NUIT Tech Talk: Cybersecurity
October 27, 2006
Information and Systems Security/Compliance
Dave Kovarik, Director
2
Topics:• October: Cybersecurity Awareness Month • Statistics• Incidents• Changes• Security Tips
Information and Systems Security/Compliance
3
October - Cybersecurity Awareness Month
4
http://www.it.northwestern.edu/security/tip-of-the-month/
October - Cybersecurity Awareness Month
• Stay virus free…
• Sweep for spyware…
• Stop adware…
• Activate your firewall…
• More…
5
http://www.staysafeonline.org/
Ongoing…
• Protect your personal data
• Know who you’re dealing with online
• Use anti-virus, firewall & anti-spyware
• Set your OS and browser to operate securely
• Use strong passphrases & authentication
• Backup regularly
• Learn what to do if things go wrong
• Protect our kids online
6
483
220 212275
146
214
105141
81 58 76 82
050
100150200250300350400450500
2005 - 2006Oct Nov Dec Jan Feb Mar Apr May Jun Jul Aug Sep
Total Incidents by Month
Incidents - By Month
7
Incidents - Annual
1815
3523
10145
5655
1178
0
2000
4000
6000
8000
10000
12000
Incidents: Comparison by Year
2002 2003 2004 2005 2006
8
Security Incidents
Severity One
• Sept 27 – We’re notified of a compromise of a mail server at a school, serving 488 users. NetIDs/passwords are exposed.
• Apparent cause was exploit of a weak password on a local account.
• E-mail notification is sent to the users indicating a change of passwords is required. NetIDs are set to expire within 7 days to ensure the change occurs or becomes disabled.
9
Security Incidents
Severity One
• July 6th – We raise a Severity 2 incident (May 24th ) to Severity 1 as a department discovers PII on 9 compromised workstations.
• Apparent cause was exploit of RealVNC software used for remote access and management.
• Written notification was provided to 17,000, and a news release posted to the University’s webpage and issued to state-wide media in compliance with Illinois regulation and University’s Incident Response Protocol.
10
Security Incidents
Severity One
• July 6th - Notified by a school that a spreadsheet containing the names and social security numbers of 32 individuals was available to the public on a web server.
• The sensitive data was removed from the server. Analysis of available logs proved inconclusive.
• Written notification is provided to the 32 individuals per the University’s Incident Response Protocol.
11
Security Incidents
Severity Two
• Aug 14 - Notified by a department of a breach where user had enabled the remote desktop feature on workstation and had not properly protected the connection. The workstation held PII of 7,000 individuals.
• Investigation of logs shows a compromise for less than 30 minutes, with almost no data transfer; we conclude PII was not discovered nor disclosed.
• A collective opinion was provided to Office of General and they agree notification is not required.
12
Changes
• Policy, Standards & Requirements
– Secure Handling of SSNs - June 30
– Firewall Policy (Draft) - July 17
– Recommendations for Identification and
protection of PII - Aug 18
– Server Security Requirements - Sept 01
13
Security Tips…
Online purchases
1. Links within E-mail
– Don’t trust the link
– Key the address
2. Credit card & online purchases
– Single credit (not “debit”) card
– Lower limit
14
Security Sites…
Search Utilities
http://www.it.northwestern.edu/policies/procedures/datasearch.html
Network extensions
http://www.it.northwestern.edu/policies/network/extensions.html
Illegal downloads
http://www.it.northwestern.edu/security/illegaldownloading/index.html
15
You’re the Key
You’re the Key…
• Information Security
• DR / BCP
• Compliance
16
Thank You…
• For your continued support…
• For your diligence…
• Questions, comments?
Dave Kovarik: (847) 467-5930
17
Next up…
John WeflerDistributed Support SpecialistDistributed Support ServicesNorthwestern University Information Technology
Get Control: Five Steps
Step One: Start NowStep Two: Secure PasswordsStep Three: Protective ProgramsStep Four: Secure SettingsStep Five: Good Habits
Step One: Start Now
“What are the threats?”
