SECURITY LIAISON MEETING
April 21, 2015
1
GEORG E MA SON UN I V E R S I T Y
Ø 1. Intro and Welcome – Bob Nakles
Ø 2. Updates from the CIO – Marilyn v The new ITS v "Security: It's Everyone's Job" and the need to communicate within departments v Monthly newslePers – SL's need to share with their department v Ask quesRons of the ITS, no need to wait for a meeRng v Recent events, the APT and the web event
Ø 3. Phishing-‐ Karen Bates v Video clip v Recent or common phishing emails v How to tell if an email is legit
Ø 4. IT Security Projects – CurRs McNay v The list of proposed or current projects related to security
Ø 5. Review the role of the SL -‐ Bob
TODAY’S AGENDA
2
GEORG E MA SON UN I V E R S I T Y
Updates from the CIO – Marilyn T. Smith v The new ITS
v "Security: It's Everyone's Job" and the need to communicate within departments
v Monthly newslePers –share with your department
v Contact the ITS, no need to wait for a meeRng
v Recent cyber security events
THE CIO’S UPDATES
3
GEORG E MA SON UN I V E R S I T Y
Ø INFORMATION TECHNOLOGY SERVICES Marilyn T. Smith
VPIT and CIO
Whitney SublettExec Assistant
Joy TaylorDirector
Learning Support Services
Sharon PittExec Director
Enterprise Infrastructure
and Deputy CIO
Bob NaklesExec Director
Strategy, Portfolio and Process Management
Sean StevensManager
Learning Support Services Labs
Karen GardnerDirector
Enterprise Servers & Messaging
Ben AllenDirector
Network Engineering & Technology
John KettlewellDirector
Technology Support Services
Andrew KrellManager
Systems Integration
Randy AndersonDirector
Process & Planning
Derek KanSr. Project Manager
John PretteProject Manager
REV: 02/11/2015
Tim MurphyDirector
Classroom & Lab Technologies
Kim RaleyExec Assistant
Tom ShifflettDirector
Enterprise Applications
Barbara YablonskiManager
Database Support
Chris GayManager
Data Mart Support
Kathy AdcockManager
Administrative Applications
Adheet GaddamanuguManager
Portal & Web Technologies
Joe BalducciManager
Online Learning Resources
Constance HarrisManager
Instructional Design
OpenExec Director/Chief Information Security
Officer (CISO)IT Security
Curtis McNayDirector
IT Security
OpenDirector
Business Operations
Pam ThomsonSpecialist
Human Resources
Leslie PainterDirector
Patriot Computers
Brian GanttDirectorFinance
David RobinsonDirector
Communications & Client Relations
Information Technology Services
Ken De JongResearch Computing
Susan KehoeDirector
Academic Strategies
Richard WoodManagerGMU-TV
Karen BatesComm Coord
Office Management and Administrative
Support
GEORG E MA SON UN I V E R S I T Y
Karen Bates
Ø Video clip: How easy it is to get a person’s credenRals
Ø Examples of recent and common phishing emails
Ø How to tell if it’s legit
PHISHING
5
GEORG E MA SON UN I V E R S I T Y
COMMON PHISHING EMAILS
6
GEORG E MA SON UN I V E R S I T Y 7
How hard is it to get passwords?
hPps://www.youtube.com/watch?v=opRMrEfAIiI
GEORG E MA SON UN I V E R S I T Y 8
George Mason University uses a different email address
Punctuation is incorrect. There should be a period after yours.
Apply should start a new sentence
Hence is a word rarely used today
There is no business name, no university name, address
or contact information
Should be arts and crafts and the question mark is off
GEORG E MA SON UN I V E R S I T Y 9
Mason will not have a person from another
university send you information about your
expired password
Vague information and improper salutation
Uppercase letters used improperlyand no punctuation
This link actually goes to a site in the United Kingdom
GEORG E MA SON UN I V E R S I T Y 10
From: System Administrator <[email protected]>Sent: Tuesday, November 4, 2014 3:03 PMSubject: Attention: E-mail User Attention: E-mail User,Your mailbox is almost full. 254MB 250MB Current size Maximum size
You have exceeded your E-mail account limit quota of 250MB and you are requested to increase/expand it within 24 hours and avoid disability of your e-mail account from our database. Simply CLICK HERE and complete the information requested to auto-matically expand your account quota to 2 GB.
