‘security camp’ for boston area schools august 13, 1999 bob mahoney, mit network operations...
TRANSCRIPT
![Page 1: ‘Security Camp’ for Boston Area Schools August 13, 1999 Bob Mahoney, MIT Network Operations Group bobmah@mit.edu](https://reader036.vdocuments.net/reader036/viewer/2022083006/56649f2e5503460f94c482ba/html5/thumbnails/1.jpg)
‘‘Security Camp’ for Boston Area Schools Security Camp’ for Boston Area Schools August 13, 1999August 13, 1999
Bob Mahoney, MIT Network Operations GroupBob Mahoney, MIT Network Operations [email protected]@mit.edu
![Page 2: ‘Security Camp’ for Boston Area Schools August 13, 1999 Bob Mahoney, MIT Network Operations Group bobmah@mit.edu](https://reader036.vdocuments.net/reader036/viewer/2022083006/56649f2e5503460f94c482ba/html5/thumbnails/2.jpg)
MIT’sSecurity Team Makeup
• "Discretionary Time" of 6 other IS staff"Discretionary Time" of 6 other IS staff
• 6 Paid Student Staff Members6 Paid Student Staff Members
• "Discretionary Time" of other IS students"Discretionary Time" of other IS students• 6 Departmental Members: (6 Departmental Members: (Media Lab, Lab Media Lab, Lab
for Computer Science, Whitehead Institute, Lab for Computer Science, Whitehead Institute, Lab for Information and Decision Systems, Lab for for Information and Decision Systems, Lab for Nuclear Science, Artificial Intelligence LabNuclear Science, Artificial Intelligence Lab))
• MIT alumni and related hangers-on MIT alumni and related hangers-on
![Page 3: ‘Security Camp’ for Boston Area Schools August 13, 1999 Bob Mahoney, MIT Network Operations Group bobmah@mit.edu](https://reader036.vdocuments.net/reader036/viewer/2022083006/56649f2e5503460f94c482ba/html5/thumbnails/3.jpg)
Related Groups/Efforts
• ‘‘Stopit’ Team (Harassment, Abuse, etc)Stopit’ Team (Harassment, Abuse, etc)
• Network Operations GroupNetwork Operations Group
• Campus postmasters (part of NetOps)Campus postmasters (part of NetOps)
• User Accounts StaffUser Accounts Staff
• Computing Help DeskComputing Help Desk
• Residential Computing SupportResidential Computing Support
• Departmental Computing SupportDepartmental Computing Support
![Page 4: ‘Security Camp’ for Boston Area Schools August 13, 1999 Bob Mahoney, MIT Network Operations Group bobmah@mit.edu](https://reader036.vdocuments.net/reader036/viewer/2022083006/56649f2e5503460f94c482ba/html5/thumbnails/4.jpg)
Activities
• Contact with outside sites Contact with outside sites
• Contact with law enforcementContact with law enforcement
• Security-related notifications (internal and Security-related notifications (internal and external)external)
• Incident Response Incident Response
• Advocating/Encouraging “Good Security”Advocating/Encouraging “Good Security”
![Page 5: ‘Security Camp’ for Boston Area Schools August 13, 1999 Bob Mahoney, MIT Network Operations Group bobmah@mit.edu](https://reader036.vdocuments.net/reader036/viewer/2022083006/56649f2e5503460f94c482ba/html5/thumbnails/5.jpg)
What sort of events are we seeing?
• Most popular target platforms? Most popular target platforms? – Linux: the clear winner!Linux: the clear winner!– followed by IRIX and Solarisfollowed by IRIX and Solaris– Some HP/UX and OSF/1Some HP/UX and OSF/1– NT: the exciting newcomer!NT: the exciting newcomer!
• Follow-on problems relating to sniffed Follow-on problems relating to sniffed passwordspasswords
• The occasional “Interesting Thing”...The occasional “Interesting Thing”...
![Page 6: ‘Security Camp’ for Boston Area Schools August 13, 1999 Bob Mahoney, MIT Network Operations Group bobmah@mit.edu](https://reader036.vdocuments.net/reader036/viewer/2022083006/56649f2e5503460f94c482ba/html5/thumbnails/6.jpg)
Tools
• Coffee (Coffee (lotslots :-) :-)• Zephyr - Real-time windowgramsZephyr - Real-time windowgrams• E-Mail ([email protected], security-E-Mail ([email protected], security-
[email protected], & [email protected])[email protected], & [email protected])• IRC? Well...IRC? Well...• ““Casetracker” or other ticket-tracking systemCasetracker” or other ticket-tracking system• Home-grown toolsHome-grown tools
![Page 7: ‘Security Camp’ for Boston Area Schools August 13, 1999 Bob Mahoney, MIT Network Operations Group bobmah@mit.edu](https://reader036.vdocuments.net/reader036/viewer/2022083006/56649f2e5503460f94c482ba/html5/thumbnails/7.jpg)
Issues and challenges
• Private Campus Networks Private Campus Networks
• ““Dammit! I’m a Doctor, Not a System Dammit! I’m a Doctor, Not a System Administrator!”Administrator!”
