Trends and Issues in IT Security
-
Upload
linda-cochran -
Category
Documents
-
view
46 -
download
0
description
Transcript of Trends and Issues in IT Security
![Page 1: Trends and Issues in IT Security](https://reader036.fdocuments.in/reader036/viewer/2022082505/568134c2550346895d9be601/html5/thumbnails/1.jpg)
Trends and Issues in IT Security
A Scan of what’s happening on our campuses
With attention to:–Trends
–Primary issues and challenges
–Any opportunities for information sharing or common solutions?
Common Solutions Group, May 13, 1999
Philip Long, Yale University
![Page 2: Trends and Issues in IT Security](https://reader036.fdocuments.in/reader036/viewer/2022082505/568134c2550346895d9be601/html5/thumbnails/2.jpg)
This Morning
• Bob Mahoney, MIT
• Sandra Senti, Stanford
• Barbara Fraser, CMU/CERT
![Page 3: Trends and Issues in IT Security](https://reader036.fdocuments.in/reader036/viewer/2022082505/568134c2550346895d9be601/html5/thumbnails/3.jpg)
Yale Trends
Staff Dedicated to IT Security
0
1
2
3
4
AY97 AY98 AY99
Year
FT
E
Same Slope for other trends – Number of incidents– Actual damage– Campus alarm
![Page 4: Trends and Issues in IT Security](https://reader036.fdocuments.in/reader036/viewer/2022082505/568134c2550346895d9be601/html5/thumbnails/4.jpg)
Practice
• Using Internet Security Scanner (ISS)– But our policy prohibited full use without
seeking the permission of owners
• An increasing number of reported incidents
• Any law enforcement activity is incredibly time consuming
![Page 5: Trends and Issues in IT Security](https://reader036.fdocuments.in/reader036/viewer/2022082505/568134c2550346895d9be601/html5/thumbnails/5.jpg)
Most Frequent Security Problems
• Viruses– CIH damaged approximately 60 student
machines
• Password sniffing after standard crack– Still have lots of hubs in departments with grad
student sysadmins
![Page 6: Trends and Issues in IT Security](https://reader036.fdocuments.in/reader036/viewer/2022082505/568134c2550346895d9be601/html5/thumbnails/6.jpg)
Presentations
![Page 7: Trends and Issues in IT Security](https://reader036.fdocuments.in/reader036/viewer/2022082505/568134c2550346895d9be601/html5/thumbnails/7.jpg)
End of Session Summary
• Rapid rise in incidents– Based on easy-to-use cracker tools– And parallel to Internet growth
• Rapid rise in effort– New staff and– Permeating connections throughout existing organizations
• Tend to report only well documented incidents to law enforcement
• Clear interest in proactive work– Publicity, documentation on prevention– Scanning automatically or on demand– Policy issues?
![Page 8: Trends and Issues in IT Security](https://reader036.fdocuments.in/reader036/viewer/2022082505/568134c2550346895d9be601/html5/thumbnails/8.jpg)
Most Frequent Problems
• Linux
• Sniffed Passwords
• “The occasional ‘Interesting Thing’”
• Firewalls? – Configuring
– Getting around
![Page 9: Trends and Issues in IT Security](https://reader036.fdocuments.in/reader036/viewer/2022082505/568134c2550346895d9be601/html5/thumbnails/9.jpg)
Funny Things are Important
• Administrative ease of use of password management turns out to be critical to good password hygiene
![Page 10: Trends and Issues in IT Security](https://reader036.fdocuments.in/reader036/viewer/2022082505/568134c2550346895d9be601/html5/thumbnails/10.jpg)
Possible Common Solutions
• Information/tool sharing– standard Kerberos support for common platforms
– Kerberized or SSH tunneled FTP
– Policy Sharing
– auto-update, e.g., for Linux
• Can those of us who have security pages link to them from the CSG Web site?