Upload
hilary-spencer
View
214
Download
0
Embed Size (px)
Citation preview
PPD & CLRC's response to the (IS) Security Threat
Gareth SmithPPD/CG Christmas Lectures
2002
Christmas 2002 PPD\Computing Group 2
Anti-Virus - move to Sophos.
Move from Network Associatesto
Price & Support issues
As before:Managed from central console.Set to scan PCs at 05:00 each morning, and midday Wednesday.CG automatically notified (e-mail) if virus found.
Christmas 2002 PPD\Computing Group 3
Anti-Virus at Home
“1 in 30 e-mails has a virus”If you handle e-mail and do not have up-to-date anti-virus protection – you have an infected PC.
Our Sophos Licence covers your home PC.
CD in preparationNot as easy as some other A-V products to update at home.
Christmas 2002 PPD\Computing Group 4
Home Users
To connect in (via dial-up or PPTP) you are required to have both an up-to-date anti-virus program and a personal firewall on your PCWe have purchased copies of Zone Alarm personal firewall if you need them.
Christmas 2002 PPD\Computing Group 5
Firewall and Remote Users
Ways into the lab from a remote system:Bastion Host
http://www.bitd.clrc.ac.uk/Activity/BastionServer
Dial-in to RAL RAS service.http://www.pcsupport.rl.ac.uk/netserv/dialup.htm
Use the PPTP server.http://www.pcsupport.rl.ac.uk/netserv/pptp/pptp_intro.htm
Christmas 2002 PPD\Computing Group 6
Use of PPTP(Point to Point Tunnelling
Protocol)
RAL
Remote networ
k
Internet
firewall
Christmas 2002 PPD\Computing Group 7
Use of PPTP(Point to Point Tunnelling
Protocol)
RAL
Remote networ
k
Internet
firewall
Pptp01.rl.ac.uk
Christmas 2002 PPD\Computing Group 8
Security Updates
For windows systems Update Expert – for desktop Windows systems in PPD. Windows Update – for laptops.
If you manage a system (e.g. a LINUX system) – you are required to ensure it is up-to-date with all relevant security patches.(E.g. use autoRPM.)
Christmas 2002 PPD\Computing Group 9
Christmas 2002 PPD\Computing Group 10
SPAM mail
If (when ?) you receive SPAM mail, which may be offensive – don’t panic!
Do NOT reply to it (even if it says “ send a mail to …. if you wish to be taken off this list”)Move to the ‘#SPAM’ folder.
Beware of Hoax mailsDo not believe anything that says “…. Pass this on to all your colleagues”.
If in doubt ask CG or CLEO (ext 5730)http://www.cleo.clrc.ac.uk/
Christmas 2002 PPD\Computing Group 11
Christmas 2002 PPD\Computing Group 12
‘Nigerian’ or ‘419’ Scam
Letter, typically involving someone in an African country, asking with assistance to gain access to a sum of money.Do not reply – move mail to ‘Nigerian Scam’ folder.May send paper letters or e-mail, and may target church groups & charities.See
http://www.ncis.gov.uk/press/24_01.asp
Christmas 2002 PPD\Computing Group 13
Your Responsibilities
Awareness of security issues.Appropriate Use of CLRC resources.Correctly managed systems.
CLRC Security PolicyCLRC Codes of ConductCLRC Incident procedures
See the PPD introduction to this at:http://hepwww.rl.ac.uk/ppdcomputing/NT/
Security_Intro.html
Christmas 2002 PPD\Computing Group 14
Bureaucracy…..
Data Protection Act - 1998 Freedom of Information Act 2000. Regulation of Investigatory Powers (RIP) Act 2000. Anti-Terrorism, Crime & Security Act 2001.
“As a matter of policy, CCLRC will comply with the provisions of the RIP Act. CCLRC will monitor the use of JANET and CCLRC internal telecommunications networks, both to provide assurance that CCLRC staff (and users of CCLRC facilities) are complying with the acceptable use policy and to ensure that there is no illegal use of these networks.”
Christmas 2002 PPD\Computing Group 15
Passwords
SecureNot saved in an obvious placeOf good enough quality (CLRC ‘rules’)
Including passphrases used to protect certificates.Phasing out ‘clear text’ passwords over the network.
Telnet into site will be blocked from 1st Feb 2003.Anticipate FTP block.
Christmas 2002 PPD\Computing Group 16
When IT All Goes Wrong….
Ensure important files are saved on disks that are backed up. E.g.
H: drive on Windows desktopsUnix home file system, AFS home file systemEtc.
CG have (and are improving) disaster recovery plans