HackersData Miners
Identity ThievesOnline Predators
Key LoggersPhishingSpywareVirusesOthers?
21
Phishing Example
For more information, visit: www.it.northwestern.edu/getcontrol/startnow.html
Step Two: Secure Passwords/Passphrases
“What’s in a p@$$w0Rd?”
Password/Passphrase Rules:
Never give your passphrase to anyoneNever E-mail a passphraseMake your passphrase hard to hackDon’t leave your passphrase on a
yellow post-it on your computer monitor
NU Password RulesYour password must:
be 6-8 characters in length. contain a non-alphabetical character such as
1 2 3 ! $ & * , ? + = contain one or more non-alphabetical
characters between alphabetical characters (example: "A3b", "j3;M").
Passphrase ExamplesHard to Hack ~ Easy to Remember
red.dogpick%ley4zzooY3l1owrb34tlEsliK3c4keOa0pit$b
Passphrase Don’ts• DON'T use information that can be obtained about you, such as a license plate or phone number, or the names of children or pets. • DON'T use words found in the dictionary or two words separated by punctuation. • DON'T use passphrases/passwords with fewer than eight (8) characters. • DON'T use features that offer to 'remember your password'. • DON'T keep a 'default' password. Make your own!
Passphrases: Final Thoughts
Change your passwords/passphrases often
For more information, visit: www.it.northwestern.edu/getcontrol/securepasswords.htm
Step Three: Protective Programs
Anti-Virus Scanner
Spyware Protection
Software Firewall
Symantec Anti-Virus
• Install on any machine that does NU business • Update virus definitions daily• Run regular scans of your entire system
Anti-Virus Programs
Why should you NOT run multiple Anti-Virus
programs simultaneously?
Prevent and Treat SpywareWhat is Spyware?
• Spyware is a program or service that runs behind your back, without your knowledge and permission.
• Spyware can lead to machine slowdowns, pop-ups, and identity theft.
Prevent and Treat SpywareUse SpyBot Search & Destroy
• Includes a web site restrictor via the “immunize” feature
• Has an updateable Spyware signature scanner and remover
Software Firewalls
Enable native or third-party firewalls
NUIT Protection
Additional “Behind-the-Scenes” Protection:Outgoing Port Scans
Hardware Firewall OptionsE-mail Defense System
35
E-mail Defense System
• Quarantines 2 million messages per week• Quarantined mail held for 7 days• All e-mail with an EDS junk probability rating
greater than “99” is deleted before reaching the servers
www.it.northwestern.edu/security/eds
For more information, visit: www.it.northwestern.edu/getcontrol/protectiveprograms.htm
Step 4: Secure Settings
Hackers Constantly Searching for Security Holes in Software and
Hardware Platformsvs.
Vendors Constantly Patching Security Holes in Software and Hardware
Platforms
Updates and PatchesEnsure that:
Operating System has the necessary updates.
Software programs have the necessary updates.
Automated vendor system -or-homepage
For more information, visit: www.it.northwestern.edu/getcontrol/securesettings.html
Step Five: Smart Habits
Communications
Sender -> Media -> Receiver
Smart Habits
If you are the “receiver” of a request for personal information:
your password, social security number, account number, etc.
BE SUSPECT!
Red Flags
PhishingSpoofing
Phone CallsPostal Mail
41
“What do I do if….?”
• Think before you click (or after)• Call your bank• Change your password immediately• Check your credit report regularly• Remember: Northwestern will never
ask you for personal information
Smart Habits• Get a “garbage collector” e-mail accountthrough a free service provider:
–Use this account to register for subscription services on the Web.–Will help reduce junk e-mail on your campus account.
For more information, visit: www.it.northwestern.edu/getcontrol/smarthabits.html
Questions?
44
Upcoming Tech Talks• November 1: Vista OS
-Microsoft representative visits Evanston campus to discuss Microsoft’s newest operating system
• November 15: Meeting Maker-Are you getting the most out of your Meeting Maker?
45
Visit the NUIT Web site
www.it.northwestern.edu
Call the NUIT Support Center at 847-491-HELP