IT Security (September 2000)

advertisement
IT Security
Tony Brett
IT Systems Manager
Corpus Christi College
OxCERT
tony.brett@corpus-christi.oxford.ac.uk
New ITSS Induction
Tony Brett, 14 September 2000
Overview
•
•
•
•
Excuses
Policy
E-mail
Machine Security
• OxCERT
–
–
–
–
– Physical Security
– File Security
• Viruses (inc. Email+Hoax)
• Public machines
– OS Security
• Network Security
–
–
–
–
Student connections
Excuses
Sniffing
Firewalls - University
New ITSS Induction
Who
What
What it does
What it doesn’t do
• What to take away
• Resources
• Questions?
Tony Brett, 14 September 2000
Excuses – FAQs
• Users
– “Why would anybody be interested
in my account - I only use it for
email”
– “Security is the admins problem
not mine”
– “I let my friend in Spain use my
account because they have been
having problems with their
network”
– “Why has my account been
disabled on sable”
New ITSS Induction
Tony Brett, 14 September 2000
Policy
•
•
•
•
•
Enforce good passwords
DON’T store password in E-mail clients etc.
Disable dormant accounts
Age passwords
Have a policy on the use of accounts – encourage
deletion unused accounts. Tell OUCS User Reg!
• Have a policy on Virus Hoaxes
• Make sure everyone knows about it
• Enforce it
New ITSS Induction
Tony Brett, 14 September 2000
E-Mail
• E-mail is NOT SECURE!
• Faking E-mail is very easy
• PGP is your friend
– Use for digital signatures
– Use for encrypting E-mail
• http://www.oucs.ox.ac.uk/email/pgp.html
• E-mail virus hoaxes – policy.
• E-mail viruses – ILOVEYOU, Melissa
New ITSS Induction
Tony Brett, 14 September 2000
Securing Computers
• Physical Security
• File Security
• “Use” Security
New ITSS Induction
Tony Brett, 14 September 2000
Securing Computers
• Physical Security
• File Security
• “Use” Security
New ITSS Induction
Tony Brett, 14 September 2000
Physical Security
Physical Security of machine is
the limiting factor in security
– Where are machines located?
– Who has keys or can get keys?
– How is access to rooms controlled
and monitored?
– Are machines in cages or wired?
– Are building exits monitored?
– Keyboard sniffers
New ITSS Induction
Tony Brett, 14 September 2000
Securing Computers
• Physical Security
• File Security
• “Use” Security
Viruses
Password protect
Encrypt
New ITSS Induction
Tony Brett, 14 September 2000
Viruses & Trojans
– Destructive Power - BIOS Erase
– Types of Virus
•
•
•
•
Boot Sector
Executable infectors, Trojans
Macro or “Document”
E-mail worms – Outlook!, ILOVEYOU, MELISSA etc.
– Anti-Virus Products
•
•
•
•
F-Prot
Sophos - http://www.uk.sophos.com
Dr. Solomon’s
Norton -LiveUpdate
– Lynne Munro at OUCS
New ITSS Induction
Tony Brett, 14 September 2000
Public Machines
• Libraries
• Machines need to run Win95/98 to run
OxLIP properly
• Inherent security risk with so many different
applications
• OWL - http://web.lib.ox.ac.uk/software
– Password from technicians@las.ox.ac.uk
• Disk imaging software e.g. Ghost
New ITSS Induction
Tony Brett, 14 September 2000
Securing Computers
• Physical Security
• File Security
• “Use” Security
Password protect
accounts
Restrict access
Physical “locks”
New ITSS Induction
Tony Brett, 14 September 2000
Securing your OS
•
•
•
•
•
•
Ensure sufficient logging
Examine logs
Take note of and understand error messages
Keep up-to-date with patches
Don’t run unnecessary network services
Web servers are notorious, especially
Microsoft IIS
New ITSS Induction
Tony Brett, 14 September 2000
Securing UNIX
• Linux a good, free OS but is the most often
compromised
– Dynamic OS. Fixes released regularly
• Solaris, SunOS, HP-UX, Digital, SGI (IRIX).
• New compromises almost daily – Bugtraq.
• Beware of Students running any UNIX.
Encourage students to be aware. Sniffers!
• Only Run services that are needed. Turn off
everything else. Telnetd, IMAPd, POPd, NFSd
etc.
• Use SSH, SCP etc. Putty on Windows
New ITSS Induction
Tony Brett, 14 September 2000
Securing Macintoshes
• Mac OS Not designed for security
• Appletalk over Ethernet
– OUCS routing between departments
• Appleshare
– Guest account
– Owner sees whole Hard Disk
• TCP/IP
– DoS Attacks
New ITSS Induction
Tony Brett, 14 September 2000
PCs - DOS, Win16, Win32
• “Standard” operating systems
– DOS, Win95, WinNT (workstation)
• None designed to be servers
– Some security holes - DoS vulnerabilities
Default shares on 95 and NT boxes
C$, D$, etc.
• Password caching
(.pwl files)
New ITSS Induction
Tony Brett, 14 September 2000
NT Server, Netware Server
• Network O/S - running on PCs
– NT can run on other platforms
– File/Print services
– TCP/IP services (FTP, Web etc).
•
•
•
•
Network packet signing
Physical access to server
Password regimes
Backup & disaster plan essential!
