Educause Security Professionals Conference Network Access Control through Quarantine, Remediation, and Verification Jonny Sweeny Incident Response Manager.

Slides:

Advertisements

Similar presentations

A Successful Help Desk Process for all IT Support

Advertisements

Student, Faculty, and Staff Data Availability and Protection What’s the Back-Up Plan? (for academic computing) Sponsored by.

®® Microsoft Windows 7 Windows Tutorial 8 Connecting to Networks with Mobile Computing.

Network Login Username Login not case sensitive, but password is Password changes Keeps history of last 3 passwords Must be alpha-numeric & or use upper/lowercase.

Mr C Johnston ICT Teacher

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Configuring Windows Vista Security Lesson 8. Skills Matrix Technology SkillObjective DomainObjective # Setting Up Users Configure and troubleshoot parental.

Strengthening Password Policy via Outlook Features Password Policy and How-To Guide Richard Steiner December 16, 2003

Delivering Windows OS Updates at Yale with SUS EDUCAUSE Security Professionals Workshop May 17, 2004 Washington DC Ken Hoover, Systems Programmer

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Educause Security 2007ISC Information Security Copyright Joshua Beeman, This work is the intellectual property of the author. Permission is granted.

5-9/12/2005 CPE How to format your computer and re-install Windows XP.

24/7/365 Remote Computer Support. Program Overview.

Data Security Issues in IR Eileen Driscoll Institutional Planning and Research Cornell University

Protecting Yourself Online. VIRUSES, TROJANS, & WORMS Computer viruses are the "common cold" of modern technology. One in every 200 containing.

Viruses and Spyware. What is a Virus? A virus can be defined as a computer program that can reproduce by changing other programs to include a copy of.

Copyright Anthony K. Holden, This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

Wireless LANs A Case Study of Baylor University’s Wireless Network Copyright Bob Hartland 2002 This work is the intellectual property of the author. Permission.

INDIANAUNIVERSITYINDIANAUNIVERSITY Automated Network Isolation at Indiana University David A. Greenberg Information Technology Security and Policy Office.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

1 of 13 Back to Start Working Remotely Your company’s Windows SBS computer network makes it easy for you and your coworkers to work remotely—and to stay.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Penn State University College Of Education Understanding College of Education Resources.

Incident Response Updated 03/20/2015

1 Network Quarantine At Cornell University Steve Schuster Director, Information Security Office.

Security Audit Tools Project. CT 395 IT Security I Professor Igbeare Summer Quarter 2009 August 25, 2009.

NetReg – Virus Killer? Spam Stopper? Copyright – 2006This work is the intellectual property of the authors. Permission is granted for this material to.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 IT Essentials PC Hardware and Software 4.1 Instructional Resource Chapter.

Microsoft Windows 2003 Server. Client/Server Environment Many client computers connect to a server.

Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.

1 Network Admission Control to WLAN at WIT Presented by: Aidan McGrath B.Sc. M.A.

Security 101 Harper P. Johnson Information Technology Services Director of Information Security.

ActEyes IP Cam Training Part 1: Camera Setup. Network Setup Overview Each IP Cam on the network will need its own IP address to be assigned. This address.

Using Windows Firewall and Windows Defender

Using SWHS: The AUP [Acceptable Use Policy]

Home Media Network Hard Drive Training for Update to 2.0 By Erik Collett Revised for Firmware Update.

70-411: Administering Windows Server 2012

Troubleshooting Windows Vista Security Chapter 4.

1 Chapter Overview Using the New Connection Wizard to configure network and Internet connections Using the New Connection Wizard to configure outbound.

University of Montana - Missoula Adam Ormesher & Chase Maier.

Introduction to ITE Chapter 9 Computer Security. Why Study Security?  This is a huge area for computer technicians.  Security isn’t just anti-virus.

Information Security Awareness Training. Why Information Security? Information is a valuable asset for all kinds of business More and more information.

RINGS (ResNet Integrated Next Generation Solution) Educause Security Professionals Conference 2006.

Computer Security 2 Keeping your computer safe. Computer Security 2 Computer Security 2 includes two lessons:  Lesson 3: Protecting yourself and your.

MS104: Teacher Technology Care “I do not fear computers. I fear the lack of them.” - Isaac Asimov “I do not fear computers being used. I fear them being.

Note1 (Admi1) Overview of administering security.

Welcome Windows Server 2008 安全功能 -NAP. Network Access Protection in Windows Server 2008.

Lesson 11: Configuring and Maintaining Network Security

Chapter 12: How Private are Web Interactions?. Why we care? How much of your personal info was released to the Internet each time you view a Web page?

NetTech Solutions Protecting the Computer Lesson 10.

IT Computer Security JEOPARDY RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands.

Understand Permissions LESSON Security Fundamentals.

1 Network Quarantine At Cornell University Steve Schuster Director, Information Security Office.

Introduction: Introduction: As technology advances, we have cheaper and easier ways to stay connected to the world around us. We are able to order almost.

