Wolfgang von Rüden, CERN IT, August 20031 Computer Security: A permanent and costly battle Update for the CERN Management Board 26 August 2003 Wolfgang.

Slides:

Advertisements

Similar presentations

Thank you to IT Training at Indiana University Computer Malware.

Advertisements

By Hiranmayi Pai Neeraj Jain

Cybersecurity Training in a Virtual Environment By Chinedum Irrechukwu.

For Removal Info: visit

Safe IT – Protect your computer and Family from unwanted programs viruses and websites.

CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,

Blended Threats and Layered Defenses Security Protection in Today’s Environment Marshall Taylor

Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.

INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.

NetPass and Northwestern By Julian Y. Koh As told by Robert Vance NUIT-Telecom & Network Services.

Symantec AntiVirus Update Mark Reynolds Manager of Support Services Technology Support Services Michael Satut Manager of Distributed Support Services Technology.

SIRT Contact Orientation Security Incident Response Team Departmental Security Contacts April 16, 2004.

Protecting Yourself Online. VIRUSES, TROJANS, & WORMS Computer viruses are the "common cold" of modern technology. One in every 200 containing.

What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:

Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.

Viruses and Spyware. What is a Virus? A virus can be defined as a computer program that can reproduce by changing other programs to include a copy of.

Spring Definitions  Virus  A virus is a piece of computer code that attaches itself to a program or file so it can spread.

Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.

Maintaining and Updating Windows Server 2008

Computer Security Update Bob Cowles, SLAC stanford.edu Presented at HEPiX - TRIUMF 23 Oct 2003 Work supported by U. S. Department of Energy.

EDUCAUSE Security 2006 Internet John Brown University.

Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.

Desktop Security: Worms and Viruses Brian Arkills, C&C NDC-Sysmgt.

Norman SecureSurf Protect your users when surfing the Internet.

Security and Risk Management. Who Am I Matthew Strahan from Content Security Principal Security Consultant I look young, but I’ve been doing this for.

Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.

Protect Your Computer from Viruses and Other Threats! 1. Use antivirus software. 2. Run Windows updates. 3. Use a strong password. 4. Only install reputable.

First Community Bank Prevx Safe Online Rollout & Best Practice Presentation.

1 Network Admission Control to WLAN at WIT Presented by: Aidan McGrath B.Sc. M.A.

Laptops and Computer Security Gareth Smith. Current Situation in PPD Standardised on Dells (D400, D600) Total bought to date by department: ~50. Loan.

Computing services for the Traveling Physicist Alberto Pace CERN – Information Technology Division.

CERN’s Computer Security Challenge

Raven Services Update December 2003 David Wallis Senior Systems Consultant Raven Computers Ltd.

Keeping you Running Part I Experiences in Helping Local Governments Develop Cyber Security and Continuity Plans and Procedures Stan France & Mary Ball.

Portable Computer Registration Jean-Michel Jouanigot et al. Presentation to FOCUS on 2 October 2003.

Talking points Attacks are more frequent, more aggressive, require more time to repair and prevent Machines get compromised in 2003 for the same reasons.

©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.

Honeypot and Intrusion Detection System

How CERN reacted to the Blaster and Sobig virus attack Christian Boissat, Alberto Pace, Andreas Wagner.

A virus is software that spreads from program to program, or from disk to disk, and uses each infected program or disk to make copies of itself. Basically.

Backup Procedure  To prevent against data loss, computer users should have backup procedures  A backup is a copy of information stored on a computer.

A computer virus is a computer program that can replicate itself and spread from one computer to another. The term "virus" is also commonly, but erroneously.

1 Figure 4-16: Malicious Software (Malware) Malware: Malicious software Essentially an automated attack robot capable of doing much damage Usually target-of-opportunity.

Simplifying the Configuration of Student Laptops — StirlingVPNSetup Simon Booth University of Stirling Laptop Forum 27th June 2006.

CERN IT Department CH-1211 Genève 23 Switzerland t Windows Desktop Applications Life-cycle Management Sebastien Dellabella, Rafal Otto Internet.

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

1 CERN’s Computer Security Challenges Denise Heagerty CERN Computer Security Officer Openlab Security Workshop, 27 Apr 2004.

Virus and anti virus. Intro too anti virus Microsoft Anti-Virus (MSAV) was an antivirus program introduced by Microsoft for its MS-DOS operating system.

Computer Viruses and Worms By: Monika Gupta Monika Gupta.

Note1 (Admi1) Overview of administering security.

Advanced Accounting Information Systems Day 23 Operating Systems Security October 16, 2009.

Computer Security Risks for Control Systems at CERN Denise Heagerty, CERN Computer Security Officer, 12 Feb 2003.

CERN - European Organization for Nuclear Research Beyond ACB – VPN’s FOCUS June 13 th, 2002 Frédéric Hemmer & Denise Heagerty- IT Division.

Lecture 19 Page 1 CS 236 Online Securing Your System CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Computer Security Status Update FOCUS Meeting, 28 March 2002 Denise Heagerty, CERN Computer Security Officer.

Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.

W elcome to our Presentation. Presentation Topic Virus.

Computer Security Status C5 Meeting, 2 Nov 2001 Denise Heagerty, CERN Computer Security Officer.

CERN - European Organization for Nuclear Research Windows 2000 Update FOCUS June 13 th, 2002.

Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,

1 Integrated Site Security Project Denise Heagerty CERN 22 May 2007.

Virus Infections By: Lindsay Bowser. Introduction b What is a “virus”? b Brief history of viruses b Different types of infections b How they spread b.

Sniper Corporation. Sniper Corporation is an IT security solution company that has introduced security products for the comprehensive protection related.

Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.

SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #

1 What will be the Coming Super Worms and Viruses By Alan S H Lam.

WannaCry/WannaCrypt Ransomware

WannaCry/WannaCrypt Ransomware

A Trojan is a computer program that contains the malicious code and it misleads users and user's computer. It aims to designed to perform something is.

Presentation transcript:

Wolfgang von Rüden, CERN IT, August Computer Security: A permanent and costly battle Update for the CERN Management Board 26 August 2003 Wolfgang von Rüden CERN, IT Division Leader

Wolfgang von Rüden, CERN IT, August The VIRUS trend is going up ! Virus attacks have been with us for a long time and … They seem to get more and more sophisticated and destructive Our latest case is the Blaster Worm

Wolfgang von Rüden, CERN IT, August What happened ? Scandinavia's Nordea bank70 branch offices closed, worm in servers of all 440 offices Stanford University2,500 computers hacked (Blaster) CSX RailwaysCurtailed train service while restoring computer systems during 8 hours New York TimesAsked via public address system to shut off all computers (1/2 day) CFFWeb site problems for users (timetable, ticketing), long waits MarylandMotor vehicle administration affected Federal Reserve Atlanta/GABank affected Air Canada50% of phone reservation system capacity affected plus some check-in operations China2,000 intranet systems stopped OrsayWindows support on holidays

Wolfgang von Rüden, CERN IT, August Events since 16 July 2003 (1) 16 JulyMicrosoft releases a security bulletin warning about a so- called RPC vulnerability (MS03-26) affecting most versions of the Windows operating system 24 JulyIT launches a campaign to protect computers against this vulnerability systems are patched (one command) 1 AugScan tool available: 500 vulnerable systems detected. Administrators contacted using Network DB information 11 AugustLeading antivirus companies warned about an exploit (W32.MSBlaster) rapidly spreading around the world. It is expected to make massive attacks against windowsupdate.com as of Saturday 16 August 13 AugustMail sent to each Division Leader with the list of vulnerable machines

Wolfgang von Rüden, CERN IT, August Events since 16 July 2003 (2) 15 AugustDespite multiple reminders, more than 200 Windows systems are still vulnerable. Site scanning shows suspicious activities, in particular via ACB or VPN, which are blocked for the week-end. Risk that those computers could launch the attacks and thereby potentially bringing down the whole or parts of the network and potentially reducing the ability of the organization to execute its mission. 18 AugustIT management decides to block vulnerable systems at the network level and to continue restrictions on the ACB and VPN service. No time to follow the usual consulting channels. Affected users are informed, provided the entry in the registration DB is up-to-date 18 AugustAn even more severe threat exploiting the vulnerability, "W32.Welchia", appeared and is now causing disruption at several sites 18 AugustTask force in place to help users to get back to normal. 19 AugustIn the afternoon, a mass mailing virus (W32.Sobif.F) started to appear at CERN and affects many users

Wolfgang von Rüden, CERN IT, August Status as of yesterday Better scanning tools in place Network tools added to block bad systems Still 150 systems blocked (half are portables and ~ 40 unregistered) More than 100 systems infected so far Both ACB and VPN are back, but restricted to common facilities (mail, web, file access) Helpdesk got 25% more calls More problems expected as people come back from holidays

Wolfgang von Rüden, CERN IT, August Initial problem analysis More than 500 machines not managed centrally caused the problems Some are CERN owned, locally managed machines and the owner did not follow the instructions (misunderstandings, manual action needed) Some machines are managed by the end-user or belong to visitors. In both cases, we have no means to enforce a patch “Black box” installations by companies Many insecure machines connected from home via ACB or VPN Major worry: Network DB often not updated by users, so they can even not be contacted.

Wolfgang von Rüden, CERN IT, August IT effort involved so far (FTE weeks) ActionPreventiveRepair Apply patch to 5000 machines via NICE 0.1 Security 4.0 Network group 6.0 User Support 3.5 Coordination 0.5 Local support 4.0 Total Does not include effort in other Divisions The hotfix webpage was visited 12’200 times in August The emergency measures page 2600 times since 15 th August

Wolfgang von Rüden, CERN IT, August How can you help ? Insist in your Division to move as many machines as possible to the centrally managed service Nominate a security contact (and alternate) for your division to be contacted in case of alerts Independent machines must be managed by a person competent to apply patches and to ensure virus protection in compliance with OC5. Network DB must be updated whenever a computer moves or the owner changes Fast reaction time needed for security patches! “It’s on my list” is not enough Unmaintained “Black box approach” doesn’t work and should be banned. Secure your computer at home (or don’t connect)

Wolfgang von Rüden, CERN IT, August Proposed actions Enforce hardware address registration for all computers on site using DHCP (portable sockets and wireless) This will also apply to short-time visitors (i.e. FC delegates …) We are ready to start deploying this by the end of September, region by region, to be completed before Christmas Information campaign needed before enforcement ACB is a major security threat We need to move to another solution It also costs 500kCHF/year We propose to move to Internet Service Providers User pays local phone call or uses ADSL Need to understand impact on “poor” visitors Establish a “fire-fighting” procedure with short reaction time

Wolfgang von Rüden, CERN IT, August Conclusion CERN continued to work almost “as usual” while many other sites were knocked out Still, we need to be much more serious about security issues Top management has to buy in to achieve the goal We can’t afford a global break-down Thanks to my colleagues in IT who spent numerous hours overtime to keep things under control. Thanks also for all the help we got from the Divisions.

Wolfgang von Rüden, CERN IT, August Thank you ! Please help us protecting our work place