– Use OUCS HFS for backup
• Keep service packs up-to-date
• Compromises are rare
• See http://www.securityfocus.com/frames/?content=/vdb/stats.html
New ITSS Induction
Tony Brett, 14 September 2000
Network Security
–
–
–
–
–
–
–
–
–
10BaseT vs. 10Base2 (coax)
Manageable Hubs
Physical access to hubs
MAC address restriction
Hub management passwords
DHCP - dynamic vs. static, logs
Switches vs. repeaters
Sniffers
Operating system policy – running services.
New ITSS Induction
Tony Brett, 14 September 2000
Student Connections
•
•
•
•
Connection Policy is essential
Students must sign agreement
Log DHCP assignments so abuses can be traced
Get student to assign College the right to examine
their machine
• Control use of server-type OS.
New ITSS Induction
Tony Brett, 14 September 2000
Securing the Network
•
•
•
•
•
Outsiders looking in
Insiders looking about
Insiders looking out
Access through valid means
Misuse of “features”
– inadvertent doors
• Insecurity by design
New ITSS Induction
Tony Brett, 14 September 2000
Common Excuses
• “I was just looking”
• “It wasn’t secured so I thought it was OK”
• “I accidentally downloaded it and just
thought I would see what happens when I ran
it”
• “Hey man, the internet is an anarchy, I can
do what I want”
• “Oh yeah, what are you going to do about it”
New ITSS Induction
Tony Brett, 14 September 2000
Network Sniffing
• Almost impossible to detect
• Impact depends on topology of network
• Switching reduces possibilities
New ITSS Induction
Tony Brett, 14 September 2000
Network Sniffing - What is it?
• Much network traffic in
clear text
A
• Passwords and
Usernames
B
• Compromised
machines running
sniffers
New ITSS Induction
Tony Brett, 14 September 2000
Q
Host Q listens
without A & B
knowing
Network Topolgy
University
Backbone
SWITCH
HUB
New ITSS Induction
HUB
Tony Brett, 14 September 2000
How to reduce the risk
• Encryption
– SSH, Disposable passwords, SCP
• Switch sensitive parts of network
• Use port scrambling on hubs
• Keep student and staff segments on separate
switched ports
New ITSS Induction
Tony Brett, 14 September 2000
Firewalls
• Isolate the network
• Bandwidth bottleneck
• Rule based access
Badlands
– IP addresses, blocks, or ports
• Extensive logging
• False sense of security
• OUCS
Happyville
– Started fully open – ports or addresses closed as
vulnerabilites are identified
– Balance between security and utility
New ITSS Induction
Tony Brett, 14 September 2000
Firewall
Who/What is OxCERT
•
•
•
•
•
University IT Security Team
oxcert@ox.ac.uk
(2)82222
Member of FIRST
9am-5pm, and best-attempt cover
outside this
• probe-report@oxcert.ox.ac.uk
New ITSS Induction
Tony Brett, 14 September 2000
Who/What is OxCERT
• C. 10 Committee, termly meeting.
• 4 front-line
–
–
–
–
Pete Biggs, Physical & Theoretical Chemistry
Patrick Green, OUCS
Neil Clifford, Astrophysics
Neil Long, OUCS
• Emergency Repsonse service, not a free
machine set-up service
• http://info.ox.ac.uk/compsecurity/oxcert/
New ITSS Induction
Tony Brett, 14 September 2000
What OxCERT can do
– Advise IT staff and individuals on matters of
IT security
– Advise on methods of improving security
– Liason with other CERTs
– Checking security of machines within
Oxford University
– Assistance in disaster recovery
– Assistance in planning new networks and/or
machines
New ITSS Induction
Tony Brett, 14 September 2000
What OxCERT can do
– Direct contact with all parts of OUCS
– Intervention when machines are found to be
compromised
– Disable IP addresses or networks (both within and
without Oxford) if security is being compromised
– Investigation of DoS (Denial of Service) type attacks
– What it can! Only 1.5 posts is funded by the
University, others are volunteers.
New ITSS Induction
Tony Brett, 14 September 2000
What OxCERT can’t do
– Get involved with policy decisions that don’t
affect security
– Deal with SPAM or abusive E-mail
(advisory@oucs.ox.ac.uk)
– Deal with non-security computing issues
(electronic harrassment etc.)
– Act as a substitute for OUCS advisory
– Miracles! Security is YOUR responsibility,
OxCERT can only advise
New ITSS Induction
Tony Brett, 14 September 2000
What to take away
•
•
•
•
•
Be aware of security
Make users aware of the need for security
Have, and enforce an IT Security Policy
Maintain OS security
Know what services you are providing and
only provide those you know about
New ITSS Induction
Tony Brett, 14 September 2000
•
Resources
This presentation:
– http://users.ox.ac.uk/~aesb/itsec.ppt
• OxCERT
– http://www.ox.ac.uk/it/compsecurity/oxcert/
• Secure E-mail
– http://www.oucs.ox.ac.uk/email/secure.html
• Public Machines:
– http://users.ox.ac.uk/~aesb/itsec.ppt
• Virus Hoaxes:
– http://www.uk.sophos.com/virusinfo/scares/
• University and other IT rules
– http://www.ox.ac.uk/it/rules/
• The OUCS Hierarchical File Server
– http://hfs.ox.ac.uk/local/
New ITSS Induction
Tony Brett, 14 September 2000
Fin
• Questions?
New ITSS Induction
Tony Brett, 14 September 2000
Download