Small Office/Home Office (SOHO) Computer and Network Security

1
Small Office/Home Office (SOHO)Computer and
Network Security

• Sinclair Community College
• CIS Department

2
Small Office/Home Office (SOHO)Computer and
Network Security

• Bob Sherman
• Patty Gillilan
• Associate Professors, CIS Department
• Multiple Microsoft and Cisco certifications

3
Why SOHO Computer and Networking Security is
Important

• Personal information
• Private files
• Financial information
• Having your systems high jacked
• Invasion of privacy, e.g., Spyware
• Identity theft

4
Why SOHO Computer and Networking Security is
Important

• Identity theft is a very large and growing
  concern
• Gartner Research Group estimates seven million
  victims of ID theft in the US in the past twelve
  months
• http//www.consumer.gov/idtheft/
• http//www.usdoj.gov/criminal/fraud/idtheft.html
• http//www.idtheftcenter.org/index.shtml

5
(No Transcript)
6
(No Transcript)
7
Why SOHO Computer and Networking Security is
Important

• Spyware a new and growing threat
• Spyware can
• Manipulate your system
• Record your habits
• Facilitate theft of your passwords, credit card
  info and identity
• Adware, key loggers and Trojan horses

8
Why SOHO Computer and Networking Security is
Important

• Signs of spyware on your PC
• Home page changes
• New favorites appear
• System is noticeably slower
• New toolbars appear in IE

9
Why SOHO Computer and Networking Security is
Important

• Spyware
• File sharing services, e.g., Kazaa or Grokster
• Clicking on pop-up ads
• Opening infected emails
• Spy Sweeper
• http//www.webroot.com

10
Objectives

• Familiarize the computer users with the
  following
• What it means to be online
• The door to the Internet swings both ways
• What are common risks and vulnerabilities?
• How to protect against threats
• Maintaining vigilance by staying current

11
Nine Critical Steps in Securing SOHO Computers
and Networks

• Install, use and update anti-virus programs
• Treat all email attachments with caution
• Keep current with operating system updates
• Use host based Intrusion Detection Systems

12
Nine Critical Steps in Securing SOHO Computers
and Networks

• Use a firewall
• Host based or dedicated firewall
• Regularly backup your data
• Use an operating system with strong
  authentication and passwords
• Use file access controls and data encryption
• Make a recovery/boot disk

13
Nine Critical Steps in Securing SOHO Computers
and Networks

• Install, use and update anti-virus programs
• Treat all email attachments with caution
• Keep current with operating system updates
• Use host based Intrusion Detection Systems

14
Install, use and update anti-virus programs

• The single most important thing you can do to
  protect your system
• Most common exposure
• Email attachments
• Connections to web servers
• Make sure the program you select also protects
  against Worms and Trojans

15
Install, use and update anti-virus programs

• Some popular antivirus products
• Symantec
• McAfee
• Computer Associates
• http//www.symantec.com/sabu/nis/nis_pe/
• http//us.mcafee.com/default.asp
• http//www.my-etrust.com

16
(No Transcript)
17
(No Transcript)
18
(No Transcript)
19
Install, use and update anti-virus programs

• Norton antivirus output and options
• System status
• Reports
• Scheduled system scan

20

21

22
(No Transcript)
23
Nine Critical Steps in Securing SOHO Computers
and Networks

• Install, use and update anti-virus programs
• Treat all email attachments with caution
• Keep current with operating system updates
• Use host based Intrusion Detection Systems

24
Treat All Email Attachments with Caution

• Email Viruses are becoming more prevalent all of
  the time
• If you haven't gotten an email virus, chances are
  you will, if you dont take the appropriate steps
• Preventing email viruses begins with common sense
  and ends with a virus detection program

25
Treat All Email Attachments with Caution

• The Common sense approach
• Make sure you are familiar with the sender of the
  email
• Note the names of the file attachments
• Do they make sense to you?
• Some names are designed to entice you to open the
  attachment
• AnnaKournikova.jpg.vbs (Worm)

26
Treat All Email Attachments with Caution

• The common sense approach
• If the attachment has one of the following file
  extensions, be very suspect
• .scr, .pif, .vb, .vbe, .vbs, exe
• Delete suspect attachments immediately and empty
  the Recycle Bin

27
Nine Critical Steps in Securing SOHO Computers
and Networks

• Install, use and update anti-virus programs
• Treat all email attachments with caution
• Keep current with operating system updates
• Use host based Intrusion Detection Systems

