Physical Meets Cyber (IDS meets GIS) Randy Marchany VA Tech IT Security Office and Lab marchany@vt.edu

Similar documents
Building a Security Operations Center. Randy Marchany VA Tech IT Security Office and Lab marchany@vt.edu

POLIWALL: AHEAD OF THE FIREWALL

POLIWALL: AHEAD OF THE FIREWALL

Disaster Recovery Design Ehab Ashary University of Colorado at Colorado Springs

Personal Security Practices of the CAO

Threat Management: Incident Handling. Incident Response Plan

NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT

Lab Developing ACLs to Implement Firewall Rule Sets

Virginia Tech Graduate Online Certificate In Local Government Management Online Application Guide October 2014

Best Practices for Building a Security Operations Center

Cloud Computing Security Issues

Unified Security, ATP and more

CyberNEXS Global Services

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Cyber Security Operations Center (CSOC) for Critical Infrastructure Protection

Serial Deployment Quick Start Guide

Core Data Service 2015 IT Domain Definition Change Overview

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

Lessons Learned and Key Recommendations from the Virginia Tech Tragedy

THREAT VISIBILITY & VULNERABILITY ASSESSMENT

PowerLink Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions

FIREWALL POLICY DOCUMENT

Next Generation Network Firewall

Introduction of Intrusion Detection Systems

Configuring Personal Firewalls and Understanding IDS. Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA

Cybersecurity Delivering Confidence in the Cyber Domain

CCNA Security 1.1 Instructional Resource

EMERGENCY NOTIFICATION SYSTEM PROTOCOLS

Course Contents CCNP (CISco certified network professional)

Firewall Configuration. Firewall Configuration. Solution Firewall Principles

Setting the Standard for Safe City Projects in the United States

Security Incident Management Essentials Compiled as a service to the community by Internet2, EDUCAUSE, and REN-ISAC

North American Electric Reliability Corporation (NERC) Cyber Security Standard

Intrusion Detection Systems. Darren R. Davis Student Computing Labs

The Emergency Notification System and Protocol at Virginia Tech

Network Security Monitoring

IT AUDIT WHO WE ARE. Current Trends and Top Risks of /9/2015. Eric Vyverberg. Randy Armknecht. David Kupinski

Remote Infrastructure Management Emergence of the Cloud-based Helpdesk

Troubleshooting and Maintaining Cisco IP Networks Volume 1

Going Critical. How to Design Advanced Security Networks for the Nation s Infrastructure. w w w. G a r r e t t C o m. C o m

Open Source Incident Management Tool for CSIRTs

Six Days in the Network Security Trenches at SC14. A Cray Graph Analytics Case Study

Stateless Packet Filtering Firewall on the NIC & Address Based Filtering

Redefine Network Visibility in the Data Center with the Cisco NetFlow Generation Appliance

STRATEGIC POLICY. Information Security Policy Documentation. Network Management Policy. 1. Introduction

Network Service, Systems and Data Communications Monitoring Policy

InfoSec Academy Pen Testing & Hacking Track

5.0 Network Architecture. 5.1 Internet vs. Intranet 5.2 NAT 5.3 Mobile Network

A HELPING HAND TO PROTECT YOUR REPUTATION

Bricata Next Generation Intrusion Prevention System A New, Evolved Breed of Threat Mitigation

When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking.

Chapter 1 Instructor Version

Websense Messaging Security Solutions. Websense Security Websense Hosted Security Websense Hybrid Security

Southwest Arkansas Telephone Cooperative Network Management Practices

Utility-Scale Applications of Microgrids: Moving Beyond Pilots Cyber Security

CAREER TRACKS PHASE 1 UCSD Information Technology Family Function and Job Function Summary

Breaking the Cyber Attack Lifecycle

POWERFUL SOFTWARE. FIGHTING HIGH CONSEQUENCE CYBER CRIME. KEY SOLUTION HIGHLIGHTS

Office of Information Technology Service Catalog FY2015

SECURITY 2.0 LUNCHEON

NETWORK TO NETWORK INTERFACE PLAN

SITUATIONAL AWARENESS MITIGATE CYBERTHREATS

INFORMATION TECHNOLOGY SERVICES TECHNICAL SERVICES June 2012

GMI CLOUD SERVICES. GMI Business Services To Be Migrated: Deployment, Migration, Security, Management

The City of Scottsdale. Business Intelligence Strategic Plan

Developing an Architectural Framework towards achieving Cyber Resiliency. Presented by Deepak Singh

Cyber Security Metrics Dashboards & Analytics

Campus-wide Firewall Project. Anne Oribello, Brown University

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

Cybersecurity AAS Program

Managing Latency in IPS Networks

Managing Network-related Risk for SMEs

Lab Configure and Test Advanced Protocol Handling on the Cisco PIX Security Appliance

