ITS -- Yale University Shutting Down Insecure Telnet and FTP (A Success Story) Chuck Powell Director, Workstation Support Services Yale University

Slides:

Advertisements

Similar presentations

Save Time, Money, and Energy by Virtualizing Your Environment Mica Lyman and Shawn Harpe Oklahoma State University Copyright Mica Lyman, Shawn Harpe 2007.

Advertisements

Tools for Help Desk Management: Assessment & Guidance Karen Pothering Elinor Pennsylvania State University "Copyright.

What Does the Net Generation Expect From Us? SAC August 8, 2005 SAC August 8, 2005 Copyright © 2005, Joel L. Hartman. This work is the intellectual property.

Student, Faculty, and Staff Data Availability and Protection What’s the Back-Up Plan? (for academic computing) Sponsored by.

© Copyright Computer Lab Solutions All rights reserved. Do you need usage information about your computer labs? Copyright Computer Lab Solutions.

A Web-based Bibliography Management Initiative: Collaborating for Classroom and Library Technology Integration Brian Nielsen, Academic Technologies Denise.

Copyright Tom Parker, Ron DiNapoli, Andrea Beesing, Joy Veronneau This work is the intellectual property of the authors. Permission is granted for.

Design & Development Scott Battaglia Application Developer Enterprise Systems and Services Rutgers, the State University of New Jersey

Supporting and Hosting Web- Based Learning Systems Educause 2001 Charlene Douglas – Director Kathryn Gomm - Training Manager Sharon McCarrager – Accessibility.

EDUCAUSE Security Professionals Conference 2007 Monkey-in-the-Middle Attacks on Campus Networks Andrew J. KortySean KrulewitchIndiana University April.

Copyright Sylvia Maxwell and Michael White, This work is the intellectual property of the author. Permission is granted for this material to be shared.

USCGrid KX.509& Enterprise Security Shelley Henderson Project Manager, Grid Software USC Information.

University of Notre Dame Office of Information Technologies March 26, Maintaining the Right Balance Using the Project Charter to Set IT Project Prioritization.

1 Penn State/Napster 2.0 Trial Russell S Vaught Associate Vice Provost, Information Technology Copyright Russell S. Vaught This work.

Delivering Windows OS Updates at Yale with SUS EDUCAUSE Security Professionals Workshop May 17, 2004 Washington DC Ken Hoover, Systems Programmer

Webdisk Storage Anywhere, Anytime for Everyone Presented at Educause, 2003 Copyright 2003, Jeremy Mortis and Harold Esche. This work is the intellectual.

Migrating to uPortal 2 at UBC Paul Zablosky University of British Columbia Copyright Paul Zablosky This work is the intellectual property of the.

The Homegrown Single Sign On (SSO) Project at UM – St. Louis.

The Journey Toward 24/7 IT Monitoring University of North Carolina at Greensboro Design and Build of Network Operations Center Copyright Thomas M. Sheriff,

Copyright C. Grier Yartz This work is the intellectual property of the author. Permission is granted for this material to be shared.

Copyright Anthony K. Holden, This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

Mobile Computing and Security Authenticated Network Access (ANA) Jon Peters Associate Director Dave Packham Manager of Network Engineering NetCom University.

Moving Out of The Shadows: Shining a Light on Data David Rotman Director of Computer Services Mark Mazelin Web Development Coordinator Copyright David.

Jeff McKinney Exchange to Mirapoint Migration January 11, 2006 Securing Exchange to Mirapoint Jeff McKinney University of Maryland Dept of Electrical.

Moving Your Paperwork Online Western Washington University E-Sign Web Forms Copyright Western Washington University, This work is the intellectual.

Darrel S. Huish Katherine J. Ranes Arizona State University Lessons Learned During the First Year of myASU, a Large Institution Portal Copyright Darrel.

Open Your Eyes: Open Architecture, Open Source, Open Projects Mid-Atlantic Educause January 12, 2005 Copyright Patricia Gertz This work is the intellectual.

Copyright Tim Antonowicz, This work is the intellectual property of the author. Permission is granted for this material to be shared for non- commercial,

Steven Hazzard – Dir Application Systems Karin West Mormando – Assoc Dir Admissions Charles Musgrove – Assoc Dir Admissions Extreme Makeover: Rebuilding.

