NUIT Tech Talk: Cybersecurity

October 27, 2006

Information and Systems Security/Compliance

Dave Kovarik, Director

2

Topics:• October: Cybersecurity Awareness Month • Statistics• Incidents• Changes• Security Tips

Information and Systems Security/Compliance

3

October - Cybersecurity Awareness Month

4

http://www.it.northwestern.edu/security/tip-of-the-month/

October - Cybersecurity Awareness Month

• Stay virus free…

• Sweep for spyware…

• Stop adware…

• Activate your firewall…

• More…

5

http://www.staysafeonline.org/

Ongoing…

• Protect your personal data

• Know who you’re dealing with online

• Use anti-virus, firewall & anti-spyware

• Set your OS and browser to operate securely

• Use strong passphrases & authentication

• Backup regularly

• Learn what to do if things go wrong

• Protect our kids online

6

483

220 212275

146

214

105141

81 58 76 82

050

100150200250300350400450500

2005 - 2006Oct Nov Dec Jan Feb Mar Apr May Jun Jul Aug Sep

Total Incidents by Month

Incidents - By Month

7

Incidents - Annual

1815

3523

10145

5655

1178

0

2000

4000

6000

8000

10000

12000

Incidents: Comparison by Year

2002 2003 2004 2005 2006

8

Security Incidents

Severity One

• Sept 27 – We’re notified of a compromise of a mail server at a school, serving 488 users. NetIDs/passwords are exposed.

• Apparent cause was exploit of a weak password on a local account.

• E-mail notification is sent to the users indicating a change of passwords is required. NetIDs are set to expire within 7 days to ensure the change occurs or becomes disabled.

9

Security Incidents

Severity One

• July 6th – We raise a Severity 2 incident (May 24th ) to Severity 1 as a department discovers PII on 9 compromised workstations.

• Apparent cause was exploit of RealVNC software used for remote access and management.

• Written notification was provided to 17,000, and a news release posted to the University’s webpage and issued to state-wide media in compliance with Illinois regulation and University’s Incident Response Protocol.

10

Security Incidents

Severity One

• July 6th - Notified by a school that a spreadsheet containing the names and social security numbers of 32 individuals was available to the public on a web server.

• The sensitive data was removed from the server. Analysis of available logs proved inconclusive.

• Written notification is provided to the 32 individuals per the University’s Incident Response Protocol.

11

Security Incidents

Severity Two

• Aug 14 - Notified by a department of a breach where user had enabled the remote desktop feature on workstation and had not properly protected the connection. The workstation held PII of 7,000 individuals.

• Investigation of logs shows a compromise for less than 30 minutes, with almost no data transfer; we conclude PII was not discovered nor disclosed.

• A collective opinion was provided to Office of General and they agree notification is not required.

12

Changes

• Policy, Standards & Requirements

– Secure Handling of SSNs - June 30

– Firewall Policy (Draft) - July 17

– Recommendations for Identification and

protection of PII - Aug 18

– Server Security Requirements - Sept 01

13

Security Tips…

Online purchases

1. Links within E-mail

– Don’t trust the link

– Key the address

2. Credit card & online purchases

– Single credit (not “debit”) card

– Lower limit

14

Security Sites…

Search Utilities

http://www.it.northwestern.edu/policies/procedures/datasearch.html

Network extensions

http://www.it.northwestern.edu/policies/network/extensions.html

Illegal downloads

http://www.it.northwestern.edu/security/illegaldownloading/index.html

15

You’re the Key

You’re the Key…

• Information Security

• DR / BCP

• Compliance

16

Thank You…

• For your continued support…

• For your diligence…

• Questions, comments?

Dave Kovarik: (847) 467-5930

david-kovarik@northwestern.edu

17

Next up…

John WeflerDistributed Support SpecialistDistributed Support ServicesNorthwestern University Information Technology

Get Control: Five Steps

Step One: Start NowStep Two: Secure PasswordsStep Three: Protective ProgramsStep Four: Secure SettingsStep Five: Good Habits

Step One: Start Now

“What are the threats?”

