the educause security professionals experience [ppt]

Download The EDUCAUSE Security Professionals Experience [ppt]

Post on 01-Jul-2015




2 download

Embed Size (px)


  • 1. The EDUCAUSE Security Professionals Experience Brian Moeller, CISSP The Ohio State University

2. Pre-Conference

  • Exercise in Ethical Hacking

3. The Keynote

  • Dan Larkin, FBI

4. The Botherd is coming!

  • Overview of how a Help Desk Operation dealt with an infestation of Bots.
  • Complete title:
  • The Botherd is Coming!How Education and Technology Can Stop The Stampede

5. Defining the Security Domain

  • Nothing good to say about this one

6. PKI at UW-Madison

  • Vendor/Institution Team Effort
  • Presentation covered decisions, costs, timeframes
  • Vendor handled himself with class

7. Detection and Investigation of Compromised Hosts on Campus

  • An affirmation

8. Information Sharing the MOREnet Way

  • MOREnet is similar to OARnet (but smaller)

9. 10. Information sharing the MOREnet way: How not to keep secrets Randy Raw Beth Young MOREnet Security1.800.509.6673 [email_address] 11. Objectives:

  • Introductions
  • What is MOREnet
  • Communication options
  • Conferences
  • Expanding the security community

12. Introductions

  • Randy Raw
    • CISSP - August 2005
    • 1.5 years with MOREnet
    • Former Director of Technology Services at Linn State Technical College
    • Former Technology Coordinator for the Osage County R-II schools
  • Beth Young
    • CISSP - July 2003
    • 5 years with MOREnet
    • Former Network Analyst - University of Missouri Columbia

13. What is MOREnet

  • The Missouri Research and Education Network (MOREnet)provides Internet connectivity, access to Internet2, technical support, videoconferencing services and training to Missouri's K-12 schools, colleges and universities, public libraries, health care, state government and other affiliated organizations.

14. What does the Security office do?

  • Assist with incident response
  • Liaison with law enforcement
  • Gather information for dissemination
  • Knowledge transfer

15. The Old Days

  • We were the bad guys.Nobody talked to us because they were afraid we would use it against them.
  • We were a ticket numbers group.
  • Policy issues kept us from being proactive and helpful

16. What have we done to change?

  • Change how we do what we do
  • Communicate regularly to our members, not just when they have a problem
  • Provide opportunities for members to learn and help them secure their networks, not just be their Internet police
  • Establish goals to reduce ticket counts, especially nuisance tickets
  • Create and communicate Security roadmap

17. The kinder and gentler security - changing what we do

  • Good Net Neighbor configuration
    • Phase I Microsoft NetBIOS port
    • Phase II Outbound Port 25 spam block
  • Self-scanning tool to self-evaluate hosts
  • Blackhole DNS Server
  • MOREnet network status indicator
  • Town hall meetings to discover their needs and issues

18. Using our lists for proactive communication

  • Security-l, MERC-security and State-security lists
    • One-way push for critical announcements
      • Bot network C&C
      • Virus alerts
      • Vulnerability announcements
    • Two-way discussions for any topic members choose
    • Communication of important training opportunities

19. Monthly Web Seminars - communicate

  • Phishing Schemes
  • Bot networks
  • Spyware/malware
  • Nmap
  • Ethereal
  • Securing HP printers
  • SecCheck and Active Ports
  • Subpoena handling

20. Annual Security Symposium - education

  • Mostly member presentations
  • Advanced Technical topics
  • K-12, Higher Education, Library and State Government attendees and presenters
  • Attorney Generals Office keynote on dealing with law enforcement

21. Advanced Security Training - education

  • Contracted with SANS and providing SANS Forensics course at steep discount for MOREnet members
  • CISSP training for members using video conferencing technology

22. Conferences education/communication

  • Security policy generation
  • Security Awareness emphasis
  • Hands-on training sessions
  • Hacking competitions
  • Ethical hacking training

23. Other methods of communications and sharing of information

  • Daily Security Newslinks on website
  • Security offerings accessible through MyMOREnet login
    • RADAR (MRTG) statistics
    • NetFlow statistics
    • Ticket submission
    • Research requests

24. Fee-based Services

  • E-mail Virus and Spam Filtering (EVSF)
  • Remote Vulnerability Assessment

25. Expanding to the security community

  • Security community meetings
  • Security community e-mail list for announcements and discussion
  • Infragard involvement
  • State Information Technology Advisory Board (ITAB) involvement

26. On-going activities

  • Participate in annual Security Awareness Month
  • Annual advanced topic for training
  • Nationally known Security Symposium keynote speaker
  • Expand the security community reach beyond Columbia

27. Is there anything left to do?

  • Blogging
  • Darknet
  • DShield log analysis server
  • On-site Remote Vulnerability Assessment
  • In-depth firewall assessment
  • SMTP self-testing tool
  • Managed firewall
  • Managed security appliance

28. For more information

  • Randy Raw
    • [email_address]
    • 573.882.0749
  • Beth Young
    • [email_address]
    • 573.884.7200