OFFICE OF BUDGET AND FINANCE Information Security Office ISC Meeting October 23, 2015 Technical...
-
Upload
derrick-dixon -
Category
Documents
-
view
216 -
download
0
Transcript of OFFICE OF BUDGET AND FINANCE Information Security Office ISC Meeting October 23, 2015 Technical...
OFFICE OF BUDGET AND FINANCEInformation Security Office
ISC Meeting
October 23, 2015
Technical Session
Information Security [email protected]
Education – Partnership – Solutions
OFFICE OF BUDGET AND FINANCEInformation Security Office
CISO UpdatePresented by Nate Howe
Education – Partnership – Solutions
OFFICE OF BUDGET AND FINANCEInformation Security Office
3
Education – Partnership – Solutions
OFFICE OF BUDGET AND FINANCEInformation Security Office
4
Education – Partnership – Solutions
OFFICE OF BUDGET AND FINANCEInformation Security Office
5
Education – Partnership – Solutions
OFFICE OF BUDGET AND FINANCEInformation Security Office
NetIDplus UpdatePresented by Brian McElroy
Education – Partnership – Solutions
OFFICE OF BUDGET AND FINANCEInformation Security Office
7
How do I sign-up for NetIDplus
• Log-in to the NetID account portal and select the NetIDplus link
Education – Partnership – Solutions
OFFICE OF BUDGET AND FINANCEInformation Security Office
8
NetIDplus Login Options
• Duo mobile application on your phone or tablet
• SMS text message
• Voice call to your mobile or landline phone
• Hardware token that generates a one-time code
Education – Partnership – Solutions
OFFICE OF BUDGET AND FINANCEInformation Security Office
9
Where is NetIDplus used?
• Direct Deposit within PeopleSoft Galaxy• VPN Remote Access – Cisco AnyConnect• SSH Remote Access – moat, pubssh
Education – Partnership – Solutions
OFFICE OF BUDGET AND FINANCEInformation Security Office
10
Where are we at?
• Over 1500 users enrolled since mid-August• Over 1600 devices enrolled
– 1520 Phones– 133 Hardware tokens
Education – Partnership – Solutions
OFFICE OF BUDGET AND FINANCEInformation Security Office
11
Where are we at?
• PeopleSoft Direct Deposit Changes– 90 Unique users
• SSH Remote Access– 42 Unique users out of approx. 300
• Cisco VPN– 1,080 Unique users out of approx. 3,300
Education – Partnership – Solutions
OFFICE OF BUDGET AND FINANCEInformation Security Office
12
Cisco VPN
• Cisco is replacing the aging Juniper VPN
• Juniper scheduled to be shut offby IR on October 31st
• In the last 2 weeks, 1,400 users logged in to Juniper
• Directions for installing Cisco VPN client: http://www.utdallas.edu/ir/vpn
Education – Partnership – Solutions
OFFICE OF BUDGET AND FINANCEInformation Security Office
13
Adding NetIDplus To Your Own Applications
• Integrations available for:– Windows Remote Desktop– Web API – Easy to use libraries available for PHP,
Java, Python, ASP.NET– LDAP & RADIUS– Linux SSH/PAM
Education – Partnership – Solutions
OFFICE OF BUDGET AND FINANCEInformation Security Office
14
Questions?
Education – Partnership – Solutions
OFFICE OF BUDGET AND FINANCEInformation Security Office
Mac EncryptionPresented by Jeff Reynolds
Education – Partnership – Solutions
OFFICE OF BUDGET AND FINANCEInformation Security Office
16
ISCryptOS X Encryption made simple
Education – Partnership – Solutions
OFFICE OF BUDGET AND FINANCEInformation Security Office
17
So, what are we talking about here … ?
• A system derived from Crypt, an open source project
• Uses native FileVault2 Encryption• Escrows FV2 recovery keys to a central
server, and provides simple reporting
Education – Partnership – Solutions
OFFICE OF BUDGET AND FINANCEInformation Security Office
18
Basically, we’re trying to get rid of SecureDoc.
