Defending Laptops with MinUWet By Erick Engelke. Laptops and our future? laptops now outsell desktops laptops now outsell desktops we expect continued.

Slides:

Advertisements

Similar presentations

© 2012 All rights reserved to Ceedo. Flexible Desktops. Dynamic Workplace. Ceedo for Call Center Call Center on a Stick Ceedo for Call Center Presentation.

Advertisements

McAfee One Time Password

© 2012 All rights reserved to Ceedo. Flexible Desktops. Dynamic Workplace. Ceedo for Citrix Optimal User Experience & Maximum IT Control Ceedo for Call.

Supporting The Mobile Client: Expanding Our Borders John Guidone Manager, Desktop Technologies and Dawn E. Colonese Manager, Help Desk & Client Access.

Chapter 1  Introduction 1 Chapter 1: Introduction.

Minuwet 2.0 Aruba and More. Minuwet 1.0 Provided sanity check on wireless computers 8,370 distinct users used it in March 2008 Saved lots of IT effort.

Extending ForeFront beyond the limit TMGUAG ISAIAG AG Security Suite.

Supporting A Laptop Environment Erick Engelke Faculty of Engineering University of Waterloo

A Secure Network for All Team Excel. Requirements Business Add visitor, customer, and competitor access Use non-company laptops onto corporate network.

Wireless.ubc.ca Balancing security and usability on the world’s largest Wi-Fi campus network Jonn Martell Wireless Project Manager, UBC

Defending Laptops with MinUWet By Erick Engelke. Laptops and our future? laptops now outsell desktops laptops now outsell desktops we expect continued.

OAAIS Enterprise Information Security Security Awareness, Training & Education (SATE) Program or UCSF Campus VPN.

Jonathan Wood Technical Briefing – Spring Technical Session  Release Information  SIMS Technical Roadmap  SQL 2012 Migration  SOLUS3.

PresentPC August 2009 Erick Engelke Engineering Computing.

Norman Endpoint Protection Advanced security made easy.

1 Panda Malware Radar Discovering hidden threats Technical Product Presentation Name Date.

Penn State University College Of Education Understanding College of Education Resources.

Desktop Security: Worms and Viruses Brian Arkills, C&C NDC-Sysmgt.

Website Hardening HUIT IT Security | Sep

Lawson System Foundation 9.0

Information Security Information Technology and Computing Services Information Technology and Computing Services

Course 201 – Administration, Content Inspection and SSL VPN

RFC6520 defines SSL Heartbeats - What are they? 1. SSL Heartbeats are used to keep a connection alive without the need to constantly renegotiate the SSL.

Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.

Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

eScan Total Security Suite with Cloud Security

Malware Spyware & Viruses Overview  What does it look like?  What is it?  How can you prevent it?  What can you do about it when you get it?

“ Does Cloud Computing Offer a Viable Option for the Control of Statistical Data: How Safe Are Clouds” Federal Committee for Statistical Methodology (FCSM)

RSA Security Validating Users and Devices to Protect Network Assets Endpoint Solutions for Cisco Environments.

EduRoam Australia Project Experience in location independent wireless networking with international collaboration with TERENA EduRoam Project 19 th APAN.

1 Network Admission Control to WLAN at WIT Presented by: Aidan McGrath B.Sc. M.A.

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

Security Awareness ITS SECURITY TRAINING. Why am I here ? Isn’t security an IT problem ?  Technology can address only a small fraction of security risks.

2011 / 9/11/ S V E Security for Virtualized Environments The first comprehensive security solution for.

Windows Vista Security Center Chapter 5(WV): Protecting Your Computer 9/17/20151Instructor: Shilpa Phanse.

Managing and Securing Endpoints Bruce Hotte Chief Information Officer Jeff Swan Network Supervisor  The definition of “endpoint” used to be simple: a.

CERN’s Computer Security Challenge

Separate your corporate environment from unknown threats of the WEB. Define trusted WEB policy. Enforce the use of WEB browsers. Automatically distribute.

Malicious Attack Corporate Awareness and Walk through Date 29 September 2011.

