Why are changes taking place? • April 2005: Ariba workstations hacked with 11,600 SSNs • President Jischke and VPIT Jim Bottum meeting • Academic.
Download ReportTranscript Why are changes taking place? • April 2005: Ariba workstations hacked with 11,600 SSNs • President Jischke and VPIT Jim Bottum meeting • Academic.
Slide 1
Slide 2
Why are changes taking place?
• April 2005: Ariba workstations hacked with
11,600 SSNs
• President Jischke and VPIT Jim Bottum meeting
• Academic Officers meeting
• Business Services memo
• Student Services memo
• Consequences in ITaP group
• Indicated consequences in academics
Slide 3
What are we doing?
• Sensitive and Restricted data no longer stored
on EDU workstations
• Unsupported 3rd party software and networked
apps not longer installed on EDU computers
• Limit user access to operating system
files/folders to prevent accidental compromise
• Move all public web sites to new dedicated web
server
• Turn off web servers on file servers
Slide 4
1.
Data Classification: What needs to be secured and how can
it be secured
2.
Purdue Policies: Security and Privacy, IT Resource Usage
3.
Identity Theft
4.
Exploits: Viruses, Worms, HackerDefender, Remote-Control,
Spyware, Malware
5.
Network Applications: How they work and how they are
exploited
6.
Countermeasures: Anti-Virus software, Firewalls, Software
Patches
7.
Best Practices
8.
COE Security Policy
Slide 5
1.
Data Classification
a)
b)
c)
Public
•
Information which may or must be open to the general public. Defined as
information with no existing local, national, or international legal
restrictions on access.
•
Course catalog
Sensitive
•
Information whose access must be guarded due to proprietary, ethical, or
privacy considerations. This classification applies even though there may
not be a civil statute requiring this protection.
•
Student PUID, Name, Address, Phone Number
Restricted
•
Information protected because of protective statutes, policies or
regulations. This level also represents information that isn't by default
protected by legal statue, but for which the Information Owner has
exercised their right to restrict access.
•
SSN, DSS, Course/Grade Rosters, Student Academic Records (FERPA)
Slide 6
1.
Purdue Policies: Security and Privacy, IT Resource Usage
1. Data Confidentiality
A. FERPA - Family Educational Rights and Privacy Act of 1974
•
B.
GLBA – Gramm-Leach-Bliley Act
•
•
•
•
C.
Ensure the security and confidentiality of customer information.
Protect against anticipated threats to the security or integrity of customer information.
Guard against unauthorized access to or use of customer information that could result in
harm or inconvenience to any customer.
Comply with applicable Gramm Leach Bliley rules as published by the Federal Trade
Commission.
HIPPA - Health Insurance Portability and Accountability Act of
1996
•
2.
3.
Protects the privacy of student education records. The law applies to all schools that receive
funds under an applicable program of the U.S. Department of Education. FERPA gives
parents certain rights with respect to their children's education records. These rights transfer
to the student when he or she reaches the age of 18 or attends a school beyond the high
school level. Students to whom the rights have transferred are "eligible students."
Protect the medical privacy of patients and health plan members. In general, HIPAA privacy
regulations allow covered health care providers and health plans to share information for the
purposes of treatment, payment, and health care operations
SSN Usage
IT Resources Usage
Slide 7
1.
Identity Theft – How does it work?
1.
Collect information – fill in the blanks
1.
2.
SSN, Name, Address, Phone, Family Members,
Maiden Name, Email
Complete Credit Card Application or Online Loan
Application
Slide 8
1.
Exploits: Viruses, Worms, HackerDefender, Remote-Control
Slide 9
1.
Network Applications: How they work and how they are
exploited
1.
PORTS – Windows to the world
2.
Port Scanning, DDOS, IP Spoofing / SYN Flooding,
Network Sniffing http://www.ciac.org/ciac/bulletins/g-48.shtml
3.
A compromised computer can spread its infection
though Address Books, Buddy Lists, Networked File
Servers, Etc.
Slide 10
Instant messaging security attacks soar 2,700%
by Antony Savvas
Friday 8 July 2005
The threat of new instant messaging security attacks to enterprises has rocketed
2,700% in the second quarter of the year, according to instant messaging
security researcher IMlogic.
During the second quarter IMlogic issued 15 priority IM security alerts to enterprises and
says it tracked more than 540 new IM security threats in the wild.
IMlogic said corporate environments were being increasingly targeted and that
businesses had to prepare for and defend against such threats.
IMlogic said 70% of reported infections from IM malware it tracked affected enterprises
using popular IM applications such as AOL Instant Messenger, MSN Messenger,
Windows Messenger, and Yahoo! Messenger.
The increasing IM threat is one reason why some companies have attempted to stop
employees using instant messaging altogether, despite its popularity among disparate
sales and marketing teams, among others.
http://www.computerweekly.com/Articles/Article.aspx?liArticleID=210766
Slide 11
The IMlogic Threat Center believes that the increase in attacks in Q1
and Q2 2005 are attributed to virus writers and attackers focusing on
the IM and P2P channel as a vector for communication, infection
and propagation. Attacks that uniquely targeted IM and P2P in 2005
are increasing in both distribution and sophistication, exploiting
known application and end-user vulnerabilities. The IMlogic Threat
Center expects that both IM and P2P specific attacks, and the
inclusion of IM and P2P in blended-threats, will increase
substantially throughout 2005.
The IMlogic Threat Center expects that IM attacks will continue to
spread rapidly given the real-time nature of the transport protocol
and the lack of IT network security for real-time protection and
quarantine.
Slide 12
1.