Education – Partnership – Solutions
OFFICE OF BUDGET AND FINANCEInformation Security Office
19
What we want to offer:• A simple system to perform two simple tasks store ⎯
encryption keys and report encryption status
• Client and Server interfaces which allow techs to encrypt machines and retrieve keys with minimal training
• Compatibility with new OS X releases as soon as they are available, without having to wait for third party software updates
Education – Partnership – Solutions
OFFICE OF BUDGET AND FINANCEInformation Security Office
20
The ISCrypt Server
Education – Partnership – Solutions
OFFICE OF BUDGET AND FINANCEInformation Security Office
21
The ISCrypt Server
Education – Partnership – Solutions
OFFICE OF BUDGET AND FINANCEInformation Security Office
22
The ISCrypt Client
Education – Partnership – Solutions
OFFICE OF BUDGET AND FINANCEInformation Security Office
23
ISCrypt is still in beta
We are looking for early adopters to help explore how this system can meet your needs.
Education – Partnership – Solutions
OFFICE OF BUDGET AND FINANCEInformation Security Office
24
Current Limitations(Nothing is perfect, but we’re always trying to get closer)
• Potential client issues with 10.9 and below, more testing needed to confirm
• Anything you might identify that we didn’t think of
Education – Partnership – Solutions
OFFICE OF BUDGET AND FINANCEInformation Security Office
25
For documentation on ISCrypt, please see the Security page at UTD Tech space in Confluence.https://confluence.utdallas.edu/confluence/x/8BHzAQ
Please e-mail [email protected] for more information or to inquire about creating an account with ISCrypt and testing this software in your department.
Education – Partnership – Solutions
OFFICE OF BUDGET AND FINANCEInformation Security Office
26
Questions?
Education – Partnership – Solutions
OFFICE OF BUDGET AND FINANCEInformation Security Office
Microsoft System Center Endpoint ProtectionPresented by Andy Cummings
Education – Partnership – Solutions
OFFICE OF BUDGET AND FINANCEInformation Security Office
28
Background
• Currently using McAfee VirusScan - at an increasing cost every year.
• The ISO has evaluated a number of potential replacement products over the last couple of years.
Education – Partnership – Solutions
OFFICE OF BUDGET AND FINANCEInformation Security Office
29
Microsoft Endpoint Protection
• Already included in our Microsoft contract.• Lightweight – uses the same anti-virus engine that
comes built-in to Windows.• Anti-virus updates come through the same
mechanism as regular Windows updates.• Clients available for both Windows and Mac.
Education – Partnership – Solutions
OFFICE OF BUDGET AND FINANCEInformation Security Office
30
Our grateful thanks to:
• Arts & Humanities• Undergrad Education• Natural Sciences and
Math• Research• Callier Center• JSOM
• Vital Longevity• IR TCS• Enrollment
Management• Library• Engineering• UTD Police
Education – Partnership – Solutions
OFFICE OF BUDGET AND FINANCEInformation Security Office
31
Pilot Group Results
• Piloted since Spring – the 12 adopter groups have used Microsoft SCEP for several months.
