Administrative Decisions Operations Administrative
Download
Report
Transcript Administrative Decisions Operations Administrative
Vista Impact on Higher Ed Security
Cam Beasley, ISO
Craig Blaha, Manager of Special Projects
The University of Texas at Austin
Overview
Corporate vs. HE
ITS at UT, TAP program
Big picture – get in front of it
User account protection
Firewall
Bitlocker
Collaboration
Network access protocol
Command line
IPV6
Primary Customer Corporate?
Vista great for homogenous, centrally
managed environment
With 63k+ machines attached to the
network, managed by individuals or
various departments.
Corporate Hierarchy
CIO
Security
Purchasing
Administrative Decisions
Operations
Application Programming
Network Management
User Support
HE - The Explosion of Corp.
CIO
Security
CIO
Security
Purchasing
Administrative Decisions
Operations
Application Programming
Network Management
User Support
CIO
Security
Purchasing
Administrative Decisions
Operations
Application Programming
Network Management
User Support
Application Programming
Network Management
User Support
UT Technical Overview
Over 119 instances of exchange
Utnet is one of the largest single networks in the
country, supporting 1836 subnets and ~350
subdomains.
Every flavor of OS
16 academic departments, many administrative
departments and independent entities each with
the capacity and freedom to make their own IT
decisions
UT Overview
Founded in 1883
Flagship of the 15campus university of
texas system, with 6
medical centers
51,000 students; 11,000
degrees/year
300,000 continuing ed
enrollments
3,000 faculty, 18,000 staff
Over 450,000 alumni
TAP Program
Technology adoption program
Over 100 participants, 3 higher ed
research institutes
2 beta tests, one with 25 machines
another with 100.
Commitment to deploy vista widely after
RTM
Prepare For Vista
Get in front of it
CLI training
Key escrow
Enterprise level security
Hardware Requirements
Many systems on campus will not be able to support
the RAM | CPU | graphics requirements of vista..
E.G., Aero, the new GUI, requires at least 128mb video
RAM.
Need to upgrade to RAM (512MB) to expose the new
features
Benefit:
More time to prepare and test
Issue:
What is the tipping point?
User Account Protection
Limits the chances of an application installing
or making changes silently
Issue:
User account protection = pop-up fatigue?
Examples of when this is required… make fonts larger
or smaller, control panel mouse, battery power, add or
remove user accounts
Firewall
Easy to write and share rules with users
3 flavors - sane, paranoid and ultra-paranoid
Issue:
May conflict with existing firewalls
Initial confusion (breaking apps?)
Potential for user misconfiguration
Bitlocker
Great potential - HIPAA, research data BPM, stolen
laptops etc.
De-commissioning made easy
Issue (?)
Potential boat anchor creator - users can mistakenly kill
all of their own data
When employee leaves, we can be locked out.
All managed machines compromised if AD is vulnerable
Check on state key escrow requirements
Collaboration
New P2P protocol – peer name resolution
protocol (PNRP) – on by default in last build
Users and applications can communicate with
each other
Find people near me
P2P happens, might as well be secure
Issue
Could be used in new botnet command &
control scenarios.
NAP
Network access protocol – NAP if using
longhorn server (replacement for other
network access control devices?)
Complexity and Command
Line
2500 GPO’s added to registry
Adds to level of control
Adds to complexity
Command line driven
IP Stack
IPV6 on by default
Each interface has its own routing table
Can allow for transmission of sensitive data
over secure channels only.
Ex.: Isolation between data going through a VPN
interface vs. Regular network interface
May decrease the chance of inadvertent routing of
private network data over public network
Conclusion
Get your organization to support a
professionally (centrally) managed
windows environment, so that all of the
new vista features can be properly
leveraged.
Watch Star Trek re-runs.