1 / 19

Information sharing the MOREnet way: How not to keep secrets

Learn how MOREnet utilizes communication options, conferences, and expanding the security community to share information and prevent security breaches. Join Randy Raw and Beth Young from MOREnet Security as they provide valuable insights and tips on securing networks and promoting a proactive security culture.

corbettm
Download Presentation

Information sharing the MOREnet way: How not to keep secrets

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Information sharing the MOREnet way: How not to keep secrets Randy Raw Beth Young MOREnet Security 1.800.509.6673 security@more.net

  2. Objectives: • Introductions • What is MOREnet • Communication options • Conferences • Expanding the security community

  3. Introductions Randy Raw • CISSP - August 2005 • 1.5 years with MOREnet • Former Director of Technology Services at Linn State Technical College • Former Technology Coordinator for the Osage County R-II schools Beth Young • CISSP - July 2003 • 5 years with MOREnet • Former Network Analyst - University of Missouri Columbia

  4. What is MOREnet The Missouri Research and Education Network (MOREnet) provides Internet connectivity, access to Internet2, technical support, videoconferencing services and training to Missouri's K-12 schools, colleges and universities, public libraries, health care, state government and other affiliated organizations.

  5. What does the Security office do? • Assist with incident response • Liaison with law enforcement • Gather information for dissemination • Knowledge transfer

  6. The “Old Days” We were the bad guys. Nobody talked to us because they were afraid we would use it against them. We were a “ticket numbers” group. Policy issues kept us from being proactive and helpful

  7. What have we done to change? • Change how we do what we do • Communicate regularly to our members, not just when they have a problem • Provide opportunities for members to learn and help them secure their networks, not just be their Internet police • Establish goals to reduce ticket counts, especially nuisance tickets • Create and communicate Security roadmap

  8. The “kinder and gentler” security - changing what we do • Good Net Neighbor configuration • Phase I – Microsoft NetBIOS port • Phase II – Outbound Port 25 spam block • Self-scanning tool to self-evaluate hosts • Blackhole DNS Server • MOREnet network status indicator • Town hall meetings to discover their needs and issues

  9. Using our lists for proactive communication Security-l, MERC-security and State-security lists • One-way push for critical announcements • Bot network C&C • Virus alerts • Vulnerability announcements • Two-way discussions for any topic members choose • Communication of important training opportunities

  10. Monthly Web Seminars - communicate • Phishing Schemes • Bot networks • Spyware/malware • Nmap • Ethereal • Securing HP printers • SecCheck and Active Ports • Subpoena handling

  11. Annual Security Symposium - education • Mostly member presentations • Advanced Technical topics • K-12, Higher Education, Library and State Government attendees and presenters • Attorney General’s Office keynote on dealing with law enforcement

  12. Advanced Security Training - education • Contracted with SANS and providing SANS Forensics course at steep discount for MOREnet members • CISSP training for members using video conferencing technology

  13. Conferences – education/communication • Security policy generation • Security Awareness emphasis • Hands-on training sessions • Hacking competitions • Ethical hacking training

  14. Other methods of communications and sharing of information • Daily Security Newslinks on website • Security offerings accessible through MyMOREnet login • RADAR (MRTG) statistics • NetFlow statistics • Ticket submission • Research requests

  15. Fee-based Services • E-mail Virus and Spam Filtering (EVSF) • Remote Vulnerability Assessment

  16. Expanding to the security community • Security community meetings • Security community e-mail list for announcements and discussion • Infragard involvement • State Information Technology Advisory Board (ITAB) involvement

  17. On-going activities • Participate in annual Security Awareness Month • Annual advanced topic for training • Nationally known Security Symposium keynote speaker • Expand the security community reach beyond Columbia

  18. Is there anything left to do? • Blogging • Darknet • DShield log analysis server • On-site Remote Vulnerability Assessment • In-depth firewall assessment • SMTP self-testing tool • Managed firewall • Managed security appliance

  19. For more information • Randy Raw • rawr@more.net • 573.882.0749 • Beth Young • youngba@more.net • 573.884.7200

More Related