IT Security For Librarians:Servers & More

Week One

• Passwords: L E N G T H & Unique

• Paranoia: Think Before You Click

• BackuPs: Frequent and Automatic

• Patches: Set to Auto

• Ponder Before Posting

Intro

Week Two• Privacy

Surveillance Is The Business Model Of The Internet

• Carry A Safe, Not A Suitcase

• Email

• Browsers

• Wi-Fi

• Social Media

• Mobile Devices

• Backups

Week Three

• Lock Things Down Grant least privilege Whitelisting - Patches – Limit Admins

• Assume your secrets are not safe• Build a Defensible Library• Threat Modeling Everything With An IP Address Matters

• Training New Instincts Never Without The WHY

Today!

Servers

Review

Tools & Sites

Now What??

Concordia University libraries hit

by security breachOfficials at Concordia University have filed a police report after recently noticing a security breach

at the university's Webster and Vanier libraries.

The university's library and technical staff recently found hardware devices called keyloggers

on some of its workstations.

"Hardware devices called keyloggers ... can capture computer keystrokes," said a statement

issued Monday by the university. "These keylogger devices can capture personal data such as

login information and passwords ... by tracking the keystrokes used at a workstation."

The affected computers are the ones at express workstations, which are available for

public use for a maximum of 10 minutes.

The university said that the security network of its 272 laptops on loan and its 432 library

workstations is intact.

"We want to reassure you that the hardware keyloggers were only found on express workstations

located on LB2 in the Webster Library … and on express workstations located in the Vanier

Library on VL1."

http://www.cbc.ca/news/canada/montreal/concordia-security-breach-1.3501415

School officials said they are beefing up

security in areas where public computers

are located.

"We are conducting regular visual

inspections and implementing several

other measures that include educating our

students, faculty and staff," the statement

said.

Server Security

Sever Side Security

Servers

http://krebsonsecurity.com/2012/10/the-scrap-value-of-a-hacked-pc-revisited/?utm_source=feedburn

Server

Servers Are Better!

• Bigger

• Better

• Faster

• Always On

• Unattended

• Bigger Pipes!

• Full of stuff!!

• People come to visit!!!

Server Security

• Keep things updated • Passwords • Limit logins • Logs • Watch for file changes (IDS) • Firewall • Kill unneeded processes

Sever Side Security

• Use SSL• Secure Defaults• Look for old stuff, scripts• Writeable files are dangerous• Watch Who Is Connecting• Make sure it’s physically safe• Scan the server for malware• Scan the web pages• Run an IDS• Linux Malware Detect• Google hacking and robots.txt

– inurl:wp-content/themes/Ghost/

Any Good Web Site Can Go Bad

At Any Time

Sever Side Security

The vast majority of web

malware encounters actually

occur via legitimate browsing of

mainstream websites. In other

words, the majority of encounters

happen in the places that online

users visit the most—and think

are safe.2013 Cisco Annual Security Report

Large Angler Malvertising

Campaign Hits Top Publishers

https://blog.malwarebytes.org/malvertising-2/2016/03/large-angler-malvertising-campaign-hits-top-publishers/

Drive By Defense!

• Use Two & Keep EVERYTHING Updated• Know Your Settings

–Phishing & Malware Detection - Turned ON–Software Security & Auto / Silent Patching -

Turned ON

• A Few Recommended Plugins:–Something to Limit JavaScript –Something to Force HTTPS–Something to stop trackers–Something to Block Ads

Staying Safe Online

Privacy Badger uBlock

Origin

Sever Side Security

The attraction of attackers to CMS applications (which are attacked 3 times more often than

non-CMS applications) and in particular to WordPress is not new. CMS frameworks are mostly

open source, with communities of developers continuously generating sequences of plugins

and add-ons, without concerted focus towards security. This developer model constantly

increases the vulnerabilities in CMS applications, especially for WordPress which is also PHP

based. We found that WordPress was attacked 3.5 times more often than non-CMS

applications. Typically, WordPress and other CMS applications are derived from a common

template, enabling automated scanning attacks that work effectively on multiple sites.

IMPREVA’s 2015 Web Application Attack Report (WAAR)

https://www.imperva.com/docs/HII_Web_Application_Attack_Report_Ed6.pdf

http://venturebeat.com/2015/11/08/wordpress-now-powers-25-of-the-web/

WordPress now powers 25% of the Web

How Good Sites Go Bad

• Remote File Inclusion

• SQL Injection

• Local & Remote File Inclusion

• Cross Site Scripting (XSS)

• Directory Traversal

Sever Side Security

Sever Side Security

Sever Side Security

Web Shells

• Once the WebShell script is run, it provides a web interface for remote operations on the server, including, but not limited to:

– Server Information– File manager (access to file system)– Access to execute commands– SQL manager– PHP code execution – Bruteforce FTP, MySQL, PgSQL– Search files, search text in files– Malicious content upload – Mass code injection

How Do I Know My Site's Been

Hacked?

1. Errors on the pages

2. Errors In The Logs

3. New server side processes, users, jobs

4. Files have changed or appeared

5. You show up on black lists

Securing WordPress

• Stay Updated• Change DB Prefix• .htaccess

– Wp-config.php– Wp-admin

• WP Security Plugins• Limit Bruteforce• “admin” user name• Server Side File Permissions• robots.txt• Passwords• Backups

Bishop / PunkSPIDER browser plugins

Pastebin

Realtime DDOS map

(http://map.norsecorp.com/)

Low orbit ion canon DDOS tool (#loic search on

Twitter)

GHDB Google hacking DB at exploit-db

https://www.exploit-db.com/google-hacking-database/

Kali Linux https://www.kali.org/

Security4Lib: http://security4lib.org/

Some Tools & Sites

So Now What?

YouUse a password manager

Encrypt your disks in portable devices

(FileVault, BitLocker, TrueCrypt)

Using a public network? Use a VPN

Anti Malware

Browser Plugins

Updates / Patches

Don't run as root / admin

Firewalls

Remove Programs / Processes / Services

Clean Up Your Footprints

Your Library

Train Employees

Unacceptable Use

Thumb Drives

Incident Reporting

Common Attacks

Privacy

Have A Plan For Loss

Offer Training @ Your Library

Threat Modeling

Your LibraryLockdown

Hardware Security Checks

Thumb Drives

Limit Users - Least Privilege

Anti Malware

Browser Plugins

Updates / Patches

Networks

Whitelisting

Firewalls

Remove programs / Processes / Services

logging and auditing

Backup & Encrypt

Passwords

Library Website

Stay Current

Security4lib

Schneier on Security :

http://www.schneier.com/blog/

Naked Security – Sophos :

http://nakedsecurity.sophos.com/

Troy Hunt :

http://www.troyhunt.com/

SANS Reading Room :

http://www.sans.org/

Security Now Podcast :

http://grc.com/securitynow.htm

Full List

http://lisnews.org/keeping_current_it_security OR

http://lisnews.org/security

Conclusions

Do something to make the bad guys job harder

IT Security For Librarians:Servers & More

LYRASIS Systems Administrator