Stanford Computer Security Strategies Tina Darmohray Information Security Services

1
Stanford Computer Security StrategiesTina
Darmohray Information Security Services
2
Background

• Stanfords network is open to support its
  academic mission
• Each computer has to fend for itself
• There are currently no machine-health
  requirements for connecting to the network
• This leaves most of the campus vulnerable to
  attack
• Proprietary and legally-protected information is
  at risk

3
Recent History

• October 2002 Slapper
• Rapid-spreading linux worm
• January 2003 Slammer
• Disabled networks worldwide in less than an hour
• June 2003 Bugbear
• Transmitted confidential information off-campus
• August 2003 Welchia / Blaster
• 7700 Stanford machines compromised (prior to
  students returning)
• Cleanup cost 1.4 million
• No managed or sustainable solution as a result of
  this cash outlay

4
Lessons Learned

• Time from between vulnerability announcement to
  automated exploit is decreasing
• Closing the border buys very little time
• Infections spread too fast for humans to keep up
• Volunteer system administration doesnt work
• Even after weeks of attacks and multiple
  warnings, thousands of machines remained infected
  or vulnerable
• Prevention is the only cure

5
All-Campus Solution

• Security Leaders group convened
• Representatives from GSB, Med, Law, SLAC, HS,
  EE/CS, Libraries, ResComp, Controllers office,
  ITSS, etc.
• Technology solutions discussed and prioritized
• Cross-campus working group formed to formalize
  University-wide requirements and recommendations

6
Current Security Leaders Membership
Richard Holeton Horace Greeley Sandy Sklar Sunia
Yang Todd Ferris Tina Bird Steve Tingley Tina
Darmohray Bill Johnson Randy Yee Robert Zeien Joe
Zertuche Security _at_ law Security _at_
medcenter Security _at_ med Security _at_
slac CSOperations _at_ GSB

• Rosy Alvarez
• Auston Davis
• Ethan Rikleen
• Brian Roberts
• Bruce Vincent
• Ramiro Carrazco
• Chris Pickle
• Daniel Paepke
• Dennis Michaels
• Emma Pease
• Erick Nakagawa
• Phil Farrell
• John Gerth
• Tom Goodrich
• Greg Buhrmaster
• David Hoffman
• Seth Master
• Sean Riordan

• Jay Stamps
• Joe Little
• John Lucas
• John Halperin
• Ken Baker
• Lee Stacy
• Lois Brooks
• Miles Davis
• Mike Newton
• Charles Orgish
• Paul Murray
• Glenn Peacock
• Phil Reese
• Ranjita Chakravarty
• Bob Cowles
• Ricky Connell
• Ross Wilper

7
Working Group Recommendations

• Vendor-independent centralized patch management
• Supporting network infrastructure enhancements
• Locally leverage Microsoft Windows domain
• Stanford-written tool

8
Central Patch Management

• Small program installed on desktop
• Distributed through ESS
• Grabs patches as soon as theyre tested and
  available
• No visibility to user (except when reboot is
  required)
• Not a one-size-fits-all solution
• Delegated management

9
Supporting Network Infrastructure

• Network segmentation
• Public, Stanford-only, department-only, and
  visitor zones
• Protection level can be suited to individual
  environments
• Automated connection administration
• Rapid containment and isolation from other assets

10
Join In!

• Help lead the campus-wide drive to get ahead of
  these exploits
• Feedback solicited
• give your feedback to your Peer Group
  representative
• If your area isnt currently represented, let us
  know!
• Email to hoffman_at_stanford.edu
• In the mean time, see to it that your own
  machines stay patched