Physical Meets Cyber (IDS meets GIS) Randy Marchany VA Tech IT Security Office and Lab

Transcription

1 Physical Meets Cyber (IDS meets GIS) Randy Marchany VA Tech IT Security Office and Lab

2 Who Am I? Been working in IT Security since 1992 SANS Institute Instructor #2 Educause, SANS, IIA, IEEE, ACM, CIS, various cybersecurity task forces ISO at VA Tech 40K node network. dual stack IPV4, IPV6 network since 2006 Multi-national Main campus (Blacksburg, VA), Remote campuses (Arlington, Norfolk, VA), Swiss My IT Security Philosophy All Security is Local Empower the local departmental IT staff The Business Process trumps the Security Process if there s a conflict Learn the business process before imposing security requirements Restrictive security practices cause worse problems overall (c) Marchany

3 VT Cyber Security Strategy University has 3 main business processes Academic, Administrative, Research Academic Open access needed THE ISP MODEL Internet of Things Administrative Traditional corporate security model Research Hybrid Open access Restricted research, e.g. ITAR Must design a strategy that covers all 3 areas 20 Critical Controls 3

4 Continuous Monitoring Keeping someone from getting inside has failed miserably Firewalls are not effective PROTECTION devices. They are effective DETECTION devices Change the strategy Assume they are in so go hunt for the compromised hosts Monitor outbound traffic Prevent their command and control communication Inbound monitors server side attacks; outbound monitors client side attacks 4

5 5

6 Smartphone Tracking w/ipv6 11:27 AM 11:38 AM 11:20 AM 11:18 AM 11:13 AM Simple tracking a host throughout campus Filtering target traffic was trivial (c) Marchany

7 7 Internet Of Things - 1

8 8 Internet Of Things - 2

9 (c) Marchany

10 CyberSecurity Operations Center Security Operations Center (SOC) term is being taken over by physical surveillance companies A Cyber Security Operations Center (CSOC) that doesn t have any physical surveillance capability. It could be a component of a SOC in the future 10

11 Converged Security Converged Technologies for Security, Safety, and Resilience (CTSSR) is creating a competitive advantage for the university by promoting innovative uses of technology for campus safety and security. CTSSR is a resource for campus first responders and others in the VP for Administrative Services area, helping them keep the campus safe and secure. 11

12 GIS Services - 1 Helping to make the Virginia Tech campus map interactive. 12

13 GIS Services - 3 Enterprise GIS has developed a tool that displays an estimate of the number of people occupying general use classrooms and dining facilities, hour by hour, throughout a typical week. The data are generalized and aggregated in general estimates for each building on campus at a given time. 13

14 GIS Services - 5 Analytical data from the Gameday GIS could be visualized by the leadership of the VTPD and OEM, and the data helped inform a shift in the overall policing strategy inside Lane Stadium for home football games. Analysis of this data as applied to subsequent stadium events enabled emergency responders to use personal resources more efficiently and effectively in maintaining security and safety at large stadium events. 14

15 15

16 GIS Services - 7 The Virginia Tech Police Department is developing a prototype of an interactive, searchable incident map using GIS and other geospatial visualization applications. The ease of use for an array of visualization tools and techniques means that law enforcement officers can use the resource immediately, without additional training or instruction. 16

17 17

18 18

19 19

20 20

21 21

22 22

23 23

24 24

25 25

26 26

27 27

28 Challenges Funding Commercial/Freeware + Infrastructure + Staff Salaries Training 1 st level needs specialized training Not just point & clickers Process Find the data, get access to the data Help Desk Trouble Ticket process Technology Backbone speeds, MPLS, IPV6 Sensor placement inline or span port 28

29 Futures There are commercial tools that do all of this They cost lots of $$$ We don t have lots of $$$ Had to grow our own Improves our skill set, proactive and reactive capabilities We can better evaluate commercial products because of our experience 29

30 Contact Information Randy Marchany VA Tech IT Security Office & Lab 1300 Torgersen Hall Blacksburg, VA Blog: Randymarchany.blogspot.com 30