28
Keep current with operating system patches

• A fix or modification to a program bug in the
  Operating System. A patch is an actual piece of
  object code that is inserted into (patched into)
  an executable program. -- webopedia.com
• Many operating system patches are related to
  system security.
• Staying current can be automated on recent
  versions of Windows

29
Keep current with operating system patches

• Windows operating systems are frequently patched
  or updated
• Windows Update
• Service Packs (SPs) are a collection of patches
  and updates

30
Keep current with operating system patches

• Before updating a system make sure of the
  following
• The update is required for your system
• The update wont harm your system or any
  applications running on it
• You can uninstall the update
• Get used to performing these updates
• Many security compromises are a result of
  unpatched systems

31
Keep current with operating system patches

• Using the Windows Update feature
• Click the Start menu
• Then choose Windows Update
• http//v4.windowsupdate.microsoft.com/en/default.a
  sp

32
Windows Update options in Windows 2000 Pro      
33
(No Transcript)
34
Keep current with operating system patches

• First click Scan for Updates
• Then click Review and Install Updates
• Three categories of updates
• Critical updates and service packs
• Updates for your version of Windows
• Driver updates

35
(No Transcript)
36
Keep current with operating system patches

• Click on Critical Updates and Service Packs
• Remove those updates not applicable to your
  system
• Click Install Now
• Some updates will require restarting your computer

37
(No Transcript)
38
Keep current with operating system patches

• Configuring Automatic Updates
• Control Panel or System Properties
• Update options
• Only notify of updates
• Download and notify of updates
• Download and install on a specified schedule

39
(No Transcript)
40
(No Transcript)
41
Keep current with operating system patches

• Software Update Service
• Available on more recent versions of Windows
• Creates a single point internally as the source
  of updates
• Conserves bandwidth

42
Keep current with operating system patches

• Microsoft Technet Service
• Source for a variety of security and related
  details
• http//www.microsoft.com/technet/default.asp
• Knowledge Base articles

43
(No Transcript)
44
Keep current with operating system patches

• Blaster Worm
• Knowledge Base article 823980
• Exploits a buffer overflow flaw in Windows
• Patch released by Microsoft on July 16, 2003
• Updated August 25, 2003

45
Keep current with operating system patches

• State of Maryland BMV shut down on August 13,
  2003
• Many other large networks affected
• http//www.microsoft.com/technet/treeview/?url/te
  chnet/security/bulletin/MS03-026.asp

46
(No Transcript)
47
Keep current with operating system patches

• Sasser Worm and multiple variations over several
  weeks in April 2004
• Knowledge Base articles
• 835732 to prevent future infections
• 841720 to clean infected systems
• Windows 2000 and Windows XP only

48
Keep current with operating system patches

• Test patches first, then install
• Removing patches and operating system updates
• Control Panel
• Add/Remove Programs
• Applications and patches all listed here
• Select the desired item, click Remove

49
(No Transcript)
50
(No Transcript)
51
Nine Critical Steps in Securing the Home Network

• Install, use and update anti-virus programs
• Treat all email attachments with caution
• Keep current with operating system updates
• Use host based Intrusion Detection Systems

52
Use Host Based Intrusion Detection Systems

• Most intrusion detection systems (IDS) take
  either a network or a host-based approach
• IDS looks for attack signatures, i.e., specific
  network traffic patterns that may indicate an
  attack
• Host based is appropriate for SOHO environments

53
Use Host Based Intrusion Detection Systems

• Host based intrusion detection analyzes all
  incoming and outgoing network information for
  data patterns typical of an attack
• Host based intrusion detection uses the writing
  to log files or audit files
• Logs changes made to the system

54
Use Host Based Intrusion Detection Systems

• The information the IDS collects is based on the
  monitoring of operating system, application
  software and security events.
• Built-in capabilities
• Event Viewer in Windows
• Must review log files regularly

55
Nine Critical Steps in Securing SOHO Computers
and Networks

• Use a firewall
• Host based or dedicated firewall
• Regularly backup your data
• Use an operating system with strong
  authentication and passwords
• Use file access controls and data encryption
• Make a boot disk to recover the system

56
Use a Firewall

• Firewalls are used to filter network traffic
• Allow or block traffic based on criteria selected
• Well known ports
• Port 80 for HTTP
• Port 443 for HTTPS
• Ports 20/21 for FTP
• Port 25 for Mail

