Security Services

advertisement
Welcome to Our World
Information Technology
Networks and Security (ITNS)
Presented by
IT NETWORKS AND SECURITY
IT Networks and Security
1. Implements and manages campus-wide communication
networks
2. Improves the security of the resources that cross those
networks
3. Prevents, detects and reacts to unauthorized access to
Purdue resources
4. Promotes the preservation of personal security and
privacy for all people at Purdue.
2
IT NETWORKS AND SECURITY
CONSISTS OF EIGHT AREAS:
1.
2.
3.
4.
5.
6.
7.
8.
Broadcast Network Services
Identity and Access Management Office
Networks
Policies and Procedures
Research Data Networking
Security Outreach and Training
Security Services and NOSC
Telecommunications
3
OUR “FEARLESS”
LEADER
Scott Ksander
Executive Director of IT
Networks and Security
4
BROADCAST NETWORK SERVICES
(BNS)
• Provides video services and distribution
capabilities to the Purdue campus,
•
•
•
•
•
•
•
Satellite transmission (KU-Band)
Internet video streaming
Two-way video conferencing facility in Stewart Center
The Purdue Channel/Educational Access Channel 5
Purdue Residence Hall BoilerTV Channel 13
Jeff Schwab, Acting
Purdue Academic Cable TV in classrooms
Director
Videotape and CD/DVD duplication
• Operates video fiber network connecting most of Purdue's
major event venues on campus with the BNS facility in
Stewart Center
• Provides video engineering support for all ITaP video facilities
5
NETWORKS
Wired networks
• 40,000 network connections
• Fiber Optic connectivity to all campus buildings
Wireless network
• 1,800 wireless access points (“PAL2.0”)
• Covers most indoor “common” areas
Jeff Schwab, Acting
Internet Connectivity
• Research oriented Internet2 connectivity via 10 Gigabit fiber Director
• Commodity Internet connectivity via Indiana Gigapop in Indianapolis
Provide network bandwidth for day to day operations of the university and
support students, staff, and faculty in research and educational network
needs. Also provide special event support for athletics and other major
university events.
For information on services follow the Data Connections link at:
http://www.itap.purdue.edu/connections/
6
RESEARCH DATA NETWORKING
Supports high capacity network connectivity for
data communication-intense research projects
for:
• Rosen Center for Advanced Computing
• Envision Center for Data Perceptualization
• Purdue Terrestrial Observatory
• Maintain high capacity research network links for
Teragrid and CMS projects
Jeff Schwab, Acting
Director
7
Touch points with ITaP and
Others
Housing and Food Services – Resnet
•
• Athletics – supporting special events
• Teaching, Learning and Technology
Blackboard, Internet,
• I Light Educational Statewide Network
• Wireless Environment in buildings and
common areas
8
SECURITY OUTREACH AND
TRAINING
• Coordinates training and presentations on
security issues
• Promotes a culture of security awareness
for the Purdue community
• Manages the SecurePurdue Web site
(www.purdue.edu/securepurdue),
• Serves as a clearinghouse for
information and resources on computer
security and issues related to the four
components of SecurePurdue
Cherry Delaney,
Coordinator
9
Security Outreach and Training Touch
Points throughout ITaP and Purdue
• Facilitate professional development and training sessions for
ITNS, and IT distributed
• Provide training sessions for greater Purdue community and
public on security awareness
• Provide outreach to new students, staff and faculty
• Work with other Universities to promote computer security
awareness
10
IDENTITY AND ACCESS
MANAGEMENT OFFICE (IAMO)
The mission of the Identity and Access
Management Office (IAMO) is to provide a
consistent, University-wide means of
identifying Purdue University constituents for
the purpose of granting access to resources
while ensuring an individual's privacy. The
IAMO coordinates the activities of identity
assignment and role-based access across the
University.
Rob Stanfield, Director
IAMO CONTINUED
• Provides identification, authentication, and
authorization services to the Purdue campuses
• Provides the central career account credential for
accessing services
• Manages access to various resources on campus, such as
the SAP system
• Provides guest account services for visitors to campus
• Provides SecurePurdue two-factor authentication tokens
For more information on services:
http://www.purdue.edu/securepurdue/services/iamo.cfm
IAMO Touch Points
throughout ITaP and Purdue
• IAMO assigns students, faculty, and staff a career account
• Assigns roles and specific access for services
• Provides two-factor authentication tokens – BoilerKey
• Consults with other IT units on use of IAMO services
• Provides Tier-2 support for the Customer Service Center
POLICIES AND PROCEDURES
ITNS facilitates the development of University:
• Information security policies, standards,
guidelines, and procedures
• Consults on information security compliance
activities under federal, state, and local law
Joanna Grama,
Director
For information on IT policies and security compliance activities:
http://www.purdue.edu/securepurdue/bestpractices.
