A Danger Within - University of Texas at Dallas

A Danger Within - University of Texas at Dallas

INFORMATION SECURITY COORDINATORS JULY 2017 OFFICE OF INFORMATION TECHNOLOGY (OIT) UPDATE FRANK FEAGANS CHIEF INFORMATION OFFICER Frank Feagans

Higher Ed (2011-Present) Industry (1981-2011) Education UT Dallas (1.4 years) VP/CIO AVP, Enterprise Applications and Research Computing XSEDE Campus Champion ACI-REF Member

U of Arizona (3.7 years) Executive Director of Central IT Services Guest Instructor, Eller College of Business McD System (15 years) Research computing Applications Infrastructure Architecture PMO Start-ups (8 years) Telecom (2 years) Other (5 years)

U of IL, Urbana-Champaign Thesis: robotics intelligence MS, Computer Science BS, Computer Engineering U of Arizona Academic Leadership Institute Financial Administrator Series Industry Various leadership and IT training

3 Faculty Students

Research testbeds Student partnering on apps Reporting Data management CV-worthy job opportunities Agile Instructional testbeds Research opportunities

Productive user experience Smart campus Makerspaces Data lakes Co-sponsor student competitions Mixed-use A/V space High-tech learning spaces Ubiquitous connectivity Mobility

Easy engagement Timely / effective communications 24x7 operations Enhanced training Leverage campus personnel Administration Metrics / dashboards Custom development Bulk licensing A/V & E-collaboration

Secured data & systems Vendor licensing Infrastructure Governance Cloud offerings Services (vs. products) AVAILABILITY PRODUCTIVITY STRATEGIC ENABLEMENT

Systems Services People Systems Services People Advancing research Tech-driven instruction Student success AVAILABILITY

PRODUCTIVITY Highly available systems Enhanced application functionality & user experience Ubiquitous connectivity Personalized service Secured data 24x7 help

Optimized process & workflows Multi-channel training IT vendor licensing Insight studio ADVANCING RESEARCH Advanced network testbed Smart campus Cognitive testbed Data management

HPC-on-demand PEDAGOGICAL TECHNOLOGY E-collaboration Hybrid learning Tech-enhanced learning spaces Mobile infusion Instructional testbeds STUDENT SUCCESS

Development partnerships Career-linked job pipelines Mobile apps Classroom success E-study rooms OIT 2.0 organizational model Researcher Services CTO & Operations

Digital Enterprise Engagement & Success Admin & Client Services Cyberinfrastructure Operations ERP (PeopleSoft)

Client Services Infrastructure, Platform, & Cloud Learning Management QA/Program Management Advanced Networking & Cyber-security

OnBase & Workflow Researcher Support Software Engineering Project Manager Analytics & Data Lakes Project Manager Web & Mobile

Custom Apps & Ops Reporting Project Manager Academic & campus IT Learning & Student Success User Productivity & Accessibility OIT University & Campus training Insight Studio Business Office

Vendor Management & Licensing Outreach, Communications, Marketing, & Events INTERNAL NETWORK ASSESSMENT UPDATE LUCAS HUDSON BREAKPOINT LABS OUR PROCESS 1. Identify systems and services available (Reconnaissance) 2. Look at versions and configurations of these systems and services

3. Think about how someone could abuse these systems and services 4. Analyze and report risk, in the context of a University 5. Provide on-going remediation testing and support UPDATED USE CASES 1. Curious student on the internal network, either the wired network or CometNet, looking to demonstrate hacking skills learned in class. 2. Malware infects a workstation in the Callier Center, which is subject to HIPAA. 3. Attacker targets Windows Microsoft Identity Manager (MIM) implementation. 4. Someone unaffiliated with UT Dallas tries to exploit the wireless networks. They dont have credentials, but they see SSIDs broadcast such as CometNet and UTDGuest. RULES OF ENGAGEMENT