• Private UNIX workstation support Private UNIX workstation support
• Intrusion DetectionIntrusion Detection
• FTP and other application risksFTP and other application risks
• Private Mail ServersPrivate Mail Servers
![Page 8: ‘Security Camp’ for Boston Area Schools August 13, 1999 Bob Mahoney, MIT Network Operations Group bobmah@mit.edu](https://reader036.vdocuments.net/reader036/viewer/2022083006/56649f2e5503460f94c482ba/html5/thumbnails/8.jpg)
More Issues and challenges
• Getting beyond Fighting FiresGetting beyond Fighting Fires
• Dealing with Compromised PasswordsDealing with Compromised Passwords
• Campus Hackers (of the ‘Roof and Tunnel’ Campus Hackers (of the ‘Roof and Tunnel’ sort)sort)
• Sniffer PoliticsSniffer Politics
![Page 9: ‘Security Camp’ for Boston Area Schools August 13, 1999 Bob Mahoney, MIT Network Operations Group bobmah@mit.edu](https://reader036.vdocuments.net/reader036/viewer/2022083006/56649f2e5503460f94c482ba/html5/thumbnails/9.jpg)
What's Worked?
• Student Staff- “Trust, Time, and Tools”Student Staff- “Trust, Time, and Tools”
• Hijacking Departmental Staff:Hijacking Departmental Staff: Security is a Community problem. If the interest in Security is a Community problem. If the interest in
helping is there, use it...helping is there, use it... Helps relieve problems from lack of fine-grained controlHelps relieve problems from lack of fine-grained control Eases Political Issues (Less “us” and more “we”)Eases Political Issues (Less “us” and more “we”)
![Page 10: ‘Security Camp’ for Boston Area Schools August 13, 1999 Bob Mahoney, MIT Network Operations Group bobmah@mit.edu](https://reader036.vdocuments.net/reader036/viewer/2022083006/56649f2e5503460f94c482ba/html5/thumbnails/10.jpg)
What hasn't worked?
• Getting some “Problem Departments” to Getting some “Problem Departments” to cooperate. (Conflicting priorities)cooperate. (Conflicting priorities)
• When Bob gets behind, project work slows When Bob gets behind, project work slows or fails, although incident work continues.or fails, although incident work continues.
![Page 11: ‘Security Camp’ for Boston Area Schools August 13, 1999 Bob Mahoney, MIT Network Operations Group bobmah@mit.edu](https://reader036.vdocuments.net/reader036/viewer/2022083006/56649f2e5503460f94c482ba/html5/thumbnails/11.jpg)
Budgeting!
• Recent model: "Robin Hood" Asset Recent model: "Robin Hood" Asset Reallocation System (We Reallocation System (We stealsteal stuff :-) stuff :-)
• New model: Since these problems aren’t New model: Since these problems aren’t going away, we need a budget!going away, we need a budget!
![Page 12: ‘Security Camp’ for Boston Area Schools August 13, 1999 Bob Mahoney, MIT Network Operations Group bobmah@mit.edu](https://reader036.vdocuments.net/reader036/viewer/2022083006/56649f2e5503460f94c482ba/html5/thumbnails/12.jpg)
What is Next?
• Security Training for local adminsSecurity Training for local admins
• Machine break-in/Recovery trainingMachine break-in/Recovery training
• Central Vulnerability ScanningCentral Vulnerability Scanning
• "Real" Web pages"Real" Web pages
• Better Trouble-Ticket systemBetter Trouble-Ticket system
• Improved "Rules of Use" policy statementsImproved "Rules of Use" policy statements
• SSH clients for platforms now without!SSH clients for platforms now without!
![Page 13: ‘Security Camp’ for Boston Area Schools August 13, 1999 Bob Mahoney, MIT Network Operations Group bobmah@mit.edu](https://reader036.vdocuments.net/reader036/viewer/2022083006/56649f2e5503460f94c482ba/html5/thumbnails/13.jpg)
More “What’s Next”
• Magical PGP signer for Team e-mailMagical PGP signer for Team e-mail
• System Admin EducationSystem Admin Education
• Better communication on open casesBetter communication on open cases
• Generally getting much more Proactive!Generally getting much more Proactive!