September 29, 2009Computer Security Awareness Day1 Fermilab.

Slides:

Advertisements

Similar presentations

Web Filtering. ExchangeDefender Web Filtering provides policy-controlled protection from dangerous content on the web. Web Filtering is agent based, allowing.

Advertisements

Supplied on \web site. on January 10 th, 2008 Customer Security Management Reducing Internet fraud June 1 st, 2008 eSAC Walk Thru © Copyright Prevx Limited.

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –

Day anti-virus anti-virus 1 detecting a malicious file malware, detection, hiding, removing.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Copyright© Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Tightening the Network: Network.

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

Symantec AntiVirus Update Mark Reynolds Manager of Support Services Technology Support Services Michael Satut Manager of Distributed Support Services Technology.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

SIRT Contact Orientation Security Incident Response Team Departmental Security Contacts April 16, 2004.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.

Protect Your Computer Protect Your Work Computing & Communications.

Viruses and Spyware. What is a Virus? A virus can be defined as a computer program that can reproduce by changing other programs to include a copy of.

Spring Definitions  Virus  A virus is a piece of computer code that attaches itself to a program or file so it can spread.

LittleOrange Internet Security an Endpoint Security Appliance.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.

Windows Anti-virus and Security WNUG Meeting

2851A_C01. Microsoft Windows XP Service Pack 2 Security Technologies Bruce Cowper IT Pro Advisor Microsoft Canada.

How to maintain your computer

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.

Ch 11 Managing System Reliability and Availability 1.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 IT Essentials PC Hardware and Software 4.1 Instructional Resource Chapter.

FNAL Configuration Management Jack Schmidt Cyber Security Workshop May th 2006.

eScan Total Security Suite with Cloud Security

First Community Bank Prevx Safe Online Rollout & Best Practice Presentation.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

Introduction to Information and Computer Science Security Lecture b This material (Comp4_Unit8b) was developed by Oregon Health and Science University,

Staying Safe. Files can be added to a computer by:- when users are copying files from a USB stick or CD/DVD - downloading files from the Internet - opening.

Hacker Zombie Computer Reflectors Target.

Using Windows Firewall and Windows Defender

Malware Fighting Spyware, Viruses, and Malware Ch 4.

Networking Security Chapter 8 powered by dj. Chapter Objectives  Explain various security threats  Monitor security in Windows Vista  Explain basic.

©Kwan Sai Kit, All Rights Reserved Windows Small Business Server 2003 Features.

Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 2 This material was developed by Oregon Health & Science University,

Windows Vista Security Center Chapter 5(WV): Protecting Your Computer 9/17/20151Instructor: Shilpa Phanse.

Troubleshooting Windows Vista Security Chapter 4.

FNAL System Patching Design Jack Schmidt, Al Lilianstrom, Andy Romero, Troy Dawson, Connie Sieh (Fermi National Accelerator Laboratory) Introduction FNAL.

PC MANAGER MEETING January 23, Agenda  Next Meeting  Training  Windows Policy  Main Topic: Windows AV Service Review.

A virus is software that spreads from program to program, or from disk to disk, and uses each infected program or disk to make copies of itself. Basically.

Symantec Targeted Attack Protection 1 Stopping Tomorrow’s Targeted Attacks Today iPuzzlebiz

INSTALLATION HANDS-ON. Page 2 About the Hands-On This hands-on section is structured in a way, that it allows you to work independently, but still giving.

RINGS (ResNet Integrated Next Generation Solution) Educause Security Professionals Conference 2006.

Module 2: Installing and Maintaining ISA Server. Overview Installing ISA Server 2004 Choosing ISA Server Clients Installing and Configuring Firewall Clients.

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

Return to the PC Security web page Lesson 5: Dealing with Malware.

G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.

Extending ISA/IAG beyond the limit. AGAT Security suite - introduction AGAT Security suite is a set of unique components that allow extending ISA / IAG.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

NetTech Solutions Protecting the Computer Lesson 10.

Myrtle Entertainment System Scanner How to work your way to installing a program via Myrtle Entertainment System Scanner.

Internet Explorer 7 Updated Advice for the NHS 04 February 2008 Version 1.3.

Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,

Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.

Page PearsonAccess™ Technology Training Online Test Configuration.

Page ADP Technology Training. 2 Page2 Confidential Copyright © 2007 Pearson Education, Inc. and/or one or more of its direct or indirect affiliates. All.

This courseware is copyrighted © 2016 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.

Palindrome Technologies all rights reserved © 2016 – PG: Palindrome Technologies all rights reserved © 2016 – PG: 1 Peter Thermos President & CTO Tel:

Outlook / Exchange Training. Outlook / Exchange: Agenda What Can Microsoft Exchange Do / How works at UST? and Inbox Mailbox Quota Archiving.

By the end of this lesson you will be able to: 1. Determine the preventive support measures that are in place at your school.

NETWORK SECURITY LAB 1170 REHAB ALFALLAJ CT1406. Introduction There are a number of technologies that exist for the sole purpose of ensuring that the.

KASPERSKY INTERNET SECURITY FOR ANDROID. YOUR MOBILE DEVICES NEED PROTECTION More online communications and transaction are happening on tablets and phones.

Al Lilianstrom CD/LSC/SOS/ESG  Blocked?  Operating Systems  Baselines  Detection  TiSSUE  Compliance  Windows  OS/X  Questions.

