Network Security-Teachers.key

Transcription

NewNet 66
Network Security for Teachers
The Quick Course
NewNet 66
--* Warning *-The information you will see in this presentation is actual data
pulled from school districts on the NewNet 66 network.
This information is NOT designed to scare you or to detour
you from using the Internet as an educational tool but is
designed to inform you of risks and other exploits which are
real and can cause you frustration.
Knowledge about exploits on the Internet and following a few
basic rules will make you more productive in the classroom,
increase your productivity using technology, and protect your
network from the bad guys.
NewNet 66
Who is NewNet 66?
~ NewNet 66 is an Interlocal Cooperative of K12 schools.
~ Based out of Claremore Oklahoma.
~ We provide Technology/Networking Services to K12 schools.
* Email
* Web Hosting
* Network design
* Network security
* Network monitoring
* Training
~ A lot of Geek Speak Stuff!
In short, NewNet 66 remains very transparent to most
administrators, teachers, and students.
We sit quietly in the background and watch over you (our schools)
insuring your Internet safety.
NewNet 66
Network Security in K12
Network security for your school is very much like security for
your home. To keep the bad guys out of your home you do things
like lock the doors, turn on lights when your away, or set the
alarm system if you have one.
Questions you might have (discussion):
~ What is a Network?
~ What the heck is Network Security?
~ Why should I care about Network Security?
~ Who is responsible for our school’s Network Security?
~ What is Spyware?
~ What are Viruses and Worms?
~ What is Phishing?
~ What are Trojans, Backdoors, and Key-loggers?
~ How does all of the above affect me? All I want to do is teach!
NewNet 66
Network Security in K12
Who is responsible for keeping your
school’s network secure?
Everyone is Responsible!!!
e
T
a
s
’
It
.
t
r
o
f
f
am E
NewNet 66
Spam
Spam - What is it? Why do I get it?
• Spam, by simple definition, is unwanted email or email that is
sent to you unsolicited.
• Over 85% of all email on the Internet is Spam.
• Spammers send this type of email because it’s profitable.
• Spam is also a source for worms, viruses, spyware, trojans, and
other network attacks.
• Stopping Spam is becoming more difficult every day. The
spammers are creative and often know you better than you
know yourself.
NewNet 66
Spam
Spam Example
From: [email protected]
Subject: [***SPAM*** Score/Req: 23.7/4.7] Order
status, mustache monkey
Date: July 21, 2006 7:51:52 AM CDT
To:
[email protected]
Even if you have no erectin problems SOFT CIA2LIS
would help you to make BETTER SEQX MORE OFTEN!
and to bring unimagnable plesure to her.
Just disolve half a pil under your tongue
and get ready for action in 15 minutes.
The tests showed that the majority of men
after taking this medic ation were able to have
PERFECT ER5ECTION during 36 hours!
VISIT US, AND GET OUR SPECIAL 70% DISC2OUNT
OFER!
Note the
Spelling
Email servers
look
for keywords
but don’t know
how to spell.
NewNet 66
Phishing 1
Social Engineering
Phishing (fishing)
Watch Out For The Sharks
Phishing (a deliberate misspelling of the word 'fishing') is a specific form of
cyber crime. Phishing tricks computer users into disclosing personal details such
as usernames, passwords, PIN numbers, credit card numbers etc, which
are linked to bank accounts or on-line shopping accounts. These details are
then used to steal money. So phishing is fraud: first your personal information
and then your money...
As you'd expect, phishers target organizations that handle high volume financial
transactions online. In the last 24 months, customers of nearly all major banks
(BOK, Barclays, Citibank, Halifax, HSBC, Lloyds TSB and MBNA, NatWest)
have all been targeted by phishers. However, it's not only banking customers
who are at risk - Amazon, AOL, BestBuy, eBay, MSN, PayPal and Yahoo
have all been targeted by phishing scams.
NewNet 66
Phishing 2
Social Engineering
Phishing (fishing)
How it Works
How Phishing works: Phishing begins when a crook creates an email that looks like it was sent from a
reputable company. The emails that are sent look very real -- down to the smallest detail. They are
