Workstation, Server and
Network Security
Technology Series #1
Learning How to Secure
Information Systems
•Learning by doing
There is really only one way to learn how to do something and that is to do it. If you want to learn to throw a football, drive a car, build a mousetrap, design a building, cook a stir-fry, or be a management consultant, you must have a go at doing it. Throughout history, youths have been apprenticed to masters in order to learn a trade. We understand that learning a skill means
eventually trying your hand at the skill. When there is no real harm in simply trying we allow novices to "give it a shot."
Parents usually teach children in this way. They don't give a series of lectures to their children to prepare them to walk, talk, climb, run, play a game, or learn how to behave. They just let their children do these things. We hand a child a ball to teach him to throw. If he throws poorly, he simply tries again. Parents tolerate sitting in the passenger seat while their teenager tries out the driver's seat for the first time. It's nerve-wracking, but parents put up with it, because they know there's no better way.
Learning How to Secure
Information Systems
•Information Systems are
Inherently Complex
•
Because of their Complexity,
there is no simple or easy way to
learn how these systems
Learning How to Secure
Information Systems
•Learn Information Security in 24
hours?
•
Walk into any bookstore, and you'll see how
to Teach Yourself Java in 7 Days alongsideendless variations offering to teach Visual Basic, Windows, the Internet, and so on in a few days or hours.
The conclusion is that either people are in a big rush to learn about computers, or that computers are somehow fabulously easier to learn than anything else. There are no books on how to learn Beethoven, or Quantum
Learning How to Secure
Information Systems
•Learning how to secure your Computer •
Learning How to secure Information Systems Is not an easy task. In fact even determining potential risks or threats is not easy. This workshop will cover Information System Security from a Global
Perspective, but will focus on securing Individual Computers. The Principals governing Information Systems and the Computer System which functions as your workstation are similar but security for the individual workstation will be much easy to
Securing Information
Systems
•Securing the Workstation or Local Computer? •
There are three basic types of ISS (Information Systems Security) methods:
•Centralized ISS which depends upon securing the network at its point of entry
•Local or Distributed ISS which focus security on the individual Workstations and Servers in the Network
•And a Blended ISS which focuses certain aspects of Security at either the Network or Local levels
•Each Approach has good and not so good
attributes especially when one is attempting to optimize Network, Workstation and Server
What is Optimization with
respect to ISS?
•All Systems Management
strives for Optimization
•
Optimization considers Resource
Utilization from the perspective of
Efficiency
•How well the system functions or its
effectiveness
• And the best mix of resource
allocation (efficiency) and System
What are Security threats?
•Anything which either directly or indirectly effects legitimate user control over their
Network, Workstation or Server
•Information systems security (INFOSEC and/or ISS): The protection of information systems against unauthorized access to or modification of information, whether in
storage, processing or transit, and against the denial of service to authorized users, including those measures necessary to detect,
ISS (Information Systems
Security)
•Applies to all aspects of
Information Systems
•There are many different types
of Security threats. While there
were always Security threats
present in Information Systems;
they were generally not public
knowledge until the appearance
of the Internet in the early
ISS (Information Systems
Security)
•What is Systems Security
•Systems Security is the process of
preventing
and
detecting
unauthorized
use of your computer. Prevention
measures help you to stop
unauthorized users (also known as
"intruders") from accessing any part of
your computer system. Detection
Types or Categories of
Security Threats
•Human or Social-Based
Threats
•Physical or Hardware-Based
Threats
Types or Categories of
Security Threats
•Human or Social-Based Threats
•Essentially involve what Hacker’s like
to call “Social Engineering” based
threats. Leaving passwords in an
obvious place, using “weak”
passwords, or allowing other
individuals to access the machine.
Types or Categories of
Security Threats
•Physical or Hardware-Based Threats
•Having machines exposed in
non-secure environments, especially
servers containing critical information
and data
•Using old or unstable hardware which
could lead to loss of critical data
Types or Categories of
Security Threats
•Programming or Software-Based Threats
•These threats can be caused by insecure Operating Systems, insecure or bug-laden Software Applications
•A major problem with Windows-based
Operating Systems is the close integration between OS components and Software
Application (Office) components. This allows a threat which compromises the Application to easily access and compromise the OS.
