Archive for the ‘Security’ Category

Cyber Ethics

Monday, September 28th, 2009

Rich Reeder, Stony Brook University’s Chief Information Officer (CIO) passed this along to us from the Multi-State Information Sharing and Analysis Center (MS-ISAC), a collaborative state and local government-focused cyber security entity that is significantly enhancing cyber threat prevention, protection, response and recovery throughout the United States. The organization distributes a monthly cyber security newsletter and we try to publish their advice either here on our blog or as a tip on the Division of Information Technology Web site.

The topic this month is cyber ethics, not a bad thing to contemplate from time to time.

What is Cyber Ethics?
Cyber ethics refers to the code of responsible behavior on the Internet. Just as we are taught to act responsibly in everyday life, with lessons such as "Don’t take what doesn’t belong to you," and "Do not harm others," — we must act responsibly in the cyber world as well.

What Are Responsible Behaviors on the Internet?
Responsible behavior on the Internet in many ways aligns with acceptable behavior in everyday life, but the consequences can be significantly different. For example, verbal gossiping is generally limited to the immediate audience (those within earshot) and may well be forgotten the next day. However, gossiping on the Internet can reach a far wider audience. The "words" are not forgotten the next day, but may live on the Internet for days, months or years and cause tremendous harm.

Some people try to hide behind a false sense of anonymity on the Internet, believing that it does not matter if they behave badly online because no one knows who they are or how to identify them. That is not always true. Computers, browsers, and Internet service providers may keep logs of their activities which can be used to identify illegal or inappropriate behavior.

The basic rule is do not do something in cyber space that you would consider wrong or illegal in everyday life.

When determining responsible behaviors, consider the following:

  • Do not use rude or offensive language.
  • Don’t be a bully on the Internet. Do not call people names, lie about them, send embarrassing pictures of them, or do anything else to try to hurt them.
  • Do not copy information from the Internet and claim it as yours. That is called plagiarism.
  • Adhere to copyright restrictions when downloading material including software, games, movies, or music from the Internet.
  • Do not break into someone else’s computer.
  • Do not use someone else’s password.
  • Do not attempt to infect or in any way try to make someone else’s computer unusable.

We were taught the rules of "right and wrong" growing up. We just need to apply the same rules to cyber space!

For more information on cyber ethics, visit the following Web sites:

U.S. Department of Justice:
www.usdoj.gov/criminal/cybercrime/cyberethics.htm

MS-ISAC:
www.msisac.org/awareness/news/2007-01.cfm

Symantec:
www.symantec.com/norton/library/familyresource/article.jsp?aid=pr_cyberethics

Cyber-Ethics Champions Code:
www.playitcybersafe.com/resources/EthicsCode.pdf

StaySafeOnLine:
www.staysafeonline.info/content/cyber-ethics-materials

Posted in Passwords, Security, Tips | No Comments »

What’s Up?

Friday, June 19th, 2009

by Charlie Bowman, Director of Client Support

Do you think someone is connecting to your PC?   Are you paranoid?  In today’s Internet environment, it may pay to be somewhat suspicious.  I wrote a small batch program that I have on my desktop that I execute from time to time.  Whenever I get the feeling that someone is looking over my shoulder, I double click the "What’s Up?" icon on my desktop.  A batch program is run that opens Notepad with the information below.  It shows me the status and addresses of all connections to or from my machine, what the process is doing, and whether or not it is listening for a connection.

Here is the little batch program:

netstat -ano > c:\netstat.txt
tasklist /svc >>c:\netstat.txt
notepad.exe c:\netstat.txt

Copy and paste this into notepad and store it on your desktop with file name whatsup.bat  when you double click on it Windows runs two commands, and puts its output into Notepad and then opens Notepad so you can check what (or who) may be connecting to your machine.

The first part of the screen shot below shows the active connections that have been established between my machine (129.49.223.2xx) and other addresses.  Note that all the established connections are with addresses on the .2 and .23 network.  Since these subnet numbers are in the computing center I know that these are probably valid connections to known University servers.  The last column labeled PID shows the process id of the code that is making the connection.  Most of the established connections are by a process id number 3680.  The second page is a listing of all process ids and the actual program associated with that PID.  Note that the program associated with 3680 is nlnotes.exe.   This is the Lotus Notes client.  So these connections are all known and valid.

