SECURITY  LIAISON  MEETING  

April  21,  2015  

1  

GEORG E  MA SON   UN I V E R S I T Y  

Ø  1.  Intro  and  Welcome  –  Bob  Nakles  

Ø  2.  Updates  from  the  CIO  –  Marilyn  v  The  new  ITS  v  "Security:  It's  Everyone's  Job"  and  the  need  to  communicate  within  departments  v  Monthly  newslePers  –  SL's  need  to  share  with  their  department  v  Ask  quesRons  of  the  ITS,  no  need  to  wait  for  a  meeRng  v  Recent  events,  the  APT  and  the  web  event  

Ø  3.  Phishing-­‐  Karen  Bates  v  Video  clip  v  Recent  or  common  phishing  emails  v  How  to  tell  if  an  email  is  legit  

Ø  4.  IT  Security  Projects  –  CurRs  McNay  v  The  list  of  proposed  or  current  projects  related  to  security  

Ø  5.  Review  the  role  of  the  SL  -­‐  Bob  

TODAY’S  AGENDA  

2  

GEORG E  MA SON   UN I V E R S I T Y  

Updates  from  the  CIO  –  Marilyn  T.  Smith  v The  new  ITS  

v "Security:  It's  Everyone's  Job"  and  the  need  to  communicate  within  departments  

v Monthly  newslePers  –share  with  your  department  

v Contact  the  ITS,  no  need  to  wait  for  a  meeRng  

v Recent  cyber  security  events    

THE  CIO’S  UPDATES  

3  

GEORG E  MA SON   UN I V E R S I T Y  

Ø INFORMATION TECHNOLOGY SERVICES Marilyn T. Smith

VPIT and CIO

Whitney SublettExec Assistant

Joy TaylorDirector

Learning Support Services

Sharon PittExec Director

Enterprise Infrastructure

and Deputy CIO

Bob NaklesExec Director

Strategy, Portfolio and Process Management

Sean StevensManager

Learning Support Services Labs

Karen GardnerDirector

Enterprise Servers & Messaging

Ben AllenDirector

Network Engineering & Technology

John KettlewellDirector

Technology Support Services

Andrew KrellManager

Systems Integration

Randy AndersonDirector

Process & Planning

Derek KanSr. Project Manager

John PretteProject Manager

REV: 02/11/2015

Tim MurphyDirector

Classroom & Lab Technologies

Kim RaleyExec Assistant

Tom ShifflettDirector

Enterprise Applications

Barbara YablonskiManager

Database Support

Chris GayManager

Data Mart Support

Kathy AdcockManager

Administrative Applications

Adheet GaddamanuguManager

Portal & Web Technologies

Joe BalducciManager

Online Learning Resources

Constance HarrisManager

Instructional Design

OpenExec Director/Chief Information Security

Officer (CISO)IT Security

Curtis McNayDirector

IT Security

OpenDirector

Business Operations

Pam ThomsonSpecialist

Human Resources

Leslie PainterDirector

Patriot Computers

Brian GanttDirectorFinance

David RobinsonDirector

Communications & Client Relations

Information Technology Services

Ken De JongResearch Computing

Susan KehoeDirector

Academic Strategies

Richard WoodManagerGMU-TV

Karen BatesComm Coord

Office Management and Administrative

Support

GEORG E  MA SON   UN I V E R S I T Y  

Karen  Bates  

Ø  Video  clip:  How  easy  it  is  to  get  a  person’s  credenRals  

Ø  Examples  of  recent  and  common  phishing  emails  

Ø  How  to  tell  if  it’s  legit  

 

PHISHING  

5  

GEORG E  MA SON   UN I V E R S I T Y  

COMMON  PHISHING  EMAILS  

6  

GEORG E  MA SON   UN I V E R S I T Y  7  

How  hard  is  it  to  get  passwords?      

hPps://www.youtube.com/watch?v=opRMrEfAIiI  

GEORG E  MA SON   UN I V E R S I T Y  8  

George Mason University uses a different email address

Punctuation is incorrect. There should be a period after yours.

Apply should start a new sentence

Hence is a word rarely used today

There is no business name, no university name, address

or contact information

Should be arts and crafts and the question mark is off

GEORG E  MA SON   UN I V E R S I T Y  9  

Mason will not have a person from another

university send you information about your

expired password

Vague information and improper salutation

Uppercase letters used improperlyand no punctuation

This link actually goes to a site in the United Kingdom

GEORG E  MA SON   UN I V E R S I T Y  10  

From: System Administrator <wramsey@hazlet.org>Sent: Tuesday, November 4, 2014 3:03 PMSubject: Attention: E-mail User Attention: E-mail User,Your mailbox is almost full. 254MB 250MB Current size Maximum size

You have exceeded your E-mail account limit quota of 250MB and you are requested to increase/expand it within 24 hours and avoid disability of your e-mail account from our database. Simply CLICK HERE and complete the information requested to auto-matically expand your account quota to 2 GB.

