120 likes | 232 Views
UNITS Quarterly Meeting April 29, 2004. Network Security Roger Safian r-safian@northwestern.edu. Statistics Why these incidents occur What can be done to prevent them Questions. Agenda. FY 2002/2003 Virus = 1166 Compromised = 727 Total incidents = 3042 9/1/02 – 8/31/03. FY 2003/2004
E N D
UNITS Quarterly MeetingApril 29, 2004 Network Security Roger Safian r-safian@northwestern.edu
Statistics Why these incidents occur What can be done to prevent them Questions Agenda
FY 2002/2003 Virus = 1166 Compromised = 727 Total incidents = 3042 9/1/02 – 8/31/03 FY 2003/2004 Virus = 1436 Compromised = 261 Total incidents = 2220 9/1/01 – 2/29/04 Statistics
FY 2002/2003 Virus = 336 Compromised = 646 Total incidents = 2037 9/1/02 – 7/31/03 FY 2003/2004 Virus = 1436 Compromised = 261 Total incidents = 2220 9/1/01 – 2/29/04 Statistics – Take 2Removing August (Blaster/Welchia)
FY 2002/2003 Virus = 142 Compromised = 342 Total incidents = 1102 9/1/02 – 2/28/03 FY 2003/2004 Virus = 1436 Compromised = 261 Total incidents = 2220 9/1/01 – 2/29/04 Statistics – Take 3Same time frames
Weak Passwords All machines and accounts need passwords Use rules similar to the NetID rules Opening viral attachments Don’t open unexpected attachments Only open specific types of extensions Make sure to look at the LAST extension Why these incidents occur?
Updates not applied Ensure Windows update runs automatically Don’t forget about layered products Network use P2P Be careful when clicking on links Why these incidents occur? (2)
Out of date anti-viral software Ensure you install the NU supplied software Set to update automatically EVERY day Blended Threats Multiple attack vectors directed at hosts Home Networks Frequently attacked with little monitoring Why these incidents occur? (3)
Internet Security Systems Network scanner Produces HTML reports Organized by severity Currently checks for ~1300 vulnerabilities ISS Scans
Caveats Not 100% accurate A pretty decent indicator though Doesn’t see through your firewall Machine must be online Only looks for vulnerabilities it knows about ISS Scans (2)
Recommend getting report once per quarter Or any time you are suspicious Or have significant changes Request from security@northwestern.edu Send IP addresses you wish scanned Can specify a range or subnet ISS Scans (3)
Contact Information 1-847-491-4058 1-847-467-2222 (NOC 24x7) security@northwestern.edu r-safian@northwestern.edu Questions?