560 likes | 666 Views
Who’s in your PC?. Keeping The Bad Guys Out. YOUR ATTENTION PLEASE…. Digitally Mastered Clip. Media Citations For This Presentation:. Movie Clips: Bourne Ultimatum (Universal Pictures) Internal INL Animation Team: John Mulligan (Conceptual) Jonathan Homer (Conceptual)
E N D
Who’s in your PC? Keeping The Bad Guys Out
Media CitationsFor This Presentation: Movie Clips: Bourne Ultimatum(Universal Pictures) Internal INL Animation Team: John Mulligan (Conceptual) Jonathan Homer (Conceptual) Jason Miller (Visual) Carl Fennen (Audio)
Cops and Robbers • A Child’s Game • A Multi-Trillion Dollar Industry
Challenge #1 Using a laser pointer: • Shoot only Jason Bourne and Nicky Parsons • Don’t Shoot DeshBouksanior innocent bystanders
How Did We Do? • Did we get the bad guys? • Did we keep the good guys alive? • Could we do better with practice?
Challenge #2 Using a laser pointer: • Eliminate the bomb before it explodes • You have only a single shot
How Did We Do? • Did you get the bomb? • Why was this harder? • What does this represent in the real world?
Challenge #3 Using a laser pointer: • Identify each of the selected individuals as they appear on the screen. • Do not incorrectly identify any innocent bystanders
How Did We Do? • Did you get all the identified people? • Why not? • Would more guns have helped? • Group: What would make this scenario plausible?
Today’s Cops and Robbers • 6,000 employees + 100’s of visitors walk past security guard posts every day • 30,000 pieces of mail enter or exit the INL on the average day. That’s more mail than the average person receives in 1 lifetime. • Hundreds of Thousands of emails arrive at the INL daily. • Terabytes of Data enter/exit the INL every day.
3 Primary Ways a Computer Is Compromised • Direct Attack
3 Primary Ways a Computer Is Compromised • Direct “Firewall” Attack • Social Engineering
3 Primary Ways a Computer Is Compromised • Direct “Firewall” Attack • Social Engineering • Innocent Host
Protecting Our Assets • Be smart – use common sense • Circle the wagons – be a part of the group • Stay up to date – mitigate known issues
Being Smart Summary • Keep passwords private • Lock your computer when away • Don’t use INL media in non-INL computers • Don’t use non-INL media in INL computers • Encrypt sensitive data
What’s happening on your Computer • WHAT YOU SEE: • WHAT’S HAPPENINGIN THE BACKGROUND: INL AVERAGES: • 33 Processes (Background Programs) • 55 Services (Drivers and Controllers) • 16 Connections across the Network • Has access to dozens of servers and enterprise systems STANDARD PROCESSES: DPB2CP.EXE wuauclt.exe msiexec.exe PccNTMon.exe NTRtScan.exe explorer.exe rcgui.exe Ttskmgr.exe wmiprvse.exe OfcPfwSvc.exe pds.exe LocalSch.EXE residentAgent.exe MsPSMPSv.exe TmListen.exe spoolsv.exe SoftMon.exe svchost.exe ntmulti.exe ldalert.exe svchost.exe svchost.exe svchost.exe lsass.exe services.exe Winlogon.exe collector.exe csrss.exe PDVDDXSrv.exe cftmon.exe smss.exe SDClientMonitor.exe MDM.exe vulscan.exe tcpsvcs.exe issuser.exe Tmcsvc.exe System STANDARD SERVICES: Alg AudioSrv Browser CBA8 CryptSvc DcomLaunch Dhcp dmserver Dnscache Eventlog EventSystem helpsvc HidServ Intel Local Scheduler Service Intel PDS Intel Targeted Multicast ISSUSER lanmanserver lanmanworkstation LmHosts LPDSVC MDM Multi-user Cleanup Service Netlogon Netman Nla ntrtscan OfcPfwSvc PlugPlay ProtectedStorage RasMan RemoteRegistry RpcSs SamSs SCardSvr seclogon SENS SharedAccess ShellHWDetection Softmon Spooler SR_Service SR_WatchDog SSDPSRV TapiSrv TermService Themes tmlisten UMWdf W32Time WebClient winmgmt wltrysvc WMDM PMSP Service wuauserv
Standard INL Configuration Microsoft Office Lotus Notes Internet Explorer Trend Micro AntiVirus LanDesk Managed WINDOWS XP
Introducing HRF • HARDWARE REGISTRATION FORM • Update to 565.06 (Unclassified Computer Security Form) • Similar format to AAR (annual asset review) • Updated semi-annually • Gives comprehensive visual into working environment
Introducing LDBlue • LANDESK GATEWAY • Increasing toolset of existing LanDesk Suite • Remote Patching and Updates • Permits Remote Assistance from OpsCenter
Resources Available • Website: http://myPC.inl.gov https://ldblue.inl.gov (Available External) http://opscenter.inl.gov http://virus.inl.gov • Email: desktop@inl.gov • Phone:OpsCenter: 6-1000
Contact Information Jonathan Homer Desktop Management 526-9660 jonathan.homer@inl.gov
SUCCESS!!! IT Communications NLIT 2009
THE RESULT • Deemed a huge success • Recognized by INL management • Traveled to Washington D.C. by request • Has become a benchmark when discussing INL communications
“Water Cooler” – The Capstone • “The [environmental risk] numbers are impressive and can be staggering…I think the presentation [should] be a model for other user-training presentations we (IT) develop.” • Homeland Security Researcher, 25+ year INL Veteran • “I just begrudgingly attended the last available "Who's in Your PC?" training. It wasn't mandatory, I'm busy with year-end deliverables, and I assumed it would be boring. Boy was I wrong….This was perhaps the best executed training I’ve seen at the Lab ever. It was content-rich and fast-paced, used current relevant visuals, had audience participation, and distributed useful handouts. Please take good care of these guys. We need this kind of talent and enthusiasm at the INL.” • Project Manager for Energy and Environment Organization
PRESENTATION ATTENDENCE Momentum!
Key Tricks and Trips Lessons Learned
Put Yourself In Their Shoes • Stigma: “Black Text, White Background, Never Ends” • What do they really need to know? • How does it apply to them personally? • The details should be in the supportmaterials • Know your audience before you arrive