Current and Future Directions for Information Security at UIUC

1
Current and Future Directions for Information
Security at UIUC

• Mike Corn
• Director, Security Services and Information
  Privacy
• CCSP Day Spring 2004

2
Recent Changes

• Additional 3 FTE
• 100 budget increase
• New partnerships with research and faculty
  initiatives
• More formal communication channels within U of I
  (AITS, UIC, NCSA)

3
Major Initiatives

• Email anti-spam anti-virus
• Security Awareness Program
• Intrusion Prevention Devices
• Emphasis on managed services, e.g., Windows
  Update Service (was SUS) and Desktop anti-virus

4
Email Anti-SPAM / AV

• Anti-virus scanning viruses deleted
• User control of spam controls
• Opt in / out
• Per user training of SPAM filters
• Per user blacklists / whitelists
• Auto delete at user determined intervals

5
Email Anti-SPAM / AV
Some misc. capacity requirements 1.5 million
messages per day Peak 100k per hour Average
message size 26k Use a multiplier of 2-3 for
peaks/load during a virus outbreak
Appliance
Internet
Relays

• Viruses deleted
• SPAM quarantined

Express
6
Security Awareness Program

• Regular calendar of scheduled events
• Student orientation
• Fall / Spring Computer Security Day
• Online end-user security training
• Increased low-cost training
• Targeted presentations / training (faculty
  staff)

7
Intrusion Prevention Devices

• Similar to Intrusion Detection Devices (e.g.,
  SNORT) but actively stops intrusion
• Located at two places in the network
• Exit architecture
• Between Housing and Campus

8
Managed Services

• Anti-Virus Manage all faculty staff machines
  (?) with management tool such as EPO
• Windows Update Service (follow up to SUS) Manage
  all faculty staff machines
• Opportunity for double duty?

9
Major Activities

• Vulnerability scanning
• Departmental scanning cluster (Nessus based)
• Intrusion detection sensors
• Unit certification / consulting

10
Major Activities

• Best practices documentation / partnership
• Increased community sponsorship
• Users groups? (e.g., anti-virus)
• Brown bag discussions
• Increased campus training opportunities
• Revamped incident handling

11
Security Ticket Handling
Filter _at_ _at_VPN request to filter/lift filter
forwarded to VPN service manager _at_Firewall
security can create and lift filters for an IP
address only both on and off campus _at_Terminal
Server (dial up) Security can create lift
filters by netid. Results in CCSO_DENY being set
which (should) block all CITES provided
services _at_Express Security can create and lift
filters by netid _at_Cluster requests for filtering
by netid are forwarded to cluster service manager
(rarely used) _at_Walkup access requests for
filtering by netid are forwarded to walk up
service manager
12
Security Ticket Handling
Ticket processing is not a simple point click!
13
Major Activities

• Increase and optimize communication to campus
• Vulnerability analysis / assessment
• Security incident follow up
• Security tool recommendations / reviews
• Multiple (redundant) communication streams RSS,
  web, email

14
The World of Tomorrow

• Increased Linux / Apple attacks?
• More sophisticated SPAM?
• Attacks against web pages?
• Increasingly malicious attacks?
• Viruses resistant to signature based scanning?

15
Contacts

• Mike Corn mcorn_at_uiuc.edu
• 265-0588
• General Issues securitysupport_at_uiuc.edu
• Incident reporting security_at_uiuc.edu
• SPAM reporting abuse_at_uiuc.edu