SECURITY LIAISON MEETING. April 21, 2015

Transcription

1 SECURITY LIAISON MEETING April 21,

2 TODAY S AGENDA Ø 1. Intro and Welcome Bob Nakles Ø 2. Updates from the CIO Marilyn v The new ITS v "Security: It's Everyone's Job" and the need to communicate within departments v Monthly newslepers SL's need to share with their department v Ask quesrons of the ITS, no need to wait for a meerng v Recent events, the APT and the web event Ø 3. Phishing- Karen Bates v Video clip v Recent or common phishing s v How to tell if an is legit Ø 4. IT Security Projects CurRs McNay v The list of proposed or current projects related to security Ø 5. Review the role of the SL - Bob 2

3 THE CIO S UPDATES Updates from the CIO Marilyn T. Smith v The new ITS v "Security: It's Everyone's Job" and the need to communicate within departments v Monthly newslepers share with your department v Contact the ITS, no need to wait for a meerng v Recent cyber security events 3

4 Ø INFORMATION TECHNOLOGY SERVICES Information Technology Services Marilyn T. Smith VPIT and CIO Whitney Sublett Exec Assistant Sharon Pitt Exec Enterprise Infrastructure and Deputy CIO Tom Shifflett Enterprise Applications Joy Taylor Learning Support Services Open Exec /Chief Information Security Officer (CISO) IT Security Bob Nakles Exec Strategy, Portfolio and Process Management Open Business Operations Susan Kehoe Academic Strategies Kim Raley Exec Assistant Karen Bates Comm Coord Ben Allen Network Engineering & Technology Kathy Adcock Manager Administrative Applications Joe Balducci Manager Online Learning Resources Curtis McNay IT Security Randy Anderson Process & Planning Brian Gantt Finance Richard Wood Manager GMU-TV Karen Gardner Enterprise Servers & Messaging John Kettlewell Technology Support Services Adheet Gaddamanugu Manager Portal & Web Technologies Chris Gay Manager Data Mart Support Constance Harris Manager Instructional Design Sean Stevens Manager Learning Support Services Labs Derek Kan Sr. Project Manager Andrew Krell Manager Systems Integration David Robinson Communications & Client Relations Pam Thomson Specialist Human Resources Ken De Jong Research Computing Tim Murphy Classroom & Lab Technologies Barbara Yablonski Manager Database Support John Prette Project Manager Office Management and Administrative Support Leslie Painter Patriot Computers REV: 02/11/2015

5 PHISHING Karen Bates Ø Video clip: How easy it is to get a person s credenrals Ø Examples of recent and common phishing s Ø How to tell if it s legit 5

6 COMMON PHISHING S 6

7 How hard is it to get passwords? hpps:// 7

8 George Mason University uses a different address There is no business name, no university name, address or contact information Should be arts and crafts and the question mark is off Hence is a word rarely used today Punctuation is incorrect. There should be a period after yours. Apply should start a new sentence 8

9 Mason will not have a person from another university send you information about your expired password Vague information and improper salutation Uppercase letters used improperly and no punctuation This link actually goes to a site in the United Kingdom 9

10 From: System Administrator Sent: Tuesday, November 4, :03 PM Subject: Attention: User A non-mason address Attention: User, Your mailbox is almost full. 254MB 250MB Current size Maximum size The mailbox is not almost full The lines are sloppy and it is not addressed to a specific person Awkward wording You have exceeded your account limit quota of 250MB and you are requested to increase/expand it within 24 hours and avoid disability of your account from our database. Simply CLICK HERE and complete the information requested to automatically expand your account quota to 2 GB. Copyright ÔøΩ2014 System Administrator Disability is the wrong word It is also worded to try to make you act immediately because it sounds urgent No name - it is generic 10

11 From: <Eyrich>, Jeanine Date: Thursday, November 20, 2014 at 12:10 PM To: Eyrich, Jeanine Subject: RE: FACULTY/STAFF/EMPLOYEE Resent-From: Resent-Date: Thursday, November 20, 2014 at 12:19 PM The header is non-mason, generic subject line and incorrect punctuation Dear Webmail Subscriber Your Account have been Suspended from sending and receiving ,to re-validate your account,please CLICK HERE TO LOGIN USING SECURE ENCRYPTION Connected to Microsoft Exchange 2014 Microsoft Corporation. All rights reserved Incorrect punctuation No name, incorrect capitalization and misplaced words Link goes to a spoofed page of Microsoft Exchange 11

12 12

13 IT SECURITY PROGRAMS Presented by Curtis McNay

14 Ø IT SECURITY - REALMS OF OPERATION Proactive Reactive Policy Inventory, ClassiCication Risk Assessment Access Control Active Blocking Vulnerability Detection Network Architecture System Hardening Awareness & Training Network & System Monitoring User & Data Monitoring Application Monitoring Threat Analysis Gap Analysis Incident Response Data and System Recovery

15 Ø PROJECTS - PROACTIVE Ø IT-GRC - Inventory, Classification and Assessment v Inventory & classify systems and applications & check for vulnerability. v Identifies critical system for focus. Ø Multifactor Authentication Provides Access Control security v Could have prevented hackers from getting into network and on to privileged systems. Ø NextGen IPS - Network Intrusion Protection System v Could have blocked Remote Access Trojans (RATs), BOT sessions & reconnaissance. Ø Vulnerability Scanning - Upgrade of active & passive scanners & GRC integration v Identifies Vulnerabilities, and with authenticated scans, misconfiguration. Ø Web Application Firewall F5 Security Module v Could have prevented Web application compromises.

16 Ø PROJECTS - PROACTIVE Ø IT Security Awareness and Training Says it all. Ø General awareness and role specicic training, from phishing to database security. Ø Local Controls for Windows systems- Restrict Built- in Admin &limit local log in Ø Secure the built- in admin. And limit access to the people that need access. Ø IronPort Upgrade and Optimization Protection from Phish v Goal of reducing the number of and improving the alerting for phishing . Ø Application Whitelisting for Critical Servers Malware protection v Could have prevented or alerted to malware on critical servers. Ø Prohibit Unnecessary Server to Server communication - contains infections

17 Ø PROJECTS - REACTIVE v ArcSight Upgrade, Expansion and Analysis- Better performance, more log sources, longer retention. Maturing correlation for more meaningful data v Provides monitoring, alerting and threat analysis v Provided active attacker forensics during APT. Ø F5 Web Application Monitoring Threat analysis for Web applications Identifies threats to and gaps in web application security. Ø Next Gen IDS - Intrusion Detection Monitoring v Increased Visibility of Malicious Network traffic. Ø CSIRT Lessons Learned- v How did it happen & What do we do differently. Ø Disaster Recovery Tabletop Exercise v To improve CSIRT and Communication,

18 YOUR ROLE Bob Nakles Provide security updates to staff NewslePers, monthly norficarons, such as the recent reminder of phishing Call for resources, presentarons, informaron Remind people to forward suspected phishing to the Support Center 18

19 YOUR RESOURCES Resources IT Security Office informaron Cyber Security Month acrvires (October) Online resources hpp://itsecurity.gmu.edu/securityliaisons/about- liaisons.cfm hpp://itsecurity.gmu.edu/alerts/advisories.cfm hpp://itservices.gmu.edu/alerts/ 19