Campus Technology Day

1
Campus Technology Day Campus Security
Review September 25, 2003
2
Campus Security Review Session

• Looking at the Network Sean Atkinson
• Campus Security Requirements Dick Bednar
• Meeting the Requirements Dick Bednar
• Notification Processes - Mike Marcinkevicz
• ACAD, AD, Other Domain Review Mike
  Marcinkevicz
• Questions

3
Looking at the Network
Sean Atkinson
4
Attacks in the Last 24 Hours
5
Attacks in the Last 7 Days
6
Attacks in the Last 24 Days
7
What's attacking us today?
8
Network Security Requirements
Dick Bednar
9
Campus Security Requirements

• Administrative Accounts for IT Security Group
  scanning patching
• Password minimums for duration, length, and
  complexity
• Technical and Administrative Contacts for
  network devices
• Installation and Update of critical service
  packs, hot fixes, and anti - virus

10
Meeting the Requirements

• Administrative Accounts
• Creation of domain and local admin accounts
• Daily scanning of network devices
• Password mins. (local and domain)
• Must expire twice a year
• Must be between 8 and 14 characters with the
  exception of ACAD system accounts
• Must contain at least 3 of 4 character types of
  (lower case letter, upper case letter, special
  character, and numbers)

11
Meeting the Requirements II

• Establish Contacts for All Devices
• Technical contacts must be Unit 9, 12 month FT
  employees with a 24x7 accessible contact
• Administrative contacts must be 12 month FT
  employees
• Critical OS And Application Updates
• Operating system and application critical
  patches must be installed and updated regularly.
  Minimums required for latest patch are the
  minimums required on network.
• Update Expert and McAfee Anti-Virus are
  available for installation on campus
  workstations.
• GPOs available for use on qualified systems.

12
Notification Processes Domain Review
Mike Marcinkevicz
13
Vulnerability Notification

• Vulnerability Identified
• Vulnerability List Generated
• List Email sent to technical admin contacts
• Systems Patched by IT and/or local unit and
  depends upon
• Domain membership
• OU membership
• Type of system

14
Exploit Notification
When an exploit is available it is TOO LATE to
try and patch workstations Vulnerable and
exploited systems are disconnected from the
network and are not reconnected until they are
patched and cleaned.
15
WinTel Domains Review

• AD ADministrative Domain
• ACAD ACADemic Domain
• AD authenticated users can log into labs and
  resources in ACAD
• ACAD students and users cannot login to AD
  campus resources.
• Accounts can be created by IT coordinator
  request (ITRF) for Students working in Department
  offices who need access to AD resources

16
AD Domain Services - Existing
Servers are members of the Server OU.
17
AD Domain Services New (10/03)
Servers are members of the Server OU.
18
ACAD Domain Services - Existing
No Domain Policies
19
ACAD Domain Services New 10/03
Domain Policies for Passwords Domain Updates for
critical patches
20
Other Wintel Domains Review

• Other domains on the campus network do not have
  trusts with ACAD or AD.
• These other domains must follow the Campus
  Network Security Standards and Practices
• Meetings for Lab Conventions and Domain
  Standards Compliance now being setup.
• These other domains will be collapsed into the
  AD or ACAD domains by July 2004 unless exempted
  by CITO.
• Migration plans for other domains into AD/ACAD
  are due by November 2003.

AD DOMAIN
Trust
ACAD DOMAIN
OTHER DOMAINS
21
OTHER Domain Services
22
Campus Security Follow Up Meetings

• Setting conventions for Labs and Open systems
• Setting conventions for Hardware and Software
  Minimums
• Individual meetings in November with those units
  running domains for migration

23
QUESTIONS ??