Transcript Small Office, Home Office (SOHO) Security

Small Office/Home Office (SOHO)
Computer and Network Security
Sinclair
Community
College
CIS Department
Small Office/Home Office (SOHO)
Computer and Network Security
Bob Sherman
 Patty Gillilan
 Associate Professors, CIS Department
 Multiple Microsoft and Cisco
certifications

Why SOHO Computer and
Networking Security is Important
Personal information
 Private files
 Financial information
 Having your systems “high jacked”
 Invasion of privacy, e.g., Spyware
 Identity theft

Why SOHO Computer and
Networking Security is Important





Identity theft is a very large and growing
concern
Gartner Research Group estimates seven
million victims of ID theft in the US in the
past twelve months
http://www.consumer.gov/idtheft/
http://www.usdoj.gov/criminal/fraud/idtheft.
html
http://www.idtheftcenter.org/index.shtml
Why SOHO Computer and
Networking Security is Important
Spyware: a new and growing threat
 Spyware can…

 Manipulate
your system
 Record your habits
 Facilitate theft of your passwords, credit
card info and identity

Adware, key loggers and Trojan
horses
Why SOHO Computer and
Networking Security is Important

Signs of spyware on your PC
 Home
page changes
 New favorites appear
 System is noticeably slower
 New toolbars appear in IE
Why SOHO Computer and
Networking Security is Important

Spyware
 File
sharing services, e.g., Kazaa or
Grokster
 Clicking on pop-up ads
 Opening infected emails
Spy Sweeper
 http://www.webroot.com

Objectives

Familiarize the computer users with the
following:

What it means to be “online”

The door to the Internet swings both ways
What are common risks and vulnerabilities?
 How to protect against threats
 Maintaining vigilance by staying current

Nine Critical Steps in Securing
SOHO Computers and Networks
Install, use and update anti-virus
programs
 Treat all email attachments with
caution
 Keep current with operating system
updates
 Use host based Intrusion Detection
Systems

Nine Critical Steps in Securing
SOHO Computers and Networks

Use a firewall
 Host
based or dedicated firewall
Regularly backup your data
 Use an operating system with strong
authentication and passwords
 Use file access controls and data
encryption
 Make a recovery/boot disk

Nine Critical Steps in Securing
SOHO Computers and Networks
 Install,
use and update anti-virus
programs



Treat all email attachments with caution
Keep current with operating system updates
Use host based Intrusion Detection Systems
Install, use and update anti-virus
programs

The single most important thing you
can do to protect your system
 Most
common exposure
 Email
attachments
 Connections to web servers
 Make
sure the program you select
also protects against Worms and
Trojans
Install, use and update anti-virus
programs

Some popular antivirus products
 Symantec
 McAfee
 Computer



Associates
http://www.symantec.com/sabu/nis/nis_pe/
http://us.mcafee.com/default.asp
http://www.my-etrust.com
Install, use and update anti-virus
programs

Norton antivirus output and options
 System
status
 Reports
 Scheduled
system scan
Nine Critical Steps in Securing
SOHO Computers and Networks

Install, use and update anti-virus programs

Treat all email attachments with
caution

Keep current with operating system updates
Use host based Intrusion Detection Systems

Treat All Email Attachments with
Caution
Email Viruses are becoming more
prevalent all of the time
 If you haven't gotten an email virus,
chances are you will, if you don’t take
the appropriate steps
 Preventing email viruses begins with
common sense and ends with a virus
detection program

Treat All Email Attachments with
Caution

The Common sense approach:
 Make
sure you are familiar with the
sender of the email
 Note the names of the file attachments
 Do
they make sense to you?
 Some names are designed to entice you to
open the attachment
–
AnnaKournikova.jpg.vbs (Worm)
Treat All Email Attachments with
Caution

The common sense approach:
 If
the attachment has one of the following
file extensions, be very suspect
 .scr,
 Delete
.pif, .vb, .vbe, .vbs, exe
suspect attachments immediately
and empty the “Recycle Bin”
Nine Critical Steps in Securing
SOHO Computers and Networks


