Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 A Tale of 2 Tracks: #1 Social Engineering Your Students! Or…Dealing with a Series of Unfortunate Events Martin Manjak, ISO Justin Azoff, Network Analyst.

Published byJuniper Barton Modified over 9 years ago

Similar presentations

Presentation on theme: "1 A Tale of 2 Tracks: #1 Social Engineering Your Students! Or…Dealing with a Series of Unfortunate Events Martin Manjak, ISO Justin Azoff, Network Analyst."— Presentation transcript:

1 1 A Tale of 2 Tracks: #1 Social Engineering Your Students! Or…Dealing with a Series of Unfortunate Events Martin Manjak, ISO Justin Azoff, Network Analyst EDUCAUSE Live Webcast June 21st 2006 Copyright Martin Manjak 2006. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author

2 2 Background Info Marty-Director of ResNet since inception at U@A (1995), recently appointed ISO (2/06) Justin-Network Analyst, former student employee of Marty’s, reigning Nessus, Nmap, & Scripting guru.

3 3 About UAlbany One of Four University Centers of SUNY 614 Full Time Faculty 311 Part Time Faculty 12,000 Undergrads 5,400 Grads 7,773 Residents 7,796 Fall ’06 System Registrations

4 4 Some History 2003: Year of the Worm: Blaster, Welchia, Nachi. UAlbany Escaped! 2004: We started scanning and kicking All hell broke loose!!!!

5 5 Snapshot of September, 2004 486 systems booted from network At one point, over 800 systems suspended 1000+ open tickets first week of class Help Desk Hammered! 3 Week Wait for Remediation Appt. Parents calling CIO and President’s Ofc. Our fault: “Your network infected my machine!”

6 6 Never Again! “Today was the worst day in the history of the Internet.” –Justin L., Student Help Desk Shift Supervisor.

7 7 How Will We Prevent Reoccurrence? Technical Track Social Engineering Track – “More about people than technology.” – “Never stop working on awareness.” Ced Bennett

8 8 We “social” you Obviously the message about securing your machine wasn’t getting through. – “Did you read the letter we sent?!” – “I don’t know much about computers.” Needed a different approach Needed a focused, consistent message

9 9 Need a Narrative People only do things for a reason. The assumption that students would want to secure their machines was based on the premise that they understood the threats. Painfully false! Awareness needed to motivate “right” action Focus shifts from “You need to do this,” to “Hey, did you hear the story about…?” Craft a narrative where students can self-identify

10 10 Design is Key This approach requires first rate design and graphics. Pictures of people; not screen shots. Focus on behavior to elicit self recognition: “Gee, I do that.” Use behavior shift as key to implementation of safeguards.

11 11 Collect all Three and Trade Them with Your Friends. Created a series of brochures to spark interest in complete set Each brochure focused on one threat or behavior Allowed us to be more diverse in representing student body Created “buzz” for …

12 12 Network Survival Kit All brochures made reference to the kit in an attempt to create demand prior to arrival. Coordination with ResLife crucial to getting kit distributed on day one.

13 13 Orientation Indoctrination Redesigned IT presentation for summer orientation of incoming students Much more emphasis on security requirements Sanctions: loss of service, restoration fee Parents informed, too

14 14 No letter this time Letter was an abysmal failure to alert arrivals to security requirements and consequences Student employee suggested postcard Obvious advantages: – You don’t have to open it – Visually more interesting – Cheaper to mail (but more expensive to produce) – Timed arrival

15 15 Taking no chances…Security Quiz In past, all students required to take an on- line ethics quiz before they receive unrestricted IP For fall 05, security component added Students must pass through this gate Must get 10 out of 10 to pass Quiz based on our security requirements

16 16 No Excuses Using the network means you passed the quiz Which means you know about our security requirements Which means you can’t complain when we kick you off for failing to implement them Also works for DMCA violations

17 17 The Numbers, Please Tracker Statistics 08/18/2004 to 09/30/2004 Ticket Counts 2004 Worked on3057 Opened2967 Closed2836 To Telecom36 Email2321 Phone/Walk in646

18 18 How did we do? Tracker Statistics 08/18/2005 to 09/30/2005 Ticket Counts 20042005 Worked on30571681 Opened29671613 Closed28361586 To Telecom3650 Email23211073 Phone/Walk in646540

19 19 Comparisons

20 20 And now, my esteemed colleague… XP SP2 played big role in reduction of hacked machines But they’re still out there, and patches can’t stop students from being click happy. New threat vectors emerging, i.e, IM How do we deal with these?

Download ppt "1 A Tale of 2 Tracks: #1 Social Engineering Your Students! Or…Dealing with a Series of Unfortunate Events Martin Manjak, ISO Justin Azoff, Network Analyst."

Similar presentations

Glenn Johnson John A. Dutton e-Education Institute Project Manager, Penn States e-Portfolio Initiative Glenn Johnson John A. Dutton e-Education Institute.

