3 org structure
play

3 Org Structure Politicians IT Network Structure 5 History of - PowerPoint PPT Presentation

3 Org Structure Politicians IT Network Structure 5 History of projects between CMU and the City Heinz College Information Systems & Management Public Policy and Management Penetration Test project last


  1. 3

  2. • Org Structure – Politicians – IT • Network Structure 5

  3. • History of projects between CMU and the City – Heinz College – Information Systems & Management – Public Policy and Management • “Penetration Test” project last year – Technical exercise – Policy assessment and recommendations 6

  4. • Initiated discussions with the CIO • Review & approval by City Legal, CMU Legal, others • Volunteers installed a sensor at the primary internet connection 7

  5. • Network Situational Awareness class – http://www.andrew.cmu.edu/course/95-855/ – Instructors: • Tim Shimeall* • Sid Faber – Anonymized data • MAWI, Internet 2, CDX 8

  6. • Gain Network Situational Awareness • Provide information back to the city • Done in the blind 9

  7. • Find Heavy Hitters • Create a profile • Eliminate bogons • Monitor over time 10

  8. • ACL / Least Privilege • DNS • Policy Validation – Remote Access (Gotomypc) – Streaming Video 11

  9. • Network Profile – Scans – Client Web, Served Web – Servers as Clients – Email – DNS – NTP – Etc. 12

  10. 13

  11. 14

  12. 15

  13. 16

  14. 17

  15. • Network Situational Awareness: – Perceive: Network flow sensor – Comprehend: Network profile, leftovers – Project: What does this mean to me? 18

  16. • All packets are innocent until proven guilty – Profile by country – Scan traffic, inbound traffic 19

  17. • Leveraging university, Limited resources • External validation – Support for external auditors 20

  18. • Initial impression: too much data • Dividing traffic led to identifying patterns • Couldn’t really be done with full packet data 21

  19. • Improve the sensor – Instrument the cold spare – Instrument internally – Add metadata • Add a security focus • Add a geopolitical focus 22

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend


More recommend