190 likes | 282 Vues
Information sharing the MOREnet way: How not to keep secrets. Randy Raw Beth Young MOREnet Security 1.800.509.6673 security@more.net. Objectives:. Introductions What is MOREnet Communication options Conferences Expanding the security community. Introductions. Randy Raw
E N D
Information sharing the MOREnet way: How not to keep secrets Randy Raw Beth Young MOREnet Security 1.800.509.6673 security@more.net
Objectives: • Introductions • What is MOREnet • Communication options • Conferences • Expanding the security community
Introductions Randy Raw • CISSP - August 2005 • 1.5 years with MOREnet • Former Director of Technology Services at Linn State Technical College • Former Technology Coordinator for the Osage County R-II schools Beth Young • CISSP - July 2003 • 5 years with MOREnet • Former Network Analyst - University of Missouri Columbia
What is MOREnet The Missouri Research and Education Network (MOREnet) provides Internet connectivity, access to Internet2, technical support, videoconferencing services and training to Missouri's K-12 schools, colleges and universities, public libraries, health care, state government and other affiliated organizations.
What does the Security office do? • Assist with incident response • Liaison with law enforcement • Gather information for dissemination • Knowledge transfer
The “Old Days” We were the bad guys. Nobody talked to us because they were afraid we would use it against them. We were a “ticket numbers” group. Policy issues kept us from being proactive and helpful
What have we done to change? • Change how we do what we do • Communicate regularly to our members, not just when they have a problem • Provide opportunities for members to learn and help them secure their networks, not just be their Internet police • Establish goals to reduce ticket counts, especially nuisance tickets • Create and communicate Security roadmap
The “kinder and gentler” security - changing what we do • Good Net Neighbor configuration • Phase I – Microsoft NetBIOS port • Phase II – Outbound Port 25 spam block • Self-scanning tool to self-evaluate hosts • Blackhole DNS Server • MOREnet network status indicator • Town hall meetings to discover their needs and issues
Using our lists for proactive communication Security-l, MERC-security and State-security lists • One-way push for critical announcements • Bot network C&C • Virus alerts • Vulnerability announcements • Two-way discussions for any topic members choose • Communication of important training opportunities
Monthly Web Seminars - communicate • Phishing Schemes • Bot networks • Spyware/malware • Nmap • Ethereal • Securing HP printers • SecCheck and Active Ports • Subpoena handling
Annual Security Symposium - education • Mostly member presentations • Advanced Technical topics • K-12, Higher Education, Library and State Government attendees and presenters • Attorney General’s Office keynote on dealing with law enforcement
Advanced Security Training - education • Contracted with SANS and providing SANS Forensics course at steep discount for MOREnet members • CISSP training for members using video conferencing technology
Conferences – education/communication • Security policy generation • Security Awareness emphasis • Hands-on training sessions • Hacking competitions • Ethical hacking training
Other methods of communications and sharing of information • Daily Security Newslinks on website • Security offerings accessible through MyMOREnet login • RADAR (MRTG) statistics • NetFlow statistics • Ticket submission • Research requests
Fee-based Services • E-mail Virus and Spam Filtering (EVSF) • Remote Vulnerability Assessment
Expanding to the security community • Security community meetings • Security community e-mail list for announcements and discussion • Infragard involvement • State Information Technology Advisory Board (ITAB) involvement
On-going activities • Participate in annual Security Awareness Month • Annual advanced topic for training • Nationally known Security Symposium keynote speaker • Expand the security community reach beyond Columbia
Is there anything left to do? • Blogging • Darknet • DShield log analysis server • On-site Remote Vulnerability Assessment • In-depth firewall assessment • SMTP self-testing tool • Managed firewall • Managed security appliance
For more information • Randy Raw • rawr@more.net • 573.882.0749 • Beth Young • youngba@more.net • 573.884.7200