University of Cincinnati Staying Ahead of the Security Curve with Finite Resources Presented by Diana Noelcke Associate Director, Enterprise Communication Systems and Jim Downing Information Security Officer
“Some memories last forever”
The Way We Were ► 3 Different networks ► 2 ATM networks (Asynchronous Transfer Mode) ► 1 managed by an outside company ► 1 managed by UCit staff ► 1 Fddi network (Fiber Distributed Data Interface) ► Assigning IP’s per machine, maneuvering subnets around, IP conflicts ► Reactive versus pro-active in troubleshooting network problems ► Inaccurate documentation
Vision ► To design a one vendor/topology solution ► All network connectivity consistent throughout the campus ► To become pro-active versus reactive ► To support the university network totally from within ► Move into the future with the network design plus position the university for emerging technologies
Vision realized ► After 12 months of planning, community endorsements and 8 months of converting 73 buildings and 264 closets the University now has the second largest network in the Greater Cincinnati area, second only to P&G. ► One vendor solution ► Implemented network Security solutions ► Positioned for future technologies (VOIP, Multicast, QoS) ► Stability, Reliability, and Uptime ► Manageability ► Fiber plant, telecommunication closets fully documented
UCnet ► 21,000 data connections ► 800+ Network Devices ► 200+ Wireless access points ► Security devices, ► PIX Perimeter firewall, ► IDS (Intrusion Detection System) ► VPN (Virtual Private Network) ► DMZ (Buffer zone between UCnet and Internet) ► 2 nd Tier firewalls
Lessons Learned ► It’s very important that policies are written first. Policies are nothing without stated consequences and enforcement of them. ► If you don’t already have a defense in place, you won’t have any time to react. ► Plan for communicating to all users and at various levels ► Executive level, IT governance committees ► IT administrators, System administrators, Business managers ► Website
Lessons Learned ► Accurate documentation is very important ► Training of staff is essential prior to implementation ► Educating the end user is key to battling security with finite resources, since security starts at the desktop ► Define network monitoring tools needed prior to implementation
Top Security Threats and Challenges ► Wireless network deployment ► Hackers, internal and external ► Viruses, worms and other malicious code ► New students bringing computers on campus ► Employees and management not taking security policies seriously ► Getting our users to use the 2 nd Tier firewall features
UCnet Security Features ► Private Addressing ► NAT (Network Address Translation) ► Cisco PIX Firewalls ► DMZ (Buffer Zone between Internet & UCNET) ► VPN (Virtual Private Network) Access ► IDS (Intrusion Detection System)
Targets of Opportunity ► Personal Identifiable Information and Personal Health Information ► Identity Theft ► Student Records ► Patient Records ► Financial Records ► Credit card numbers ► Bank account ► Retirement ► Research Data & Other Intellectual Property
UC Computer Incidents Primary Cost Categories ► Employee time for investigation, repair, and restoration ► Loss of data Secondary Cost Categories ► Legal liability against University ► Diminished reputation ► Psychological impact (I.e., feeling violated)
Academic Incidents ► Moonlight Maze- Russian hacked Sun operating systems and gained access to U.S. university network servers to hide their tracks. ► Distributed Denial of Service (DDoS)- attacks on dot com sites; university sites implicated. ► RIAA- Illegal distribution of Copyrighted material. ► Nimda- Worm attack 1 week after September 11, 2001 Slowed Internet 86,000 Hosts infected 43% USA sites UCNet kept on-line
Recent - Academic Incidents ► Blaster- worm compromised windows operating system, flooded network. ► Welchia- similar to Blaster worm, ICMP scans and floods network. ► Sobig- self-replicating worm via .
Layered - Approach ► Policies ► University wide ► Departmental, Unit or College ► Network Architecture Layers ► Internet Perimeter connection ► Network Subnet Switch/Router ► Desktop machine, File Servers or UCit customer ► Abuse Reporting ► Helpdesk Tier 1 ► Network Operations Center Tier 2 ► Network Engineering Tier 3
IT Policies ► University Wide (General) ► Policy on the Use of Information Technology ► Perimeter Firewall Policy ► Information Technology Management ► Student Code of Conduct ► ► Residential Hall ► ► UCit- Organizational Computer policies ►
Policies Unit Policies ► UC College of Nursing ► ► Clermont College ► ► UC Dept. of Geography JCGIS - SA ►
Network Security Layers ► Perimeter Pix Firewall, Cisco Intrusion Detection, VPN ► Distribution Layer Cisco IOS firewall feature & IDS blades ► Access Layer Departmental servers and desktops
Abuse Reporting ► UCit HelpDesk – Tier 1 Support, document and resolve minor security breaches ► Network Operations Center –Tier 2 Monitor and analyze security data collection ► Network Engineering – Tier 3 Resolve major abuse issues
Overcoming Finite Resources ► Have written, acceptable and enforceable policies in place ► When you can’t hire new staff ► Educate and train your current staff along with your users ► Take a Tiered approach to support your network ► When you don’t have trained staff ► Use outside contacts with local and governmental agencies ► Partner with your Network/Security Vendor ► What are our next steps ► Ongoing research and testing of new security products ► Data mining, review and refresh our IDS architecture Copyright Diana Noelcke, Jim Downing, 2003 This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.