Presentation is loading. Please wait.

Presentation is loading. Please wait.

About NDSU Morril Land Grant University founded March 8, undergraduate majors, 170 undergraduate degree programs, 81 master’s degree programs,

Published byBrandon Gibson Modified over 7 years ago

Similar presentations

Presentation on theme: "About NDSU Morril Land Grant University founded March 8, undergraduate majors, 170 undergraduate degree programs, 81 master’s degree programs,"— Presentation transcript:

1

2

3

4 About NDSU Morril Land Grant University founded March 8, 1890
102 undergraduate majors, 170 undergraduate degree programs, 81 master’s degree programs, and 47 doctoral degree programs of study

5 About NDSU Campuses Main Campus – Over 100 separate buildings
Downtown Campus – 3 very large renovated historic buildings Extension Offices and Research Centers – In all but two counties of North Dakota Recent Acquisition of a Nursing School in Bismarck – still finding out what is there

6 About NDSU Spring 2013 Enrollment ~ 14000 FTE ~ 2600

7 NDSU’s Physical Infrastructure
Open Network External facing network (79 Subnets) Open to the Internet. Internal facing network (79 Subnets) Open to the University System and some State Wide entities. Firewalled Network Used by some departments for regulatory compliance Server Room Network Used for server to server communication (i.e. Backup) We also have Residence Life networks, and Wireless networks as

8 NDSU’s IT Infrastructure
Supported Departments Distributed IT Independent Departments

9 A little History 2004 – ND ITD (Information Technology Department)
SNMP Scan – Found a majority of printers on the University System network that had SNMP set to “public” 2008 – Foundstone 175 insecure devices recognized as Printers

10 How did the Printer Problem really come to light?
Nessus Scan Removed the safe scan See how much paper would be wasted LaserJet M 602 3 sheets Nessus Findings FTP Open Telnet Open Web Page default Username and Password SNMP Community Name set to Public

11 How did the Printer Problem really come to light?
Brought this to the attention of superiors We have Nessus, “scan the entire network” Work out alternative solution

12 Is this really a problem?
NDSU dropped support for printers for cost savings. Currently a department requests a DNS name for the printer they purchased and that name is granted within our naming scheme and that name is added to an install script. Printer Plugged into the Network.

13 Is this really a problem?

14 Is this really a problem?

15 Is this really a problem?
Shawn Merdinger Printer Attack: Script Kiddie Discover Internet-facing .edu printers via Shodan (or scanning) Convert child pornography image to PJL printable format One line of code via TOR. Script, loop, rinse 'n repeat. Reap Lulz. – 'cat kp.img | nc xxx.xxx.xxx.xxx 9100' (plenty of other ways, too!)

16 Problem Results Printer is now federal/state crime scene (connected PCs are also suspect) Hostile work environment class action lawsuit (HR, employee fallout) Press, Press...and moar Press (and all the incorrect stories as a bonus)

17 Is this really a problem?

18 Methodology – Step by Step
Tools – What are we going to use? Locating devices – How wide spread is the problem? Policies and Procedures – Shouldn’t we have covered this somewhere? Identification and Notification – How do we let them know their Printers look so bad? Reactions – How could we have been so wrong about how the population would react? Interesting Problems – It did What? First follow up scan – Is it working?

19 Tools Tools Used: Angry IP scanner (GPLv2) NMAP (GNU GPL)
Putty (GNU GPL) WinSCP (GNU GPL) Microsoft Excel (campus agreement) Student Employee

20 Angry IP Scanner Finding what is on the network. Angry IP Scanner

21 Angry IP Scanner Finding what is on the network.

22 NMAP Command Used: Results Achieved:

23 Findings What did we find? External Network – outward facing
3,526 active hosts (June 2013) 67 recognizable printers 4858 active hosts (February 2014) 138 recognizable printers Internal Network – not routable to the internet 1885 active hosts (June 2013) 509 recognizable printers 2194 active hosts (February 2014) 551 recognizable printers

24 How bad is it? Human solution for finding the vulnerabilities in the printers Didn’t want to be responsible for: Crashing Printers Reams of wasted paper Default user names and passwords

25 Student Employee What did he do? Opened a browser to IP or Host name
Tried to log in using defaults Used Putty to Telnet into the IP or Hostname Port 23 Tried an anonymous FTP connection with WinSCP Port 21 Anonymous Login selected

26 Findings What did we find? (June) External Network – 67 Printers
20 With anonymous FTP Logins – 30% 20 Default User/Admin Account – 30% 9 Telnet Logins – 13%

27 Findings What did we find? (June) Internal Network – 509 Printers
177 With anonymous FTP Logins – 35% 219 Default User/Admin Account – 43% 156 Telnet Logins – 31%

28 Procedure and Policies
Review of existing policies and procedures. Did we have any? Why are they not being followed? Should we make new? How do we make our clients follow new procedures and policies?

29 Policies and Procedures
What we found in our review: Vague policies – NDUS , NDSU 158. No documented procedures. No procedures meant that few people knew what should have been done. Started new procedures right away. Isn’t getting client buy in the most difficult task anyway.

