Your Users, Friend or Foe? - PowerPoint PPT Presentation

1 / 13
About This Presentation
Title:

Your Users, Friend or Foe?

Description:

These s are not to teach they are to remind. We hear lots of talk about what we should and ... Who thinks they are secure because they are firewalled? ... – PowerPoint PPT presentation

Number of Views:24
Avg rating:3.0/5.0
Slides: 14
Provided by: matthews49
Category:

less

Transcript and Presenter's Notes

Title: Your Users, Friend or Foe?


1
Your Users, Friend or Foe?
  • Matthew Sullivan
  • IT Security Manager, the University of Canberra
  • Creator, the Spam and Open Relay Blocking System
    (SORBS)
  • ltmatthew_at_sorbs.netgt

2
About this Talk
  • Provoking discussion.
  • The Network Security Problem.
  • To firewall, or not?
  • Old school, or just forgotten?
  • Some examples.
  • How does it affect you?

3
Provoking Discussion
  • These slides are not to teach they are to remind.
  • We hear lots of talk about what we should and
    shouldnt do, why dont we ask?
  • Windows Vista
  • Great new time saving product,
  • New smarter and, more secure OS,
  • Or cash cow designed to line the pockets of
    shareholders?
  • Or even something to drive the American Economy?

4
The Network Security Problem
  • Securing against outside attack the priority?
  • Securing against inside attack?
  • Security of the desktop?
  • Securing against stupidity?

5
To Firewall or not?
  • Everyone has a firewall, or do they?
  • Who thinks they are secure because they are
    firewalled?
  • Who thinks they are not secure without one?

6
Old School, or just forgotten?
  • Head count
  • How many hosts (lt100, 100-1000 or gt1k)?
  • How many seats (lt100, 100-1000 or gt1k)?
  • Who is firewalling?
  • Who has email gateways?
  • Who has had a host hacked (lt1m, lt1yr gt1yr)?
  • Firewalls are only needed to prevent stupidity
  • Without stupid people we wouldnt need them.
  • Without nasty people we wouldnt need them
    either.

7
An example (home user).
  • Senior Unix Admin working for Customs
  • Cant make Zone Alarm work with program.
  • Installs VNC for help.
  • Opens VNC port in firewall.
  • Doesnt set password.
  • 18 hours later, hacker attack
  • RootkitRevealer reveals nothing.
  • Machine under full remote control.

8
An Example (Professional)
  • Professor, external project.
  • Has 2 servers, RedHat, and Windows 2003
  • Machines are Servers for custom app.
  • ITSec alerted to scanning at 0330 5th Feb 07
  • 1000 Networks blocked external access.
  • 1530 6th Feb 07 machine and owner located.
  • Operator and Professor wondering why Windows 2003
    was having problems
  • 1535 6th Feb, machine removed from internal
    network.
  • 1300 8th Feb ITSec asked to examine machine.
  • RootkitRevealer indicated unidentified RootKit.
  • 9th Feb machine re-installed.

9
So whats the Problem?
  • Unix Admin, opens a port in firewall, doesnt
    secure service.
  • Professor hasnt patched Win 2003 server, common
    IIS exploit used to Root server.
  • Both ask ITSec why firewall didnt stop the
    hacker?

10
How does this affect you?
  • So what are the risks here?
  • A server hacked on the corporate network?
  • A home user, with their computer hacked?
  • A mobile user with a laptop?
  • Another example, the Chinese Laptop..
  • Staff member takes laptop to China
  • Laptop gets infected with Drive/Share virus.
  • Staff member hands USB drive around.
  • 5 machines get infected

11
Conclusion
  • Firewalls dont make you secure.
  • Good network practices keep you secure.
  • Successful attacks often start inside.
  • Getting inside is the biggest hurdle.
  • Using your staff against you make it easier.
  • VPNs need to be considered carefully.
  • Enforce controls about what can connect.
  • Ensure good home hygiene if you use VPNs
  • Monitor your internal network.
  • Consider your internal network Hostile if you
    allow external access.
  • Laptops are equivalent to home machines.

12
The Last Word
  • Be proactive.
  • Look for problems.
  • Use scanning tools internally.
  • Use IDSs.
  • Give access to those who need it.
  • Dont make things too difficult for users.
  • Making it more difficult for users will result in
    users making it easier for themselves.

13
Thank YouMatthew Sullivan
Write a Comment
User Comments (0)
About PowerShow.com