Securing Remote Devices and Using Good Internet Security
description
Transcript of Securing Remote Devices and Using Good Internet Security
Securing Remote Devices and Using Good Internet Security
Jay D. FlanaganManager, Email, IDM & SecurityUniversity Technology ServicesEmory University
2
Agenda
• Remote Device Security– Blackberry’s– Treo’s / Goodlink– Laptop’s
• Internet Security– Where am I going?
• What sites do I access?– What information do I give out?– Desktop security
• Tools
3
Remote Device Security
• Mobility– Working from anywhere– Access to data from anywhere
• Types of Data– Confidential / Restricted– Public
• Storage of Data– Encrypt / Encrypt / Encrypt
Blackberry
4
5
Blackberry
• Built in wireless security features– End-to-end Wireless encryption
• Uses AES or Triple DES
– Can use RSA SecureID for two-factor authentication
– HTTPS for secure data access– S/MIME Support– PGP Support– Digital Certificates
• Certs can be generated
– Smart Card reader
6
Blackberry
• Security for Stored Data– IT policy enforcement and management
• Mandatory authentication• Admins can remotely send commands
– Server permits only trusted connections– Certified Secure
• Advanced embedded encryption technology• Meets required government security standards
– FIPS 140-2
7
Blackberry
• Security Guidelines– Blackberry devices should be password
protected (Can be done as part of the encryption process)
– Anti-virus protection – Postini, Relays, Server and desktop
– Encryption – Transmission of data is already done. Be sure data is encrypted for content on the device – can easily be set up
– Always immediately report a lost, stolen or damaged Blackberry device (Help Desk / Local Support)
– Regularly back-up data
8
Blackberry
• Blackberry Security Links– Google Blackberry Security
•http://www.sans.org/reading_room/whitepapers/pda/258.php
•http://na.blackberry.com/eng/ataglance/security/knowledgebase.jsp#tab_tab_whitepapers
•http://iase.disa.mil/stigs/checklist/wireless_stig_blackberry_checklist_v5r2-1.pdf
TREO/GOODLINK
9
10
Treo/Goodlink
• Microsoft’s Messaging and Security Feature Pack (MSFP)– Direct push technology– Access Global Address List (GAL)– Supports protection against violations
of HIPAA and Gramm-Leach-Bliley Acts• Remote password policy enforcement
and data wipe– Password lengths can be set– Set failed password attempts before wiping of
data
11
Treo/Goodlink
• Security Guidelines– Treo devices should be password protected– Password protect documents– Anti-virus protection – Postini, Relays, Server and
desktop– Encryption – Transmission of data is already done. Be
sure data is encrypted for content on the device – Always immediately report a lost, stolen or damaged
Treo device (Help Desk / Local Support)– Regularly back-up data– Goodlink Security Page Link:
• http://www.good.com/documentation/GMM_Admin_Exchange/Stoli%20Exchange%20Admin%20HTML-03-3.html
12
Treo/Goodlink
• Treo Security Links– Google Treo Security
• http://www.lehigh.edu/~inlts/comp/docs/pda/security/palm/
• http://mytreo.net/archives/2006/04/treo-security-msafe-warden-teallock-comparison-review.html
• http://www.good.com/documentation/GMM_Admin_Exchange/Stoli%20Exchange%20Admin%20HTML-03-3.html
13
Laptops
14
Laptops
• Security Guidelines– Basic Security Measures
•Enable strong passwords•Asset Tag or Engrave the laptop•Register the laptop with the
manufacturer
15
Laptops
• Security Guidelines– Physical Security
• Get a cable lock and use it• Use a docking station• Lock up your PCMCIA cards• Consider other security devices based on
your needs• Use tracking software to have your laptop
call home
16
Laptops
• Security Guidelines– Protecting your Sensitive Data
• Use the NTFS file system• Disable the Guest Account• Rename the administrator account• Consider creating a dummy administrator account• Prevent the last logged-in user name from being
displayed• Use a personal firewall• Consider other security devices based on your
needs• Encrypt your data – Full Disk Encryption• Backup your data
17
Laptops
• Security Guidelines– Encrypting the hard drive
• http://www.guardianedge.com/products/Encryption_Anywhere/Hard_Disk.html
• http://www.dekart.com/howto/encrypt_hard_drive/• http://www.dekart.com/products/encryption/
private_disk/• http://www.safenet-inc.com/products/
data_at_rest_protection/Protectdrive.asp• http://www.truecrypt.org/• http://www.magic2003.net/scrypt/index.htm
18
Laptops
• Security Guidelines– Preventing Laptop Theft
• No place is safe• Use a non descript carry case• Beware of pay phones• Be aware of your laptop at all times
– When traveling by air– When traveling by car– While staying in a hotel– When attending conventions and conferences
• Make security a habit
19
Laptops
• Security Guideline Links– Google on Laptop Security
• http://labmice.techtarget.com/articles/laptopsecurity.htm
• http://www.securitydocs.com/library/3399• http://www.microsoft.com/atwork/
stayconnected/laptopsecurity.mspx• http://infosecuritymag.techtarget.com/
articles/february01/features_laptop_security.shtml
20
Safe Internet Security Practices
•The Internet is great–for searching–for gathering information–for purchasing products and services
•But………………………
21
Safe Internet Security Practices
• Where am I going on the internet and why am I going there?
• What information am I going to give out when I go to a web site?– Do you ask yourself these questions when surfing?
• You should– More and more sites gather information on you when
you surf• Some with your knowledge and some without
– Key loggers, trojans, worms and social engineering are just some of the things that reside on web sites waiting for you to come along.
– Precautions must be taken• Desktop security tools will help• But so will being security aware
22
23
Safe Internet Security Practices
• Desktop Security Tools– Virus Scanning
• Be sure to have anti-virus software installed, running and DAT files up to date
– Update DAT files and software automatically– Schedule regular scans
– Spam Scanning• Manage Postini spam filtering• Set up filters on email client – think hard about
this• Some anti-virus software will also do some limited
spam scanning
24
Safe Internet Security Practices
• Desktop Security Tools– Personal Firewall
• Install and set up personal firewall– Windows XP / Vista– Other Vendors
» Symantec» Zone Alarm
• Keep it up to date • Review logs regularly
– Anti-spyware Scanning• Install anti-spyware software
– Spybot– Yahoo Anti-Spyware– MS Anti-Spyware
• Keep it up to date• Scan regularly
25
26
Safe Internet Security Practices
•Desktop Security Tools–Other host based security tools•Host based IPS•Host based IDS•URL and Content Filters
27
Summary
• Mobility and access to data– Blackberry’s, Treo/Goodlink, Laptops
• Keep these mobile devices secure– Steps that should be taken
• Being safe and secure on the Internet– Security Awareness– Security Tools
28
Contact Information
• Jay D. Flanagan, Emory University– Email
– Phone•404-727-4962
– Web Page•http://it.emory.edu/security
29
?QuestionsQUESTIONS?