OPSWAT Presentation for XXX Month Date, Year. OPSWAT & ____________ Agenda  Overview of OPSWAT  Multi-scanning with Metascan  Controlling Data Workflow.

Safeguarding OECD Information Assets Frédéric CHALLAL Head, Systems Engineering Team OECD.

A Practical Guide for Joining EduRoam EuroCAMP Torino A Practical Guide for Joining EduRoam 4 March 2005 Version 1.6.

TECHNOLOGY GUIDE THREE Protecting Your Information Assets.

Information Security Awareness Training. Why Information Security? Information is a valuable asset for all kinds of business More and more information.

Simplifying the Configuration of Student Laptops — StirlingVPNSetup Simon Booth University of Stirling Laptop Forum 27th June 2006.

Specialist communication channel. Sarah-Jane king.

1 Improving Security Through Automated Policy Compliance Christopher Stevens Director of Network and Technical Services Lewis & Clark College Educause.

How can IT help you today?. Agenda Why Do You Care? What Are The Risks? What Can You Do? Questions? How can IT help you today? 2.

Computer Security By Sierra Monif. “Access to information and entertainment, credit and financial services, products from every corner of the world —

Living Next to the Anarchists By Erick Engelke. Anarchists? Anarchy is (various definitions) - lawlessness or disorder when there is a lack of governance.

Malware Spyware & Viruses Overview  What does it look like?  What is it?  How can you prevent it?  What can you do about it when you get it?

Defending Laptops with MinUWet By Erick Engelke. Laptops and our future? laptops now outsell desktops laptops now outsell desktops we expect continued.

© 2008 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED,

How I Learned to Stop Worrying and Love the EOL CD.

On the Road to Eliminating Cleartext Reusable Passwords HEPNT and HEPiX 06 October 1999 Bob Cowles, SLAC Computer Security Officer

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

By: Jasmin Smith  ability to control what information one reveals about one’s self over the Internet.

ONLINE SECURITY Tips 1 Online Security Online Security Tips.

TECHDOTCOMP SUPPORT TECHDOTCOMP nd Ave, Seattle, WA 98122, USA Phone:

Page PearsonAccess™ Technology Training Online Test Configuration.

By the end of this lesson you will be able to: 1. Determine the preventive support measures that are in place at your school.

Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training What’s New in Fireware v

Barracuda SSL VPN 2012.

Maintaining a Secure and Usable Wireless Network

CHALLENGES Users growing and becoming more demanding

TECHNOLOGY GUIDE THREE

Lawson System Foundation 9.0

How to Patch Norton Antivirus?

NFX Q-Port on-boarding guide

Presentation transcript:

Defending Laptops with MinUWet By Erick Engelke

Laptops and our future? laptops now outsell desktops laptops now outsell desktops we expect continued growth of laptops we expect continued growth of laptops laptops present new opportunities for learning and budgets, but also new IT staff challenges laptops present new opportunities for learning and budgets, but also new IT staff challenges laptop security issues are time-consuming for staff laptop security issues are time-consuming for staff continued laptop growth needs scalable support continued laptop growth needs scalable support

Solution: We need a strategy which encourages responsible client laptop management

Continuum of Security none - anarchy available but optional encouraged / accessible heavily enforced

Accessible Security? make technology simple to conceptualize though not necessarily understand make technology simple to conceptualize though not necessarily understand it becomes part of the culture it becomes part of the culture examples: examples: privacy of PIN numbers on debit cards privacy of PIN numbers on debit cards security of SSL web sites security of SSL web sites

How to Encourage Security Educate Educate Reward Reward

How to Encourage Security Educate Educate Reward Reward Remind Nag Embarrass Punish or

Possible Education Points 1. secure your computer Antivirus, Workstation Firewall, Updates, … Antivirus, Workstation Firewall, Updates, … 2. secure your applications MyWaterloo, SSH, Secure IMAP, VPN MyWaterloo, SSH, Secure IMAP, VPN 3. secure yourself best practices, (strong secret passwords), avoid probable malware best practices, (strong secret passwords), avoid probable malware users can conceptualize these points, but will they act?