Policies and Procedures
Touch Points throughout ITaP
and Purdue
ITNS Members serve on:
•HIPAA Executive Steering Committee (cross-functional at the
University)
•GLBA Information Security Program Committee (crossfunctional at the University
•Data Stewards Organization
Facilitates the Security Officers group that is comprised of
distributed IT throughout the university
1
SECURITY SERVICES
Mission: Leverage reliable and secure Networks and
Security Services to preserve the availability and
integrity of Purdue IT resources.
Vision: To be a trusted partner and advisor to all IT
areas at Purdue; creating security solutions and
providing a secure IT environment. To be
recognized by the Purdue community for
maintaining effective and efficient operational
Network and Security Services .
Greg Hedrick,
Director
1
Security Services
• Vulnerability Scanning Cluster
• Hostmaster
• Anti-virus support (ePO)
• Security reviews and
• Windows Server Update Service
consultation
•Production Readiness
•Web Scanning
•Product evaluation
• Incident Response
•Central firewall support
• Network monitoring
• Filelocker
• Second and third-tier technical
support
•Intrusion Detection
•Logging
•Forensics
•
For more information on Security Services:
http://www.purdue.edu/securepurdue/services/
Security Services Touch Points
throughout ITaP and Purdue
•
•
•
•
•
Supports security services (Firewall, ePO,
web scanning, etc.) for other ITaP units
Staff meet with IT Systems and Operations
on a regular basis to discuss projects and
concerns
Provides consulting to other ITaP units for
their projects, RFP's, etc
Integrated within the production readiness
and change management (services arm of
ITaP)
Monitoring for Networks
18
Security Services Touch Points
Continued…
•
•
•
•
Interacts with contracts and licensing on new contracts/licenses in IT Customer
Relations
Provides tier 2/3 support via the IT Customer Relations Customer Service Center (CSC)
methodologies and tools (i.e. remedy, Knowledge Base (KB) system).
Working with RCAC to help develop an IP address management (IPAM) solution.
System-wide services:
– VSC
– Reviews and consultation
– Incident Response
– ePO
– Windows Server Update Service
– Filelocker
– Second and third-tier technical support
19
Network Operations Center (NOC)/Security Operations
Center (SOC)
TELECOMMUNICATIONS
Mission: Develop and expand quality
telecommunication services to the
Purdue University community.
Vision: We constantly seek creative and
innovative solutions to better meet our
customer needs. In addition, we strive
to promote and maintain accuracy and
reliability with 24 hour service at a
competitive cost.
Gary English,
Director
21
Telecommunications continued
• ITNS – Telecommunications consists of the following
areas:
– Voice Services
– Cable Plant Operations
– Network Operations
•
•
•
•
Gary English is the Director of Telecommunications
Barb Jones is the Manager of Voice Services
Stu Dye is the Manager of Cable Plant Operations
Todd Harrington is Manager of Network Operations
TELECOMMUNICATIONS
CONTINUED
• Services and maintains 21,000 telephone lines and associated
equipment, Blackberry devices, cell phones, and pagers
• Provides telephone operator services, ITNS
billing services, consulting services, and training on all equipment and
services
• Manages, designs, specifies, installs and repairs all fiber-optic and
copper cabling needs for the West Lafayette campus, including new
buildings and renovation projects
• Participate in Campus Master Planning and budgeting for new
construction
• Service and maintain records for all voice, data, and video
infrastructure plus 600 telecom rooms on the West Lafayette campus
as well as the I-Light fiber cable to Indianapolis and the Purdue
Research Park
Facts about
Telecommunications
• Number of active telephone lines - 20,450
• Cable Lengths installed
– 614 miles of fiber optic cable
– 485 miles of copper cable
• Years of experience in department: 650 years – GTE/Verizon- 135
years
• Annual Voice service orders – 8,387
• Annual Trouble tickets – 1,247
• Annual Data orders – 15,361
• Annual CS2100 telephone switch calls processed – 27,881,209
For information on services browse
http://www.itap.purdue.edu/telephone/
24
Telecommunications Touch
Points throughout ITaP and
Purdue
• Work with Physical Facilities for things like access to Sprint’s
tower on the Purdue University water tower
• Coordinate with Sheriff Tracey Brown for 911 and emergency
notifications
• Coordinate with Purdue Memorial Union (PMU) for wireless
connections in conference rooms and hotel suites
• Work with Athletics to provide access for press and guests
For information on services browse
http://www.itap.purdue.edu/telephone
25
Ongoing Projects
• Campus Wireless Network: Expand coverage to all
interior areas and add 802.11n support
• Campus Network Infrastructure: Add redundant 10
gigabit network links to all core campus buildings
• Security logging project used to support incident
response activities
• NOC/SOC implementation to help focus current
operational staff on further research, development, and
consulting
• Post-implementation SAP security improvements
• Sungard Banner upgrades
Where we exist in ITaP’s
support mission
• Research and Discovery




IPAM collaboration
Filelocker
Technical Support
Network Monitoring
• Teaching and Learning
 Web Scanning
 Incident Response
• Effective Administration
 Filelocker
 Incident Response
 High capacity network links
 Compute cluster network support
 Classroom video and videoconferencing
 Computer lab networking
 Wireless support for student learning
Data Center network and firewall
support

27
 Benefits of working at Purdue
– Vacation days and holidays
– Medical benefits including Flexible spending account pre-tax dollars
– 10% discount at several local businesses
– Sick leave/ including paid parental leave
– Affordable term life insurance
– Personal accident insurance
– Short Term disability
– University Retirement Contributions/Health Insurance
– Tuition Discount!!