created by professionals that are in the business of stealing your information and turning it into cash.
The organizations that these emails purport to be from are companies such as CitiBank, eBay, Go
Daddy, Bank of Oklahoma, PayPal and many others.
What happens to your information once it is stolen?
So what happens to this information once it is provided to the Phishing crooks? Typically, it is
immediately spirited someplace overseas, quite often (but not necessarily) to third world countries.
Once there, the crooks will begin using the information (perhaps charging your credit card, perhaps
applying for more bogus cards or loans, perhaps debiting money out of your checking account). This
typically takes place within a few hours. In the meantime, you have no idea that this is taking place.
When it comes to Phishing, assume you are on your own!
You also can’t rely on the authorities to come to your rescue. If you’re a victim, you should report the
crime; however, because most of it is across international borders, and because the volume of it is
overwhelming -- don’t look for any help from that end. So the sad truth here is that you’re pretty much
on your own. You’ve simply got to provide your own protection.
NewNet 66
Phishing 3
Social Engineering
Phishing (fishing)
How to detect Phishing
How to detect Phishing.
So how do you tell if an email being sent to you is a Phishing attempt? Fortunately, there are a
number of rules you can follow and they are very simple:
1. Assume any email requesting that you verify your credit card, password or other personal information
-- is Phishing. You need to be disciplined about this, because the crooks will use all sorts of 'alarming'
reasons to get your data. They’ll say someone else accessed your account, or there’s been suspicious
activity in your account. Ignore all of this. If you have to mitigate the concern, then do so by following
the next rule.
2. Do not visit a company’s website by clicking on the link in the email. Instead, simply type that
company’s web address into your browser. That way, you’re much more assured of going to the
company’s real website, and not a sham website setup by some crook.
3. If you receive an email that simply does not contain your name, but instead refers to you as "Dear
Customer", or doesn’t refer to you at all –- you should assume that it’s Phishing.
4. Beware of any email that asks you for: Credit or Debit card numbers - Driver's License numbers Passwords - Bank Account numbers - Social Security numbers - Your Full Name - Birth Date Email addresses.
NewNet 66
Phishing BOK Example page 1
From: [email protected] <[email protected]>
Reply-To: [email protected]
Date: Fri, 24 Jun 2005 14:23:43 +0200 (CEST)
To: [email protected]
Subject: The unusual login attempts to your personal account!
Dear Bank Of Oklahoma Customer!
We recently noticed several attempts to log in to your personal account from a foreign IP address and we have
reasons to believe that your account was used by a third party without your authorization. If you recently accessed
your account while traveling, the unusual login attempts may have been initiated by you.
The login attempt was made from:
IP address: 172.25.210.66
ISP Host: cache-66.proxy.aol.com
After three unsuccessful attempts to access your account, your personal Online Profile has been locked. This has
been done to secure your accounts and to protect your private information. Bank Of Oklahoma is trying to make sure
that your online transactions are secure.
You must unlock your profile by going to:
https://www.bankofoklahoma.com/ <http://www.onlinebanking-bankofolohoma.com/>
If you should have any additional questions or concerns, please contact
Customer Service at:
[email protected] <mailto:[email protected]>
Thank You for using Bank Of Oklahoma !
©2005 Bank Of Oklahoma Corporation. All rights reserved. Bank Of Oklahoma N.A. Member FDIC.
NewNet 66
Phishing BOK Example page 2
NewNet 66
Holiday Phishing Example 1
This was spammed
out via email
Christmas Eve of
2007 to millions of
people.
If you were to take
the bait and click, you
immediately get
infected with EmailWorm.Win32.Zhelatin
.pd
There is nothing
wrong with the email
itself but when you
click the link it takes
