Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
IT Security in Schools Tony Wong Senior Systems Manager IT Security Infrastructure Services Information Technology Services Department The Story of Nimda The Story of “Nimda” Infection via E-Mail Internet mail server INTRANET INTERNET infected PC The Story of “Nimda” Infection via E-Mail Scan and Exploit IIS Web Server Vulnerability vulnerable infected IIS IIS server web server INTRANET INTERNET The Story of “Nimda” Infection via E-Mail Scan and Exploit IIS Web Server Vulnerability Exploit IE Browser Vulnerability infected IIS web server INTRANET unpatched IE browser INTERNET The Story of “Nimda” Infection via E-Mail Scan and Exploit IIS Web Server Vulnerability Exploit IE Browser Vulnerability Infection via Network File Sharing desktop PC file server INTRANET infected PC INTERNET INTRANET INTERNET Moral of the Story Nimda is a model of modern virus/worm Fast & globalize spreading, hits 2.2 million systems in 24 hours Affect beyond end user PCs Multi-points attack (e-mail, software loophole, file server, web server etc.) Blended threats (virus, mass mailing, DoS, Trojan horse, intrusion etc.) Common Internet Threats Virus and Worm Web Defacement Hacking & Intrusion DoS / DDoS Web Defacement Exploit system and software vulnerabilities Insider attack Automatic tools available on the Internet detect vulnerable system crack server password launch attack and remove logging install Trojan horse (back door) Attacks are easy to launch but difficult to trace An average of 500 defacements are recorded by Zone-H each day http://www.zone-h.com/en/defacements/filter/ Web Defacement A Sample Defaced Web Site Hacking & Intrusion Exploit system and software vulnerabilities Use automatic tools crack server password detect vulnerable system locate Trojan horse (back door) Remote access and control other systems Access, change or delete programs and files Deface web site Attack other systems Remote Control Trojan (Sub7) Installed in the victim’s computer through: Allows the attacker to do many things in your computer remotely including: e-mail attachment access to unprotected network shares install manually by hacker (or insider) run any commands; upload/download/delete files; capture monitor display; capture from webcam; record from microphone; capture what you type; steal passwords; and many more Ref: http://rr.sans.org/toppapers/subseven.php Remote Control Trojan (Sub7) Sample Sub7 Client Screen (Used by Hacker) DoS / DDoS (Distributed) Denial of Service attack Continuous flooding of data to target system System or network overload or down Legitimate users cannot access the system Exploit system and software vulnerabilities Use automatic tools, virus, Trojan horse etc. Plant attack program to large number of infected systems Trigger global attack to a targeted system The Problem Vulnerable products Internet was not designed for high security Readily available tools Human errors Spoofing is easy The infrastructure (DNS, Routers) is vulnerable to attacks Governance is open Mis-configured or unpatched systems Default or easily guessed passwords Abuse, hacking Lack of awareness and ethic The Impact to School Can be a target or a source of attack Service interruption Compromise of sensitive information Cost to recover Counter-example to ethic development Lost reputation Criminal liability Technical Countermeasures Remove unused programs and services Anti-virus and anti-spam system Traffic/Content filtering system Firewall System Logging Intrusion Detection & Response System Timely apply security patches and updates Technical Countermeasures Password and access management File and data management Segregation of networks, systems and data Disconnect from Internet when not in use Shutdown workstations when not in use Periodic system housekeeping (system cloning) Regular risk assessment and review and many more…. Risk Management Know your risk and priority Physical security and access control Adopt best practices & guidelines Develop acceptable use policy Setup incident response team Ethic development Security awareness and education Information security is everyone’s business Useful Resources Government Web Sites: http://www.itginfo.gov.hk/content/itsecure/ (login required) http://www.infosec.gov.hk/ HKCERT/CC: http://www.hongkongcert.org Microsoft Security Bulletins: http://www.microsoft.com/technet/security/current.asp