New ITSS InductionTony Brett, 14 September 2000 IT Security Tony Brett IT Systems Manager Corpus...
-
date post
19-Dec-2015 -
Category
Documents
-
view
215 -
download
0
Transcript of New ITSS InductionTony Brett, 14 September 2000 IT Security Tony Brett IT Systems Manager Corpus...
New ITSS Induction Tony Brett, 14 September 2000
IT SecurityTony Brett
IT Systems ManagerCorpus Christi College
New ITSS Induction Tony Brett, 14 September 2000
Overview• Excuses• Policy• E-mail• Machine Security
– Physical Security– File Security
• Viruses (inc. E-mail+Hoax)• Public machines
– OS Security
• Network Security– Student connections– Excuses– Sniffing– Firewalls - University
• OxCERT– Who
– What
– What it does
– What it doesn’t do
• What to take away• Resources• Questions?
New ITSS Induction Tony Brett, 14 September 2000
Excuses – FAQs
• Users– “Why would anybody be interested
in my account - I only use it for email”
– “Security is the admins problem not mine”
– “I let my friend in Spain use my account because they have been having problems with their network”
– “Why has my account been disabled on sable”
New ITSS Induction Tony Brett, 14 September 2000
Policy
• Enforce good passwords• DON’T store password in E-mail clients etc.• Disable dormant accounts• Age passwords• Have a policy on the use of accounts – encourage
deletion unused accounts. Tell OUCS User Reg!• Have a policy on Virus Hoaxes• Make sure everyone knows about it• Enforce it
New ITSS Induction Tony Brett, 14 September 2000
• E-mail is NOT SECURE!
• Faking E-mail is very easy
• PGP is your friend– Use for digital signatures
– Use for encrypting E-mail
• http://www.oucs.ox.ac.uk/email/pgp.html
• E-mail virus hoaxes – policy.
• E-mail viruses – ILOVEYOU, Melissa
New ITSS Induction Tony Brett, 14 September 2000
Securing Computers
• Physical Security
• File Security
• “Use” Security
New ITSS Induction Tony Brett, 14 September 2000
Securing Computers
• Physical Security
• File Security
• “Use” Security
New ITSS Induction Tony Brett, 14 September 2000
Physical SecurityPhysical Security of
machine is the limiting factor in security– Where are machines located?
– Who has keys or can get keys?– How is access to rooms controlled
and monitored?– Are machines in cages or wired?– Are building exits monitored?– Keyboard sniffers
New ITSS Induction Tony Brett, 14 September 2000
Securing Computers
• Physical Security
• File Security
• “Use” Security Password protect
Encrypt
Viruses
New ITSS Induction Tony Brett, 14 September 2000
Viruses & Trojans
– Destructive Power - BIOS Erase
– Types of Virus• Boot Sector
• Executable infectors, Trojans
• Macro or “Document”
• E-mail worms – Outlook!, ILOVEYOU, MELISSA etc.
– Anti-Virus Products• F-Prot
• Sophos - http://www.uk.sophos.com
• Dr. Solomon’s
• Norton -LiveUpdate
– Lynne Munro at OUCS
New ITSS Induction Tony Brett, 14 September 2000
Public Machines
• Libraries• Machines need to run Win95/98 to run
OxLIP properly• Inherent security risk with so many
different applications• OWL - http://web.lib.ox.ac.uk/software
– Password from [email protected]
• Disk imaging software e.g. Ghost
New ITSS Induction Tony Brett, 14 September 2000
Securing Computers
• Physical Security
• File Security
• “Use” Security
Password protect accounts
Restrict access
Physical “locks”
New ITSS Induction Tony Brett, 14 September 2000
Securing your OS
• Ensure sufficient logging
• Examine logs
• Take note of and understand error messages
• Keep up-to-date with patches
• Don’t run unnecessary network services
• Web servers are notorious, especially Microsoft IIS
New ITSS Induction Tony Brett, 14 September 2000
Securing UNIX• Linux a good, free OS but is the most often
compromised– Dynamic OS. Fixes released regularly
• Solaris, SunOS, HP-UX, Digital, SGI (IRIX).• New compromises almost daily – Bugtraq.• Beware of Students running any UNIX. Encourage
students to be aware. Sniffers!• Only Run services that are needed. Turn off
everything else. Telnetd, IMAPd, POPd, NFSd etc. • Use SSH, SCP etc. Putty on Windows
New ITSS Induction Tony Brett, 14 September 2000
Securing Macintoshes
• Mac OS Not designed for security• Appletalk over Ethernet
– OUCS routing between departments
• Appleshare– Guest account– Owner sees whole Hard Disk
• TCP/IP– DoS Attacks
New ITSS Induction Tony Brett, 14 September 2000
PCs - DOS, Win16, Win32
• “Standard” operating systems– DOS, Win95, WinNT (workstation)
• None designed to be servers– Some security holes - DoS vulnerabilities
Default shares on 95 and NT boxesC$, D$, etc.