30 Identification and Notification
DNS Names include department, for the most part. Some, no clue, who they belonged to

31 E-Mails Constructed emails to identified groups.
IP Address DNS Name Vulnerabilities found Directions for cleanup We worked with our Communications Officer and the Help Desk.

32 Sent out the emails and we waited:

33 Reactions Calm and collected
Were able to configure devices with no problems Glad to help Panicked upon contact from the security office Needed us to help them through securing Were Grateful.

34 Some Problems Printers no longer printing: Disabled port 9100
Disabled SNMP Client needed reconfiguration Stop the print spooler Delete all jobs in C:\Windows\system32\spool Restart spooler Delete all IP ports Delete all Printers Restart computer Setup Printers

35 Some Problems Older printers did not have a web-based configuration
Older Java Did not have any of the sections needed to configure Configuration through Telnet set-password – Changes default password ftp-config:0 – Disables FTP set-cmnty-name: <newname> - Changes default SNMP Idle-timeout: 5 – Sets short timeout for telnet

36 Follow Up Scan

37 Findings What did we find? (February) External Network – 135 Printers
62 With anonymous FTP Logins – 46% 68 Default User/Admin Account – 50% 34 Telnet Logins – 25%

38 Findings What did we find? (February) Internal Network – 579 Printers
185 With anonymous FTP Logins – 32% 210 Default User/Admin Account – 36% 73 Telnet Logins – 13%

39 SO WHAT HAPPENED School was in session during the second scan.
Improved the process for finding printers. Rouges, people buying printers and just plugging them in to the network.

40 Open SSH / Heartbleed The Internet of Devices Open SSH is free
Printers possibly vulnerable?

41 Heartbleed? What did we do? Findings?
RenISAC made a python script available. Wrote a script to iterate through our subnets. Findings? Zero printers found that were vulnerable. However, found all kinds of other devices that had SSL open and that needs some investigation.

42 Questions? Theresa Semmens – Jeff Gimbel –

Download ppt "About NDSU Morril Land Grant University founded March 8, undergraduate majors, 170 undergraduate degree programs, 81 master’s degree programs,"

Similar presentations

MFA for Business Banking – Security Code Multifactor Authentication: Quick Tip Sheets Note to Financial Institutions: We are providing these QT sheets.

MFA for Business Banking – Security Code Multifactor Authentication: Quick Tip Sheets Note to Financial Institutions: We are providing these QT sheets.
A new way of printing at S.T.C.C.

A new way of printing at S.T.C.C.
beas WEB App Installation

beas WEB App Installation
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
Operating System Customization

Operating System Customization
XP Browser and E-mail Basics1. XP Browser and E-mail Basics2 Learn about Web browser software and Web pages The Web is a collection of files that reside.

XP Browser and Basics1. XP Browser and Basics2 Learn about Web browser software and Web pages The Web is a collection of files that reside.
Network Security Testing Techniques Presented By:- Sachin Vador.

Network Security Testing Techniques Presented By:- Sachin Vador.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.
Module 6 Windows 2000 Professional 6.1 Installation 6.2 Administration/User Interface 6.3 User Accounts 6.4 Managing the File System 6.5 Services.

Module 6 Windows 2000 Professional 6.1 Installation 6.2 Administration/User Interface 6.3 User Accounts 6.4 Managing the File System 6.5 Services.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 8 Introduction to Printers in a Windows Server 2008 Network.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 8 Introduction to Printers in a Windows Server 2008 Network.
Browser and E-mail Basics Tutorial 1. Learn about Web browser software and Web pages The Web is a collection of files that reside on computers, called.

Browser and Basics Tutorial 1. Learn about Web browser software and Web pages The Web is a collection of files that reside on computers, called.
Web Proxy Server Anagh Pathak Jesus Cervantes Henry Tjhen Luis Luna.

Web Proxy Server Anagh Pathak Jesus Cervantes Henry Tjhen Luis Luna.
A+ Guide to Software, 4e Chapter 11 Supporting Printers and Scanners.

A+ Guide to Software, 4e Chapter 11 Supporting Printers and Scanners.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
NDSU IT Security Theresa Semmens Chief Information Technology Security Officer Jeff Gimbel Senior Security Analyst.

NDSU IT Security Theresa Semmens Chief Information Technology Security Officer Jeff Gimbel Senior Security Analyst.
Getting Connected to NGS while on the Road… Donna V. Shaw, NGS Convocation.

Getting Connected to NGS while on the Road… Donna V. Shaw, NGS Convocation.
Overview Print and Document Services Print Management console Printer properties Troubleshooting.

Overview Print and Document Services Print Management console Printer properties Troubleshooting.
Configuring a Web Server. Overview Overview of IIS Preparing for an IIS Installation Installing IIS Configuring a Web Site Administering IIS Troubleshooting.

Configuring a Web Server. Overview Overview of IIS Preparing for an IIS Installation Installing IIS Configuring a Web Site Administering IIS Troubleshooting.
Nursing Grad Students Computer Orientation undergrad/all/computer_labs.html.

Nursing Grad Students Computer Orientation undergrad/all/computer_labs.html.
Module 14: Configuring Print Resources and Printing Pools.

Module 14: Configuring Print Resources and Printing Pools.

Similar presentations

Ads by Google