Desktop Security. Overview and Technology Guidance. Michael Ramsey Network Specialist, NC DPI

Transcription

1 Desktop Security Overview and Technology Guidance Michael Ramsey Network Specialist, NC DPI

2 Desktop Security Best practices for both the technical type and the typical user Defensive Layering Top Vulnerabilities Frequent Mistakes Tools That Work Questions and Answers

3 Who am I? US Navy Data Systems Technician (DS2SW) Network Technician MCNC Network Operations Interpath Co-author of Internet RFC 2196 Site Security Handbook Lab Manager Cisco IT Manager, Project Manager, Network Specialist NC DPI

4 Defensive Layering Four layers 1. Network 2. Desktop Network Access 3. Desktop OS / Application 4. Desktop Users

5 Defensive Layering - Network Monitoring and Blocking traffic as it goes in and out of the network Traditional firewalls Weakness: they don t check the content Intrusion Protection / Detection Systems Checks content Traffic modeling analysis to detect compromise Sonic Wall, Fortinet, Cisco IDS, etc.

6 Defensive Layering Desktop Network Access Blocking Attacks at the Desktop - Symantec AV & IPS, Spybot TeaTimer - Blocks un-authorized application loading - Uses behavior patterns - Personal Firewalls - Comodo Firewall, ZoneAlarm - Only allows traffic types - Can hide computer from hacker scans - Egress filtering to prevent Trojan use

7 Defensive Layering Desktop Network Access Windows Firewall Nearly useless pre-vista Features in Vista / Windows 7 Hardened Services User Account Control (less annoying in 7) Windows Defender Drive encryption Can block outgoing traffic

8 Defensive Layering - Desktop OS / Application Personal Anti-Malware Spybot Search and Destroy, Symantec, MalwareBytes, Windows Defender Looks for known signatures Network Access Control Host based Verify system, configuration, patch level Enforce network policy, quarantine Bradford Networks, Cisco Clean Access, ISS products

9 Defensive Layers Desktop Users Help them help you. Can t spell Update without U. 1. Keep up with your updates, OS and applications 2. Don t download the latest aquarium screen saver, widget, or other FREE software 3. Use a strong password that isn t written down and/or shared with others.

10 Top Vulnerabilities Source:

11 Top Vulnerabilities Web Application Attacks (MS SQL, FTP, SSH, PHP) Windows Conficker / Downadup worms Apple - QuickTime

12 Top Vulnerabilities Network United State is the target, and the source. Typically, its your web server that has been compromised If it isn t your web server, it could be the web site your surfing.

13 Top Vulnerabilities - Application

14

15

16

17

18 Top Vulnerabilities Zero Day A zero-day vulnerability occurs when a flaw in software code is discovered and code exploiting the flaw appears before a fix or patch is available. Once a working exploit of the vulnerability has been released into the wild, users of the affected software will continue to be compromised until a software patch is available or some form of mitigation is taken by the user.

19 Top Vulnerabilities The notable zero-day vulnerabilities during past 6 months were: Adobe Acrobat, Reader, and Flash Player Remote Code Execution Microsoft Office Web Components ActiveX Control Code Execution Microsoft Active Template Library Header Data Remote Code Execution Vulnerability Microsoft DirectX DirectShow QuickTime Video Remote Code Execution Vulnerability Adobe Reader Remote Code Execution Vulnerability Microsoft PowerPoint Remote Code Execution Vulnerability The ease of finding zero-day vulnerabilities is a direct result of an overall increase in the number of people having skills to discover vulnerabilities world-wide.

20 Frequent Mistakes Too busy to update and back up Use weak passwords, never changed Not having a risk assessment Using default passwords in network gear Forgetting that our desktops have student data that is protected by law, and the press loves that story

21 Tools that Work Microsoft Updates / Apple Updates Microsoft Baseline Security Analyzer Avast! (free anti-virus) Tune-Up 2010 ( Malwarebytes Anti-Malware

22 Questions? Comments? Michael Ramsey (919) School Connectivity / E-Rate Division NC Department of Public Instruction