SlideShare a Scribd company logo
1 of 13
Download to read offline
Ct2 presentation   stevens
 An urban university that caters to mostly
commuter students
 Diverse range of technologies that strive
for a high level of security
 Any dept. can set up servers that are
administered by people with other
primary duties
 Not reporting servers creates vulnerable
internal networks
 Some departments work well together
and share information
 “Towers of power” do not like to engage
with others outside of their group
 These different working styles lead to a
lack of consistency and accountability
 Miscommunication caused issues with
the server and domain structure
› No firewall= open to hacking
 Departments were reorganized
 Towers of power restructured
 All servers were moved to the computer
center to handle server administration
› This change was met with resistance
› Unsecured subnet moved to the center
› System administrators continued to monitor
the systems remotely even though this duty
was transferred to the computer center
 Budget cuts led to many departmental IS
support personnel to be laid off
› Depts. had to rely on existing IT infrastructure
› Depts. with responsibilities in support areas
also lost staff and had to pick up the slack
 Decision was made to replace hardware
› Replacement servers agreed upon
› This project was delayed several months
› Replacements “linked to a migration to the
university active directory forest” (p. 329)
 System administrator logged on remotely
and noticed a new folder on desktop
 User ID “Ken” with administrative rights
was created over the weekend
 Security settings were okay, but process
to examine open files was disabled
 This raised suspicions that the system was
hacked
 Both system administrators talked on the
phone and decided to:
› Disconnect the system from the network
› Notify the university security team
› Review the system to figure out the
magnitude of the breach
 Determined a Trojan was installed
 Other personnel were notified and new
Microsoft patches were applied to
servers
 Two other servers were compromised too
 Client system TAPI2 service compromised
› Access gained by user ID w/ ID as password
 DameWare Trojan program found on
server_1
 Entire domain was compromised
 PDC in 2nd domain also compromised
 2 member servers and 100+ workstations
also had to treated as suspicious
 Servers were cleaned
 Firewall configuration
 A stricter password policy was created
 Computer forensics expert was
contracted to certify all systems were
clean and restore systems to full
functionality
 Summary and analysis written to for
system administrators to prevent future
attacks
 Standard server configurations modified
to improve reporting statuses
 Password policy became permanent
 Invalid domain accounts were removed
 Suggested to delete administrative
shares and have batch files disable them
 Did the immediate counterattack
actions help the university in any way?
› Yes. Wiping all the servers clean, removing
malware, making lists of ports to aid in
firewall configuration, and implementing a
password policy were the logical and
necessary steps to take immediately
› Hiring computer forensic experts was a
prudent move
 Were the long-term counterattack
actions taken adequate for SU?
› Yes and No. Writing after-action reports and
analyses are important to prevent future
attacks
› Improving system reports in the server
configuration and making a permanent
password policy were good measures
› Full extent of the compromise is still unknown
› Did not investigate the hacker
In what ways, if any, do you think the poor
corporate culture of university personnel
contributed to the hacking incident?

More Related Content

What's hot

Projects, Roles & Responsibilities
Projects, Roles & ResponsibilitiesProjects, Roles & Responsibilities
Projects, Roles & ResponsibilitiesSaud Nazeer
 
Evolve automation v1.01 - White Paper
Evolve automation v1.01 - White PaperEvolve automation v1.01 - White Paper
Evolve automation v1.01 - White PaperNimit Shishodia
 
Fault Tolerance System
Fault Tolerance SystemFault Tolerance System
Fault Tolerance SystemEhsan Ilahi
 
Chapter14 -- networking security
Chapter14  -- networking securityChapter14  -- networking security
Chapter14 -- networking securityRaja Waseem Akhtar
 
Chapter15 -- implementing and managing networks
Chapter15  -- implementing and managing networksChapter15  -- implementing and managing networks
Chapter15 -- implementing and managing networksRaja Waseem Akhtar
 
David Gage - Professional Resume
David Gage - Professional ResumeDavid Gage - Professional Resume
David Gage - Professional ResumeDavid Gage
 
The Importance of an Integrated Network Management System
The Importance of an Integrated Network Management SystemThe Importance of an Integrated Network Management System
The Importance of an Integrated Network Management SystemIRIS Network Systems
 
Fault Tolerance (Distributed computing)
Fault Tolerance (Distributed computing)Fault Tolerance (Distributed computing)
Fault Tolerance (Distributed computing)Sri Prasanna
 
Unit 1 network management
Unit 1 network managementUnit 1 network management
Unit 1 network managementbhavikaorg
 
An Investigation of Fault Tolerance Techniques in Cloud Computing
An Investigation of Fault Tolerance Techniques in Cloud ComputingAn Investigation of Fault Tolerance Techniques in Cloud Computing
An Investigation of Fault Tolerance Techniques in Cloud Computingijtsrd
 
