Small Office, Home Office (SOHO) Security
Download
Report
Transcript Small Office, Home Office (SOHO) Security
Small Office/Home Office (SOHO)
Computer and Network Security
Sinclair
Community
College
CIS Department
Small Office/Home Office (SOHO)
Computer and Network Security
Bob Sherman
Patty Gillilan
Associate Professors, CIS Department
Multiple Microsoft and Cisco
certifications
Why SOHO Computer and
Networking Security is Important
Personal information
Private files
Financial information
Having your systems “high jacked”
Invasion of privacy, e.g., Spyware
Identity theft
Why SOHO Computer and
Networking Security is Important
Identity theft is a very large and growing
concern
Gartner Research Group estimates seven
million victims of ID theft in the US in the
past twelve months
http://www.consumer.gov/idtheft/
http://www.usdoj.gov/criminal/fraud/idtheft.
html
http://www.idtheftcenter.org/index.shtml
Why SOHO Computer and
Networking Security is Important
Spyware: a new and growing threat
Spyware can…
Manipulate
your system
Record your habits
Facilitate theft of your passwords, credit
card info and identity
Adware, key loggers and Trojan
horses
Why SOHO Computer and
Networking Security is Important
Signs of spyware on your PC
Home
page changes
New favorites appear
System is noticeably slower
New toolbars appear in IE
Why SOHO Computer and
Networking Security is Important
Spyware
File
sharing services, e.g., Kazaa or
Grokster
Clicking on pop-up ads
Opening infected emails
Spy Sweeper
http://www.webroot.com
Objectives
Familiarize the computer users with the
following:
What it means to be “online”
The door to the Internet swings both ways
What are common risks and vulnerabilities?
How to protect against threats
Maintaining vigilance by staying current
Nine Critical Steps in Securing
SOHO Computers and Networks
Install, use and update anti-virus
programs
Treat all email attachments with
caution
Keep current with operating system
updates
Use host based Intrusion Detection
Systems
Nine Critical Steps in Securing
SOHO Computers and Networks
Use a firewall
Host
based or dedicated firewall
Regularly backup your data
Use an operating system with strong
authentication and passwords
Use file access controls and data
encryption
Make a recovery/boot disk
Nine Critical Steps in Securing
SOHO Computers and Networks
Install,
use and update anti-virus
programs
Treat all email attachments with caution
Keep current with operating system updates
Use host based Intrusion Detection Systems
Install, use and update anti-virus
programs
The single most important thing you
can do to protect your system
Most
common exposure
Email
attachments
Connections to web servers
Make
sure the program you select
also protects against Worms and
Trojans
Install, use and update anti-virus
programs
Some popular antivirus products
Symantec
McAfee
Computer
Associates
http://www.symantec.com/sabu/nis/nis_pe/
http://us.mcafee.com/default.asp
http://www.my-etrust.com
Install, use and update anti-virus
programs
Norton antivirus output and options
System
status
Reports
Scheduled
system scan
Nine Critical Steps in Securing
SOHO Computers and Networks
Install, use and update anti-virus programs
Treat all email attachments with
caution
Keep current with operating system updates
Use host based Intrusion Detection Systems
Treat All Email Attachments with
Caution
Email Viruses are becoming more
prevalent all of the time
If you haven't gotten an email virus,
chances are you will, if you don’t take
the appropriate steps
Preventing email viruses begins with
common sense and ends with a virus
detection program
Treat All Email Attachments with
Caution
The Common sense approach:
Make
sure you are familiar with the
sender of the email
Note the names of the file attachments
Do
they make sense to you?
Some names are designed to entice you to
open the attachment
–
AnnaKournikova.jpg.vbs (Worm)
Treat All Email Attachments with
Caution
The common sense approach:
If
the attachment has one of the following
file extensions, be very suspect
.scr,
Delete
.pif, .vb, .vbe, .vbs, exe
suspect attachments immediately
and empty the “Recycle Bin”
Nine Critical Steps in Securing
SOHO Computers and Networks
Install, use and update anti-virus programs
Treat all email attachments with caution
Keep
current with operating
system updates
Use host based Intrusion Detection Systems
Keep current with operating
system patches
“A fix or modification to a program
bug in the Operating System. A patch
is an actual piece of object code that
is inserted into (patched into) an
executable program.” -- webopedia.com
Many operating system patches are
related to system security.
