ISC Presentation
advertisement
Information Security The University of Texas at Dallas Education – Partnership – Solutions ISC Meeting April 10, 2015 Information Security infosecurity@utdallas.edu Information Security The University of Texas at Dallas Education – Partnership – Solutions Information Resources Update Presented by Information Resources Management Information Security The University of Texas at Dallas Education – Partnership – Solutions CISO Update Presented by Nate Howe Information Security The University of Texas at Dallas Education – Partnership – Solutions Information Security Office Initiatives Education – Partnership – Solutions • Firewall architecture review and reduction of “global allow” • Identity Finder – disabled monthly scanning • WordPress administrative pages • SANS Securing the Human videos Information Security The University of Texas at Dallas Education – Partnership – Solutions New Information Security and Acceptable Use Policy • 6 month collaborative drafting process, including more than 75 reviewers • Replaces all “policy” documents formerly published by ISO • Outlines expectations for secure use of University data and computing resources • http://policy.utdallas.edu/utdbp3096 Information Security The University of Texas at Dallas Education – Partnership – Solutions Policy Highlights • Convenient reference table covering applicability to personal and University data, on personal or University equipment • Updated language for data classification: confidential, controlled, and public data • References standards, rather than incorporating technical details into policy • All portions of the policy are subject to exemptions Information Security The University of Texas at Dallas Education – Partnership – Solutions Coming Soon: Standards • Will detail specific configuration requirements for key technologies in use across campus • • The first set of standards will cover: – – – – Desktops and laptops Mobile computing devices Servers Web applications • We will be seeking input from technical specialists on campus Information Security The University of Texas at Dallas Education – Partnership – Solutions 2-Factor Authentication Presented by Nate Howe & Brian McElroy Information Security The University of Texas at Dallas Education – Partnership – Solutions Information Security Office Problem to be Solved Education – Partnership – Solutions • Direct deposit routing number changed • Passwords can be obtained if recovery questions are predictable based on social media research • Phishing victims provide username and password by email or fraudulent website Information Security The University of Texas at Dallas Education – Partnership – Solutions Information Security Office Education – Partnership – Solutions Information Security The University of Texas at Dallas Education – Partnership – Solutions Information Security Office Education – Partnership – Solutions Information Security The University of Texas at Dallas Education – Partnership – Solutions What is 2-Factor Authentication? • 3 Categories of authentication elements: • Something you know • Something you have • Something you are Information Security The University of Texas at Dallas Education – Partnership – Solutions What is 2-Factor Authentication? • 3 Categories of authentication elements: • Something you know (username, password, PIN, questions and answers) • Something you have (ATM card, SecureID keychain, mobile phone) • Something you are (fingerprint, retina, voice) Information Security The University of Texas at Dallas Education – Partnership – Solutions What is 2-Factor Authentication? • Video of Duo: • https://www.youtube.com/watch?v=tPLxe9HUDjY Information Security The University of Texas at Dallas Education – Partnership – Solutions What is 2-Factor Authentication? • Traditional authentication only uses elements from the first category, such as username and password • Reduced risk when using more elements from the first category, referred to as “multifactor authentication” • Further risk reduction when using elements from two categories • Authentication model should match the risk; ATMs use two factors because most people like cash Information Security The University of Texas at Dallas Education – Partnership – Solutions Scope • 2-Factor is the right thing to do for our high risk connections • UT System memo defines August 31, 2015 target for: • High-value PeopleSoft transactions, in particular direct deposit • VPN remote access • Remote administrative tasks [via external SSH] Draft Timeline March Budget Proposal April -Initial committee meetings -Product decision May Awareness campaign June Moat & Mote for Admins - SSH July Cisco VPN August September PeopleSoft Direct Deposit Change Letter to UT System 9/1 Information Security The University of Texas at Dallas Education – Partnership – Solutions Cloud Storage Update Presented by Brian McElroy Information Security The University of Texas at Dallas Education – Partnership – Solutions Cloud Storage Update • We have reviewed and approved several storage providers for various use cases • We endorse box.com for the most allowed purposes • This month we are launching utdallas.edu/cometspace • Table indicating allowed use cases • Frequently Asked Questions • Link to our box.com instance Information Security The University of Texas at Dallas Education – Partnership – Solutions Box.com • The service is live – https://utdallas.app.box.com • Login using your NetID and password • 100GB storage quota • Departmental shared folders are available • 500+ early adopters are already using the service • Very few questions, even with our FAQs not available yet Information Security The University of Texas at Dallas Education – Partnership – Solutions Questions & Discussion Information Security infosecurity@utdallas.edu
