laptops and computer security gareth smith. current situation in ppd standardised on dells (d400,...
TRANSCRIPT
Laptops and Computer Security
Gareth Smith
Current Situation in PPD• Standardised on Dells (D400, D600)• Total bought to date by department: ~50.• Loan Pool:
– Dell CPx (old and heavy)– 7 * Dell C400 (lightweight)– booking system on web (includes projectors).– Pool usage not rising as individuals acquire own laptops.
• New systems with Windows XP. Will update clone image (for pool) to XP as well. No plans to upgrade all Windows 2000 to XP.
Dell Models• Encourage purchase of the
same types of laptop– Benefits of standardisation
• Swap batteries• Familiarity with how to contact
Dell etc.• Can clone systems
• Two Models– Latitude D400
• Lightewight. 12” screen; 1.7Kg.
– Latitude D600• Larger. 14” screen; 2.12Kg.
Desktop Replacement• Some users only use a laptop.
– Importance of DSE issues…..• Laptops bought on Group Budgets.• CG will contribute to cost if ‘desktop
replacement’.– CG provide
Monitor/Keyboard/Mouse/Office Licence plus £700 towards cost.
– Group buys laptop with docking station.
Visitors Laptops• If in conference rooms – receive address on
‘visitors’ network (i.e. outside firewall).• If in PPD receive an address in the PPD range.
– Would like to improve this….
• Need visitors laptops patched and with up-to-date date anti-virus.
• Likewise, need to ensure that our laptops are up-to-date before taken elsewhere.
Laptops Security
• Current arrangements are that users must:– Regularly update Sophos anti-virus. (Over
network and by upgrading from a CD at roughly 2-monthly intervals.)
– Apply patches (via Windows Update).
Laptops Security (2)
• Move to put laptops into the ‘PPD’ Windows domain.– Can use existing centralised mechanisms to
update:• Microsoft Patches• Sophos.
– Will investigate automatic updates from a ‘Systems Updated Services (SUS)’ server.
2003 Security Issues• A busy year:• Virus/Worms on Windows (especially
‘Blaster’).• Sophisticated ‘rootkit’ attack on LINUX.• Rise in quantity of SPAM• Attempts to trick users into giving bank
details etc.– …………
Slammer Impact
CERN results and effort involvedCERN results and effort involved
Action Preventive Repair
Apply patch to 5000 machines via NICE 0.1
Security 4.0
Network group 6.0
User Support 3.5
Coordination 0.5
Local support 4.0
Total 0.1 18
NB: Does not include effort in other Divisions
The hotfix webpage was visited 12’200 times in AugustThe emergency measures page 2600 times in second half of August
Infected Systems: Blaster/Welchia (~300), Sobig (12) (At end of August in FTE weeks)(At end of August in FTE weeks)
Conclusions(From Bob Cowles’ talk)
[Unchanged from last year]
• Poor administration is still a major problem
• Firewalls cannot substitute for patches
• Multiple levels of virus/worm protection are necessary
• Clue is more important than open source
Fighting SPAM• Large increase in SPAM over year (>50% of all
mail)• CCLRC does bounce some mail that is most
clearly SPAM.• SPAM is tagged with a code giving a ‘likelihood’
of SPAM. Can set-up your own filter.• See CLEO pages at:
http://www.cleo.clrc.ac.uk/
Fighting SPAM
Security Responsibilities.• CG apply anti-virus updates and patches on machines
for which we are responsible.. – Also checking logs; disabling redundant users; checking
backups; following up security advisories; …..
• Both of these mechanism need to be applied to laptops & home PCs.– E.g. provision of Sophos for home systems with CDs
• Prepared by PC Support, we make available bi-monthly.
• Managers of machines CG does not support must carry out these tasks themselves.
• The old PC in the corner of the lab is not free. It too must be patched and checked.
Problem on HEPNTS8.• Significant Outage of two days on 10/11
November.• Cause not completely understood.
– Corruption of system disk on file server.• Remedial efforts:
– Reduce chance of re-occurrence:• Will not break/re-make mirror.
– Reduce time to recover if this were to happen again.• Small change to backup scheme.• Make online copy of (current) users areas.• Windows XP desktops configured slightly differently (Exceed
configuration cached locally).