•Specific Software which is written and
Types or Categories of
Security Threats
•Malware is Hardware, software, or
firmware that is intentionally included
or inserted in a System for a harmful
purpose. Malware can be classified in
several ways, including on the basis of
how it is spread, how it is executed
and/or what it does. The main types of
Malware include Worms, Viruses,
Types or Categories of
Security Threats
•Spyware and Adware – Spyware or Adware is software that in installed in a computer for the purpose of covertly gathering information
about the computer, its users and/or or other computers on the network to which it is
connected. The types of information gathered typically are user names and passwords, web browsing habits, financial data (e.g., bank
Types or Categories of
Security Threats
•Worms and Viruses are Computer Programs that replicate themselves without human
intervention. The difference is that a virus attaches itself to, and becomes part of,
another Executable (i.e., runnable) program, whereas a worm is self-contained and does not need to be part of another program to replicate itself. Also, while viruses are
designed to cause problems on a local system and are passed through Boot Sectors of disks and through e-mail attachments and other files, worms are designed to thrive in a
Network environment. Once a worm is
Types or Categories of
Security Threats
•Trojans or Trojan Horses
is software
that is disguised as a legitimate
Types or Categories of
Security Threats
•Backdoor - A backdoor (usually written as a single word) is any hidden method for
obtaining remote access to a computer or other system. Backdoors typically work by allowing someone or something with
knowledge of them to use special passwords and/or other actions to bypass the normal
authentication (e.g., user name and password) procedure on a remote machine (i.e., a
computer located elsewhere on the Internet or other network) to gain access to the
Types or Categories of
Security Threats
•Rootkit - A rootkit is software that is secretly inserted into a computer and which allows an intruder to gain access to the root account and thereby be able to control the computer at will. Rootkits frequently include functions to hide the traces of their penetration, such as by deleting log entries. They typically include backdoors so that the intruder can easily gain access again at a later date, for example, in order to attack other systems at specific
Types or Categories of
Security Threats
•Spam - Spam is unwanted e-mail which is sent out in large volume. Although people
receiving a few pieces of spam per day might not think that it is anything to be too
concerned about, it is a major problem for several reasons, including the facts that its huge volume (perhaps half or more of all e-mail) places a great load on the entire e-mail system, it often contains other types of
malware and much of its content is fraudulent. Organizations typically have to devote
considerable resources to attempting to filter out and delete spam while not losing
Types or Categories of
Security Threats
•Poorly Written Software - Similar damage can result from poorly written software, which, like malware, is extremely common. Although the distinction between the two at times can be subtle, in general the difference is that
Types or Categories of
Security Threats
•Poorly Written Software - The continuous existence of numerous and serious security holes and other defects in some of the most popular commercial software might, in fact, do as much, or even more, damage to the
economy as malware. No reliable data is
available, although the cost of each is clearly in the multiple billions of dollars per year,
according to most industry sources. One reason for the lack of reliable data is that many victims, including large corporations, are reluctant to reveal the existence or extent of damage. Another is the difficulty in
determining how to allocate the damage
Types or Categories of
Security Threats
•Poorly Written Software - There has been much speculation as to why security remains such a big problem for some of the most
widely used commercial software. The most likely explanation is that there is no strong incentive to improve it. This may be in part because a full-scale cleanup would be very costly, as much of the software is extremely large and complex. But also to be kept in mind is the fact that the computer security
business, including the sale of security-related software (e.g., anti-virus programs), the use of security consultants, and the sale of new,
supposedly more secure versions of defective software, are very large and profitable
Types or Categories of
Security Threats; Protection
Poorly Written Software - Among the various ways in which this is accomplished is through the use of a fine-grained system of ownership and permissions for each file, directory and other object on the system, thereby giving an added layer of protection to critical system files. Another is by making the source code
freely available on the Internet for
programmers from around the world to
