1 / 58

Secure Your Computer Now

Secure Your Computer Now. Warning. This presentation is only a guide containing recommended security settings. It is not meant to replace well-structured policy or sound judgment. Furthermore this guide does not address site-specific configuration issues. Care must be taken when implementing

raghnall
Télécharger la présentation

Secure Your Computer Now

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. Secure Your Computer Now How to keep your face off the evening news for compromising 98,000 student records Start hereStart here

    2. Secure Your Computer Now Warning. This presentation is only a guide containing recommended security settings. It is not meant to replace well-structured policy or sound judgment. Furthermore this guide does not address site-specific configuration issues. Care must be taken when implementing these recommendations to address local operational and policy concerns. Some of the security precautions discussed here, if improperly implemented, can make your data inaccessible, not only to the bad guys, but also to you! Identity theft is a growing and very serious problem. Recently introduced state law and campus policy introduce measures designed to reduce the risk of identity theft. For these measures to be effective, we will all need to modify the ways we treat data.Some of the security precautions discussed here, if improperly implemented, can make your data inaccessible, not only to the bad guys, but also to you! Identity theft is a growing and very serious problem. Recently introduced state law and campus policy introduce measures designed to reduce the risk of identity theft. For these measures to be effective, we will all need to modify the ways we treat data.

    4. State law modifications are moving toward making this apply to any identity-theft-sensitive pair of information items: first-last name, name-ssn, name-cdl, name-bankid, ssn-bank-id, etc.State law modifications are moving toward making this apply to any identity-theft-sensitive pair of information items: first-last name, name-ssn, name-cdl, name-bankid, ssn-bank-id, etc.

    5. Section 310-022 Policy and Procedure Manual

    6. Section 310-022 Policy and Procedure Manual

    7. UC Davis Computing Standards Annual checklist includes14 Standards 7 Level 1 Practices: “Highest priority” standards that apply to all computers on the network 7 Level II Practices: “Secondary priority” standards, some of which apply to servers or system administrators Your mission: secure all the computers in your domain Hand out checklist.Your mission: secure all the computers in your domain Hand out checklist.

    8. Computing Security Standards I-A. Software Patch Updates OSs for which the publisher does NOT maintain updates: Mac OS 7, 8 or 9, X 10.0, X 10.1 Mac OS 10.4 is now the current release, expect support to 10.2 to dissappear Microsoft DOS Microsoft Windows 3, 95, 98?, ME?, 2000? Red Hat, Fedora, and LINUX users: get up to dateOSs for which the publisher does NOT maintain updates: Mac OS 7, 8 or 9, X 10.0, X 10.1 Mac OS 10.4 is now the current release, expect support to 10.2 to dissappear Microsoft DOS Microsoft Windows 3, 95, 98?, ME?, 2000? Red Hat, Fedora, and LINUX users: get up to date

    9. Computing Security Standards I-A. Software Patch Updates

    10. Computing Security Standards I-A. Software Patch Updates

    11. Computing Security Standards I-A. Software Patch Updates

    12. Computing Security Standards I-A. Software Patch Updates Make sure your computer will typically be ON then the update is scheduled. If you set updates to 3 AM but turn your computer off every night, it will not happen. (This behavior can be overridden by Administrators in some environments.)Make sure your computer will typically be ON then the update is scheduled. If you set updates to 3 AM but turn your computer off every night, it will not happen. (This behavior can be overridden by Administrators in some environments.)

    13. Computing Security Standards I-B. Anti-virus software Just installing anti-virus software does not guarantee that it will get updates in a timely fashion. Assume nothing. Also, make sure you are updating the application products in addition to the virus definitions.Just installing anti-virus software does not guarantee that it will get updates in a timely fashion. Assume nothing. Also, make sure you are updating the application products in addition to the virus definitions.

    14. Computing Security Standards I-B. Anti-virus software

    15. Computing Security Standards I-B. Anti-virus software Make sure you are updating the application products (here shown weekly) in addition to the virus definitions (here shown daily).Make sure you are updating the application products (here shown weekly) in addition to the virus definitions (here shown daily).

