580 likes | 738 Views
Secure Your Computer Now. Warning. This presentation is only a guide containing recommended security settings. It is not meant to replace well-structured policy or sound judgment. Furthermore this guide does not address site-specific configuration issues. Care must be taken when implementing
E N D
1. Secure Your Computer Now How to keep your face off the evening news for compromising 98,000 student records Start hereStart here
2. Secure Your Computer Now Warning. This presentation is only a guide containing recommended security settings. It is not meant to replace well-structured policy or sound judgment. Furthermore this guide does not address site-specific configuration issues. Care must be taken when implementing these recommendations to address local operational and policy concerns. Some of the security precautions discussed here, if improperly implemented, can make your data inaccessible, not only to the bad guys, but also to you!
Identity theft is a growing and very serious problem. Recently introduced state law and campus policy introduce measures designed to reduce the risk of identity theft. For these measures to be effective, we will all need to modify the ways we treat data.Some of the security precautions discussed here, if improperly implemented, can make your data inaccessible, not only to the bad guys, but also to you!
Identity theft is a growing and very serious problem. Recently introduced state law and campus policy introduce measures designed to reduce the risk of identity theft. For these measures to be effective, we will all need to modify the ways we treat data.
4. State law modifications are moving toward making this apply to
any identity-theft-sensitive pair of information items:
first-last name, name-ssn, name-cdl, name-bankid, ssn-bank-id, etc.State law modifications are moving toward making this apply to
any identity-theft-sensitive pair of information items:
first-last name, name-ssn, name-cdl, name-bankid, ssn-bank-id, etc.
5. Section 310-022 Policy and Procedure Manual
6. Section 310-022 Policy and Procedure Manual
7. UC Davis Computing Standards Annual checklist includes14 Standards
7 Level 1 Practices: “Highest priority” standards that apply to all computers on the network
7 Level II Practices: “Secondary priority” standards, some of which apply to servers or system administrators Your mission: secure all the computers in your domain
Hand out checklist.Your mission: secure all the computers in your domain
Hand out checklist.
8. Computing Security Standards I-A. Software Patch Updates OSs for which the publisher does NOT maintain updates:
Mac OS 7, 8 or 9, X 10.0, X 10.1
Mac OS 10.4 is now the current release, expect support to 10.2 to dissappear
Microsoft DOS
Microsoft Windows 3, 95, 98?, ME?, 2000?
Red Hat, Fedora, and LINUX users: get up to dateOSs for which the publisher does NOT maintain updates:
Mac OS 7, 8 or 9, X 10.0, X 10.1
Mac OS 10.4 is now the current release, expect support to 10.2 to dissappear
Microsoft DOS
Microsoft Windows 3, 95, 98?, ME?, 2000?
Red Hat, Fedora, and LINUX users: get up to date
9. Computing Security Standards I-A. Software Patch Updates
10. Computing Security Standards I-A. Software Patch Updates
11. Computing Security Standards I-A. Software Patch Updates
12. Computing Security Standards I-A. Software Patch Updates Make sure your computer will typically be ON then the update is scheduled.
If you set updates to 3 AM but turn your computer off every night, it will not happen.
(This behavior can be overridden by Administrators in some environments.)Make sure your computer will typically be ON then the update is scheduled.
If you set updates to 3 AM but turn your computer off every night, it will not happen.
(This behavior can be overridden by Administrators in some environments.)
13. Computing Security Standards I-B. Anti-virus software Just installing anti-virus software does not guarantee that it will get updates in a timely fashion. Assume nothing. Also, make sure you are updating the application products in addition to the
virus definitions.Just installing anti-virus software does not guarantee that it will get updates in a timely fashion. Assume nothing. Also, make sure you are updating the application products in addition to the
virus definitions.
14. Computing Security Standards I-B. Anti-virus software
15. Computing Security Standards I-B. Anti-virus software Make sure you are updating the application products (here shown weekly) in addition to the
virus definitions (here shown daily).Make sure you are updating the application products (here shown weekly) in addition to the
virus definitions (here shown daily).
