1 / 13

Information Security Session October 24, 2005

Information Security Session October 24, 2005. Bill Eaheart Network Security Coordinator DePaul University. Top Ten List. Install Operating system Updates and Patches Install Anti-Virus and Spyware Protection Use a Host Based Firewall Create a strong password

LeeJohn
Download Presentation

Information Security Session October 24, 2005

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Information Security SessionOctober 24, 2005 Bill Eaheart Network Security Coordinator DePaul University

  2. Top Ten List • Install Operating system Updates and Patches • Install Anti-Virus and Spyware Protection • Use a Host Based Firewall • Create a strong password • Use caution when opening email attachments • Never share personal information • Do not respond to Spam • Back up Files • Do not Share Folders • Use a Spyware program Information Security

  3. Securing Windows Basic Steps to Secure your Machine: Step One: Enable a personal firewall Step Two: Download & Install AntiVirus Step Three: Run Windows Update Step Four: Configure Windows for Automatic Updates Step Five: Secure Your Accounts and Passwords Step Six: Run a Weekly Virus Scans of your Entire Computer Step Seven: Run and Update a Spyware Removal Program Step Eight: Disable or Set password for File Shares Step Nine: Run Microsoft Baseline Security Analyzer Information Security

  4. Personal Firewalls • A personal firewall is a software-based filter between your computer and the outside world that is installed on your computer to protect it from unauthorized access by other external users. • Personal firewalls are configurable to specify which incoming and outgoing programs, ports, and IP addresses can be accessed. • Windows XP • Internet Connection Firewall (ICF) • http://www.microsoft.com/windowsxp/using/security/internet/sp2_wfintro.mspx • Inspects only incoming traffic • Commercial/Free Products • Sygate Personal Firewall • ZoneAlarm • Tiny Personal Firewall • Norton Personal Firewall • BlackIce PC Protection Information Security

  5. How does a firewall work? • Each machine on the Internet is assigned a unique address called an IP address. • Computers have addresses referred to as IP addresses • Allows computers to talk to each other • Tells your computer where you want to send traffic • Example: 140.192.65.25 • Ports – A server machine makes its services available to the Internet using numbered ports • Tells your computer what service you want • Web Server: Port 80 • Internet Communication • Similar to postal envelopes • Instead of postal address and zip codes  IP addresses and Port number • Connecting to a web server • Where do I want to go  www.cnn.com (DNS – easy for people to remember) • What is the IP Address  64.236.16.20 • What service do I want  Port 80 (web server) • What your computer sees • Source: 140.192.79.91:4628  Destination: 64.236.16.20:80 Information Security

  6. How does a firewall work? • Computers have services running – even your work or home PC • A firewall inspects all traffic coming or leaving your computer • Use a set of rules to determine if it should allow the traffic to pass • In many cases you just need to install or enable the firewall application Information Security

  7. Why is a firewall important? Scanning logs Wed Mar 19 00:15:23 CST 2005Number of scans: 523,264 Destination Ports Total     Port======    ======198602      445 Windows 112389      139 Windows 88258     1433 MS-SQL - slammer worm 82404       80 Web Server 18390      135 Windows Information Security

  8. What a Firewall Can Do • A firewall can be selective about what it lets through and what it blocks. • The firewall inspects all incoming traffic – and on some firewall applications it can inspect outgoing traffic as well • Based on the setup and rules the firewall determines if the packet should be blocked or transmitted • Some applications send notifications to the user with options • Denying the program or traffic • Allowing it just this one time. You will be asked again the next time it wants to use the network. • Allowing it forever more. You will not be asked again the next time it wants to use the network. • What do you do if you received a notification that traffic has been blocked • Firewall has blocked the harmful traffic Information Security

  9. What a Firewall Cannot Do • Be aware of a false sense of security • Firewalls are limited in protecting your computer • Do Firewalls Prevent Viruses, Worms or Malware? • NO!! • Some firewalls can prevent malware from accessing the internet if your computer is infected your • Majority of all malware is received through e-mail, file sharing (like Kazaa or Gnutella) or through direct download of a malicious program • Firewalls can't prevent this • Common Sense and Caution • Operating System patches and security fixes • Anti-Virus software • Spyware software Information Security

  10. Windows Update • Microsoft provides security patches and updates • Check for updates at least once per month • Security fixes released on the second Tuesday of each month • Manual Update • Open Internet Explorer  http://windowsupdate.microsoft.com • Windows Automatic Updates makes this easy • Start  Control Panel  Automatic Updates • DePaul makes it even easier • Software Update Services (SUS) server Information Security

  11. Automatic Windows Update Information Security

  12. Microsoft Security Analyzer • Microsoft Baseline Security Analyzer • http://www.microsoft.com/technet/security/tools/mbsahome.mspx • Free, vulnerability assessment tool for the Microsoft platform • Download Software • Installation Wizard • Scan your computer Information Security

  13. The End! Thank you Any questions weaheart@depaul.edu Information Security

More Related