Presentation is loading. Please wait.

Presentation is loading. Please wait.

Defending Laptops with MinUWet By Erick Engelke. Laptops and our future? laptops now outsell desktops laptops now outsell desktops we expect continued.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Defending Laptops with MinUWet By Erick Engelke. Laptops and our future? laptops now outsell desktops laptops now outsell desktops we expect continued."— Presentation transcript:

1 Defending Laptops with MinUWet By Erick Engelke

2 Laptops and our future? laptops now outsell desktops laptops now outsell desktops we expect continued growth of laptops we expect continued growth of laptops laptops present new opportunities for learning and budgets, but also new IT staff challenges laptops present new opportunities for learning and budgets, but also new IT staff challenges laptop security issues are time-consuming for staff laptop security issues are time-consuming for staff outdated antivirus definitions and OS updates need Internet connectivity to be updated outdated antivirus definitions and OS updates need Internet connectivity to be updated

3 Solution: We need a strategy which encourages responsible client laptop management

4 Possible Solutions Cisco NAC (Network Admission Control) - forklift upgrade Cisco NAC (Network Admission Control) - forklift upgrade Microsoft… NAP (Network Access Protection) vapourware due with Vista server Microsoft… NAP (Network Access Protection) vapourware due with Vista server UToronto Endpoint Security Policy (see Managing Self-Managed Computers at this conference) (just learned about it this May) UToronto Endpoint Security Policy (see Managing Self-Managed Computers at this conference) (just learned about it this May)

5 Continuum of Security none - anarchy available but optional encouraged / accessible heavily enforced

6 Accessible Security? make technology simple to conceptualize though not necessarily understand make technology simple to conceptualize though not necessarily understand it becomes part of the culture it becomes part of the culture examples: examples: privacy of PIN numbers on debit cards privacy of PIN numbers on debit cards security of SSL web sites security of SSL web sites eventual tolerance by users eventual tolerance by users

7 How to Encourage Security Educate Educate Reward Reward Remind Nag Embarrass Punish or

8 Possible Education Points 1. secure your computer Antivirus, Workstation Firewall, Updates, … Antivirus, Workstation Firewall, Updates, … 2. secure your applications MyWaterloo, SSH, Secure IMAP, VPN MyWaterloo, SSH, Secure IMAP, VPN 3. secure yourself best practices, (strong secret passwords), avoid probable malware best practices, (strong secret passwords), avoid probable malware users can conceptualize these points, but will they act ?

9 MinUWet Setting minimum standards NAA detects OS at login screen NAA detects OS at login screendetects highly vulnerable OS’s must endure a scan using MinUWet (currently only MS Windows) highly vulnerable OS’s must endure a scan using MinUWet (currently only MS Windows)MinUWet Antivirus enabled and up-to-date? Freshen! Antivirus enabled and up-to-date? Freshen! OS getting patches? OS getting patches?

10 MinUWet Setting minimum standards (cont.) NAA detects OS at login screen NAA detects OS at login screendetects highly vulnerable OS’s must endure a scan using MinUWet(currently only MS Windows) highly vulnerable OS’s must endure a scan using MinUWet(currently only MS Windows) MinUWet Antivirus enabled and up-to-date? Freshen! Antivirus enabled and up-to-date? Freshen! OS getting patches? OS getting patches? HTTP always allowed, download patches HTTP always allowed, download patches pass test… get additional or “premium” network access pass test… get additional or “premium” network access

11 MinUWet Setting minimum standards (cont) only test once per week, cache results only test once per week, cache results other OS’s are not affected other OS’s are not affected users who do not wish to participate or fail are granted web-only access users who do not wish to participate or fail are granted web-only access web only access is sufficient for AV and OS updates web only access is sufficient for AV and OS updates will still do existing security scans and SNORT will still do existing security scans and SNORT complementary solutions add more security complementary solutions add more security

12 Some MinUWet Facts idea is similar to Cisco NAC and MS NAP idea is similar to Cisco NAC and MS NAP MinUWet is compatible with all existing hardware and safe with non-MS OSs (challenging, many PDAs claim to be Windows). MinUWet is compatible with all existing hardware and safe with non-MS OSs (challenging, many PDAs claim to be Windows). local expertise, we can adapt it local expertise, we can adapt it Cisco and MS solutions are stronger but more difficult to run and inflexible Cisco and MS solutions are stronger but more difficult to run and inflexible MinUWet doesn’t have to be hack-proof, it just has to be better than today’s mess! MinUWet doesn’t have to be hack-proof, it just has to be better than today’s mess! MinUWet - retired upon better options MinUWet - retired upon better options

13 Statistics from Two Week Engineering Trial 6486 NAA Windows sessions 6486 NAA Windows sessions 3161 or 49% of sessions ran MinUWet 3161 or 49% of sessions ran MinUWet 628 distinct users ran MinUWet 628 distinct users ran MinUWet 168 or 26% of them failed the test initially 168 or 26% of them failed the test initially 75 or 45% of those who failed later passed. 75 or 45% of those who failed later passed. this indicate users upgraded their systems this indicate users upgraded their systems zero security threats observed (snort) zero security threats observed (snort)

14 Campus-wide Rollout March 2 nd March 2 nd “help desks” co-ordinate information sharing “help desks” co-ordinate information sharing March 3 rd – March 3 rd – appears in daily newsletter appears in daily newsletter brief message appears at each wireless user login brief message appears at each wireless user login both messages point to a web site where users can learn more and test their laptops (http://minuwet.uwaterloo.ca) both messages point to a web site where users can learn more and test their laptops (http://minuwet.uwaterloo.ca)http://minuwet.uwaterloo.ca Two Weeks Later: March 16 th Two Weeks Later: March 16 th MinUWet goes live and enforces user security MinUWet goes live and enforces user security

