In your blog, write about a time when you (or a relative/friend) have had to deal with the effects of one of the following:
virus
trojan horse
back door
worm
What happened, and what measures did you take to protect yourself afterwards?
Ive had an experience with a trojan horse once before, thankfully I have a good security system installed on my computer and nothing major happened, the software picked up the trojan horse and I guess got rid of it. When I got this computer I made sure I had all the nessecary security measures in place. I only really use my computer for university work anyway so even if a virus or trojan horse did get through the security system I dont have anything stored on my computer other than homework.
Look for an article on the Internet that relates to an organization having lost its security due to one of the above mentioned threats. What measures did they have to take to protect themselves? What was the impact of any loss or corruption of data that occurred?
Office of U.S. Marshals infected by Neeris virus Article: By Angela Moscaritolo May 25, 2009 9:24 AM
The office of U.S. Marshals was infected with a computer virus on Thursday that was able to infiltrate their computer network because the federal law enforcement agency was running an out-of-date anti-malware solution.The virus is believed to be Neeris, a new malware variant that has been customised to exploit the same vulnerability as the notorious Conficker worm, Nikki Credic, a spokewoman for the Marshals confirmed to SCMagazineUS.com on Friday. She added that there may have been multiple computers infected. Within the public relations office alone, one or two people noticed suspicious changes in their computers.“Neeris and Conficker look for missing patches. If the PCs and servers are patched, the malware doesn't work,” John Pescatore, research director and vice president at Gartner, told SCMagazineUS.com in an email on Friday. “The patch for this has been out since October 2008.”The United States Marshals Service (USMS), a federal law enforcement agency within the U.S. Department of Justice, is the nation's oldest federal law enforcement agency, having served the country since 1789. The virus in its computer network was discovered early Thursday morning. At that time, the IT staff disconnected the marshals' computers from the Justice Department's network to prevent further spread, Credic said. In addition, the marshals' internet connection was shut off all day Thursday, and only internal email was functional, Credic said.Working with anti-virus vendor, Trend Micro, the IT staff updated its anti-virus software and pushed updates to all agency computers, Credic said.“They had an out-of-date product as far as we know,” Michael Sweeny, global public relations director at anti-virus company Trend Micro, told SCMagazineUS.com on Friday.By Friday morning, email and internet connections were back up and running at the USMS, Credic said. “It appears they have resolved the problem."Credic added that no data was compromised or at risk as a result of the virus infection. The FBI is said to be having similar problems, the agency told the Associated Press on Thursday. When contacted by SCMagazineUS.com on Friday morning, a spokesman at the FBI's press office said his email was down, but did not provide additional details. “We too are evaluating a network issue on our external, unclassified network that's affecting several government agencies," FBI spokesman Mike Kortan told the AP. Gartner's Pescatore said that this incident illustrates the importance of making sure computers are patched. Also, email and PC anti-virus programs should be kept up-to-date. And, a web security tier that blocks incoming malware from web connections is equally important, he said. “It sounds like the problem here was both missing patches and missing AV – definitely below a due diligence level of protection,” Pescatore said" (http://www.securecomputing.net.au/News/145860,office-of-us-marshals-infected-by-neeris-virus.aspx)
What measures do you think UB has in place to deal with these threats?
As the university has sensitive information on thousands of students it is critical it has a good security system in place to protect this information. I think the university would have anti-virus software and they would definently have to have a secure log in system, I know from experience that whenever I open a new window, such as my student centre, moodle or my email I have to re enter my user name and password, its annoying to do this, but important for security reasons. I'd rather spend a minute logining in than have someone else be able to access my information if i did not log off the system properly. I have noticed on the ubgateway webpage that any security alerts are posted there, I think this is a good way to inform students of any risks.
On the UB website it states that "unfortunately there are no "Silver Bullets" when it comes to computer security. However, ICT Security has implemented a number of strategies to protect our data, services and systems. These measures include:
state of the art firewalls (software and hardware)
virus & spyware protection
anti-spam software
multi tiered password protection
secure login via Access@UB
secure data storage
security alerts
educating UB students and staff
access to free anit-virus software(Sophos)
Here's something to think about next time you're at a train station: how secure is their network?
If an ordinary citizen can hack their network with a mobile phone then their network is not very secure at all, its scary to think what someone is able to do with just a mobile phone!
This week has been very interesting, there are so many threats to our personal information out there, that it is crucial to take the nessecary steps to prevent sensitive information getting into the wrong hands. I found finding an article I liked difficult, there were so many to choose from... I guess a lot of organizations did not have good security systems in place... maybe they should have worked on a better SecSDLC. I found it interesting when reading the notes this week that 79% of organizations had had cyber security breaches in the past 12 months and 45% had financial losses of $141 million
No comments:
Post a Comment