    16. Computing Security Standards I-C. Insecure Network Services telnet ==> ssh ftp ==> scp or sftp pop ==> pop over SSLtelnet ==> ssh ftp ==> scp or sftp pop ==> pop over SSL

    17. Computing Security Standards I-C. Insecure Network Services NOTE: You don’t need to have file sharing enabled your computer to connect to file servers. Enabling file sharing means you want to share the files on your computer with others -- including the bad guys.NOTE: You don’t need to have file sharing enabled your computer to connect to file servers. Enabling file sharing means you want to share the files on your computer with others -- including the bad guys.

    18. Computing Security Standards I-C. Insecure Network Services NOTE: You don’t need to have file and print sharing enabled your computer to connect to file servers and printers. Enabling file and print sharing means you want to share your printer(s) and the files on your computer with others -- including the bad guys.NOTE: You don’t need to have file and print sharing enabled your computer to connect to file servers and printers. Enabling file and print sharing means you want to share your printer(s) and the files on your computer with others -- including the bad guys.

    19. Computing Security Standards I-D. Authentication If you don’t need to log in after turning your computer on, then your computer is misconfigured, and in violation of policy.If you don’t need to log in after turning your computer on, then your computer is misconfigured, and in violation of policy.

    20. Computing Security Standards I-D. Authentication - Passwords Make sure automatic login is disabled.Make sure automatic login is disabled.

    21. Computing Security Standards I-D. Authentication - Passwords Make sure automatic login is disabled.Make sure automatic login is disabled.

    22. Computing Security Standards I-D. Authentication - Passwords

    23. Computing Security Standards

    24. Computing Security Standards

    25. Computing Security Standards

    26. Computing Security Standards

    27. Computing Security Standards I-D. Authentication - Passwords Remember: those networked HP printers that support telnet out of the box. They have an administrator account with no password. Some allow you to telnet out of the printer. Hackers love these because they can cover their tracks by hacking into someone’s server from a “printer”! The same rule should apply to those keypad door locks that are often left to their deafult key code: 1 2 3 4 5Remember: those networked HP printers that support telnet out of the box. They have an administrator account with no password. Some allow you to telnet out of the printer. Hackers love these because they can cover their tracks by hacking into someone’s server from a “printer”! The same rule should apply to those keypad door locks that are often left to their deafult key code: 1 2 3 4 5

    28. Computing Security Standards I-D. Authentication - Passwords Important distinction between the first account set up on a Mac vs a Windows computer. On windows, this account is a full administrator account. Anything that account runs (like a virus) runs with full admin privs. On a Mac the first account is made a member of the admin group. This account can do administrative things if the user can supply their password. You can’t touch things in the system area without authenticating.Important distinction between the first account set up on a Mac vs a Windows computer. On windows, this account is a full administrator account. Anything that account runs (like a virus) runs with full admin privs. On a Mac the first account is made a member of the admin group. This account can do administrative things if the user can supply their password. You can’t touch things in the system area without authenticating.

    29. Computing Security Standards I-D. Authentication - Passwords Plain text logins to mail will go away by summer. Other plain text protocols (telnet, ftp) will go away as well.Plain text logins to mail will go away by summer. Other plain text protocols (telnet, ftp) will go away as well.

    30. Computing Security Standards I-E. Personal Information Remember those grant proposals contain names and SSN’s of you co-PIs. You don’t want to have to send letters to everyone you’ve ever shared a grant with telling them that you’ve exposed them to identity theft because your laptop was stolen out of your office! If you need to preserve or archive information for a while, burn it to CD and delete it from your computer (Use Secure Empty Trash!). If you only need to keep the information for a while (gradebook), boldly mark the destroy date on the CD. And then destroy the CD on or after that date.Remember those grant proposals contain names and SSN’s of you co-PIs. You don’t want to have to send letters to everyone you’ve ever shared a grant with telling them that you’ve exposed them to identity theft because your laptop was stolen out of your office! If you need to preserve or archive information for a while, burn it to CD and delete it from your computer (Use Secure Empty Trash!). If you only need to keep the information for a while (gradebook), boldly mark the destroy date on the CD. And then destroy the CD on or after that date.

