Computer and Network Security Issues

1
Computer and Network Security Issues the
Security Officers Perspective

• (Can we talk?)

2
The University Problem

• Insecure systems, networks and applications
• Insufficient numbers of trained personnel
• Extremely wide-ranging user requirements
• The Barbarians are sometimes inside the gates
• Exploit tools simple enough for a 10 year old
  security tools incomprehensible to anyone who
  wasnt raised with computers
• High speed connectivity. (Flooding and warez
  trading can be done at extremely fast speeds)

3
In Short...
We are a very attractive target.
4
And We Are Not the Only Ones

• Anywhere there is a combination of high speed
  connectivity, static addresses, frequently on
  systems and inexperienced administrators (or
  users acting in that capacity), the same problem
  exists
• Probes come equally if not more frequently from
  DSL and cable modem sites as from other
  Universities

5
Selected Intrusion Techniques

• Probes
• Floods (non-distributed) and Distributed Denial
  of Service Attacks
• Log modification (rootkit)
• Windows most frequently targetted, though no OS
  is immune
• Combo Plate - Multiple attacks combined - may
  involve multiple OS
• Variation on theme Virii may insert other
  malicious code (trojans, keystroke monitors)

6
How Often Are We Probed?

• Managed Security Services trial 3 networks, 2
  hosts devices
• Single month on these networks/hosts
• 49,162 events detected
• Penn State Intrusion Detection/Prevention Trial
  10 Networks, multiple campuses (5350 IP
  addresses)
• Average Daily Alerts 355,607

7
(No Transcript)
8
(No Transcript)
9
Solutions

• A Miracle?
• Failing that better implementation of defense in
  depth
• Both Barrier and Detection Technology
• Training (but that wont do it all)
• Sharing (FIRST, REN-ISAC, I2/EDUCAUSE, CIC-SWG)
• Better Vendor Products, Hopefully