IT Security OfficeLaboratory Projects

1
IT Security Office/Laboratory Projects

• Wayne Donald
• Randy Marchany
• VT IT Security Office Laboratory

2
University Security Office
3
Major Project Areas

• System Configuration
• Security Awareness Training Programs
• Risk Analysis improvement (internal
  departments)
• Center for Internet Security
• SANS
• Academic Projects
• VT-CIRT
• PKI

4
IT Security Office Staff Positions

• IT Security Analyst
• Pre-audit departmental servers that store
  sensitive data
• GRA
• Aid in lab configuration and testing
• Not tied to a particular dept

5
ISO Project Intrusion Prevention System
Acquisition

• Upper administration allocated for an IPS
• Provide the capability to selectively isolate
  attacks in either direction.
• Help determine the types of attacks we see
• Bid proposal being developed now

6
ISO/Lab Project Areas

• CIS Security Benchmarks
• Windows NG XP, 2000, 2003, Cisco router
• Solaris, HPUX, AIX(under development)
• FDI, Staff
• 19 FDI sessions taught, Summer 2005
• New Employee Orientation done weekly
• Student Orientation
• GTA, Intl Student, COE Freshman

7
Security Awareness Training

• Security presentations
• FDI, orientations, colleges, professional groups,
  students
• Special presentations (for example, G-L-B Act)
• Security-related posters
• Web site http//security.vt.edu
• Security DVD for campus distribution
• Security-related classes

8
Security Awareness Training

• SANS-EDU training for EDUs
• Spring Break, 2006
• SEC 504 Hacker Techniques, Exploits and
  Incident Handling
• Taught by Ed Skoudis
• Hands-on
• 500/person or 800/person
• Registration WWW site up soon
• Available to EDUs nationally
• UMD Securing Windows (December)

9
Academic Projects

• ECE 4560 Computer Network Security
• Facility is the teaching lab
• Academic Research Projects using the Lab
• ECE
• Attacking PDA/Handheld devices (PHD) patent
  pending
• Using biological (epidemiology) techniques to
  build auto immune nets (PHD)
• Wireless Sensor Networks (PHD)
• CS
• Visualization tool for IDS (PHD)
• Modeling Attack Taxonomies (PHD)

10
VT-CIRT

• CIRT Checklist update and distribution
• Formalizes unofficial CIRT policies/procedures
• Training for non- tech CIRT members
• Police
• Legal
• Judicial Affairs
• Setting up Reporting structure
• Presentations
• Forensic Toolkit Distribution Training
• Windows, Unix toolkits built

11
Dshield

• Collect firewall logs from systems on campus
• Build database for future analysis
• Provide basic reporting tools
• Top 10 attackers
• Top 10 attacked ports
• IP address, IP subnet query
• Whois lookup tool
• Providing data for research and technical
  projects
• Running on Linux, WWW/SQL server using the NAS
  for data storage

12
Other Security Lab Services

• Security Scanning Service
• Lazy way ISO scans your system
• Half-Checknet scans resnets for vulnerabilities
  and creates trouble ticket if one is found
• Best way Use SafetyNet to scan your subnet

13
Futures Security Office

• Automate IRM tools to work with new ED
  (Critical!)
• Automate Risk Analysis process for IT
• Expand to university offices and depts
• Develop online security handbook
• Formalize policies and procedures