Mr C Johnston ICT Teacher BTEC IT Unit 09 - Lesson 11 Network Security.

Computer Security Sample security policy Dr Alexei Vernitski.

Run the on your PC to start the firmware configuration process Run IP Config Tool.

By the end of this lesson you will be able to: 1. Determine the preventive support measures that are in place at your school.

Contingency Management Indiana University of Pennsylvania John P. Draganosky.

Guest Wireless Service Overview Andrew Rader November, 2013.

Copyright Joel Rosenblatt 2010

Evolving Academic Computing Offerings: A Successful Strategy

Growing Your Incident Response Toolbox

Two-factor authentication

Project for OnLine Instructional Support (POLIS)

myIS.neu.edu – presentation screen shots accompany:

Discovering Technology

Securing Windows 7 Lesson 10.

24/7/365 Remote Computer Support

Presentation transcript:

Educause Security Professionals Conference Network Access Control through Quarantine, Remediation, and Verification Jonny Sweeny Incident Response Manager Office of the VP for IT Indiana University 5 May 2008 Copyright 2008, The Trustees of Indiana University. This work is the intellectual property of the author. Permission is granted for this material to be shared for non- commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.

Overview IU’s Get Connected –Computers new to the network Blocking `bad` systems –Communication –Restoring access

Get Connected Stats 7,641 computers connected in 14 days Currently only required in Residence Halls on Windows wired connections 81% are laptops

Other reasons to restrict network access Compromised systems –detected by sensors Port scanning, high mailers, etc. –Detected by logs DNS botted, spyware, etc. Webmail compromised credentials Copyright Infringement

Blocking Options MAC Address VPN Dialup 802.1x Static IP null-route Switch-port

Communication User needs to know why machine is blocked –Sending an to the user is not sufficient, however CC-ing their support provider helps –Redirecting to a self-service site is ideal. –Dynamically-assigned VLANs.

User receives notification Jonny, Network reports indicate that the computer listed below has been compromised. It appears a bot has taken over the system. A "bot," or "robot," is a program that is installed by an intruder, so that the machine takes actions automatically, as programmed by the intruder and at times specified by the intruder who put the bot there. Date (Timezone=UTC) Type IP Address Remote IP Address :57:12 vpn :01:31 dhcp :06:5b:17:17:xx iu-itpo-iceland *** Network access for this user or computer is being blocked to *** *** protect the University network from this threat. *** If your machine is not running a Windows operating system, please consult with the Support Center on how to rebuild for your operating system. To recover from this compromise it is necessary to completely rebuild the computer. When a computer is compromised in this manner, anything on the system can be modified and/or monitored by someone else. When you are finished and wish to have network access restored, please reply back to this message, leaving the subject line intact, and outline specifically what actions you took. You must take all actions listed in order for us to restore access. Help with these steps can be obtained from the KB article titled "In Windows, how do I rebuild my computer after a system-level compromise" available at [ 1. Remove the computer from the network by removing the network cable from the computer, or by turning off the wireless or dialup connection. Do not reconnect the computer until all steps have been completed, or you run the risk of being compromised again. 2. Backup your personal files. If you do not take this step, you will lose all of your data when you perform step #3. 3. Perform a New Install of Windows XP or Vista. Make sure you use a new password for the Administrator account when setting up Windows. When you reboot the machine, you should allow automatic updates when prompted, which is the recommended action. 4. Install anti-virus software. Symantec AntiVirus is available on the IUware CD, and is configured to update virus patterns daily. If you do not use Symantec AntiVirus, make sure your software is configured to update daily. If you have any questions about these instructions, need help obtaining the IUware CD, or Windows XP/Vista, or would like assistance with the process, please consult with your Local Support Provider (LSP). If you do not have an LSP, please call the UITS Support Center at (IUB) or (IUPUI). DO NOT CALL OR US TO OBTAIN SUPPORT WE ARE NOT A SUPPORT UNIT. Please contact the Support Center for assistance. Only us when you have completed these steps and are ready to get back on the network. Thank you for your immediate attention to this important matter. Please remember in your reply to outline *each* step you took. Simply replying with "I have completed all steps" is not enough. Regards, -- Jonny Sweeny IT Incident Response Manager IT Policy Office Office of the VP for IT Indiana University Incident Number: 85594

Self-service unblock

Self-service is great…but Need to prevent abuse of trust –Track instances of repeat-offenders and treat them differently –Require tutorial & quiz –Delete registration so Get Connected is required again

DMCA Quiz

Random comments about automation Good relationships with network staff translates to access to tools. –Null-route –MacMon –Arpfind –Router Configs –Syslogs –Dialup, VPN blocks –etc.

Random comments about automation Access to tools allows automation: –Block scanners, phishers, brute- forcers, etc. Blocking remainder of leases

Automate Response – IR Web Service

Identify user

User is blocked and notified

Final Thoughts 802.1x rolling out now –2,700 WAPs by fall Dean of Students NAC –Third copyright violation results in permanent ban from attaching personal device to University network

Questions Jonny Sweeny