Download
it security n.
Skip this Video
Loading SlideShow in 5 Seconds..
IT Security PowerPoint Presentation
Download Presentation
IT Security

IT Security

102 Views Download Presentation
Download Presentation

IT Security

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. IT Security Tony Brett IT Systems Manager Corpus Christi College OxCERT tony.brett@corpus-christi.oxford.ac.uk Tony Brett, 14 September 2000

  2. Excuses Policy E-mail Machine Security Physical Security File Security Viruses (inc. E-mail+Hoax) Public machines OS Security Network Security Student connections Excuses Sniffing Firewalls - University OxCERT Who What What it does What it doesn’t do What to take away Resources Questions? Overview Tony Brett, 14 September 2000

  3. Excuses – FAQs • Users • “Why would anybody be interested in my account - I only use it for email” • “Security is the admins problem not mine” • “I let my friend in Spain use my account because they have been having problems with their network” • “Why has my account been disabled on sable” Tony Brett, 14 September 2000

  4. Enforce good passwords DON’T store password in E-mail clients etc. Disable dormant accounts Age passwords Have a policy on the use of accounts – encourage deletion unused accounts. Tell OUCS User Reg! Have a policy on Virus Hoaxes Make sure everyone knows about it Enforce it Policy Tony Brett, 14 September 2000

  5. E-Mail • E-mail is NOT SECURE! • Faking E-mail is very easy • PGP is your friend • Use for digital signatures • Use for encrypting E-mail • http://www.oucs.ox.ac.uk/email/pgp.html • E-mail virus hoaxes – policy. • E-mail viruses – ILOVEYOU, Melissa Tony Brett, 14 September 2000

  6. Securing Computers • Physical Security • File Security • “Use” Security Tony Brett, 14 September 2000

  7. Securing Computers • Physical Security • File Security • “Use” Security Tony Brett, 14 September 2000

  8. Where are machines located? Who has keys or can get keys? How is access to rooms controlled and monitored? Are machines in cages or wired? Are building exits monitored? Keyboard sniffers Physical Security Physical Security of machine is the limiting factor in security Tony Brett, 14 September 2000

  9. Securing Computers • Physical Security • File Security • “Use” Security Viruses Password protect Encrypt Tony Brett, 14 September 2000

  10. Viruses & Trojans • Destructive Power - BIOS Erase • Types of Virus • Boot Sector • Executable infectors, Trojans • Macro or “Document” • E-mail worms – Outlook!, ILOVEYOU, MELISSA etc. • Anti-Virus Products • F-Prot • Sophos - http://www.uk.sophos.com • Dr. Solomon’s • Norton -LiveUpdate • Lynne Munro at OUCS Tony Brett, 14 September 2000

  11. Libraries Machines need to run Win95/98 to run OxLIP properly Inherent security risk with so many different applications OWL - http://web.lib.ox.ac.uk/software Password from technicians@las.ox.ac.uk Disk imaging software e.g. Ghost Public Machines Tony Brett, 14 September 2000

  12. Securing Computers • Physical Security • File Security • “Use” Security Password protect accounts Restrict access Physical “locks” Tony Brett, 14 September 2000

  13. Securing your OS • Ensure sufficient logging • Examine logs • Take note of and understand error messages • Keep up-to-date with patches • Don’t run unnecessary network services • Web servers are notorious, especially Microsoft IIS Tony Brett, 14 September 2000

  14. Securing UNIX • Linux a good, free OS but is the most often compromised • Dynamic OS. Fixes released regularly • Solaris, SunOS, HP-UX, Digital, SGI (IRIX). • New compromises almost daily – Bugtraq. • Beware of Students running any UNIX. Encourage students to be aware. Sniffers! • Only Run services that are needed. Turn off everything else. Telnetd, IMAPd, POPd, NFSd etc. • Use SSH, SCP etc. Putty on Windows Tony Brett, 14 September 2000

  15. Securing Macintoshes • Mac OS Not designed for security • Appletalk over Ethernet • OUCS routing between departments • Appleshare • Guest account • Owner sees whole Hard Disk • TCP/IP • DoS Attacks Tony Brett, 14 September 2000

  16. PCs - DOS, Win16, Win32 • “Standard” operating systems • DOS, Win95, WinNT (workstation) • None designed to be servers • Some security holes - DoS vulnerabilitiesDefault shares on 95 and NT boxesC$, D$, etc. • Password caching(.pwl files) Tony Brett, 14 September 2000

