data is transferred, encryption is goodEven if all precautions are taken, breaches still occur
Encryption is your safety net, the last line of defense if all else fails
www.riskmetrics.com 24Risk Management
BIOS
The BIOS is the first piece of operational software when a system boots
It sets up everything that is to follow
Don't change the BIOS
If the BIOS is compromised, the entire system is compromised
Physical attackers can replace an existing BIOS with a malicious BIOSThe physical security guidelines outlined before will help prevent this
Some malware targets the BIOSThe malware security guidelines outlined before will help prevent this
www.riskmetrics.com 25Risk Management
Summary
Make sure your workstation is physically secure
Use strong passwords but don't repeat them
Be alert for malware and use the anti-virus
Use virtualization and encryption for added security
Protect your BIOS
A strong defense is our only weapon against attackers
www.riskmetrics.com 26Risk Management