Higher Education and Microsoft Security Partnership - PowerPoint PPT Presentation

1 / 20
About This Presentation
Title:

Higher Education and Microsoft Security Partnership

Description:

Higher Education and Microsoft Security Partnership. Brad Judy U ... Day-long 'table top' exercise (talking ... Arbor Peakflow. flow-tools. DNS infrastructure ... – PowerPoint PPT presentation

Number of Views:60
Avg rating:3.0/5.0
Slides: 21
Provided by: brad48
Category:

less

Transcript and Presenter's Notes

Title: Higher Education and Microsoft Security Partnership


1
Higher Education and Microsoft Security
Partnership
  • Brad Judy U Colo at Boulder
  • Brian Smith-Sweeney NYU
  • Sean Krulewitch Indiana U

2
Who are the players?
  • Higher education
  • REN-ISAC
  • www.ren-isac.net
  • Microsoft
  • Microsoft Security Response Center
  • www.microsoft.com/security/msrc
  • blogs.technet.com/msrc

3
Whats REN-ISAC?
  • Research and
  • Education
  • Networking
  • Information
  • Sharing and
  • Analysis
  • Center
  • R
  • E
  • N
  • -
  • I
  • S
  • A
  • C

4
Whats an ISAC?
  • Centered around national infrastructures
  • Focused on physical and cyber security
  • Vetted membership
  • Closed communities
  • Promoted by the Dept of Homeland Security

5
Other ISACs
  • Communications
  • Financial Services
  • Information Technology
  • Multi-state (state governments)
  • Surface transportation
  • Water
  • Supply chain
  • .

6
What does REN-ISAC do?
  • Promotion of information sharing
  • Information gathering and analysis
  • Information products
  • Relationships with other info sources
  • Provides tools and resources
  • 24x7 Watch Desk
  • Registry of EDU security contacts

7
Information Sharing
24x7Watch Desk
Members
Information Products
Served Networks
Education
Intel Relationships
Exercises
8
Information Sharing
  • private Trust Community facilitates the sharing
    of sensitive information
  • actionable information for protection and
    response
  • Information Products and peer sharing
  • within Trusted Communities
  • members
  • intel relationships
  • Trust Community channels
  • private mailing list
  • secure IRC
  • community web portal
  • incident data downloads
  • outside the Trust Community
  • non-member .edu
  • we send notifications of compromised machines

9
  • Daily Weather Report provides situational
    awareness
  • Alerts provide timely information concerning new
    or increasing threat.
  • Notifications are sent to contacts at sources and
    targets of active threat or incident involving
    member networks.
  • Threat Information Resources provide information
    regarding known active sources of threat.
  • Monitoring views provide aggregate information
    for situational awareness.

Information Products
10
  • TechBurst webcasts inform on technical topics
    relevant to security protection and response are
    presented monthly by members. Examples include
  • BotNet Detection Using DNS Methods
  • Netflow Advanced Topics
  • DNS Protocols, Operation and Security
  • Advisories inform regarding specific practices or
    approaches that can improve security posture.
  • Peer interaction (IRC and mailing list)

Education
11
  • Internet2 Abilene Operational security exercises
  • First held November 2005
  • Day-long table top exercise (talking only, no
    flows)
  • Abilene backbone infrastructure attacks, 2
    scenarios
  • Report identifies 40 observations
  • Second (date TBD) will include domestic and
    international participants

Exercises
12
  • monitors and sensors
  • REN-ISAC darknet
  • Shared Darknet Project (R-I / CSI2)
  • netflow collection and analysis
  • Traffic Grapher
  • Arbor Peakflow
  • flow-tools
  • DNS infrastructure monitoring
  • services
  • malware analysis system (dev)
  • passive DNS replication service (dev)
  • .edu notification system
  • Cyber Security Registry (dev)
  • wiki
  • IRC
  • listserv
  • community portal
  • RENOIR (WPI / CSI2 dev)

13
  • Rich information about .edu security contacts
    people and institutions (under development)

14
24x7Watch Desk
15
Compromised System Notifications to .edu
Botnet Command and Control Hosts
Infected Hosts
Unique RE Institutions
16
.EDU Storm Worm Daily Notifications from REN-ISAC
Notifications quickly and dramatically blunted
the severity of Storm infection in .EDU
17
Who is in the REN-ISAC?
  • Institutes of higher education, research
    organizations, teaching hospitals
  • Membership restructuring coming, currently
  • Permanent staff with campus-wide security role
  • Vetted by other members
  • More than 400 members
  • More than 200 institutions

18
Membership
People
Orgs.
19
REN-ISAC and Microsoft
  • Formal agreement between REN-ISAC and Microsoft
  • Based on MS Security Cooperation Program
  • http//www.microsoft.com/industry/publicsector/gov
    ernment/programs/SCP.mspx
  • Similar to arrangement with the Multi-state ISAC

20
Microsoft Analysis Team
  • Members of REN-ISAC with particular
    expertise/experience with MS technologies
  • Ryan Eads, University of Illinois,
    Urbana-Champaign
  • Brad Judy, University of Colorado, Boulder
  • Sean Krulewitch, Indiana University
  • Daniel Schwalbe, University of Washington
  • Brian Smith-Sweeney, New York University
  • Doug Pearson, REN-ISAC / Indiana University

21
Microsoft Security Response Center (MSRC)
  • Mission protect customers from vulnerabilities
    in MS software
  • Hub of Microsoft security response
  • Issues the bulletins and advisories
  • Pro-active and reactive responses to security
    issues
  • Incident response

22
MAT resource access
  • Access to PSS-Sec
  • Access to MS Security Response Alliance portal

23
MAT information sharing
  • Conduit between REN-ISAC and MS
  • Premier Support Services Security cases (PSS-Sec)
  • Contact with MSRC
  • Contact with others in MS
  • Resource for members with questions on MS
    security topics

24
MAT other services
  • Analysis of MS releases
  • Patch Tuesday analysis
  • Out-of-band patches
  • Security advisories
  • Emergency response coordination with MS and
    higher-ed via REN-ISAC
  • Education activities

25
REN-ISAC/MAT projects
  • Helping MS improve MSRT
  • Improved malware submission/malware sandbox
  • Coordination of research efforts within REN-ISAC
    and higher-ed

26
REN-ISAC contacts
  • ren-isac_at_ren-isac.net
  • http//www.ren-isac.net
  • 24x7 Watch Desk 1(317)278-6630

27
(No Transcript)
Write a Comment
User Comments (0)
About PowerShow.com