Pervasive Security Enabled by Next Generation Monitoring Fabric

N-Dimension Solutions Cyber Security for Utilities

Injazat s Managed Services Portfolio

KASPERSKY ANTI-MALWARE PROTECTION SYSTEM BE READY FOR WHAT S NEXT. Kaspersky Open Space Security

Secure Access into Industrial Automation and Control Systems Industry Best Practice and Trends. Serhii Konovalov Venkat Pothamsetty Cisco

Transcription:

Physical Meets Cyber (IDS meets GIS) Randy Marchany VA Tech IT Security Office and Lab marchany@vt.edu

Who Am I? Been working in IT Security since 1992 SANS Institute Instructor #2 Educause, SANS, IIA, IEEE, ACM, CIS, various cybersecurity task forces ISO at VA Tech 40K node network. dual stack IPV4, IPV6 network since 2006 Multi-national Main campus (Blacksburg, VA), Remote campuses (Arlington, Norfolk, VA), Swiss My IT Security Philosophy All Security is Local Empower the local departmental IT staff The Business Process trumps the Security Process if there s a conflict Learn the business process before imposing security requirements Restrictive security practices cause worse problems overall (c) Marchany 2015 2

VT Cyber Security Strategy University has 3 main business processes Academic, Administrative, Research Academic Open access needed THE ISP MODEL Internet of Things Administrative Traditional corporate security model Research Hybrid Open access Restricted research, e.g. ITAR Must design a strategy that covers all 3 areas 20 Critical Controls 3

Continuous Monitoring Keeping someone from getting inside has failed miserably Firewalls are not effective PROTECTION devices. They are effective DETECTION devices Change the strategy Assume they are in so go hunt for the compromised hosts Monitor outbound traffic Prevent their command and control communication Inbound monitors server side attacks; outbound monitors client side attacks 4

5

Smartphone Tracking w/ipv6 11:27 AM 11:38 AM 11:20 AM 11:18 AM 11:13 AM Simple tracking a host throughout campus Filtering target traffic was trivial (c) Marchany 2011 6

7 Internet Of Things - 1

8 Internet Of Things - 2

(c) Marchany 2011 9

CyberSecurity Operations Center Security Operations Center (SOC) term is being taken over by physical surveillance companies A Cyber Security Operations Center (CSOC) that doesn t have any physical surveillance capability. It could be a component of a SOC in the future 10

Converged Security Converged Technologies for Security, Safety, and Resilience (CTSSR) is creating a competitive advantage for the university by promoting innovative uses of technology for campus safety and security. http://www.it.vt.edu/ctssr/ CTSSR is a resource for campus first responders and others in the VP for Administrative Services area, helping them keep the campus safe and secure. 11

GIS Services - 1 Helping to make the Virginia Tech campus map interactive. 12

GIS Services - 3 Enterprise GIS has developed a tool that displays an estimate of the number of people occupying general use classrooms and dining facilities, hour by hour, throughout a typical week. The data are generalized and aggregated in general estimates for each building on campus at a given time. 13

GIS Services - 5 Analytical data from the Gameday GIS could be visualized by the leadership of the VTPD and OEM, and the data helped inform a shift in the overall policing strategy inside Lane Stadium for home football games. Analysis of this data as applied to subsequent stadium events enabled emergency responders to use personal resources more efficiently and effectively in maintaining security and safety at large stadium events. 14

15

GIS Services - 7 The Virginia Tech Police Department is developing a prototype of an interactive, searchable incident map using GIS and other geospatial visualization applications. The ease of use for an array of visualization tools and techniques means that law enforcement officers can use the resource immediately, without additional training or instruction. 16

17

18

19

20

21

22

23

24

25

26

27

Challenges Funding Commercial/Freeware + Infrastructure + Staff Salaries Training 1 st level needs specialized training Not just point & clickers Process Find the data, get access to the data Help Desk Trouble Ticket process Technology Backbone speeds, MPLS, IPV6 Sensor placement inline or span port 28

Futures There are commercial tools that do all of this They cost lots of $$$ We don t have lots of $$$ Had to grow our own Improves our skill set, proactive and reactive capabilities We can better evaluate commercial products because of our experience 29

Contact Information Randy Marchany VA Tech IT Security Office & Lab 1300 Torgersen Hall Blacksburg, VA 24060 540-231-9523 marchany@vt.edu http://security.vt.edu Twitter: @randymarchany Blog: http://www.securitycurrent.com/en/writers/randymarchany Randymarchany.blogspot.com 30