New ITSS InductionTony Brett, 14 September 2000 IT Security Tony Brett IT Systems Manager Corpus...

New ITSS Induction Tony Brett, 14 September 2000

IT SecurityTony Brett

IT Systems ManagerCorpus Christi College

[email protected]


Overview• Excuses• Policy• E-mail• Machine Security

– Physical Security– File Security

• Viruses (inc. E-mail+Hoax)• Public machines

– OS Security

• Network Security– Student connections– Excuses– Sniffing– Firewalls - University

• OxCERT– Who

– What

– What it does

– What it doesn’t do

• What to take away• Resources• Questions?


Excuses – FAQs

• Users– “Why would anybody be interested

in my account - I only use it for email”

– “Security is the admins problem not mine”

– “I let my friend in Spain use my account because they have been having problems with their network”

– “Why has my account been disabled on sable”


Policy

• Enforce good passwords• DON’T store password in E-mail clients etc.• Disable dormant accounts• Age passwords• Have a policy on the use of accounts – encourage

deletion unused accounts. Tell OUCS User Reg!• Have a policy on Virus Hoaxes• Make sure everyone knows about it• Enforce it


E-Mail

• E-mail is NOT SECURE!

• Faking E-mail is very easy

• PGP is your friend– Use for digital signatures

– Use for encrypting E-mail

• http://www.oucs.ox.ac.uk/email/pgp.html

• E-mail virus hoaxes – policy.

• E-mail viruses – ILOVEYOU, Melissa


Securing Computers

• Physical Security

• File Security

• “Use” Security


Physical SecurityPhysical Security of

machine is the limiting factor in security– Where are machines located?

– Who has keys or can get keys?– How is access to rooms controlled

and monitored?– Are machines in cages or wired?– Are building exits monitored?– Keyboard sniffers


Securing Computers


• File Security

• “Use” Security Password protect

Encrypt

Viruses


Viruses & Trojans

– Destructive Power - BIOS Erase

– Types of Virus• Boot Sector

• Executable infectors, Trojans

• Macro or “Document”

• E-mail worms – Outlook!, ILOVEYOU, MELISSA etc.

– Anti-Virus Products• F-Prot

• Sophos - http://www.uk.sophos.com

• Dr. Solomon’s

• Norton -LiveUpdate

– Lynne Munro at OUCS


Public Machines

• Libraries• Machines need to run Win95/98 to run

OxLIP properly• Inherent security risk with so many

different applications• OWL - http://web.lib.ox.ac.uk/software

– Password from [email protected]

• Disk imaging software e.g. Ghost


Securing Computers


• File Security

• “Use” Security

Password protect accounts

Restrict access

Physical “locks”


Securing your OS

• Ensure sufficient logging

• Examine logs

• Take note of and understand error messages

• Keep up-to-date with patches

• Don’t run unnecessary network services

• Web servers are notorious, especially Microsoft IIS


Securing UNIX• Linux a good, free OS but is the most often

compromised– Dynamic OS. Fixes released regularly

• Solaris, SunOS, HP-UX, Digital, SGI (IRIX).• New compromises almost daily – Bugtraq.• Beware of Students running any UNIX. Encourage

students to be aware. Sniffers!• Only Run services that are needed. Turn off

everything else. Telnetd, IMAPd, POPd, NFSd etc. • Use SSH, SCP etc. Putty on Windows


Securing Macintoshes

• Mac OS Not designed for security• Appletalk over Ethernet

– OUCS routing between departments

• Appleshare– Guest account– Owner sees whole Hard Disk

• TCP/IP– DoS Attacks


PCs - DOS, Win16, Win32

• “Standard” operating systems– DOS, Win95, WinNT (workstation)

• None designed to be servers– Some security holes - DoS vulnerabilities

Default shares on 95 and NT boxesC$, D$, etc.

• Password caching(.pwl files)


NT Server, Netware Server• Network O/S - running on PCs

– NT can run on other platforms– File/Print services– TCP/IP services (FTP, Web etc).

• Network packet signing• Physical access to server• Password regimes• Backup & disaster plan essential!

