computer security at jmu l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Computer Security at JMU PowerPoint Presentation
Download Presentation
Computer Security at JMU

Loading in 2 Seconds...

play fullscreen
1 / 32

Computer Security at JMU - PowerPoint PPT Presentation


  • 386 Views
  • Uploaded on

Computer Security at JMU A Typical Day at JMU At least 60% of the email received by JMU is SPAM. The JMU email system rejects 240 messages PER MINUTE at peak times. Thousands of viruses per day…sometimes per hour Hundreds of fraud attempts per day (“phishing”)

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Computer Security at JMU' - Gabriel


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
a typical day at jmu
A Typical Day at JMU
  • At least 60% of the email received by JMU is SPAM.
    • The JMU email system rejects 240 messages PER MINUTE at peak times.
    • Thousands of viruses per day…sometimes per hour
    • Hundreds of fraud attempts per day (“phishing”)
  • Computers on the JMU network are exposed to almost constant reconnaissance, infection, and exploitation attempts
    • From the Internet
    • And from campus. At any given time, there are at least ten infected computers on JMU network trying to infect other computers.
  • Computer operators at JMU visit dozens of malicious web sites per day risking infection of their computer
large scale web site compromises
Large Scale Web Site Compromises

Number of sites as reflected by Google search for injected links

Recently compromised sites found with Google Search

compromised sites
Compromised Sites

Sony Playstation

USA Today

BusinessWeek

Major League Baseball

National Hockey League

Commonwealth of Virginia

Scotland Yard

Los Alamos National Laboratory

Oak Ridge National Laboratory

Texas National Guard

Sunkist

Phoenix Mars Lander Mission

Department of Homeland Security

university of washington crawl of 45 000 web sites
University of Washington Crawl of 45,000 web sites:
  • Percent of web sites viewed offering infected executables:
  • 16.3% of Celebrity web sites
  • 11.5% of Wallpaper web sites
  • 11.4% of Adult web sites
  • 5.6% of Game web sites
  • 3.5% of Music web sites
  • 2.7% of Children web sites
  • 2.2% of Pirate web sites
symantec internet security threat report january june 2005
Symantec Internet Security Threat Report January-June 2005
  • 10,866 new Windows viruses
    • Of the 50 most common reported, 74% expose confidential information
  • 10,352 BOTS detected per day
  • 1,862 new software defects
    • Average time to exploit – 6 days
    • Average time to patch – 54 days
  • 5.7 million fraudulent “phishing” email messages per day
  • Today
malicious software
Malicious Software

One anti-virus vendor reported producing more signatures in 2007 than in the past 15 years.

today s computer viruses
Today’s Computer Viruses
  • Silent
  • Subversive
  • Smart
      • Collect passwords and account numbers
      • Send spam, phishing, and virus seeding messages
      • Act as phishing web sites or BOT controllers
      • Distribute copyrighted materials and pornography
      • Break into other people’s computers and accounts
      • Launch denial of service attacks
      • Perform fraud
      • View web cam and listen to microphone
today s computer viruses14
Today’s Computer Viruses
  • An “infected” desktop today is a tool for criminals
    • A smart bomb
    • A remote control agent
    • A spy
what happens when security fails
What Happens When Security Fails?
  • Phishing
  • IRCBOTs
  • Keylogger
  • Loss of confidentiality, integrity, and/or availability of data or services
  • Loss of confidence
what happens when your security fails
What Happens When YOUR Security Fails?
  • Even if you “don’t have anything of value”, your computer is valuable to criminals.
    • Your accounts
    • Its access to the JMU network
    • As an intermediate attack vehicle
    • As storage
slide18
eID
  • e-campus
  • Jess
  • Secureweb
  • Web.jmu.edu
  • www.jmu.edu
  • General webservers
  • Network Registration
  • Campuslink dial-in
  • E-mail
  • SSH
  • Forums
  • Blackboard
  • Assessment
  • Novell file/print
  • Windows domain
  • Windows Active Directory
  • Wireless
  • Remote VPN
  • Social Security Number
  • Grades
  • Email
  • Pay stubs
what data is on your desktops
Grades

SSN

Credit Cards

Performance Evaluations

Medical

Resumes

Research

Vendor

Purchasing

Financial Reports

Organizational Planning

Environmental control systems

Credit card processing systems

Building entry and security systems

ID/debit card systems

Office desktops?

