Small Office/Home Office (SOHO) Computer and Network Security Sinclair Community College CIS...

Small Office/Home Office (SOHO)Computer and Network Security

Sinclair Community College

CIS Department

Small Office/Home Office (SOHO)Computer and Network Security

Bob ShermanPatty GillilanAssociate Professors, CIS DepartmentMultiple Microsoft and Cisco

certifications

Why SOHO Computer and Networking Security is Important

Personal informationPrivate filesFinancial informationHaving your systems “high jacked” Invasion of privacy, e.g., Spyware Identity theft


Identity theft is a very large and growing concern

Gartner Research Group estimates seven million victims of ID theft in the US in the past twelve months

http://www.consumer.gov/idtheft/ http://www.usdoj.gov/criminal/fraud/idtheft.

html http://www.idtheftcenter.org/index.shtml


Spyware: a new and growing threatSpyware can…

Manipulate your systemRecord your habitsFacilitate theft of your passwords, credit

card info and identity Adware, key loggers and Trojan

horses


Signs of spyware on your PCHome page changesNew favorites appearSystem is noticeably slowerNew toolbars appear in IE


SpywareFile sharing services, e.g., Kazaa or

GroksterClicking on pop-up adsOpening infected emails

Spy Sweeperhttp://www.webroot.com

Objectives

Familiarize the computer users with the following: What it means to be “online”

The door to the Internet swings both ways

What are common risks and vulnerabilities? How to protect against threats Maintaining vigilance by staying current

Nine Critical Steps in Securing SOHO Computers and Networks

Install, use and update anti-virus programs

Treat all email attachments with cautionKeep current with operating system

updatesUse host based Intrusion Detection

Systems


Use a firewallHost based or dedicated firewall

Regularly backup your data Use an operating system with strong

authentication and passwordsUse file access controls and data

encryptionMake a recovery/boot disk



Treat all email attachments with caution Keep current with operating system updates Use host based Intrusion Detection Systems


The single most important thing you can do to protect your systemMost common exposure

Email attachments Connections to web servers

Make sure the program you select also protects against Worms and Trojans


Some popular antivirus productsSymantecMcAfeeComputer Associates

http://www.symantec.com/sabu/nis/nis_pe/ http://us.mcafee.com/default.asp http://www.my-etrust.com


Norton antivirus output and optionsSystem statusReportsScheduled system scan



Treat all email attachments with caution

Keep current with operating system updates Use host based Intrusion Detection Systems

Treat All Email Attachments with Caution

Email Viruses are becoming more prevalent all of the time

If you haven't gotten an email virus, chances are you will, if you don’t take the appropriate steps

Preventing email viruses begins with common sense and ends with a virus detection program


The Common sense approach:Make sure you are familiar with the

sender of the emailNote the names of the file attachments

Do they make sense to you? Some names are designed to entice you to

open the attachment– AnnaKournikova.jpg.vbs (Worm)


The common sense approach: If the attachment has one of the following

file extensions, be very suspect .scr, .pif, .vb, .vbe, .vbs, exe

Delete suspect attachments immediately and empty the “Recycle Bin”


Install, use and update anti-virus programs Treat all email attachments with caution

Keep current with operating system updates

Use host based Intrusion Detection Systems

Keep current with operating system patches

“A fix or modification to a program bug in the Operating System. A patch is an actual piece of object code that is inserted into (patched into) an executable program.” -- webopedia.com

Many operating system patches are related to system security.

Staying current can be automated on recent versions of Windows


Windows operating systems are frequently “patched or updated”Windows Update

Service Packs (SPs) are a collection of patches and updates


Before updating a system make sure of the followingThe update is required for your systemThe update won’t harm your system or any

applications running on itYou can uninstall the update

Get used to performing these updatesMany security compromises are a result of

unpatched systems


Using the Windows Update featureClick the Start menu

Then choose Windows Updatehttp://v4.windowsupdate.microsoft.co

m/en/default.asp

Windows Update options in Windows 2000 Pro:


First click Scan for Updates Then click Review and Install UpdatesThree categories of updates

Critical updates and service packsUpdates for your version of WindowsDriver updates


Click on Critical Updates and Service Packs

Remove those updates not applicable to your system

Click Install NowSome updates will require restarting

your computer


Configuring Automatic UpdatesControl Panel or System PropertiesUpdate options

Only notify of updates Download and notify of updates Download and install on a specified schedule


Software Update ServiceAvailable on more recent versions of

WindowsCreates a single point internally as the

source of updatesConserves bandwidth


Microsoft Technet ServiceSource for a variety of security and

related detailshttp://www.microsoft.com/technet/def

ault.aspKnowledge Base articles


Blaster WormKnowledge Base article #823980Exploits a buffer overflow flaw in

WindowsPatch released by Microsoft on July

16, 2003Updated August 25, 2003


State of Maryland BMV shut down on August 13, 2003

Many other large networks affectedhttp://www.microsoft.com/technet/tree

view/?url=/technet/security/bulletin/MS03-026.asp


Sasser Worm and multiple variations over several weeks in April 2004

Knowledge Base articles# 835732 to prevent future infections# 841720 to clean infected systems

