Transcript Responding to the Changing Security Landscape: It`s a

Responding to the Changing IT
Security Landscape:
It’s a NEW World!
EDUCAUSE Western Regional Conference
Jack McCredie
March 3, 2004
Copyright 2004, Jack McCredie
Agenda
Share Progress & Request Help
A look backward to where we have been
A perspective on where we are
Where we might be going
Security policy evolution at UC Berkeley
Request for help
But First a Small Diversion
http://www.405themovie.com/Home.asp
A Tiny Quiz
Where was the first link in the ARPAnet
installed, and what was the date?
What significant IT innovation, that
changed the way we work and play, was
first introduced in April 1993?
Approximately how many Web pages are
indexed today by popular search
engines?
SDS-940
IMP #1
SRI
Sigma-7
UCLA
IMP #2
First ARPA Network Map
October, 1969
Other Answers
What significant IT innovation, that
changed the way we work and play, was
first introduced in April 1993?
Mosaic was introduced at the University of
Illinois in April 1993. At that time there
were approximately 200 sites on the
Web. Originated by Tim Berners-Lee the
Web debuted on the internet in 1991.
Web Pages Indexed Today
Google currently
indexes more than
three billion pages
about once every
month. The March
2004 Netcraft
survey indicates
there are more than
48M Web-sites
worldwide.
IT Challenges – EDUCOM
1983
IT Challenges – EDUCOM
1983
Information technology literacy
Recruiting, retaining, and training IT
staff
Financing IT investments in higher
education
Decentralization and personal computers
Developing campus networks
Working with libraries to provide access
to scholarly material
Text processing and electronic mail
UCB IT Challenges - 1993
UCB IT Challenges - 1993
Create a modern campus network
infrastructure
Work closely with library & museums to develop
rich set of online resources
Expand use of technology in learning
Develop distributed computing environment
Redesign crucial, but obsolete, campus
administrative applications
Provide access to high performance computing
Adjust to significant campus budget reductions
Retain, recruit, and train IT staff
CERT/CC
Computer Emergency Response Team
CERT/CC – Coordination Center
Carnegie Mellon University – Software
Engineering Institue
Formed in 1988 in aftermath of the “Morris
Worm”
http://www.cert.org
Growth of IT Security Incidents:
CERT Coordination Center
Number of incidents reported
- 1988 => 6
- 1993 => 1,334
- 1998 => 3,734
- 2003 => 137,529
Growth of IT Security Incidents:
CERT Coordination Center
Number of vulnerabilities reported
- 1995 => 171
- 1998 => 262
- 2000 => 1,090
- 2003 => 3,784
Cooperative Association for
Internet Data Analysis - CAIDA
San Diego Supercomputer Center
Recent worms spread by probing
random IP addresses
CAIDA monitors 16 million of all IP
addresses (1/256 of universe)
Part of National Strategy to Secure
Cyberspace
http://www.caida.org
Worms and Viruses: Bad News
Worm: no human interaction
- CodeRed
- Nimda
- Slammer/Sapphire
- Blaster
- SoBig.F
Virus: requires human interaction
- I love you
- Melissa
- MyDoom
Worms and Viruses: Bad News
And just in the past few days:
MANY variants of the Bagle worm
and virus!!!
DETER - Defense Technology
Experimental Research
Architect, Design, Implement and Operate
iteratively in close coordination with
experiment designers and network design
communities
UC Berkeley, USC/ISI, Network
Associates
Phased Development



Boostrap using PlanetLab, Emulab, I2
Isolated islands
Widely distributed WAN connected sites
DETER Architecture
Overview
Recent Events
• Illustrative law: California SB 1386 – the
specter of future legislation
• UC Berkeley SB 1386 incidents since July 2003
• Network wireless, switch, and router
infections
• Campus and system-wide response
Recommended Policy Structure
Purpose
Scope
Policy
Roles and responsibilities
Consequences
Requests for exception
Appendices that can be easily modified
Set of standing committees to contribute,
review, and approve
Communicate, communicate, communicate
Security & Privacy Policies
Information technology policies
Campus-wide policies
University-wide policies
Security and Privacy Policies
• Campus Information Technology Security Policy
http://socrates.berkeley.edu:2002/IT.sec.policy.html
• Minimum Security Standards
http://security.berkeley.edu:2002/MinStds/
• SNS Scanning of the UC Berkeley Campus
Network
http://sec-info.berkeley.edu/cgi-bin/scaninfo-login.pl/
Policy Evolution:
Policy Evolution:
• UC electronic communications policy
• Departmental security contact
• Guidelines and procedures for blocking network
access
• Campus IT security policy
• Requirements for protection of computerized
personal information
• SNS Scanning of the UCB campus network
• Required minimum security standards
Required Minimum Security
Standards
•
•
•
•
•
•
•
•
•
Software patch updates
Anti-virus software
Passwords
No unencrypted authentication
No unauthenticated email relays
No unauthenticated proxy servers
Physical security
Unnecessary services
HOST-BASED FIREWALL SOFTWARE
REQUIRED
Suggested Resources
• EDUCAUSE/Internet2 Computer and Network
Security Task Force
• Computer and Network Security in Higher
Education – Luker & Petersen, editors
• Working paper by Terry Gray, University of
Washington – “Security in the Post-Internet
Era: The needs of the many vs the needs of the
few”
http://www.washington.edu/gray/papers/netsec
2003.html
Questions and Discussion
• Request
for help