1 / 18

Vista Impact on Higher Ed Security

Vista Impact on Higher Ed Security. Cam Beasley, ISO Craig Blaha, Manager of Special Projects The University of Texas at Austin. Overview. Corporate vs. HE ITS at UT, TAP program Big picture – get in front of it User account protection Firewall Bitlocker Collaboration

yuri
Download Presentation

Vista Impact on Higher Ed Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Vista Impact on Higher Ed Security Cam Beasley, ISO Craig Blaha, Manager of Special Projects The University of Texas at Austin

  2. Overview • Corporate vs. HE • ITS at UT, TAP program • Big picture – get in front of it • User account protection • Firewall • Bitlocker • Collaboration • Network access protocol • Command line • IPV6

  3. Primary Customer - Corporate? • Vista great for homogenous, centrally managed environment • With 63k+ machines attached to the network, managed by individuals or various departments.

  4. CIO Security Purchasing Application Programming Network Management User Support Administrative Decisions Operations Corporate Hierarchy

  5. CIO Security CIO Security Purchasing CIO Security Purchasing Purchasing CIO Security Purchasing Application Programming Network Management User Support Application Programming Network Management User Support Administrative Decisions Operations Administrative Decisions Operations HE - The Explosion of Corp. Application Programming Application Programming User Support Administrative Decisions Operations Application Programming Administrative Decisions Administrative Decisions Operations Administrative Decisions Operations Administrative Decisions Operations Application Programming Application Programming Operations Application Programming Application Programming Network Management User Support Application Programming Administrative Decisions Operations

  6. UT Technical Overview • Over 119 instances of exchange • Utnet is one of the largest single networks in the country, supporting 1836 subnets and ~350 subdomains. • Every flavor of OS • 16 academic departments, many administrative departments and independent entities each with the capacity and freedom to make their own IT decisions

  7. UT Overview • Founded in 1883 • Flagship of the 15-campus university of texas system, with 6 medical centers • 51,000 students; 11,000 degrees/year • 300,000 continuing ed enrollments • 3,000 faculty, 18,000 staff • Over 450,000 alumni

  8. TAP Program • Technology adoption program • Over 100 participants, 3 higher ed research institutes • 2 beta tests, one with 25 machines another with 100. • Commitment to deploy vista widely after RTM

  9. Prepare For Vista • Get in front of it • CLI training • Key escrow • Enterprise level security

  10. Hardware Requirements • Many systems on campus will not be able to support the RAM | CPU | graphics requirements of vista.. • E.G., Aero, the new GUI, requires at least 128mb video RAM. • Need to upgrade to RAM (512MB) to expose the new features • Benefit: • More time to prepare and test • Issue: • What is the tipping point?

  11. User Account Protection • Limits the chances of an application installing or making changes silently • Issue: • User account protection = pop-up fatigue? • Examples of when this is required… make fonts larger or smaller, control panel mouse, battery power, add or remove user accounts

  12. Firewall • Easy to write and share rules with users • 3 flavors - sane, paranoid and ultra-paranoid • Issue: • May conflict with existing firewalls • Initial confusion (breaking apps?) • Potential for user misconfiguration

  13. Bitlocker • Great potential - HIPAA, research data BPM, stolen laptops etc. • De-commissioning made easy • Issue (?) • Potential boat anchor creator - users can mistakenly kill all of their own data • When employee leaves, we can be locked out. • All managed machines compromised if AD is vulnerable • Check on state key escrow requirements

  14. Collaboration • New P2P protocol – peer name resolution protocol (PNRP) – on by default in last build • Users and applications can communicate with each other • Find people near me • P2P happens, might as well be secure • Issue • Could be used in new botnet command & control scenarios.

  15. NAP • Network access protocol – NAP if using longhorn server (replacement for other network access control devices?)

  16. Complexity and Command Line • 2500 GPO’s added to registry • Adds to level of control • Adds to complexity • Command line driven

  17. IP Stack • IPV6 on by default • Each interface has its own routing table • Can allow for transmission of sensitive data over secure channels only. • Ex.: Isolation between data going through a VPN interface vs. Regular network interface • May decrease the chance of inadvertent routing of private network data over public network

  18. Conclusion • Get your organization to support a professionally (centrally) managed windows environment, so that all of the new vista features can be properly leveraged. • Watch Star Trek re-runs.

More Related