Title: Small Office/Home Office (SOHO) Computer and Network Security
1Small Office/Home Office (SOHO)Computer and
Network Security
- Sinclair Community College
- CIS Department
2Small Office/Home Office (SOHO)Computer and
Network Security
- Bob Sherman
- Patty Gillilan
- Associate Professors, CIS Department
- Multiple Microsoft and Cisco certifications
3Why SOHO Computer and Networking Security is
Important
- Personal information
- Private files
- Financial information
- Having your systems high jacked
- Invasion of privacy, e.g., Spyware
- Identity theft
4Why SOHO Computer and Networking Security is
Important
- Identity theft is a very large and growing
concern - Gartner Research Group estimates seven million
victims of ID theft in the US in the past twelve
months - http//www.consumer.gov/idtheft/
- http//www.usdoj.gov/criminal/fraud/idtheft.html
- http//www.idtheftcenter.org/index.shtml
5(No Transcript)
6(No Transcript)
7Why SOHO Computer and Networking Security is
Important
- Spyware a new and growing threat
- Spyware can
- Manipulate your system
- Record your habits
- Facilitate theft of your passwords, credit card
info and identity - Adware, key loggers and Trojan horses
8Why SOHO Computer and Networking Security is
Important
- Signs of spyware on your PC
- Home page changes
- New favorites appear
- System is noticeably slower
- New toolbars appear in IE
9Why SOHO Computer and Networking Security is
Important
- Spyware
- File sharing services, e.g., Kazaa or Grokster
- Clicking on pop-up ads
- Opening infected emails
- Spy Sweeper
- http//www.webroot.com
10Objectives
- Familiarize the computer users with the
following - What it means to be online
- The door to the Internet swings both ways
- What are common risks and vulnerabilities?
- How to protect against threats
- Maintaining vigilance by staying current
11Nine Critical Steps in Securing SOHO Computers
and Networks
- Install, use and update anti-virus programs
- Treat all email attachments with caution
- Keep current with operating system updates
- Use host based Intrusion Detection Systems
12Nine Critical Steps in Securing SOHO Computers
and Networks
- Use a firewall
- Host based or dedicated firewall
- Regularly backup your data
- Use an operating system with strong
authentication and passwords - Use file access controls and data encryption
- Make a recovery/boot disk
13Nine Critical Steps in Securing SOHO Computers
and Networks
- Install, use and update anti-virus programs
- Treat all email attachments with caution
- Keep current with operating system updates
- Use host based Intrusion Detection Systems
14Install, use and update anti-virus programs
- The single most important thing you can do to
protect your system - Most common exposure
- Email attachments
- Connections to web servers
- Make sure the program you select also protects
against Worms and Trojans
15Install, use and update anti-virus programs
- Some popular antivirus products
- Symantec
- McAfee
- Computer Associates
- http//www.symantec.com/sabu/nis/nis_pe/
- http//us.mcafee.com/default.asp
- http//www.my-etrust.com
16(No Transcript)
17(No Transcript)
18(No Transcript)
19Install, use and update anti-virus programs
- Norton antivirus output and options
- System status
- Reports
- Scheduled system scan
20 21 22(No Transcript)
23Nine Critical Steps in Securing SOHO Computers
and Networks
- Install, use and update anti-virus programs
- Treat all email attachments with caution
- Keep current with operating system updates
- Use host based Intrusion Detection Systems
24Treat All Email Attachments with Caution
- Email Viruses are becoming more prevalent all of
the time - If you haven't gotten an email virus, chances are
you will, if you dont take the appropriate steps - Preventing email viruses begins with common sense
and ends with a virus detection program
25Treat All Email Attachments with Caution
- The Common sense approach
- Make sure you are familiar with the sender of the
email - Note the names of the file attachments
- Do they make sense to you?
