Computer security at jmu
Download
1 / 32

- PowerPoint PPT Presentation


  • 372 Views
  • Updated On :

Computer Security at JMU A Typical Day at JMU At least 60% of the email received by JMU is SPAM. The JMU email system rejects 240 messages PER MINUTE at peak times. Thousands of viruses per day…sometimes per hour Hundreds of fraud attempts per day (“phishing”)

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about '' - Gabriel


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

A typical day at jmu l.jpg
A Typical Day at JMU

  • At least 60% of the email received by JMU is SPAM.

    • The JMU email system rejects 240 messages PER MINUTE at peak times.

    • Thousands of viruses per day…sometimes per hour

    • Hundreds of fraud attempts per day (“phishing”)

  • Computers on the JMU network are exposed to almost constant reconnaissance, infection, and exploitation attempts

    • From the Internet

    • And from campus. At any given time, there are at least ten infected computers on JMU network trying to infect other computers.

  • Computer operators at JMU visit dozens of malicious web sites per day risking infection of their computer






Large scale web site compromises l.jpg
Large Scale Web Site Compromises

Number of sites as reflected by Google search for injected links

Recently compromised sites found with Google Search


Compromised sites l.jpg
Compromised Sites

Sony Playstation

USA Today

BusinessWeek

Major League Baseball

National Hockey League

Commonwealth of Virginia

Scotland Yard

Los Alamos National Laboratory

Oak Ridge National Laboratory

Texas National Guard

Sunkist

Phoenix Mars Lander Mission

Department of Homeland Security



University of washington crawl of 45 000 web sites l.jpg
University of Washington Crawl of 45,000 web sites:

  • Percent of web sites viewed offering infected executables:

  • 16.3% of Celebrity web sites

  • 11.5% of Wallpaper web sites

  • 11.4% of Adult web sites

  • 5.6% of Game web sites

  • 3.5% of Music web sites

  • 2.7% of Children web sites

  • 2.2% of Pirate web sites


Symantec internet security threat report january june 2005 l.jpg
Symantec Internet Security Threat Report January-June 2005

  • 10,866 new Windows viruses

    • Of the 50 most common reported, 74% expose confidential information

  • 10,352 BOTS detected per day

  • 1,862 new software defects

    • Average time to exploit – 6 days

    • Average time to patch – 54 days

  • 5.7 million fraudulent “phishing” email messages per day

  • Today


Malicious software l.jpg
Malicious Software

One anti-virus vendor reported producing more signatures in 2007 than in the past 15 years.


Today s computer viruses l.jpg
Today’s Computer Viruses

  • Silent

  • Subversive

  • Smart

    • Collect passwords and account numbers

    • Send spam, phishing, and virus seeding messages

    • Act as phishing web sites or BOT controllers

    • Distribute copyrighted materials and pornography

    • Break into other people’s computers and accounts

    • Launch denial of service attacks

    • Perform fraud

    • View web cam and listen to microphone


Today s computer viruses14 l.jpg
Today’s Computer Viruses

  • An “infected” desktop today is a tool for criminals

    • A smart bomb

    • A remote control agent

    • A spy


What happens when security fails l.jpg
What Happens When Security Fails?

  • Phishing

  • IRCBOTs

  • Keylogger

  • Loss of confidentiality, integrity, and/or availability of data or services

  • Loss of confidence



What happens when your security fails l.jpg
What Happens When YOUR Security Fails?

  • Even if you “don’t have anything of value”, your computer is valuable to criminals.

    • Your accounts

    • Its access to the JMU network

    • As an intermediate attack vehicle

    • As storage


Slide18 l.jpg
eID

  • e-campus

  • Jess

  • Secureweb

  • Web.jmu.edu

  • www.jmu.edu

  • General webservers

  • Network Registration

  • Campuslink dial-in

  • E-mail

  • SSH

  • Forums

  • Blackboard

  • Assessment

  • Novell file/print

  • Windows domain

  • Windows Active Directory

  • Wireless

  • Remote VPN

  • Social Security Number

  • Grades

  • Email

  • Pay stubs


What data is on your desktops l.jpg

Grades

SSN

Credit Cards

Performance Evaluations

Medical

Resumes

Research

Vendor

Purchasing

Financial Reports

Organizational Planning

Environmental control systems

Credit card processing systems

Building entry and security systems

ID/debit card systems

Office desktops?

