SLAC COMPUTER SECURITY Malicious Software More trojan attacks Coming via web browsing Using SQL injections techniques Battery of exploit attempts –3 rd party applications –OS vulnerabilities Goal is Silent Infection –Trojan.ZLOB –Trojan.PANDEX –Trojan.ASPROX 3
SLAC COMPUTER SECURITY AV Process & Actions Type (1) Actions AVCyberAdminUser Trojan horse, SpywareLeave alone, access denied, undefined Isolate/ Email Scan (2) format and rebuild (3) Change password AdwareLeave alone, access denied, undefinedEmailScan (2) Chg pwd WormLeave alone, access denied, undefinedEmailScan (2) Chg pwd VirusLeave alone, access denied, undefinedEmailScan (2) Chg pwd Trojan horse, SpywareClean, quarantine, deleteEmailScan (2) Chg pwd AdwareClean, quarantine, deleteNone WormClean, quarantine, deleteNone VirusClean, quarantine, deleteNone Notes: 1.The results of malware research could change the actions to be taken 2.All scans must be full AV scans in safe mode with system restore turned off. a)Results need to be shared with Cyber, screen captures or exported files. b)Depending on the results of the scan, further actions could include format and rebuild or Cyber taking the computer or hard drive for further investigation. 3.Computer security may not request a rebuild if the virus is found in cache. 4.Computers used to access personally identifiable information (PII) will receive more scrutiny when they generate virus alerts.. 6
SLAC COMPUTER SECURITY Other Actions Additional viruses or issues –Isolate / scan / rebuild Several (3 or more) alerts on same computer / same day –Isolate / scan / rebuild Unauthorized / prohibited software –Must be removed –Some cases sent to HR 7
SLAC COMPUTER SECURITY Further Review Affirmative duty to report abuse of SLAC resources Device taken, including USB devices –Illegally licensed software –Hacker tools Key generators, password sniffing, vulnerability assessment –Illicit material Pornography, gambling, evidence of running a personal business Reported to HR 8
SLAC COMPUTER SECURITY References 10 Computer Security website –Restricted/Prohibited softwareRestricted/Prohibited software Policies –Limited Personal Use of Government Office Equipment including Information TechnologyLimited Personal Use of Government Office Equipment including Information Technology –Use of SLAC Information ResourcesUse of SLAC Information Resources
SLAC COMPUTER SECURITY Questions / answers / discussion 11 What would happen if we didn’t do this? –A computer gets compromised Becomes a bot for additional attacks Information is lost –During a Site Assessment Non-job related data is found –Unlicensed / illegal software –Pornography SLAC fined, lose contract?