Computing Security @ Carnegie Mellon University Allison MacFarlan - - PowerPoint PPT Presentation

▶

Feb 14, 2023 225 likes •344 views

Computing Security @ Carnegie Mellon University Allison MacFarlan Wiam Younes & Training and Awareness Information Security Coordinator Engineer Five Computing Security Tips Back to the Basics Patching Antivirus and

SLIDE 1

Allison MacFarlan

Information Security Engineer

Computing Security @ Carnegie Mellon University

Wiam Younes

Training and Awareness Coordinator

&

SLIDE 2

Five Computing Security Tips

SLIDE 3

Back to the Basics

Patching
Antivirus and anti-malware software
Strong passwords
Back up your data
Be aware of Theft – your computer, your

account

Read our Policies and Guidelines
Take advantage of our tools: Identity

Finder, Anti-Phishing Phil

SLIDE 4

What’s infecting the Campus now

Zeus – acquired from phish messages,

causes spamming, steals banking credentials.

Gozi – Russian mafia, sets up proxy,

connects to botnet, banking.

Torpig – identity stealer, reboots the

computer, lodges in the MBR, hidden.

SLIDE 5

Why are computers getting compromised?

Unpatched Adobe products and java.
Facebook involved 50% of the time.
Downloading exploits with P2P.
Clicking on e-mail objects.
Passing around infected USBs.

SLIDE 6

Be Afraid

CMU is a big target (reputation).
People inside are always trying out new

hacker tools on this network.

People from other countries want your

credentials to get Library/other resources.

51% of Tepper students participating in a

phish study fell for phishing attempts on day one (IDtheft study, 4/2009).

SLIDE 7

Theft

Bring your computer to the bathroom. It

will be stolen from the Library.

CMU Police

http://www.cmu.edu/police/programsandservices/crime-prevention.html

BACK YOUR DATA UP REGULARLY.

SLIDE 8

Stats

Big network: 10 GB core, via PSC/3ROX

and two Commodity Feeds.

Two public Class Bs plus a few misc.

slivers for .org and remote sites. SEI walled off.

Five kerberos realms, seven AFS cells.
Depending on the day, between 45,000

and 60,000 devices.

SLIDE 9

What ISO sees

Signatures, flows, logs.
Only the most egregious stuff, and not all
f it.
What people report to us.
We pay much more attention to

administrative systems.

SLIDE 10

What you can do

Take advantage of the antivirus/anti-

malware software on Computing Services’s site

http://www.cmu.edu/computing/software/all/index.html

Act like you’re going to graduate school at

a Hacker conference.

SLIDE 11

Computing Security @ Carnegie Mellon University Allison MacFarlan - - PowerPoint PPT Presentation

Allison MacFarlan

Information Security Engineer

Computing Security @ Carnegie Mellon University

Wiam Younes

Training and Awareness Coordinator

&

Five Computing Security Tips

Back to the Basics

account

Finder, Anti-Phishing Phil

What’s infecting the Campus now

causes spamming, steals banking credentials.

connects to botnet, banking.

computer, lodges in the MBR, hidden.

Why are computers getting compromised?

Be Afraid

hacker tools on this network.

credentials to get Library/other resources.

phish study fell for phishing attempts on day one (IDtheft study, 4/2009).

Theft

will be stolen from the Library.

CMU Police

http://www.cmu.edu/police/programsandservices/crime-prevention.html

Stats

and two Commodity Feeds.

slivers for .org and remote sites. SEI walled off.

and 60,000 devices.

What ISO sees

administrative systems.

What you can do

malware software on Computing Services’s site

http://www.cmu.edu/computing/software/all/index.html

a Hacker conference.

Questions?

Information Security Office (ISO) iso@andrew.cmu.edu www.cmu.edu/iso 412-268-4357