Southwest Educause 2003 © Baylor University 2003 Adapting Enterprise Security to a University Environment Bob Hartland Director of IT Servers and Network.

Slides:



Advertisements
Similar presentations
CHECK 2012 Bridging the Gap for Mobile Devices: Eager Adoption v. Practical Support Emporia State University The Faculty & Staff Support Perspective Cory.
Advertisements

Data, Policy, Stakeholders, and Governance Amy Brooks, University of Michigan – Ann Arbor Bret Ingerman, Vassar College Copyright Bret Ingerman This.
Making Sense out of the Information Security and Privacy Alphabet Soup in terms of Data Access A pragmatic, collaborative approach to promulgating campus-wide.
© Copyright Computer Lab Solutions All rights reserved. Do you need usage information about your computer labs? Copyright Computer Lab Solutions.
Cut Costs and Increase Productivity in your IT Organization with Effective Computer and Network Monitoring. Copyright © T3 Software Builders, Inc 2004.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, This work is the intellectual property rights of the author.
Making the Case for Security: An Application of the NIST Security Assessment Framework to GW January 17, 2003 David Swartz Chief Information Officer Guy.
Educause Security 2007ISC Information Security Copyright Joshua Beeman, This work is the intellectual property of the author. Permission is granted.
Advancing Security Programs through Partnerships Cathy HubbsShirley Payne IT Security Coordinator Director for Security Coordination & Policy George Mason.
Information Security Policies and Standards
Security+ Guide to Network Security Fundamentals
Principles of Information Security Kris Rosenberg, Chief Technology Officer Oregon State University College of Business Kris Rosenberg, Chief Technology.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
UWM CIO Office A Collaborative Process for IT Training and Development Copyright UW-Milwaukee, This work is the intellectual property of the author.
IT Strategic Planning From Technical Dreams to Institutional Reality
Payment Card Industry (PCI) Data Security Standard
David Sweeney, Director Brooke Woodruff, IT Manager
© 2003 by Carnegie Mellon University page 1 Information Security Risk Evaluation for Colleges and Universities Carol Woody Senior Technical Staff Software.
Copyright Anthony K. Holden, This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
Wireless LANs A Case Study of Baylor University’s Wireless Network Copyright Bob Hartland 2002 This work is the intellectual property of the author. Permission.
INDIANAUNIVERSITYINDIANAUNIVERSITY Automated Network Isolation at Indiana University David A. Greenberg Information Technology Security and Policy Office.
Risk Assessment 101 Kelley Bradder VP and CIO Simpson College.
Security Issues on Campus: Government Initiatives Rodney J. Petersen University of Maryland Educause/Internet2 Security Task Force Copyright Rodney J.
1 Institutions as Allies in the Security Challenge Wayne Donald, Virginia Tech Cathy Hubbs, George Mason University Darlene Quackenbush, James Madison.
1 Protecting Wintel Infrastructures: The University of Memphis Case Robert Jackson, University of Memphis Dr. Mark Frolick, Xavier University Copyright.
Information Security Governance in Higher Education Policy2004 The EDUCAUSE Policy Conference Gordon Wishon EDUCAUSE/Internet 2 Security Task Force This.
Network security policy: best practices
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Information Resources and Communications University of California, Office of the President System-Wide Strategies for Achieving IT Security at the University.
1 Fighting Back With An Alliance For Secure Computing And Networking Wayne Donald, Virginia Tech Cathy Hubbs, George Mason University Darlene Quackenbush,