• Feedback has been very positive.• Improved malware-detection rates
Education – Partnership – Solutions
OFFICE OF BUDGET AND FINANCEInformation Security Office
32
McAfee vs. Dyre Trojan Education – Partnership – Solutions
OFFICE OF BUDGET AND FINANCEInformation Security Office
33
Microsoft SCEP vs Dyre Trojan Education – Partnership – Solutions
OFFICE OF BUDGET AND FINANCEInformation Security Office
34
McAfee vs. Microsoft SCEP Education – Partnership – Solutions
OFFICE OF BUDGET AND FINANCEInformation Security Office
35
Me: Education – Partnership – Solutions
OFFICE OF BUDGET AND FINANCEInformation Security Office
36
Goal
• McAfee contract ends Aug 31 2016• Dec 31 2015 for deployment to all domain machines via GPO• Jan 2016 – Aug 2016: for machines that we can't deploy to
automatically (Mac and non-domain machines) – or PCs with issues
• Currently - 7,100 McAfee vs. 900 MS SCEP installs
Education – Partnership – Solutions
OFFICE OF BUDGET AND FINANCEInformation Security Office
37
How to Deploy
• Link the GPO to your OU – this installs SCCM and the SCEP agent will install once machine policy is downloaded
• (SCCM is the same agent you're already installing on BitLocker computers)
• Email Andy so we know which OUs are ready• Andy will do some wizardry
Education – Partnership – Solutions
OFFICE OF BUDGET AND FINANCEInformation Security Office
38
Special Considerations
• McAfee Endpoint Protection for Files and Folders (EEFF) Users– Microsoft SCEP will also uninstall EEFF– Must be manually re-installed– ISO can provide a list of your installed EEFF clients
• Windows 10– SCEP manages Windows Defender instead of
installing a separate Endpoint Protection client
Education – Partnership – Solutions
OFFICE OF BUDGET AND FINANCEInformation Security Office
39
SCCM installed? Education – Partnership – Solutions
OFFICE OF BUDGET AND FINANCEInformation Security Office
40
Education – Partnership – Solutions
OFFICE OF BUDGET AND FINANCEInformation Security Office
41
Upcoming Enhancements
• Tech access to the SCCM console– Verify machine status– Manage antivirus policy and exclusions for your
endpoints– Self-service reporting
Education – Partnership – Solutions
OFFICE OF BUDGET AND FINANCEInformation Security Office
42
What about McAfee Home Edition?
• We are no longer distributing McAfee for student and personal use
• The NetID website has changed to remove the link to the secure download website
• It now points to a page describing how to obtain free antivirus software for your computer
• Existing users may continue to use the software but no updates after August 2016
Education – Partnership – Solutions
OFFICE OF BUDGET AND FINANCEInformation Security Office
43
Questions?
Education – Partnership – Solutions
OFFICE OF BUDGET AND FINANCEInformation Security Office
Education – Partnership – Solutions
Secunia CSIPresented by Chaney Edwards
Education – Partnership – Solutions
Secnia CSI Overview
• Secunia product line designed to reduce third-party vulnerabilities
• Secunia PSI initially rolled out to areas with good success
• Secunia PSI not always a good fit, thus Secunia CSI now in use
• Secunia CSI and WSUS set to be replaced by July 1, 2016 by SCCM• This will be an instance hosted by TCS, no longer ISO
• Main reason for current push: Get the most issues resolved with the easiest and least intrusive product while we still can!
OFFICE OF BUDGET AND FINANCEInformation Security Office
Education – Partnership – Solutions
Secunia Product Offerings
• Minimum Version – The lowest version CSI will detect to update from• Patched Version – The reulting version CSI will update the
product to
Product Name Minimum Version Patched Version
Adobe Air 1.0.0.0 18.0.0.180
Adobe Reader 7.0.0.0 11.0.12
Apple QuickeTime 6.0.0.0 7.7.7
Mozilla Firefox 1.0.0.0 38.1.1 ESR
VLC Media Player 0.6.0.0 2.2.1
OFFICE OF BUDGET AND FINANCEInformation Security Office
Education – Partnership – Solutions
Secunia Statistics
• Rolled out to several departments as a whole
• Over 1,100 agents installed now
• 0 complications reported
EPPS Department Vulnerability Trend NSM Department Vulnerability Trend
Only ONE Week with CSI
OFFICE OF BUDGET AND FINANCEInformation Security Office
Education – Partnership – Solutions
Secunia Review
• With no reported issues with vulnerabilties being remediated, we are very confident in this product
• If there is any product you do not wish to have updated, it can be blocked on a product-by-product basis
• We are currently making more deployment packages and can build custom ones for your needs
• Even though it is going away, this is the easiest shot we have at removing the largest chunk of vulnerabilities and need your support
OFFICE OF BUDGET AND FINANCEInformation Security Office
49
Questions?