MinUWet Setting minimum standards NAA detects OS at login screen NAA detects OS at login screendetects highly vulnerable OS’s must endure a scan using MinUWet (currently only MS Windows) highly vulnerable OS’s must endure a scan using MinUWet (currently only MS Windows)MinUWet Antivirus enabled and up-to-date? Freshen! Antivirus enabled and up-to-date? Freshen! OS getting patches? OS getting patches?

MinUWet Setting minimum standards (cont.) NAA detects OS at login screen NAA detects OS at login screendetects highly vulnerable OS’s must endure a scan using MinUWet(currently only MS Windows) highly vulnerable OS’s must endure a scan using MinUWet(currently only MS Windows) MinUWet Antivirus enabled and up-to-date? Freshen! Antivirus enabled and up-to-date? Freshen! OS getting patches? OS getting patches? HTTP always allowed, download patches HTTP always allowed, download patches pass test… get additional or “premium” network access pass test… get additional or “premium” network access

MinUWet Setting minimum standards (cont) other OS’s are not affected other OS’s are not affected users who do not wish to participate are granted web-only access users who do not wish to participate are granted web-only access will still do existing security scans and SNORT will still do existing security scans and SNORT complementary solutions add more security complementary solutions add more security

Some MinUWet Facts idea is similar to Cisco NAC and MS NAP idea is similar to Cisco NAC and MS NAP MinUWet is compatible with all existing hardware and safe with non-MS OSs. MinUWet is compatible with all existing hardware and safe with non-MS OSs. local expertise, we can adapt it local expertise, we can adapt it Cisco and MS solutions are stronger but more difficult to run and inflexible Cisco and MS solutions are stronger but more difficult to run and inflexible MinUWet doesn’t have to be hack-proof, it just has to be better than today’s mess! MinUWet doesn’t have to be hack-proof, it just has to be better than today’s mess! MinUWet - retired upon better options MinUWet - retired upon better options

Statistics from Two Week Engineering Trial 6486 NAA Windows sessions 6486 NAA Windows sessions 3161 or 49% of sessions ran MinUWet 3161 or 49% of sessions ran MinUWet 628 distinct users ran MinUWet 628 distinct users ran MinUWet 168 or 26% of them failed the test initially 168 or 26% of them failed the test initially 75 or 45% of those who failed later passed. 75 or 45% of those who failed later passed. this indicate users upgraded their systems this indicate users upgraded their systems zero security threats observed by IST zero security threats observed by IST

Campus-wide Rollout Thursday March 2 nd Thursday March 2 nd “help desks” co-ordinate information sharing “help desks” co-ordinate information sharing Friday March 3 rd – Friday March 3 rd – appears in Daily Bulletin appears in Daily Bulletin brief message appears at each wireless user login brief message appears at each wireless user login both messages point to a web site where users can learn more and test their laptops ( both messages point to a web site where users can learn more and test their laptops ( Thursday March 16 th Thursday March 16 th MinUWet goes live and enforces user security MinUWet goes live and enforces user security

Lessons Learned MinUWet has a dramatic effect on security MinUWet has a dramatic effect on security most users content with web-only access most users content with web-only access non-MinUWet clients can still be vulnerable, issued security warnings non-MinUWet clients can still be vulnerable, issued security warnings a few users ignore warnings. They are not inconvenienced enough… yet. a few users ignore warnings. They are not inconvenienced enough… yet.

Encouraging Compliance After Security Warnings new feature in Engineering new feature in Engineering network purgatory / “security enlightenment camp” network purgatory / “security enlightenment camp” only for users issued repeat IST security warnings only for users issued repeat IST security warnings those users must successfully complete True/False quiz on network security before wireless restored those users must successfully complete True/False quiz on network security before wireless restored self serve solution self serve solution reduce staff effort, may improve compliance. reduce staff effort, may improve compliance.

Future memory (using a cookie) will reduce MinUWet scans to once per week memory (using a cookie) will reduce MinUWet scans to once per week improve result text with more detailed advice improve result text with more detailed advice

Thank you