HackersData Miners

Identity ThievesOnline Predators

Key LoggersPhishingSpywareVirusesOthers?

21

Phishing Example

For more information, visit: www.it.northwestern.edu/getcontrol/startnow.html

Step Two: Secure Passwords/Passphrases

“What’s in a p@$$w0Rd?”

Password/Passphrase Rules:

Never give your passphrase to anyoneNever E-mail a passphraseMake your passphrase hard to hackDon’t leave your passphrase on a

yellow post-it on your computer monitor

NU Password RulesYour password must:

be 6-8 characters in length. contain a non-alphabetical character such as

1 2 3 ! $ & * , ? + = contain one or more non-alphabetical

characters between alphabetical characters (example: "A3b", "j3;M").

Passphrase ExamplesHard to Hack ~ Easy to Remember

red.dogpick%ley4zzooY3l1owrb34tlEsliK3c4keOa0pit$b

Passphrase Don’ts• DON'T use information that can be obtained about you, such as a license plate or phone number, or the names of children or pets. • DON'T use words found in the dictionary or two words separated by punctuation. • DON'T use passphrases/passwords with fewer than eight (8) characters. • DON'T use features that offer to 'remember your password'. • DON'T keep a 'default' password. Make your own!

Passphrases: Final Thoughts

Change your passwords/passphrases often

For more information, visit: www.it.northwestern.edu/getcontrol/securepasswords.htm

Step Three: Protective Programs

Anti-Virus Scanner

Spyware Protection

Software Firewall

Symantec Anti-Virus

• Install on any machine that does NU business • Update virus definitions daily• Run regular scans of your entire system

Anti-Virus Programs

Why should you NOT run multiple Anti-Virus

programs simultaneously?

Prevent and Treat SpywareWhat is Spyware?

• Spyware is a program or service that runs behind your back, without your knowledge and permission.

• Spyware can lead to machine slowdowns, pop-ups, and identity theft.

Prevent and Treat SpywareUse SpyBot Search & Destroy

• Includes a web site restrictor via the “immunize” feature

• Has an updateable Spyware signature scanner and remover

Software Firewalls

Enable native or third-party firewalls

NUIT Protection

Additional “Behind-the-Scenes” Protection:Outgoing Port Scans

Hardware Firewall OptionsE-mail Defense System

35

E-mail Defense System

• Quarantines 2 million messages per week• Quarantined mail held for 7 days• All e-mail with an EDS junk probability rating

greater than “99” is deleted before reaching the servers

www.it.northwestern.edu/security/eds

For more information, visit: www.it.northwestern.edu/getcontrol/protectiveprograms.htm

Step 4: Secure Settings

Hackers Constantly Searching for Security Holes in Software and

Hardware Platformsvs.

Vendors Constantly Patching Security Holes in Software and Hardware

Platforms

Updates and PatchesEnsure that:

Operating System has the necessary updates.

Software programs have the necessary updates.

Automated vendor system -or-homepage

For more information, visit: www.it.northwestern.edu/getcontrol/securesettings.html

Step Five: Smart Habits

Communications

Sender -> Media -> Receiver

Smart Habits

If you are the “receiver” of a request for personal information:

your password, social security number, account number, etc.

BE SUSPECT!

Red Flags

PhishingSpoofing

Phone CallsPostal Mail

41

“What do I do if….?”

• Think before you click (or after)• Call your bank• Change your password immediately• Check your credit report regularly• Remember: Northwestern will never

ask you for personal information

Smart Habits• Get a “garbage collector” e-mail accountthrough a free service provider:

–Use this account to register for subscription services on the Web.–Will help reduce junk e-mail on your campus account.

For more information, visit: www.it.northwestern.edu/getcontrol/smarthabits.html

Questions?

44

Upcoming Tech Talks• November 1: Vista OS

-Microsoft representative visits Evanston campus to discuss Microsoft’s newest operating system

• November 15: Meeting Maker-Are you getting the most out of your Meeting Maker?

45

Visit the NUIT Web site

www.it.northwestern.edu

Call the NUIT Support Center at 847-491-HELP