Presentation is loading. Please wait.

Presentation is loading. Please wait.

NDSU IT Security Theresa Semmens Chief Information Technology Security Officer Jeff Gimbel Senior Security Analyst.

Published byBenedict Ryan Modified over 9 years ago

Similar presentations

Presentation on theme: "NDSU IT Security Theresa Semmens Chief Information Technology Security Officer Jeff Gimbel Senior Security Analyst."— Presentation transcript:

1

2

3

4 NDSU IT Security Theresa Semmens Chief Information Technology Security Officer Jeff Gimbel Senior Security Analyst

5 NDSU Physical Infrastructure Open Network –External facing network 79 subnets Open to Internet –Internal facing network 79 subnets Open to the University System and some statewide entities –Firewalled network Used by some departments for regulatory compliance –Server room network Used for server to server communication (i.e., backup)

6 NDSU IT Infrastructure Supported Departments Distributed IT Independent Departments

7 A Little History –2004, ND Information Technology Department SNMP Scan – Found a majority of printers on the University System network that had SNMP set to public –2008, Foundstone 175 insecure devices recognized as printers

8 How did the printer problem really come to light? Nessus scan –Removed the safe scan See how much paper would be wasted –LaserJet M 602 3 sheets –Nessus findings FTP open Telnet open Web page default username and password SNMP community name set to public

9 How did the printer problem really come to light? (continued) Brought to the attention of IT leadership –Nessus set to “scan the entire network” –Work out alternative solution

10 Is this really a problem? 2008 - NDSU dropped support for printers as cost-savings initiative Currently, departments request DNS name for purchased printers –Name is granted within our naming scheme –Name is added to an install script Printer plugged into the network

11 Is this really a problem?

12

13

14 Methodology 1.Tools – What are we going to use? 2.Locating devices – How widespread is the problem? 3.Policies and procedures – Shouldn’t we have covered this somewhere? 4.Identification and notification – How do we let stakeholders know their printers are not secure? 5.Reactions – How could we have been so wrong about how stakeholders would react? 6.Interesting problems – It did WHAT? 7.First follow-up scan – Is it working?

15 Tools Used Angry IP scanner (GPLv2) Putty (GNU GPL) WinSCP (GNU GPL) Microsoft Excel (campus agreement) Student Employee

16 Locating Devices Finding what is on the network Angry IP Scanner –http://angryip.org/w/Home

17 Locating Devices (continued)

18 Findings External network – Outward facing –3,526 active hosts (June 7) –67 recognizable printers Internal network – Not routable to the Internet –1885 active hosts (June 6) –509 recognizable printers

19 How bad is it? Human solution for finding the vulnerabilities in the printers –Didn’t want to be responsible for: Crashing printers Reams of wasted paper Default usernames and passwords

20 Methodology What did the student employee do? –Opened a browser to IP and hostname Tried to log in using defaults –Used Putty to Telnet into IP or hostname Port 23 –Tried anonymous FTP connection with WinSCP Port 21 Anonymous login selected

21 Findings (continued) External network – 67 printers –20 with anonymous FTP logins (30%) –20 default user/admin accounts (30%) –9 Telnet logins (13%)

22 Findings (continued) Internal network – 509 printers –177 with anonymous FTP logins (35%) –219 default user/admin accounts (43%) –156 Telnet logins (31%)

23 Policies and Procedures Reviewed existing policies and procedures –Did we have any? –Why were they not being followed? –Should we create new ones? –How do we enforce new policies and procedures?

24 Review of Policies, Procedures Vague policies –N.D. University System 1901.2 –NDSU 158 No documented procedures –No procedures meant few people knew what should have been done Started new procedures right away –Isn’t getting client buy-in the most difficult task anyway?

