Securing the Ivory Tower. David Shipley, Enterprise Strategy Analyst,

Size: px

Start display at page:

Download "Securing the Ivory Tower. David Shipley, Enterprise Strategy Analyst,"

Baldric Evan Griffin
8 years ago
Views:

1 Securing the Ivory Tower David Shipley, Enterprise Strategy Analyst,

2 About David Joined UNB s IT Department in July 2012 Bachelor of Arts in Information and Communications Studies and working on an MBA Responsible for IT security investigations, policy development and behaviour change initiatives

Studies and working on an MBA Responsible for IT

3 About UNB Largest university in New Brunswick with more than 11,000 students ts and two main campuses - Fredericton and Saint John Approximately 2,000 FTE faculty and staff UNB is among the oldest public universities in North America and is the oldest Englishlanguage university in Canada

Approximately 2,000 FTE faculty and staff UNB is among the oldest

4 A long history UNB s computing centre purchased its first computer in an LGP-30

5 Notable firsts First university to develop an online library catalogue First university in Canada to provide students with an address UNB hosts the first comprehensive university website

Canada to provide students with an e-mail address

6 What does this mean? UNB s technology environment began as an academic exercise, gradually became an administrative environment as well as a teaching and learning environment While UNB s understanding and use of technology has rapidly evolved over the past 60+ years, its approach to IT security has historically lagged

administrative environment as well as a teaching and learning environment While

7 Number of US Universities and Colleges hacked since January 2013

8 A tough environment Universities and colleges are extremely difficult to defend We re orientated for openness and the sharing of information, values that are part of our DNA We have little or no control of the devices or software used on our networks

sharing of information, values that are part of our DNA We

9 Attractive targets Universities contain massive amounts of personal information They also have hundreds of millions of dollars in research data and intellectual property They also have major high speed connections and high powered machines, ideal for hijacking as a platform to attack others

data and intellectual property They also have major high speed

10 er of records that include names, social se birth dates of students, faculty and staff los University of Maryland in February

11 Oops... University reports 2nd data breach in 4 weeks (University of Maryland, March 20)

12 mber of student records exposed at Indian ersity for 11 months due to staff error (Feb

13 mber of records of students, faculty and sta ed at North Dakota University staff error (M 3)

14 n average, per record of a data breach in h education

15 ntial cost of the three e data breaches, based average per record cost

16 Data breach costs Forensics Lawyers Call Centres Communications / Public relations Identity theft protection Lawsuits

17 UNB network breach shows flaws in security - CBC New Brunswick, May 2012

18 Our wake-up call Hello Admin & Your site has been compromised I did not take nor did I leak any of the student's sensitive information. However, your site is terribly vulnerable and I suggest you patch it ADMIN!...Hugs

19 What happened next? Owned the issue, provided as much information as we could as soon as we could Began planning a complete re-architecture of our primary web server to a more secure mode (fully implemented in July 2013) Began planning for a new in-house, multimember security team Engaged an outside firm to conduct penetratio

Began planning a complete re-architecture of our primary web server to a more

20 It s not a matter of if you ll be attacked It s a matter of when It s a matter of how prepared you ll be to respond It s a matter of how well the crisis is used to improve environment

21 The Security Action Team (SAT) Core team includes: David Shipley - incident coordination, investigation, education Benjamin Steeves, Director of IT archtecture - systems and software expert Ying Zhang, senior network analyst, - network expert

22 UNB IT Security Action Team Reports to the AVP, Information Technology Services Has broad authority to act in the event of an incident or to prevent an incident, including access other staff resources as required and as situations dictate

23 Issues SAT has tackled Targeted Denial of Service attack against a residence student over xbox gaming Cyber stalking / cyber bulling Theft of graduate student research Phishing / identity theft Malware (half a dozen incidents a week)

24 How did SAT respond Worked with law enforcement and Microsoft on the xbox / DDOS incident Developed an awareness campaign around cyber stalking and cyber bullying for students Increased education around the dangers of illegal file sharing and malware Closed off remote access for vast majority of

25 rage of daily offenceses as recorded by qrad

26 are infections as noted by our Deep Disco pilot in February 2014

27 Of infections were on Student devices on our wireless network

28 Triage Daily monitoring of qradar and Deep Discovery to determine current threat level. Focus on top five threats that week, proactively respond Leverage Deep Discovery to aid in malware investigations using data from Kaspersky AV and qradar Observe trends and consider policy or

29 Leveraging Deep Discovery Began pilot in November 2013 Tool taps part of our network and correlates malicious traffic with cloud-based intelligence network and a built-in, in, VM-based malware lab Allows for quick, easy research on an infection and risk it may pose

30 International Student Visa Case A few days ago a student reported that his credit card had been compromised Compromise occurredred after he used a shared computer in the library to do a transaction Deep Discovery provided detailed history of the computer he used, indicating a multi- malware infection

31 What did we do? Within minutes of researching the infection, ou desktop team was notified and initiated steps to wipe the machine and restore it Deep Discovery detected threats hidden from the device s AV, great atly sped up reaction time and significantly cut our total time spent on the incident Previously a detailed d investigation of a device

32 ber of times Deep Discovery s virtual anal was run in February

33 ber of hours it would have taken us to do same level of investigation, per device

34 Towards a more secure future

35 So how do we change the story? Work smarter Never waste a crisis Use incidents to build case for policy changes and investment Find partners

36 Plans for the future Secure mobile devices via MDM (this year) Continue to focus on training for SAT and other key IT staff Re-architect network (on-going) Launch new awareness campaign / website (this fall) Investigate DDOS protection (1-2 years) Investigate Advanced Network Access Control solutions (1-2 years) Explore new Firewall opportunities (2-3 years)

37 Questions?

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES Leonard Levy PricewaterhouseCoopers LLP Session ID: SEC-W03 Session Classification: Intermediate Agenda The opportunity Assuming