When you find connections to addresses off of the SB network or to some subnet number that is not known to have a valid server, then you may have a virus or Trojan.

Active Connections

Prot Local Address         Foreign Address     State        PID
TCP 0.0.0.0:135            0.0.0.0:0           LISTENING    1056
TCP 0.0.0.0:445            0.0.0.0:0           LISTENING    4
TCP 0.0.0.0:2701           0.0.0.0:0           LISTENING    1260
TCP 0.0.0.0:2702           0.0.0.0:0           LISTENING    1260
TCP 0.0.0.0:2967           0.0.0.0:0           LISTENING    1124
TCP 0.0.0.0:3389           0.0.0.0:0           LISTENING    988
TCP 127.0.0.1:1046         0.0.0.0:0           LISTENING    1788
TCP 127.0.0.1:1103         0.0.0.0:0           LISTENING    2828
TCP 129.49.223.2xx:139     0.0.0.0:0           LISTENING    4
TCP 129.49.223.2xx:1063    129.49.23.117:445   ESTABLISHED  4
TCP 129.49.223.2xx:1139    129.49.2.137:1352   ESTABLISHED  3680
TCP 129.49.223.2xx:1140    129.49.2.137:1533   ESTABLISHED  3680
TCP 129.49.223.2xx:1141    129.49.2.178:1352   ESTABLISHED  3680
TCP 129.49.223.2xx:1146    129.49.2.70:1352    ESTABLISHED  3680
TCP 129.49.223.2xx:1265    129.49.2.15:80      CLOSE_WAIT   856
TCP 129.49.223.2xx:1266    129.49.2.15:80      CLOSE_WAIT   856
TCP    129.49.223.232:1267 129.49.2.178:1352TIME_WAIT         0
UDP    0.0.0.0:445            *:*                             4
UDP    0.0.0.0:500            *:*                           812
UDP    0.0.0.0:1025           *:*                          1200
UDP    0.0.0.0:1026           *:*                          1200
UDP    0.0.0.0:4500           *:*                           812
UDP    127.0.0.1:123          *:*                          1152
UDP    127.0.0.1:1027         *:*                           812
UDP    127.0.0.1:1042         *:*                           756
UDP    127.0.0.1:1078         *:*                          1296
UDP    127.0.0.1:1229         *:*                           856
UDP    127.0.0.1:1900         *:* 1308
UDP    129.49.223.2xx:123     *:*                          1152
UDP    129.49.223.2xx:137     *:*                             4
UDP    129.49.223.2xx:138     *:*                             4
UDP    129.49.223.2xx:1900    *:*                          1308

Image Name                   PID Services
========================= ====== =============================================
System Idle Process            0 N/A
System                         4 N/A
smss.exe                     684 N/A
csrss.exe                    732 N/A
winlogon.exe                 756 N/A
services.exe                 800 Eventlog, PlugPlay
lsass.exe                    812 Netlogon, PolicyAgent, ProtectedStorage,
SamSs
svchost.exe                  988 DcomLaunch, TermService
svchost.exe                 1056 RpcSs
svchost.exe                 1152 AudioSrv, CryptSvc, Dhcp, dmserver,
EventSystem, helpsvc, lanmanserver,
LanmanWorkstation, Netman, Nla, RasMan,
Schedule, seclogon, SENS, SharedAccess,
ShellHWDetection, srservice, TapiSrv,
Themes, TrkWks, w32time, winmgmt, wuauserv
svchost.exe                 1200 Dnscache
svchost.exe                 1308 LmHosts, RemoteRegistry, SSDPSRV
ccSetMgr.exe                1336 ccSetMgr
ccEvtMgr.exe                1392 ccEvtMgr
spoolsv.exe                 1560 Spooler
ASFAgent.exe                 208 ASFAgent
DefWatch.exe                 252 DefWatch
mdm.exe                      448 MDM
ntmulti.exe                  476 Multi-user Cleanup Service
retrorun.exe                 592 RetroLauncher
SavRoam.exe                  668 SavRoam
Rtvscan.exe                 1124 Symantec AntiVirus
Wuser32.exe                 1260 Wuser32
CcmExec.exe                 1296 CcmExec
alg.exe                     1788 ALG
wmiprvse.exe                 356 N/A
wmiprvse.exe                3032 N/A
explorer.exe                3184 N/A
DSentry.exe                 2444 N/A
MXOALDR.EXE                 2328 N/A
OneTouch.exe                2468 N/A
WinPatrol.exe               1680 N/A
Directcd.exe                2656 N/A
jusched.exe                 2796 N/A
ccApp.exe                   2828 N/A
VPTray.exe                  2836 N/A
ctfmon.exe                  2852 N/A
Printkey2000.exe            2876 N/A
nlnotes.exe                 3680 N/A
ntaskldr.exe                2360 N/A
iexplore.exe                 856 N/A
cmd.exe                     1844 N/A
TASKLIST.EXE                 564 N/A
wmiprvse.exe                3784 N/A

