1
Security Camp for Boston Area Schools August
13, 1999
Bob Mahoney, MIT Network Operations
Group bobmah_at_mit.edu
2
MITsSecurity Team Makeup

• "Discretionary Time" of 6 other IS staff
• 6 Paid Student Staff Members
• "Discretionary Time" of other IS students
• 6 Departmental Members (Media Lab, Lab for
  Computer Science, Whitehead Institute, Lab for
  Information and Decision Systems, Lab for Nuclear
  Science, Artificial Intelligence Lab)
• MIT alumni and related hangers-on

3
Related Groups/Efforts

• Stopit Team (Harassment, Abuse, etc)
• Network Operations Group
• Campus postmasters (part of NetOps)
• User Accounts Staff
• Computing Help Desk
• Residential Computing Support
• Departmental Computing Support

4
Activities

• Contact with outside sites
• Contact with law enforcement
• Security-related notifications (internal and
  external)
• Incident Response
• Advocating/Encouraging Good Security

5
What sort of events are we seeing?

• Most popular target platforms?
• Linux the clear winner!
• followed by IRIX and Solaris
• Some HP/UX and OSF/1
• NT the exciting newcomer!
• Follow-on problems relating to sniffed passwords
• The occasional Interesting Thing...

6
Tools

• Coffee (lots -)
• Zephyr - Real-time windowgrams
• E-Mail (net-security_at_mit.edu, security-internal_at_mi
  t.edu, security-fyi_at_mit.edu)
• IRC? Well...
• Casetracker or other ticket-tracking system
• Home-grown tools

7
Issues and challenges

• Private Campus Networks
• Dammit! Im a Doctor, Not a System
  Administrator!
• Private UNIX workstation support
• Intrusion Detection
• FTP and other application risks
• Private Mail Servers

8
More Issues and challenges

• Getting beyond Fighting Fires
• Dealing with Compromised Passwords
• Campus Hackers (of the Roof and Tunnel sort)
• Sniffer Politics

9
What's Worked?

• Student Staff- Trust, Time, and Tools
• Hijacking Departmental Staff
• Security is a Community problem. If the interest
  in helping is there, use it...
• Helps relieve problems from lack of fine-grained
  control
• Eases Political Issues (Less us and more we)

10
What hasn't worked?

• Getting some Problem Departments to cooperate.
  (Conflicting priorities)
• When Bob gets behind, project work slows or
  fails, although incident work continues.

11
Budgeting!

• Recent model "Robin Hood" Asset Reallocation
  System (We steal stuff -)
• New model Since these problems arent going
  away, we need a budget!

12
What is Next?

• Security Training for local admins
• Machine break-in/Recovery training
• Central Vulnerability Scanning
• "Real" Web pages
• Better Trouble-Ticket system
• Improved "Rules of Use" policy statements
• SSH clients for platforms now without!

13
More Whats Next

• Magical PGP signer for Team e-mail
• System Admin Education
• Better communication on open cases
• Generally getting much more Proactive!