Staying current can be automated on
recent versions of Windows
Keep current with operating
system patches
Windows operating systems are
frequently “patched or updated”
Windows Update
Service Packs (SPs) are a collection of
patches and updates
Keep current with operating system
patches
Before updating a system make sure
of the following
The
update is required for your system
The update won’t harm your system or
any applications running on it
You can uninstall the update
Get used to performing these updates
Many
security compromises are a result
of unpatched systems
Keep current with operating
system patches
Using the Windows Update feature
Click the Start menu
Then
choose Windows Update
http://v4.windowsupdate.microsoft.co
m/en/default.asp
Windows Update options in Windows 2000 Pro:
Keep current with operating
system patches
First click Scan for Updates
Then click Review and Install Updates
Three categories of updates
Critical
updates and service packs
Updates for your version of Windows
Driver updates
Keep current with operating
system patches
Click on Critical Updates and Service
Packs
Remove those updates not applicable
to your system
Click Install Now
Some updates will require restarting
your computer
Keep current with operating
system patches
Configuring Automatic Updates
Control Panel or System Properties
Update options
Only notify of updates
Download and notify of updates
Download and install on a specified schedule
Keep current with operating
system patches
Software Update Service
Available on more recent versions of
Windows
Creates a single point internally as the
source of updates
Conserves bandwidth
Keep current with operating
system patches
Microsoft Technet Service
Source for a variety of security and
related details
http://www.microsoft.com/technet/defa
ult.asp
Knowledge Base articles
Keep current with operating
system patches
Blaster Worm
Knowledge Base article #823980
Exploits a buffer overflow flaw in
Windows
Patch released by Microsoft on July
16, 2003
Updated August 25, 2003
Keep current with operating
system patches
State of Maryland BMV shut down on
August 13, 2003
Many other large networks affected
http://www.microsoft.com/technet/tree
view/?url=/technet/security/bulletin/M
S03-026.asp
Keep current with operating system
patches
Sasser Worm and multiple variations
over several weeks in April 2004
Knowledge Base articles
#
835732 to prevent future infections
# 841720 to clean infected systems
Windows 2000 and Windows XP only
Keep current with operating
system patches
Test patches first, then install
Removing patches and operating
system updates
Control
Panel
Add/Remove Programs
Applications and patches all listed here
Select the desired item, click Remove
Nine Critical Steps in Securing the
Home Network
Install, use and update anti-virus programs
Treat all email attachments with caution
Keep current with operating system updates
Use host based Intrusion Detection
Systems
Use Host Based Intrusion Detection
Systems
Most intrusion detection systems
(IDS) take either a network or a hostbased approach
IDS looks for attack signatures, i.e.,
specific network traffic patterns that
may indicate an attack
Host based is appropriate for SOHO
environments
Use Host Based Intrusion Detection
Systems
Host based intrusion detection
analyzes all incoming and outgoing
network information for data patterns
typical of an attack
Host based intrusion detection uses
the writing to log files or audit files
Logs changes made to the system
Use Host Based Intrusion Detection
Systems
The information the IDS collects is
based on the monitoring of operating
system, application software and
security events.
