the educause security professionals experience [ppt]

28
The EDUCAUSE Security The EDUCAUSE Security Professionals Experience Professionals Experience Brian Moeller, CISSP Brian Moeller, CISSP The Ohio State University The Ohio State University

Upload: videoguy

Post on 01-Jul-2015

461 views

Category:

Documents


3 download

TRANSCRIPT

Page 1: The EDUCAUSE Security Professionals Experience [ppt]

The EDUCAUSE Security The EDUCAUSE Security Professionals ExperienceProfessionals Experience

Brian Moeller, CISSPBrian Moeller, CISSP

The Ohio State UniversityThe Ohio State University

Page 2: The EDUCAUSE Security Professionals Experience [ppt]

Pre-ConferencePre-Conference

Exercise in Ethical HackingExercise in Ethical Hacking

QuickTimeª and aTIFF (Uncompressed) decompressor

are needed to see this picture.

Page 3: The EDUCAUSE Security Professionals Experience [ppt]

The KeynoteThe Keynote

Dan Larkin, FBIDan Larkin, FBI http://www.ic3.govhttp://www.ic3.gov

Page 4: The EDUCAUSE Security Professionals Experience [ppt]

The Botherd is coming!The Botherd is coming!

Overview of how a Help Desk Operation Overview of how a Help Desk Operation dealt with an infestation of Bots.dealt with an infestation of Bots.

Complete title: Complete title:

The Botherd is Coming! How Education and The Botherd is Coming! How Education and Technology Can Stop The StampedeTechnology Can Stop The Stampede

Page 5: The EDUCAUSE Security Professionals Experience [ppt]

Defining the Security DomainDefining the Security Domain

Nothing good to say about this oneNothing good to say about this one

Page 6: The EDUCAUSE Security Professionals Experience [ppt]

PKI at UW-MadisonPKI at UW-Madison

Vendor/Institution Team EffortVendor/Institution Team Effort Presentation covered decisions, costs, Presentation covered decisions, costs,

timeframestimeframes Vendor handled himself with classVendor handled himself with class

Page 7: The EDUCAUSE Security Professionals Experience [ppt]

Detection and Investigation of Detection and Investigation of Compromised Hosts on CampusCompromised Hosts on Campus

An affirmation…An affirmation…

Page 8: The EDUCAUSE Security Professionals Experience [ppt]

Information Sharing the Information Sharing the MOREnet WayMOREnet Way

MOREnet is similar to OARnet (but MOREnet is similar to OARnet (but smaller)smaller)

Page 9: The EDUCAUSE Security Professionals Experience [ppt]
Page 10: The EDUCAUSE Security Professionals Experience [ppt]

Information sharing the MOREnet Information sharing the MOREnet way: How not to keep secretsway: How not to keep secrets

Randy RawRandy RawBeth YoungBeth Young

MOREnet Security MOREnet Security [email protected]@more.net

Page 11: The EDUCAUSE Security Professionals Experience [ppt]

Objectives:Objectives:

IntroductionsIntroductions What is MOREnetWhat is MOREnet Communication optionsCommunication options ConferencesConferences Expanding the security communityExpanding the security community

Page 12: The EDUCAUSE Security Professionals Experience [ppt]

IntroductionsIntroductions

Randy RawRandy Raw– CISSP - August 2005CISSP - August 2005– 1.5 years with MOREnet1.5 years with MOREnet– Former Director of Technology Services at Linn State Technical Former Director of Technology Services at Linn State Technical

CollegeCollege– Former Technology Coordinator for the Osage County R-II Former Technology Coordinator for the Osage County R-II

schoolsschoolsBeth YoungBeth Young

– CISSP - July 2003CISSP - July 2003– 5 years with MOREnet5 years with MOREnet– Former Network Analyst - University of Missouri ColumbiaFormer Network Analyst - University of Missouri Columbia

Page 13: The EDUCAUSE Security Professionals Experience [ppt]

What is MOREnetWhat is MOREnet

The Missouri Research and Education Network The Missouri Research and Education Network (MOREnet)(MOREnet) provides Internet connectivity, provides Internet connectivity, access to Internet2, technical support, access to Internet2, technical support, videoconferencing services and training to videoconferencing services and training to Missouri's K-12 schools, colleges and universities, Missouri's K-12 schools, colleges and universities, public libraries, health care, state government and public libraries, health care, state government and other affiliated organizations. other affiliated organizations.

Page 14: The EDUCAUSE Security Professionals Experience [ppt]

What does the Security office What does the Security office do?do?

Assist with incident responseAssist with incident response Liaison with law enforcementLiaison with law enforcement Gather information for disseminationGather information for dissemination Knowledge transferKnowledge transfer

Page 15: The EDUCAUSE Security Professionals Experience [ppt]

The “Old Days”The “Old Days”

We were the bad guys. Nobody talked to us We were the bad guys. Nobody talked to us because they were afraid we would use it because they were afraid we would use it against them.against them.

We were a “ticket numbers” group.We were a “ticket numbers” group.

Policy issues kept us from being proactive Policy issues kept us from being proactive and helpful and helpful

Page 16: The EDUCAUSE Security Professionals Experience [ppt]

What have we done to change?What have we done to change?

