Growing Your Incident Response Toolbox

Slides:



Advertisements
Similar presentations
Interactive Teaching Javed Iqbal University of British Columbia.
Advertisements

Culture Change: What IT Takes to Create a Quality Customer Service Environment Presented By: Anne Agee, Executive Director, Division of Instructional and.
What Students Say About Emerging Practices and Learning Technology Anthony Potoczniak - Rice University Sarah E. Smith - North Carolina State University.
Tools for Help Desk Management: Assessment & Guidance Karen Pothering Elinor Pennsylvania State University "Copyright.
What Does the Net Generation Expect From Us? SAC August 8, 2005 SAC August 8, 2005 Copyright © 2005, Joel L. Hartman. This work is the intellectual property.
© Copyright Computer Lab Solutions All rights reserved. Do you need usage information about your computer labs? Copyright Computer Lab Solutions.
Cut Costs and Increase Productivity in your IT Organization with Effective Computer and Network Monitoring. Copyright © T3 Software Builders, Inc 2004.
Net Snippets The Leading Internet Research and Information Management Platform Copyright This work is the intellectual property of the author. Permission.
Design & Development Scott Battaglia Application Developer Enterprise Systems and Services Rutgers, the State University of New Jersey
EDUCAUSE Security Professionals Conference 2007 Monkey-in-the-Middle Attacks on Campus Networks Andrew J. KortySean KrulewitchIndiana University April.
Copyright Sylvia Maxwell and Michael White, This work is the intellectual property of the author. Permission is granted for this material to be shared.
Andrea Eastman-Mullins Information & Technology Coordinator University of North Carolina, Office of the President Teaching and Learning with Technology.
Emergency Notification Systems - ISU Alert EDUCAUSE Midwest Regional ISU Alert Carol McDonald Information Systems Leader Information Technology.
Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007.
Office of the Vice President Copyright Notice Copyright Greg Hedrick, Matthew Wirges This work is the intellectual property of the author. Permission.
Educause Security Professionals Conference Network Access Control through Quarantine, Remediation, and Verification Jonny Sweeny Incident Response Manager.
Educause Security 2007ISC Information Security Copyright Joshua Beeman, This work is the intellectual property of the author. Permission is granted.
Copyright Statement © Jason Rhode and Carol Scheidenhelm This work is the intellectual property of the authors. Permission is granted for this material.
Dana C. Voss Manager, Decision Support Services, UIS University Information Technology Services INDIANA UNIVERSITY May 2003 Copyright Dana C. Voss, 2003.
Developing a Successful Model for Online and Tech-Enhanced Learning Mamie How Janet Willett Patricia Delich Presented April 27, 2005 Copyright Patricia.
Copyright Anthony K. Holden, This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
MIT ROLES DB Internet 2 Authority Architectures CAMP, June 2004.
Wireless LANs A Case Study of Baylor University’s Wireless Network Copyright Bob Hartland 2002 This work is the intellectual property of the author. Permission.
INDIANAUNIVERSITYINDIANAUNIVERSITY Automated Network Isolation at Indiana University David A. Greenberg Information Technology Security and Policy Office.
Unraveling Web Development PRESENTERS: Bob Nakles and Paras Kaul, George Mason University.
Mobile Computing and Security Authenticated Network Access (ANA) Jon Peters Associate Director Dave Packham Manager of Network Engineering NetCom University.
University of California, Irvine Security Access Management at UC Irvine: Adding Decentralization and Ending Paper Mark Askren, Assistant Vice Chancellor.
Moving Your Paperwork Online Western Washington University E-Sign Web Forms Copyright Western Washington University, This work is the intellectual.
CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors.
Information Security Governance in Higher Education Policy2004 The EDUCAUSE Policy Conference Gordon Wishon EDUCAUSE/Internet 2 Security Task Force This.
Learning Management Systems Camp June 2004 Barry R Ribbeck UT HSC Houston Copyright, Barry Ribbeck, This work is the intellectual property of the.
Intellectual Property Protocol and Assessment for Distance Learning Liz Johnson Project Manager Advanced Learning Technologies Board of Regents of the.
Sharing Information and Controlling Content: Continuing Challenges for Higher Education Susanna Frederick Fischer Assistant Professor Columbus School of.
NERCOMP Managing Campus Affiliates Managing Campus Affiliates Faculty? Student? Faculty? Student? Staff? Criss Laidlaw Director of Administrative.
Copyright Michael White and Sandra Thompson, This work is the intellectual property of the author. Permission is granted for this material to be.
Managing Intellectual Property for Distance Learning Liz Johnson Project Manager Advanced Learning Technologies Board of Regents of the University System.
Center for Planning and Information Technology T HE C ATHOLIC U NIVERSITY of A MERICA ERP Systems: Ongoing Support Challenges and Opportunities Copyright.
The "How" and "Why" of a Large-Scale Wireless Deployment  March 3, 2004  EDUCAUSE Western Regional Conference Sacramento, CA Copyright Philip Reese,
Security Access Management at UCI – Slaying the Paper Forms Dragon Mark Askren, Assistant Vice Chancellor Valerie Jones, Project Lead Jennifer Lane, Help.
© 2006 Property of Lancope. Proprietary and Confidential. Lancope and Emory University: Illuminating (and Securing) the Network Andy Wilson Senior Systems.
Copyright David A. Cox This work is the intellectual property of the author. Permission is granted for this material to be shared for non- commercial,
Virtual Orientation: Personalized Communities with Market Appeal Marcus P. Robinson Brian A. Young Educause 2001 Indianapolis, Indiana.
Portals and Web Standards Lessons Learned and Applied David Cook Copyright The University of Texas at Austin This work is the.
1 Effective Incident Response Presented by Greg Hedrick, Manager of Security Services Copyright Purdue University This work is the intellectual property.
EDUCAUSE 2003 Copyright Toshiyuki Urata 2003 This work is the intellectual property of the author. Permission is granted for this material to be shared.
Copyright © 2011 Rachel Fourny. This work is the intellectual property of Rachel Fourny. Permission is granted for this material to be shared for non-commercial,
Copyright Michael White and Sylvia Maxwell, This work is the intellectual property of the author. Permission is granted for this material to be shared.
© Scottsdale Community College Leveraging the Power of E-Learning Taking your course to a higher level Presented by Sidne Tate Director, Instructional.
University of Southern California Identity and Access Management (IAM)
Breaking Down Barriers & Building Bridges Improves Customer Satisfaction & Efficiency Wendy Woodward | March 15, 2011 Copyright Wendy Woodward 2011.
Printing Reduction with PaperCut
Copyright Joel Rosenblatt 2010
SIP Protocol overview SIP Workshop APAN Taipei Taiwan 23rd Aug 2005
Federated Identity Management at Virginia Tech
Walking the Line Between Customer Service and Customer Codependency
Julian Hooker Assistant Managing Director Educause Southwest
Southeast Missouri State University
Applications of Virtualization & Automation
Using Camtasia to Create Online Tutorials to Ease the Learning Curve
Defining an IT Workflow, from Request to Support
IT All Staff M. Mundrane 16 March 2018.
Copyright Notice Copyright Bob Bailey This work is the intellectual property of the author. Permission is granted for this material to be shared.
Blaine A. Brownell, President,
University of Southern California Identity and Access Management (IAM)
Project for OnLine Instructional Support (POLIS)
myIS.neu.edu – presentation screen shots accompany:
© Mike Reese This work is the intellectual property of the author
An App A Day Copyright Tina Oestreich and Brian Yuhnke This work is the intellectual property of the author. Permission is granted for this material.
Managing Enterprise Directories: Operational Issues
Terry Coatta VP Development, Silicon Chalk
Presentation transcript:

Growing Your Incident Response Toolbox Jonny Sweeny, GSEC GCWN GCIH GWAS Incident Response Manager June 24, 2018 Copyright 2009, Trustees of Indiana University. This work is the intellectual property of IU. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.  

What do IR tools get us? Decreased detect-to-block times Improved ability to track down users and computers End-user self-service remediation

Main Content Area Bullet point one Bullet point two Bullet point three Bullet point four Bullet point five

What this talk is not about: Proactive tools to identify/notice activity (i.e. IDS)

Outline How to grow the toolbox Categories of tools: Lookup/processing Communications Blocking Self-Service How IU implemented these tools

Clicking, double-clicking You have to know about tools before you can grow your toolbox This video clip of The IT Crowd is © Channel Four Television Corporation

How to grow the toolbox Start collecting connection logs (Syslog) NetFlow or SFlow data Other login records too (DNS, AD, LDAP, Kerberos, Webmail, CAS) Consider log retention rollover Get the logs into a database Write event query code Streamline notification (canned messages) Streamline blocking Provide easy lookup for support staff Provide self-service remediation At #1, talk about who/where to get logs from. -- show of hands: who is collecting this data now? --FOIA requests == a reason to *not* store for too long At #2, talk about *how* to import to a database. Mention named pipes. 7

Are you from the past? The importance of clear communications This video clip of The IT Crowd is © Channel Four Television Corporation

Communications tools

Blocking tools Disable Accounts DHCP AD Group WDDX VPN Dialup ~Tracking blocks – we log all block actions. Helps us see machines that keep showing up. ~Make sure and point out how blocking can be complicated but unifying it helps a lot. ~Compare: scramble versus disable. MAC Address SuperBlock Scripted https post SOAP Null route injections WPA2 802.1x Scramble Passphrase 10

Self-Service http://www.hulu.com/watch/36608/talkshow-with-spike-feresten-cable-psa

Self-Service Unblocks Unblocking used to take a lot of our time. Now users do it themselves. 12

Demonstrate Smite, Notify & Remediation I will now attempt a live demo…wish me luck!!

Demo processing of sample DMCA notice

DMCA quiz

DMCA Automation

DMCA User Maintenance

Demonstrate Charts

Demonstrate Database

Whitelist / Blacklist

SOAP Services

Tech Specs Future plans Written in Perl 12,800 lines of code Has been a side project; first went live Oct 2007 Future plans Digital signatures Better notification to support teams at block time

Questions? Jonny Sweeny jsweeny@iu.edu Webmail spammer (and brute force) detection scripts Keyboard shortcuts Juggle Jonny Sweeny jsweeny@iu.edu

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.