Home desktops?

Laptops?

CD?

USB Drive?

Floppy?

Cell phone?

PDA?

Shared folder?

One mistake

What Data is on Your Desktops?


What are we protecting l.jpg
What are We Protecting?

  • Our own computer and information

  • Our constituent’s information and services

  • Our organization’s information, network, and services

  • Partners’ information, network, and services


Security goal l.jpg
Security Goal

  • Reduce the risk of loss to an acceptable level

    • We can not eliminate risk. There will always be residual risk.

    • Reducing risk has costs as a security failure:

      • Time (always)

      • Money

      • Access

      • Convenience

      • Privacy

      • Freedom

      • Complaints

      • Quality of life

      • Service delivery

      • Compare to costs of security incidents on previous slide - balance



What are our weaknesses l.jpg
What are our Weaknesses?

  • Networks and Societies Must Have Cooperation to Work

    • Throwing bricks through windows

    • Driving down the wrong side of the street

    • Stealing mail from mailboxes

    • Can you secure your house or car?

  • The Internet extends the reach of uncooperative members


Where are our weaknesses l.jpg
Where are our weaknesses?

  • Our Systems provide soft targets

    • Complex – error prone in design, implementation, configuration, and usage

    • Defective security controls

    • Lack of access controls in most default configurations

    • Not designed for hostile environment

    • Not maintained for hostile environment


Cybercrime attributes l.jpg
Cybercrime Attributes

  • Worldwide, instant mobility

  • Worldwide, anonymous mobility

  • Worldwide, unrestricted mobility

  • At every network connection

  • At every keyboard

  • At every exposed web site

  • At every compromised computer or fraudulent message


Where are our weaknesses26 l.jpg
Where are Our Weaknesses?

  • An intruder only has to find one entry point.

  • A defender has to close or watch all entry points while getting work done.

  • One mistake, one oversight, one wrong mouse click creates opportunity for the attacker


Trust risk l.jpg
Trust => Risk

  • Ignorance (failure of awareness)

  • Faulty Risk Assessment assumptions

  • Failed Access Controls

  • Failed Monitoring Processes

  • Inadequate Response

  • Inappropriate Use

  • ====================

    Misplaced TRUST

    Unaccepted Access ====> Unaccepted Risk

    The more we trust, the more we better monitor.


Privacy and social engineering l.jpg
Privacy and Social Engineering

Alumni of SMAD. I regret the intrusion on your busy schedules but, a situation has come up that involves one of your alumni members and, requires our immediate attention. I regret to announce that Sean Harrington,class of 1996 is ill in London and i am trying to raise funds for him so he can undergo chemotherapy. I am using this medium to reach out to fellow members of the alumni to see if they can make contributions. I am acting as the coordinator for this help action.If you are interested in assisting please reply and let me know. Replies should be sent to [email protected]

Search for JMU CIS Majors

Search for JMU ISAT Majors


Risk evolution l.jpg
Risk Evolution

  • Decreasing

    • Fundamental operating system and server defects

  • Increasing

    • Human error due to complexity

    • Desktops

    • Distributed data

    • Client applications

    • Web applications

    • Partners and Mashups


There is no magic bullet l.jpg
There is no magic bullet!

  • Anti-virus software

  • Firewalls

  • Security Updates

  • Those are just the beginning!

  • Eliminate or reduce unnecessary risk in day to day use.


Unnecessary risk l.jpg
Unnecessary Risk

  • Unnecessary software

    • Screen savers

    • Games

    • Entertainment

    • Web downloads

    • Unnecessary installs in general

  • Unnecessary privileges

  • Unnecessary access


Computer security at jmu32 l.jpg
Computer Security at JMU

  • www.jmu.edu/computing/security

  • StartSafe

  • RUNSAFE

  • Hot Topics

  • Critical Security Updates

  • General Information and Starting Point


ad