Glenn Johnson John A. Dutton e-Education Institute Project Manager, Penn States e-Portfolio Initiative Glenn Johnson John A. Dutton e-Education Institute.
What Does the Net Generation Expect From Us? SAC August 8, 2005 SAC August 8, 2005 Copyright © 2005, Joel L. Hartman. This work is the intellectual property.

What Does the Net Generation Expect From Us? SAC August 8, 2005 SAC August 8, 2005 Copyright © 2005, Joel L. Hartman. This work is the intellectual property.
Student, Faculty, and Staff Data Availability and Protection What’s the Back-Up Plan? (for academic computing) Sponsored by.

Student, Faculty, and Staff Data Availability and Protection What’s the Back-Up Plan? (for academic computing) Sponsored by.
© Copyright Computer Lab Solutions 2006. All rights reserved. Do you need usage information about your computer labs? Copyright Computer Lab Solutions.

© Copyright Computer Lab Solutions All rights reserved. Do you need usage information about your computer labs? Copyright Computer Lab Solutions.
Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, 2007. This work is the intellectual property rights of the author.

Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, This work is the intellectual property rights of the author.
Design & Development Scott Battaglia Application Developer Enterprise Systems and Services Rutgers, the State University of New Jersey

Design & Development Scott Battaglia Application Developer Enterprise Systems and Services Rutgers, the State University of New Jersey
Copyright Donald E. Harris 2002. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

Copyright Donald E. Harris This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
Copyright Sylvia Maxwell and Michael White, 2007. This work is the intellectual property of the author. Permission is granted for this material to be shared.

Copyright Sylvia Maxwell and Michael White, This work is the intellectual property of the author. Permission is granted for this material to be shared.
Copyright 2006 Copyright Seán O’Donnell 2006. This work is the intellectual property of the author. Permission is granted for this material to be shared.

Copyright 2006 Copyright Seán O’Donnell This work is the intellectual property of the author. Permission is granted for this material to be shared.
Andrea Eastman-Mullins Information & Technology Coordinator University of North Carolina, Office of the President Teaching and Learning with Technology.

Andrea Eastman-Mullins Information & Technology Coordinator University of North Carolina, Office of the President Teaching and Learning with Technology.
Dictatorship and Diplomacy; The Campus Politics of Successful IT Projects Utah State University – Logan, Utah 84322 Dictatorship & Diplomacy The Campus.

Dictatorship and Diplomacy; The Campus Politics of Successful IT Projects Utah State University – Logan, Utah Dictatorship & Diplomacy The Campus.
Disaster Prevention and a Student Team A cost effective model of Student Computer Support at Claremont McKenna College Micheal Malsed -Asst. Director for.

Disaster Prevention and a Student Team A cost effective model of Student Computer Support at Claremont McKenna College Micheal Malsed -Asst. Director for.
Copyright Jill M. Forrester 2008. This work is the intellectual property of the author. Permission is granted for this material to be shared for non- commercial,

Copyright Jill M. Forrester This work is the intellectual property of the author. Permission is granted for this material to be shared for non- commercial,
1 Penn State/Napster 2.0 Trial Russell S Vaught Associate Vice Provost, Information Technology Copyright Russell S. Vaught 2004. This work.

1 Penn State/Napster 2.0 Trial Russell S Vaught Associate Vice Provost, Information Technology Copyright Russell S. Vaught This work.
Educause Security 2007ISC Information Security Copyright Joshua Beeman, 2007. This work is the intellectual property of the author. Permission is granted.

Educause Security 2007ISC Information Security Copyright Joshua Beeman, This work is the intellectual property of the author. Permission is granted.
Advancing Security Programs through Partnerships Cathy HubbsShirley Payne IT Security Coordinator Director for Security Coordination & Policy George Mason.

Advancing Security Programs through Partnerships Cathy HubbsShirley Payne IT Security Coordinator Director for Security Coordination & Policy George Mason.
1 EDUCAUSE 2006 Letting Go of ResNet A Panel Discussion on the Outsourcing of ResNet.

1 EDUCAUSE 2006 Letting Go of ResNet A Panel Discussion on the Outsourcing of ResNet.
The Milliennial Instructor The Milliennial Student... and now... The Milliennial Instructor? Carl Berger Copyright by the author, 2007. This work is the.

The Milliennial Instructor The Milliennial Student... and now... The Milliennial Instructor? Carl Berger Copyright by the author, This work is the.
Project Governance: Avoiding “Administrivia” Lisa Kosanovich Project Manager Center for Instructional Design Brigham Young University

Project Governance: Avoiding “Administrivia” Lisa Kosanovich Project Manager Center for Instructional Design Brigham Young University
Copyright 2008, Elizabeth A. Evans. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

Copyright 2008, Elizabeth A. Evans. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

Similar presentations

Ads by Google