+ All Categories
Home > Documents > Telecommuting and Broadband Security a.k.a.

Telecommuting and Broadband Security a.k.a.

Date post: 03-Dec-2014
Category:
Upload: sandra4211
View: 331 times
Download: 0 times
Share this document with a friend
Description:
 
Popular Tags:
17
Telecommuting and Telecommuting and Broadband Security Broadband Security a.k.a. a.k.a. “Telecommuting Security Cookbook” “Telecommuting Security Cookbook” Rick Kuhn Computer Security Division National Institute of Standards and Technology NIST’s Rick Kuhn [email protected] 301-975-3337 Tim Grance [email protected] 301-975-4242
Transcript
Page 1: Telecommuting and Broadband Security a.k.a.

Telecommuting and Telecommuting and Broadband Security Broadband Security

a.k.a.a.k.a.“Telecommuting Security Cookbook”“Telecommuting Security Cookbook”

Rick KuhnComputer Security Division

National Institute of Standards and Technology

NIST’s

Rick Kuhn [email protected]

Tim Grance [email protected]

Page 2: Telecommuting and Broadband Security a.k.a.

NIST Guideline 800-46• For users, system managers, and agency

administrators• Step-by-step instructions on

– Personal firewalls

– Securing web browsers

– Securing PC configurations

– Home networking

– Virtual private networks

– Telecommuting architectures

– Agency/enterprise considerations

• Helping you avoid: spyware, Trojan horses, email compromise, “theft of service”

Page 3: Telecommuting and Broadband Security a.k.a.

What can happen? - cybercrime

•Maryland man used dumpster diving, forged email, wireless hacking to steal information and intimidate competitor

•Used unsecured wireless access in residential areas to hide identity

•Eluded police for months until …

Page 4: Telecommuting and Broadband Security a.k.a.

$17 million extortion demand:"make the check payable to Myron

Tereshchuk"

D’oh!

Page 5: Telecommuting and Broadband Security a.k.a.

What’s different about broadband?

• Always on– Longer exposure to internet– User less likely to notice attack– May be permanent IP address

• Higher speed– Downloads of malicious code faster,

less noticeable– Faster probes for vulnerabilities

• Usually combined with wireless

Page 6: Telecommuting and Broadband Security a.k.a.

Wireless Worries

• Available on Internet:– Software to break 802.11b

“wired equivalency protocol” (WEP) encryption in 10 – 20 minutes

– Plans to build sensitive antennas with 5-10 mile range

Page 7: Telecommuting and Broadband Security a.k.a.

Wireless Networking – what to do

• Turn off SSID broadcast• Keep sensitive data on removable

media• Use file and printer sharing only as

necessary• Change default admin passwords• Use encryption, even if it is

not perfect– WPA preferable to WEP

Page 8: Telecommuting and Broadband Security a.k.a.

Personal firewalls – what to do

All home networks connected to the Internet via a broadband connection should have two types of firewall installed:

• Install stand-alone firewall – Blocks incoming traffic, hides PC

• Install software firewall – Can block suspicious outgoing

messages and and alert user

• Run an online security scan

Page 9: Telecommuting and Broadband Security a.k.a.

Firewall configuration

Personal Computer

Personal Computer

Personal Computer

Hardware-Based FirewallCable/DSL Modem

Internet

Firewall/ router blocks unneeded ports

Software firewall blocks spyware and Trojan horses

Page 10: Telecommuting and Broadband Security a.k.a.

Virus Protection

– Commercial tools maintained with up to date definitions

– Popular freeware tools:• AVG –

http://free.grisoft.com/• Antivir –

http://www.free-av.com/

• Microsoft Malicious software removal tool - http://www.microsoft.com/technet/security/default.mspx

Page 11: Telecommuting and Broadband Security a.k.a.

Spyware Protection

Spyware detection and removal tools – Popular freeware tools:• Spybot –

http://www.safer-networking.org/• Adaware –

http://www.lavasoftusa.com/

• Microsoft Antispyware – http://www.microsoft.com/athome/security/spyware/software/default.mspx

– Some software firewalls can detect spyware

Page 12: Telecommuting and Broadband Security a.k.a.

Voice Communication

• Corded phone – most secure; tapping requires physical connection

• Cordless – can be picked up on scanners, baby monitors, etc.; 900 MHz, 2.4, 5.8 GHz more secure for now

• Cell phones – can be picked up with UHF TV tuner (around 800 MHz)

• Digital PCS – more secure for now• PC based voice communication

(Voice over IP) – depends on security of your PC and Internet

• What to do – get a corded phone for office

Page 13: Telecommuting and Broadband Security a.k.a.

Electronic Mail

• Remote login – may use unencrypted passwords (POP3)

• E-mail forwarding – user doesn’t need to log in to central system at all; OK if email not sensitive

• Virtual Private Network (VPN) – great security but expensive and more complex to install/administer

• What to do– choose based on cost and what’s more important, central system or email contents

Page 14: Telecommuting and Broadband Security a.k.a.

Agency/enterprise Considerations – what to do

• Establish standard security configuration for telecommuter systems

• Organization should provide pre-configured PC for home user

• Limit use to official duties (but assume this won’t always be followed!)

Page 15: Telecommuting and Broadband Security a.k.a.

Top 10 User Precautions for Telecommuting

1. Install software firewall2. Add stand-alone firewall (also)3. Install anti-virus software4. Turn off file and printer sharing

(unless needed for home network)5. Update operating system and

browser regularly

Page 16: Telecommuting and Broadband Security a.k.a.

Top 10 User Precautions for Telecommuting

6. Know how to turn off and delete cookies

7. Use strong passwords8. Install spyware detection and removal

tools9. Use only amount of security necessary10.Consider encryption or VPN software if

you need it

Page 17: Telecommuting and Broadband Security a.k.a.

Summary• Telecommuting can be done with an appropriate

level of security, at a reasonable cost!• Security motto:

you don’t have to outrun the wolves, just the people you’re with …

• For More Info see: – NIST SP800-46 Security for

Telecommuting and Broadband Communications, August 2002

– See “Publications” on csrc.nist.gov

– http://csrc.nist.gov/publications/• Contacts:

– Rick Kuhn [email protected] 301-975-3337– Tim Grance [email protected] 301-975-4242

• Web site: csrc.nist.gov


Recommended