Install, use and update anti-virus programs
Treat all email attachments with caution
 Keep
current with operating
system updates

Use host based Intrusion Detection Systems
Keep current with operating
system patches
“A fix or modification to a program
bug in the Operating System. A patch
is an actual piece of object code that
is inserted into (patched into) an
executable program.” -- webopedia.com
 Many operating system patches are
related to system security.
 Staying current can be automated on
recent versions of Windows

Keep current with operating
system patches
Windows operating systems are
frequently “patched or updated”
 Windows Update
 Service Packs (SPs) are a collection of
patches and updates

Keep current with operating system
patches

Before updating a system make sure
of the following
 The
update is required for your system
 The update won’t harm your system or
any applications running on it
 You can uninstall the update

Get used to performing these updates
 Many
security compromises are a result
of unpatched systems
Keep current with operating
system patches
Using the Windows Update feature
 Click the Start menu

 Then

choose Windows Update
http://v4.windowsupdate.microsoft.co
m/en/default.asp
Windows Update options in Windows 2000 Pro:
Keep current with operating
system patches
First click Scan for Updates
 Then click Review and Install Updates
 Three categories of updates

 Critical
updates and service packs
 Updates for your version of Windows
 Driver updates
Keep current with operating
system patches
Click on Critical Updates and Service
Packs
 Remove those updates not applicable
to your system
 Click Install Now
 Some updates will require restarting
your computer

Keep current with operating
system patches
Configuring Automatic Updates
 Control Panel or System Properties
 Update options

Only notify of updates
 Download and notify of updates
 Download and install on a specified schedule

Keep current with operating
system patches
Software Update Service
 Available on more recent versions of
Windows
 Creates a single point internally as the
source of updates
 Conserves bandwidth

Keep current with operating
system patches
Microsoft Technet Service
 Source for a variety of security and
related details
 http://www.microsoft.com/technet/defa
ult.asp
 Knowledge Base articles

Keep current with operating
system patches
Blaster Worm
 Knowledge Base article #823980
 Exploits a buffer overflow flaw in
Windows
 Patch released by Microsoft on July
16, 2003
 Updated August 25, 2003

Keep current with operating
system patches
State of Maryland BMV shut down on
August 13, 2003
 Many other large networks affected
 http://www.microsoft.com/technet/tree
view/?url=/technet/security/bulletin/M
S03-026.asp

Keep current with operating system
patches
Sasser Worm and multiple variations
over several weeks in April 2004
 Knowledge Base articles

#
835732 to prevent future infections
 # 841720 to clean infected systems

Windows 2000 and Windows XP only
Keep current with operating
system patches
Test patches first, then install
 Removing patches and operating
system updates

 Control
Panel
 Add/Remove Programs
 Applications and patches all listed here
 Select the desired item, click Remove
Nine Critical Steps in Securing the
Home Network




Install, use and update anti-virus programs
Treat all email attachments with caution
Keep current with operating system updates
Use host based Intrusion Detection
Systems
Use Host Based Intrusion Detection
Systems
Most intrusion detection systems
(IDS) take either a network or a hostbased approach
 IDS looks for attack signatures, i.e.,
specific network traffic patterns that
may indicate an attack
 Host based is appropriate for SOHO
environments

Use Host Based Intrusion Detection
Systems
Host based intrusion detection
analyzes all incoming and outgoing
network information for data patterns
typical of an attack
 Host based intrusion detection uses
the writing to log files or audit files
 Logs changes made to the system

Use Host Based Intrusion Detection
Systems
The information the IDS collects is
based on the monitoring of operating
system, application software and
security events.
 Built-in capabilities

 Event

Viewer in Windows
Must review log files regularly
Nine Critical Steps in Securing
SOHO Computers and Networks

Use a firewall
 Host




based or dedicated firewall
Regularly backup your data
Use an operating system with strong authentication
and passwords
Use file access controls and data encryption
Make a boot disk to recover the system
Use a Firewall
Firewalls are used to filter network
traffic
 Allow or block traffic based on criteria
selected
 Well known ports