25 Vendors Mind tricks, (policies or procedures) do not work on them, only money Need to make sure departments consult with central IT unit before making purchases of devices that will be placed on the network

26 Identification and Notification DNS names include department name, for the most part For others, impossible to know to which department they belonged

27 Methodology Sent emails to identified groups –IP address –DNS name –Vulnerabilities found –Directions for cleanup Worked with communications coordinator and IT Help Desk

28 Methodology Sent out the emails and we waited

29 Reactions Calm and collected Were able to configure devices with no problems Glad to help Panicked when contacted by security office Needed help with securing process Grateful for help

30 It did WHAT?!?!

31 Interesting Problems Printers no longer printing –Disabled port 9100 –Disabled SNMP –Client needed reconfiguration 1.Stop the print spooler 2.Delete all jobs in C:\Windows\syste m32\spool 3.Restart spooler 4.Delete all IP ports 5.Delete all printers 6.Restart computer 7.Setup printers

32 Problems (continued) Older printers did not have a Web-based configuration –Older Java Did not have any of the sections needed to configure –Configuration through Telnet set-password – Changes default password ftp-config:0 – Disables FTP set-cmnty-name: - Changes default SNMP Idle-timeout: 5 – Sets short timeout for Telnet

33 Follow-Up Scan External network –Initially 67 printers 20 with anonymous FTP logins (30%) 20 default user/admin accounts (30%) Telnet logins (13%) –First follow-up scan found 67 Printers 16 with anonymous FTP logins (24%) 17 default user/admin accounts (25%) 7 Telnet logins (10%)

34 Follow-Up Scan Internal network –Initially 509 printers 177 with anonymous FTP logins (35%) 219 default user/admin accounts (43%) 156 Telnet logins (31%) –First follow-up scan found 509 Printers 129 with anonymous FTP logins (25%) 182 default user/admin accounts (36%) 118 Telnet logins (23%)

35 What’s Next?

36 Questions?

Download ppt "NDSU IT Security Theresa Semmens Chief Information Technology Security Officer Jeff Gimbel Senior Security Analyst."

Similar presentations

Smartphone and Mobile Device Security IT Communication Liaisons Meeting October 11, 2012 Theresa Semmens, CITSO.

Smartphone and Mobile Device Security IT Communication Liaisons Meeting October 11, 2012 Theresa Semmens, CITSO.
A new way of printing at S.T.C.C.

A new way of printing at S.T.C.C.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
Operating System Customization

Operating System Customization
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
Network Security Testing Techniques Presented By:- Sachin Vador.

Network Security Testing Techniques Presented By:- Sachin Vador.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Security Tools CS-480b Dick Steflik. CACLS Windows NT, W2000, XP Displays or modifies access control lists (ACLs) of files.

Security Tools CS-480b Dick Steflik. CACLS Windows NT, W2000, XP Displays or modifies access control lists (ACLs) of files.
SIRT Contact Orientation Security Incident Response Team Departmental Security Contacts April 16, 2004.

SIRT Contact Orientation Security Incident Response Team Departmental Security Contacts April 16, 2004.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.
Module 6 Windows 2000 Professional 6.1 Installation 6.2 Administration/User Interface 6.3 User Accounts 6.4 Managing the File System 6.5 Services.

Module 6 Windows 2000 Professional 6.1 Installation 6.2 Administration/User Interface 6.3 User Accounts 6.4 Managing the File System 6.5 Services.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 8 Introduction to Printers in a Windows Server 2008 Network.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 8 Introduction to Printers in a Windows Server 2008 Network.
Computer Networks IGCSE ICT Section 4.

Computer Networks IGCSE ICT Section 4.
A+ Guide to Software, 4e Chapter 11 Supporting Printers and Scanners.

A+ Guide to Software, 4e Chapter 11 Supporting Printers and Scanners.
1 Chapter Overview Introduction to Windows XP Professional Printing Setting Up Network Printers Connecting to Network Printers Configuring Network Printers.

1 Chapter Overview Introduction to Windows XP Professional Printing Setting Up Network Printers Connecting to Network Printers Configuring Network Printers.
Remote Accessing Your Home Computer Using VNC and a Dynamic DNS Name.

Remote Accessing Your Home Computer Using VNC and a Dynamic DNS Name.
Windows Server 2008 Chapter 6 Last Update 2012.05.23 1.0.0.

Windows Server 2008 Chapter 6 Last Update
Advanced Networking for DVRs

Advanced Networking for DVRs
Getting Connected to NGS while on the Road… Donna V. Shaw, NGS Convocation.

Getting Connected to NGS while on the Road… Donna V. Shaw, NGS Convocation.

Similar presentations

Ads by Google