Small Office/Home Office (SOHO) Computer and Network Security Sinclair Community
Small Office/Home Office (SOHO) Computer and Network Security Sinclair Community College CIS Department Small Office/Home Office (SOHO) Computer and Network Security Bob Sherman Patty Gillilan Associate Professors, CIS Department Multiple Microsoft and Cisco certifications Why SOHO Computer and Networking Security is Important Personal information Private files Financial information Having your systems “high jacked” Invasion of privacy, e.g., Spyware Identity theft Why SOHO Computer and Networking Security is Important Identity theft is a very large and growing concern Gartner Research Group estimates seven million victims of ID theft in the US in the past twelve months http://www.consumer.gov/idtheft/ http://www.usdoj.gov/criminal/fraud/idtheft. html http://www.idtheftcenter.org/index.shtml Why SOHO Computer and Networking Security is Important Spyware: a new and growing threat Spyware can… Manipulate your system Record your habits Facilitate theft of your passwords, credit card info and identity Adware, key loggers and Trojan horses Why SOHO Computer and Networking Security is Important Signs of spyware on your PC Home page changes New favorites appear System is noticeably slower New toolbars appear in IE Why SOHO Computer and Networking Security is Important Spyware File sharing services, e.g., Kazaa or Grokster Clicking on pop-up ads Opening infected emails Spy Sweeper http://www.webroot.com Objectives Familiarize the computer users with the following: What it means to be “online” The door to the Internet swings both ways What are common risks and vulnerabilities? How to protect against threats Maintaining vigilance by staying current Nine Critical Steps in Securing SOHO Computers and Networks Install, use and update anti-virus programs Treat all email attachments with caution Keep current with operating system updates Use host based Intrusion Detection Systems Nine Critical Steps in Securing SOHO Computers and Networks Use a firewall Host based or dedicated firewall Regularly backup your data Use an operating system with strong authentication and passwords Use file access controls and data encryption Make a recovery/boot disk Nine Critical Steps in Securing SOHO Computers and Networks Install, use and update anti-virus programs Treat all email attachments with caution Keep current with operating system updates Use host based Intrusion Detection Systems Install, use and update anti-virus programs The single most important thing you can do to protect your system Most common exposure Email attachments Connections to web servers Make sure the program you select also protects against Worms and Trojans Install, use and update anti-virus programs Some popular antivirus products Symantec McAfee Computer Associates http://www.symantec.com/sabu/nis/nis_pe/ http://us.mcafee.com/default.asp http://www.my-etrust.com Install, use and update anti-virus programs Norton antivirus output and options System status Reports Scheduled system scan Nine Critical Steps in Securing SOHO Computers and Networks Install, use and update anti-virus programs Treat all email attachments with caution Keep current with operating system updates Use host based Intrusion Detection Systems Treat All Email Attachments with Caution Email Viruses are becoming more prevalent all of the time If you haven't gotten an email virus, chances are you will, if you don’t take the appropriate steps Preventing email viruses begins with common sense and ends with a virus detection program Treat All Email Attachments with Caution The Common sense approach: Make sure you are familiar with the sender of the email Note the names of the file attachments Do they make sense to you? Some names are designed to entice you to open the attachment – AnnaKournikova.jpg.vbs (Worm) Treat All Email Attachments with Caution The common sense approach: If the attachment has one of the following file extensions, be very suspect .scr, Delete .pif, .vb, .vbe, .vbs, exe suspect attachments immediately and empty the “Recycle Bin” Nine Critical Steps in Securing SOHO Computers and Networks Install, use and update anti-virus programs Treat all email attachments with caution Keep current with operating system updates Use host based Intrusion Detection Systems Keep current with operating system patches “A fix or modification to a program bug in the Operating System. A patch is an actual piece of object code that is inserted into (patched into) an executable program.” -- webopedia.com Many operating system patches are related to system security. Staying current can be automated on recent versions of Windows Keep current with operating system patches Windows operating systems are frequently “patched or updated” Windows Update Service Packs (SPs) are a collection of patches and updates Keep current with operating system patches Before updating a system make sure of the following The update is required for your system The update won’t harm your system or any applications running on it You can uninstall the update Get used to performing these updates Many security compromises are a result of unpatched systems Keep current with operating system patches Using the Windows Update feature Click the Start menu Then choose Windows Update http://v4.windowsupdate.microsoft.co m/en/default.asp Windows Update options in Windows 2000 Pro: Keep current with operating system patches First click Scan for Updates Then click Review and Install Updates Three categories of updates Critical updates and service packs Updates for your version of Windows Driver updates Keep current with operating system patches Click on Critical Updates and Service Packs Remove those updates not applicable to your system Click Install Now Some updates will require restarting your computer Keep current with operating system patches Configuring Automatic Updates Control Panel or System Properties Update options Only notify of updates Download and notify of updates Download and install on a specified schedule Keep current with operating system patches Software Update Service Available on more recent versions of Windows Creates a single point internally as the source of updates Conserves bandwidth Keep current with operating system patches Microsoft Technet Service Source for a variety of security and related details http://www.microsoft.com/technet/defa ult.asp Knowledge Base articles Keep current with operating system patches Blaster Worm Knowledge Base article #823980 Exploits a buffer overflow flaw in Windows Patch released by Microsoft on July 16, 2003 Updated August 25, 2003 Keep