16. Computing Security Standards I-C. Insecure Network Services telnet ==> ssh
ftp ==> scp or sftp
pop ==> pop over SSLtelnet ==> ssh
ftp ==> scp or sftp
pop ==> pop over SSL
17. Computing Security Standards I-C. Insecure Network Services NOTE: You don’t need to have file sharing enabled your computer to connect to file servers.
Enabling file sharing means you want to share the files on your computer with others -- including the bad guys.NOTE: You don’t need to have file sharing enabled your computer to connect to file servers.
Enabling file sharing means you want to share the files on your computer with others -- including the bad guys.
18. Computing Security Standards I-C. Insecure Network Services NOTE: You don’t need to have file and print sharing enabled your computer to connect to file servers and printers. Enabling file and print sharing means you want to share your printer(s) and the files on your computer with others -- including the bad guys.NOTE: You don’t need to have file and print sharing enabled your computer to connect to file servers and printers. Enabling file and print sharing means you want to share your printer(s) and the files on your computer with others -- including the bad guys.
19. Computing Security Standards I-D. Authentication If you don’t need to log in after turning your computer on, then your computer is misconfigured, and in violation of policy.If you don’t need to log in after turning your computer on, then your computer is misconfigured, and in violation of policy.
20. Computing Security Standards I-D. Authentication - Passwords Make sure automatic login is disabled.Make sure automatic login is disabled.
21. Computing Security Standards I-D. Authentication - Passwords Make sure automatic login is disabled.Make sure automatic login is disabled.
22. Computing Security Standards I-D. Authentication - Passwords
23. Computing Security Standards
24. Computing Security Standards
25. Computing Security Standards
26. Computing Security Standards
27. Computing Security Standards I-D. Authentication - Passwords Remember: those networked HP printers that support telnet out of the box. They have an administrator account with no password. Some allow you to telnet out of the printer. Hackers love these because they can cover their tracks by hacking into someone’s server from a “printer”!
The same rule should apply to those keypad door locks that are often left to their deafult key code: 1 2 3 4 5Remember: those networked HP printers that support telnet out of the box. They have an administrator account with no password. Some allow you to telnet out of the printer. Hackers love these because they can cover their tracks by hacking into someone’s server from a “printer”!
The same rule should apply to those keypad door locks that are often left to their deafult key code: 1 2 3 4 5
28. Computing Security Standards I-D. Authentication - Passwords Important distinction between the first account set up on a Mac vs a Windows computer. On windows, this account is a full administrator account. Anything that account runs (like a virus) runs with full admin privs. On a Mac the first account is made a member of the admin group. This account can do administrative things if the user can supply their password. You can’t touch things in the system area without authenticating.Important distinction between the first account set up on a Mac vs a Windows computer. On windows, this account is a full administrator account. Anything that account runs (like a virus) runs with full admin privs. On a Mac the first account is made a member of the admin group. This account can do administrative things if the user can supply their password. You can’t touch things in the system area without authenticating.
29. Computing Security Standards I-D. Authentication - Passwords Plain text logins to mail will go away by summer.
Other plain text protocols (telnet, ftp) will go away as well.Plain text logins to mail will go away by summer.
Other plain text protocols (telnet, ftp) will go away as well.
30. Computing Security Standards I-E. Personal Information Remember those grant proposals contain names and SSN’s of you co-PIs. You don’t want to have to send letters to everyone you’ve ever shared a grant with telling them that you’ve exposed them to identity theft because your laptop was stolen out of your office!
If you need to preserve or archive information for a while, burn it to CD and delete it from your computer (Use Secure Empty Trash!). If you only need to keep the information for a while (gradebook), boldly mark the destroy date on the CD. And then destroy the CD on or after that date.Remember those grant proposals contain names and SSN’s of you co-PIs. You don’t want to have to send letters to everyone you’ve ever shared a grant with telling them that you’ve exposed them to identity theft because your laptop was stolen out of your office!
