Keywords: security, malware, virus, network attacks, physical security, vulnerability

Abstract - This paper describes the most common vulnerabilities on organizational computer system that often most users never thought about.  These vulnerabilities can take place both in the commercial environment as well as in the home use.   They can be used as an attack surface to hackers and thieves.  There are two easiest ways that could allow an intruder to compromise workstation and servers are through the use of their services and/or physically attack the hardware equipments.  In fact, the main focus on this topic is the recent security experimentation at work and how overcome the obstacle of the attack.

 

I.  The Easiest Attack Surface

        There are many studies have been done on the issues such as network exploitations, hackings, spywares, viruses, ID thefts, worms, Trojans, and physical network security.  According to Kaspersky.com, in December 2008, there had been 38,190 of different malicious (spywares, viruses, and Trojans).  45% are viruses, 45% are Trojans, and 10% are malicious wares [2]. 

       In the work environment, to power on the workstation without thinking what are the things going on behind the pictures of computer’s desktop.  I later have Outlook open and start to do my day-to-day email tasks.  Workstation’s security normally doesn’t come to mind; especially I’m in the Networking field.  My day-to-day main tasks are to fix big network issues, deploy and manage projects to meet IT department’s objectives.  I relied on our Cisco networking and security devices to protect against information security threats. 

       Sometimes I have to travel on business’ needs, which I normally carry a laptop that synced up to all of my files, emails, and settings.  My usual expectation is that this laptop will allow me to do the work that I would normally do on my desktop.  It has Symantec Endpoint Protection system installed to prevent viruses, spywares, Trojan, and network tampering just as my workstation.  It has “Auto Protect” turned on with the capability of Network Proactive Detection and Tampering Prevention.  When an unusual packets arrived or when it detects so, it will drop that specific connection and alerts me.  Another security mechanism is in order to use my laptop; I will have to authenticate myself by providing a valid username and password.  The probability of having someone to steal my laptop, or authorize using is so low that I don’t consider that even a possibility.  If it is ever stolen, nothing can get out because the entire hard drive is encrypted with 128 bits of Advance Encryption System (AES).

There are many computer services that are running in conjunction to the Windows Operation System services utilize somewhere in the 65,535 ports.  Some of these are essential to the operations of both Windows and third party software.  However, unless you have spent a great amount to research on each and every service running inside of Windows otherwise you wouldn’t know.  A few examples of the services running both on XP, Vista and Windows 2003 servers are:  MSTSC (Microsoft Terminal Service), Computer Browser (allow to browse other computers), Server (allows to share files), Network Location Awareness, Live Update, and Net Logon [3].

 

II. Security Issues at Work

From my work experience, one morning, I noticed my workstation was running a lot slower compared to a few days ago.  I looked at my workstation’s system performance and noticed that it had used up on average more than 70% of CPU and 80% of memory resources.  I immediately suspected something was running in the background that consuming a huge amount of system resources.  I looked up the Event Logs and saw many application errors and failure audits in the firewall logs.  I checked the Symantec Endpoint Protection and it was out of date more than a month ago. I looked up the MSCONFIG startup, there were many weird automatic startup programs and services which will run after the Windows operating system finished loading.  I immediately disconnected my workstation from the network, migrated all the files to an external hard drive and wiped the whole workstation with the new Windows XP on it.  The cost for this was I lost nearly a day of work.  I learned one of the most important lessons:  I should at least check my workstation running services once a month.  I can’t really trust the free wares, and open sources.  In the proactive to this problem, I learned to copy my system registries and perform full system backup once awhile.  If my workstation runs abnormally, I can just restore the registries to undo the changes or I can just restore the entire system to minimize the downtime.   Also, turn off any unused services to prevent holes in the computer and this will minimize the risks of exposures.

III. Security Solution

         In order to overcome with the recent attacks, a research was conducted.  According to WindowsSecurity.com, secure baseline is the suite security settings that are created to meet each the organization, department or different entity’s requirements [3].  For instance, in the organization I am working for right now, we have security baseline just about for all workstation and server applications, services and network security.  However, according to this article, many other organizations create their own security baseline based on:  account policies, user rights, event log settings, restricted groups, system services, file permissions, and registry permissions. These entire security baselines can be established using Microsoft Windows Active Directory policies.  In the organization I am working with now we only apply some of these security baselines.  They are set using templates so we don’t have to change on every single item when there is a change needs to be made.  Our security baselines are:

