Cyber Security Awareness Month - 2010
October is Cyber Security Awareness Month, and as we have done the past three years we plan to use our handler diaries throughout the month to conduct a deep dive into various security issues. In 2007 we covered a large range of subjects based on what our readers submitted as ideas. In 2008 we took a closer look at the six steps of incident handling. Last year we examined 31 different ports/services/protocols/applications and discussed some of the major security issues plus passed along reader comments on tips and tricks for securing it.
This year we are going to "borrow" an idea from Lance Spitzner and focus on ways to Secure the Human. In other words, we are going to talk about Layer 8, the carbon layer.
We're still finalizing our list but here is how we think it will go each day in October. We plan to discuss the actions taken by people, rather than ports, protocols, software, etc. as we've done the past few years.
Week One (Oct 1-9) Parents and extended family
1 - Securing the family PC
2 - Securing the family network
3 - Recognizing phishing and online scams
4 - Managing email
5 - Sites you should stay away from
6 - Computer monitoring tools
7 - Remote access and monitoring tools
8 - Patch management and system updates
9 - Disposal of an old computer
Week Two (Oct 10-16) Children, schools, and young friends
10 - Safe browsing for pre-teens
11 - Safe browsing for teens
12 - Social media usage
13 - Online bullying
14 - Securing a public computer
15 - What teachers need to know about their students
16 - Securing a donated computer
Week Three (Oct 17-23) Bosses
17 - What a boss should and should not have access to
18 - What you should tell your boss when there's a crisis
19 - VPN and remote access tools
20 - Securing mobile devices
21 - Dealing with insane requests from the boss
22 - Security of removable media
23 - Importance of compliance
Week Four (Oct 24-31) Co-workers
24 - Using work computers at home
25 - Using home computers for work
26 - Sharing office files
27 - Use of social media in the office
28 - Role of the employee
29 - Role of the office geek
30 - Role of the network team
31 - Tying it all together
By the way, Cyber Security Awareness Month has expanded beyond the United States. Since 2007, Canada also recognizes the month of October for cyber security awareness. If you know of other countries that are recognizing October as Cyber Security Awareness Month, please pass them to us via our contact form and we'll update this diary to get a more complete list.
Canada: http://www.publicsafety.gc.ca/prg/em/cbr/index-eng.aspx
United States: http://www.dhs.gov/files/programs/gc_1158611596104.shtm
As the month goes on all diaries in this set can be found with the following link: http://isc.sans.edu/tag.html?tag=2010%20cyber%20security%20awareness%20month
Marcus H. Sachs
Director, SANS Internet Storm Center
Cyber Security Awareness Month - Day 1 - Securing the Family PC
This year we are going to focus on steps that people should be doing with respect to securing their personal corner of cyberspace. Some of the subjects may include technical procedures such as turning off certain ports or services or modifying software, but we really want this to be more about the person rather than the machine.
To get the month started we will spend the first week talking about the computer your parents or your family uses. We'll get to children and schools next week, but this week let's stay focused on the adults. Many of us are our parents' system administrators (as well as our extended family to include brothers, sisters, aunts, uncles, cousins, grandparents, and anybody else who claims to be related to you especially when they remember that you've got half a clue about this thing called the Internet) so it's important to pass along tips to our "users" whenever we are performing maintenance for them.
So today let's look at some common sense advice about the family computer. Yes, we all know the mantra about keeping the anti-virus software updated and the system patched (we'll talk more about that in a few days) but what else should we be doing? Some of the things that I recommend for the family PCs I work on include:
- Keep all computers in full view (no hidden machines, no illusion of privacy)
- Document computer details in writing (serial number, software, receipts, BIOS password, etc.) and keep the documentation in a fireproof box or safe
- Use an uninterruptable power supply (UPS) for PCs, laptops have their own built-in UPS - the battery
- Keep all of the hardware and software manuals, plus any software CDs/DVDs in one place that is easy to find
- Use a cable lock to keep intruders from stealing the computer should there be a break-in
- Throw a towel over the webcam (better: unplug the webcam)
- Unless it needs to always be on, consider turning it off when not in use
- Keep plenty of room around the PC so that air can flow through to cool it
What else? Use the comment link below to add your own ideas and comments to this list. It is definitely not complete, but should get the discussion started.
Marcus H. Sachs
Director, SANS Internet Storm Center
Cyber Security Awareness Month Activity: SQL Slammer Clean-up
It's Cyber Security Awareness Month, and it's about more than just educating users-- security professionals can participate a little too. I want to start an additional track to the Internet Storm Center's Cyber Security Awareness Series. This will be a month-long series of diaries to supplement our weekly topics.
It was near 05:30 GMT on Saturday, 25 January 2003 when the Slammer worm started to spread. Some of you probably remember where you were when you were first alerted to that incident. For those of you who didn't get to experience that first hand, there's a pretty decent Wikipedia article on it (http://en.wikipedia.org/wiki/SQL_Slammer). As I write this, I note that it's well over 7 years later. But SQL Slammer alerts continue to be a top talker on my perimeter IDS.
It's time to do something about that.
Slammer actvitiy has been written off as "background radiation" for long enough.
Througout this month I'm going to continue on this topic to inspire people to try something new. If you're not looking at you logs, I want you to look at them. If you're not reaching out to abuse contacts, I want you to send a few emails and make a few phone calls. If you're not helping your customers clean up their systems, I want you to experiment and reach out to help a couple of them. See what happens. See if you can make a measureable difference.
I pulled the IDS and darknet logs from the day job. From just one day I see 153 unique source IP addresses generating IDS alerts, and on my external darknet I see 63 probing UDP/1434. How many do you see hitting your perimeter? How much bandwidth is being consumed that just that activity? Can you quantify that into a dollar amount?
That's your homework for today. More to come.
-KL
Comments