Stanford IT Security Program
-
Upload
alisa-anderson -
Category
Documents
-
view
51 -
download
0
description
Transcript of Stanford IT Security Program
![Page 1: Stanford IT Security Program](https://reader035.fdocuments.us/reader035/viewer/2022062314/56812a71550346895d8df3b6/html5/thumbnails/1.jpg)
Stanford IT Security Program
Re-aligning IT security to a modern threat environment
![Page 2: Stanford IT Security Program](https://reader035.fdocuments.us/reader035/viewer/2022062314/56812a71550346895d8df3b6/html5/thumbnails/2.jpg)
University IT Security
• Firewalls• VPN for off campus access• Kerberos• Encryption required for sensitive data• Central AV/patching services• Controlled access to data centers
• But few central mandates and low visibility
![Page 3: Stanford IT Security Program](https://reader035.fdocuments.us/reader035/viewer/2022062314/56812a71550346895d8df3b6/html5/thumbnails/3.jpg)
“The Steve Riley Slide”
Malicious Hacker Criminal Spy
![Page 4: Stanford IT Security Program](https://reader035.fdocuments.us/reader035/viewer/2022062314/56812a71550346895d8df3b6/html5/thumbnails/4.jpg)
Our Wake-Up Call,A Visit From Uninvited Guests
PhishingVulnerable servicesPoor credential hygienePass-the-Hash
![Page 5: Stanford IT Security Program](https://reader035.fdocuments.us/reader035/viewer/2022062314/56812a71550346895d8df3b6/html5/thumbnails/5.jpg)
Security Event Manager
Data stored everywhere
Consolidated
![Page 6: Stanford IT Security Program](https://reader035.fdocuments.us/reader035/viewer/2022062314/56812a71550346895d8df3b6/html5/thumbnails/6.jpg)
Phishing → Multifactor
• Existing multifactor system
• Moving to Duo to cover more devices/scenarios
![Page 7: Stanford IT Security Program](https://reader035.fdocuments.us/reader035/viewer/2022062314/56812a71550346895d8df3b6/html5/thumbnails/7.jpg)
Reducing Vulnerable Services / Machines (Part 1)
• Eradication of Windows XP • Prioritized retirements of Windows Server 2003 R2• Expansion of existing Whole-Disk encryption project
![Page 8: Stanford IT Security Program](https://reader035.fdocuments.us/reader035/viewer/2022062314/56812a71550346895d8df3b6/html5/thumbnails/8.jpg)
Pass The Hash – One Scenario
Important ServerHelpful Help Desk
Unsuspecting User
My Computer is acting funny
Let me log in remotely and
see what’s wrong.
New credentials detected, where can I get to now?
Oh, Dear!
![Page 9: Stanford IT Security Program](https://reader035.fdocuments.us/reader035/viewer/2022062314/56812a71550346895d8df3b6/html5/thumbnails/9.jpg)
Pass The Hash – Another ScenarioDevelopment Server Production Server Domain Controller
![Page 10: Stanford IT Security Program](https://reader035.fdocuments.us/reader035/viewer/2022062314/56812a71550346895d8df3b6/html5/thumbnails/10.jpg)
Authentication Silos
![Page 11: Stanford IT Security Program](https://reader035.fdocuments.us/reader035/viewer/2022062314/56812a71550346895d8df3b6/html5/thumbnails/11.jpg)
Personal Bastion Hosts
• No inbound communications allowed / Limited outbound• Very strict application whitelisting rules• No DMA-based external interfaces• Whole disk encryption (TPM + PIN/Password)• Trusted vendor
![Page 12: Stanford IT Security Program](https://reader035.fdocuments.us/reader035/viewer/2022062314/56812a71550346895d8df3b6/html5/thumbnails/12.jpg)
Mobile Device Management
![Page 13: Stanford IT Security Program](https://reader035.fdocuments.us/reader035/viewer/2022062314/56812a71550346895d8df3b6/html5/thumbnails/13.jpg)
Reducing Vulnerable Services / Machines (Part 2)
• EMET (4.0 -> 5.0)• Application Whitelisting• Qualys• Compliance Registry• Network Access Control
You must be THIS tall to connect!
![Page 14: Stanford IT Security Program](https://reader035.fdocuments.us/reader035/viewer/2022062314/56812a71550346895d8df3b6/html5/thumbnails/14.jpg)
Miscellaneous Projects
• Replacement of SPAM/AV filtering for inbound email• Replacement of DLP system for outbound email• Replacement of the campus emergency alert
system
![Page 15: Stanford IT Security Program](https://reader035.fdocuments.us/reader035/viewer/2022062314/56812a71550346895d8df3b6/html5/thumbnails/15.jpg)
Physical Security
• Dramatic decrease in number of cards allowed to access to Data Centers• Replacement/Expansion
of camera system.
![Page 16: Stanford IT Security Program](https://reader035.fdocuments.us/reader035/viewer/2022062314/56812a71550346895d8df3b6/html5/thumbnails/16.jpg)
Future projects in the program• Systems Administrator Training Standards• Systems Administration Practices• Centralized HIDS• Smartcard Implementation
![Page 17: Stanford IT Security Program](https://reader035.fdocuments.us/reader035/viewer/2022062314/56812a71550346895d8df3b6/html5/thumbnails/17.jpg)
Questions