SLAC COMPUTER SECURITY AntiVirus Process Marilyn Cariola Heather Larrieu (audio) Chris Mayfield...
-
Upload
aubrie-mellon -
Category
Documents
-
view
213 -
download
0
Transcript of SLAC COMPUTER SECURITY AntiVirus Process Marilyn Cariola Heather Larrieu (audio) Chris Mayfield...
SLAC COMPUTER SECURITY
AntiVirus Process
Marilyn Cariola
Heather Larrieu (audio)
Chris Mayfield
October 14, 2008
1
SLAC COMPUTER SECURITY
Computer Security AntiVirus
Source: Quarterly Report PandaLabs – July-Sept 08
SLAC COMPUTER SECURITY
Malicious Software• More trojan attacks• Coming via web browsing• Using SQL injections techniques• Battery of exploit attempts
– 3rd party applications– OS vulnerabilities
• Goal is Silent Infection– Trojan.ZLOB– Trojan.PANDEX– Trojan.ASPROX
3
SLAC COMPUTER SECURITY
What you see
4
SLAC COMPUTER SECURITY
Virus Alert Alert: Virus FoundComputer: XXXXXXXXXXXXXVirus: Trojan HorsePath: C:\WINDOWS\Temp\VBR49FD.exeDate: 9/29/2008Time: 9:54:46 AMSeverity: CriticalRequested Action: CleanAction Taken: Leave AloneUser: XXXXXXXXXXXXXSource: Symantec AntiVirus Corporate Edition
5
SLAC COMPUTER SECURITY
AV Process & ActionsType(1)
Actions
AV Cyber Admin User
Trojan horse, Spyware Leave alone, access denied, undefined Isolate/ Email
Scan(2) format and rebuild(3)
Change password
Adware Leave alone, access denied, undefined Email Scan(2) Chg pwd
Worm Leave alone, access denied, undefined Email Scan(2) Chg pwd
Virus Leave alone, access denied, undefined Email Scan(2) Chg pwd
Trojan horse, Spyware Clean, quarantine, delete Email Scan(2) Chg pwd
Adware Clean, quarantine, delete None None None
Worm Clean, quarantine, delete None None None
Virus Clean, quarantine, delete None None None
Notes: 1.The results of malware research could change the actions to be taken2.All scans must be full AV scans in safe mode with system restore turned off.
a) Results need to be shared with Cyber, screen captures or exported files.b) Depending on the results of the scan, further actions could include format and rebuild or Cyber taking the computer
or hard drive for further investigation.3.Computer security may not request a rebuild if the virus is found in cache.4.Computers used to access personally identifiable information (PII) will receive more scrutiny when they generate virus alerts..
6
SLAC COMPUTER SECURITY
Other Actions• Additional viruses or issues
– Isolate / scan / rebuild
• Several (3 or more) alerts on same computer / same day– Isolate / scan / rebuild
• Unauthorized / prohibited software– Must be removed– Some cases sent to HR
7
SLAC COMPUTER SECURITY
Further ReviewAffirmative duty to report abuse of SLAC resources•Device taken, including USB devices
– Illegally licensed software– Hacker tools
• Key generators, password sniffing, vulnerability assessment
– Illicit material • Pornography, gambling, evidence of running a
personal business
•Reported to HR
8
SLAC COMPUTER SECURITY 9
SLAC COMPUTER SECURITY
References
10
• Computer Security website– Restricted/Prohibited software
• Policies– Limited Personal Use of Government Offic
e Equipment including Information Technology
– Use of SLAC Information Resources
SLAC COMPUTER SECURITY
Questions / answers / discussion
11
• What would happen if we didn’t do this?– A computer gets compromised
• Becomes a bot for additional attacks• Information is lost
– During a Site Assessment• Non-job related data is found
– Unlicensed / illegal software– Pornography
• SLAC fined, lose contract?