Presentation on theme: "April 2005: Ariba workstations hacked with 11,600 SSNs President Jischke and VPIT Jim Bottum meeting Academic Officers meeting Business Services memo."— Presentation transcript:
April 2005: Ariba workstations hacked with 11,600 SSNs President Jischke and VPIT Jim Bottum meeting Academic Officers meeting Business Services memo Student Services memo Consequences in ITaP group Indicated consequences in academics Why are changes taking place?
Sensitive and Restricted data no longer stored on EDU workstations Unsupported 3 rd party software and networked apps not longer installed on EDU computers Limit user access to operating system files/folders to prevent accidental compromise Move all public web sites to new dedicated web server Turn off web servers on file servers What are we doing?
1. 1.Data Classification: What needs to be secured and how can it be secured 2. 2.Purdue Policies: Security and Privacy, IT Resource Usage 3. 3.Identity Theft 4. 4.Exploits: Viruses, Worms, HackerDefender, Remote-Control, Spyware, Malware 5. 5.Network Applications: How they work and how they are exploited 6. 6.Countermeasures: Anti-Virus software, Firewalls, Software Patches 7. 7.Best Practices 8. 8.COE Security Policy
1. 1.Data Classification a) a)Public Information which may or must be open to the general public. Defined as information with no existing local, national, or international legal restrictions on access. Course catalog b) b)Sensitive Information whose access must be guarded due to proprietary, ethical, or privacy considerations. This classification applies even though there may not be a civil statute requiring this protection. Student PUID, Name, Address, Phone Number c) c)Restricted Information protected because of protective statutes, policies or regulations. This level also represents information that isn't by default protected by legal statue, but for which the Information Owner has exercised their right to restrict access. SSN, DSS, Course/Grade Rosters, Student Academic Records (FERPA)
1. 1.Purdue Policies: Security and Privacy, IT Resource Usage 1. 1.Data Confidentiality A. A.FERPA - Family Educational Rights and Privacy Act of 1974 Protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education. FERPA gives parents certain rights with respect to their children's education records. These rights transfer to the student when he or she reaches the age of 18 or attends a school beyond the high school level. Students to whom the rights have transferred are "eligible students." B. B.GLBA – Gramm-Leach-Bliley Act Ensure the security and confidentiality of customer information. Protect against anticipated threats to the security or integrity of customer information. Guard against unauthorized access to or use of customer information that could result in harm or inconvenience to any customer. Comply with applicable Gramm Leach Bliley rules as published by the Federal Trade Commission. C. C.HIPPA - Health Insurance Portability and Accountability Act of 1996 Protect the medical privacy of patients and health plan members. In general, HIPAA privacy regulations allow covered health care providers and health plans to share information for the purposes of treatment, payment, and health care operations 2. 2.SSN Usage 3. 3.IT Resources Usage
1. 1.Identity Theft – How does it work? 1. 1.Collect information – fill in the blanks 1. 1.SSN, Name, Address, Phone, Family Members, Maiden Name, Email 2. 2.Complete Credit Card Application or Online Loan Application
1. 1.Network Applications: How they work and how they are exploited 1. 1.PORTS – Windows to the world 2. 2.Port Scanning, DDOS, IP Spoofing / SYN Flooding, Network Sniffing http://www.ciac.org/ciac/bulletins/g-48.shtml http://www.ciac.org/ciac/bulletins/g-48.shtml 3. 3.A compromised computer can spread its infection though Address Books, Buddy Lists, Networked File Servers, Etc.
http://www.computerweekly.com/Articles/Article.aspx?liArticleID=210766 Instant messaging security attacks soar 2,700% by Antony SavvasAntony Savvas Friday 8 July 2005 The threat of new instant messaging security attacks to enterprises has rocketed 2,700% in the second quarter of the year, according to instant messaging security researcher IMlogic. During the second quarter IMlogic issued 15 priority IM security alerts to enterprises and says it tracked more than 540 new IM security threats in the wild. IMlogic said corporate environments were being increasingly targeted and that businesses had to prepare for and defend against such threats. IMlogic said 70% of reported infections from IM malware it tracked affected enterprises using popular IM applications such as AOL Instant Messenger, MSN Messenger, Windows Messenger, and Yahoo! Messenger. The increasing IM threat is one reason why some companies have attempted to stop employees using instant messaging altogether, despite its popularity among disparate sales and marketing teams, among others.
The IMlogic Threat Center believes that the increase in attacks in Q1 and Q2 2005 are attributed to virus writers and attackers focusing on the IM and P2P channel as a vector for communication, infection and propagation. Attacks that uniquely targeted IM and P2P in 2005 are increasing in both distribution and sophistication, exploiting known application and end-user vulnerabilities. The IMlogic Threat Center expects that both IM and P2P specific attacks, and the inclusion of IM and P2P in blended-threats, will increase substantially throughout 2005. The IMlogic Threat Center expects that IM attacks will continue to spread rapidly given the real-time nature of the transport protocol and the lack of IT network security for real-time protection and quarantine.