Presentation is loading. Please wait.

Presentation is loading. Please wait.

STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Desktop Security Strategy Common Solutions Group September 19, 2006 Bill Clebsch.

Published byScot Poole Modified over 9 years ago

Similar presentations

Presentation on theme: "STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Desktop Security Strategy Common Solutions Group September 19, 2006 Bill Clebsch."— Presentation transcript:

1 STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Desktop Security Strategy Common Solutions Group September 19, 2006 Bill Clebsch

2 STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES 9/19/06page 1 Agenda Why Do Universities Need Firewalls? What are the Other Methods? What Is Stanford’s Firewall Design? How Does the R1 Community Proceed?

3 STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES 9/19/06September 2006 Common Solutions Group Meetingpage 2 How are Universities Targeted? ●www.privacyrights.org tracks data breaches reported since the ChoicePoint incident, February 2005 ●Between 2/15/05 to 2/20/06 there were 125 incidents reported, 53 million records compromised ●46% of these incidents were at colleges/universities ●The breach pattern at colleges/universities 65% hacking 21% stolen computers 10% exposed online/sent email 4%dishonest insider

4 STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES 9/19/06September 2006 Common Solutions Group Meetingpage 3 What Is The Cost of An Incident? The Cost of Incidents ●Breach of medical privacy award against U of WV: $2.3M ●Privacy settlement for Mental Health Provider: $3.5M ●Fundraising at Ohio University drops in response to security breaches: 25% reduction in donations (May-June 2005 vs 2006) The Cost of Incidents at Stanford ●Campus-wide [non-destructive] infection: ($2M) ●Credit card data: Next incident (~1.6M) ●Email shut down: missed grant deadline: (Much bigger) ●Stolen laptop: 5 donors notified: (Priceless) What is the Experience at Your School ?

5 STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES 9/19/06September 2006 Common Solutions Group Meetingpage 4 Steps to Secure Stanford’s Network SolutionWhat It DoesWhy Do We Need More? Network Self Registration Only clean machines can register to the network Prevents “sick” machines from registering to the network – protects against an “inside out” attack Still vulnerable to malicious attacks (whether internal or external) A point-in-time guarantee that the machine was clean BigFix Keeps machines clean, automatically Automatically distributes and installs critical security patches to Microsoft machines Voluntary program, not all computers covered (just getting to students) Data Center Firewalls Data Center resources are protected Protects applications and data located inside the Data Center, primarily used for administrative applications and data Departmental data not in Data Center still at risk o Departmental Firewalls Resources inside defined perimeter are protected Protects applications and data within boundaries of defined perimeter (eg: department, internet, students, etc.) and allows custom, flexible, solutions for different environments Restricted data may still need to be encrypted And we can add IDP Are You Taking Similar Steps?

6 STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES 9/19/06September 2006 Common Solutions Group Meetingpage 5 What Does the Firewall Solution Look Like?

7 STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES 9/19/06September 2006 Common Solutions Group Meetingpage 6 What are the Best Ways to Protect University and Personal Desktops & Laptops?

Download ppt "STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Desktop Security Strategy Common Solutions Group September 19, 2006 Bill Clebsch."

Similar presentations

Welcome To Presentation on Holistic Information Security Management.

Welcome To Presentation on Holistic Information Security Management.
PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.

PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
DATA BREACHES IN HEALTHCARE BY CHUCK EASTTOM

DATA BREACHES IN HEALTHCARE BY CHUCK EASTTOM
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Target Data Breach – Cost of the Learning Curve Discuss the recent Target data breach and its impact on the industry as well as individuals January 29/30,

Target Data Breach – Cost of the Learning Curve Discuss the recent Target data breach and its impact on the industry as well as individuals January 29/30,
2014 Leadership Lunch & Learn Series “SECURITY FROM THE TOP DOWN”

2014 Leadership Lunch & Learn Series “SECURITY FROM THE TOP DOWN”
It’s Time to Upgrade Your Thinking. 2012 Q1 & Q2 Cyber Breaches Source: Identity Theft Resource Center, 7/2/12 213 breaches with over 8.5 million records.

It’s Time to Upgrade Your Thinking Q1 & Q2 Cyber Breaches Source: Identity Theft Resource Center, 7/2/ breaches with over 8.5 million records.
Challenges and Incidents in Higher Ed. About->Presenter Zach Jansen Information Security Officer, Calvin College.

Challenges and Incidents in Higher Ed. About->Presenter Zach Jansen Information Security Officer, Calvin College.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.

Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.
Blended Threats and Layered Defenses Security Protection in Today’s Environment Marshall Taylor

Blended Threats and Layered Defenses Security Protection in Today’s Environment Marshall Taylor
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.

Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Quantitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Quantitative.
Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.

Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.
Nate Olson-Daniel Director of Strategic Development & Principal Engineer The Inevitable Attack.

Nate Olson-Daniel Director of Strategic Development & Principal Engineer The Inevitable Attack.
Security Computing Practices Plamen Martinov Chief Information Security Officer.

Security Computing Practices Plamen Martinov Chief Information Security Officer.

Similar presentations

Ads by Google