Windows 2000 and Windows XP only


Test patches first, then installRemoving patches and operating

system updatesControl PanelAdd/Remove ProgramsApplications and patches all listed hereSelect the desired item, click Remove

Nine Critical Steps in Securing the Home Network

Install, use and update anti-virus programs Treat all email attachments with caution Keep current with operating system updates

Use host based Intrusion Detection Systems

Use Host Based Intrusion Detection Systems

Most intrusion detection systems (IDS) take either a network or a host-based approach

IDS looks for attack signatures, i.e., specific network traffic patterns that may indicate an attack

Host based is appropriate for SOHO environments


Host based intrusion detection analyzes all incoming and outgoing network information for data patterns typical of an attack

Host based intrusion detection uses the writing to log files or audit files

Logs changes made to the system


The information the IDS collects is based on the monitoring of operating system, application software and security events.

Built-in capabilitiesEvent Viewer in Windows

Must review log files regularly


Use a firewallHost based or dedicated firewall

Regularly backup your data Use an operating system with strong authentication

and passwords Use file access controls and data encryption Make a boot disk to recover the system

Use a Firewall

Firewalls are used to filter network trafficAllow or block traffic based on criteria

selectedWell known ports

Port 80 for HTTPPort 443 for HTTPSPorts 20/21 for FTPPort 25 for Mail

Use a Firewall

Firewalls can be implemented at the host network interface or on an intermediary system such as a router

Firewalls implemented at the host are software based

Firewalls implemented at a router are hardware basedYou can use either or both

Use a Firewall

Firewalls can be implemented at the host network interface or on an intermediary system such as a router

SOHO router products from Linksys, D-Link and others

All allow for configuring to meet your needs


Use a firewall Host based or dedicated firewall


and passwords Use file access controls and data encryption Make a boot disk to recover the system

Regularly Backup Your Data

Back up your files regularlyBacking up means to copy data files

from a local hard drive to another deviceTape, external hard drive, CD/DVD, ZIP

driveApplication software can be restored

from the original media


Most operating systems include a backup and restore utility

Numerous third party products availableVeritas, Computer Associates

Hard drives have a finite life span and will eventually fail


If your system is compromised by malicious acts or physical failure data backup is your only solution

Multiple copies of the backup media stored on-site and off-site

Multiple media sets


Restoring or recovering the data is equally importantPractice data restores

These don’t have to be full-blown system restores but restoring sample data files



Regularly backup your data

Use an operating system with strong authentication and passwords

Use file access controls and data encryption Make a boot disk to recover the system

Use an operating system with strong user authentication and passwords

Choose operating systems such as

Win XP, Win2000 Pro or LinuxRename the administrator or root

accountRequire long and strong passwordsChange passwords over time

Use an operating system with strong user authentication and passwords

Manage passwords by policyLocal security policy or Group PolicySome tools

Password cracking toolsMicrosoft Baseline Security Analysis tool

http://www.microsoft.com/downloads/details.aspx?FamilyID=9a88e63b-92e3-4f97-80e7-8bc9ff836742&DisplayLang=en




and passwords

Use file access controls and data encryption

Make a boot disk to recover the system

Use File Access Controls, Data Encryption

Set permissions on data files of importance

Permissions define “who” can do “what” with a folder or file

Permissions are also called Access Control Lists (ACLs)

Use File Access Controls, Data Encryption

You can also encrypt files for an additional layer of file access protectionEncryption is built-in to the NTFS file

system Found only with NT, W2K and XP Can use third party tools




and passwords Use file access controls and data encryption

Make a boot disk to recover the system

Make a Boot Disk to Recover the System

Create a system boot diskHow to create one depends on the

Operating SystemUseful in resolving start up problems

due to corrupt or missing filesUpdate the boot disk regularly

Summary

Install, use and update antivirus programs

Treat email attachments with cautionKeep current with operating system

patchesUse host based intrusion detection

systemsUse a host based or dedicated firewall

Summary

Regularly backup your data Use an operating system with strong

user authentication and passwordsUse file access controls and data

encryptionMake a boot disk for system recovery

References

The CERT® Coordination Center (CERT/CC) is a center of Internet security expertise at the Software Engineering Institute, a federally funded center operated by Carnegie Mellon University

www.cert.org

Conclusion

Thanks for your attendanceCommit yourself and your

organization to secure your networks and computers

Expect more from Sinclair Community College on these topics in the months to come

Small Office/Home Office (SOHO) Computer and Network Security Sinclair Community College CIS...

Documents

Transcript of Small Office/Home Office (SOHO) Computer and Network Security Sinclair Community College CIS...