IT Security

1
IT Security
Tony Brett IT Systems Manager Corpus Christi
College OxCERT tony.brett_at_corpus-christi.oxford.ac
.uk
2
Overview

• Excuses
• Policy
• E-mail
• Machine Security
• Physical Security
• File Security
• Viruses (inc. E-mailHoax)
• Public machines
• OS Security
• Network Security
• Student connections
• Excuses
• Sniffing
• Firewalls - University

• OxCERT
• Who
• What
• What it does
• What it doesnt do
• What to take away
• Resources
• Questions?

3
Excuses FAQs

• Users
• Why would anybody be interested in my account -
  I only use it for email
• Security is the admins problem not mine
• I let my friend in Spain use my account because
  they have been having problems with their
  network
• Why has my account been disabled on sable

4
Policy

• Enforce good passwords
• DONT store password in E-mail clients etc.
• Disable dormant accounts
• Age passwords
• Have a policy on the use of accounts encourage
  deletion unused accounts. Tell OUCS User Reg!
• Have a policy on Virus Hoaxes
• Make sure everyone knows about it
• Enforce it

5
E-Mail

• E-mail is NOT SECURE!
• Faking E-mail is very easy
• PGP is your friend
• Use for digital signatures
• Use for encrypting E-mail
• http//www.oucs.ox.ac.uk/email/pgp.html
• E-mail virus hoaxes policy.
• E-mail viruses ILOVEYOU, Melissa

6
Securing Computers

• Physical Security
• File Security
• Use Security

7
Securing Computers

• Physical Security
• File Security
• Use Security

8
Physical Security
Physical Security of machine is the limiting
factor in security

• Where are machines located?
• Who has keys or can get keys?
• How is access to rooms controlled and monitored?
• Are machines in cages or wired?
• Are building exits monitored?
• Keyboard sniffers

9
Securing Computers

• Physical Security
• File Security
• Use Security

Viruses
Password protect
Encrypt
10
Viruses Trojans

• Destructive Power - BIOS Erase
• Types of Virus
• Boot Sector
• Executable infectors, Trojans
• Macro or Document
• E-mail worms Outlook!, ILOVEYOU, MELISSA etc.
• Anti-Virus Products
• F-Prot
• Sophos - http//www.uk.sophos.com
• Dr. Solomons
• Norton -LiveUpdate
• Lynne Munro at OUCS

11
Public Machines

• Libraries
• Machines need to run Win95/98 to run OxLIP
  properly
• Inherent security risk with so many different
  applications
• OWL - http//web.lib.ox.ac.uk/software
• Password from technicians_at_las.ox.ac.uk
• Disk imaging software e.g. Ghost

12
Securing Computers

• Physical Security
• File Security
• Use Security

Password protect accounts
Restrict access
Physical locks
13
Securing your OS

• Ensure sufficient logging
• Examine logs
• Take note of and understand error messages
• Keep up-to-date with patches
• Dont run unnecessary network services
• Web servers are notorious, especially Microsoft
  IIS

14
Securing UNIX

• Linux a good, free OS but is the most often
  compromised
• Dynamic OS. Fixes released regularly
• Solaris, SunOS, HP-UX, Digital, SGI (IRIX).
• New compromises almost daily Bugtraq.
• Beware of Students running any UNIX. Encourage
  students to be aware. Sniffers!
• Only Run services that are needed. Turn off
  everything else. Telnetd, IMAPd, POPd, NFSd etc.
  
• Use SSH, SCP etc. Putty on Windows

15
Securing Macintoshes

• Mac OS Not designed for security
• Appletalk over Ethernet
• OUCS routing between departments
• Appleshare
• Guest account
• Owner sees whole Hard Disk
• TCP/IP
• DoS Attacks

16
PCs - DOS, Win16, Win32

• Standard operating systems
• DOS, Win95, WinNT (workstation)
• None designed to be servers
• Some security holes - DoS vulnerabilitiesDefault
  shares on 95 and NT boxesC, D, etc.
• Password caching(.pwl files)

17
NT Server, Netware Server

• Network O/S - running on PCs
• NT can run on other platforms
• File/Print services
• TCP/IP services (FTP, Web etc).
• Network packet signing
• Physical access to server
• Password regimes
• Backup disaster plan essential!
• Use OUCS HFS for backup
• Keep service packs up-to-date
• Compromises are rare
• See http//www.securityfocus.com/frames/?content/
  vdb/stats.html

18
Network Security

• 10BaseT vs. 10Base2 (coax)
• Manageable Hubs
• Physical access to hubs
• MAC address restriction
• Hub management passwords
• DHCP - dynamic vs. static, logs
• Switches vs. repeaters
• Sniffers
• Operating system policy running services.