Education – Partnership – Solutions
OFFICE OF BUDGET AND FINANCEInformation Security Office
Education – Partnership – Solutions
Nexpose ReportingPresented by Chaney Edwards
OFFICE OF BUDGET AND FINANCEInformation Security Office
Education – Partnership – Solutions
Nexpose Overview
• A new look and feel! Nexpose 6.0 has launched, please log in and take a look!
• More reports to choose from:• Files and Directories• Newly Discovered Assets• Custom Reports Available
• Connecting with your areas and your leadership
OFFICE OF BUDGET AND FINANCEInformation Security Office
Education – Partnership – Solutions
Nexpose Report Process
• We’ve been working with areas like Student Affairs to refine the reports we generate to make more sense
• Reports will be available on a monthly basis
• Reports will be automatically delivered to area leaderships and those they wish to receive as well
• This is all the same information you have access to now, simply distilled down from a few reports in particular
OFFICE OF BUDGET AND FINANCEInformation Security Office
Education – Partnership – Solutions
Nexpose Report Content
• From Vulnerability Trends• How the area is performing against previous month
• From Risk Scorecard• Overall health information
• From Top 10 Assets by Vulnerabilities• The 10 machines in that are with the highest vulnerability count
• From Top Remediations• The 5 most vulnerable applications in that environment
OFFICE OF BUDGET AND FINANCEInformation Security Office
Education – Partnership – Solutions
Nexpose Report Goals
• There are three primary goals with these new reports:
• Engage upper management more with the Information Security Office
• Present information that has been requested of us in the past in a more clear and concise format
• Better convey the severity of not patching machines in a timely or consistent manner
OFFICE OF BUDGET AND FINANCEInformation Security Office
Education – Partnership – Solutions
Nexpose Review
• Please check out the new look and feel of Nexpose and let us know what you think!
• Report delivery to upper management to start with December or January monthly scans
• We need your help in driving these numbers down, and hope that by including upper management in this discussion, we get their support as well
OFFICE OF BUDGET AND FINANCEInformation Security Office
56
Questions?
Education – Partnership – Solutions
OFFICE OF BUDGET AND FINANCEInformation Security Office
Education – Partnership – Solutions
Obsolete Operating Systems and MS Office VersionsPresented by Chaney Edwards
OFFICE OF BUDGET AND FINANCEInformation Security Office
Education – Partnership – Solutions
Obsolete Software Overview
• Recently we have had multiple areas ask for custom reports and queries within Nexpose to find the following:• Specific Versions of Windows• Any Version of Windows Older than Windows 7• Any Office Version older than 2013• Installations of Office 2007
• This highlights a concern and desire to move these off campus
• The campus needs better groups and reports to assist in this matter
OFFICE OF BUDGET AND FINANCEInformation Security Office
Education – Partnership – Solutions
Obsolete Software Reports
Within the past 90 days we found:
Software Name Host Count
Office 2003 8
Office 2007 181
Office 2010 1705
Server 2000 20
Server 2003 440
Windows XP 151
Windows 2000 20
OFFICE OF BUDGET AND FINANCEInformation Security Office
Education – Partnership – Solutions
Obsolete Software Summary
• We have to get rid of Windows XP unless it is required
• Older versions of Office are going to start having reduction in feature sets available with Exchange 2016, so these need to be brought up to minimum of fully patched Office 2010, preferably 2013 or higher
• Any of these reports and custom queries you can make yourself, but we are always here to help
• Please let us know if we need to assist in this discussion as to why this is such an important topic to address
OFFICE OF BUDGET AND FINANCEInformation Security Office
61
Questions?
Information Security [email protected]
Education – Partnership – Solutions
OFFICE OF BUDGET AND FINANCEInformation Security Office