stanford it security program
DESCRIPTION
Stanford IT Security Program. Re-aligning IT security to a modern threat environment. University IT Security. Firewalls VPN for off campus access Kerberos Encryption required for sensitive data Central AV/patching services Controlled access to data centers - PowerPoint PPT PresentationTRANSCRIPT
Stanford IT Security Program
Re-aligning IT security to a modern threat environment
University IT Security
• Firewalls• VPN for off campus access• Kerberos• Encryption required for sensitive data• Central AV/patching services• Controlled access to data centers
• But few central mandates and low visibility
“The Steve Riley Slide”
Malicious Hacker Criminal Spy
Our Wake-Up Call,A Visit From Uninvited Guests
PhishingVulnerable servicesPoor credential hygienePass-the-Hash
Security Event Manager
Data stored everywhere
Consolidated
Phishing → Multifactor
• Existing multifactor system
• Moving to Duo to cover more devices/scenarios
Reducing Vulnerable Services / Machines (Part 1)
• Eradication of Windows XP • Prioritized retirements of Windows Server 2003 R2• Expansion of existing Whole-Disk encryption project
Pass The Hash – One Scenario
Important ServerHelpful Help Desk
Unsuspecting User
My Computer is acting funny
Let me log in remotely and
see what’s wrong.
New credentials detected, where can I get to now?
Oh, Dear!
Pass The Hash – Another ScenarioDevelopment Server Production Server Domain Controller
Authentication Silos
Personal Bastion Hosts
• No inbound communications allowed / Limited outbound• Very strict application whitelisting rules• No DMA-based external interfaces• Whole disk encryption (TPM + PIN/Password)• Trusted vendor
Mobile Device Management
Reducing Vulnerable Services / Machines (Part 2)
• EMET (4.0 -> 5.0)• Application Whitelisting• Qualys• Compliance Registry• Network Access Control
You must be THIS tall to connect!
Miscellaneous Projects
• Replacement of SPAM/AV filtering for inbound email• Replacement of DLP system for outbound email• Replacement of the campus emergency alert
system
Physical Security
• Dramatic decrease in number of cards allowed to access to Data Centers• Replacement/Expansion
of camera system.
Future projects in the program• Systems Administrator Training Standards• Systems Administration Practices• Centralized HIDS• Smartcard Implementation
Questions