Northwestern University
Download
Report
Transcript Northwestern University
UNITS Quarterly Meeting
April 29, 2004
Network Security
Roger Safian
[email protected]
Northwestern University Information Technology
Agenda
• Statistics
• Why these incidents occur
– What can be done to prevent them
• Questions
Northwestern University Information Technology
Statistics
• FY 2002/2003
– Virus = 1166
– Compromised = 727
– Total incidents = 3042
• 9/1/02 – 8/31/03
• FY 2003/2004
– Virus = 1436
– Compromised = 261
– Total incidents = 2220
• 9/1/01 – 2/29/04
Northwestern University Information Technology
Statistics – Take 2
Removing August (Blaster/Welchia)
• FY 2002/2003
– Virus = 336
– Compromised = 646
– Total incidents = 2037
• 9/1/02 – 7/31/03
• FY 2003/2004
– Virus = 1436
– Compromised = 261
– Total incidents = 2220
• 9/1/01 – 2/29/04
Northwestern University Information Technology
Statistics – Take 3
Same time frames
• FY 2002/2003
– Virus = 142
– Compromised = 342
– Total incidents = 1102
• 9/1/02 – 2/28/03
• FY 2003/2004
– Virus = 1436
– Compromised = 261
– Total incidents = 2220
• 9/1/01 – 2/29/04
Northwestern University Information Technology
Why these incidents occur?
• Weak Passwords
– All machines and accounts need passwords
– Use rules similar to the NetID rules
• Opening viral attachments
– Don’t open unexpected attachments
– Only open specific types of extensions
– Make sure to look at the LAST extension
Northwestern University Information Technology
Why these incidents occur? (2)
• Updates not applied
– Ensure Windows update runs automatically
– Don’t forget about layered products
• Network use
– P2P
– Be careful when clicking on links
Northwestern University Information Technology
Why these incidents occur? (3)
• Out of date anti-viral software
– Ensure you install the NU supplied software
– Set to update automatically EVERY day
• Blended Threats
– Multiple attack vectors directed at hosts
• Home Networks
– Frequently attacked with little monitoring
Northwestern University Information Technology
ISS Scans
• Internet Security Systems
– Network scanner
• Produces HTML reports
– Organized by severity
• Currently checks for ~1300 vulnerabilities
Northwestern University Information Technology
ISS Scans (2)
• Caveats
– Not 100% accurate
• A pretty decent indicator though
– Doesn’t see through your firewall
– Machine must be online
– Only looks for vulnerabilities it knows about
Northwestern University Information Technology
ISS Scans (3)
• Recommend getting report once per quarter
– Or any time you are suspicious
• Or have significant changes
• Request from [email protected]
– Send IP addresses you wish scanned
• Can specify a range or subnet
Northwestern University Information Technology
Questions?
• Contact Information
–
–
–
–
1-847-491-4058
1-847-467-6662 (NOC 24x7)
[email protected]
[email protected]
Northwestern University Information Technology