Upload
networkingcentral
View
252
Download
0
Embed Size (px)
Citation preview
Technology Solutions Conference
School Security
2
Network Security
Prevention
Recovery
Forensics
Security Audit
New Trends
Security Issues
3
Firewalls
Servers
Desktops
Network
Applications
User Training
Policies
Basic Assumptions
Prevention
4
Prevention - Firewalls
What data do you want to protect? Known databases such as student and financial
information Local databases kept on hard drives
What is a firewall? Not a content filter
Poor configurations and lack of patch maintenance very commonPersonal firewalls for your home
5
Prevention - Firewalls
Intrusion Detection Software
What is a DMZ?
Web server dilemmas Placement of server Access for content management
6
Prevention - Servers
Keep up with server maintenance and security patches Nimda took advantage of known holes Code Red, Polymorphic worms
Subscribe to virus definitions and be sure to update Not all virus protection software is created
equal
7
Security - Servers
Remove all generic and guest defaults after install Web server hacked via generic login
Check for inactive web modules They can be accessed and generic setups
abused
8
Prevention - DesktopsA: drive Vulnerable to infected floppy disks and other
non-authorized files and applications
C: drive Vulnerable to configuration changes, and
access to restricted resources (students hid Internet access)
FTP Vulnerable to downloads of infected files or
other non-authorized files and applications
9
Security & Hackers
Internal Attacks: Students and Staff Hackers
External Attacks: Internet & e-Mail
Parasitic Attacks: Bandwith, Storage, Processing
Common Security Issues
10
Internal Attacks: Student & Staff Hackers
Denial of Service Web server attacks
Unauthorized Intrusions Admin server accounts SASI Id’s
Anonymous surfing Port 443
11
External Attacks: Internet & e-Mail
Spamming and Smurfing Rejected e-mail
e-Mail Viruses ILOVEYOU, Melissa, Anna K, Sircam Back Orifice
Worms Code Red Nmda Polymorhic worms
12
Parasitic Attacks
Bandwidth School T1 used fully 24 hours a day Wireless access, NYC Antenna & Liverpool
Resource consumption .exe files
music videos games
13
Common Security Issues
Kids used to maintain parts of network – (ie web server)
Virus subscription not purchased
Security patches not up to date on servers and workstations
Firewall: None, poorly configured, not up to date on patches
14
Common Security Issues
Web server inside or outside Firewall
Applications and/or servers not set up correctly (leaving Guest ID’s, Anonymous users, FTP)
No disaster recovery and backups are not rigorous
15
Common Security Issues
No restrictions on desktops for studentsFloppy access, FTP, loading software
No policy for security: escalation, passwords, etc.
16
Prevention - Desktops
Windows Explorer Students see all network resources
Right Click Students can cut, paste, and delete
important files including system configuration
17
Prevention - Network
Require specific logons Lab aid giving generic logons so students could
bypass system Pornography found on C: drive in teachers’ room
Secure your remote access to network Maintenance done by third parties Virtual Private Networks (VPNs)
Are your hubs and switches physically secure?
18
Prevention - Network
Configure your routers with access lists
Check hubs, switches and routers for web management modules and change default passwords
19
Prevention - Applications
Microsoft Office – “save as” Can student see network drives?
Microsoft Office and Encarta templates Students get Internet access and can download
unauthorized Microsoft patches
Downloads of plugins and other softwareProgramming courses such as C++ and Visual Basic Have access to basic network functions
20
Prevention - Policies
.exe files Slow Internet and/or network performance Overwhelmed hard drives and network
servers
Passwords No policy on changing Fewer passwords for ease of use purposes “Shoulder surfing” , yellow stickies, etc.
21
Prevention - Policies
Loading software locally Technical issues – not in “Ghost image” Printing and application support issues Copyright issues Accidentally “blow out” system
Docking home computers Students running “cracking” programs and
access SASI passwords
22
Prevention - Policies
Disks from home Technical vulnerabilities Copyright vulnerabilities
Students doing maintenance May compromise security intentionally or
unintentionally
23
Prevention - PoliciesRemoval of access when someone leaves E-mail, Calendar, network logon, etc.
Early notification of problems such as viruses What process in place to notify users of new
viruses, etc.
More than one person with key knowledge and access. Network backdoors setup Secret backups and password changes done
before termination 18 months rebuilding system because of no
documentation
24
Prevention – Policies
Enforcement of policies If practice doesn’t follow policy than
policies are not valid.
25
Recovery
Save to the network Saving to the C: drive means no backups
Verify that they are done Who is responsible? Who is their backup?
External backups vs internal
Proper tape rotation
Off-site storage
Periodic backup check before and emergency
26
Recovery
Damaged servers RAID drives Maintenance contract or spare drives Mirrored or backup servers Hot site
Routers, switches, hubs Maintenance contract of replacements
27
Recovery
Applications media archived
Escalation procedure to move to recovery quicker and to limit damages May need to isolate problem May need to change passwords
28
Forensics
Log files: Intrusion detection logs Firewall logs Router logs Server logs Application logs
29
Forensics
Unique log-insIsolate systemsNotify authoritiesPrint screens (IM’ing, chat, e-mail, etc.) Terror threat to local HS Ballad of an e-mail terrorist
Hard Dive recoveryAnonymizer sites