Copyright ÔøΩ2014System Administrator

No name - it is generic

The mailbox is not almost fullThe lines are sloppy and it is not addressed to a specific person

A non-Mason email address

Awkward wording

Disability is the wrong wordIt is also worded to try to

make you act immediately because it sounds urgent

GEORG E  MA SON   UN I V E R S I T Y  11  

From: <Eyrich>, Jeanine <jeanine.eyrich@Vanderbilt.Edu>Date: Thursday, November 20, 2014 at 12:10 PM‚To: “Eyrich, Jeanine” <jeanine.eyrich@Vanderbilt.Edu>‚Subject: RE: FACULTY/STAFF/EMPLOYEE‚Resent-From: <saircmg@tntech.edu>Resent-Date: Thursday, November 20, 2014 at 12:19 PM

Dear Webmail Subscriber‚Your Email Account have been Suspended from sending and receiving email,to re-validate your account,Please‚CLICK HERE TO LOGIN USING SECURE ENCRYPTION

Connected to Microsoft Exchange© 2014 Microsoft Corporation. All rights reserved

The header is non-Mason, generic subject line and incorrect punctuation

Incorrect punctuation

No name, incorrect capitalization and misplaced words

Link goes to a spoofed page of Microsoft Exchange

GEORG E  MA SON   UN I V E R S I T Y  12  

   IT  SECURITY  PROGRAMS  

Presented by Curtis McNay

GEORG E  MA SON   UN I V E R S I T Y  

Ø IT SECURITY - REALMS OF OPERATION

•  Network  &  System  Monitoring  

•  User  &  Data  Monitoring  •  Application  Monitoring  •  Threat  Analysis  •  Gap  Analysis  •  Incident  Response  •  Data  and  System  Recovery  

Reactive Proactive •  Policy  •  Inventory,  ClassiCication  •  Risk  Assessment  •  Access  Control    •  Active  Blocking  •  Vulnerability  Detection  •  Network  Architecture  •  System  Hardening  •  Awareness  &  Training    

GEORG E  MA SON   UN I V E R S I T Y  

Ø  IT-GRC - Inventory, Classification and Assessment v  Inventory & classify systems and applications & check for vulnerability. v  Identifies critical system for focus.

Ø Multifactor Authentication – Provides Access Control security v  Could have prevented hackers from getting into network and on to privileged

systems.

Ø NextGen IPS - Network Intrusion Protection System v  Could have blocked Remote Access Trojans (RATs), BOT sessions &

reconnaissance.

Ø Vulnerability Scanning - Upgrade of active & passive scanners & GRC integration v  Identifies Vulnerabilities, and with authenticated scans, misconfiguration.

Ø Web Application Firewall – F5 Security Module v  Could have prevented Web application compromises.

Ø  ITS  Workstation  Security  Standards  –  Desktop  hardening  v  Could  have  prevented  compromise  of  desktops  in  last  summers  APT  event.    

Ø PROJECTS - PROACTIVE

GEORG E  MA SON   UN I V E R S I T Y  

Ø  IT  Security  Awareness  and  Training  –  Says  it  all.  Ø General  awareness  and  role  speciCic  training,  from  phishing  to  database  security.  

Ø  Local  Controls  for  Windows  systems-­‐  Restrict  Built-­‐in  Admin  &limit  local  log  in    Ø Secure  the  built-­‐in  admin.  And  limit  access  to  the  people  that  need  access.  

Ø  IronPort  Upgrade  and  Optimization  –  Protection  from  Phish  v  Goal  of  reducing  the  number  of  and  improving  the  alerting    for  phishing  email.    

Ø Application  Whitelisting  for  Critical  Servers  –  Malware  protection  v  Could  have  prevented  or  alerted  to  malware  on  critical  servers.    

Ø  Prohibit  Unnecessary  Server  to  Server  communication  -­‐  contains  infections    v  Could  have  limited  penetration  by  APT  attackers.  

Ø  Consultant  Provided  Penetration  testing  –  Test  Security  Posture  of  Web  Apps    v Could  have  prevented  APT  compromise  of    web  application  and  recent  WordPress  compromise.    

Ø PROJECTS - PROACTIVE

GEORG E  MA SON   UN I V E R S I T Y  

v ArcSight Upgrade, Expansion and Analysis- Better performance, more log sources, longer retention. Maturing correlation for more meaningful data

v Provides monitoring, alerting and threat analysis v Provided active attacker forensics during APT.

Ø  F5 Web Application Monitoring – Threat analysis for Web applications § Identifies threats to and gaps in web application security.

Ø  Next Gen IDS - Intrusion Detection Monitoring v  Increased Visibility of Malicious Network traffic.

Ø  CSIRT Lessons Learned- v  How did it happen & What do we do differently.

Ø  Disaster Recovery Tabletop Exercise v  To improve CSIRT and Communication,

Ø PROJECTS - REACTIVE

GEORG E  MA SON   UN I V E R S I T Y  

Bob  Nakles    Provide  security  updates  to  staff  

 NewslePers,  monthly    Email  noRficaRons,  such  as  the  recent  reminder  of  phishing  

 Call  for  resources,  presentaRons,  informaRon    Remind  people  to  forward  suspected  phishing  to  the  Support  Center  support@gmu.edu      

 

YOUR  ROLE  

18  

GEORG E  MA SON   UN I V E R S I T Y  

Resources    IT  Security  Office  informaRon    Cyber  Security  Month  acRviRes  (October)    Online  resources  

hPp://itsecurity.gmu.edu/SecurityLiaisons/about-­‐liaisons.cfm    hPp://itsecurity.gmu.edu/Alerts/Advisories.cfm    hPp://itservices.gmu.edu/alerts/                

       

 

YOUR  RESOURCES  

19