1 / 29

( 2011) Security Breach Compromises 75,000 Staff/Student Social Security Numbers

Image from this Site. ( 2011) Security Breach Compromises 75,000 Staff/Student Social Security Numbers. Presenters: Aron Eisold, Matt Mickelson, Bryce Nelson, Benjamin Nikolay. What Occurred. UWM discovered Malware Infection, May 25, 2011 Affected Server was I mmediately Shutdown

totie
Download Presentation

( 2011) Security Breach Compromises 75,000 Staff/Student Social Security Numbers

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Image from this Site (2011) Security Breach Compromises 75,000 Staff/Student Social Security Numbers Presenters: Aron Eisold, Matt Mickelson, Bryce Nelson, Benjamin Nikolay

  2. What Occurred • UWM discovered Malware Infection, May 25, 2011 • Affected Server was Immediately Shutdown • Authorities were called in to investigate Image from this Site ("Information on Computer," 2011)

  3. What was Found • UWM found Malware had access to SSNs, June 30, 2011 • No evidence of Identity Theft was found • No suspects were found View TMJ News Video - http://www.todaystmj4.com/news/local/127459218.html ("Information on Computer," 2011)

  4. Notification and Plan • UWM notified effected individuals, August 10, 2011 • They were asked to monitor their credit reports • UWM updated security on Servers Image from this Site ("Information on Computer," 2011)

  5. EASy Project - CobiT Evaluate Analyze Synthesize

  6. 5.1 Manage Security Measures • UWM Objective Failure • Security was updated in reaction to Breach • Risk Management Training • Re-evaluation of IS roles and responsibilities • Risk Assessment • Regular Business/IT Management Meetings • Cost = $8118 Image from this Site Analyze Synthesize

  7. 5.2 Identify, Auth., and Access • UWM Objective Failed • Inferred malware access obtained via weak Admin password • Dictionary Attack • Use Radom Password Generator • Setup automated Password Expiration • Password History • ACL Access Limitation • Hardware and Port Lockdown • Cost = $minimal Image from this Site Analyze Synthesize

  8. 5.3 Security of Online Access to Data • UWM Objective Passed • UWM has a solid “Admin Access” policy • No Recommendations Needed Image from this Site Analyze Synthesize

  9. 5.4 User Account Management • UWM Objective Passed • UWM requires use of “Strong” Passwords • Multiple characters types required • No Recommendations Needed Image from this Site Analyze Synthesize

  10. 5.5 Management Rev. of User Accounts • UWM Objective Passed • UWM requires use of “Strong” Passwords • Auditing of Passwords is performed randomly • No Recommendations Needed Image from this Site Analyze Synthesize

  11. 5.6 User Control of User Accounts • UWM Objective Failed • Inferred - Server Admin. Account Compromised • Delay in recognition of illicit activity • Provide users history of prev. activity at login. • Implement Active Directory Audit Tool (AD Audit Plus) • Cost = $7680 annually Image from this Site Analyze Synthesize

  12. 5.7 Security Surveillance • UWM Objective Failed • Insufficient audit trail to catch the intruders • Far too much elapsed time before those affected were notified • Verify existing configuration / make changes (Windows Group Policy / Auditing tools) • Research and assess possible 3rd party tools • Cost – Variable or minimal, depending on option selected Analyze Synthesize

  13. 5.8 Data Classification • UWM Objective Passed • Sensitive data classifications do exist • Data was separated and housed on different systems • No Recommendations needed Analyze Synthesize

  14. 5.9 Central Identity And Access Rights Management • UWM Objective Passed • Scalability as an enterprise level network • Thousands of user accounts and various types • No Recommendations needed Analyze Synthesize

  15. 5.10 Violation and Security Activity Reports • UWM Objective Failed • Security activity was insufficiently logged • Inability to track/catch the attacker • Checked and escaladed on a regular basis? • Refer to 5.7 recommendations • “Common Sense Security Auditing” • Cost – Variable, depending on route taken Analyze Synthesize

  16. 5.11 Incident Handling • UWM Objective Failed • Attackers were never caught • 2 months had elapsed before notifying those affected • Continuously evaluate system/audit security on a regular basis • Evaluate/revise procedures and auditing as necessary • Cost – variable to minimal Analyze Synthesize

  17. 5.12 Reaccreditation • UWM Objective Passed • UWM will setup times to perform audits on their network • No Recommendations Needed Analyze Synthesize

  18. 5.13 Counterpart Trust • UWM Objective Failed • Hacker gained access through open firewall ports • Purchase and install a new firewall • SonicWall NSA E7500 • Features Next-Generation Firewall, & Intrusion Prevention. • Cost = $35,339 Image from this Site Analyze Synthesize

  19. 5.14 Transaction Authorization • UWM Objective Failed • UWM’s spyware failed to deny the outside attacker from gaining access. • Purchase security add-ons to the NSA E7500 firewall. • Included is anti-virus and spyware, and application intelligence on the firewall. • Cost = $14,514 for 3 years. Analyze Synthesize

  20. 5.15 Nonrepudiation • UWM Objective Irrelevant • There were no transactions or digital signatures needed in this type of security breach. • No Recommendations Needed Analyze Synthesize

  21. 5.16 Trusted Path • UWM Objective Passed • UWM has a excellent records and retention policy to explain how to transfer data. • No Recommendations Needed Analyze Synthesize

  22. 5.17 Protection of Security Functions • UWM Objective Passed • Malware bypassed tamperproof security measures • Security design of infrastructure kept confidential • No Recommendations Needed Analyze Synthesize

  23. 5.18 Cryptographic Key Management • UWM Objective Failed • Cryptography Encryption Keys were not used • Unlikely attackers accessed data • Implement asymmetric database encryption • Use DSS encryption technology with private and public keys • Cost - $12,500 Analyze Synthesize

  24. 5.19 Malicious Software Prev., Detect. And Corr. • UWM Objective Failed • Failed to prevent the malware to install • Physical firewall and configuration remained private • Symantec Endpoint Protection 12.1 • SEPM Training for IT department • Policy and Procedure creation and implementation • Cost - $40.89 per device per year $3761.57 for training Analyze Synthesize

  25. 5.20 Firewall Arch. And Connect. With Public Networks. • UWM Objective Passed • No data was transmitted to the WAN • Firewall did not play a role in this incident • No Recommendations Needed Analyze Synthesize

  26. 5.21 Protection of Electronic Value • UWM Objective Irrelevant • Integrity of physical mechanisms maintained • Unrelated to physical access or authentication of foreign devices. • No Recommendations Needed Analyze Synthesize

  27. End of Presentation EASy as Pie!

  28. End of Presentation EASy as Pie!

  29. End of Presentation EASy as Pie!

More Related