Built-in capabilities
Event
Viewer in Windows
Must review log files regularly
Nine Critical Steps in Securing
SOHO Computers and Networks
Use a firewall
Host
based or dedicated firewall
Regularly backup your data
Use an operating system with strong authentication
and passwords
Use file access controls and data encryption
Make a boot disk to recover the system
Use a Firewall
Firewalls are used to filter network
traffic
Allow or block traffic based on criteria
selected
Well known ports
Port
80 for HTTP
Port 443 for HTTPS
Ports 20/21 for FTP
Port 25 for Mail
Use a Firewall
Firewalls can be implemented at the
host network interface or on an
intermediary system such as a router
Firewalls implemented at the host are
software based
Firewalls implemented at a router are
hardware based
You
can use either or both
Use a Firewall
Firewalls can be implemented at the
host network interface or on an
intermediary system such as a router
SOHO router products from Linksys,
D-Link and others
All allow for configuring to meet your
needs
Nine Critical Steps in Securing
SOHO Computers and Networks
Use a firewall
Host based or dedicated firewall
Regularly
backup your data
Use an operating system with strong authentication
and passwords
Use file access controls and data encryption
Make a boot disk to recover the system
Regularly Backup Your Data
Back up your files regularly
Backing up means to copy data files
from a local hard drive to another
device
Tape,
external hard drive, CD/DVD, ZIP
drive
Application software can be restored
from the original media
Regularly Backup Your Data
Most operating systems include a
backup and restore utility
Numerous third party products
available
Veritas,
Computer Associates
Hard drives have a finite life span and
will eventually fail
Regularly Backup Your Data
If your system is compromised by
malicious acts or physical failure data
backup is your only solution
Multiple copies of the backup media
stored on-site and off-site
Multiple media sets
Regularly Backup Your Data
Restoring or recovering the data is
equally important
Practice
These
data restores
don’t have to be full-blown system
restores but restoring sample data files
Nine Critical Steps in Securing
SOHO Computers and Networks
Use a firewall
Host based or dedicated firewall
Regularly backup your data
Use an operating system with strong
authentication and passwords
Use file access controls and data encryption
Make a boot disk to recover the system
Use an operating system with strong
user authentication and passwords
Choose operating systems such as
Win XP, Win2000 Pro or Linux
Rename the administrator or root
account
Require long and strong passwords
Change passwords over time
Use an operating system with strong
user authentication and passwords
Manage passwords by policy
Local security policy or Group Policy
Some tools
Password
cracking tools
Microsoft Baseline Security Analysis tool
http://www.microsoft.com/downloads/
details.aspx?FamilyID=9a88e63b92e3-4f97-80e78bc9ff836742&DisplayLang=en
Nine Critical Steps in Securing
SOHO Computers and Networks
Use a firewall
Host based or dedicated firewall
Regularly backup your data
Use an operating system with strong authentication
and passwords
Use file access controls and data
encryption
Make a boot disk to recover the system
Use File Access Controls, Data
Encryption
Set permissions on data files of
importance
Permissions define “who” can do
“what” with a folder or file
Permissions are also called Access
Control Lists (ACLs)
Use File Access Controls, Data
Encryption
You can also encrypt files for an
additional layer of file access
protection
Encryption
is built-in to the NTFS file
system
Found
only with NT, W2K and XP
Can use third party tools
Nine Critical Steps in Securing
SOHO Computers and Networks
Use a firewall
Host based or dedicated firewall
Regularly backup your data
Use an operating system with strong authentication
and passwords
Use file access controls and data encryption
Make a boot disk to recover the
system
Make a Boot Disk to Recover the
System
Create a system boot disk
How to create one depends on the
Operating System
Useful in resolving start up problems
due to corrupt or missing files
Update the boot disk regularly
Summary
Install, use and update antivirus
programs
Treat email attachments with caution
Keep current with operating system
patches
Use host based intrusion detection
systems
Use a host based or dedicated firewall
Summary
Regularly backup your data
Use an operating system with strong
user authentication and passwords
Use file access controls and data
encryption
Make a boot disk for system recovery
References
The CERT® Coordination Center
(CERT/CC) is a center of Internet
security expertise at the Software
Engineering Institute, a federally
funded center operated by Carnegie
Mellon University
www.cert.org
Conclusion
Thanks for your attendance
Commit yourself and your
organization to secure your networks
and computers
Expect more from Sinclair Community
College on these topics in the months
to come