Dark Alleys of the Internet Part 2 ACE/NETC 2007 June 19, 2007 Albuquerque, NM Do the Right Thing!
Dark Alleys Part2
Jun 26, 2015
Internet security tips for network administrators
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Dark Alleys of the Internet
Part 2
Dark Alleys of the Internet
Part 2
ACE/NETC 2007June 19, 2007
Albuquerque, NM
Do the Right Thing!
Attack StatisticsAttack Statistics» AU Border Firewall
• Packets blocked by 1000s
» Intrusion Prevention System (blocking recommended attacks) (week of 5/28-6/02)
• 90,540 – blocked packets• 25,147 – suspicious packets• 3,893 – possibly successful
Passwords on a Sticky Note?
Passwords on a Sticky Note?How to stop the sharing
madness
PasswordsPasswords» No reason to share passwords
because you can use:• Shared files/folders• Permissions settings• Remote Desktop• E-mail Proxy• Web 2.0 products
Managing PasswordsManaging Passwords» Trade-offs
• Different passwords for different systems• Require passwords to change
» Password Managers• Password Safe
http://passwordsafe.sourceforge.net• Others
http://www.lifehack.org/articles/technology/10-free-ways-to-track-all-your-passwords.html
» Choosing a good passphrase• “1wbiDCH” (I was born in Dale County Hospital)http://www.aces.edu/extconnections/2006/10/
Network ProtocolsNetwork ProtocolsHelp protect users
Secure All ProtocolsSecure All Protocols
»Telnet -> SSH»FTP -> SFTP»SSL Certificates
• LDAP -> LDAPS• HTTP -> HTTPS
»Require Secure Protocols for New Applications
Plain-text ProtocolsPlain-text Protocols
Secure ProtocolSecure Protocol
SSL CertificatesSSL Certificates» Recognized
Certificate Authority -$$
» Pre-installed• Verisign• CyberTrust• Thawte
» Self-signed Certificates – free
» Manual Install• eXtension• AU
VS
Root CertificatesRoot Certificates
» Internet Explorer• Internet
Options• Content• Certificates
Self-Signed CertificatesSelf-Signed Certificates
» Products• Microsoft Certificate Authority• Mac OS - Keychain• Linux - OpenSSL
» Importing• Active Directory• Download• Script
Secure Network Access
Secure Network Access
For the Road Warriors
Virtual Private Network
Virtual Private Network
» VPN provides unlimited access to campus network
» Prevent eavesdropping» Treat off-campus just like WiFi
An insecure transmission medium
Public/Private WiFiPublic/Private WiFi» Restrict open WiFi ports/protocols» Encourage VPN
• Better encryption• Unrestricted access• Restrict OS announcements• Gain benefit of University border firewall• Restrict services to internal Ips
» Enable Security• Prevent stealing bandwidth• Add some security to insecure sites
Remote AccessRemote Access
» Remote Desktop» Shared space access» Printer access» Internal websites
Other References Other References» Bruce Schneier’s
http://www.schneier.com» SANS’ “@RISK: The Consensus
Security Alert”
Thank YouThank You
Jonas Bowersock, Greg Parmer
“Until it goes missing, security is a boring obstacle to productivity in the minds of most.”
-Greg Parmer
Related Documents
