Presentation is loading. Please wait.

Presentation is loading. Please wait.

Adapting Enterprise Security to a University Environment

Published byMadlyn Singleton Modified over 6 years ago

Similar presentations

Presentation on theme: "Adapting Enterprise Security to a University Environment"— Presentation transcript:

1 Adapting Enterprise Security to a University Environment
Bob Hartland Director of IT Servers and Network Services Jon Allen Coordinator of IT Security Tommy Roberson Manager of Servers And IT Security Southwest Educause 2003 © Baylor University 2003

2 Overview of Presentation
Baylor University IT Security Security through technology/hardware Security through People Putting it all together Southwest Educause 2003 © Baylor University 2003

3 Baylor University 14,221 Students 1,750 Full Time Employees
Waco, Texas 14,221 Students 1,750 Full Time Employees Southwest Educause 2003 © Baylor University 2003

4 Information Technology Organizational Chart
Southwest Educause 2003 © Baylor University 2003

5 What is IT Security? “…the concepts, techniques, technical measures and administrative measures used to protect information assets from deliberate or inadvertent unauthorized acquisition, damage, disclosure, manipulation, modification, loss, or use…” [McDaniel - IBM Dictionary of Computing 1994] It is more beneficial to focus on good planning then it is to rely solely on fancy technology. Southwest Educause 2003 © Baylor University 2003

6 Risks of Poor Security Loss of university productivity
Public Relations problems Private Information (SSN, CC numbers, grades, etc.) Degradation or loss of client services Southwest Educause 2003 © Baylor University 2003

7 Security– As Viewed by Industry
Security is a priority (proactive) The ROI for security has become highly visible in the past 2-3 years. Compromise or downtime results in lost profits Southwest Educause 2003 © Baylor University 2003

8 Security – As Viewed in an University Environment
Threat to Academic Freedom A hindrance to research and education productivity Contention for funding Southwest Educause 2003 © Baylor University 2003

9 Baylor’s Approach to IT Security
Our security strategy can be divided into two parts Technology People Southwest Educause 2003 © Baylor University 2003

10 Security through Technology
Firewalls Intrusion Detection Systems VPN (encryption technologies) Logs Server Configuration Vulnerability Scanning Southwest Educause 2003 © Baylor University 2003

11 Firewalls First line of network protection from outside world
Must be strategically placed to be effective in universities One size does not fit all for firewall policies Southwest Educause 2003 © Baylor University 2003

12 Firewall Recommendations
Multiple firewalls are necessary in a university environment Firewall policies should be written with port level filtering. Southwest Educause 2003 © Baylor University 2003

13 Intrusion Detection Systems
Deployment must be highly targeted Networks and servers must be understood to limit false positives Not a substitute for good security practices Southwest Educause 2003 © Baylor University 2003

14 Virtual Private Networks
Ideal for limiting access and securing data transmission Great for extending the university network to students and remote campuses Southwest Educause 2003 © Baylor University 2003

15 Logs Vital to identifying and resolving server and network problems
Subtle or well planned attacks may only be seen through log evaluation Raises questions of academic freedom and big brother Southwest Educause 2003 © Baylor University 2003

16 Server Configuration Servers should only run daemons/services that are necessary Use mailing lists and OS update services to maintain server patches Limit the services on servers that contain critical data Southwest Educause 2003 © Baylor University 2003

17 Vulnerability Scanning
Prioritize scans to focus on critical systems first. Be aware that false positives are common with scanning tools Scanning results can be used to point to weak points in networks and servers before they are abused Southwest Educause 2003 © Baylor University 2003

18 Security through People
Policies Procedures Education Southwest Educause 2003 © Baylor University 2003

19 Policies-Creation Important to bring in other departments
Anticipate problems Try to make policies broad enough to cover many issues Southwest Educause 2003 © Baylor University 2003

20 Policies-Modification
Be flexible Policies are an ongoing work There will always be exceptions to policy Southwest Educause 2003 © Baylor University 2003

21 Policies-Enforcement
Must have administrative backing for policies Helpful to explain this to various departments Must establish consistent method for dealing with student violations Document ALL enforcement actions taken Southwest Educause 2003 © Baylor University 2003

22 Procedures When done appropriately-procedures can be used to prevent many problems These are very time consuming… …but can eventually save time and headaches by preventing obvious security lapses. Southwest Educause 2003 © Baylor University 2003

23 Education End-User education Server admin education
Support Staff education Southwest Educause 2003 © Baylor University 2003

24 End-User Education Most important thing is educating end-user on sound password practices. Users are more likely to follow policies and rules if they understand reasons for them Teach users to notice things that don’t seem right Southwest Educause 2003 © Baylor University 2003

25 Server Admin Education
Teach importance of keeping systems up to date Encourage sound local account practices Try to bring other admins in other schools into the security community Southwest Educause 2003 © Baylor University 2003

