1 / 56

Who’s in your PC?

Who’s in your PC?. Keeping The Bad Guys Out. YOUR ATTENTION PLEASE…. Digitally Mastered Clip. Media Citations For This Presentation:. Movie Clips: Bourne Ultimatum (Universal Pictures) Internal INL Animation Team: John Mulligan (Conceptual) Jonathan Homer (Conceptual)

waite
Download Presentation

Who’s in your PC?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Who’s in your PC? Keeping The Bad Guys Out

  2. YOUR ATTENTION PLEASE…

  3. Digitally Mastered Clip

  4. Media CitationsFor This Presentation: Movie Clips: Bourne Ultimatum(Universal Pictures) Internal INL Animation Team: John Mulligan (Conceptual) Jonathan Homer (Conceptual) Jason Miller (Visual) Carl Fennen (Audio)

  5. Bourne Intro

  6. Cops and Robbers • A Child’s Game • A Multi-Trillion Dollar Industry

  7. Challenge #1 Using a laser pointer: • Shoot only Jason Bourne and Nicky Parsons • Don’t Shoot DeshBouksanior innocent bystanders

  8. How Did We Do? • Did we get the bad guys? • Did we keep the good guys alive? • Could we do better with practice?

  9. Challenge #2 Using a laser pointer: • Eliminate the bomb before it explodes • You have only a single shot

  10. How Did We Do? • Did you get the bomb? • Why was this harder? • What does this represent in the real world?

  11. Challenge #3 Using a laser pointer: • Identify each of the selected individuals as they appear on the screen. • Do not incorrectly identify any innocent bystanders

  12. How Did We Do? • Did you get all the identified people? • Why not? • Would more guns have helped? • Group: What would make this scenario plausible?

  13. Today’s Cops and Robbers • 6,000 employees + 100’s of visitors walk past security guard posts every day • 30,000 pieces of mail enter or exit the INL on the average day. That’s more mail than the average person receives in 1 lifetime. • Hundreds of Thousands of emails arrive at the INL daily. • Terabytes of Data enter/exit the INL every day.

  14. 3 Primary Ways a Computer Is Compromised • Direct Attack

  15. 3 Primary Ways a Computer Is Compromised • Direct “Firewall” Attack • Social Engineering

  16. 3 Primary Ways a Computer Is Compromised • Direct “Firewall” Attack • Social Engineering • Innocent Host

  17. Protecting Our Assets • Be smart – use common sense • Circle the wagons – be a part of the group • Stay up to date – mitigate known issues

  18. Being Smart

  19. What did we see? What did we Learn?

  20. Being Smart Summary • Keep passwords private • Lock your computer when away • Don’t use INL media in non-INL computers • Don’t use non-INL media in INL computers • Encrypt sensitive data

  21. Circle The Wagons

  22. What’s happening on your Computer • WHAT YOU SEE: • WHAT’S HAPPENINGIN THE BACKGROUND: INL AVERAGES: • 33 Processes (Background Programs) • 55 Services (Drivers and Controllers) • 16 Connections across the Network • Has access to dozens of servers and enterprise systems STANDARD PROCESSES: DPB2CP.EXE wuauclt.exe msiexec.exe PccNTMon.exe NTRtScan.exe explorer.exe rcgui.exe Ttskmgr.exe wmiprvse.exe OfcPfwSvc.exe pds.exe LocalSch.EXE residentAgent.exe MsPSMPSv.exe TmListen.exe spoolsv.exe SoftMon.exe svchost.exe ntmulti.exe ldalert.exe svchost.exe svchost.exe svchost.exe lsass.exe services.exe Winlogon.exe collector.exe csrss.exe PDVDDXSrv.exe cftmon.exe smss.exe SDClientMonitor.exe MDM.exe vulscan.exe tcpsvcs.exe issuser.exe Tmcsvc.exe System STANDARD SERVICES: Alg AudioSrv Browser CBA8 CryptSvc DcomLaunch Dhcp dmserver Dnscache Eventlog EventSystem helpsvc HidServ Intel Local Scheduler Service Intel PDS Intel Targeted Multicast ISSUSER lanmanserver lanmanworkstation LmHosts LPDSVC MDM Multi-user Cleanup Service Netlogon Netman Nla ntrtscan OfcPfwSvc PlugPlay ProtectedStorage RasMan RemoteRegistry RpcSs SamSs SCardSvr seclogon SENS SharedAccess ShellHWDetection Softmon Spooler SR_Service SR_WatchDog SSDPSRV TapiSrv TermService Themes tmlisten UMWdf W32Time WebClient winmgmt wltrysvc WMDM PMSP Service wuauserv

  23. Standard INL Configuration Microsoft Office Lotus Notes Internet Explorer Trend Micro AntiVirus LanDesk Managed WINDOWS XP

  24. Introducing HRF • HARDWARE REGISTRATION FORM • Update to 565.06 (Unclassified Computer Security Form) • Similar format to AAR (annual asset review) • Updated semi-annually • Gives comprehensive visual into working environment

  25. HRF – Accessing The Form

  26. HRF – Property and Hostname

  27. HRF – Security

  28. HRF – Updating 565.06

  29. HRF – Summary(understanding your system)

  30. Questions About HRF…

  31. Introducing LDBlue • LANDESK GATEWAY • Increasing toolset of existing LanDesk Suite • Remote Patching and Updates • Permits Remote Assistance from OpsCenter

  32. LDBlue

  33. Questions About LDBlue…

  34. Resources Available • Website: http://myPC.inl.gov https://ldblue.inl.gov (Available External) http://opscenter.inl.gov http://virus.inl.gov • Email: desktop@inl.gov • Phone:OpsCenter: 6-1000

  35. Contact Information Jonathan Homer Desktop Management 526-9660 jonathan.homer@inl.gov

  36. SUCCESS!!! IT Communications NLIT 2009

  37. THE RESULT • Deemed a huge success • Recognized by INL management • Traveled to Washington D.C. by request • Has become a benchmark when discussing INL communications

  38. “Water Cooler” – The Capstone • “The [environmental risk] numbers are impressive and can be staggering…I think the presentation [should] be a model for other user-training presentations we (IT) develop.” • Homeland Security Researcher, 25+ year INL Veteran • “I just begrudgingly attended the last available "Who's in Your PC?" training. It wasn't mandatory, I'm busy with year-end deliverables, and I assumed it would be boring. Boy was I wrong….This was perhaps the best executed training I’ve seen at the Lab ever. It was content-rich and fast-paced, used current relevant visuals, had audience participation, and distributed useful handouts. Please take good care of these guys. We need this kind of talent and enthusiasm at the INL.” • Project Manager for Energy and Environment Organization

  39. PRESENTATION ATTENDENCE Momentum!

  40. Key Tricks and Trips Lessons Learned

  41. Put Yourself In Their Shoes • Stigma: “Black Text, White Background, Never Ends” • What do they really need to know? • How does it apply to them personally? • The details should be in the supportmaterials • Know your audience before you arrive

More Related