trends and issues in it security
DESCRIPTION
Trends and Issues in IT Security. A Scan of what’s happening on our campuses With attention to: Trends Primary issues and challenges Any opportunities for information sharing or common solutions? Common Solutions Group, May 13, 1999 Philip Long, Yale University. This Morning. - PowerPoint PPT PresentationTRANSCRIPT
Trends and Issues in IT Security
A Scan of what’s happening on our campuses
With attention to:–Trends
–Primary issues and challenges
–Any opportunities for information sharing or common solutions?
Common Solutions Group, May 13, 1999
Philip Long, Yale University
This Morning
• Bob Mahoney, MIT
• Sandra Senti, Stanford
• Barbara Fraser, CMU/CERT
Yale Trends
Staff Dedicated to IT Security
0
1
2
3
4
AY97 AY98 AY99
Year
FT
E
Same Slope for other trends – Number of incidents– Actual damage– Campus alarm
Practice
• Using Internet Security Scanner (ISS)– But our policy prohibited full use without
seeking the permission of owners
• An increasing number of reported incidents
• Any law enforcement activity is incredibly time consuming
Most Frequent Security Problems
• Viruses– CIH damaged approximately 60 student
machines
• Password sniffing after standard crack– Still have lots of hubs in departments with grad
student sysadmins
Presentations
End of Session Summary
• Rapid rise in incidents– Based on easy-to-use cracker tools– And parallel to Internet growth
• Rapid rise in effort– New staff and– Permeating connections throughout existing organizations
• Tend to report only well documented incidents to law enforcement
• Clear interest in proactive work– Publicity, documentation on prevention– Scanning automatically or on demand– Policy issues?
Most Frequent Problems
• Linux
• Sniffed Passwords
• “The occasional ‘Interesting Thing’”
• Firewalls? – Configuring
– Getting around
Funny Things are Important
• Administrative ease of use of password management turns out to be critical to good password hygiene
Possible Common Solutions
• Information/tool sharing– standard Kerberos support for common platforms
– Kerberized or SSH tunneled FTP
– Policy Sharing
– auto-update, e.g., for Linux
• Can those of us who have security pages link to them from the CSG Web site?