15

16

17

18 Adding Memory Users didn’t like testing every time Users didn’t like testing every time we subsequently added memory - computers need only validate once per week we subsequently added memory - computers need only validate once per week 2/3rds of passes are typically pre-approved 2/3rds of passes are typically pre-approved

19

20

21 How it Works Client System user logs in using browser user logs in using browser browser Identifies OS browser Identifies OS download MinUWet download MinUWet run MinUWet run MinUWet collect stats collect stats transmit stats transmit stats displays decision displays decision Web server logs user in checks OS against list looks for prior pass sets routing rules informs user of status makes decision changes router settings

22 What we did right… MinUWet is not too strict MinUWet is not too strict not testing for absolute latest patch, look for trend not testing for absolute latest patch, look for trend users can still download the patches they need users can still download the patches they need Web access granted until user demonstrates compromised/vulnerable system Web access granted until user demonstrates compromised/vulnerable system one week between tests, good compromise of security versus annoyance one week between tests, good compromise of security versus annoyance MinUWet is still strict MinUWet is still strict Not a one-time deal, we catch computers that fall out of scope for patches Not a one-time deal, we catch computers that fall out of scope for patches

23 Future move to a shared database to store notes of problem users move to a shared database to store notes of problem users adopt a self-remediation system – some prefer human contact, others want automation. adopt a self-remediation system – some prefer human contact, others want automation. wider deployment, grad student offices, maybe residences wider deployment, grad student offices, maybe residences eventual retirement when vendor product is better eventual retirement when vendor product is better

24 Thank you

Download ppt "Defending Laptops with MinUWet By Erick Engelke. Laptops and our future? laptops now outsell desktops laptops now outsell desktops we expect continued."

Similar presentations

Anders Vinger, University of Oslo Personal Data Recovery The pain of laptops.

Anders Vinger, University of Oslo Personal Data Recovery The pain of laptops.
Network Access Protection & Network Admission Control March 10, 2005 Teerapol Tuanpusa Network Consultant Cisco Systems Thailand Jirat Boomuang Technology.

Network Access Protection & Network Admission Control March 10, 2005 Teerapol Tuanpusa Network Consultant Cisco Systems Thailand Jirat Boomuang Technology.
Supporting The Mobile Client: Expanding Our Borders John Guidone Manager, Desktop Technologies and Dawn E. Colonese Manager, Help Desk & Client Access.

Supporting The Mobile Client: Expanding Our Borders John Guidone Manager, Desktop Technologies and Dawn E. Colonese Manager, Help Desk & Client Access.
Minuwet 2.0 Aruba and More. Minuwet 1.0 Provided sanity check on wireless computers 8,370 distinct users used it in March 2008 Saved lots of IT effort.

Minuwet 2.0 Aruba and More. Minuwet 1.0 Provided sanity check on wireless computers 8,370 distinct users used it in March 2008 Saved lots of IT effort.
Extending ForeFront beyond the limit www.AGATSolutions.com TMGUAG ISAIAG AG Security Suite.

Extending ForeFront beyond the limit TMGUAG ISAIAG AG Security Suite.
Supporting A Laptop Environment Erick Engelke Faculty of Engineering University of Waterloo

Supporting A Laptop Environment Erick Engelke Faculty of Engineering University of Waterloo
Current Security Threats WMO CBS ET-CTS Toulouse, France 26-30 May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.

Current Security Threats WMO CBS ET-CTS Toulouse, France May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.
©2005 Check Point Software Technologies Ltd. Proprietary & Confidential Check Point Software SSL VPN Solutions Technical Overview Thorsten Schuberth Technical.

©2005 Check Point Software Technologies Ltd. Proprietary & Confidential Check Point Software SSL VPN Solutions Technical Overview Thorsten Schuberth Technical.
Copyright© 2005-2006 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Tightening the Network: Network.

Copyright© Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Tightening the Network: Network.
© 2008 McAfee, Inc. “Endpoint” Security Defining the endpoints and how to protect them.

© 2008 McAfee, Inc. “Endpoint” Security Defining the endpoints and how to protect them.
OAAIS Enterprise Information Security Security Awareness, Training & Education (SATE) Program or 415.514-3333 UCSF Campus VPN.

OAAIS Enterprise Information Security Security Awareness, Training & Education (SATE) Program or UCSF Campus VPN.
Data Security Issues in IR Eileen Driscoll Institutional Planning and Research Cornell University

Data Security Issues in IR Eileen Driscoll Institutional Planning and Research Cornell University
Information Security in Real Business

Information Security in Real Business
Network Access Management Trends in IT Applications for Management Prepared by: Ahmed Ibrahim S09761197.

Network Access Management Trends in IT Applications for Management Prepared by: Ahmed Ibrahim S
Spring 2008 www.umsl.edu/~iclabs. Definitions  Virus  A virus is a piece of computer code that attaches itself to a program or file so it can spread.

Spring Definitions  Virus  A virus is a piece of computer code that attaches itself to a program or file so it can spread.
Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.

Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.
Windows Anti-virus and Security WNUG Meeting 2-7-2002.

Windows Anti-virus and Security WNUG Meeting
PresentPC August 2009 Erick Engelke Engineering Computing.

PresentPC August 2009 Erick Engelke Engineering Computing.
Norman Endpoint Protection Advanced security made easy.

Norman Endpoint Protection Advanced security made easy.
1 Panda Malware Radar Discovering hidden threats Technical Product Presentation Name Date.

1 Panda Malware Radar Discovering hidden threats Technical Product Presentation Name Date.

Similar presentations

Ads by Google