the educause security professionals experience [ppt]

• 1. The EDUCAUSE Security Professionals Experience Brian Moeller, CISSP The Ohio State University

2. Pre-Conference

• Exercise in Ethical Hacking

3. The Keynote

• Dan Larkin, FBI

• http://www.ic3.gov

4. The Botherd is coming!

• Overview of how a Help Desk Operation dealt with an infestation of Bots.

• Complete title:

• The Botherd is Coming!How Education and Technology Can Stop The Stampede

5. Defining the Security Domain

• Nothing good to say about this one

6. PKI at UW-Madison

• Vendor/Institution Team Effort

• Presentation covered decisions, costs, timeframes

• Vendor handled himself with class

7. Detection and Investigation of Compromised Hosts on Campus

• An affirmation

8. Information Sharing the MOREnet Way

• MOREnet is similar to OARnet (but smaller)

9. 10. Information sharing the MOREnet way: How not to keep secrets Randy Raw Beth Young MOREnet Security1.800.509.6673 [email_address] 11. Objectives:

• Introductions

• What is MOREnet

• Communication options

• Conferences

• Expanding the security community

12. Introductions

• Randy Raw

• • CISSP - August 2005

• • 1.5 years with MOREnet

• • Former Director of Technology Services at Linn State Technical College

• • Former Technology Coordinator for the Osage County R-II schools

• Beth Young

• • CISSP - July 2003

• • 5 years with MOREnet

• • Former Network Analyst - University of Missouri Columbia

13. What is MOREnet

• The Missouri Research and Education Network (MOREnet)provides Internet connectivity, access to Internet2, technical support, videoconferencing services and training to Missouri's K-12 schools, colleges and universities, public libraries, health care, state government and other affiliated organizations.

14. What does the Security office do?

• Assist with incident response

• Liaison with law enforcement

• Gather information for dissemination

• Knowledge transfer

15. The Old Days

• We were the bad guys.Nobody talked to us because they were afraid we would use it against them.

• We were a ticket numbers group.

• Policy issues kept us from being proactive and helpful

16. What have we done to change?

• Change how we do what we do

• Communicate regularly to our members, not just when they have a problem

• Provide opportunities for members to learn and help them secure their networks, not just be their Internet police

• Establish goals to reduce ticket counts, especially nuisance tickets

• Create and communicate Security roadmap

17. The kinder and gentler security - changing what we do

• Good Net Neighbor configuration

• • Phase I Microsoft NetBIOS port

• • Phase II Outbound Port 25 spam block

• Self-scanning tool to self-evaluate hosts

• Blackhole DNS Server

• MOREnet network status indicator

• Town hall meetings to discover their needs and issues

18. Using our lists for proactive communication

• Security-l, MERC-security and State-security lists

• • One-way push for critical announcements

• • • Bot network C&C

• • • Virus alerts

• • • Vulnerability announcements

• • Two-way discussions for any topic members choose

• • Communication of important training opportunities

19. Monthly Web Seminars - communicate

• Phishing Schemes

• Bot networks

• Spyware/malware

• Nmap

• Ethereal

• Securing HP printers

• SecCheck and Active Ports

• Subpoena handling

20. Annual Security Symposium - education

• Mostly member presentations

• Advanced Technical topics

• K-12, Higher Education, Library and State Government attendees and presenters

• Attorney Generals Office keynote on dealing with law enforcement

21. Advanced Security Training - education

• Contracted with SANS and providing SANS Forensics course at steep discount for MOREnet members

• CISSP training for members using video conferencing technology

22. Conferences education/communication

• Security policy generation

• Security Awareness emphasis

• Hands-on training sessions

• Hacking competitions

• Ethical hacking training

23. Other methods of communications and sharing of information

• Daily Security Newslinks on website

• Security offerings accessible through MyMOREnet login

• • RADAR (MRTG) statistics

• • NetFlow statistics

• • Ticket submission

• • Research requests

24. Fee-based Services

• E-mail Virus and Spam Filtering (EVSF)

• Remote Vulnerability Assessment

25. Expanding to the security community

• Security community meetings

• Security community e-mail list for announcements and discussion

• Infragard involvement

• State Information Technology Advisory Board (ITAB) involvement

26. On-going activities

• Participate in annual Security Awareness Month

• Annual advanced topic for training

• Nationally known Security Symposium keynote speaker

• Expand the security community reach beyond Columbia

27. Is there anything left to do?

• Blogging

• Darknet

• DShield log analysis server

• On-site Remote Vulnerability Assessment

• In-depth firewall assessment

• SMTP self-testing tool

• Managed firewall

• Managed security appliance

28. For more information

• Randy Raw

• • [email_address]

• • 573.882.0749

• Beth Young

• • [email_address]

• • 573.884.7200