NDSU IT Security Theresa Semmens Chief Information Technology Security Officer Jeff Gimbel Senior Security Analyst.

Slides:

Advertisements

Similar presentations

Smartphone and Mobile Device Security IT Communication Liaisons Meeting October 11, 2012 Theresa Semmens, CITSO.

Advertisements

A new way of printing at S.T.C.C.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

Operating System Customization

System and Network Security Practices COEN 351 E-Commerce Security.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

Network Security Testing Techniques Presented By:- Sachin Vador.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

Security Tools CS-480b Dick Steflik. CACLS Windows NT, W2000, XP Displays or modifies access control lists (ACLs) of files.

SIRT Contact Orientation Security Incident Response Team Departmental Security Contacts April 16, 2004.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.

Module 6 Windows 2000 Professional 6.1 Installation 6.2 Administration/User Interface 6.3 User Accounts 6.4 Managing the File System 6.5 Services.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 8 Introduction to Printers in a Windows Server 2008 Network.

Computer Networks IGCSE ICT Section 4.

A+ Guide to Software, 4e Chapter 11 Supporting Printers and Scanners.

1 Chapter Overview Introduction to Windows XP Professional Printing Setting Up Network Printers Connecting to Network Printers Configuring Network Printers.

Remote Accessing Your Home Computer Using VNC and a Dynamic DNS Name.

Windows Server 2008 Chapter 6 Last Update

Advanced Networking for DVRs

Getting Connected to NGS while on the Road… Donna V. Shaw, NGS Convocation.

Security and Risk Management. Who Am I Matthew Strahan from Content Security Principal Security Consultant I look young, but I’ve been doing this for.

Overview Print and Document Services Print Management console Printer properties Troubleshooting.

1 Networks, advantages & types of What is a network? Two or more computers that are interconnected so they can exchange data, information & resources.

Microsoft Windows 2003 Server. Client/Server Environment Many client computers connect to a server.

1 ISA Server 2004 Installation & Configuration Overview By Nicholas Quinn.

Module 7: Configuring TCP/IP Addressing and Name Resolution.

Chapter 7: Using Windows Servers to Share Information.

Nursing Grad Students Computer Orientation undergrad/all/computer_labs.html.

G046 Lecture 05 Task E Briefing Notes Mr C Johnston ICT Teacher

Module 4: Add Client Computers and Devices to the Network.

Module 14: Configuring Print Resources and Printing Pools.

Chapter 6 Configuring Windows Server 2008 Printing

Chapter 3.  Help you understand different types of servers commonly found on a network including: ◦ File Server ◦ Application Server ◦ Mail Server ◦

CIM6400 CTNW (04/05) 1 CIM6400 CTNW Lesson 6 – More on Windows 2000.

Home Media Network Hard Drive Training for Update to 2.0 By Erik Collett Revised for Firmware Update.

CSI-E Computer Security Investigator – Enterprise.

Copyright 2000 eMation SECURITY - Controlling Data Access with

Network Management Tool Amy Auburger. 2 Product Overview Made by Ipswitch Affordable alternative to expensive & complicated Network Management Systems.

Course ILT Internet/intranet support Unit objectives Use the Internet Information Services snap-in to manage IIS, Web sites, virtual directories, and WebDAV.

Chapter 1: The Internet and the WWW CIS 275—Web Application Development for Business I.

COMP1321 Digital Infrastructure Richard Henson February 2014.

November 10,  Acceptable use  Internet Filtering  Social Web (MySpace, Facebook, etc.)  Cyberbullying  Plagiarism  Phishing.

INSTALLATION HANDS-ON. Page 2 About the Hands-On This hands-on section is structured in a way, that it allows you to work independently, but still giving.

Windows Small Business Server 2003 Setting up and Connecting David Overton Partner Technical Specialist.

Client – Server Application Can you create a client server application: The server will be running as a service: does not have a GUI The server will run.

1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.

Turning Windows 7 into a Web Server Ch 28. Understanding Internet Information Services.

Cisco – Chapter 15 Application Layer closest to you as an end-user, when you are interacting with software.

FitnessGram® 2015 Student Information System (SIS) Extract Import Training for Georgia School Year.

Page 1 Printing & Terminal Services Lecture 8 Hassan Shuja 11/16/2004.

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Communications & Networks National 4 & 5 Computing Science.

Hands-On Microsoft Windows Server 2008 Chapter 5 Configuring Windows Server 2008 Printing.

Windows Administration How to protect your computer.

Computer Security Sample security policy Dr Alexei Vernitski.

Hands-On Microsoft Windows Server 2008 Chapter 6 Configuring Windows Server 2008 Printing.

SMOOTHWALL FIREWALL By Nitheish Kumarr. INTRODUCTION  Smooth wall Express is a Linux based firewall produced by the Smooth wall Open Source Project Team.

COMP1321 Digital Infrastructure Richard Henson March 2016.

Xbox Wireless Errors & Troubleshooting. Network: Failed Internet: Failed Xbox LIVE: Failed NAT: Connection Warning.

About NDSU Morril Land Grant University founded March 8, undergraduate majors, 170 undergraduate degree programs, 81 master’s degree programs,

Printer Admin Print Job Manager

Chapter 27: System Security

Getting Started.