Classroom Technologies Re-organization Copyright Kathy Bohnstedt, This work is the intellectual property of the author. Permission is granted for.
EDUCAUSE April 25, 2006Enforcing Compliance with Security Policies … Enforcing Compliance of Campus Security Policies Through a Secure Identity Management.
Accessibility, Integrity, & Confidentiality: Security Challenges for E-Business Rodney J. Petersen University of Maryland & Educause/Internet2 Security.
Stanford’s Patch Management Project   Ced Bennett May 17, 2004 Copyright Cedric Bennett This work is the intellectual property of the author. Permission.
Considerations for Patch Management – an RFP Extensive RFP Extensive RFP Pain in the Butt Pain in the Butt 10 Minutes to tell you about it 10 Minutes to.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
A First Course in Information Security
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
Office of Information Technology Balancing Technology and Privacy – the Directory Conundrum January 2007 Copyright Barbara Hope and Lori Kasamatsu 2007.
Discussion Panelists: Justin C. Klein Keane Sr. Information Security Specialist University of Pennsylvania Jonathan Hanny Application Security Specialist.
Chapter 6 of the Executive Guide manual Technology.
March 21, 2006 NERCOMP 2006 Worcester, Massachusetts 1 Copyright Sunny Donenfeld, This work is the intellectual property of the author. Permission.
Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,
Lesson 9-Information Security Best Practices. Overview Understanding administrative security. Security project plans. Understanding technical security.
Note1 (Admi1) Overview of administering security.
Knowing What You Missed Forensic Techniques for Investigating Network Traffic.
Center for Planning and Information Technology T HE C ATHOLIC U NIVERSITY of A MERICA Bringing IT All Back Home Centralized Systems in a Decentralized.
1 Effective Incident Response Presented by Greg Hedrick, Manager of Security Services Copyright Purdue University This work is the intellectual property.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
Information Security In the Corporate World. About Me Graduated from Utica College with a degree in Economic Crime Investigation (ECI) in Spring 2005.
Educause Security 2006 © Baylor University Security Assessments for Information Technology Bob Hartland Director of IT Servers and Network Services.
Chapter 3 Pre-Incident Preparation Spring Incident Response & Computer Forensics.
Quickly Establishing A Workable IT Security Program EDUCAUSE Mid-Atlantic Regional Conference January 10-12, 2006 Copyright Robert E. Neale This.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
Bringing it All Together: Charting Your Roadmap CAMP: Charting Your Authentication Roadmap February 8, 2007 Paul Caskey Copyright Paul Caskey This.
NMI-EDIT and Rice University Federated Identity Management: Managing Access to Resources in Texas Barry Ribbeck Director System Architecture and Infrastructure.
© 2009 Pittsburgh Supercomputing Center Server Virtualization and Security Kevin Sullivan Copyright Kevin Sullivan, Pittsburgh Supercomputing.
Dr. Mark Gaynor, Dr. Feliciano Yu, Bryan Duepner.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
Deployment of a Virtualized Server Grid
Julian Hooker Assistant Managing Director Educause Southwest
Educause/Internet 2 Computer and Network Security Task Force
Adapting Enterprise Security to a University Environment
INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.
BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT
Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.
Intrusion Detection system
Designing IIS Security (IIS – Internet Information Service)
Presentation transcript:

Southwest Educause 2003 © Baylor University 2003 Adapting Enterprise Security to a University Environment Bob Hartland Director of IT Servers and Network Services Jon Allen Coordinator of IT Security Tommy Roberson Manager of Servers And IT Security

Southwest Educause 2003 © Baylor University 2003 Overview of Presentation Baylor University IT Security Security through technology/hardware Security through People Putting it all together

Southwest Educause 2003 © Baylor University 2003 Baylor University 14,221 Students 1,750 Full Time Employees Waco, Texas

Southwest Educause 2003 © Baylor University 2003 Information Technology Organizational Chart Dr. Robert Sloan President Mr. David Brooks CFO Dr. Reagan Ramsower CIO & Dean of Libraries Bob Hartland Director of IT Servers and Networking Services Data NetworksBroadband VideoTelephone Network IT Servers and Security Tommy Roberson Jon Allen

Southwest Educause 2003 © Baylor University 2003 What is IT Security? “…the concepts, techniques, technical measures and administrative measures used to protect information assets from deliberate or inadvertent unauthorized acquisition, damage, disclosure, manipulation, modification, loss, or use…” [McDaniel - IBM Dictionary of Computing 1994] It is more beneficial to focus on good planning then it is to rely solely on fancy technology.

Southwest Educause 2003 © Baylor University 2003 Risks of Poor Security Loss of university productivity Public Relations problems Private Information (SSN, CC numbers, grades, etc.) Degradation or loss of client services

Southwest Educause 2003 © Baylor University 2003 Security– As Viewed by Industry Security is a priority (proactive) The ROI for security has become highly visible in the past 2-3 years. Compromise or downtime results in lost profits

Southwest Educause 2003 © Baylor University 2003 Security – As Viewed in an University Environment Threat to Academic Freedom A hindrance to research and education productivity Contention for funding

Southwest Educause 2003 © Baylor University 2003 Baylor’s Approach to IT Security Our security strategy can be divided into two parts Technology People

Southwest Educause 2003 © Baylor University 2003 Security through Technology Firewalls Intrusion Detection Systems VPN (encryption technologies) Logs Server Configuration Vulnerability Scanning

Southwest Educause 2003 © Baylor University 2003 Firewalls First line of network protection from outside world Must be strategically placed to be effective in universities One size does not fit all for firewall policies

Southwest Educause 2003 © Baylor University 2003 Firewall Recommendations Multiple firewalls are necessary in a university environment Firewall policies should be written with port level filtering.

Southwest Educause 2003 © Baylor University 2003 Intrusion Detection Systems Deployment must be highly targeted Networks and servers must be understood to limit false positives Not a substitute for good security practices

Southwest Educause 2003 © Baylor University 2003 Virtual Private Networks Ideal for limiting access and securing data transmission Great for extending the university network to students and remote campuses

Southwest Educause 2003 © Baylor University 2003 Logs Vital to identifying and resolving server and network problems Subtle or well planned attacks may only be seen through log evaluation Raises questions of academic freedom and big brother

Southwest Educause 2003 © Baylor University 2003 Server Configuration Servers should only run daemons/services that are necessary Use mailing lists and OS update services to maintain server patches Limit the services on servers that contain critical data

Southwest Educause 2003 © Baylor University 2003 Vulnerability Scanning Prioritize scans to focus on critical systems first. Be aware that false positives are common with scanning tools Scanning results can be used to point to weak points in networks and servers before they are abused

Southwest Educause 2003 © Baylor University 2003 Security through People Policies Procedures Education

Southwest Educause 2003 © Baylor University 2003 Policies-Creation Important to bring in other departments Anticipate problems Try to make policies broad enough to cover many issues

Southwest Educause 2003 © Baylor University 2003 Policies-Modification Be flexible Policies are an ongoing work There will always be exceptions to policy

Southwest Educause 2003 © Baylor University 2003 Policies-Enforcement Must have administrative backing for policies Helpful to explain this to various departments Must establish consistent method for dealing with student violations Document ALL enforcement actions taken

Southwest Educause 2003 © Baylor University 2003 Procedures When done appropriately-procedures can be used to prevent many problems These are very time consuming… …but can eventually save time and headaches by preventing obvious security lapses.

Southwest Educause 2003 © Baylor University 2003 Education End-User education Server admin education Support Staff education

Southwest Educause 2003 © Baylor University 2003 End-User Education Most important thing is educating end-user on sound password practices. Users are more likely to follow policies and rules if they understand reasons for them Teach users to notice things that don’t seem right

Southwest Educause 2003 © Baylor University 2003 Server Admin Education Teach importance of keeping systems up to date Encourage sound local account practices Try to bring other admins in other schools into the security community

Southwest Educause 2003 © Baylor University 2003 IT Staff Education Support Staff are many times ignorant of sound security practices Many IT users in general never consider security when doing their jobs. We must also try to bring them into the security community

Southwest Educause 2003 © Baylor University 2003 Security is everyone’s job!

Southwest Educause 2003 © Baylor University 2003 On the Horizon Proactive and correlative IDS Stricter laws forcing security in universities Probable increase in security incidents

Southwest Educause 2003 © Baylor University 2003 Summary Complete security solutions must address both technology and people Technology solutions are only as good as the policies they are enforcing Security strategies must depend upon and encourage cooperation from people in the organization

Southwest Educause 2003 © Baylor University 2003 Contributors: Bob Hartland Director for IT Servers and Network Services Speakers: Jon Allen Coordinator of IT Security Tommy Roberson Manager of Servers and IT Security

Southwest Educause 2003 © Baylor University 2003 Copyright Bob Hartland, Tommy Roberson, and Jon Allen 2003.This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.