Information Protection and Security

Over the summer Rutgers has had a few instances of unix/linux servers being successfully compromised through their SSH service. I suspect, but do not know for sure, that these hacks were due to weak passwords. Sysadmins should really consider putting some protections in place against these attacks and possibly even try to crack their own user's passwords to check their strength.

I've been working with our sysadmins to get CAS working on our group's apache web servers. CAS is great because a web server never sees a user's password and so if the server is compromised there is no chance that people's passwords will be logged by the hacker.

From The Register:

Twelve of the 35 anti-virus products put through their paces by independent security certification body Virus Bulletin failed to make the grade for one reason or another and therefore failed to achieve the VB100 certification standard.

Naming trick opens mail server

A number of Vietnamese spam sources are currently attracting attention because the spammers have equipped the relevant hosts with DNS pointer records called "localhost". [...]mail servers give preferential treatment to "localhost" and grant the Far-Eastern clients a special privilege, namely the "relaying" of emails to arbitrary recipients even outside the local network, because the servers or administrators have assumed that "localhost" is part of the local network.

This is a graph of significant security alerts over the past 90 days. In the beginning of the graph you can see the level droping off as the students finished up their finals and took their problems home with them.

I've released a new web-based interface to our SNORT alerts database. Sysadmins can use this to check a host and see if it is doing anything suspect. I'm providing this to help staff verify that they have cleaned malware off a host without requiring they call us up or wait a day to see if we see their host again in our daily reports the next day.

IPS routinely notifies departments about systems of theirs which have become infected with various types of malware and which, as a result, are doing Bad Things to other Rutgers hosts or to other sites on the internet. Occasionally I'm asked if IPS has a recommendation for AV software other than Trend Mico. Here are some suggestions. Full comparisons of top products are available from av-comparatives.org which is where I go for my information (cross checked by reviews from cnet and others.)

 Ever wonder why anyone would follow you on Twitter or Facebook?  Sure, it's nice to be able to share your world with other people, and very innocent if you're thinking that "other people" are just your next-door neighbor.  But, think about it...sharing your whereabouts and vacation plans can be an open door to people looking for criminal opportunities. Add Google Earth, and the bad guys can start making plans without even leaving their caves. Be careful to set privacy settings on social network sites to family, or friends you personally select.

Are people beginning to understand that IT security is something to be dealt with?  We have seen identity theft, data security breaches, hacked accounts, trojans awaiting orders, botnets following orders, criminal cyber activities, etc. Is it necessary to get our users involved? Of course it is...they're supposed to be our best defense! or is it our weakest link?  
 

I'm sure you've used websites that ask you to select "secret" questions and provide your own answer to be used in case you ever forget your password. Well, a new study released yesterday says those questions are much less secure than your password.