Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Assessments The Baylor University Experience.

Published byEsther Lane Modified over 9 years ago

Similar presentations

Presentation on theme: "Security Assessments The Baylor University Experience."— Presentation transcript:

1 Security Assessments The Baylor University Experience

2 Baylor in Overview 13,800 students, 2000 employees 85 buildings networked Server farm in DMZ

3 Why an Assessment? Helps you stay out of the news! Legal and PR issues Defines a baseline for Risk Level

4 Choosing a Vendor Unbiased look at your system Expertise, experience Documentation -- Formal report Good -- documents your vulnerabilities, engages your people. Bad -- documents your vulnerabilities, now you’re on the hook!

5 Three types of vendors Tier Three Relatively inexpensive Relatively limited in scope, results. Tier Two External and internal scans medium to high cost.

6 The High Priced Spread Scope, scans are customizable Verification of vulnerabilities Detailed (380pp!) report with recommendations

7 Take-Away Lessons It’s about trust and confidence Remember non-disclosure agreements Redefine scope after first meeting Watch those sensitive times -- things may break! Name a point person to handle ALL issues

8 Take-away Lessons Social engineering will go on. Put ‘em in a hidden location, don’t warn rest of CIT. Social engineering is scary stuff! It takes a while, 2 weeks off-campus, 2 weeks on. Prioritize vulnerabilities and remediation

9 Was it worth it? Got the attention of the right people Be inclusive of findings IT personnel Departmental IT personnel General Counsel Executive staff Multi-year agreement can reduce cost

10 The BotHerd is Coming University of Albany Martin Manjak, ISO, Justin Azoff, Network Analyst University of Albany Martin Manjak, ISO, Justin Azoff, Network Analyst

11 About UAlbany 17,400 students, 700 faculty, 8000 residents September 2004 over 800 systems booted from network 1000+ open tickets first week of class 3 week wait for remediation appointment

12 Never Again! Technical Track (later) Social Engineering Track More about people than technology Never stop working on awareness

13 Need a Narrative “Didn’t you read the letter we sent?” Technology is a turn-off to many. Craft a narrative where students can self- identify, “Did you hear the story about...” Focus on behaviour and change

14 Design is Key Attractive format, good graphics People, not screen shots. Series of brochures were created Trade ‘em, collect the whole set! Advertised the Network Survival Kit

15 The Security Quiz Online Quiz in Ethics and Security Required to gain Network access Must get 10 out of 10 right to pass Using the network means you passed, therefore you know the requirements, so No excuses when you’re kicked off.

16 2004 vs. 2005 Results Cut September’s trouble tickets in half While network registrations increased 23%

17 Technology lags education XP SP2 Firewall, patches responsible for some reduction in vulnerabilities, but New threat vectors (AIM, Web links) are emerging. Patches won’t stop students (and staff!) from clicking Firewall on -- unable to scan it.

18 Technical Measures 80k HTTP flows and 1 IRC? (not 6667) Never-admit IRC on Packetshaper, with a whitelist of servers Scan IPs using blocked IRC, collecting banners, if open. Interesting things can be observed...

19 Not your father’s FTP server

20 IRC Bots come in 2^32 types Bots have one or more C&C IP addresses embedded in them IP based Whack-a-mole, easy to detect DNS based HA, load-balanced, redundant botnet!

21 You.GotPwndBy.us When DNS bots wake up, they must resolve that C&C address. Log your DNS queries Frequent flyers, bad hostname list hosts in.info,.us,.cx, not.com,.edu IDS, IPS also a help (they didn’t have)

22 Resources Conference site: http://www.educause.edu/Program/8355 Botnet slides: http://www.albany.edu/~ja6447/educause/ http://www.albany.edu/~ja6447/educause/ UNiversity Security Operations Group, unisog@lists.sans.org (http://www.dshield.org/mailman/listinfo/unisog) unisog@lists.sans.orghttp://www.dshield.org/mailman/listinfo/unisog SECURITY@listserv.educause.edu REN-ISAC, http://ren-isac.net/http://ren-isac.net

23 Shameless Plug Suggestions? Comments? Smaller Colleges -- Interested? Presentation Topics, Tracks, Training? Suggestions? Comments? Smaller Colleges -- Interested? Presentation Topics, Tracks, Training?