For a complete explanation of netstat see:

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/netstat.mspx?mfr=true

Tags: ,
Posted in Security | 1 Comment »

KeePass

Thursday, June 11th, 2009

by David Ecker, Manager of Client Support

We seem to have Internet passwords for every Web site we visit from reading online news to conducting online banking. I originally tried to keep all my passwords the same, but then restrictions were placed on how long a password could be and the types of characters allowed. At work I was keeping track of all my Stony Brook passwords on a piece of paper (I have since learned this is NOT a good idea).

I went on vacation for a week and when I returned, I couldn’t remember the password for my computer. There were so many passwords running through my head. Was it the name of the dog, my mother’s maiden name, or my favorite song? I called Stony Brook’s Computer Accounts office and they reset my password, but I knew I had to change. I spent the next few evenings after my family went to bed searching the Internet for a solution.

I found an open source program called KeePass that is designed exactly for the problem I was encountering. I was excited, but skeptical since I needed more options:

  1. It had to be portable, so I could carry it with me.
  2. It had to have encryption on the password file, so I could feel comfortable putting passwords into it.

I checked it out and, yes, it does both of these things. I have been using KeePass for almost a year and it has been a lifesaver. I no longer have to remember my passwords. I can just look them up in a file. It even has this neat little feature where you can copy and paste your password into a Web browser.

If passwords are driving you crazy, make a turn for the better and try KeePass.

Posted in Passwords, Security | No Comments »

Beware of Walking Laptops

Wednesday, June 20th, 2007

Stony Brook University is beautiful in the summertime. Soft breezes rustle the leaves of the trees near Roth Quad. Sunshine warms the faces of students reading texts on benches outside the Melville Library. The scent of rose, lily and honeysuckle permeates colorful garden landscapes surrounding the Union.

There are fewer individuals milling about the grounds. Students are off doing summer internships or working summer jobs. Faculty travels abroad to conduct research. Staff members engage in professional development by traveling to other cities to attend conferences and workshops. Fewer eyes are on the lookout.

You don’t often hear about crime at Stony Brook. It’s a relatively safe campus year round, but it feels especially safe and secure during the summer months. It is natural to let your guard down in this easy-going, airy environment.

Thieves are counting on you to do just that.

Client Support has been made aware of several laptop thefts on campus in recent weeks.

So, as a reminder:

  • Do not leave your laptop unattended, especially in public spaces like the library or Student Activities Center.
  • Make sure you lock the doors to your room or office if you need to step away from your machine.
  • Try not to leave your laptop out in the open. Keep it out of sight, in a drawer or a cabinet.
  • Think about buying a lock for your laptop. Seawolves MarketPlace sells several in the range of $25 - $42.
  • Be careful about leaving important data on the computer. It is always a good idea to back up your data in other places anyway, but in this case, you do not want sensitive information getting in the hands of the wrong person.
  • If you see something, say something. Call Stony Brook University Police (631) 632-3333 to report a stolen laptop. You can dial 911 from any campus phone.

Posted in Laptops, Security | 30 Comments »