Change how we do what we doChange how we do what we do Communicate regularly to our members, not just when Communicate regularly to our members, not just when

they have a problemthey have a problem Provide opportunities for members to learn and help Provide opportunities for members to learn and help

them secure their networks, not just be their Internet them secure their networks, not just be their Internet policepolice

Establish goals to reduce ticket counts, especially Establish goals to reduce ticket counts, especially nuisance ticketsnuisance tickets

Create and communicate Security roadmapCreate and communicate Security roadmap

Page 17: The EDUCAUSE Security Professionals Experience [ppt]

The “kinder and gentler” security -The “kinder and gentler” security -changing what we dochanging what we do

Good Net Neighbor configurationGood Net Neighbor configuration– Phase I – Microsoft NetBIOS portPhase I – Microsoft NetBIOS port– Phase II – Outbound Port 25 spam blockPhase II – Outbound Port 25 spam block

Self-scanning tool to self-evaluate hostsSelf-scanning tool to self-evaluate hosts Blackhole DNS ServerBlackhole DNS Server MOREnet network status indicatorMOREnet network status indicator Town hall meetings to discover their needs and Town hall meetings to discover their needs and

issuesissues

Page 18: The EDUCAUSE Security Professionals Experience [ppt]

Using our lists for proactive Using our lists for proactive communicationcommunication

Security-l, MERC-security and State-security lists Security-l, MERC-security and State-security lists – One-way push for critical announcementsOne-way push for critical announcements

» Bot network C&C Bot network C&C » Virus alertsVirus alerts» Vulnerability announcementsVulnerability announcements

– Two-way discussions for any topic members chooseTwo-way discussions for any topic members choose– Communication of important training opportunitiesCommunication of important training opportunities

Page 19: The EDUCAUSE Security Professionals Experience [ppt]

Monthly Web Seminars - Monthly Web Seminars - communicatecommunicate

Phishing SchemesPhishing Schemes Bot networksBot networks Spyware/malwareSpyware/malware NmapNmap EtherealEthereal Securing HP printersSecuring HP printers SecCheck and Active PortsSecCheck and Active Ports Subpoena handlingSubpoena handling

Page 20: The EDUCAUSE Security Professionals Experience [ppt]

Annual Security Symposium - Annual Security Symposium - educationeducation

Mostly member presentationsMostly member presentations Advanced Technical topicsAdvanced Technical topics K-12, Higher Education, Library and State K-12, Higher Education, Library and State

Government attendees and presentersGovernment attendees and presenters Attorney General’s Office keynote on Attorney General’s Office keynote on

dealing with law enforcementdealing with law enforcement

Page 21: The EDUCAUSE Security Professionals Experience [ppt]

Advanced Security Training - Advanced Security Training - educationeducation

Contracted with SANS and providing Contracted with SANS and providing SANS Forensics course at steep discount SANS Forensics course at steep discount for MOREnet membersfor MOREnet members

CISSP training for members using video CISSP training for members using video conferencing technologyconferencing technology

Page 22: The EDUCAUSE Security Professionals Experience [ppt]

Conferences – Conferences – education/communicationeducation/communication

Security policy generationSecurity policy generation Security Awareness emphasisSecurity Awareness emphasis Hands-on training sessionsHands-on training sessions Hacking competitionsHacking competitions Ethical hacking trainingEthical hacking training

Page 23: The EDUCAUSE Security Professionals Experience [ppt]

Other methods of communications Other methods of communications and sharing of informationand sharing of information

Daily Security Newslinks on websiteDaily Security Newslinks on website Security offerings accessible through Security offerings accessible through

MyMOREnet loginMyMOREnet login– RADAR (MRTG) statisticsRADAR (MRTG) statistics– NetFlow statisticsNetFlow statistics– Ticket submissionTicket submission– Research requestsResearch requests

Page 24: The EDUCAUSE Security Professionals Experience [ppt]

Fee-based ServicesFee-based Services

E-mail Virus and Spam Filtering (EVSF)E-mail Virus and Spam Filtering (EVSF) Remote Vulnerability AssessmentRemote Vulnerability Assessment

Page 25: The EDUCAUSE Security Professionals Experience [ppt]

Expanding to the security Expanding to the security communitycommunity

Security community meetingsSecurity community meetings Security community e-mail list for Security community e-mail list for

announcements and discussionannouncements and discussion Infragard involvementInfragard involvement State Information Technology Advisory State Information Technology Advisory

Board (ITAB) involvementBoard (ITAB) involvement

Page 26: The EDUCAUSE Security Professionals Experience [ppt]

On-going activitiesOn-going activities

Participate in annual Security Awareness Participate in annual Security Awareness MonthMonth

Annual advanced topic for trainingAnnual advanced topic for training Nationally known Security Symposium Nationally known Security Symposium

keynote speakerkeynote speaker Expand the security community reach Expand the security community reach

beyond Columbiabeyond Columbia

Page 27: The EDUCAUSE Security Professionals Experience [ppt]

Is there anything left to do?Is there anything left to do?

BloggingBlogging DarknetDarknet DShield log analysis serverDShield log analysis server On-site Remote Vulnerability AssessmentOn-site Remote Vulnerability Assessment In-depth firewall assessmentIn-depth firewall assessment SMTP self-testing toolSMTP self-testing tool Managed firewallManaged firewall Managed security applianceManaged security appliance

Page 28: The EDUCAUSE Security Professionals Experience [ppt]

For more informationFor more information

Randy RawRandy Raw– [email protected]@more.net– 573.882.0749573.882.0749

Beth YoungBeth Young– [email protected]@more.net– 573.884.7200573.884.7200