26 IT Staff Education Support Staff are many times ignorant of sound security practices Many IT users in general never consider security when doing their jobs. We must also try to bring them into the security community Southwest Educause 2003 © Baylor University 2003

27 Security is everyone’s job!
Southwest Educause 2003 © Baylor University 2003

28 On the Horizon Proactive and correlative IDS
Stricter laws forcing security in universities Probable increase in security incidents Southwest Educause 2003 © Baylor University 2003

29 Summary Complete security solutions must address both technology and people Technology solutions are only as good as the policies they are enforcing Security strategies must depend upon and encourage cooperation from people in the organization Southwest Educause 2003 © Baylor University 2003

30 Contributors: Speakers: Bob Hartland Tommy Roberson
Director for IT Servers and Network Services Tommy Roberson Manager of Servers and IT Security Jon Allen Coordinator of IT Security Southwest Educause 2003 © Baylor University 2003

31 Copyright Bob Hartland, Tommy Roberson, and Jon Allen 2003
Copyright Bob Hartland, Tommy Roberson, and Jon Allen 2003.This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author. Southwest Educause 2003 © Baylor University 2003

Download ppt "Adapting Enterprise Security to a University Environment"

Similar presentations

CHECK 2012 Bridging the Gap for Mobile Devices: Eager Adoption v. Practical Support Emporia State University The Faculty & Staff Support Perspective Cory.

CHECK 2012 Bridging the Gap for Mobile Devices: Eager Adoption v. Practical Support Emporia State University The Faculty & Staff Support Perspective Cory.
Data, Policy, Stakeholders, and Governance Amy Brooks, University of Michigan – Ann Arbor Bret Ingerman, Vassar College Copyright Bret Ingerman 2004. This.

Data, Policy, Stakeholders, and Governance Amy Brooks, University of Michigan – Ann Arbor Bret Ingerman, Vassar College Copyright Bret Ingerman This.
Making Sense out of the Information Security and Privacy Alphabet Soup in terms of Data Access A pragmatic, collaborative approach to promulgating campus-wide.

Making Sense out of the Information Security and Privacy Alphabet Soup in terms of Data Access A pragmatic, collaborative approach to promulgating campus-wide.
© Copyright Computer Lab Solutions 2006. All rights reserved. Do you need usage information about your computer labs? Copyright Computer Lab Solutions.

© Copyright Computer Lab Solutions All rights reserved. Do you need usage information about your computer labs? Copyright Computer Lab Solutions.
Cut Costs and Increase Productivity in your IT Organization with Effective Computer and Network Monitoring. Copyright © T3 Software Builders, Inc 2004.

Cut Costs and Increase Productivity in your IT Organization with Effective Computer and Network Monitoring. Copyright © T3 Software Builders, Inc 2004.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.

CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.
Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, 2007. This work is the intellectual property rights of the author.

Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, This work is the intellectual property rights of the author.
Making the Case for Security: An Application of the NIST Security Assessment Framework to GW January 17, 2003 David Swartz Chief Information Officer Guy.

Making the Case for Security: An Application of the NIST Security Assessment Framework to GW January 17, 2003 David Swartz Chief Information Officer Guy.
Southwest Educause 2003 © Baylor University 2003 Adapting Enterprise Security to a University Environment Bob Hartland Director of IT Servers and Network.

Southwest Educause 2003 © Baylor University 2003 Adapting Enterprise Security to a University Environment Bob Hartland Director of IT Servers and Network.
Educause Security 2007ISC Information Security Copyright Joshua Beeman, 2007. This work is the intellectual property of the author. Permission is granted.

Educause Security 2007ISC Information Security Copyright Joshua Beeman, This work is the intellectual property of the author. Permission is granted.
Information Security Policies and Standards

Information Security Policies and Standards
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
Principles of Information Security Kris Rosenberg, Chief Technology Officer Oregon State University College of Business Kris Rosenberg, Chief Technology.

Principles of Information Security Kris Rosenberg, Chief Technology Officer Oregon State University College of Business Kris Rosenberg, Chief Technology.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard
Network and Systems Security Security Awareness, Risk Management, Policies and Network Architecture.

Network and Systems Security Security Awareness, Risk Management, Policies and Network Architecture.
© 2003 by Carnegie Mellon University page 1 Information Security Risk Evaluation for Colleges and Universities Carol Woody Senior Technical Staff Software.

© 2003 by Carnegie Mellon University page 1 Information Security Risk Evaluation for Colleges and Universities Carol Woody Senior Technical Staff Software.
Copyright Anthony K. Holden, 2003. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

Copyright Anthony K. Holden, This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
Wireless LANs A Case Study of Baylor University’s Wireless Network Copyright Bob Hartland 2002 This work is the intellectual property of the author. Permission.

Wireless LANs A Case Study of Baylor University’s Wireless Network Copyright Bob Hartland 2002 This work is the intellectual property of the author. Permission.

Similar presentations

Ads by Google