North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: Every incident is an opportunity (was Re: Hackers hit key Internet traffic computers)

  • From: Stasiniewicz, Adam
  • Date: Sun Feb 11 00:38:51 2007

Sean makes a good point, but there is one small problem with his
suggestions.  He is preaching to the choir.  I really really hope
everyone on this list knows how to do some basic security on their
personal computers (not to mention the collection of security experts
that are on this list).  The real problem here is getting the word out
to regular users about computer security.

Point-in-case.  A friend of mine was recently buying her daughter a new
computer for her birthday.  So she asked me to give them suggestions and
look over the specs of a few models they where considering.  On the
print outs she handed me (I think from Dell) she had unchecked the AV
and firewall software.  When I asked her why, she responded with "oh we
trust our daughter, she won't go to any bad websites so anti-virus and
firewall software is just an unneeded expense"...  It is this type of
mentality that is common among consumers.  

Another time I was do some consulting work for a NPO.  I was going over
the findings of my audit and I told the IT manager that all of his
machines were missing patches.  His response: "we only install service
packs, individual patches take too much time to install and tend to
break more stuff than they fix".  Ironically, a month latter he calls me
back asking for help because his network got infect with Blaster...

Last story.  In a pervious job one of my duties was to maintain the
internet connection and firewall.  One day I get an automatic page that
our outbound bandwidth is maxed.  Checking the router, sure enough, 100%
utilization.  So I began to back track the traffic, it all originated
from the helpdesk subnet.  My first assumption was that they were trying
to disinfect someone's computer that got a virus.  So I walked down to
the desk ready to yell at the genius who plugged the computer into the
production network.  But I found that there were no computers in for
service...  Checked the router, still maxing out the internet, so I
check each of the IPs of the tech workstations and found that the
manger's computer matched.  Checked the NIC light, blinking crazy.  This
definitely was the computer.  Ask the manger if he knew anything about
this, and he responded "well there was this odd email we got in the
helpdesk mailbox, I figured it was a virus, and I wanted to see what
happened if I ran it.  So I downloaded and ran the .exe.  But nothing
happened, so I thought it must have been broken or something like
that"...  This guy is the helpdesk manager (who really should know
better) and is knowingly running malicious code on his work computer
(while logged in with a privileged account).

So if there is anything to get from the above stories, is that when it
comes to computer security, the average person is very very under
educated.  So where I think the real focus should be is not to scare
people about attacks on abstract concepts like root servers, but instead
try to educate them on personal computer security.  I want to see a CNN
special about someone who had their identity stolen because his did not
have anti-virus software.  I want to see interviews with computer
criminals saying that they could have not hacked into personal computers
if only the owners had put on firewalls.  I want to see the media show
the horror stories that a lack of personal computer security can do and
then show people how to keep it from happening to them.

My $0.02,
Adam Stasiniewicz

-----Original Message-----
From: owner-nanog@xxxxxxxxx [mailto:owner-nanog@xxxxxxxxx] On Behalf Of
Sean Donelan
Sent: Saturday, February 10, 2007 10:41 PM
To: nanog
Subject: Every incident is an opportunity (was Re: Hackers hit key
Internet traffic computers)


On Tue, 6 Feb 2007, Roy wrote:
> Its amazing how reporters has to butcher technology information to
make it 
> understood by their editors
>
>
http://www.cnn.com/2007/TECH/internet/02/06/internet.attacks.ap/index.ht
ml?eref=rss_topstories

Do we keep missing opportunities?

Yes, it was a minor incident, just like a minor earthquake, the
hurricane 
that doesn't hit, the fire that is exitinguished. But it was also an 
opportunity to get the message out to the public about the things they 
can do to take control.

We remind people what to do in a tornado, earthquake, flood, hurricane, 
etc.  This on-going education does help; even though some people still
drive their cars through moving water or go outside to watch the
tornado.


Instead of pointing fingers at South Korea, China, etc, every country
with compromised computers (all of them) are the problem.  The United 
States may be slow as far as broadband, but it makes up for it in the 
number of compromised computers.

We may know the drill, but it doesn't hurt to repeat message everytime
we have the public's attention for 15 seconds.

1. Turn on Automatic Update if your computer isn't managed by a
full-time 
IT group.

    Microsoft Windows, Apple MAC OS/X, and several versions of Linux
    have Automatic Update available.  Most vendors make security patches
    available to users whether or not the software is licensed or
    un-licensed.

    Zero day exploits may be sexy and get the press attention, but the
    long-term problem are the computers that never get patched.  The VML
    exploit on the football stadium websites was patched last month; but
    its not how fast a patch is released, its how fast people install
it.

2. Use a hardware firewall/router for your broadband connection and turn

on the software firewall on your computer in case you ever move your
computer to a different network.

     Use Wireless security (WEP, WPA, VPN, SSL, etc) if using a WiFi
access
     point, or turn off the radio on both your home gateway and computer
     if you are not using WiFi.

3. Even if your computer is secure, miscreants depend on your trust. Be 
suspicious of messages, files, software; even if it appears to come from
a 
person or company you trust.

    Anti-spam, anti-spyware, anit-virus, anti-phishing tools can help.
But
    don't assume because you are using them, you can click on everything
    and still be safe.  The miscreants are always finding new ways
around
    them.

    It may just be human nature, but people seem to engage in more risky
    behavior when they believe they are protected.

4. If your computer is compromised, unplug it until you can get it
fixed.

     Its not going to fix itself, and ignoring the problem is just going
     to get worse.