Download ppt "Security Assessments The Baylor University Experience."

Similar presentations

JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.

JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
1 A Tale of 2 Tracks: #1 Social Engineering Your Students! Or…Dealing with a Series of Unfortunate Events Martin Manjak, ISO Justin Azoff, Network Analyst.

1 A Tale of 2 Tracks: #1 Social Engineering Your Students! Or…Dealing with a Series of Unfortunate Events Martin Manjak, ISO Justin Azoff, Network Analyst.
Managing A Secure Infrastructure – Tales From the Trenches November 6, 2003.

Managing A Secure Infrastructure – Tales From the Trenches November 6, 2003.
I NDULGENC E There is no need for oversight or management direction. All staff members are superstars and act in the best interest of the company.

I NDULGENC E There is no need for oversight or management direction. All staff members are superstars and act in the best interest of the company.
Security Controls – What Works

Security Controls – What Works
How (not) to use your firewall Jurjen N.E. Bos Information Security Consultant.

How (not) to use your firewall Jurjen N.E. Bos Information Security Consultant.
Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.

Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.
Beth Johnson April 27, 1998. What is a Firewall Firewall mechanisms are used to control internet access An organization places a firewall at each external.

Beth Johnson April 27, What is a Firewall Firewall mechanisms are used to control internet access An organization places a firewall at each external.
Unit 28- Website Development Assignment 1- THEORY P3

Unit 28- Website Development Assignment 1- THEORY P3
Effort in hours Duration Over Weeks Or Months Inception Launch Web Lifecycle Methodology Maintenance Phases 1234576891011 Copyright Wonderlane Studios.

Effort in hours Duration Over Weeks Or Months Inception Launch Web Lifecycle Methodology Maintenance Phases Copyright Wonderlane Studios.
1 The Botherd is Coming! Part II The Technical Response Justin Azoff University at Albany EDUCAUSE Live! June 21 st, 2006.

1 The Botherd is Coming! Part II The Technical Response Justin Azoff University at Albany EDUCAUSE Live! June 21 st, 2006.
Building a Campus Dshield Randy Marchany IT Security Lab VA Tech Blacksburg, VA 24060

Building a Campus Dshield Randy Marchany IT Security Lab VA Tech Blacksburg, VA 24060
1. Introduction The underground Internet economy Web-based malware The system analyzing the post-infection network behavior of web-based malware How do.

1. Introduction The underground Internet economy Web-based malware The system analyzing the post-infection network behavior of web-based malware How do.
Technical Training: DIR-615

Technical Training: DIR-615
Website Hardening HUIT IT Security | Sep 30 2011.

Website Hardening HUIT IT Security | Sep
Reconnaissance & Enumeration Baseline, Monitor, Detect, Analyze, Respond, & Recover Hervey Allen Chris Evans Phil Regnauld September 3 – 4, 2009 Santiago,

Reconnaissance & Enumeration Baseline, Monitor, Detect, Analyze, Respond, & Recover Hervey Allen Chris Evans Phil Regnauld September 3 – 4, 2009 Santiago,
Cyber Security Audit and Network Monitoring P.D. Mynatt Doug Brown March 19 th 2015.

Cyber Security Audit and Network Monitoring P.D. Mynatt Doug Brown March 19 th 2015.
Sravanthi Vattikuti Sri Harsha Devabhaktuni

Sravanthi Vattikuti Sri Harsha Devabhaktuni
Web Security Demystified Justin C. Klein Keane Sr. InfoSec Specialist University of Pennsylvania School of Arts and Sciences Information Security and Unix.

Web Security Demystified Justin C. Klein Keane Sr. InfoSec Specialist University of Pennsylvania School of Arts and Sciences Information Security and Unix.
Botnets An Introduction Into the World of Botnets Tyler Hudak

Botnets An Introduction Into the World of Botnets Tyler Hudak

Similar presentations

Ads by Google