  17. NT Server, Netware Server • Network O/S - running on PCs • NT can run on other platforms • File/Print services • TCP/IP services (FTP, Web etc). • Network packet signing • Physical access to server • Password regimes • Backup & disaster plan essential! • Use OUCS HFS for backup • Keep service packs up-to-date • Compromises are rare • See http://www.securityfocus.com/frames/?content=/vdb/stats.html Tony Brett, 14 September 2000

  18. 10BaseT vs. 10Base2 (coax) Manageable Hubs Physical access to hubs MAC address restriction Hub management passwords DHCP - dynamic vs. static, logs Switches vs. repeaters Sniffers Operating system policy – running services. Network Security Tony Brett, 14 September 2000

  19. Connection Policy is essential Students must sign agreement Log DHCP assignments so abuses can be traced Get student to assign College the right to examine their machine Control use of server-type OS. Student Connections Tony Brett, 14 September 2000

  20. Outsiders looking in Insiders looking about Insiders looking out Access through valid means Misuse of “features” inadvertent doors Insecurity by design Securing the Network Tony Brett, 14 September 2000

  21. “I was just looking” “It wasn’t secured so I thought it was OK” “I accidentally downloaded it and just thought I would see what happens when I ran it” “Hey man, the internet is an anarchy, I can do what I want” “Oh yeah, what are you going to do about it” Common Excuses Tony Brett, 14 September 2000

  22. Almost impossible to detect Impact depends on topology of network Switching reduces possibilities Network Sniffing Tony Brett, 14 September 2000

  23. Much network traffic in clear text Passwords and Usernames Compromised machines running sniffers A Q B Network Sniffing - What is it? Host Q listens without A & B knowing Tony Brett, 14 September 2000

  24. Network Topolgy University Backbone SWITCH HUB HUB Tony Brett, 14 September 2000

  25. Encryption SSH, Disposable passwords, SCP Switch sensitive parts of network Use port scrambling on hubs Keep student and staff segments on separate switched ports How to reduce the risk Tony Brett, 14 September 2000

  26. Isolate the network Bandwidth bottleneck Rule based access IP addresses, blocks, or ports Extensive logging False sense of security OUCS Started fully open – ports or addresses closed as vulnerabilites are identified Balance between security and utility Firewall Firewalls Badlands Happyville Tony Brett, 14 September 2000

  27. Who/What is OxCERT • University IT Security Team • oxcert@ox.ac.uk • (2)82222 • Member of FIRST • 9am-5pm, and best-attempt cover outside this • probe-report@oxcert.ox.ac.uk Tony Brett, 14 September 2000

  28. Who/What is OxCERT • C. 10 Committee, termly meeting. • 4 front-line • Pete Biggs, Physical & Theoretical Chemistry • Patrick Green, OUCS • Neil Clifford, Astrophysics • Neil Long, OUCS • Emergency Repsonse service, not a free machine set-up service • http://info.ox.ac.uk/compsecurity/oxcert/ Tony Brett, 14 September 2000

  29. What OxCERT can do SECURITY • Advise IT staff and individuals on matters of IT security • Advise on methods of improving security • Liason with other CERTs • Checking security of machines within Oxford University • Assistance in disaster recovery • Assistance in planning new networks and/or machines Tony Brett, 14 September 2000

  30. Direct contact with all parts of OUCS Intervention when machines are found to be compromised Disable IP addresses or networks (both within and without Oxford) if security is being compromised Investigation of DoS (Denial of Service) type attacks What it can! Only 1.5 posts is funded by the University, others are volunteers. What OxCERT can do Tony Brett, 14 September 2000

  31. What OxCERT can’t do • Get involved with policy decisions that don’t affect security • Deal with SPAM or abusive E-mail (advisory@oucs.ox.ac.uk) • Deal with non-security computing issues (electronic harrassment etc.) • Act as a substitute for OUCS advisory • Miracles! Security is YOUR responsibility, OxCERT can only advise Tony Brett, 14 September 2000

  32. Be aware of security Make users aware of the need for security Have, and enforce an IT Security Policy Maintain OS security Know what services you are providing and only provide those you know about What to take away Tony Brett, 14 September 2000

  33. Resources • This presentation: • http://users.ox.ac.uk/~aesb/itsec.ppt • OxCERT • http://www.ox.ac.uk/it/compsecurity/oxcert/ • Secure E-mail • http://www.oucs.ox.ac.uk/email/secure.html • Public Machines: • http://users.ox.ac.uk/~aesb/itsec.ppt • Virus Hoaxes: • http://www.uk.sophos.com/virusinfo/scares/ • University and other IT rules • http://www.ox.ac.uk/it/rules/ • The OUCS Hierarchical File Server • http://hfs.ox.ac.uk/local/ Tony Brett, 14 September 2000

  34. Questions? Fin Tony Brett, 14 September 2000