Countermeasures: Anti-Virus software, Firewalls, Software
Patches
Slide 13
1.
Best Practices
Slide 14
1.
COE Security Policy
Slide 15
1.
Questions
Slide 2
Why are changes taking place?
• April 2005: Ariba workstations hacked with
11,600 SSNs
• President Jischke and VPIT Jim Bottum meeting
• Academic Officers meeting
• Business Services memo
• Student Services memo
• Consequences in ITaP group
• Indicated consequences in academics
Slide 3
What are we doing?
• Sensitive and Restricted data no longer stored
on EDU workstations
• Unsupported 3rd party software and networked
apps not longer installed on EDU computers
• Limit user access to operating system
files/folders to prevent accidental compromise
• Move all public web sites to new dedicated web
server
• Turn off web servers on file servers
Slide 4
1.
Data Classification: What needs to be secured and how can
it be secured
2.
Purdue Policies: Security and Privacy, IT Resource Usage
3.
Identity Theft
4.
Exploits: Viruses, Worms, HackerDefender, Remote-Control,
Spyware, Malware
5.
Network Applications: How they work and how they are
exploited
6.
Countermeasures: Anti-Virus software, Firewalls, Software
Patches
7.
Best Practices
8.
COE Security Policy
Slide 5
1.
Data Classification
a)
b)
c)
Public
•
Information which may or must be open to the general public. Defined as
information with no existing local, national, or international legal
restrictions on access.
•
Course catalog
Sensitive
•
Information whose access must be guarded due to proprietary, ethical, or
privacy considerations. This classification applies even though there may
not be a civil statute requiring this protection.
•
Student PUID, Name, Address, Phone Number
Restricted
•
Information protected because of protective statutes, policies or
regulations. This level also represents information that isn't by default
protected by legal statue, but for which the Information Owner has
exercised their right to restrict access.
•
SSN, DSS, Course/Grade Rosters, Student Academic Records (FERPA)
Slide 6
1.
Purdue Policies: Security and Privacy, IT Resource Usage
1. Data Confidentiality
A. FERPA - Family Educational Rights and Privacy Act of 1974
•
B.
GLBA – Gramm-Leach-Bliley Act
•
•
•
•
C.
Ensure the security and confidentiality of customer information.
Protect against anticipated threats to the security or integrity of customer information.
Guard against unauthorized access to or use of customer information that could result in
harm or inconvenience to any customer.
Comply with applicable Gramm Leach Bliley rules as published by the Federal Trade
Commission.
HIPPA - Health Insurance Portability and Accountability Act of
1996
•
2.
3.
Protects the privacy of student education records. The law applies to all schools that receive
funds under an applicable program of the U.S. Department of Education. FERPA gives
parents certain rights with respect to their children's education records. These rights transfer
to the student when he or she reaches the age of 18 or attends a school beyond the high
school level. Students to whom the rights have transferred are "eligible students."
Protect the medical privacy of patients and health plan members. In general, HIPAA privacy
regulations allow covered health care providers and health plans to share information for the
purposes of treatment, payment, and health care operations
SSN Usage
IT Resources Usage
Slide 7
1.
Identity Theft – How does it work?
1.
Collect information – fill in the blanks
1.
2.
SSN, Name, Address, Phone, Family Members,
Maiden Name, Email
Complete Credit Card Application or Online Loan
Application
Slide 8
1.
Exploits: Viruses, Worms, HackerDefender, Remote-Control
Slide 9
1.
Network Applications: How they work and how they are
exploited
1.
PORTS – Windows to the world
2.
Port Scanning, DDOS, IP Spoofing / SYN Flooding,
Network Sniffing http://www.ciac.org/ciac/bulletins/g-48.shtml
3.
A compromised computer can spread its infection
though Address Books, Buddy Lists, Networked File
Servers, Etc.
Slide 10
Instant messaging security attacks soar 2,700%
by Antony Savvas
Friday 8 July 2005
The threat of new instant messaging security attacks to enterprises has rocketed
2,700% in the second quarter of the year, according to instant messaging
security researcher IMlogic.
During the second quarter IMlogic issued 15 priority IM security alerts to enterprises and
says it tracked more than 540 new IM security threats in the wild.
IMlogic said corporate environments were being increasingly targeted and that
businesses had to prepare for and defend against such threats.
IMlogic said 70% of reported infections from IM malware it tracked affected enterprises
using popular IM applications such as AOL Instant Messenger, MSN Messenger,
Windows Messenger, and Yahoo! Messenger.
The increasing IM threat is one reason why some companies have attempted to stop
employees using instant messaging altogether, despite its popularity among disparate
sales and marketing teams, among others.
http://www.computerweekly.com/Articles/Article.aspx?liArticleID=210766
Slide 11
The IMlogic Threat Center believes that the increase in attacks in Q1
and Q2 2005 are attributed to virus writers and attackers focusing on
the IM and P2P channel as a vector for communication, infection
and propagation. Attacks that uniquely targeted IM and P2P in 2005
are increasing in both distribution and sophistication, exploiting
known application and end-user vulnerabilities. The IMlogic Threat
Center expects that both IM and P2P specific attacks, and the
inclusion of IM and P2P in blended-threats, will increase
substantially throughout 2005.
The IMlogic Threat Center expects that IM attacks will continue to
spread rapidly given the real-time nature of the transport protocol
and the lack of IT network security for real-time protection and
quarantine.
Slide 12
1.
Countermeasures: Anti-Virus software, Firewalls, Software
Patches
Slide 13
1.
Best Practices
Slide 14
1.
COE Security Policy
Slide 15
1.
Questions