IT Security (September 2000)
advertisement
IT Security Tony Brett IT Systems Manager Corpus Christi College OxCERT tony.brett@corpus-christi.oxford.ac.uk New ITSS Induction Tony Brett, 14 September 2000 Overview • • • • Excuses Policy E-mail Machine Security • OxCERT – – – – – Physical Security – File Security • Viruses (inc. Email+Hoax) • Public machines – OS Security • Network Security – – – – Student connections Excuses Sniffing Firewalls - University New ITSS Induction Who What What it does What it doesn’t do • What to take away • Resources • Questions? Tony Brett, 14 September 2000 Excuses – FAQs • Users – “Why would anybody be interested in my account - I only use it for email” – “Security is the admins problem not mine” – “I let my friend in Spain use my account because they have been having problems with their network” – “Why has my account been disabled on sable” New ITSS Induction Tony Brett, 14 September 2000 Policy • • • • • Enforce good passwords DON’T store password in E-mail clients etc. Disable dormant accounts Age passwords Have a policy on the use of accounts – encourage deletion unused accounts. Tell OUCS User Reg! • Have a policy on Virus Hoaxes • Make sure everyone knows about it • Enforce it New ITSS Induction Tony Brett, 14 September 2000 E-Mail • E-mail is NOT SECURE! • Faking E-mail is very easy • PGP is your friend – Use for digital signatures – Use for encrypting E-mail • http://www.oucs.ox.ac.uk/email/pgp.html • E-mail virus hoaxes – policy. • E-mail viruses – ILOVEYOU, Melissa New ITSS Induction Tony Brett, 14 September 2000 Securing Computers • Physical Security • File Security • “Use” Security New ITSS Induction Tony Brett, 14 September 2000 Securing Computers • Physical Security • File Security • “Use” Security New ITSS Induction Tony Brett, 14 September 2000 Physical Security Physical Security of machine is the limiting factor in security – Where are machines located? – Who has keys or can get keys? – How is access to rooms controlled and monitored? – Are machines in cages or wired? – Are building exits monitored? – Keyboard sniffers New ITSS Induction Tony Brett, 14 September 2000 Securing Computers • Physical Security • File Security • “Use” Security Viruses Password protect Encrypt New ITSS Induction Tony Brett, 14 September 2000 Viruses & Trojans – Destructive Power - BIOS Erase – Types of Virus • • • • Boot Sector Executable infectors, Trojans Macro or “Document” E-mail worms – Outlook!, ILOVEYOU, MELISSA etc. – Anti-Virus Products • • • • F-Prot Sophos - http://www.uk.sophos.com Dr. Solomon’s Norton -LiveUpdate – Lynne Munro at OUCS New ITSS Induction Tony Brett, 14 September 2000 Public Machines • Libraries • Machines need to run Win95/98 to run OxLIP properly • Inherent security risk with so many different applications • OWL - http://web.lib.ox.ac.uk/software – Password from technicians@las.ox.ac.uk • Disk imaging software e.g. Ghost New ITSS Induction Tony Brett, 14 September 2000 Securing Computers • Physical Security • File Security • “Use” Security Password protect accounts Restrict access Physical “locks” New ITSS Induction Tony Brett, 14 September 2000 Securing your OS • • • • • • Ensure sufficient logging Examine logs Take note of and understand error messages Keep up-to-date with patches Don’t run unnecessary network services Web servers are notorious, especially Microsoft IIS New ITSS Induction Tony Brett, 14 September 2000 Securing UNIX • Linux a good, free OS but is the most often compromised – Dynamic OS. Fixes released regularly • Solaris, SunOS, HP-UX, Digital, SGI (IRIX). • New compromises almost daily – Bugtraq. • Beware of Students running any UNIX. Encourage students to be aware. Sniffers! • Only Run services that are needed. Turn off everything else. Telnetd, IMAPd, POPd, NFSd etc. • Use SSH, SCP etc. Putty on Windows New ITSS Induction Tony Brett, 14 September 2000 Securing Macintoshes • Mac OS Not designed for security • Appletalk over Ethernet – OUCS routing between departments • Appleshare – Guest account – Owner sees whole Hard Disk • TCP/IP – DoS Attacks New ITSS Induction Tony Brett, 14 September 2000 PCs - DOS, Win16, Win32 • “Standard” operating systems – DOS, Win95, WinNT (workstation) • None designed to be servers – Some security holes - DoS vulnerabilities Default shares on 95 and NT boxes C$, D$, etc. • Password caching (.pwl files) New ITSS Induction Tony Brett, 14 September 2000 NT Server, Netware Server • Network O/S - running on PCs – NT can run on other platforms – File/Print services – TCP/IP services (FTP, Web etc). • • • • Network packet signing Physical access to server Password regimes Backup & disaster plan essential! – Use OUCS HFS for backup • Keep service packs up-to-date • Compromises are rare • See http://www.securityfocus.com/frames/?content=/vdb/stats.html