1. Microsoft Exchange (Email server)
   1. Maximum attachment to send: 10MB
   2. Maximum attachment to receive: 10MB
   3. All emails to be scanned for any possible threats such as viruses, spam, spywares or Trojan horses before coming into our internal network.
   4. Everyone’s mailboxes capacity no bigger than 1 GB
   5. SSL is used when access emails from the outside
   6. All mails are fully backed up once a week
   7. Mail servers are scanned nightly for threats
   8. Microsoft updates are verified before patched
   9. Antivirus definitions are pushed nightly
   10. Network Security
       1. All network traffics are scanned using Cisco SSM for possible security threats
       2. All wireless access points are located on a different network segment and all using 128bit AES encryption
       3. All MAC addresses are verified before they put on the network
       4. User rights
          1. Resources are managed based on different groups/ departments
          2. Users’ access privileges are based on their job based role
          3. Account Policies
             1. All users’ passwords expired every 90 days
             2. Passwords must be longer than 8 characters with the use at least one special character
             3. Passwords can’t be words contain in dictionary
             4. Users can only access computers which they are assigned to (except for IT administrators)
             5. Users can only logon their machines from 6 AM to 10 PM

      The ways to implement these security baselines are through the use of the two most popular mechanisms:  Cisco policies and Microsoft group policy templates.

Cisco policies:  There are templates inside of the Cisco firewalls or ASA that allow a network administrator to set single or group policies that can be used to examine all the incoming or outgoing traffic.  For instance, the web filter template can be used to filter and record URL (Universal Resource Locator) for all the incoming or outgoing port 80 (HTTP).  In fact, most of the ASA these days have the capabilities to scan all traffic for threat detection and they will block traffic automatically.  Another way of controlling network security is to create a universal template from scratch to fit an organization’s needs.  It can be set to map different ports, traffic, protocols and MAC addresses.

        Microsoft group policy templates:  Group Policy Organization (GPO) – This feature allows network administrator to set rules, permissions using templates.  These templates can be used in multiple servers or groups.  For example, Microsoft Management Console (MMC) can be used to establish many of these settings.  An administrator can perform all these tasks by using graphical interfaces on the Windows Domain Controller (DC) through the use of Active Directory (AD).

In conclusion, security baseline is the suite of security settings that are created to meet each the organization, department or different entity’s requirements.  They are just like templates that allow quickly and convenience ways to deploy security settings in the network.  Any users, computers, network servers can have the same security settings throughout the organization.

 

IV. Physical Security

       Physical security comes in many parts.  Some people think of having multiple backups, lock their computers, lock the room and use surveillance cameras to monitor, or hide the access to their computers as much as possible are safe.  In the best practice, physical security is the combination all the above [1].  I learned it the hard way.  I once had a friend visited me.  When he came, I was working on a few things for the company I used to work for.  I asked him to sit for a few minutes while I was going upstairs to prepare some drinks.  After I was gone for about 5-7 minutes, I suddenly remembered that I forgot to bring up a few papers.  I ran down and there he was having his USB flash drive sticking in my desktop and copying files from my old work place.  Another accidental that I experienced was my project files.  I spent many days working on this project and right before the due date, the hard drive crashed.  I lost all my work, and worse of all, I lost all my favorite Mp3, old pictures and documents. 

        Servers are the primary targets to many hackers, and organized crimes.  They contain concentrated databases and files which are like jackpots to these criminals.  However, in today network technologies and defense mechanisms are detected abnormal behaviors.  Therefore, corporate workstations are a lot easier targets because they are low profiled machines and have most of the running services just as same as the servers.  They can be used as the stepping stones for the criminals to escalate their privileges and/or to use them to attack servers or services.  Therefore, the best practice is turn off any services that I don’t use to minimize the risks.

V. Conclusion          

        In brief, physical security just as important as the workstation (client software) security because if someone has access to my machine, they can carry out criminal acts however they want.  Therefore, if I don’t use my workstation, the least I can do is to lock up the screen to prevent authorized access to my profiles.  The best way is to setup a multiple defense mechanisms such as office lock, keyboard lock, computer lock, and account lock.  Also, to be more secured a surveillance camera will be used to monitor.

References

[1] Bogue, Robert L. “Lock IT Down:  Don’t Overlook Physical Security on Your Network.”

      August 11, 2003, Tech Republic, Retrieved on March 25, 2009 from

      [http://articles.techrepublic.com.com/5100-10878_11-5054057.html]

[2] Monthly Malware Statistics:  December 2008. Retrieved March 23, 2009 from

      [http://www.kaspersky.com/news?id=207575722]

[3] Windows Security. Retrieved on April 15, 2009 from [http://www.windowsecurity.com]