|
Practicing Safe Computing at Dartmouth
By Anita Warren
It can happen to anyone. You just never thought it would
happen to you. All it took was barely a moment without the right protection,
and now it's too late. You're in trouble. It didn't have to happen. You should
have taken precautions. You should have practiced safe computing.
According to computing security expert Bill Brown, about 30 or 40 machines
connected to Dartmouth's network are infected on any given day. “That's fewer
than in the past, but more than we'd like to see,” he says. “We'd prefer not to
have anybody compromised.”
Malicious Intentions
Brown says software programs with malicious intentions, known as
malware, are passed on in various ways: through e-mail
attachments, Web site links, peer-to-peer sharing sites, even automatic
downloads from Web sites a user visits. Malware can perform many different
tasks after first installing itself on a computer. It has the potential to
infect many more people, perhaps setting itself up to distribute pornography or
share illegal video and/or music files. It might steal valuable information,
such as social security numbers or credit card numbers, and even e-mail
addresses have some value in this new world.
Infected machines are frequently combined with others to form what is called
a “bot” network of zombies that report to a master operator.
Brown notes that some masters command extremely large networks of 80,000
computers, and those computers are always checking for instructions from their
master. And although some people may notice their computers are responding more
slowly than normal, few will detect the real threat.
“Those bot networks are actually worth money,” says Brown. “If I control a
bot network, I can market that on the Internet. There are people who will pay
you money to rent your zombies. They might say, ‘Hey, I'd like to rent 5,000
zombies for six hours on next Saturday.’ You arrange a financial transaction
that’s worth so much money, about $200 per hour, and then that person will take
those zombies and launch an attack on somebody. He might do a denial of service
on somebody. He might go to a small company and say, ‘I'm going to shut you
down because I'm going to hit you with all these people — say, 5,000 guys —
unless you pay me $10,000. Wire the money to my secret bank account and we
won't do it.’ This is organized crime. This is not kids
playing pranks.” For more information, see the Sans Institute Advisor online
magazine or the recently released McAfee “
Virtual Criminology Report.” (Note: This is a PDF document.)
Standard Precautions
Although Dartmouth's Network Services can detect unusual computer behavior
on the College's network, curing infected machines requires shutting them down,
perhaps for days, to clean them up. The best course of action is to avoid the
infection altogether by practicing safe computing, and Brown has some advice on
how to do that.
There are three things you can do right away; run a firewall, apply the
security updates, and run antivirus software. “The College provides many
of those tools for users on the network,” he says. “There are specific tools
we'd like people to use. For the Windows users, we provide a very advanced
firewall and intrusion prevention system called Sygate. We have another tool
called LDSS, which is a security suite that will make sure your Windows
computer gets the required software patches. Finally, we have a
viral-fighting tool called Norton AntiVirus. And we're also encouraging
people to use an anti-spyware tool, probably a Microsoft product that we like a
lot called the Microsoft AntiSpyware. However, you are not limited to
these software tools, and even if you do not have a Windows computer, we can
help you install the major tools appropriate to your setup on a Macintosh or
Linux computer.”
Brown estimates downloading and installing the tools should take well under
an hour for users with a good broadband connection.
In addition, beginning this fall, Dartmouth network users will become part
of a campus security system as eTokens are phased in; they hold an electronic
version of each person’s identity, just like a College ID card. When fully
implemented, these eTokens will provide access to safe, encrypted passage
for both wired and wireless transmissions, as well as helping automate the
sign-on process. The eTokens will not be required everywhere, but will be
used primarily on personal computers.
Common Sense
Brown also recommends users employ some common-sense precautions. For
example, don't click on e-mail attachments unless you know the person
who sent it to you and it’s something you would expect that individual
to send. “Someone who breaks into your computer can spoof your return address
and harvest your list of friends, so just because you recognize the person who
sent the message does not mean you should click on an attachment,” he says.
“But if you read it and it seems within the context of normal conversations
that you have with that person, then sure, take a look at the photos or click
on the link.”
Share information carefully. Consider encrypting any
sensitive information you share via e-mail. Encrypting your mail prevents
anyone from reading it except for the people you intend. There are several
e-mail programs that can easily do this for you,
although BlitzMail is not one of them.
Disclose your e-mail address only to people you trust. Some
groups use automated tools to search Web sites for e-mail addresses they can
sell.
Do not install unknown programs. They are a major
source of malware and very difficult to remove.
And, finally, don't assume protecting your computer from predators
is someone else's responsibility. The virus that afflicts you today
may plague your friend, colleague, or boss tomorrow. “Ask not what your college
can do to protect you,” quips Brown, “ask what you can do to protect your
college by keeping your computer safe.” For more information, go to safecomputing.dartmouth.edu.
|