current with operating system patches State of Maryland BMV shut down on August 13, 2003 Many other large networks affected http://www.microsoft.com/technet/tree view/?url=/technet/security/bulletin/M S03-026.asp Keep current with operating system patches Sasser Worm and multiple variations over several weeks in April 2004 Knowledge Base articles # 835732 to prevent future infections # 841720 to clean infected systems Windows 2000 and Windows XP only Keep current with operating system patches Test patches first, then install Removing patches and operating system updates Control Panel Add/Remove Programs Applications and patches all listed here Select the desired item, click Remove Nine Critical Steps in Securing the Home Network Install, use and update anti-virus programs Treat all email attachments with caution Keep current with operating system updates Use host based Intrusion Detection Systems Use Host Based Intrusion Detection Systems Most intrusion detection systems (IDS) take either a network or a hostbased approach IDS looks for attack signatures, i.e., specific network traffic patterns that may indicate an attack Host based is appropriate for SOHO environments Use Host Based Intrusion Detection Systems Host based intrusion detection analyzes all incoming and outgoing network information for data patterns typical of an attack Host based intrusion detection uses the writing to log files or audit files Logs changes made to the system Use Host Based Intrusion Detection Systems The information the IDS collects is based on the monitoring of operating system, application software and security events. Built-in capabilities Event Viewer in Windows Must review log files regularly Nine Critical Steps in Securing SOHO Computers and Networks Use a firewall Host based or dedicated firewall Regularly backup your data Use an operating system with strong authentication and passwords Use file access controls and data encryption Make a boot disk to recover the system Use a Firewall Firewalls are used to filter network traffic Allow or block traffic based on criteria selected Well known ports Port 80 for HTTP Port 443 for HTTPS Ports 20/21 for FTP Port 25 for Mail Use a Firewall Firewalls can be implemented at the host network interface or on an intermediary system such as a router Firewalls implemented at the host are software based Firewalls implemented at a router are hardware based You can use either or both Use a Firewall Firewalls can be implemented at the host network interface or on an intermediary system such as a router SOHO router products from Linksys, D-Link and others All allow for configuring to meet your needs Nine Critical Steps in Securing SOHO Computers and Networks Use a firewall Host based or dedicated firewall Regularly backup your data Use an operating system with strong authentication and passwords Use file access controls and data encryption Make a boot disk to recover the system Regularly Backup Your Data Back up your files regularly Backing up means to copy data files from a local hard drive to another device Tape, external hard drive, CD/DVD, ZIP drive Application software can be restored from the original media Regularly Backup Your Data Most operating systems include a backup and restore utility Numerous third party products available Veritas, Computer Associates Hard drives have a finite life span and will eventually fail Regularly Backup Your Data If your system is compromised by malicious acts or physical failure data backup is your only solution Multiple copies of the backup media stored on-site and off-site Multiple media sets Regularly Backup Your Data Restoring or recovering the data is equally important Practice These data restores don’t have to be full-blown system restores but restoring sample data files Nine Critical Steps in Securing SOHO Computers and Networks Use a firewall Host based or dedicated firewall Regularly backup your data Use an operating system with strong authentication and passwords Use file access controls and data encryption Make a boot disk to recover the system Use an operating system with strong user authentication and passwords Choose operating systems such as Win XP, Win2000 Pro or Linux Rename the administrator or root account Require long and strong passwords Change passwords over time Use an operating system with strong user authentication and passwords Manage passwords by policy Local security policy or Group Policy Some tools Password cracking tools Microsoft Baseline Security Analysis tool http://www.microsoft.com/downloads/ details.aspx?FamilyID=9a88e63b92e3-4f97-80e78bc9ff836742&DisplayLang=en Nine Critical Steps in Securing SOHO Computers and Networks Use a firewall Host based or dedicated firewall Regularly backup your data Use an operating system with strong authentication and passwords Use file access controls and data encryption Make a boot disk to recover the system Use File Access Controls, Data Encryption Set permissions on data files of importance Permissions define “who” can do “what” with a folder or file Permissions are also called Access Control Lists (ACLs) Use File Access Controls, Data Encryption You can also encrypt files for an additional layer of file access protection Encryption is built-in to the NTFS file system Found only with NT, W2K and XP Can use third party tools Nine Critical Steps in Securing SOHO Computers and Networks Use a firewall Host based or dedicated firewall Regularly backup your data Use an operating system with strong authentication and passwords Use file access controls and data encryption Make a boot disk to recover the system Make a Boot Disk to Recover the System Create a system boot disk How to create one depends on the Operating System Useful in resolving start up problems due to corrupt or missing files Update the boot disk regularly Summary Install, use and update antivirus programs Treat email attachments with caution Keep current with operating system patches Use host based intrusion detection systems Use a host based or dedicated firewall Summary Regularly backup your data Use an operating system with strong user authentication and passwords Use file access controls and data encryption Make a boot disk for system recovery References The CERT® Coordination Center (CERT/CC) is a center of Internet security expertise at the Software Engineering Institute, a federally funded center operated by Carnegie Mellon University www.cert.org Conclusion Thanks for your attendance Commit yourself and your organization to secure your networks and computers Expect more from Sinclair Community College on these topics in the months to come
© Copyright 2024