Computer security in higher education
This presentation is the property of its rightful owner.
Sponsored Links
1 / 40

Computer Security in Higher Education PowerPoint PPT Presentation


  • 73 Views
  • Uploaded on
  • Presentation posted in: General

Computer Security in Higher Education. David Brumley [email protected] Things To Come. Need for policies and procedures Proper staffing and funding Clear, consistent, and followed plans. Stanford Infrastructure. 55,000 registered nodes 58,000 active principles

Download Presentation

Computer Security in Higher Education

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Computer security in higher education

Computer Security inHigher Education

David [email protected]


Things to come

Things To Come

  • Need for policies and procedures

  • Proper staffing and funding

  • Clear, consistent, and followed plans


Stanford infrastructure

Stanford Infrastructure

  • 55,000 registered nodes

  • 58,000 active principles

  • 800 MB/day web data alone

  • 3.5 million/day email messages

  • 200 to 700 mb/s bandwidth


Why security

Why Security?

  • Do your users have any expectation of privacy?

  • Do you have assets that need protecting?

  • Have you considered the cost of system compromises vs. protection?


Attacks happen

Attacks Happen


Incident type comparison

FY97

FY00

Incident Type Comparison


Worried about privacy

Worried about Privacy?

  • School Records

    • Directories (FERPA)

    • Email

    • Homework

  • Hospital/Medical Records

    • HIPPA


Computer security is

Computer Security Is...

Primarily risk management by ensuring:

  • Confidentiality

  • Integrity

  • Availability


System confidentiality

System Confidentiality

[[email protected] cctest]# pwd

/var/lib/mysql/cctest

[[email protected] cctest]# strings customer.MYD

david brumley

351 Monroe Palo Alto

Anton Ushakov

590 Escondido Mall

Russ Alberry

101 Great America Parkway

[[email protected] cctest]# strings orders.MYD

9 piece knife set

34233394134272MasterCard

9910

Sickle and Hammer

543543545345452Visa

0120

3 towels

656565655555Visa

9920

  • Many believe there is nothing valuable on their system, but:

  • System can serve to launch attacks

  • There may be unexpected information on the host


Network confidentiality

Network Confidentiality

H

Hacker listening regardless of MAC

A

B

DST MAC A

DST MAC B


Network sniffers

Network Sniffers

psych-Wylie-NT.Stanford.EDU => pobox3.Stanford.EDU [110]

USER sleeples

PASS password

STAT

UIDL

QUIT

----- [FIN]

psych-3354-dreamscape.Stanford.EDU => daydream.Stanford.EDU [23]

!'''#P

38400,38400#dreamscape.stanford.edu:0'DISPLAYdreamscape.stanford.edu:0XTE

R

Moscar

password2

elm

jjjjjjjjjjjjjjjjjjjjjj

----- [Timed Out]

voodoo.Stanford.EDU => lucas.Stanford.EDU [21]

(#USER menon

PASS password3

SYST

PORT 171,65,60,163,5,104

LIST

CWD /home/pub/gary

CWD /home/pub/

CWD /home/

----- [Timed Out]

psych-3367-macG3.Stanford.EDU => elaine18.Stanford.EDU [23]

%%jboyett%IR.STANFORD.EDU@(P^$:-)':ca<`%.+vc6s}DF~T[f8FLc|vI;#wG\CN6MYlP%6M-&&&&

& #'$&&Y`&&VT100&

wl\cfCCSDK) >aWHW^H

>rGhsN{q0jxU

`&$$ vQa;j:T8%H>VzL d>7s_

----- [Timed Out]


University of washington sniffer

University Of Washington Sniffer

Summer 2000:

  • NT IIS Web Server compromise

  • Password sniffer installed

  • Exposed 5000 medical records


Ensuring confidentiality

Ensuring Confidentiality

  • Strong Authentication

    • No clear text logins

      • Kerberos

      • SSH

  • Strong Authorization

    • AFS

    • Directory ACL’s


Kerberos

Kerberos


Populating the kdc

Populating the KDC


Compromises of integrity

Compromises of Integrity

  • ls (dir) - doesn’t show intruders files

  • ps (task manager) - doesn’t show intruders processes

  • ifconfig - doesn’t show interface in promisc mode

  • zap - cleans log files

  • fix - fixes timestamp and checksum info

  • chfn - gives root shell with proper arg

  • login - gives root shell w/ proper password

  • inetd (runs network services like “telnet”) - gives full access on a particular port


Integrity compromise example

Integrity Compromise Example

Normal System:

sunset:security> telnet elaine

Trying 171.64.15.86...