you to servers located
in many different
countries which infect
your computer.
NewNet 66
Holiday Phishing Example 2
Original email which looks very
innocent.
When you look inside the email
you see where it really came from.
83.12.246.250 belongs to a DSL
user in Warsaw Poland.
NewNet 66
How do Viruses/Worms/Spyware
Impact Your School?
• A really bad virus/worm can bring down your entire network.
• Increase Internet bandwidth consumption which affects all
users on the network. (slow network/Internet access)
• Stop the process of recording student information.
• Stop the process of delivering information from local servers
to students and staff.
• Turn your school into a large Spam site resulting in being
“blacklisted” on the Internet. (your email stops working)
• Destroy critical information like student data, and financial
information.
• With SDE mandating SIF compliance your network must be
operational 24X7.
• Frustrate you to the point of *!*%$.
NewNet 66
The Number One Security Threat Today
• Spyware, Trojans, and Keyloggers are the number one threat
today. All are strongly related to Identity Theft.
• According to security company CipherTrust, more than 180,000
PCs are turned into zombies every day, and that figure is
continually rising.
• Users are rarely aware that their machines have been hijacked.
The network continues to work, albeit more slowly at times, and
users have no control over the secret tasks it is being asked to
perform.
• Most analysts forecast that phishing attacks will continue to grow
in number and in sophistication
NewNet 66
BotNet
BotNets
Bad Guy
or
Bot Herder
17
NewNet 66
How Bad Guys Work
The Mechanics
Bad Guys
er
r
kdoo
Bac
ets a
2. G
g
eylog
or K
School
rnet
Inte
o
t
ys
oes
d Gu
a
1. G
B
o
ata t
its D
nsm
3. Tra
4. Withdraw $$$
Step 1. A workstation at the school
goes to the Internet doing research or
possibly checks 3rd party email.
Step 2. A Backdoor, Keylogger, or
Spyware is downloaded to the
School’s Workstation and begins
capturing personal information.
Step 3. The Backdoor, Keylogger or
Spyware transmits banking
information to the Bad Guys. At this
point the Bad Guys Own You!
Step 4. The Bad Guys withdraw
$10.00 from your bank account.
Bank
The Bad Guys might make 10,000
transactions per month on
10,000 different bank accounts.
Do the Math!
NewNet 66
Calculate The Cost
How Much Do Virus/Worm/SpyWare Attacks
Cost Your District?
• How many hours does your technical support staff spend cleaning
just one infected workstation? If 20 get infected do the math.
• How many hours of staff productivity loss can one bad worm cause?
• If your network has infected PCs, can teachers post grades to the
server?
Average time to clean one PC = 45 minutes
20 PCs * 45 minutes = 15 hours
If you had to clean 300 PCs in one year....
That’s 225 hours or 28 - 8 hour working days
NewNet 66
Myspace.com In The News
NewNet 66
Bandwidth Utilization
Your Connection to the Internet
Normal Bandwidth
Very High Bandwidth Utilization
Due to a Worm
InterMapper
NewNet 66
Email
Is it private? Is your password being seen? Who reads your email?
•
Email - Is the most widely used Internet technology today. It is also the most
abused!
•
Is email you send or receive private? Absolutely Not! The rule of thumb is:
Don’t email passwords, personal information or anything else you don’t want
others to read!
•
Email passwords need to be secure. DO NOT use family names, school names,
or birth dates as passwords. The hackers can figure this out very quickly and gain
access to your email account.
•
Why can’t I get to my Gmail or Yahoo email account from school? Many
schools block 3rd party email for security reasons. Viruses and Worms can come
into your network via Yahoo mail and other 3rd party email. It’s not worth the risk.
•
Just one infected email can cause your entire school network to fail!
NewNet 66
Email Etiquette
• Take care with rich text and HTML messages. (Use plain text format)
• Do not write in CAPITALS. (This is considered shouting.)
• Don't reply to spam. (You just confirmed your email address to the
bad guys.)
• Use proper spelling, grammar & punctuation. (Makes you look good)
• Do not use email to discuss confidential information. (Remember,
email is not private)