Ece seminar 20070927
Ece seminar 20070927Ece seminar 20070927
Ece seminar 20070927Todd Deshane
 
Ch11-Software Engineering 9
Ch11-Software Engineering 9Ch11-Software Engineering 9
Ch11-Software Engineering 9Ian Sommerville
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security EngineeringMuhammad Asim
 
Cs seminar 20061207
Cs seminar 20061207Cs seminar 20061207
Cs seminar 20061207Todd Deshane
 
Computer system administrator
Computer system administratorComputer system administrator
Computer system administratorTheZayne92
 
Ch18-Software Engineering 9
Ch18-Software Engineering 9Ch18-Software Engineering 9
Ch18-Software Engineering 9Ian Sommerville
 
Lumension Security Solutions
Lumension Security SolutionsLumension Security Solutions
Lumension Security SolutionsHassaanSahloul
 

What's hot (20)

Projects, Roles & Responsibilities
Projects, Roles & ResponsibilitiesProjects, Roles & Responsibilities
Projects, Roles & Responsibilities
 
Evolve automation v1.01 - White Paper
Evolve automation v1.01 - White PaperEvolve automation v1.01 - White Paper
Evolve automation v1.01 - White Paper
 
Fault Tolerance System
Fault Tolerance SystemFault Tolerance System
Fault Tolerance System
 
Chapter14 -- networking security
Chapter14  -- networking securityChapter14  -- networking security
Chapter14 -- networking security
 
Chapter15 -- implementing and managing networks
Chapter15  -- implementing and managing networksChapter15  -- implementing and managing networks
Chapter15 -- implementing and managing networks
 
David Gage - Professional Resume
David Gage - Professional ResumeDavid Gage - Professional Resume
David Gage - Professional Resume
 
The Importance of an Integrated Network Management System
The Importance of an Integrated Network Management SystemThe Importance of an Integrated Network Management System
The Importance of an Integrated Network Management System
 
Fault Tolerance (Distributed computing)
Fault Tolerance (Distributed computing)Fault Tolerance (Distributed computing)
Fault Tolerance (Distributed computing)
 
Unit 1 network management
Unit 1 network managementUnit 1 network management
Unit 1 network management
 
Resume
ResumeResume
Resume
 
An Investigation of Fault Tolerance Techniques in Cloud Computing
An Investigation of Fault Tolerance Techniques in Cloud ComputingAn Investigation of Fault Tolerance Techniques in Cloud Computing
An Investigation of Fault Tolerance Techniques in Cloud Computing
 
Ece seminar 20070927
Ece seminar 20070927Ece seminar 20070927
Ece seminar 20070927
 
Ch11-Software Engineering 9
Ch11-Software Engineering 9Ch11-Software Engineering 9
Ch11-Software Engineering 9
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security Engineering
 
Cs seminar 20061207
Cs seminar 20061207Cs seminar 20061207
Cs seminar 20061207
 
IT system and network administrator
IT system and network administratorIT system and network administrator
IT system and network administrator
 
Computer system administrator
Computer system administratorComputer system administrator
Computer system administrator
 
Ch21
Ch21Ch21
Ch21
 
Ch18-Software Engineering 9
Ch18-Software Engineering 9Ch18-Software Engineering 9
Ch18-Software Engineering 9
 
Lumension Security Solutions
Lumension Security SolutionsLumension Security Solutions
Lumension Security Solutions
 

Viewers also liked (9)

Traffic business in serbia
Traffic business in serbiaTraffic business in serbia
Traffic business in serbia
 
Regulatory Update: FDA Perspective
Regulatory Update: FDA PerspectiveRegulatory Update: FDA Perspective
Regulatory Update: FDA Perspective
 
MSc dissertation - João Clara Silva
MSc dissertation - João Clara SilvaMSc dissertation - João Clara Silva
MSc dissertation - João Clara Silva
 
The Death of a Mouse
The Death of a MouseThe Death of a Mouse
The Death of a Mouse
 
Business Voice July 2011
Business Voice July 2011Business Voice July 2011
Business Voice July 2011
 
Business Voice June 2011
Business Voice June 2011Business Voice June 2011
Business Voice June 2011
 
Wall Street Journal about ACN
Wall Street Journal about ACNWall Street Journal about ACN
Wall Street Journal about ACN
 
Business Voice August 2011
Business Voice August 2011Business Voice August 2011
Business Voice August 2011
 
Business Voice August 2010
Business Voice August 2010Business Voice August 2010
Business Voice August 2010
 

Similar to Ct2 presentation stevens

Addressing IT Services at Lamar University
Addressing IT Services at Lamar UniversityAddressing IT Services at Lamar University
Addressing IT Services at Lamar UniversityMichael Dobe, Ph.D.
 
