Computer Security in Higher Education - PowerPoint PPT Presentation

Computer security in higher education
1 / 40

  • Uploaded on
  • Presentation posted in: General

Computer Security in Higher Education. David Brumley Things To Come. Need for policies and procedures Proper staffing and funding Clear, consistent, and followed plans. Stanford Infrastructure. 55,000 registered nodes 58,000 active principles

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

Download Presentation

Computer Security in Higher Education

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

Computer security in higher education

Computer Security inHigher Education


Things to come

Things To Come

  • Need for policies and procedures

  • Proper staffing and funding

  • Clear, consistent, and followed plans

Stanford infrastructure

Stanford Infrastructure

  • 55,000 registered nodes

  • 58,000 active principles

  • 800 MB/day web data alone

  • 3.5 million/day email messages

  • 200 to 700 mb/s bandwidth

Why security

Why Security?

  • Do your users have any expectation of privacy?

  • Do you have assets that need protecting?

  • Have you considered the cost of system compromises vs. protection?

Attacks happen

Attacks Happen

Incident type comparison



Incident Type Comparison

Worried about privacy

Worried about Privacy?

  • School Records

    • Directories (FERPA)

    • Email

    • Homework

  • Hospital/Medical Records

    • HIPPA

Computer security is

Computer Security Is...

Primarily risk management by ensuring:

  • Confidentiality

  • Integrity

  • Availability

System confidentiality

System Confidentiality

[root@topsecret cctest]# pwd


[root@topsecret cctest]# strings customer.MYD

david brumley

351 Monroe Palo Alto

Anton Ushakov

590 Escondido Mall

Russ Alberry

101 Great America Parkway

[root@topsecret cctest]# strings orders.MYD

9 piece knife set



Sickle and Hammer



3 towels



  • Many believe there is nothing valuable on their system, but:

  • System can serve to launch attacks

  • There may be unexpected information on the host

Network confidentiality

Network Confidentiality


Hacker listening regardless of MAC





Network sniffers

Network Sniffers

psych-Wylie-NT.Stanford.EDU => pobox3.Stanford.EDU [110]

USER sleeples

PASS password




----- [FIN]

psych-3354-dreamscape.Stanford.EDU => daydream.Stanford.EDU [23]








----- [Timed Out]

voodoo.Stanford.EDU => lucas.Stanford.EDU [21]

(#USER menon

PASS password3


PORT 171,65,60,163,5,104


CWD /home/pub/gary

CWD /home/pub/

CWD /home/

----- [Timed Out]

psych-3367-macG3.Stanford.EDU => elaine18.Stanford.EDU [23]


& #'$&&Y`&&VT100&

wl\cfCCSDK) >aWHW^H


`&$$ vQa;j:T8%H>VzL d>7s_

----- [Timed Out]

University of washington sniffer

University Of Washington Sniffer

Summer 2000:

  • NT IIS Web Server compromise

  • Password sniffer installed

  • Exposed 5000 medical records

Ensuring confidentiality

Ensuring Confidentiality

  • Strong Authentication

    • No clear text logins

      • Kerberos

      • SSH

  • Strong Authorization

    • AFS

    • Directory ACL’s



Populating the kdc

Populating the KDC

Compromises of integrity

Compromises of Integrity

  • ls (dir) - doesn’t show intruders files

  • ps (task manager) - doesn’t show intruders processes

  • ifconfig - doesn’t show interface in promisc mode

  • zap - cleans log files

  • fix - fixes timestamp and checksum info

  • chfn - gives root shell with proper arg

  • login - gives root shell w/ proper password

  • inetd (runs network services like “telnet”) - gives full access on a particular port

Integrity compromise example

Integrity Compromise Example

Normal System:

sunset:security> telnet elaine


Connected to

Escape character is '^]'.

UNIX(r) System V Release 4.0 (elaine21.Stanford.EDU)

elaine21.Stanford.EDU login:

Hacked System:

sunset:security> telnet jimi-hendrix 1524


Connected to jimi-hendrix.Stanford.EDU (

Escape character is '^]'.

# ls -altr /;

total 1618

-r-xr-xr-x 1 root root 1541 Oct 14 1998 .cshrc

drwx------ 2 root root 8192 Apr 14 1999 lost+found

drwxr-xr-x 1 root root 9 Apr 14 1999 bin

drwxrwxr-x 2 root sys 512 Apr 14 1999 mnt

Ensuring integrity axioms

Ensuring Integrity - Axioms

  • All programs are buggy

    • The larger the program, the more bugs it will have

  • If a program isn’t ran, it doesn’t matter if it’s buggy

    • Hosts should run as few services as possible

Building integrity

Building Integrity

  • Create easy to use resources for system security:

    • Templates

    • Distributions

    • Best use documents

  • Defense in Depth is the goal

Threats to availability

Threats to Availability

  • System intrusion

  • Denial of Service Attack

  • Domain Name Hijack/Modifications

Rsa com s availability

RSA.COM’s Availability

The master plan

The Master Plan

  • Asses situation

  • Create policies, procedures, and implementation plan

  • Create infrastructure

  • Maintain infrastructure

  • Lather, rinse, repeat.

Getting started

Getting Started

  • Assessing where you are at:

    • What policies exist?

    • What staff is already in place?

    • What services are offered?

    • What services will be offered?

Policy key points

Policy Key Points

  • What are you protecting?

  • Who has authority?

  • What are the resources for?

  • What organizational units are there?

The key

The Key

The policy must be approved at the highest levels in order to deal with irate:

  • Nobel prize laureates

  • Crafty Students

  • Other political entities

Security office plan

Security Office Plan

  • Plan base authentication, authorization, and integrity mechanisms

  • Work with infrastructure groups to utilize security resources

  • Educated the community

Creating infrastructure

Creating Infrastructure

Major points in an assessment:

  • Create scalable architectures

  • Create robust architectures

  • Create low-risk architectures

Ex integrating kerberos

Ex: Integrating Kerberos

Allocating resources

Allocating Resources

  • Staff and budget are needed, but security gets easier and cheaper as time goes on.

  • Fundamental knowledge for computer security staff is knowledge of operating systems and programming

  • Leverage off existing infrastructure to minimize long-term cost

The benefits

The Benefits

  • Guaranteed and quick response

  • Guaranteed responsibility

  • Protection

  • Be a good net-citizen

Quick response

Quick Response

From: xxxx@leland.Stanford.EDU

Sent: Saturday, May 29, 1999 5:46 AM


As we'll know how fxxxxx Stanford housing situation is, still our

hypocrit spic-and-nigger loving administration has done nothing but

keep accepting more and more of these motherxxxxx black jelly


These dirty cheating son of xxxxx



Firstname Lastname

Engineering-Economic Systems & Operations Research


Stanford University

Stanford CA 94305

Quick response1

Quick Response

  • August 8, 1999

    • 46 Solaris machines compromised

    • trin00 installed

    • 24 hours for cleanup

  • Quite possibly avoided large scale internet attack



  • SULinux

  • Best use documents

  • Policy enforcement

Public service

Public Service

  • Feb 1999 - ShadowKnight compromises Stanford hosts

  • Feb 1999 - Aug 1999 Stanford monitors hacker

  • Nov 2000 - Jason Diekman, aka ShadowKnight, convicted



  • Assess critical infrastructure security

  • Legal point of contact for problems

  • Advise and help deploy security infrastructure

  • Help keep network available for academic use



  • Need policies and procedures

  • Need staff

  • Need Plan

    It really is that easy!



  • Slides available at

  • See handout for additional resources

  • Login