Intellectual Property Protocol and Assessment for Distance Learning Liz Johnson Project Manager Advanced Learning Technologies Board of Regents of the.

Invent the Future. Some information about VT ~28,000 students; 83% UG/17% Graduate Most users publish/utilize a single address such as

Haute Software: Juggling Open Source and Vendor Software Jeshua Pacifici, Manager, Learning Systems Kim Gausepohl, Assistant Manager, Online Course Systems.

EDUCAUSE April 25, 2006Enforcing Compliance with Security Policies … Enforcing Compliance of Campus Security Policies Through a Secure Identity Management.

Sharing MU's SharePoint Experience 2005 Midwest Regional Conference Innovative Use of Technology: Getting IT Done Wednesday, March 23, 2005.

UNC’s Digital Library Project: Current Initiatives, Future Plans Megan Winget Academic Technology Specialist Office of Arts & Sciences Information Services.

Stanford’s Patch Management Project   Ced Bennett May 17, 2004 Copyright Cedric Bennett This work is the intellectual property of the author. Permission.

Collaborative Associate of Arts Degrees. Collaboration In thought a good idea Every one wants to be invited to the dance. Sharing sounds good. In deed.

Sharing Information and Controlling Content: Continuing Challenges for Higher Education Susanna Frederick Fischer Assistant Professor Columbus School of.

Please Note: Copyright –David L. Snellman This work is the intellectual property of the author. Permission is granted for this material to be shared.

Educause 2006, Dallas TX What does a University need from Access Management? John Paschoud InfoSystems Engineer, LSE Library London School of Economics.

NetReg – Virus Killer? Spam Stopper? Copyright – 2006This work is the intellectual property of the authors. Permission is granted for this material to.

NERCOMP Managing Campus Affiliates Managing Campus Affiliates Faculty? Student? Faculty? Student? Staff? Criss Laidlaw Director of Administrative.

Dot.edu: An e-learning Infrastructure for the University of Wisconsin System and Beyond CUMREC 2002 Charlene Douglas – Director Kathryn Gomm – Training.

Managing Intellectual Property for Distance Learning Liz Johnson Project Manager Advanced Learning Technologies Board of Regents of the University System.

Issues Associated with ePortfolios in Small Colleges EDUCAUSE Mid-Atlantic Regional Conference 2006 Ed Barboni, Senior Advisor, Council of Independent.

Discussion Panelists: Justin C. Klein Keane Sr. Information Security Specialist University of Pennsylvania Jonathan Hanny Application Security Specialist.

NERCOMP 2002 Networks, Town and Gown: Collaborating with the Community Pat Cronin & Bill Davis Bridgewater State College Bridgewater, Massachusetts Copyright.

Copyright Copyright University of Washington This work is the intellectual property of the author. Permission is granted for this material to be.

Copyright © 2003, The University of Texas at Austin. This work is the intellectual property of the author. Permission is granted for this material to be.

Copyright David A. Cox This work is the intellectual property of the author. Permission is granted for this material to be shared for non- commercial,

Effective Distribution of Academically Licensed Software ©2008 Brent West. This work is the intellectual property of the author. Permission is granted.

Cdigix at Yale Chuck Powell Director, Academic Media & Technology, ITS Yale University September 15, 2004 Copyright Charles Powell.

1 Presenters: Lucretia Parham Sara Connor Armstrong Atlantic State University October 30, :45 – 12:35 Copyright Sara Connor and Lucretia Parham,

Virtual Orientation: Personalized Communities with Market Appeal Marcus P. Robinson Brian A. Young Educause 2001 Indianapolis, Indiana.

Integration is Critical for Success Curriculum Course Delivery Ongoing Support Instructor & Learner.

Creating an Agile and Responsive IT Organization Presented by Ohio University - Zanesville.

Advice for IT Leaders By Don Harris Vice Provost and CIO Emory University.

WebISO, Single Sign-On & Authorization General Overview Shelley Henderson Project Manager, Grid Software USC Information Services Copyright.

NMI-EDIT and Rice University Federated Identity Management: Managing Access to Resources in Texas Barry Ribbeck Director System Architecture and Infrastructure.

