INFORMATION SECURITY COORDINATORS JULY 2017 OFFICE OF INFORMATION TECHNOLOGY (OIT) UPDATE FRANK FEAGANS CHIEF INFORMATION OFFICER Frank Feagans
Higher Ed (2011-Present) Industry (1981-2011) Education UT Dallas (1.4 years) VP/CIO AVP, Enterprise Applications and Research Computing XSEDE Campus Champion ACI-REF Member
U of Arizona (3.7 years) Executive Director of Central IT Services Guest Instructor, Eller College of Business McD System (15 years) Research computing Applications Infrastructure Architecture PMO Start-ups (8 years) Telecom (2 years) Other (5 years)
U of IL, Urbana-Champaign Thesis: robotics intelligence MS, Computer Science BS, Computer Engineering U of Arizona Academic Leadership Institute Financial Administrator Series Industry Various leadership and IT training
3 Faculty Students
Research testbeds Student partnering on apps Reporting Data management CV-worthy job opportunities Agile Instructional testbeds Research opportunities
Productive user experience Smart campus Makerspaces Data lakes Co-sponsor student competitions Mixed-use A/V space High-tech learning spaces Ubiquitous connectivity Mobility
OnBase & Workflow Researcher Support Software Engineering Project Manager Analytics & Data Lakes Project Manager Web & Mobile
Custom Apps & Ops Reporting Project Manager Academic & campus IT Learning & Student Success User Productivity & Accessibility OIT University & Campus training Insight Studio Business Office
Vendor Management & Licensing Outreach, Communications, Marketing, & Events INTERNAL NETWORK ASSESSMENT UPDATE LUCAS HUDSON BREAKPOINT LABS OUR PROCESS 1. Identify systems and services available (Reconnaissance) 2. Look at versions and configurations of these systems and services
3. Think about how someone could abuse these systems and services 4. Analyze and report risk, in the context of a University 5. Provide on-going remediation testing and support UPDATED USE CASES 1. Curious student on the internal network, either the wired network or CometNet, looking to demonstrate hacking skills learned in class. 2. Malware infects a workstation in the Callier Center, which is subject to HIPAA. 3. Attacker targets Windows Microsoft Identity Manager (MIM) implementation. 4. Someone unaffiliated with UT Dallas tries to exploit the wireless networks. They dont have credentials, but they see SSIDs broadcast such as CometNet and UTDGuest. RULES OF ENGAGEMENT
No Denial of Service (DoS) attacks No phishing of our users to gain credentials No password brute forcing or cracking No IP blocking - Analyst source IP addresses whitelisted and allowed to proceed
Team is onsite and can be accessed 24/7 in case testing needs to be paused INITIAL FINDINGS EternalBlue Vulnerability (WannaCry, Petya/Goldeneye, etc.) Shellshock and Heartbleed Vulnerabilities Link Local Multicast Name Resolution (LLMNR) Poisoning Default Configuration(s) and Outdated Technologies Web Apps, Operating Systems, Network Devices, etc. Lack of Network Segmentation Weak Authentication Mechanisms Sensitive Information Available via Network Share Internal Email Spoofing (Mail Relay)
PRELIMINARY RECOMMENDATIONS Review vulnerability management and patch management programs to ensure that high profile vulnerabilities are addressed by system owners. Evaluate configuration management program and group policy object (GPO) deployment. Determine operational or business need for old technologies. Consider implementation of more granular network segmentation. Maintain an awareness of the technology in use (asset inventory). Enhance the change management process to avoid rogue technology on the network. THE PATH FORWARD Continue testing for the remainder of this week (through 14 July 2017). Reporting and limited data gathering will occur next week (17-21 July 2017).
Remediation duties will be determined and assigned by ISO where necessary. Upon delivery of report, remediation support will be provided as needed. Additional support is available for system owners to answer questions during this process. OPEN WEB APPLICATION SECURITY PROJECT (OWASP) TRAINING CLASS BRIAN MCELROY ENGINEERING & INCIDENT RESPONSE MANAGER ISO hosted training class for campus web developers Covered the top 10 web
application vulnerabilities and how to prevent them ATTENDEE FEEDBACK (11 RESPONSES) 91% expect to apply training to work at UT Dallas 100% agree or strongly agree the content was valuable 91% prefer in-person training to online interactive training ATTENDEE FEEDBACK (11 RESPONSES) More hands-on exercises More frequent breaks More interaction opportunities among participants
FUTURE TRAINING OPPORTUNITIES The ISO is looking for opportunities to host training classes on other relevant topics May provide CPE credits for maintaining certifications Contact us about training you need to secure the campus A DANGER WITHIN RENEE STONE ADMINISTRATIVE ASSISTANT INSIDER THREAT Definition: A rogue employee using access legitimately given to them to sell or leak organization secrets.
