Dark Alleys Part2
Download as PPT, PDF1 like557 views
This document summarizes attack and intrusion prevention statistics from a university's firewall and discusses best practices for password security, secure network protocols, virtual private networks, and remote access security. It recommends using techniques like password managers and passphrases instead of sharing passwords. It also encourages securing plain text protocols like FTP, Telnet, HTTP with their secure counterparts like SFTP, SSH, HTTPS and using recognized certificate authorities for SSL certificates.
Dark Alleys Part2
- 1. Dark Alleys of the Internet Part 2 ACE/NETC 2007 June 19, 2007 Albuquerque, NM Do the Right Thing!
- 2. Attack Statistics AU Border Firewall Packets blocked by 1000s Intrusion Prevention System (blocking recommended attacks) (week of 5/28-6/02) 90,540 – blocked packets 25,147 – suspicious packets 3,893 – possibly successful
- 3. Passwords on a Sticky Note? How to stop the sharing madness
- 4. Passwords No reason to share passwords because you can use: Shared files/folders Permissions settings Remote Desktop E-mail Proxy Web 2.0 products
- 5. Managing Passwords Trade-offs Different passwords for different systems Require passwords to change Password Managers Password Safe http://passwordsafe.sourceforge.net Others http://www.lifehack.org/articles/technology/10-free-ways-to-track-all-your-passwords.html Choosing a good pass phrase “ 1wbiDCH” (I was born in Dale County Hospital) http://www.aces.edu/extconnections/2006/10/
- 6. Network Protocols Help protect users
- 7. Secure All Protocols Telnet -> SSH FTP -> SFTP SSL Certificates LDAP -> LDAPS HTTP -> HTTPS Require Secure Protocols for New Applications
- 10. SSL Certificates Recognized Certificate Authority -$$ Pre-installed Verisign CyberTrust Thawte Self-signed Certificates – free Manual Install eXtension AU VS
- 11. Root Certificates Internet Explorer Internet Options Content Certificates
- 12. Self-Signed Certificates Products Microsoft Certificate Authority Mac OS - Keychain Linux - OpenSSL Importing Active Directory Download Script
- 13. Secure Network Access For the Road Warriors
- 14. Virtual Private Network VPN provides unlimited access to campus network Prevent eavesdropping Treat off-campus just like WiFi An insecure transmission medium
- 15. Public/Private WiFi Restrict open WiFi ports/protocols Encourage VPN Better encryption Unrestricted access Restrict OS announcements Gain benefit of University border firewall Restrict services to internal Ips Enable Security Prevent stealing bandwidth Add some security to insecure sites
- 16. Remote Access Remote Desktop Shared space access Printer access Internal websites
- 17. Other References Bruce Schneier’s http://www.schneier.com SANS’ “@RISK: The Consensus Security Alert”
- 18. Thank You Jonas Bowersock , Greg Parmer “ Until it goes missing, security is a boring obstacle to productivity in the minds of most.” -Greg Parmer
Editor's Notes
- #2: This is a presentation for system network administrators. Administrators should help teach their users proper security methods.