No Denial of Service (DoS) attacks No phishing of our users to gain credentials No password brute forcing or cracking No IP blocking - Analyst source IP addresses whitelisted and allowed to proceed

Team is onsite and can be accessed 24/7 in case testing needs to be paused INITIAL FINDINGS EternalBlue Vulnerability (WannaCry, Petya/Goldeneye, etc.) Shellshock and Heartbleed Vulnerabilities Link Local Multicast Name Resolution (LLMNR) Poisoning Default Configuration(s) and Outdated Technologies Web Apps, Operating Systems, Network Devices, etc. Lack of Network Segmentation Weak Authentication Mechanisms Sensitive Information Available via Network Share Internal Email Spoofing (Mail Relay)

PRELIMINARY RECOMMENDATIONS Review vulnerability management and patch management programs to ensure that high profile vulnerabilities are addressed by system owners. Evaluate configuration management program and group policy object (GPO) deployment. Determine operational or business need for old technologies. Consider implementation of more granular network segmentation. Maintain an awareness of the technology in use (asset inventory). Enhance the change management process to avoid rogue technology on the network. THE PATH FORWARD Continue testing for the remainder of this week (through 14 July 2017). Reporting and limited data gathering will occur next week (17-21 July 2017).

Remediation duties will be determined and assigned by ISO where necessary. Upon delivery of report, remediation support will be provided as needed. Additional support is available for system owners to answer questions during this process. OPEN WEB APPLICATION SECURITY PROJECT (OWASP) TRAINING CLASS BRIAN MCELROY ENGINEERING & INCIDENT RESPONSE MANAGER ISO hosted training class for campus web developers Covered the top 10 web

application vulnerabilities and how to prevent them ATTENDEE FEEDBACK (11 RESPONSES) 91% expect to apply training to work at UT Dallas 100% agree or strongly agree the content was valuable 91% prefer in-person training to online interactive training ATTENDEE FEEDBACK (11 RESPONSES) More hands-on exercises More frequent breaks More interaction opportunities among participants

FUTURE TRAINING OPPORTUNITIES The ISO is looking for opportunities to host training classes on other relevant topics May provide CPE credits for maintaining certifications Contact us about training you need to secure the campus A DANGER WITHIN RENEE STONE ADMINISTRATIVE ASSISTANT INSIDER THREAT Definition: A rogue employee using access legitimately given to them to sell or leak organization secrets.

Types: Deliberate/malicious Accidental DELIBERATE/MALICIOUS INSIDER When most people think of an insider threat, they immediately think of the malicious insider - someone who deliberately causes harm to an organization. Examples include: Edward Snowden and Aldrich Ames in the U.S. government More recently, Reality Winner - a government contractor who leaked NSA documents detailing Russias hacking into the U.S. election systems. MOTIVES Curiosity

Notoriety Hacktivism Financial gain

Competitive advantage Revenge State sponsored / war ACCIDENTAL INSIDER An accidental insider is someone who is tricked or manipulated into doing something that ultimately harms the organization. Some people further categorize the accidental insider threats into the infiltrator, and

the ignorant insider. ACCIDENTAL INSIDER The infiltrator occurs when an adversary accesses a users system or steals credentials to gain access to a system. The ignorant insider occurs when an adversary convinces the user to click on a link or open an attachment, ultimately causing the users system to be compromised. WHEN CONCERNED ABOUT INSIDER THREAT Ask yourself these questions: Do you know all locations where your critical data resides? Do you know who has access to your critical data? What is the probability that critical data resides on personal devices?

