Transcript Team Organization

‘Security Camp’ for Boston Area Schools
August 13, 1999
Bob Mahoney, MIT Network Operations Group
[email protected]
MIT’s
Security Team Makeup
•
•
•
•
"Discretionary Time" of 6 other IS staff
6 Paid Student Staff Members
"Discretionary Time" of other IS students
6 Departmental Members: (Media Lab, Lab
for Computer Science, Whitehead Institute, Lab
for Information and Decision Systems, Lab for
Nuclear Science, Artificial Intelligence Lab)
• MIT alumni and related hangers-on
Related Groups/Efforts
•
•
•
•
•
•
•
‘Stopit’ Team (Harassment, Abuse, etc)
Network Operations Group
Campus postmasters (part of NetOps)
User Accounts Staff
Computing Help Desk
Residential Computing Support
Departmental Computing Support
Activities
• Contact with outside sites
• Contact with law enforcement
• Security-related notifications (internal and
external)
• Incident Response
• Advocating/Encouraging “Good Security”
What sort of events
are we seeing?
• Most popular target platforms?
–
–
–
–
Linux: the clear winner!
followed by IRIX and Solaris
Some HP/UX and OSF/1
NT: the exciting newcomer!
• Follow-on problems relating to sniffed
passwords
• The occasional “Interesting Thing”...
Tools
• Coffee (lots :-)
• Zephyr - Real-time windowgrams
• E-Mail ([email protected], [email protected], & [email protected])
• IRC? Well...
• “Casetracker” or other ticket-tracking
system
• Home-grown tools
Issues and challenges
• Private Campus Networks
• “Dammit! I’m a Doctor, Not a System
Administrator!”
• Private UNIX workstation support
• Intrusion Detection
• FTP and other application risks
• Private Mail Servers
More Issues and challenges
• Getting beyond Fighting Fires
• Dealing with Compromised Passwords
• Campus Hackers (of the ‘Roof and Tunnel’
sort)
• Sniffer Politics
What's Worked?
• Student Staff- “Trust, Time, and Tools”
• Hijacking Departmental Staff:
 Security is a Community problem. If the interest in
helping is there, use it...
 Helps relieve problems from lack of fine-grained control
 Eases Political Issues (Less “us” and more “we”)
What hasn't worked?
• Getting some “Problem Departments” to
cooperate. (Conflicting priorities)
• When Bob gets behind, project work slows
or fails, although incident work continues.
Budgeting!
• Recent model: "Robin Hood" Asset
Reallocation System (We steal stuff :-)
• New model: Since these problems aren’t
going away, we need a budget!
What is Next?
•
•
•
•
•
•
•
Security Training for local admins
Machine break-in/Recovery training
Central Vulnerability Scanning
"Real" Web pages
Better Trouble-Ticket system
Improved "Rules of Use" policy statements
SSH clients for platforms now without!
More “What’s Next”
•
•
•
•
Magical PGP signer for Team e-mail
System Admin Education
Better communication on open cases
Generally getting much more Proactive!