Connected to elaine21.stanford.edu.

Escape character is '^]'.

UNIX(r) System V Release 4.0 (elaine21.Stanford.EDU)

elaine21.Stanford.EDU login:

Hacked System:

sunset:security> telnet jimi-hendrix 1524

Trying 171.65.38.180...

Connected to jimi-hendrix.Stanford.EDU (171.65.38.180).

Escape character is '^]'.

# ls -altr /;

total 1618

-r-xr-xr-x 1 root root 1541 Oct 14 1998 .cshrc

drwx------ 2 root root 8192 Apr 14 1999 lost+found

drwxr-xr-x 1 root root 9 Apr 14 1999 bin

drwxrwxr-x 2 root sys 512 Apr 14 1999 mnt


Ensuring integrity axioms

Ensuring Integrity - Axioms

  • All programs are buggy

    • The larger the program, the more bugs it will have

  • If a program isn’t ran, it doesn’t matter if it’s buggy

    • Hosts should run as few services as possible


Building integrity

Building Integrity

  • Create easy to use resources for system security:

    • Templates

    • Distributions

    • Best use documents

  • Defense in Depth is the goal


Threats to availability

Threats to Availability

  • System intrusion

  • Denial of Service Attack

  • Domain Name Hijack/Modifications


Rsa com s availability

RSA.COM’s Availability


The master plan

The Master Plan

  • Asses situation

  • Create policies, procedures, and implementation plan

  • Create infrastructure

  • Maintain infrastructure

  • Lather, rinse, repeat.


Getting started

Getting Started

  • Assessing where you are at:

    • What policies exist?

    • What staff is already in place?

    • What services are offered?

    • What services will be offered?


Policy key points

Policy Key Points

  • What are you protecting?

  • Who has authority?

  • What are the resources for?

  • What organizational units are there?


The key

The Key

The policy must be approved at the highest levels in order to deal with irate:

  • Nobel prize laureates

  • Crafty Students

  • Other political entities


Security office plan

Security Office Plan

  • Plan base authentication, authorization, and integrity mechanisms

  • Work with infrastructure groups to utilize security resources

  • Educated the community


Creating infrastructure

Creating Infrastructure

Major points in an assessment:

  • Create scalable architectures

  • Create robust architectures

  • Create low-risk architectures


Ex integrating kerberos

Ex: Integrating Kerberos


Allocating resources

Allocating Resources

  • Staff and budget are needed, but security gets easier and cheaper as time goes on.

  • Fundamental knowledge for computer security staff is knowledge of operating systems and programming

  • Leverage off existing infrastructure to minimize long-term cost


The benefits

The Benefits

  • Guaranteed and quick response

  • Guaranteed responsibility

  • Protection

  • Be a good net-citizen


Quick response

Quick Response

From: [email protected]

Sent: Saturday, May 29, 1999 5:46 AM

Subject:

As we'll know how fxxxxx Stanford housing situation is, still our

hypocrit spic-and-nigger loving administration has done nothing but

keep accepting more and more of these motherxxxxx black jelly

beans.

These dirty cheating son of xxxxx

....[edited]....

================================================================

Firstname Lastname

Engineering-Economic Systems & Operations Research

Address

Stanford University

Stanford CA 94305

http://www.geocities.com/CollegePark/Grounds/2511


Quick response1

Quick Response

  • August 8, 1999

    • 46 Solaris machines compromised

    • trin00 installed

    • 24 hours for cleanup

  • Quite possibly avoided large scale internet attack


Protection

Protection

  • SULinux

  • Best use documents

  • Policy enforcement


Public service

Public Service

  • Feb 1999 - ShadowKnight compromises Stanford hosts

  • Feb 1999 - Aug 1999 Stanford monitors hacker

  • Nov 2000 - Jason Diekman, aka ShadowKnight, convicted


Protect

Protect

  • Assess critical infrastructure security

  • Legal point of contact for problems

  • Advise and help deploy security infrastructure

  • Help keep network available for academic use


Summary

Summary

  • Need policies and procedures

  • Need staff

  • Need Plan

    It really is that easy!


Resources

Resources

  • Slides available athttp://theorygroup.com/Theory

  • See handout for additional resources


  • Login