– Voluntary Benefits: legal, dental, guaranteed universal life, Home, auto and
other property casualty insurance
 Training and career development opportunities- part of Purdue’s strategic
initiatives
28
Staff Recognition
• Category: Good News About ITaP
• ITNS staffer receives kudos for help with Summer
Transition, Advising, and Registration program.
•
Andrew K. Koch, Director of Student Access, Transition and Success Programs wrote the following
about Doug Magers' help with their summer transition, Advising, and Registration program: "I write
to thank you for the help you provided to guarantee the success of the Summer Transition,
Advising, and Registration program. Your efforts with establishing and maintaining daily network
connections at our welcome locations in STEW and the Hall of Music enabled us to efficiently and
professionally check-in more than 6,000 new freshmen and transfer students over the 18 days of
the program. You were diligently present at 6 a.m. each morning, and when the system was
working without a hitch (all the time) you pitched in with other tasks (bag distribution, greeting,
etc.) to make sure that the whole check-in process was smooth. You went above-and-beyond the
call of duty – never leaving something unaddressed because it was “not your job.” For your efforts,
my SATS colleagues and I have elected you to the “Pantheon of STAR All-Stars” – an organization
founded and funded by Dan Carpenter. (So far you are the only person enshrined in this august
group.) Doug, my colleagues and I are indebted to you for your service and support. Thanks for all
you did to help the University’s newest students start their college experiences in positive and
productive manners. We look forward to working with you in the not-to-distant future when we
begin to plan for STAR 2010. In the meantime, enjoy the rest of the summer."
Activities Presented by ITNS
Throughout a Year
• October - Cybersecurity Month
long events culminating in
Halloween Security Costume
Contest
• Winter dinner
• Network staff manage Athletic
events
• Research Presentations
• Student Appreciation Picnic
3
Security Training ITNS has Provided
•SANS 401 6 day training June,
2009
•SANS 422 Web Applications June,
2009
•SANS 422 2 Day Web Security
training Jan. 2009
•SANS 556 1 Day Packet Flow
Analysis Jan 2009
•SANS 519 2 day training
December 2007
•SANS VISTA One day training July
2007
•SANS 401 6 day training January
2007
An interactive video training hosted by ITNS for IT
staff across campus
•Operational Security luncheon
series 2008
•CISSP Test prep luncheons 2007
Student appreciation Spring picnic
ITNS TOP TEN LIST
10. "Oh! You work for ITaP?! You can solve ALL of my problems!" quote from
one Purdue staff person. Oh if only we could!!
9.
You can’t just plug a phone into any phone jack and expect it to work – have
to have a live jack and the jack owns the phone number, not your phone.
8.
We love to make you change your password!! It may help prevent hackers
or others from compromising your machine or data. So we practice safe
principles.
7.
“I should be able to do anything on the networked computers 24/7/ 365
days of the year.” Sorry, but we just aren’t staffed to manage that and there
are scheduled times we must do maintenance.
6.
Please, just “Don’t click” on embedded links in emails.
33
ITNS TOP TEN LIST CONT.
5.
“Why should I care about security?” We try to inform you but we can not
make you practice safe computer behavior on the internet, email or
instant messaging.
4.
Keep operating system and anti-virus patches updated on all machines
3.
ITNS helps faculty, staff, & students get and stay connected securely. (via
LAN, WAN, internet, phones, pagers, PAL, etc.)
2.
Don’t Google your Social Security Number!!!! That stays in the
documents searched on for anyone else to see.
1.
Purdue will NEVER send an email message asking users to reply with a
password or other confidential personal information such as Social
Security numbers or bank account numbers. Messages requesting such
information are fraudulent and should be deleted
34
Jail Time for Bad ITaP Hombres
Gerry (Liverpool) McCartney, CIO
Scott (Southside) Ksander, CISO
35
Recent ITaP Recognition Luncheon
• Scott as Ringmaster
The world’s largest ravenous
man eating chicken
Broadcast Networks
Anti-Phishing PSA
Created by video group within ITaP
Members of
IT Networks & Security
Telecommunications Building
Telecommunications Building
Telecommunications Building
Telecommunications Building
Telecommunications Building
Download