Source: Verizon 2016 DBIR Report IDENTITY FINDER (SPIRION) CHRIS GILES GRC SPECIALIST WHAT ISO IS DOING WITH IDENTITY FINDER

Piloting initiative with selected departments Running scans on department assets to identify PII Reviewing findings with department heads/staff Assisting users with application use Recommending how to mitigate risk Beginning regular department scans WHAT ISO IS FINDING

Social Security # Credit Card # Personal Tax Returns Application Error Log Files Hidden Directories Recycle Bin items BEST PRACTICES

Identify and purge files no longer needed for operations or compliance Store files in network share location (G: or H: drive) Run manual Identity Finder scans if needed Run scans during slow/off business hours Use the shred and system cleanup tools within Identity Finder Report Identity Finder issues to management and technical groups GALAXY URL STEPHENIE EDWARDS AWARENESS & OUTREACH MANAGER

GALAXY URL HAS CHANGED New URL: https://daih-prd.utshare.utsystem.edu Users who hover over links to spot phishing may be concerned Documentation may need to be updated If your department has questions, please call the Help Desk at 2911 STUDENT NIGHT STEPHENIE EDWARDS AWARENESS & OUTREACH MANAGER STUDENT NIGHT 200 students attended Multiple departments

participated - Help Desk, Tech Store, Police, Student Government Ideas and partnership welcome SELF-STUDY UPDATE STEPHENIE EDWARDS AWARENESS & OUTREACH MANAGER SECURITY+ & CISSP Security+ meets Thursdays at 5:15pm, McDermott 2.524 CISSP meets Thursday at 5:15pm, ROC 1.102 Still time to get involved even if youre not planning to take the exam this

summer Please contact us if we can lend support we want to support your training and development so we can protect UT Dallas together

Recently Viewed Presentations

  • French Revolution - Hollidaysburg Area School District

    French Revolution - Hollidaysburg Area School District

    Maximillian Robespierre (1758 - 1794) Georges Jacques Danton (1759 - 1794) Jean-Paul Marat (1744 - 1793) "The Death of Marat" by Jacques Louis David, 1793 The Assassination of Marat by Charlotte Corday, 1793 The Assassination of Marat by Charlotte Corday...
  • Impacts of Inland Activities on our Estuaries:

    Impacts of Inland Activities on our Estuaries:

    Summary:The Butterfly Effect. Inland activities may effect estuaries since rivers flow to the sea and must cross the estuary. Estuarine activities can effect inland waters since tides push estuarine water inland and estuarine waters are home to a plethora of...
  • Adams Farm Holiday Singalong Jingle Bells Dashing through

    Adams Farm Holiday Singalong Jingle Bells Dashing through

    Dashing through the snow, in a one horse open sleighO'er the fields we go, laughing all the wayBells on bob tail ring, making spirits brightWhat fun it is to laugh and singA sleighing song tonightOh, jingle bells, jingle bells, jingle...
  • What determines a firms competitiveness?  Business strategy  How

    What determines a firms competitiveness? Business strategy How

    Product scope . Many different products in many different industries - the tools of competitive strategy analysis above can be used to analyze how the firm can compete in each industry . Geographical scope. The firm sells (or produces, or...
  • ELL Leadership Academy - Region One ESC

    ELL Leadership Academy - Region One ESC

    Texas Accountability Intervention System (TAIS) ©2017Region One Education Service Center. Presenter Talking Points: The Texas Accountability Intervention System is a research based approached to school improvement that engages the district and school in the improvement process.
  • Updates of K factor, T factor, and Hydrologic

    Updates of K factor, T factor, and Hydrologic

    HSG's. Sidebar Discussion. RUSLE2. HEL Clarification. NASIS - national soils database and what interpretations to be calculated (this were previously stored and manual determined) National endeavor working towards a seamless digital soil survey across the United States.
  • learning.hccs.edu

    learning.hccs.edu

    Blood Vessel Structure. 3 layers or tunics. Tunica interna (intima) In direct contact with blood as it flows through lumen. Endothelium. Basement membrane. Internal elastic lamina
  • Thebattle of Hastings 14 October 1066

    Thebattle of Hastings 14 October 1066

    King Burgred, of Mercia and his council asked Ethered, king of Wessex [the southern English kingdom] and his brother Alfred to help them fight against that army. They entered Mercia with the forces of Wessex and came to Snotengaham where...