If you need to preserve or archive information for a while, burn it to CD and delete it from your computer (Use Secure Empty Trash!). If you only need to keep the information for a while (gradebook), boldly mark the destroy date on the CD. And then destroy the CD on or after that date.
31. Computing Security Standards I-E. Personal Information We use FastLane now, but Remember those grant proposals Word documents contain names and SSN’s of you co-PIs. You don’t want to have to send letters to everyone you’ve ever shared a grant with telling them that you’ve exposed them to identity theft because your laptop was stolen out of your office!
If you need to preserve or archive information for a while, burn it to CD and delete it from your computer (Use Secure Empty Trash!). If you only need to keep the information for a while (gradebook), boldly mark the destroy date on the CD. And then destroy the CD on or after that date.We use FastLane now, but Remember those grant proposals Word documents contain names and SSN’s of you co-PIs. You don’t want to have to send letters to everyone you’ve ever shared a grant with telling them that you’ve exposed them to identity theft because your laptop was stolen out of your office!
If you need to preserve or archive information for a while, burn it to CD and delete it from your computer (Use Secure Empty Trash!). If you only need to keep the information for a while (gradebook), boldly mark the destroy date on the CD. And then destroy the CD on or after that date.
32. Computing Security Standards I-E. Personal Information
Traditional file deleting simply removes the file name from the disk directory but leaves the file data in place. Secure Erase Trash immediately overwrites the file with erroneous data, so that the file disappears and cannot be reconstructed.
Traditional file deleting simply removes the file name from the disk directory but leaves the file data in place. Secure Erase Trash immediately overwrites the file with erroneous data, so that the file disappears and cannot be reconstructed.
33. Computing Security Standards I-F. Physical Security
34. Computing Security Standards I-F. Physical Security
35. Computing Security Standards I-F. Physical Security
36. Computing Security Standards I-F. Physical Security
37. Computing Security Standards I-F. Physical Security
38. Computing Security Standards I-F. Physical Security Windows users can invoke the screen saver with CTRL-ALT-DEL or with WINDOWS-LWindows users can invoke the screen saver with CTRL-ALT-DEL or with WINDOWS-L
39. Computing Security Standards I-F. Physical Security Cool idea, three problems
1) software doesn’t run on Mac
2) #1 doesn’t matter cause the software doesn’t do what I want -- prevent disk from mounting without fingerprint.
3) ... oh yeah, the third reason why fingerprints identification may prove to be an unpopular idea...Cool idea, three problems
1) software doesn’t run on Mac
2) #1 doesn’t matter cause the software doesn’t do what I want -- prevent disk from mounting without fingerprint.
3) ... oh yeah, the third reason why fingerprints identification may prove to be an unpopular idea...
41. Computing Security Standards I-F. Physical Security
42. Computing Security Standards I-F. Physical Security
43. Computing Security Standards I-G. Firewall Services
44. Computing Security Standards I-G. Firewall Services
45. Computing Security Standards I-G. Firewall Services
46. Computing Security Standards I-G. Firewall Services
47. Computing Security Standards I-G. Firewall Services
48. Computing Security Standards II-A. No Open E-mail Relays
49. Computing Security Standards II-B. Proxy Services
50. Computing Security Standards II-C. Audit Logs
51. Computing Security Standards II-D. Backup and Recovery
52. Computing Security Standards II-D. Backup and Recovery
53. Computing Security Standards II-E. Training for Users, Administrators and Managers
54. Computing Security Standards II-F. Anti-Spyware Software
55. Computing Security Standards II-G. Release of Equipment with Electronic Storage
56. Computing Security Standards II-G. Release of Equipment with Electronic Storage In the Geology Department we have lots of tools available to assist us, net to mention lots of big rocks! Mac OS X 10.4 Dusk Utility provides a number of security options in the “Erase disk” section, including 7-pass and 35-pass erase.In the Geology Department we have lots of tools available to assist us, net to mention lots of big rocks! Mac OS X 10.4 Dusk Utility provides a number of security options in the “Erase disk” section, including 7-pass and 35-pass erase.
57. Questions?
58.