IT Security in Schools
Download
Report
Transcript IT Security in Schools
IT Security in Schools
Tony Wong
Senior Systems Manager
IT Security Infrastructure Services
Information Technology Services Department
The Story of
Nimda
The Story of “Nimda”
Infection via E-Mail
Internet
mail server
INTRANET
INTERNET
infected PC
The Story of “Nimda”
Infection via E-Mail
Scan and Exploit IIS Web
Server Vulnerability
vulnerable infected IIS
IIS server web server
INTRANET
INTERNET
The Story of “Nimda”
Infection via E-Mail
Scan and Exploit IIS Web
Server Vulnerability
Exploit IE Browser Vulnerability
infected IIS
web server
INTRANET
unpatched
IE browser
INTERNET
The Story of “Nimda”
Infection via E-Mail
Scan and Exploit IIS Web
Server Vulnerability
Exploit IE Browser Vulnerability
Infection via Network File
Sharing
desktop PC
file server
INTRANET
infected PC
INTERNET
INTRANET
INTERNET
Moral of the Story
Nimda is a model of modern virus/worm
Fast & globalize spreading, hits 2.2 million
systems in 24 hours
Affect beyond end user PCs
Multi-points attack (e-mail, software loophole,
file server, web server etc.)
Blended threats (virus, mass mailing, DoS,
Trojan horse, intrusion etc.)
Common Internet Threats
Virus and Worm
Web Defacement
Hacking & Intrusion
DoS / DDoS
Web Defacement
Exploit system and software vulnerabilities
Insider attack
Automatic tools available on the Internet
detect vulnerable system
crack server password
launch attack and remove logging
install Trojan horse (back door)
Attacks are easy to launch but difficult to trace
An average of 500 defacements are recorded
by Zone-H each day
http://www.zone-h.com/en/defacements/filter/
Web Defacement
A Sample Defaced Web Site
Hacking & Intrusion
Exploit system and software vulnerabilities
Use automatic tools
crack server password
detect vulnerable system
locate Trojan horse (back door)
Remote access and control other systems
Access, change or delete programs and files
Deface web site
Attack other systems
Remote Control Trojan (Sub7)
Installed in the victim’s computer through:
Allows the attacker to do many things in
your computer remotely including:
e-mail attachment
access to unprotected network shares
install manually by hacker (or insider)
run any commands; upload/download/delete
files; capture monitor display; capture from
webcam; record from microphone; capture what
you type; steal passwords; and many more
Ref: http://rr.sans.org/toppapers/subseven.php
Remote Control Trojan (Sub7)
Sample Sub7 Client Screen (Used by Hacker)
DoS / DDoS
(Distributed) Denial of Service attack
Continuous flooding of data to target system
System or network overload or down
Legitimate users cannot access the system
Exploit system and software vulnerabilities
Use automatic tools, virus, Trojan horse etc.
Plant attack program to large number of
infected systems
Trigger global attack to a targeted system
The Problem
Vulnerable products
Internet was not designed for high security
Readily available tools
Human errors
Spoofing is easy
The infrastructure (DNS, Routers) is vulnerable
to attacks
Governance is open
Mis-configured or unpatched systems
Default or easily guessed passwords
Abuse, hacking
Lack of awareness and ethic
The Impact to School
Can be a target or a source of attack
Service interruption
Compromise of sensitive information
Cost to recover
Counter-example to ethic development
Lost reputation
Criminal liability
Technical Countermeasures
Remove unused programs and services
Anti-virus and anti-spam system
Traffic/Content filtering system
Firewall
System Logging
Intrusion Detection & Response System
Timely apply security patches and updates
Technical Countermeasures
Password and access management
File and data management
Segregation of networks, systems and data
Disconnect from Internet when not in use
Shutdown workstations when not in use
Periodic system housekeeping (system cloning)
Regular risk assessment and review
and many more….
Risk Management
Know your risk and priority
Physical security and access control
Adopt best practices & guidelines
Develop acceptable use policy
Setup incident response team
Ethic development
Security awareness and education
Information security is everyone’s business
Useful Resources
Government Web Sites:
http://www.itginfo.gov.hk/content/itsecure/ (login required)
http://www.infosec.gov.hk/
HKCERT/CC:
http://www.hongkongcert.org
Microsoft Security Bulletins:
http://www.microsoft.com/technet/security/current.asp