    31. Computing Security Standards I-E. Personal Information We use FastLane now, but Remember those grant proposals Word documents contain names and SSN’s of you co-PIs. You don’t want to have to send letters to everyone you’ve ever shared a grant with telling them that you’ve exposed them to identity theft because your laptop was stolen out of your office! If you need to preserve or archive information for a while, burn it to CD and delete it from your computer (Use Secure Empty Trash!). If you only need to keep the information for a while (gradebook), boldly mark the destroy date on the CD. And then destroy the CD on or after that date.We use FastLane now, but Remember those grant proposals Word documents contain names and SSN’s of you co-PIs. You don’t want to have to send letters to everyone you’ve ever shared a grant with telling them that you’ve exposed them to identity theft because your laptop was stolen out of your office! If you need to preserve or archive information for a while, burn it to CD and delete it from your computer (Use Secure Empty Trash!). If you only need to keep the information for a while (gradebook), boldly mark the destroy date on the CD. And then destroy the CD on or after that date.

    32. Computing Security Standards I-E. Personal Information Traditional file deleting simply removes the file name from the disk directory but leaves the file data in place. Secure Erase Trash immediately overwrites the file with erroneous data, so that the file disappears and cannot be reconstructed. Traditional file deleting simply removes the file name from the disk directory but leaves the file data in place. Secure Erase Trash immediately overwrites the file with erroneous data, so that the file disappears and cannot be reconstructed.

    33. Computing Security Standards I-F. Physical Security

    34. Computing Security Standards I-F. Physical Security

    35. Computing Security Standards I-F. Physical Security

    36. Computing Security Standards I-F. Physical Security

    37. Computing Security Standards I-F. Physical Security

    38. Computing Security Standards I-F. Physical Security Windows users can invoke the screen saver with CTRL-ALT-DEL or with WINDOWS-LWindows users can invoke the screen saver with CTRL-ALT-DEL or with WINDOWS-L

    39. Computing Security Standards I-F. Physical Security Cool idea, three problems 1) software doesn’t run on Mac 2) #1 doesn’t matter cause the software doesn’t do what I want -- prevent disk from mounting without fingerprint. 3) ... oh yeah, the third reason why fingerprints identification may prove to be an unpopular idea...Cool idea, three problems 1) software doesn’t run on Mac 2) #1 doesn’t matter cause the software doesn’t do what I want -- prevent disk from mounting without fingerprint. 3) ... oh yeah, the third reason why fingerprints identification may prove to be an unpopular idea...

    41. Computing Security Standards I-F. Physical Security

    42. Computing Security Standards I-F. Physical Security

    43. Computing Security Standards I-G. Firewall Services

    44. Computing Security Standards I-G. Firewall Services

    45. Computing Security Standards I-G. Firewall Services

    46. Computing Security Standards I-G. Firewall Services

    47. Computing Security Standards I-G. Firewall Services

    48. Computing Security Standards II-A. No Open E-mail Relays

    49. Computing Security Standards II-B. Proxy Services

    50. Computing Security Standards II-C. Audit Logs

    51. Computing Security Standards II-D. Backup and Recovery

    52. Computing Security Standards II-D. Backup and Recovery

    53. Computing Security Standards II-E. Training for Users, Administrators and Managers

    54. Computing Security Standards II-F. Anti-Spyware Software

    55. Computing Security Standards II-G. Release of Equipment with Electronic Storage

    56. Computing Security Standards II-G. Release of Equipment with Electronic Storage In the Geology Department we have lots of tools available to assist us, net to mention lots of big rocks! Mac OS X 10.4 Dusk Utility provides a number of security options in the “Erase disk” section, including 7-pass and 35-pass erase.In the Geology Department we have lots of tools available to assist us, net to mention lots of big rocks! Mac OS X 10.4 Dusk Utility provides a number of security options in the “Erase disk” section, including 7-pass and 35-pass erase.

    57. Questions?

    58.

More Related