Home desktops?

Laptops?

CD?

USB Drive?

Floppy?

Cell phone?

PDA?

Shared folder?

One mistake

What Data is on Your Desktops?
what are we protecting
What are We Protecting?
  • Our own computer and information
  • Our constituent’s information and services
  • Our organization’s information, network, and services
  • Partners’ information, network, and services
security goal
Security Goal
  • Reduce the risk of loss to an acceptable level
    • We can not eliminate risk. There will always be residual risk.
    • Reducing risk has costs as a security failure:
      • Time (always)
      • Money
      • Access
      • Convenience
      • Privacy
      • Freedom
      • Complaints
      • Quality of life
      • Service delivery
      • Compare to costs of security incidents on previous slide - balance
what are our weaknesses
What are our Weaknesses?
  • Networks and Societies Must Have Cooperation to Work
    • Throwing bricks through windows
    • Driving down the wrong side of the street
    • Stealing mail from mailboxes
    • Can you secure your house or car?
  • The Internet extends the reach of uncooperative members
where are our weaknesses
Where are our weaknesses?
  • Our Systems provide soft targets
    • Complex – error prone in design, implementation, configuration, and usage
    • Defective security controls
    • Lack of access controls in most default configurations
    • Not designed for hostile environment
    • Not maintained for hostile environment
cybercrime attributes
Cybercrime Attributes
  • Worldwide, instant mobility
  • Worldwide, anonymous mobility
  • Worldwide, unrestricted mobility
  • At every network connection
  • At every keyboard
  • At every exposed web site
  • At every compromised computer or fraudulent message
where are our weaknesses26
Where are Our Weaknesses?
  • An intruder only has to find one entry point.
  • A defender has to close or watch all entry points while getting work done.
  • One mistake, one oversight, one wrong mouse click creates opportunity for the attacker
trust risk
Trust => Risk
  • Ignorance (failure of awareness)
  • Faulty Risk Assessment assumptions
  • Failed Access Controls
  • Failed Monitoring Processes
  • Inadequate Response
  • Inappropriate Use
  • ====================

Misplaced TRUST

Unaccepted Access ====> Unaccepted Risk

The more we trust, the more we better monitor.

privacy and social engineering
Privacy and Social Engineering

Alumni of SMAD. I regret the intrusion on your busy schedules but, a situation has come up that involves one of your alumni members and, requires our immediate attention. I regret to announce that Sean Harrington,class of 1996 is ill in London and i am trying to raise funds for him so he can undergo chemotherapy. I am using this medium to reach out to fellow members of the alumni to see if they can make contributions. I am acting as the coordinator for this help action.If you are interested in assisting please reply and let me know. Replies should be sent to alumniaid@hotmail.comBill.

Search for JMU CIS Majors

Search for JMU ISAT Majors

risk evolution
Risk Evolution
  • Decreasing
    • Fundamental operating system and server defects
  • Increasing
    • Human error due to complexity
    • Desktops
    • Distributed data
    • Client applications
    • Web applications
    • Partners and Mashups
there is no magic bullet
There is no magic bullet!
  • Anti-virus software
  • Firewalls
  • Security Updates
  • Those are just the beginning!
  • Eliminate or reduce unnecessary risk in day to day use.
unnecessary risk
Unnecessary Risk
  • Unnecessary software
    • Screen savers
    • Games
    • Entertainment
    • Web downloads
    • Unnecessary installs in general
  • Unnecessary privileges
  • Unnecessary access
computer security at jmu32
Computer Security at JMU
  • www.jmu.edu/computing/security
  • StartSafe
  • RUNSAFE
  • Hot Topics
  • Critical Security Updates
  • General Information and Starting Point