- Some names are designed to entice you to open the
attachment - AnnaKournikova.jpg.vbs (Worm)
26Treat All Email Attachments with Caution
- The common sense approach
- If the attachment has one of the following file
extensions, be very suspect - .scr, .pif, .vb, .vbe, .vbs, exe
- Delete suspect attachments immediately and empty
the Recycle Bin
27Nine Critical Steps in Securing SOHO Computers
and Networks
- Install, use and update anti-virus programs
- Treat all email attachments with caution
- Keep current with operating system updates
- Use host based Intrusion Detection Systems
28Keep current with operating system patches
- A fix or modification to a program bug in the
Operating System. A patch is an actual piece of
object code that is inserted into (patched into)
an executable program. -- webopedia.com - Many operating system patches are related to
system security. - Staying current can be automated on recent
versions of Windows
29Keep current with operating system patches
- Windows operating systems are frequently patched
or updated - Windows Update
- Service Packs (SPs) are a collection of patches
and updates
30Keep current with operating system patches
- Before updating a system make sure of the
following - The update is required for your system
- The update wont harm your system or any
applications running on it - You can uninstall the update
- Get used to performing these updates
- Many security compromises are a result of
unpatched systems
31Keep current with operating system patches
- Using the Windows Update feature
- Click the Start menu
- Then choose Windows Update
- http//v4.windowsupdate.microsoft.com/en/default.a
sp
32Windows Update options in Windows 2000 Pro
33(No Transcript)
34Keep current with operating system patches
- First click Scan for Updates
- Then click Review and Install Updates
- Three categories of updates
- Critical updates and service packs
- Updates for your version of Windows
- Driver updates
35(No Transcript)
36Keep current with operating system patches
- Click on Critical Updates and Service Packs
- Remove those updates not applicable to your
system - Click Install Now
- Some updates will require restarting your computer
37(No Transcript)
38Keep current with operating system patches
- Configuring Automatic Updates
- Control Panel or System Properties
- Update options
- Only notify of updates
- Download and notify of updates
- Download and install on a specified schedule
39(No Transcript)
40(No Transcript)
41Keep current with operating system patches
- Software Update Service
- Available on more recent versions of Windows
- Creates a single point internally as the source
of updates - Conserves bandwidth
42Keep current with operating system patches
- Microsoft Technet Service
- Source for a variety of security and related
details - http//www.microsoft.com/technet/default.asp
- Knowledge Base articles
43(No Transcript)
44Keep current with operating system patches
- Blaster Worm
- Knowledge Base article 823980
- Exploits a buffer overflow flaw in Windows
- Patch released by Microsoft on July 16, 2003
- Updated August 25, 2003
45Keep current with operating system patches
- State of Maryland BMV shut down on August 13,
2003 - Many other large networks affected
- http//www.microsoft.com/technet/treeview/?url/te
chnet/security/bulletin/MS03-026.asp
46(No Transcript)
47Keep current with operating system patches
- Sasser Worm and multiple variations over several
weeks in April 2004 - Knowledge Base articles
- 835732 to prevent future infections
- 841720 to clean infected systems
- Windows 2000 and Windows XP only
48Keep current with operating system patches
- Test patches first, then install
- Removing patches and operating system updates
- Control Panel
- Add/Remove Programs
- Applications and patches all listed here
- Select the desired item, click Remove
49(No Transcript)
50(No Transcript)
51Nine Critical Steps in Securing the Home Network
- Install, use and update anti-virus programs
- Treat all email attachments with caution
- Keep current with operating system updates
- Use host based Intrusion Detection Systems
52Use Host Based Intrusion Detection Systems
- Most intrusion detection systems (IDS) take
either a network or a host-based approach - IDS looks for attack signatures, i.e., specific
network traffic patterns that may indicate an
attack - Host based is appropriate for SOHO environments
53Use Host Based Intrusion Detection Systems
- Host based intrusion detection analyzes all
incoming and outgoing network information for
data patterns typical of an attack - Host based intrusion detection uses the writing
to log files or audit files - Logs changes made to the system
54Use Host Based Intrusion Detection Systems
- The information the IDS collects is based on the
monitoring of operating system, application
software and security events. - Built-in capabilities
- Event Viewer in Windows
- Must review log files regularly
55Nine Critical Steps in Securing SOHO Computers
and Networks
- Use a firewall
- Host based or dedicated firewall
- Regularly backup your data
- Use an operating system with strong
authentication and passwords - Use file access controls and data encryption