 Port
80 for HTTP
 Port 443 for HTTPS
 Ports 20/21 for FTP
 Port 25 for Mail
Use a Firewall
Firewalls can be implemented at the
host network interface or on an
intermediary system such as a router
 Firewalls implemented at the host are
software based
 Firewalls implemented at a router are
hardware based

 You
can use either or both
Use a Firewall
Firewalls can be implemented at the
host network interface or on an
intermediary system such as a router
 SOHO router products from Linksys,
D-Link and others
 All allow for configuring to meet your
needs

Nine Critical Steps in Securing
SOHO Computers and Networks

Use a firewall
 Host based or dedicated firewall
 Regularly



backup your data
Use an operating system with strong authentication
and passwords
Use file access controls and data encryption
Make a boot disk to recover the system
Regularly Backup Your Data
Back up your files regularly
 Backing up means to copy data files
from a local hard drive to another
device

 Tape,
external hard drive, CD/DVD, ZIP
drive

Application software can be restored
from the original media
Regularly Backup Your Data
Most operating systems include a
backup and restore utility
 Numerous third party products
available

 Veritas,

Computer Associates
Hard drives have a finite life span and
will eventually fail
Regularly Backup Your Data
If your system is compromised by
malicious acts or physical failure data
backup is your only solution
 Multiple copies of the backup media
stored on-site and off-site
 Multiple media sets

Regularly Backup Your Data

Restoring or recovering the data is
equally important
 Practice
 These
data restores
don’t have to be full-blown system
restores but restoring sample data files
Nine Critical Steps in Securing
SOHO Computers and Networks


Use a firewall
 Host based or dedicated firewall
Regularly backup your data

Use an operating system with strong
authentication and passwords

Use file access controls and data encryption
Make a boot disk to recover the system

Use an operating system with strong
user authentication and passwords
Choose operating systems such as
Win XP, Win2000 Pro or Linux
 Rename the administrator or root
account
 Require long and strong passwords
 Change passwords over time

Use an operating system with strong
user authentication and passwords
Manage passwords by policy
 Local security policy or Group Policy
 Some tools

 Password
cracking tools
 Microsoft Baseline Security Analysis tool

http://www.microsoft.com/downloads/
details.aspx?FamilyID=9a88e63b92e3-4f97-80e78bc9ff836742&DisplayLang=en
Nine Critical Steps in Securing
SOHO Computers and Networks



Use a firewall
 Host based or dedicated firewall
Regularly backup your data
Use an operating system with strong authentication
and passwords

Use file access controls and data
encryption

Make a boot disk to recover the system
Use File Access Controls, Data
Encryption
Set permissions on data files of
importance
 Permissions define “who” can do
“what” with a folder or file
 Permissions are also called Access
Control Lists (ACLs)

Use File Access Controls, Data
Encryption

You can also encrypt files for an
additional layer of file access
protection
 Encryption
is built-in to the NTFS file
system
 Found
only with NT, W2K and XP
 Can use third party tools
Nine Critical Steps in Securing
SOHO Computers and Networks





Use a firewall
 Host based or dedicated firewall
Regularly backup your data
Use an operating system with strong authentication
and passwords
Use file access controls and data encryption
Make a boot disk to recover the
system
Make a Boot Disk to Recover the
System
Create a system boot disk
 How to create one depends on the
Operating System
 Useful in resolving start up problems
due to corrupt or missing files
 Update the boot disk regularly

Summary
Install, use and update antivirus
programs
 Treat email attachments with caution
 Keep current with operating system
patches
 Use host based intrusion detection
systems
 Use a host based or dedicated firewall

Summary
Regularly backup your data
 Use an operating system with strong
user authentication and passwords
 Use file access controls and data
encryption
 Make a boot disk for system recovery

References
The CERT® Coordination Center
(CERT/CC) is a center of Internet
security expertise at the Software
Engineering Institute, a federally
funded center operated by Carnegie
Mellon University
 www.cert.org

Conclusion
Thanks for your attendance
 Commit yourself and your
organization to secure your networks
and computers
 Expect more from Sinclair Community
College on these topics in the months
to come