Switchvox SMB 4.6 for your peace of mind

Managing Windows Security

How to register and use ODMAP for Fire/EMS and other partners

Information Security Session October 24, 2005

Implementing Client Security on Windows 2000 and Windows XP Level 150

Designing IIS Security (IIS – Internet Information Service)

Presentation transcript:

September 29, 2009Computer Security Awareness Day1 Fermilab

Why are we here? Current environment How are machines getting infected? Improvements (timeline) Weekly AV scan changes What is Tissue? AV Notice TIssue Detector Rebuilds vs fixes AV service enhancements Help us to help you Blocked? Getting help… Questions? September 29, 2009Computer Security Awareness Day2

 AV Protection for ~3000 Windows systems  Volume of AV notices via ◦ ~1000 per month  A single machine can generate several notices  Too many for any one person to filter by hand ◦ Manual response  Can be unreliable  No priority  No official procedures prior to May 2009  Tune IT Up requirement September 29, 2009Computer Security Awareness Day3

 Symantec AV corporate edition 10 ◦ multiple parent servers to support Fermilab ◦ servers report into a central AV Report server ◦ system is configured to download and advertise new signature files every 15 minutes  If away from the lab: clients are configured to download new sig files from Symantec once a day ◦ clients are configured to perform a full scan once a week (most are set for Tuesday 2AM) ◦ clients use heuristics in addition to the standard signature based realtime protection. September 29, 2009Computer Security Awareness Day4

 AV alone cannot cover all malware ◦ Malware being written at a high rate, a challenge for AV manufactures to keep up ◦ Now needed - Antivirus, Antispyware, firewall, intrusion prevention, device and application control ◦ Local admin permissions  Domain and local accounts ◦ USB devices  Autorun & Autoplay can allow malware ◦ Web browsing  Business need web browsing  Non-business casual web browsing September 29, 2009Computer Security Awareness Day5

Malware runs in memory Attempt to write Rootkit to file system AV does real-time file scan after file is closed Malware Normal web surfing Request Rootkit from the cloud September 29, 2009Computer Security Awareness Day6 Malware

 Web Proxy Server ◦ Applied to 98% of the network subnets at the lab  Disable Autorun ◦ prevents malware from auto-running on USB device insertion  Restricting web access via domain ◦ Applies to machines with critical business needs  Restore points - 2 options ◦ disable restore to remove malware, then re-enable ◦ rebuild  Weekly AV Scan changes – next slide September 29, 2009Computer Security Awareness Day7

 Scans may be postponed four times ◦ instead of cancels  Tested new setting for several weeks with no problems  Staged rollout throughout the end of the year September 29, 2009Computer Security Awareness Day8

September 29, 2009Computer Security Awareness Day9  Tracking Issue workflow system ◦ Strong Authentication violations ◦ OS patching levels ◦ Network inventory ◦ Antivirus Notices  Monitors the central logging repository ◦ Blocks are issued based on parameter settings

September 29, 2009Computer Security Awareness Day10  Registered system administrators will get notified  Issue must be properly remediated or the system will be blocked  You will be blocked again if the problem is not actually fixed

September 29, 2009Computer Security Awareness Day11 This is automatically generated, do not reply. The system listed below is registered to you as a sysadmin. A network block for this system (described below) has been requested by Computer Security. Please visit: to view more details about the vulnerability found and to enter the action taken to fix the vulnerability. Note: If this event is not remediated, the system will be blocked from network access at None Here is a description of the host/sms check: IP Address: xx.xx MAC Address: 00:00:00:00:00:00 Node name: xxxxxxxxx Affiliation: xx/xx/xxx/xxxxxxxxxxxxxxxxx Last found: :08:41 Issue: Virus Found (Blocking Event) Additional Info:Class/Action/Location trigger: Host:xxxxxxxxxxxx IP: xx.xx USER:xxxxxxxxx Class/Action/Location triggers: Infostealer=Security Update for OS Microsoft Windows>>KB exe (Cleaned by Deletion ) THIS IS A BLOCK EVENT. If you experience difficulties resolving this issue or require additional assistance, please contact the FNAL Service Desk (x2345) to open a ticket to be routed to your local desktop or server support group.

 Previously each notice was manually reviewed  Now automated - virus notices are sorted and filtered ◦ Notices are flagged that require follow-up  All other AV notices are ignored o Started by using criteria that matched our current AV experience o Criteria changes will be made from Windows Policy Committee proposal vote September 29, 2009Computer Security Awareness Day12

 Follow-up criteria ◦ Virus type blocks  Root kits, keyloggers, information stealing, etc ◦ File location blocks  Operating system, application program, etc  Departmental file servers are exempt from blocks September 29, 2009Computer Security Awareness Day13

 Number of rebuilds are small versus the number of identified viruses  Rebuild if virus types meet criteria ◦ such as Hacktool.Rootkit & downadup (aka Confiker)  Rebuild if infected files are in protected system areas ◦ such as Windows, WINNT, System, System32  Fix if virus is in restore point  Ignore notices in temporary internet file areas and non-system areas September 29, 2009Computer Security Awareness Day14

 Working with vendor to identify detected malware  Review and upgrade current solution ◦ Endpoint Security Protection  Antivirus  Antispyware  Firewall  intrusion prevention  device and application control September 29, 2009Computer Security Awareness Day15

 If you are blocked please tell us if: ◦ you have recently borrowed a flash-drive/memory stick ◦ you have opened an attachment  especially from your non-Fermi account ◦ you have browsed business related web sites ◦ you have browsed casual web sites  Providing detailed information may help problem resolution and future enhancements September 29, 2009Computer Security Awareness Day16

 notice goes to the registered system administrator ◦ When your machine gets blocked you may not receive an notice.  Contact the Service Desk at x2345 ◦ If you suspect you have been blocked ask that the TIssue site be checked  Need to provide username, nodename, IP address etc. September 29, 2009Computer Security Awareness Day17

 Thank you for attending! September 29, 2009Computer Security Awareness Day18