•
•
•
•
•
Do not attach unnecessary files. (Smileys, animated gif files etc.)
Don't forward virus hoaxes and chain letters.
Avoid long sentences and be concise.
Read the email before you send it.
Make sure email addresses are correct. (Make sure your address book
and groups are accurate!!!)
NewNet 66
Passwords (1)
Passwords
Password Strategies To Avoid
Creating secure passwords is one significant step in maintaining password
security. Below are password strategies to avoid.
~ Avoid sequences or repeated characters. "12345678," "222222,"
"abcdefg," or adjacent letters on your keyboard do not help make secure
passwords.
~ Avoid your login name. Any part of your name, birthday, social security
number, or similar information for your loved ones constitutes a bad
password choice. This is one of the first things criminals will try. Do NOT
use the school’s mascot name.
~ Don’t write down your password on a sticky note and place it on your
computer monitor.
~ Do not share your password with anyone.
NewNet 66
Passwords (2)
Passwords
How To Create Strong Passwords
Creating a strong password can be a simple process and easy to remember.
When creating your password use at least 8 characters and a combination
of lower case letters, upper case letters, numbers, and special characters
like #$%.
Example:
~ Pick a base word to work from. Let’s say you like football.
~ Football meets the 8 character criteria but has no special characters. To
make it more secure it might look like Football1985@!
Chandler could look like - cHand1990$%
Kent could look like
- &Kentmiester@@
Roger could look like
- rOgerDoger@5
Password strength check: http://www.microsoft.com/protect/yourself/password/checker.mspx
NewNet 66
Guide Lines
The Top Eight Things You Can Do.
1. Update your Antivirus software on your workstation daily. (this may be done automatically
depending on how updates are implemented in your district)
2. Make sure you update your Windows operating system monthly or when updates are
available. (apply the patches)
3. Watch out for strange email or anything that does not fit what you would perceive as “normal.”
4. Delete any email you are not sure of.
5. Don’t download software that is not authorized by your school district.
6. Do not share passwords with anyone!!! Don’t write down your password on a sticky note and
post it on your monitor.
7. If you bring files electronically from home via a CD, DVD, Thumb Drive, or a Floppy Disk, then
have it scanned for Viruses, Worms, and Spyware BEFORE you insert it into your workstation.
8. Use common sense! If you observe something you consider to be out of the ordinary, report it.
NewNet 66
org-name:
Servage Hosting
remarks:
--------------remarks:
www.servage.net
remarks:
--------------org-type:
NON-REGISTRY
address:
Im Grund 9
address:
24939 Flensburg
abuse-mailbox:[email protected]
mnt-ref:
sa-mnt
mnt-by:
sa-mnt
source:
RIPE # Filtered
role:
address:
address:
address:
admin-c:
tech-c:
nic-hdl:
mnt-by:
Servage Hostmaster
Im Grund 9
24939 Flensburg
Germany
saac-ripe
satc-ripe
sahm-ripe
sa-mnt
Interesting Tidbits
This Firewall Log shows a person from Germany
trying to gain access to the Sperry Public Schools
network. This Bad Guy is scanning for an “open
door” in the network.
NewNet 66
Interesting Tidbits
Collinsville Firewall Events
Haifa Israel - Omega Building
Dasman, Kuwait
NewNet 66
TippingPoint
Chandler Public Schools has a Firewall/Intrusion Detection device located at the
hub site. Below are events which took place Sunday, January 20 between
05:41 and 05:44 a.m. Below is a small sample of the Intrusion log.
Vortec inc.
Orlando, Florida
Pushechnaya st.
Moscow, Russia
NewNet 66
www.newnet66.org
This presentation is available on our web site.
www.newnet66.org/support

Network Security-Teachers.key

Transcription

Similar documents

TRICK YOU - PCI Security Standards Council

Malware at a glance or: Facing the latest threats

Of Interest

Why NewNet Voice and Rating Solutions?

Pfhishing 2008 07 21

Viruses, Worms, Spyware, Phishing, Pharming

Security Awareness Hackers Auditors Perspective public

Clik here to open the Sterkinekor Moviestop: Membership Card Guide

DVU Log-in Credentials

10 things you must do about email security right now!