Copyright ÔøΩ2014System Administrator
No name - it is generic
The mailbox is not almost fullThe lines are sloppy and it is not addressed to a specific person
A non-Mason email address
Awkward wording
Disability is the wrong wordIt is also worded to try to
make you act immediately because it sounds urgent
GEORG E MA SON UN I V E R S I T Y 11
From: <Eyrich>, Jeanine <[email protected]>Date: Thursday, November 20, 2014 at 12:10 PM‚To: “Eyrich, Jeanine” <[email protected]>‚Subject: RE: FACULTY/STAFF/EMPLOYEE‚Resent-From: <[email protected]>Resent-Date: Thursday, November 20, 2014 at 12:19 PM
Dear Webmail Subscriber‚Your Email Account have been Suspended from sending and receiving email,to re-validate your account,Please‚CLICK HERE TO LOGIN USING SECURE ENCRYPTION
Connected to Microsoft Exchange© 2014 Microsoft Corporation. All rights reserved
The header is non-Mason, generic subject line and incorrect punctuation
Incorrect punctuation
No name, incorrect capitalization and misplaced words
Link goes to a spoofed page of Microsoft Exchange
GEORG E MA SON UN I V E R S I T Y 12
IT SECURITY PROGRAMS
Presented by Curtis McNay
GEORG E MA SON UN I V E R S I T Y
Ø IT SECURITY - REALMS OF OPERATION
• Network & System Monitoring
• User & Data Monitoring • Application Monitoring • Threat Analysis • Gap Analysis • Incident Response • Data and System Recovery
Reactive Proactive • Policy • Inventory, ClassiCication • Risk Assessment • Access Control • Active Blocking • Vulnerability Detection • Network Architecture • System Hardening • Awareness & Training
GEORG E MA SON UN I V E R S I T Y
Ø IT-GRC - Inventory, Classification and Assessment v Inventory & classify systems and applications & check for vulnerability. v Identifies critical system for focus.
Ø Multifactor Authentication – Provides Access Control security v Could have prevented hackers from getting into network and on to privileged
systems.
Ø NextGen IPS - Network Intrusion Protection System v Could have blocked Remote Access Trojans (RATs), BOT sessions &
reconnaissance.
Ø Vulnerability Scanning - Upgrade of active & passive scanners & GRC integration v Identifies Vulnerabilities, and with authenticated scans, misconfiguration.
Ø Web Application Firewall – F5 Security Module v Could have prevented Web application compromises.
Ø ITS Workstation Security Standards – Desktop hardening v Could have prevented compromise of desktops in last summers APT event.
Ø PROJECTS - PROACTIVE
GEORG E MA SON UN I V E R S I T Y
Ø IT Security Awareness and Training – Says it all. Ø General awareness and role speciCic training, from phishing to database security.
Ø Local Controls for Windows systems-‐ Restrict Built-‐in Admin &limit local log in Ø Secure the built-‐in admin. And limit access to the people that need access.
Ø IronPort Upgrade and Optimization – Protection from Phish v Goal of reducing the number of and improving the alerting for phishing email.
Ø Application Whitelisting for Critical Servers – Malware protection v Could have prevented or alerted to malware on critical servers.
Ø Prohibit Unnecessary Server to Server communication -‐ contains infections v Could have limited penetration by APT attackers.
Ø Consultant Provided Penetration testing – Test Security Posture of Web Apps v Could have prevented APT compromise of web application and recent WordPress compromise.
Ø PROJECTS - PROACTIVE
GEORG E MA SON UN I V E R S I T Y
v ArcSight Upgrade, Expansion and Analysis- Better performance, more log sources, longer retention. Maturing correlation for more meaningful data
v Provides monitoring, alerting and threat analysis v Provided active attacker forensics during APT.
Ø F5 Web Application Monitoring – Threat analysis for Web applications § Identifies threats to and gaps in web application security.
Ø Next Gen IDS - Intrusion Detection Monitoring v Increased Visibility of Malicious Network traffic.
Ø CSIRT Lessons Learned- v How did it happen & What do we do differently.
Ø Disaster Recovery Tabletop Exercise v To improve CSIRT and Communication,
Ø PROJECTS - REACTIVE
GEORG E MA SON UN I V E R S I T Y
Bob Nakles Provide security updates to staff
NewslePers, monthly Email noRficaRons, such as the recent reminder of phishing
Call for resources, presentaRons, informaRon Remind people to forward suspected phishing to the Support Center [email protected]
YOUR ROLE
18
GEORG E MA SON UN I V E R S I T Y
Resources IT Security Office informaRon Cyber Security Month acRviRes (October) Online resources
hPp://itsecurity.gmu.edu/SecurityLiaisons/about-‐liaisons.cfm hPp://itsecurity.gmu.edu/Alerts/Advisories.cfm hPp://itservices.gmu.edu/alerts/
YOUR RESOURCES
19