who’s in your pc? keeping the bad guys out. your attention please…
TRANSCRIPT
Who’s in your PC?
Keeping The Bad Guys Out
YOUR ATTENTION PLEASE…
Digitally Mastered Clip
Media CitationsFor This Presentation:
Movie Clips:
Bourne Ultimatum(Universal Pictures)
Internal INL Animation Team:John Mulligan (Conceptual)Jonathan Homer (Conceptual)Jason Miller (Visual)Carl Fennen (Audio)
Bourne Intro
Cops and Robbers
• A Child’s Game
• A Multi-Trillion Dollar Industry
Challenge #1Using a laser pointer:
- Shoot only Jason Bourne and Nicky Parsons
- Don’t Shoot Desh Bouksani or innocent bystanders
How Did We Do?
• Did we get the bad guys?
• Did we keep the good guys alive?
• Could we do better with practice?
Challenge #2
Using a laser pointer:
- Eliminate the bomb before it explodes
- You have only a single shot
How Did We Do?
• Did you get the bomb?
• Why was this harder?
• What does this represent in the real world?
Challenge #3
Using a laser pointer:
- Identify each of the selected individuals as they appear on the screen.
- Do not incorrectly identify any innocent bystanders
How Did We Do?
• Did you get all the identified people?
• Why not?
• Would more guns have helped?
• Group: What would make this scenario plausible?
Today’s Cops and Robbers
• 6,000 employees + 100’s of visitors walk past security guard posts every day
• 30,000 pieces of mail enter or exit the INL on the average day. That’s more mail than the average person receives in 1 lifetime.
• Hundreds of Thousands of emails arrive at the INL daily.
• Terabytes of Data enter/exit the INL every day.
3 Primary Ways a Computer Is Compromised
1. Direct Attack
3 Primary Ways a Computer Is Compromised
1. Direct “Firewall” Attack2. Social Engineering
3 Primary Ways a Computer Is Compromised
1. Direct “Firewall” Attack2. Social Engineering3. Innocent Host
The Problem If they were breaking into a house…
INL Solution
Firewall Attack Massive Data Quantity / Automated Processes
Sledgehammer to lock
$$$ in Cyber Security
Social Engineering
Fast talking intruder / innocent insider
Slick Salesman Previous communications, trainings, and reminders
Innocent Host Laziness / false sense of comfort
Watch for an unlocked door
TODAY!!!
Protecting Our Assets
• Be smart – use common sense
• Circle the wagons – be a part of the group
• Stay up to date – mitigate known issues
Being Smart
WHAT DID WE SEE? WHAT DID WE LEARN?
Being Smart Summary
• Keep passwords private
• Lock your computer when away
• Don’t use INL media in non-INL computers
• Don’t use non-INL media in INL computers
• Encrypt sensitive data
Circle The Wagons
What’s happening on your Computer
• WHAT YOU SEE: • WHAT’S HAPPENINGIN THE BACKGROUND:
INL AVERAGES:– 33 Processes (Background
Programs)– 55 Services (Drivers and
Controllers)– 16 Connections across the
Network– Has access to dozens of
servers and enterprise systems
STANDARD PROCESSES:DPB2CP.EXEwuauclt.exemsiexec.exePccNTMon.exeNTRtScan.exeexplorer.exercgui.exeTtskmgr.exewmiprvse.exeOfcPfwSvc.exepds.exeLocalSch.EXEresidentAgent.exeMsPSMPSv.exeTmListen.exespoolsv.exeSoftMon.exesvchost.exentmulti.exeldalert.exesvchost.exesvchost.exesvchost.exelsass.exeservices.exeWinlogon.execollector.execsrss.exePDVDDXSrv.execftmon.exesmss.exeSDClientMonitor.exeMDM.exevulscan.exetcpsvcs.exeissuser.exeTmcsvc.exeSystem
Standard INL Configuration
WINDOWS XP
Internet Explorer
MicrosoftO
ffice
LanDeskManaged
Trend Micro AntiVirus
LotusNotes
Introducing HRF
• HARDWARE REGISTRATION FORM
• Update to 565.06 (Unclassified Computer Security Form)
• Similar format to AAR (annual asset review)• Updated semi-annually• Gives comprehensive visual into working
environment
HRF – Accessing The Form
HRF – Property and Hostname
HRF – Security
HRF – Updating 565.06
HRF – Summary(understanding your system)
Questions About HRF…
Introducing LDBlue
• LANDESK GATEWAY
• Increasing toolset of existing LanDesk Suite• Remote Patching and Updates• Permits Remote Assistance
from OpsCenter
LDBlue
Questions About LDBlue…
Resources Available
• Website:http://myPC.inl.gov https://ldblue.inl.gov (Available External) http://opscenter.inl.govhttp://virus.inl.gov
• Email:[email protected]
• Phone:OpsCenter: 6-1000
SUCCESS!!!
IT Communications
NLIT 2009
THE RESULT
• Deemed a huge success
• Recognized by INL
management
• Traveled to Washington
D.C. by request
• Has become a benchmark
when discussing INL
communications
“Water Cooler” – The Capstone• “The [environmental risk] numbers are impressive and can be
staggering…I think the presentation [should] be a model for other user-training presentations we (IT) develop.”– Homeland Security Researcher, 25+ year INL Veteran
• “I just begrudgingly attended the last available "Who's in Your PC?" training. It wasn't mandatory, I'm busy with year-end deliverables, and I assumed it would be boring. Boy was I wrong….This was perhaps the best executed training I’ve seen at the Lab ever. It was content-rich and fast-paced, used current relevant visuals, had audience participation, and distributed useful handouts. Please take good care of these guys. We need this kind of talent and enthusiasm at the INL.”– Project Manager for Energy and Environment Organization
PRESENTATION ATTENDENCE
Momentum!
LESSONS LEARNEDKey Tricks and Trips
Put Yourself In Their Shoes
• Stigma: “Black Text, White Background, Never Ends”
• What do they really need to know?
• How does it apply to them personally?
• The details should be in the support
materials
• Know your audience before you arrive
Interactivity
• 10 minutes of Q&A does not qualify as interactive
• No more than 6 minutes of one person/style
• Get them standing, moving, doing
• Be one of them or have one of them be you (or both)
Make it memorable
• Whenever possible, create a storyline
– Characters
– Setting
– Plot
– Audience plays a role
• Overuse analogies and comparisons, limit statistics
• Laughter leads to learning
Momentum
• Spend the effort in pre-start promotions
– tease but don’t tip your hand
• Give yourself time at the project beginning to build up speed
• Once rolling – move fast
• Recognize the law of diminishing returns and their social impact
QUESTIONS AND DISCUSSION