Knowedge Skills Ability
Knowedge Skills AbilityKnowedge Skills Ability
Knowedge Skills AbilityJoseph Lynn
 
Projects and Achievements at GosNIIAS - Victor Berenshteyn
Projects and Achievements at GosNIIAS - Victor BerenshteynProjects and Achievements at GosNIIAS - Victor Berenshteyn
Projects and Achievements at GosNIIAS - Victor BerenshteynVictor Berenshteyn
 
Mitigating Rapid Cyberattacks
Mitigating Rapid CyberattacksMitigating Rapid Cyberattacks
Mitigating Rapid CyberattacksErdem Erdogan
 
Software Change in Software Engineering SE27
Software Change in Software Engineering SE27Software Change in Software Engineering SE27
Software Change in Software Engineering SE27koolkampus
 
Hydra connect2015 security-accessibility-changemanagement-final
Hydra connect2015 security-accessibility-changemanagement-finalHydra connect2015 security-accessibility-changemanagement-final
Hydra connect2015 security-accessibility-changemanagement-finalnewmanld
 
Data Center Optimization With Microsoft System Center Son Vu
Data Center Optimization With Microsoft System Center  Son VuData Center Optimization With Microsoft System Center  Son Vu
Data Center Optimization With Microsoft System Center Son Vuvncson
 
Critical thinking 2
Critical thinking 2Critical thinking 2
Critical thinking 2qnorman
 
Nakina NOS Overview
Nakina NOS OverviewNakina NOS Overview
Nakina NOS Overviewhal2005
 
NSA Capstone Project III final pp
NSA Capstone Project III final ppNSA Capstone Project III final pp
NSA Capstone Project III final ppAlfonso Zamorano
 
November 2014 Webinar - Disaster Recovery Worthy of a Zombie Apocalypse
November 2014 Webinar - Disaster Recovery Worthy of a Zombie ApocalypseNovember 2014 Webinar - Disaster Recovery Worthy of a Zombie Apocalypse
November 2014 Webinar - Disaster Recovery Worthy of a Zombie ApocalypseRapidScale
 
002 srikanth system & network administrator 8+yrs
002 srikanth system & network administrator 8+yrs002 srikanth system & network administrator 8+yrs
002 srikanth system & network administrator 8+yrsSREEKANTH Kama
 
Information Systems Lifecycle
Information Systems LifecycleInformation Systems Lifecycle
Information Systems LifecycleMISY
 
2B Maggie's Cloud Infrastructure
2B Maggie's Cloud Infrastructure2B Maggie's Cloud Infrastructure
2B Maggie's Cloud InfrastructureCFG
 
Disaster Recovery Plan for IT
Disaster Recovery Plan for ITDisaster Recovery Plan for IT
Disaster Recovery Plan for IThhuihhui
 

Similar to Ct2 presentation stevens (20)

SNPResume
SNPResumeSNPResume
SNPResume
 
Addressing IT Services at Lamar University
Addressing IT Services at Lamar UniversityAddressing IT Services at Lamar University
Addressing IT Services at Lamar University
 
DLaBette_resume
DLaBette_resumeDLaBette_resume
DLaBette_resume
 
Knowedge Skills Ability
Knowedge Skills AbilityKnowedge Skills Ability
Knowedge Skills Ability
 
Projects and Achievements at GosNIIAS - Victor Berenshteyn
Projects and Achievements at GosNIIAS - Victor BerenshteynProjects and Achievements at GosNIIAS - Victor Berenshteyn
Projects and Achievements at GosNIIAS - Victor Berenshteyn
 
Mitigating Rapid Cyberattacks
Mitigating Rapid CyberattacksMitigating Rapid Cyberattacks
Mitigating Rapid Cyberattacks
 
Software Change in Software Engineering SE27
Software Change in Software Engineering SE27Software Change in Software Engineering SE27
Software Change in Software Engineering SE27
 
Hydra connect2015 security-accessibility-changemanagement-final
Hydra connect2015 security-accessibility-changemanagement-finalHydra connect2015 security-accessibility-changemanagement-final
Hydra connect2015 security-accessibility-changemanagement-final
 
Data Center Optimization With Microsoft System Center Son Vu
Data Center Optimization With Microsoft System Center  Son VuData Center Optimization With Microsoft System Center  Son Vu
Data Center Optimization With Microsoft System Center Son Vu
 