Types: Deliberate/malicious Accidental DELIBERATE/MALICIOUS INSIDER When most people think of an insider threat, they immediately think of the malicious insider - someone who deliberately causes harm to an organization. Examples include: Edward Snowden and Aldrich Ames in the U.S. government More recently, Reality Winner - a government contractor who leaked NSA documents detailing Russias hacking into the U.S. election systems. MOTIVES Curiosity
Notoriety Hacktivism Financial gain
Competitive advantage Revenge State sponsored / war ACCIDENTAL INSIDER An accidental insider is someone who is tricked or manipulated into doing something that ultimately harms the organization. Some people further categorize the accidental insider threats into the infiltrator, and
the ignorant insider. ACCIDENTAL INSIDER The infiltrator occurs when an adversary accesses a users system or steals credentials to gain access to a system. The ignorant insider occurs when an adversary convinces the user to click on a link or open an attachment, ultimately causing the users system to be compromised. WHEN CONCERNED ABOUT INSIDER THREAT Ask yourself these questions: Do you know all locations where your critical data resides? Do you know who has access to your critical data? What is the probability that critical data resides on personal devices?
Source: Verizon 2016 DBIR Report IDENTITY FINDER (SPIRION) CHRIS GILES GRC SPECIALIST WHAT ISO IS DOING WITH IDENTITY FINDER
Piloting initiative with selected departments Running scans on department assets to identify PII Reviewing findings with department heads/staff Assisting users with application use Recommending how to mitigate risk Beginning regular department scans WHAT ISO IS FINDING
Social Security # Credit Card # Personal Tax Returns Application Error Log Files Hidden Directories Recycle Bin items BEST PRACTICES
Identify and purge files no longer needed for operations or compliance Store files in network share location (G: or H: drive) Run manual Identity Finder scans if needed Run scans during slow/off business hours Use the shred and system cleanup tools within Identity Finder Report Identity Finder issues to management and technical groups GALAXY URL STEPHENIE EDWARDS AWARENESS & OUTREACH MANAGER
GALAXY URL HAS CHANGED New URL: https://daih-prd.utshare.utsystem.edu Users who hover over links to spot phishing may be concerned Documentation may need to be updated If your department has questions, please call the Help Desk at 2911 STUDENT NIGHT STEPHENIE EDWARDS AWARENESS & OUTREACH MANAGER STUDENT NIGHT 200 students attended Multiple departments
participated - Help Desk, Tech Store, Police, Student Government Ideas and partnership welcome SELF-STUDY UPDATE STEPHENIE EDWARDS AWARENESS & OUTREACH MANAGER SECURITY+ & CISSP Security+ meets Thursdays at 5:15pm, McDermott 2.524 CISSP meets Thursday at 5:15pm, ROC 1.102 Still time to get involved even if youre not planning to take the exam this
summer Please contact us if we can lend support we want to support your training and development so we can protect UT Dallas together
Maximillian Robespierre (1758 - 1794) Georges Jacques Danton (1759 - 1794) Jean-Paul Marat (1744 - 1793) "The Death of Marat" by Jacques Louis David, 1793 The Assassination of Marat by Charlotte Corday, 1793 The Assassination of Marat by Charlotte Corday...
Summary:The Butterfly Effect. Inland activities may effect estuaries since rivers flow to the sea and must cross the estuary. Estuarine activities can effect inland waters since tides push estuarine water inland and estuarine waters are home to a plethora of...
Dashing through the snow, in a one horse open sleighO'er the fields we go, laughing all the wayBells on bob tail ring, making spirits brightWhat fun it is to laugh and singA sleighing song tonightOh, jingle bells, jingle bells, jingle...
Product scope . Many different products in many different industries - the tools of competitive strategy analysis above can be used to analyze how the firm can compete in each industry . Geographical scope. The firm sells (or produces, or...
HSG's. Sidebar Discussion. RUSLE2. HEL Clarification. NASIS - national soils database and what interpretations to be calculated (this were previously stored and manual determined) National endeavor working towards a seamless digital soil survey across the United States.
King Burgred, of Mercia and his council asked Ethered, king of Wessex [the southern English kingdom] and his brother Alfred to help them fight against that army. They entered Mercia with the forces of Wessex and came to Snotengaham where...
Ready to download the document? Go ahead and hit continue!