Re: OT: Educating users about Security

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M\Siri Amrit Kaur at <-
MMSiri Amrit Kaur at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Joseph Toon
Date:  
To: plug-discuss
Subject: Re: OT: Educating users about Security
I ran into this same issue about a year ago. Spyware infested systems,
viruses, no network monitoring/policies, etc. The network is around 40
computers, a few servers, mostly Windows 98 desktops.

While I could have attempted to do a "Security 101" class, I realized most
wouldn't be interested and as a result, it wouldn't be effective. So instead,
I profiled the network, uncovered issues (both from a security and usability
standpoint) and wrote up a formal proposal that outlined the issues and
solutions (using FOSS of course.. :)

I setup a FreeBSD 4 firewall (Linux could be used as well, I just prefer the
syntax of IPFilter and the ports system) that uses a default deny policy to
only allow necessary incoming connections (ie website, mail, ssh) as well as
necessary outgoing connections. I setup Postfix with Amavisd-new that
processes all incoming and outgoing email for spam (spamassassin) and viruses
(clamav). In addition, Postfix uses dnsrbl lists that rejects known spam
sites at the connection (about 30% of all incoming email). Amavisd is set to
auto-quarantine known executable files attached to email and notifies me to
manually deliver them (I think there have been 2 legitimate emails
quarantined over the past year). (side note: the current issue of Linux
Journal has two articles that discuss the setup & config of
postfix/clamav/amavisd/spamassassin).

40% of all incoming email is rejected (dnsrbl lists), another 5-10% is
rejected as spam at the server. Historically 50% of all email being received
was spam, now this has been significantly reduced. Email that is *probably*
spam (low spamassassin value) is delivered with the spam tags so the
receipient can decide what to do with the email.

AFAIK, the clamav + amavisd blocking of executable attachments has been 100%
effective in keeping viruses from entering the LAN. On average, 10 virus
emails are stopped per day that would have historically been delivered and
possibly run by a user.

On the desktop, I have been migrating users to Firefox. In addition to this, I
"fix" internet explorer (updated security patches, spywareblaster, adaware,
etc..) and move links for Internet Explorer to point to firefox (Blue E =
"The Internet" you know..). I have not run into any major issues from users.
Most use it and see it as an upgrade from Internet Explorer. Quite a few have
asked me where to get it to install on their home systems/recommend it to
others, etc.

This has done wonders for the spyware/adware/virus issue. For the most part,
it is a distant memory for the users.

Incase something does get past the firewall/filters, I have setup the firewall
to notify me when attempts are made to access external SMTP servers (not from
the mail server, of course) and I monitor the postfix logs (daily report) for
any abnormal mail server activity that would indicate a mass mailing virus.
In addition, an occasional network sweep using tools such as nmap/nessus/etc
is conducted to locate other security issues (ie viruses loaded that open a
backdoor on the system).

The next step I'll probably setup a proxy server (squid/dans guardian or
similar) to disallow all use of Internet Explorer except for Windows Update
and provide another layer of control (disable access to spyware/adware sites,
etc..).

Needless to say, most users are unaware of the behind-the-scenes stuff that is
occuring. There have been several who have noticed that many problems they
have on their home computers don't occur on their work computers (massive
spam, spyware, general slowness, etc..) and have asked me about these issues.
Of course, I'm more than happy to discuss and recommend ways to combat the
issues. Infact, I have a short one page list of tools & recommendations
(standard stuff, firewalls, being intelligent about email, using firefox,
using a hardware router, adware/spybot/spywareblaster, virus scanner, etc..).
I do like when they pop the question "well what do you use on your home
computer" .. ".. well I don't use Windows.... "

---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-Re: Q.: Connect Fedora 2 with Windowsberkley db install error configure: error: Berkeley DB should not be built in the top-level or dist directories.->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)