Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: InfoSec Handlers Diary Blog - Cyber Security Awareness Tip #1: Penetrating the This Does Not Apply To Me Attitude InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Cyber Security Awareness Tip #1: Penetrating the This Does Not Apply To Me Attitude

Published: 2007-10-01
Last Updated: 2007-10-01 22:51:12 UTC
by Bojan Zdrnja (Version: 2)
0 comment(s)

As you are hopefully aware, October is the Cyber Security Awareness month. We will focus on one security awareness subject per day. Marc published the agenda at http://isc.sans.org/diary.html?storyid=3429 so let’s start with the first tip.

What are your tips for system administrators and others trying to get the word out to user? How did you get past the “This Does Not Apply To Me” attitude? Submit your ideas and stories here.

You might have heard this from your managers and CEOs multiple times – that they are not the target and that certain vulnerabilities don’t apply to them. An example of security not taking personally hit the news couple of days ago when Francis Ford Coppola’s laptop got stolen (http://www.nydailynews.com/gossip/2007/09/28/2007-09-28_francis_ford_coppolas_laptop_stolen.html). The laptop’s value in the whole story is negligible – the main issue here is that it contained the script for his upcoming movie and that there was no backup (at least it appears like so since Coppola pleaded for the return of the laptop).

Alan M. sent us another real story:

“I was called to help remove a phishing site from an ISP's apache server. It was not an easy offsite fix as the hacker was no script-kiddie and very actively fought from many countries' ips to retain "his" server.
One digi-macho guy let the hacker have a major advantage over me...
I setup a new linux machine offline to replace the bad server then put it online on an unused address of the ISP. I ssh'ed into it. While I was working, I noticed something odd in an lsattr directory listing. I ran "who" and found another me on the machine as root. Time from my login until hacked  <10 minutes. The hacker was playing man in the middle.
I fired up Nesus and ran a scan on the ISP staff machines and found one was infected. I went to that computer and its user and found the ANTIVIRUS program removed from the machine. I asked why? The reply, "I don't keep anything important on this machine. It doesn't need to be Fort Knox. I can reformat it if it gets infected."
I had to explain to him that his machine wasn't "Fort Knox" but the hacker had stolen his machine and used it as a bulldozer to break into the ISP.
"Well I didn't know that could happen. I thought the viruses just sent spam."

UPDATE

 

Couple of submissions we got from our readers – thanks everyone who sent their stories.

Carol C. sent a “more user friendly” version of Alan’s story, that is easier to understand for non technical users – thanks Carol:

“One user at an Internet service provider (ISP) had uninstalled the antivirus software on their computer. This user decided that as the computer was not an "important" computer, they did not need antivirus software. However the computer was, like most computers part of a network, a hacker managed to take control of it and was using it to attack and corrupt all the websites at the ISP.

Morals of this story:
Don't blindly trust "professionals": they are human and can be careless, tired or (in this case) stupid.
All computers are on networks and everything you do on your computer can affect all the computers on the network.”

---- 

Norman Y. asks his users: “Today's malware can not only destroy data and files on your PC, but it can steal your personal information such as passwords, income tax, credit card or banking information and also let intruders use your PC for illegal or criminal activities.   Experts (ISC) tell us that on average an unprotected Windows PC will not survive 20 minutes on the Internet before it gets infected.  So what should you do to keep your PC secure?”

 

Stay tuned for more tips this month.

 

Keywords:
0 comment(s)
Diary Archives