1 / 12

The Threat from Within

The Threat from Within. Anne Oribello Brown University Anne_Oribello@Brown.Edu. The Threat from Within. Problems: departments want to compete with peers at other schools to incorporate technology into their programs

Télécharger la présentation

The Threat from Within

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. The Threat from Within Anne Oribello Brown University Anne_Oribello@Brown.Edu

  2. The Threat from Within • Problems: • departments want to compete with peers at other schools to incorporate technology into their programs • vendors add web based front ends and insist users move to that platform for software support

  3. Threat from Within (cont.) • Faculty read about new a technology and obtain it through grant monies or donation • business units within the university want to be more accessible by putting data on the Internet • How many of these activities are being done securely?

  4. Issues • Lack of adequate training for some sysadmins • Reliance on vendors to properly configure server • Pressure to roll out a system by a deadline • Lack of funding by departments for security tools

  5. Issues (cont.) • Lack of understanding of risks and issues by decision makers • Security had been viewed as an impediment to work • Culture of open access • Lack of sufficient security staff

  6. Solutions • Establish realistic policies/guidelines • Educate the user community on evolving technologies • Scan servers • Perform security reviews

  7. Establish Policies/Guidelines • Get support from key players • Establish incentives to conform • offer centralized services to reduce their work • establish user groups to develop (human) network • Create viable alternative for violators • Be specific in definition of conformity • Document dissemination effort

  8. Educate Community • Face-to-face training for staff • Technical updates for decision makers • Articles in faculty/staff newsletter • Listserv mailings (BBoards seem to have lost “favor”)

  9. Scan Servers • Schedule can depend on criticality of server • Internet Security Scaner • hacker tools (i.e. NMAP) • Isolate moving targets (i.e. students)

  10. Perform Security Reviews • Offer as a service BEFORE they have an incident • Examine data security in entirety (electronic, printed data, physical) • Ensure that comments aren’t surprises • Allow responses from department • Follow up on progress

  11. The Threat from Within • Make security support a service • Give end users the knowledge to have a secure system • Begin to change attitudes • If all else fails, tell them how much it will cost if there is a breach (time, research effort, reputation, money)

  12. Helpful URLs • www.alw.nih.gov/Security/prog-full.html • firosoft.com/security/philez/exploits/any-unix/ • insecure.org • www.rootkit.com (WIN environment) • www.sans.org/

More Related