- Make a boot disk to recover the system
56Use a Firewall
- Firewalls are used to filter network traffic
- Allow or block traffic based on criteria selected
- Well known ports
- Port 80 for HTTP
- Port 443 for HTTPS
- Ports 20/21 for FTP
- Port 25 for Mail
57Use a Firewall
- Firewalls can be implemented at the host network
interface or on an intermediary system such as a
router - Firewalls implemented at the host are software
based - Firewalls implemented at a router are hardware
based - You can use either or both
58(No Transcript)
59(No Transcript)
60(No Transcript)
61(No Transcript)
62(No Transcript)
63Use a Firewall
- Firewalls can be implemented at the host network
interface or on an intermediary system such as a
router - SOHO router products from Linksys, D-Link and
others - All allow for configuring to meet your needs
64(No Transcript)
65(No Transcript)
66Nine Critical Steps in Securing SOHO Computers
and Networks
- Use a firewall
- Host based or dedicated firewall
- Regularly backup your data
- Use an operating system with strong
authentication and passwords - Use file access controls and data encryption
- Make a boot disk to recover the system
67Regularly Backup Your Data
- Back up your files regularly
- Backing up means to copy data files from a local
hard drive to another device - Tape, external hard drive, CD/DVD, ZIP drive
- Application software can be restored from the
original media
68Regularly Backup Your Data
- Most operating systems include a backup and
restore utility - Numerous third party products available
- Veritas, Computer Associates
- Hard drives have a finite life span and will
eventually fail
69Regularly Backup Your Data
- If your system is compromised by malicious acts
or physical failure data backup is your only
solution - Multiple copies of the backup media stored
on-site and off-site - Multiple media sets
70Regularly Backup Your Data
- Restoring or recovering the data is equally
important - Practice data restores
- These dont have to be full-blown system restores
but restoring sample data files
71Nine Critical Steps in Securing SOHO Computers
and Networks
- Use a firewall
- Host based or dedicated firewall
- Regularly backup your data
- Use an operating system with strong
authentication and passwords - Use file access controls and data encryption
- Make a boot disk to recover the system
72Use an operating system with strong user
authentication and passwords
- Choose operating systems such as
- Win XP, Win2000 Pro or Linux
- Rename the administrator or root account
- Require long and strong passwords
- Change passwords over time
73Use an operating system with strong user
authentication and passwords
- Manage passwords by policy
- Local security policy or Group Policy
- Some tools
- Password cracking tools
- Microsoft Baseline Security Analysis tool
- http//www.microsoft.com/downloads/details.aspx?Fa
milyID9a88e63b-92e3-4f97-80e7-8bc9ff836742Displa
yLangen
74(No Transcript)
75(No Transcript)
76(No Transcript)
77Nine Critical Steps in Securing SOHO Computers
and Networks
- Use a firewall
- Host based or dedicated firewall
- Regularly backup your data
- Use an operating system with strong
authentication and passwords - Use file access controls and data encryption
- Make a boot disk to recover the system
78Use File Access Controls, Data Encryption
- Set permissions on data files of importance
- Permissions define who can do what with a
folder or file - Permissions are also called Access Control Lists
(ACLs)
79Use File Access Controls, Data Encryption
- You can also encrypt files for an additional
layer of file access protection - Encryption is built-in to the NTFS file system
- Found only with NT, W2K and XP
- Can use third party tools
80Nine Critical Steps in Securing SOHO Computers
and Networks
- Use a firewall
- Host based or dedicated firewall
- Regularly backup your data
- Use an operating system with strong
authentication and passwords - Use file access controls and data encryption
- Make a boot disk to recover the system
81Make a Boot Disk to Recover the System
- Create a system boot disk
- How to create one depends on the Operating System
- Useful in resolving start up problems due to
corrupt or missing files - Update the boot disk regularly
82Summary
- Install, use and update antivirus programs
- Treat email attachments with caution
- Keep current with operating system patches
- Use host based intrusion detection systems
- Use a host based or dedicated firewall
83Summary
- Regularly backup your data
- Use an operating system with strong user
authentication and passwords - Use file access controls and data encryption
- Make a boot disk for system recovery
84References
- The CERT Coordination Center (CERT/CC) is a
center of Internet security expertise at the
Software Engineering Institute, a federally
funded center operated by Carnegie Mellon
University - www.cert.org
85(No Transcript)
86(No Transcript)
87(No Transcript)
88Conclusion
- Thanks for your attendance
- Commit yourself and your organization to secure
your networks and computers - Expect more from Sinclair Community College on
these topics in the months to come