Configuring Internet-related services

Getting Started.

Chapter 11 Supporting Printers and Scanners

LO3 – Understand Business IT Systems

Computer Networks Protocols

Presentation transcript:

NDSU IT Security Theresa Semmens Chief Information Technology Security Officer Jeff Gimbel Senior Security Analyst

NDSU Physical Infrastructure Open Network –External facing network 79 subnets Open to Internet –Internal facing network 79 subnets Open to the University System and some statewide entities –Firewalled network Used by some departments for regulatory compliance –Server room network Used for server to server communication (i.e., backup)

NDSU IT Infrastructure Supported Departments Distributed IT Independent Departments

A Little History –2004, ND Information Technology Department SNMP Scan – Found a majority of printers on the University System network that had SNMP set to public –2008, Foundstone 175 insecure devices recognized as printers

How did the printer problem really come to light? Nessus scan –Removed the safe scan See how much paper would be wasted –LaserJet M sheets –Nessus findings FTP open Telnet open Web page default username and password SNMP community name set to public

How did the printer problem really come to light? (continued) Brought to the attention of IT leadership –Nessus set to “scan the entire network” –Work out alternative solution

Is this really a problem? NDSU dropped support for printers as cost-savings initiative Currently, departments request DNS name for purchased printers –Name is granted within our naming scheme –Name is added to an install script Printer plugged into the network

Is this really a problem?

Methodology 1.Tools – What are we going to use? 2.Locating devices – How widespread is the problem? 3.Policies and procedures – Shouldn’t we have covered this somewhere? 4.Identification and notification – How do we let stakeholders know their printers are not secure? 5.Reactions – How could we have been so wrong about how stakeholders would react? 6.Interesting problems – It did WHAT? 7.First follow-up scan – Is it working?

Tools Used Angry IP scanner (GPLv2) Putty (GNU GPL) WinSCP (GNU GPL) Microsoft Excel (campus agreement) Student Employee

Locating Devices Finding what is on the network Angry IP Scanner –

Locating Devices (continued)

Findings External network – Outward facing –3,526 active hosts (June 7) –67 recognizable printers Internal network – Not routable to the Internet –1885 active hosts (June 6) –509 recognizable printers

How bad is it? Human solution for finding the vulnerabilities in the printers –Didn’t want to be responsible for: Crashing printers Reams of wasted paper Default usernames and passwords

Methodology What did the student employee do? –Opened a browser to IP and hostname Tried to log in using defaults –Used Putty to Telnet into IP or hostname Port 23 –Tried anonymous FTP connection with WinSCP Port 21 Anonymous login selected

Findings (continued) External network – 67 printers –20 with anonymous FTP logins (30%) –20 default user/admin accounts (30%) –9 Telnet logins (13%)

Findings (continued) Internal network – 509 printers –177 with anonymous FTP logins (35%) –219 default user/admin accounts (43%) –156 Telnet logins (31%)

Policies and Procedures Reviewed existing policies and procedures –Did we have any? –Why were they not being followed? –Should we create new ones? –How do we enforce new policies and procedures?

Review of Policies, Procedures Vague policies –N.D. University System –NDSU 158 No documented procedures –No procedures meant few people knew what should have been done Started new procedures right away –Isn’t getting client buy-in the most difficult task anyway?

Vendors Mind tricks, (policies or procedures) do not work on them, only money Need to make sure departments consult with central IT unit before making purchases of devices that will be placed on the network

Identification and Notification DNS names include department name, for the most part For others, impossible to know to which department they belonged

Methodology Sent s to identified groups –IP address –DNS name –Vulnerabilities found –Directions for cleanup Worked with communications coordinator and IT Help Desk

Methodology Sent out the s and we waited

Reactions Calm and collected Were able to configure devices with no problems Glad to help Panicked when contacted by security office Needed help with securing process Grateful for help

It did WHAT?!?!

Interesting Problems Printers no longer printing –Disabled port 9100 –Disabled SNMP –Client needed reconfiguration 1.Stop the print spooler 2.Delete all jobs in C:\Windows\syste m32\spool 3.Restart spooler 4.Delete all IP ports 5.Delete all printers 6.Restart computer 7.Setup printers

Problems (continued) Older printers did not have a Web-based configuration –Older Java Did not have any of the sections needed to configure –Configuration through Telnet set-password – Changes default password ftp-config:0 – Disables FTP set-cmnty-name: - Changes default SNMP Idle-timeout: 5 – Sets short timeout for Telnet

Follow-Up Scan External network –Initially 67 printers 20 with anonymous FTP logins (30%) 20 default user/admin accounts (30%) Telnet logins (13%) –First follow-up scan found 67 Printers 16 with anonymous FTP logins (24%) 17 default user/admin accounts (25%) 7 Telnet logins (10%)

Follow-Up Scan Internal network –Initially 509 printers 177 with anonymous FTP logins (35%) 219 default user/admin accounts (43%) 156 Telnet logins (31%) –First follow-up scan found 509 Printers 129 with anonymous FTP logins (25%) 182 default user/admin accounts (36%) 118 Telnet logins (23%)

What’s Next?

Questions?