Educause Security 2007ISC Information Security Copyright Joshua Beeman, 2007. This work is the intellectual property of the author. Permission is granted

ISC Information Security Educause Security 2007

Copyright Joshua Beeman, 2007. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-

commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by

permission of the author. To disseminate otherwise or to republish requires written permission from the author.


Security ReportingUniversity of Pennsylvania

Joshua Beeman

[email protected]


Overview

• Penn’s environment

• Version 1 (duct tape, chewing gum…)

• Version 2 (less gum, more tape…)

• Results


Environment

• A private university in Philadelphia, PA founded in 1740

• 22,000 students/4,000 faculty/13,000 staff• 7500 students live on campus• 9000+ students, staff and faculty live in the

surrounding community• Health System has separate management

– IT division outsourced/15,000 users


Environment

• Computing mostly decentralized over 40 cost centers

• Some services are managed or coordinated centrally by Information Systems and Computing (ISC)

• Administrative Systems

• Support & Security

• Networking & Telecommunications


Environment

• Open network

• Decentralized computing

• Information security concerns continually growing

• Limited funding

Does this sound familiar to anyone?


Environment

Why a Security Report?

• Awareness

• Identify larger trends

• Develop security “hawks”

• Improve customer service


Report – v.1

Incident Tracking via Excel Spreadsheet:

• Date• IP address• Center name• Incident source• Incident type• Handler comments (optional)


Report – v.1

Key Elements – Compromises:

• Total number of compromises

• Total number of IP addresses

• Ratio of Compromises/IP’s

• Ranking (based on ratio)

• Average (based on ratio)


Report – v.1

Key Elements – Critical Hosts:

• Total number of Critical Hosts registered

• Total number of IP addresses

• Ratio of Critical Hosts/IP’s

• Ranking (based on ratio)

• Average (based on ratio)


Report – v.1

Key Elements – Management Reports:

• Summary tables – Compromise ranking– Critical Host ranking

• Summary graphs– Incident source – Overall distribution










Report – v.2

GRADI (web-based incident tracking system)

Captures previous fields plus…

• Case Status (Pending, closed, etc.)• MAC Address• Wallplate• Port List• User PennKey• …and more for certain case types


Report – v.2

GRADI (continued)

In addition provides automated processes for:

• DNS & host contact lookup• Custom handling based on incident type• Emailing/routing• Searching, export, etc.


Report – v.2

Previous Key Elements:

• Compromises

• Critical Hosts

• Critical Events

• Management reports


Report – v.2

Plus New Elements:

• Wireless, Wired

• DMCA, non-DMCA

• Critical Vulnerabilities

• New management reports

• Comparative studies





Results

• Provided senior management with tools and data

• Increased information security awareness

• Identified larger trends, problem areas

• Improved Universities overall security posture

• Created security “hawks”





Results

Remember that v.1 was based on:

• Individual Excel spreadsheets

• 5 data fields

Documents

Educause Security 2007ISC Information Security Copyright Joshua Beeman, 2007. This work is the intellectual property of the author. Permission is granted