19
Student Connections

• Connection Policy is essential
• Students must sign agreement
• Log DHCP assignments so abuses can be traced
• Get student to assign College the right to
  examine their machine
• Control use of server-type OS.

20
Securing the Network

• Outsiders looking in
• Insiders looking about
• Insiders looking out
• Access through valid means
• Misuse of features
• inadvertent doors
• Insecurity by design

21
Common Excuses

• I was just looking
• It wasnt secured so I thought it was OK
• I accidentally downloaded it and just thought I
  would see what happens when I ran it
• Hey man, the internet is an anarchy, I can do
  what I want
• Oh yeah, what are you going to do about it

22
Network Sniffing

• Almost impossible to detect
• Impact depends on topology of network
• Switching reduces possibilities

23
Network Sniffing - What is it?

• Much network traffic in clear text
• Passwords and Usernames
• Compromised machines running sniffers

Host Q listens without A B knowing
24
Network Topolgy
University Backbone
SWITCH
HUB
HUB
25
How to reduce the risk

• Encryption
• SSH, Disposable passwords, SCP
• Switch sensitive parts of network
• Use port scrambling on hubs
• Keep student and staff segments on separate
  switched ports

26
Firewalls

• Isolate the network
• Bandwidth bottleneck
• Rule based access
• IP addresses, blocks, or ports
• Extensive logging
• False sense of security
• OUCS
• Started fully open ports or addresses closed as
  vulnerabilites are identified
• Balance between security and utility

Badlands
Happyville
27
Who/What is OxCERT

• University IT Security Team
• oxcert_at_ox.ac.uk
• (2)82222
• Member of FIRST
• 9am-5pm, and best-attempt cover outside this
• probe-report_at_oxcert.ox.ac.uk

28
Who/What is OxCERT

• C. 10 Committee, termly meeting.
• 4 front-line
• Pete Biggs, Physical Theoretical Chemistry
• Patrick Green, OUCS
• Neil Clifford, Astrophysics
• Neil Long, OUCS
• Emergency Repsonse service, not a free machine
  set-up service
• http//info.ox.ac.uk/compsecurity/oxcert/

29
What OxCERT can do
SECURITY

• Advise IT staff and individuals on matters of IT
  security
• Advise on methods of improving security
• Liason with other CERTs
• Checking security of machines within Oxford
  University
• Assistance in disaster recovery
• Assistance in planning new networks and/or
  machines

30
What OxCERT can do

• Direct contact with all parts of OUCS
• Intervention when machines are found to be
  compromised
• Disable IP addresses or networks (both within and
  without Oxford) if security is being compromised
• Investigation of DoS (Denial of Service) type
  attacks
• What it can! Only 1.5 posts is funded by the
  University, others are volunteers.

31
What OxCERT cant do

• Get involved with policy decisions that dont
  affect security
• Deal with SPAM or abusive E-mail
  (advisory_at_oucs.ox.ac.uk)
• Deal with non-security computing issues
  (electronic harrassment etc.)
• Act as a substitute for OUCS advisory
• Miracles! Security is YOUR responsibility,
  OxCERT can only advise

32
What to take away

• Be aware of security
• Make users aware of the need for security
• Have, and enforce an IT Security Policy
• Maintain OS security
• Know what services you are providing and only
  provide those you know about

33
Resources

• This presentation
• http//users.ox.ac.uk/aesb/itsec.ppt
• OxCERT
• http//www.ox.ac.uk/it/compsecurity/oxcert/
• Secure E-mail
• http//www.oucs.ox.ac.uk/email/secure.html
• Public Machines
• http//users.ox.ac.uk/aesb/itsec.ppt
• Virus Hoaxes
• http//www.uk.sophos.com/virusinfo/scares/
• University and other IT rules
• http//www.ox.ac.uk/it/rules/
• The OUCS Hierarchical File Server
• http//hfs.ox.ac.uk/local/

34
Fin

• Questions?