1 / 17

Telecommuting and Broadband Security a.k.a. “Telecommuting Security Cookbook”

Telecommuting and Broadband Security a.k.a. “Telecommuting Security Cookbook”. NIST’s. Rick Kuhn Computer Security Division National Institute of Standards and Technology. Rick Kuhn kuhn@nist.gov 301-975-3337 Tim Grance grance@nist.gov 301-975-4242. NIST Guideline 800-46.

bardia
Download Presentation

Telecommuting and Broadband Security a.k.a. “Telecommuting Security Cookbook”

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Telecommuting and Broadband Security a.k.a.“Telecommuting Security Cookbook” NIST’s Rick Kuhn Computer Security Division National Institute of Standards and Technology • Rick Kuhn kuhn@nist.gov 301-975-3337 • Tim Grance grance@nist.gov 301-975-4242

  2. NIST Guideline 800-46 • For users, system managers, and agency administrators • Step-by-step instructions on • Personal firewalls • Securing web browsers • Securing PC configurations • Home networking • Virtual private networks • Telecommuting architectures • Agency/enterprise considerations • Helping you avoid: spyware, Trojan horses, email compromise, “theft of service”

  3. What can happen? - cybercrime • Maryland man used dumpster diving, forged email, wireless hacking to steal information and intimidate competitor • Used unsecured wireless access in residential areas to hide identity • Eluded police for months until …

  4. D’oh! $17 million extortion demand: "make the check payable to Myron Tereshchuk"

  5. What’s different about broadband? • Always on • Longer exposure to internet • User less likely to notice attack • May be permanent IP address • Higher speed • Downloads of malicious code faster, less noticeable • Faster probes for vulnerabilities • Usually combined with wireless

  6. Wireless Worries • Available on Internet: • Software to break 802.11b “wired equivalency protocol” (WEP) encryption in 10 – 20 minutes • Plans to build sensitive antennas with 5-10 mile range

  7. Wireless Networking – what to do • Turn off SSID broadcast • Keep sensitive data on removable media • Use file and printer sharing only as necessary • Change default admin passwords • Use encryption, even if it is not perfect • WPA preferable to WEP

  8. Personal firewalls – what to do All home networks connected to the Internet via a broadband connection should have two types of firewall installed: • Install stand-alone firewall • Blocks incoming traffic, hides PC • Install software firewall • Can block suspicious outgoing messages and and alert user • Run an online security scan

  9. Firewall configuration

  10. Virus Protection • Commercial tools maintained with up to date definitions • Popular freeware tools: • AVG – http://free.grisoft.com/ • Antivir – http://www.free-av.com/ • Microsoft Malicious software removal tool - http://www.microsoft.com/technet/security/default.mspx

  11. Spyware Protection Spyware detection and removal tools • Popular freeware tools: • Spybot –http://www.safer-networking.org/ • Adaware – http://www.lavasoftusa.com/ • Microsoft Antispyware – http://www.microsoft.com/athome/security/spyware/software/default.mspx • Some software firewalls can detect spyware

  12. Voice Communication • Corded phone – most secure; tapping requires physical connection • Cordless – can be picked up on scanners, baby monitors, etc.; 900 MHz, 2.4, 5.8 GHz more secure for now • Cell phones – can be picked up with UHF TV tuner (around 800 MHz) • Digital PCS – more secure for now • PC based voice communication (Voice over IP) – depends on security of your PC and Internet • What to do –get a corded phone for office

  13. Electronic Mail • Remote login – may use unencrypted passwords (POP3) • E-mail forwarding – user doesn’t need to log in to central system at all; OK if email not sensitive • Virtual Private Network (VPN) – great security but expensive and more complex to install/administer • What to do– choose based on cost and what’s more important, central system or email contents

  14. Agency/enterprise Considerations – what to do • Establish standard security configuration for telecommuter systems • Organization should provide pre-configured PC for home user • Limit use to official duties (but assume this won’t always be followed!)

  15. Top 10 User Precautions for Telecommuting • Install software firewall • Add stand-alone firewall (also) • Install anti-virus software • Turn off file and printer sharing (unless needed for home network) • Update operating system and browser regularly

  16. Top 10 User Precautions for Telecommuting • Know how to turn off and delete cookies • Use strong passwords • Install spyware detection and removal tools • Use only amount of security necessary • Consider encryption or VPN software if you need it

  17. Summary • Telecommuting can be done with an appropriate level of security, at a reasonable cost! • Security motto: you don’t have to outrun the wolves, just the people you’re with … • For More Info see: • NIST SP800-46 Security for Telecommuting and Broadband Communications, August 2002 • See “Publications” on csrc.nist.gov • http://csrc.nist.gov/publications/ • Contacts: • Rick Kuhn kuhn@nist.gov 301-975-3337 • Tim Grance grance@nist.gov 301-975-4242 • Web site: csrc.nist.gov

More Related