New ITSS Induction Tony Brett, 14 September 2000 Network Security – – – – – – – – – 10BaseT vs. 10Base2 (coax) Manageable Hubs Physical access to hubs MAC address restriction Hub management passwords DHCP - dynamic vs. static, logs Switches vs. repeaters Sniffers Operating system policy – running services. New ITSS Induction Tony Brett, 14 September 2000 Student Connections • • • • Connection Policy is essential Students must sign agreement Log DHCP assignments so abuses can be traced Get student to assign College the right to examine their machine • Control use of server-type OS. New ITSS Induction Tony Brett, 14 September 2000 Securing the Network • • • • • Outsiders looking in Insiders looking about Insiders looking out Access through valid means Misuse of “features” – inadvertent doors • Insecurity by design New ITSS Induction Tony Brett, 14 September 2000 Common Excuses • “I was just looking” • “It wasn’t secured so I thought it was OK” • “I accidentally downloaded it and just thought I would see what happens when I ran it” • “Hey man, the internet is an anarchy, I can do what I want” • “Oh yeah, what are you going to do about it” New ITSS Induction Tony Brett, 14 September 2000 Network Sniffing • Almost impossible to detect • Impact depends on topology of network • Switching reduces possibilities New ITSS Induction Tony Brett, 14 September 2000 Network Sniffing - What is it? • Much network traffic in clear text A • Passwords and Usernames B • Compromised machines running sniffers New ITSS Induction Tony Brett, 14 September 2000 Q Host Q listens without A & B knowing Network Topolgy University Backbone SWITCH HUB New ITSS Induction HUB Tony Brett, 14 September 2000 How to reduce the risk • Encryption – SSH, Disposable passwords, SCP • Switch sensitive parts of network • Use port scrambling on hubs • Keep student and staff segments on separate switched ports New ITSS Induction Tony Brett, 14 September 2000 Firewalls • Isolate the network • Bandwidth bottleneck • Rule based access Badlands – IP addresses, blocks, or ports • Extensive logging • False sense of security • OUCS Happyville – Started fully open – ports or addresses closed as vulnerabilites are identified – Balance between security and utility New ITSS Induction Tony Brett, 14 September 2000 Firewall Who/What is OxCERT • • • • • University IT Security Team oxcert@ox.ac.uk (2)82222 Member of FIRST 9am-5pm, and best-attempt cover outside this • probe-report@oxcert.ox.ac.uk New ITSS Induction Tony Brett, 14 September 2000 Who/What is OxCERT • C. 10 Committee, termly meeting. • 4 front-line – – – – Pete Biggs, Physical & Theoretical Chemistry Patrick Green, OUCS Neil Clifford, Astrophysics Neil Long, OUCS • Emergency Repsonse service, not a free machine set-up service • http://info.ox.ac.uk/compsecurity/oxcert/ New ITSS Induction Tony Brett, 14 September 2000 What OxCERT can do – Advise IT staff and individuals on matters of IT security – Advise on methods of improving security – Liason with other CERTs – Checking security of machines within Oxford University – Assistance in disaster recovery – Assistance in planning new networks and/or machines New ITSS Induction Tony Brett, 14 September 2000 What OxCERT can do – Direct contact with all parts of OUCS – Intervention when machines are found to be compromised – Disable IP addresses or networks (both within and without Oxford) if security is being compromised – Investigation of DoS (Denial of Service) type attacks – What it can! Only 1.5 posts is funded by the University, others are volunteers. New ITSS Induction Tony Brett, 14 September 2000 What OxCERT can’t do – Get involved with policy decisions that don’t affect security – Deal with SPAM or abusive E-mail (advisory@oucs.ox.ac.uk) – Deal with non-security computing issues (electronic harrassment etc.) – Act as a substitute for OUCS advisory – Miracles! Security is YOUR responsibility, OxCERT can only advise New ITSS Induction Tony Brett, 14 September 2000 What to take away • • • • • Be aware of security Make users aware of the need for security Have, and enforce an IT Security Policy Maintain OS security Know what services you are providing and only provide those you know about New ITSS Induction Tony Brett, 14 September 2000 • Resources This presentation: – http://users.ox.ac.uk/~aesb/itsec.ppt • OxCERT – http://www.ox.ac.uk/it/compsecurity/oxcert/ • Secure E-mail – http://www.oucs.ox.ac.uk/email/secure.html • Public Machines: – http://users.ox.ac.uk/~aesb/itsec.ppt • Virus Hoaxes: – http://www.uk.sophos.com/virusinfo/scares/ • University and other IT rules – http://www.ox.ac.uk/it/rules/ • The OUCS Hierarchical File Server – http://hfs.ox.ac.uk/local/ New ITSS Induction Tony Brett, 14 September 2000 Fin • Questions? New ITSS Induction Tony Brett, 14 September 2000