© 2009 Pittsburgh Supercomputing Center Server Virtualization and Security Kevin Sullivan Copyright Kevin Sullivan, Pittsburgh Supercomputing.

Chief Information Officer Effectiveness in Higher Education Wayne Brown, Ph.D. Copyright Wayne Brown This work is the intellectual property of the.

Copyright Michael White and Sylvia Maxwell, This work is the intellectual property of the author. Permission is granted for this material to be shared.

© Scottsdale Community College Leveraging the Power of E-Learning Taking your course to a higher level Presented by Sidne Tate Director, Instructional.

Walking the Line Between Customer Service and Customer Codependency

Applications of Virtualization & Automation

Project for OnLine Instructional Support (POLIS)

myIS.neu.edu – presentation screen shots accompany:

An App A Day Copyright Tina Oestreich and Brian Yuhnke This work is the intellectual property of the author. Permission is granted for this material.

Preventing Privilege Escalation

Presentation transcript:

ITS -- Yale University Shutting Down Insecure Telnet and FTP (A Success Story) Chuck Powell Director, Workstation Support Services Yale University Copyright Charles Powell, This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.

ITS -- Yale University 2 Prolog Although I’m the only one presenting today, the story you’re going to hear is, more than anything else, a success story about teamwork and social engineering involving a lot of people. It’s only fair at this point to mention, in particular, two people who were co-authors of not only this presentation but the success. David Davies (then the Manager of Student Computing) and Eoghan Casey (from our Information Security Office). Of course all typos and errors in the presentation are mine.

ITS -- Yale University 3 Presentation Goals Non-technical (happy to answer questions but that’s not the target today) More about process and communications than daemons Pretty vendor neutral and does not require expensive new software to implement Lessons learned for your benefit

ITS -- Yale University 4 Our Problem Telnet and Ftp represented “well known” security risks From the users perspective, however, ftp and telnet are “their friends” Investing large amounts of “new money” was not an option Leveraging existing technologies and our architecture Avoid the “dictatorship of the minority” through education

ITS -- Yale University 5 It’s Good to Be “Lucky” We had already been setting the stage RSA patent was expiring, undoing a logjam on client software Audience was receptive due to a spike in security breaches and “shared pain” Strong backing from “the top”

ITS -- Yale University 6 Objectives Turn off insecure telnet and ftp on institutional level servers –Without disenfranchising any users –Without new infrastructure –By extending current architecture and methods Educate users so the trend extended into machines and domains not centrally managed

ITS -- Yale University 7 What We Had A reliable and robust set of authentication services in Kerberos and Windows we could rely on A reasonably well known population of users and applications Some experience with smaller cases and some lessons learned

ITS -- Yale University 8 What We Lacked A plan and target dates A cohesive or unitary way of reaching all our clients Super powers or magic dust!

ITS -- Yale University 9 What We Did – In General Worked from both ends towards the middle Used as many different communication media as possible Worked incrementally Turned up “the noise” gradually Drew on diverse areas of expertise not only within IT but from our users

ITS -- Yale University 10 What We Did -- In Specific Set a date(s) to shoot for Separated telnet and ftp shutdowns Used everything from current print media to the login process to lists to get the word out Answered every question you could dream of and then of course some we didn’t think of Met frequently to discuss and adjust

ITS -- Yale University 11 A Little Dab of Technology Windows Kerberized Host Explorer Secure Shell Windows Client TeraTerm SSH Putty/Pscp Samba/Windows file sharing Mindterm Java SSH Client Mac Kerberized Fetch Nifty Telnet w/SSH Kerberized Better Telnet Netatalk (Kerberos or DHX UAM) Mindterm Java SSH Client** Unix Openssh SSH Communications Security (SSH.Com) Kerberized Telnet and FTP Mindterm Java SSH Client PAM

ITS -- Yale University 12 Tricky Things We Learned Even the smallest changes can confuse novice users or annoy sophisticated users Emphasize the gains, don’t just be apologetic Develop your documentation with an eye towards varying populations – one size does not fit all

ITS -- Yale University 13 Summary It can be done! There is no such thing in this case as too much communication on the issue or too many different media Ask the question, “What do you do now?” and find solutions that are as “good”, or sometimes, even better! This isn’t a panacea and we’re not done yet

ITS -- Yale University 14 Useful Links