– Use OUCS HFS for backup

• Keep service packs up-to-date• Compromises are rare• See http://www.securityfocus.com/frames/?content=/vdb/stats.html


Network Security

– 10BaseT vs. 10Base2 (coax)– Manageable Hubs– Physical access to hubs– MAC address restriction– Hub management passwords– DHCP - dynamic vs. static, logs– Switches vs. repeaters– Sniffers– Operating system policy – running services.


Student Connections

• Connection Policy is essential• Students must sign agreement• Log DHCP assignments so abuses can be traced• Get student to assign College the right to examine

their machine• Control use of server-type OS.


Securing the Network

• Outsiders looking in

• Insiders looking about

• Insiders looking out

• Access through valid means

• Misuse of “features”– inadvertent doors

• Insecurity by design


Common Excuses

• “I was just looking”• “It wasn’t secured so I thought it was OK”• “I accidentally downloaded it and just

thought I would see what happens when I ran it”

• “Hey man, the internet is an anarchy, I can do what I want”

• “Oh yeah, what are you going to do about it”


Network Sniffing

• Almost impossible to detect• Impact depends on topology of network• Switching reduces possibilities


Network Sniffing - What is it?

• Much network traffic in clear text

• Passwords and Usernames

• Compromised machines running sniffers

A

B

Q

Host Q listenswithout A & B knowing


Network Topolgy

SWITCH

HUBHUB

UniversityBackbone


How to reduce the risk

• Encryption– SSH, Disposable passwords, SCP

• Switch sensitive parts of network

• Use port scrambling on hubs

• Keep student and staff segments on separate switched ports


Firewall

Firewalls• Isolate the network• Bandwidth bottleneck• Rule based access

– IP addresses, blocks, or ports

• Extensive logging• False sense of security• OUCS

– Started fully open – ports or addresses closed as vulnerabilites are identified

– Balance between security and utility

Badlands

Happyville


Who/What is OxCERT

• University IT Security Team• [email protected] • (2)82222• Member of FIRST• 9am-5pm, and best-attempt cover

outside this• [email protected]


Who/What is OxCERT

• C. 10 Committee, termly meeting.• 4 front-line

– Pete Biggs, Physical & Theoretical Chemistry– Patrick Green, OUCS– Neil Clifford, Astrophysics– Neil Long, OUCS

• Emergency Repsonse service, not a free machine set-up service

• http://info.ox.ac.uk/compsecurity/oxcert/


What OxCERT can do

– Advise IT staff and individuals on matters of IT security

– Advise on methods of improving security– Liason with other CERTs– Checking security of machines within

Oxford University– Assistance in disaster recovery– Assistance in planning new networks and/or

machines


What OxCERT can do

– Direct contact with all parts of OUCS

– Intervention when machines are found to be compromised

– Disable IP addresses or networks (both within and without Oxford) if security is being compromised

– Investigation of DoS (Denial of Service) type attacks

– What it can! Only 1.5 posts is funded by the University, others are volunteers.


What OxCERT can’t do– Get involved with policy decisions that don’t

affect security– Deal with SPAM or abusive E-mail

([email protected])– Deal with non-security computing issues

(electronic harrassment etc.)– Act as a substitute for OUCS advisory– Miracles! Security is YOUR responsibility,

OxCERT can only advise


What to take away

• Be aware of security

• Make users aware of the need for security

• Have, and enforce an IT Security Policy

• Maintain OS security

• Know what services you are providing and only provide those you know about


Resources• This presentation:

– http://users.ox.ac.uk/~aesb/itsec.ppt

• OxCERT– http://www.ox.ac.uk/it/compsecurity/oxcert/

• Secure E-mail – http://www.oucs.ox.ac.uk/email/secure.html

• Public Machines: – http://users.ox.ac.uk/~aesb/itsec.ppt

• Virus Hoaxes:– http://www.uk.sophos.com/virusinfo/scares/

• University and other IT rules– http://www.ox.ac.uk/it/rules/

• The OUCS Hierarchical File Server– http://hfs.ox.ac.uk/local/


Fin

• Questions?

New ITSS InductionTony Brett, 14 September 2000 IT Security Tony Brett IT Systems Manager Corpus...

Documents

Transcript of New ITSS InductionTony Brett, 14 September 2000 IT Security Tony Brett IT Systems Manager Corpus...