inspect for possible security holes and other problems, rather than attempting (often
Types or Categories of
Security Threats; Protection
Poorly Written Software - There are a number of steps that computer users can take to
minimize the chances of becoming infected by malware. They include using relatively secure software, providing physical security for
computers and networks, enforcing the use of strong passwords, employing firewalls, using malware detection programs, avoiding
Protection on The Desktop
Use of Multiple-Application or a Blended Protection Strategy –
• There are many proprietary applications which promise to protect you computer from the various types of Malware. While some applications may function well for specific types of threats, none works well with all threats. The best approach is to run several applications on the same machine. This is not necessarily and easy task since often it is
Protection on The Desktop
Use of Multiple-Application or a Blended Protection Strategy –
Protection on The Desktop
Use of Multiple-Application or a Blended Protection Strategy –
Protection on The Desktop
Use of Multiple-Application or a Blended Protection Strategy –
• Symantec Client Security
http://www.symantec.com/index.htm is a
combination Firewall and Antivirus Application. The Firewall functions just as a firewall on the network would. It allows the user to restrict Port access, Application access from and to the Internet, and scans for Trojans and Worms which may be resident on the machine. The Virus program is automated and both
Protection on The Desktop
Use of Multiple-Application or a Blended Protection Strategy –
• Symantec Client Security Also it (the newer versions) creates hidden user directories
which themselves can be the target of Security exploits. One must follow the
Protection on The Desktop
Use of Multiple-Application or a Blended Protection Strategy –
AdawareSE: http://
www.lavasoftusa.com/software/adaware/ Ad-Aware Personal provides advanced
protection from known data-mining, aggressive advertising, Trojans, dialers, malware, browser hijackers, and tracking components. This
software is downloadable free of charge. It is particularly targeted towards spyware for
Protection on The Desktop
Use of Multiple-Application or a Blended Protection Strategy –
Counterspy:
http://www.sunbelt-software.com/CounterSpy.cfm
One of the most comprehensive
products for detecting and deleting
malicious spyware and adware; it can
be run from a server, protecting each
workstation on a network. Counterspy
will run with Symantec, Spybot and
Trojan Hunter, allowing four automated
scans without interference, just set
Protection on The Desktop
Use of Multiple-Application or a Blended Protection Strategy –
SpyBot Search and Destroy:
http://www.safer-networking.org/en/support/index.html
can detect and remove spyware of different kinds from your computer. Spyware is a relatively new kind of threat that common anti-virus applications do not yet cover. If you see new toolbars in your Internet Explorer that you didn't intentionally install, if your browser crashes, or if you browser start page has changed without your knowing, you most probably have spyware. But even if you don't see anything, you may be infected, because more and more
Protection on The Desktop
Use of Multiple-Application or a Blended Protection Strategy –
Trojanhunter:
http://www.misec.net/
As its name implies it is optimized for finding
Protection on The Desktop
Use of Multiple-Application or a Blended Protection Strategy –
CLAMWIN:
http://www.clamwin.com/content/view/136/52/
ClamWin is the windows version of ClamAV.
Mozilla Thunderbird mailbox files are not removed or
Protection on The Desktop
Use of Multiple-Application or a Blended Protection Strategy –
Small Applications such as Netsky.exe – Which can be downloaded from the Internet and run against specific Malware threats. These usually are available when a new critical agent is
Protection on The Desktop
Use of Multiple-Application or a Blended Protection Strategy –
Regular Updating – Of Operating Systems
software, Applications, … etc. Windows, Linux, and Apple OS and most applications have
automated Update systems available for
Protection on The Desktop
Use of Multiple-Application or a Blended Protection Strategy –
Registry and disk repair tools –
•Symantec has a product called System Works, which can be run from the CDROM or Hard
Protection on The Desktop
Use of Multiple-Application or a Blended Protection Strategy –
Registry and disk repair tools – Used after running Malware tools
•Registrytoolkit: http://www.registrytoolkit.com/
Scans your registry and hardrive for invalid registry keys and program shortcuts.
Protection on The Desktop
Use of Multiple-Application or a Blended Protection Strategy –
Registry and disk repair tools – Used after running Malware tools
•PcBugdoctor:
http://www.bugdoctor.com/
Protection on The Desktop
Use of Multiple-Application or a Blended Protection Strategy –
Registry and disk repair tools – Used after running Malware tools
•StarDefrag:
http://kevin.gearhart.com/startdefrag/