securing remote devices and using good internet security

Securing Remote Devices and Using Good Internet Security

Jay D. FlanaganManager, Email, IDM & SecurityUniversity Technology ServicesEmory University

2

Agenda

• Remote Device Security– Blackberry’s– Treo’s / Goodlink– Laptop’s

• Internet Security– Where am I going?

• What sites do I access?– What information do I give out?– Desktop security

• Tools

3

Remote Device Security

• Mobility– Working from anywhere– Access to data from anywhere

• Types of Data– Confidential / Restricted– Public

• Storage of Data– Encrypt / Encrypt / Encrypt

Blackberry

4

5

Blackberry

• Built in wireless security features– End-to-end Wireless encryption

• Uses AES or Triple DES

– Can use RSA SecureID for two-factor authentication

– HTTPS for secure data access– S/MIME Support– PGP Support– Digital Certificates

• Certs can be generated

– Smart Card reader

6

Blackberry

• Security for Stored Data– IT policy enforcement and management

• Mandatory authentication• Admins can remotely send commands

– Server permits only trusted connections– Certified Secure

• Advanced embedded encryption technology• Meets required government security standards

– FIPS 140-2

7

Blackberry

• Security Guidelines– Blackberry devices should be password

protected (Can be done as part of the encryption process)

– Anti-virus protection – Postini, Relays, Server and desktop

– Encryption – Transmission of data is already done. Be sure data is encrypted for content on the device – can easily be set up

– Always immediately report a lost, stolen or damaged Blackberry device (Help Desk / Local Support)

– Regularly back-up data

8

Blackberry

• Blackberry Security Links– Google Blackberry Security

•http://www.sans.org/reading_room/whitepapers/pda/258.php

•http://na.blackberry.com/eng/ataglance/security/knowledgebase.jsp#tab_tab_whitepapers

•http://iase.disa.mil/stigs/checklist/wireless_stig_blackberry_checklist_v5r2-1.pdf

TREO/GOODLINK

9

10

Treo/Goodlink

• Microsoft’s Messaging and Security Feature Pack (MSFP)– Direct push technology– Access Global Address List (GAL)– Supports protection against violations

of HIPAA and Gramm-Leach-Bliley Acts• Remote password policy enforcement

and data wipe– Password lengths can be set– Set failed password attempts before wiping of

data

11

Treo/Goodlink

• Security Guidelines– Treo devices should be password protected– Password protect documents– Anti-virus protection – Postini, Relays, Server and

desktop– Encryption – Transmission of data is already done. Be

sure data is encrypted for content on the device – Always immediately report a lost, stolen or damaged

Treo device (Help Desk / Local Support)– Regularly back-up data– Goodlink Security Page Link:

• http://www.good.com/documentation/GMM_Admin_Exchange/Stoli%20Exchange%20Admin%20HTML-03-3.html

12

Treo/Goodlink

• Treo Security Links– Google Treo Security

• http://www.lehigh.edu/~inlts/comp/docs/pda/security/palm/

• http://mytreo.net/archives/2006/04/treo-security-msafe-warden-teallock-comparison-review.html

• http://www.good.com/documentation/GMM_Admin_Exchange/Stoli%20Exchange%20Admin%20HTML-03-3.html

13

Laptops

14

Laptops

• Security Guidelines– Basic Security Measures

•Enable strong passwords•Asset Tag or Engrave the laptop•Register the laptop with the

manufacturer

15

Laptops

• Security Guidelines– Physical Security

• Get a cable lock and use it• Use a docking station• Lock up your PCMCIA cards• Consider other security devices based on

your needs• Use tracking software to have your laptop

call home

16

Laptops

• Security Guidelines– Protecting your Sensitive Data

• Use the NTFS file system• Disable the Guest Account• Rename the administrator account• Consider creating a dummy administrator account• Prevent the last logged-in user name from being

displayed• Use a personal firewall• Consider other security devices based on your

needs• Encrypt your data – Full Disk Encryption• Backup your data

17

Laptops

• Security Guidelines– Encrypting the hard drive

• http://www.guardianedge.com/products/Encryption_Anywhere/Hard_Disk.html

• http://www.dekart.com/howto/encrypt_hard_drive/• http://www.dekart.com/products/encryption/

private_disk/• http://www.safenet-inc.com/products/

data_at_rest_protection/Protectdrive.asp• http://www.truecrypt.org/• http://www.magic2003.net/scrypt/index.htm

18

Laptops

• Security Guidelines– Preventing Laptop Theft

• No place is safe• Use a non descript carry case• Beware of pay phones• Be aware of your laptop at all times

– When traveling by air– When traveling by car– While staying in a hotel– When attending conventions and conferences

• Make security a habit

19

Laptops

• Security Guideline Links– Google on Laptop Security

• http://labmice.techtarget.com/articles/laptopsecurity.htm

• http://www.securitydocs.com/library/3399• http://www.microsoft.com/atwork/

stayconnected/laptopsecurity.mspx• http://infosecuritymag.techtarget.com/

articles/february01/features_laptop_security.shtml

20

Safe Internet Security Practices

•The Internet is great–for searching–for gathering information–for purchasing products and services

•But………………………

21


• Where am I going on the internet and why am I going there?

• What information am I going to give out when I go to a web site?– Do you ask yourself these questions when surfing?

• You should– More and more sites gather information on you when

you surf• Some with your knowledge and some without

– Key loggers, trojans, worms and social engineering are just some of the things that reside on web sites waiting for you to come along.

– Precautions must be taken• Desktop security tools will help• But so will being security aware

23


• Desktop Security Tools– Virus Scanning

• Be sure to have anti-virus software installed, running and DAT files up to date

– Update DAT files and software automatically– Schedule regular scans

– Spam Scanning• Manage Postini spam filtering• Set up filters on email client – think hard about

this• Some anti-virus software will also do some limited

spam scanning

24


• Desktop Security Tools– Personal Firewall

• Install and set up personal firewall– Windows XP / Vista– Other Vendors

» Symantec» Zone Alarm

• Keep it up to date • Review logs regularly

– Anti-spyware Scanning• Install anti-spyware software

– Spybot– Yahoo Anti-Spyware– MS Anti-Spyware

• Keep it up to date• Scan regularly

26


•Desktop Security Tools–Other host based security tools•Host based IPS•Host based IDS•URL and Content Filters

27

Summary

• Mobility and access to data– Blackberry’s, Treo/Goodlink, Laptops

• Keep these mobile devices secure– Steps that should be taken

• Being safe and secure on the Internet– Security Awareness– Security Tools

28

Contact Information

• Jay D. Flanagan, Emory University– Email

•[email protected]

– Phone•404-727-4962

– Web Page•http://it.emory.edu/security

29

?QuestionsQUESTIONS?

securing remote devices and using good internet security

Documents