• Password caching(.pwl files)
New ITSS Induction Tony Brett, 14 September 2000
NT Server, Netware Server• Network O/S - running on PCs
– NT can run on other platforms– File/Print services– TCP/IP services (FTP, Web etc).
• Network packet signing• Physical access to server• Password regimes• Backup & disaster plan essential!
– Use OUCS HFS for backup
• Keep service packs up-to-date• Compromises are rare• See http://www.securityfocus.com/frames/?content=/vdb/stats.html
New ITSS Induction Tony Brett, 14 September 2000
Network Security
– 10BaseT vs. 10Base2 (coax)– Manageable Hubs– Physical access to hubs– MAC address restriction– Hub management passwords– DHCP - dynamic vs. static, logs– Switches vs. repeaters– Sniffers– Operating system policy – running services.
New ITSS Induction Tony Brett, 14 September 2000
Student Connections
• Connection Policy is essential• Students must sign agreement• Log DHCP assignments so abuses can be traced• Get student to assign College the right to examine
their machine• Control use of server-type OS.
New ITSS Induction Tony Brett, 14 September 2000
Securing the Network
• Outsiders looking in
• Insiders looking about
• Insiders looking out
• Access through valid means
• Misuse of “features”– inadvertent doors
• Insecurity by design
New ITSS Induction Tony Brett, 14 September 2000
Common Excuses
• “I was just looking”• “It wasn’t secured so I thought it was OK”• “I accidentally downloaded it and just
thought I would see what happens when I ran it”
• “Hey man, the internet is an anarchy, I can do what I want”
• “Oh yeah, what are you going to do about it”
New ITSS Induction Tony Brett, 14 September 2000
Network Sniffing
• Almost impossible to detect• Impact depends on topology of network• Switching reduces possibilities
New ITSS Induction Tony Brett, 14 September 2000
Network Sniffing - What is it?
• Much network traffic in clear text
• Passwords and Usernames
• Compromised machines running sniffers
A
B
Q
Host Q listenswithout A & B knowing
New ITSS Induction Tony Brett, 14 September 2000
How to reduce the risk
• Encryption– SSH, Disposable passwords, SCP
• Switch sensitive parts of network
• Use port scrambling on hubs
• Keep student and staff segments on separate switched ports
New ITSS Induction Tony Brett, 14 September 2000
Firewall
Firewalls• Isolate the network• Bandwidth bottleneck• Rule based access
– IP addresses, blocks, or ports
• Extensive logging• False sense of security• OUCS
– Started fully open – ports or addresses closed as vulnerabilites are identified
– Balance between security and utility
Badlands
Happyville
New ITSS Induction Tony Brett, 14 September 2000
Who/What is OxCERT
• University IT Security Team• [email protected] • (2)82222• Member of FIRST• 9am-5pm, and best-attempt cover
outside this• [email protected]
New ITSS Induction Tony Brett, 14 September 2000
Who/What is OxCERT
• C. 10 Committee, termly meeting.• 4 front-line
– Pete Biggs, Physical & Theoretical Chemistry– Patrick Green, OUCS– Neil Clifford, Astrophysics– Neil Long, OUCS
• Emergency Repsonse service, not a free machine set-up service
• http://info.ox.ac.uk/compsecurity/oxcert/
New ITSS Induction Tony Brett, 14 September 2000
What OxCERT can do
– Advise IT staff and individuals on matters of IT security
– Advise on methods of improving security– Liason with other CERTs– Checking security of machines within
Oxford University– Assistance in disaster recovery– Assistance in planning new networks and/or
machines
New ITSS Induction Tony Brett, 14 September 2000
What OxCERT can do
– Direct contact with all parts of OUCS
– Intervention when machines are found to be compromised
– Disable IP addresses or networks (both within and without Oxford) if security is being compromised
– Investigation of DoS (Denial of Service) type attacks
– What it can! Only 1.5 posts is funded by the University, others are volunteers.
New ITSS Induction Tony Brett, 14 September 2000
What OxCERT can’t do– Get involved with policy decisions that don’t
affect security– Deal with SPAM or abusive E-mail
([email protected])– Deal with non-security computing issues
(electronic harrassment etc.)– Act as a substitute for OUCS advisory– Miracles! Security is YOUR responsibility,
OxCERT can only advise
New ITSS Induction Tony Brett, 14 September 2000
What to take away
• Be aware of security
• Make users aware of the need for security
• Have, and enforce an IT Security Policy
• Maintain OS security
• Know what services you are providing and only provide those you know about
New ITSS Induction Tony Brett, 14 September 2000
Resources• This presentation:
– http://users.ox.ac.uk/~aesb/itsec.ppt
• OxCERT– http://www.ox.ac.uk/it/compsecurity/oxcert/
• Secure E-mail – http://www.oucs.ox.ac.uk/email/secure.html
• Public Machines: – http://users.ox.ac.uk/~aesb/itsec.ppt
• Virus Hoaxes:– http://www.uk.sophos.com/virusinfo/scares/
• University and other IT rules– http://www.ox.ac.uk/it/rules/
• The OUCS Hierarchical File Server– http://hfs.ox.ac.uk/local/