Critical thinking 2
Critical thinking 2Critical thinking 2
Critical thinking 2
 
Nakina NOS Overview
Nakina NOS OverviewNakina NOS Overview
Nakina NOS Overview
 
NSA Capstone Project III final pp
NSA Capstone Project III final ppNSA Capstone Project III final pp
NSA Capstone Project III final pp
 
November 2014 Webinar - Disaster Recovery Worthy of a Zombie Apocalypse
November 2014 Webinar - Disaster Recovery Worthy of a Zombie ApocalypseNovember 2014 Webinar - Disaster Recovery Worthy of a Zombie Apocalypse
November 2014 Webinar - Disaster Recovery Worthy of a Zombie Apocalypse
 
Latest_Resume
Latest_ResumeLatest_Resume
Latest_Resume
 
Design of network
Design of networkDesign of network
Design of network
 
Sareesh CV
Sareesh CVSareesh CV
Sareesh CV
 
002 srikanth system & network administrator 8+yrs
002 srikanth system & network administrator 8+yrs002 srikanth system & network administrator 8+yrs
002 srikanth system & network administrator 8+yrs
 
Information Systems Lifecycle
Information Systems LifecycleInformation Systems Lifecycle
Information Systems Lifecycle
 
2B Maggie's Cloud Infrastructure
2B Maggie's Cloud Infrastructure2B Maggie's Cloud Infrastructure
2B Maggie's Cloud Infrastructure
 
Disaster Recovery Plan for IT
Disaster Recovery Plan for ITDisaster Recovery Plan for IT
Disaster Recovery Plan for IT
 

Recently uploaded

IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-pyJamie (Taka) Wang
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxUdaiappa Ramachandran
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 

Recently uploaded (20)

IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-py
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptx
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 
201610817 - edge part1
201610817 - edge part1201610817 - edge part1
201610817 - edge part1
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
20230104 - machine vision
20230104 - machine vision20230104 - machine vision
20230104 - machine vision
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 

Ct2 presentation stevens

  • 2.  An urban university that caters to mostly commuter students  Diverse range of technologies that strive for a high level of security  Any dept. can set up servers that are administered by people with other primary duties  Not reporting servers creates vulnerable internal networks
  • 3.  Some departments work well together and share information  “Towers of power” do not like to engage with others outside of their group  These different working styles lead to a lack of consistency and accountability  Miscommunication caused issues with the server and domain structure › No firewall= open to hacking
  • 4.  Departments were reorganized  Towers of power restructured  All servers were moved to the computer center to handle server administration › This change was met with resistance › Unsecured subnet moved to the center › System administrators continued to monitor the systems remotely even though this duty was transferred to the computer center
  • 5.  Budget cuts led to many departmental IS support personnel to be laid off › Depts. had to rely on existing IT infrastructure › Depts. with responsibilities in support areas also lost staff and had to pick up the slack  Decision was made to replace hardware › Replacement servers agreed upon › This project was delayed several months › Replacements “linked to a migration to the university active directory forest” (p. 329)
  • 6.  System administrator logged on remotely and noticed a new folder on desktop  User ID “Ken” with administrative rights was created over the weekend  Security settings were okay, but process to examine open files was disabled  This raised suspicions that the system was hacked
  • 7.  Both system administrators talked on the phone and decided to: › Disconnect the system from the network › Notify the university security team › Review the system to figure out the magnitude of the breach  Determined a Trojan was installed  Other personnel were notified and new Microsoft patches were applied to servers
  • 8.  Two other servers were compromised too  Client system TAPI2 service compromised › Access gained by user ID w/ ID as password  DameWare Trojan program found on server_1  Entire domain was compromised  PDC in 2nd domain also compromised  2 member servers and 100+ workstations also had to treated as suspicious
  • 9.  Servers were cleaned  Firewall configuration  A stricter password policy was created  Computer forensics expert was contracted to certify all systems were clean and restore systems to full functionality
  • 10.  Summary and analysis written to for system administrators to prevent future attacks  Standard server configurations modified to improve reporting statuses  Password policy became permanent  Invalid domain accounts were removed  Suggested to delete administrative shares and have batch files disable them
  • 11.  Did the immediate counterattack actions help the university in any way? › Yes. Wiping all the servers clean, removing malware, making lists of ports to aid in firewall configuration, and implementing a password policy were the logical and necessary steps to take immediately › Hiring computer forensic experts was a prudent move
  • 12.  Were the long-term counterattack actions taken adequate for SU? › Yes and No. Writing after-action reports and analyses are important to prevent future attacks › Improving system reports in the server configuration and making a permanent password policy were good measures › Full extent of the compromise is still unknown › Did not investigate the hacker
  • 13. In what ways, if any, do you think the poor corporate culture of university personnel contributed to the hacking incident?