Posts
IT Security - What does this mean to each of us?
Because this
is one of my responsibilities as the IT guy, I explore better ways to protect
the IT resources of MTAS, as well as IPS as a whole. Some probably
describe me as a little paranoid. I have met other IT security people,
however, who make my paranoia look minor. When you see some of the stuff
they show at security conferences and presentations, you would understand the
paranoia. Keep in mind that many organizations have breaches every day.
Some are minor, but many others bloom into large financial losses as well
as losses of Intellectual property. Most of these breaches can go
unnoticed for long periods of time. The clean-up and recovery can be time
and resource intensive, easily adding to the monetary losses. Many security
breaches only involve a loss to the institution involved and are never
publicized, for obvious reasons. My goal for this blog post is to help
everyone become a little more paranoid.
Security
is like an onion. You want to have multiple layers of security to protect
your resources, depending on how valuable (not necessarily monetary) the
data/asset is that you are protecting. UT has improved its defenses
exponentially since I started working here 12 years ago. UT has taken
this layered approach, which includes everything from software (Anti-Virus and
software firewalls) at the user/pc level all the way up to hardware devices
(Hardware firewalls and Intrusion Prevention Devices) that protect the data at
the network layer. All of this security is a great tool, but none of it
is a panacea. All of it can be broken or made useless by an experienced
and determined hacker. The weakest link in this layered approach is
always identified as the users of the devices.
It always
makes me cringe to hear that users are the weakest link, as I am also part of
the user group. Am I really as likely to cause a breach as any other
user? Are you someone who could/would cause a breach? The answer to
both questions is YES! I am one of the users who is most targeted because
I have security credentials that would give a hacker elevated privileges.
Hackers will compromise a system with a Trojan or worm through phishing,
spear phishing, or a trusted website advertisement. Once they have access to
lower level systems, hackers will install a key logger that tracks all the key
strokes on a system and sends them home to the hacker. Then, an
administrator level person logs into the infected PC to troubleshoot the issues
or fix the PC. The hacker will later harvest the data and use the
elevated credentials to infect a higher level server or PC and the process continues.
What can
you do about this? The IPS IT team has tried to be as proactive as
possible, giving you tools to protect your PC and the data on each system.
We have also taken many steps to protect our server resources. So
for each of you, the main thing you can do is remain diligent. Here are a
few suggestions:
·
Never trust an email that asks for
NETID credentials or for any userid/password combination for other sites.
No bank, website, business, etc. will ever send you an email asking you
to supply this information. Even question when a link to a website opens
and ask you for this information. Some of these phishing emails are very
well created or copied. I got one from Verizon recently that looked very
official. (Don't use email links; go to the website yourself and log on)
·
Some of these false information
requests also occur over text messages on smart phones.
·
Ask your IT support person or the help
desk questions, if you are unsure. If you get an email that you think is
phishing, the best place to start is with the OIT help desk at 865-974-9900.
They can walk you through sending the email to them so that it
can be researched by the OIT security group and can be blocked or further steps
taken, if necessary.
·
Do not use an administrative level
account on your PC for normal day to day work. This is the main access
point into systems for a security breach. If you are running as a User
level account, most breaches cannot occur and if one does happen, the fix
is much quicker and easier to resolve. Data loss is significantly
reduced. If you are currently running as an Admin user, you should
contact your IT support person to discuss your options. Also, if you have
a home PC, I would demote your everyday account to a
user account and add a new account to have admin privileges.
By default, Windows 7 prompts you to be set up this way. Make this
change as soon as possible.
·
Accept personal responsibility because our
software and hardware protection systems are great, but our goal should be for
our end users to be the strongest link in the chain.
If you
have questions talk with your IT support person.
October is
National Cyber Security Awareness Month. Join me in signing the MS-ISAC
pledge and raising the awareness of cyber security with others.
Here are
some additional tips for both your pc and mobile devices.
No comments:
Post a Comment