‘‘Security Camp’ for Boston Area Schools Security Camp’ for Boston Area Schools August 13, 1999August 13, 1999

Bob Mahoney, MIT Network Operations GroupBob Mahoney, MIT Network Operations Groupbobmah@mit.edubobmah@mit.edu

MIT’sSecurity Team Makeup

• "Discretionary Time" of 6 other IS staff"Discretionary Time" of 6 other IS staff

• 6 Paid Student Staff Members6 Paid Student Staff Members

• "Discretionary Time" of other IS students"Discretionary Time" of other IS students• 6 Departmental Members: (6 Departmental Members: (Media Lab, Lab Media Lab, Lab

for Computer Science, Whitehead Institute, Lab for Computer Science, Whitehead Institute, Lab for Information and Decision Systems, Lab for for Information and Decision Systems, Lab for Nuclear Science, Artificial Intelligence LabNuclear Science, Artificial Intelligence Lab))

• MIT alumni and related hangers-on MIT alumni and related hangers-on

Related Groups/Efforts

• ‘‘Stopit’ Team (Harassment, Abuse, etc)Stopit’ Team (Harassment, Abuse, etc)

• Network Operations GroupNetwork Operations Group

• Campus postmasters (part of NetOps)Campus postmasters (part of NetOps)

• User Accounts StaffUser Accounts Staff

• Computing Help DeskComputing Help Desk

• Residential Computing SupportResidential Computing Support

• Departmental Computing SupportDepartmental Computing Support

Activities

• Contact with outside sites Contact with outside sites

• Contact with law enforcementContact with law enforcement

• Security-related notifications (internal and Security-related notifications (internal and external)external)

• Incident Response Incident Response

• Advocating/Encouraging “Good Security”Advocating/Encouraging “Good Security”

What sort of events are we seeing?

• Most popular target platforms? Most popular target platforms? – Linux: the clear winner!Linux: the clear winner!– followed by IRIX and Solarisfollowed by IRIX and Solaris– Some HP/UX and OSF/1Some HP/UX and OSF/1– NT: the exciting newcomer!NT: the exciting newcomer!

• Follow-on problems relating to sniffed Follow-on problems relating to sniffed passwordspasswords

• The occasional “Interesting Thing”...The occasional “Interesting Thing”...

Tools

• Coffee (Coffee (lotslots :-) :-)• Zephyr - Real-time windowgramsZephyr - Real-time windowgrams• E-Mail (net-security@mit.edu, security-E-Mail (net-security@mit.edu, security-

internal@mit.edu, & security-fyi@mit.edu)internal@mit.edu, & security-fyi@mit.edu)• IRC? Well...IRC? Well...• ““Casetracker” or other ticket-tracking systemCasetracker” or other ticket-tracking system• Home-grown toolsHome-grown tools

Issues and challenges

• Private Campus Networks Private Campus Networks

• ““Dammit! I’m a Doctor, Not a System Dammit! I’m a Doctor, Not a System Administrator!”Administrator!”

• Private UNIX workstation support Private UNIX workstation support

• Intrusion DetectionIntrusion Detection

• FTP and other application risksFTP and other application risks

• Private Mail ServersPrivate Mail Servers

More Issues and challenges

• Getting beyond Fighting FiresGetting beyond Fighting Fires

• Dealing with Compromised PasswordsDealing with Compromised Passwords

• Campus Hackers (of the ‘Roof and Tunnel’ Campus Hackers (of the ‘Roof and Tunnel’ sort)sort)

• Sniffer PoliticsSniffer Politics

What's Worked?

• Student Staff- “Trust, Time, and Tools”Student Staff- “Trust, Time, and Tools”

• Hijacking Departmental Staff:Hijacking Departmental Staff: Security is a Community problem. If the interest in Security is a Community problem. If the interest in

helping is there, use it...helping is there, use it... Helps relieve problems from lack of fine-grained controlHelps relieve problems from lack of fine-grained control Eases Political Issues (Less “us” and more “we”)Eases Political Issues (Less “us” and more “we”)

What hasn't worked?

• Getting some “Problem Departments” to Getting some “Problem Departments” to cooperate. (Conflicting priorities)cooperate. (Conflicting priorities)

• When Bob gets behind, project work slows When Bob gets behind, project work slows or fails, although incident work continues.or fails, although incident work continues.

Budgeting!

• Recent model: "Robin Hood" Asset Recent model: "Robin Hood" Asset Reallocation System (We Reallocation System (We stealsteal stuff :-) stuff :-)

• New model: Since these problems aren’t New model: Since these problems aren’t going away, we need a budget!going away, we need a budget!

What is Next?

• Security Training for local adminsSecurity Training for local admins

• Machine break-in/Recovery trainingMachine break-in/Recovery training

• Central Vulnerability ScanningCentral Vulnerability Scanning

• "Real" Web pages"Real" Web pages

• Better Trouble-Ticket systemBetter Trouble-Ticket system

• Improved "Rules of Use" policy statementsImproved "Rules of Use" policy statements

• SSH clients for platforms now without!SSH clients for platforms now without!

More “What’s Next”

• Magical PGP signer for Team e-mailMagical PGP signer for Team e-mail

• System Admin EducationSystem Admin Education

• Better communication on open casesBetter communication on open cases

• Generally getting much more Proactive!Generally getting much more Proactive!