57
Use a Firewall

• Firewalls can be implemented at the host network
  interface or on an intermediary system such as a
  router
• Firewalls implemented at the host are software
  based
• Firewalls implemented at a router are hardware
  based
• You can use either or both

58
(No Transcript)
59
(No Transcript)
60
(No Transcript)
61
(No Transcript)
62
(No Transcript)
63
Use a Firewall

• Firewalls can be implemented at the host network
  interface or on an intermediary system such as a
  router
• SOHO router products from Linksys, D-Link and
  others
• All allow for configuring to meet your needs

64
(No Transcript)
65
(No Transcript)
66
Nine Critical Steps in Securing SOHO Computers
and Networks

• Use a firewall
• Host based or dedicated firewall
• Regularly backup your data
• Use an operating system with strong
  authentication and passwords
• Use file access controls and data encryption
• Make a boot disk to recover the system

67
Regularly Backup Your Data

• Back up your files regularly
• Backing up means to copy data files from a local
  hard drive to another device
• Tape, external hard drive, CD/DVD, ZIP drive
• Application software can be restored from the
  original media

68
Regularly Backup Your Data

• Most operating systems include a backup and
  restore utility
• Numerous third party products available
• Veritas, Computer Associates
• Hard drives have a finite life span and will
  eventually fail

69
Regularly Backup Your Data

• If your system is compromised by malicious acts
  or physical failure data backup is your only
  solution
• Multiple copies of the backup media stored
  on-site and off-site
• Multiple media sets

70
Regularly Backup Your Data

• Restoring or recovering the data is equally
  important
• Practice data restores
• These dont have to be full-blown system restores
  but restoring sample data files

71
Nine Critical Steps in Securing SOHO Computers
and Networks

• Use a firewall
• Host based or dedicated firewall
• Regularly backup your data
• Use an operating system with strong
  authentication and passwords
• Use file access controls and data encryption
• Make a boot disk to recover the system

72
Use an operating system with strong user
authentication and passwords

• Choose operating systems such as
• Win XP, Win2000 Pro or Linux
• Rename the administrator or root account
• Require long and strong passwords
• Change passwords over time

73
Use an operating system with strong user
authentication and passwords

• Manage passwords by policy
• Local security policy or Group Policy
• Some tools
• Password cracking tools
• Microsoft Baseline Security Analysis tool
• http//www.microsoft.com/downloads/details.aspx?Fa
  milyID9a88e63b-92e3-4f97-80e7-8bc9ff836742Displa
  yLangen

74
(No Transcript)
75
(No Transcript)
76
(No Transcript)
77
Nine Critical Steps in Securing SOHO Computers
and Networks

• Use a firewall
• Host based or dedicated firewall
• Regularly backup your data
• Use an operating system with strong
  authentication and passwords
• Use file access controls and data encryption
• Make a boot disk to recover the system

78
Use File Access Controls, Data Encryption

• Set permissions on data files of importance
• Permissions define who can do what with a
  folder or file
• Permissions are also called Access Control Lists
  (ACLs)

79
Use File Access Controls, Data Encryption

• You can also encrypt files for an additional
  layer of file access protection
• Encryption is built-in to the NTFS file system
• Found only with NT, W2K and XP
• Can use third party tools

80
Nine Critical Steps in Securing SOHO Computers
and Networks

• Use a firewall
• Host based or dedicated firewall
• Regularly backup your data
• Use an operating system with strong
  authentication and passwords
• Use file access controls and data encryption
• Make a boot disk to recover the system

81
Make a Boot Disk to Recover the System

• Create a system boot disk
• How to create one depends on the Operating System
• Useful in resolving start up problems due to
  corrupt or missing files
• Update the boot disk regularly

82
Summary

• Install, use and update antivirus programs
• Treat email attachments with caution
• Keep current with operating system patches
• Use host based intrusion detection systems
• Use a host based or dedicated firewall

83
Summary

• Regularly backup your data
• Use an operating system with strong user
  authentication and passwords
• Use file access controls and data encryption
• Make a boot disk for system recovery

84
References

• The CERT Coordination Center (CERT/CC) is a
  center of Internet security expertise at the
  Software Engineering Institute, a federally
  funded center operated by Carnegie Mellon
  University
• www.cert.org

85
(No Transcript)
86
(No Transcript)
87
(No Transcript)
88
Conclusion

• Thanks for your attendance
• Commit yourself and your organization to secure
  your networks and computers
• Expect more from Sinclair Community College on
  these topics in the months to come