Lessons In Campus Cybersecurity (Univ. of Nebraska)

[security curmudgeon <jericho () attrition org>]

---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.darkreading.com/database-security/167901020/security/attacks-breaches/240006411/lessons-in-campus-cybersecurity.html

By Kelly Jackson Higgins
Dark Reading
Aug 28, 2012

The University of Nebraska had just deployed a new security information 
event management (SIEM) system when an undergraduate student there 
apparently broke into the school's student information system, exposing 
sensitive information of 654,000 students, alumni, and employees.

While the breach was a serious one that is still under investigation, 
Nebraska was actually better off in the end than most universities that 
get hacked. An IT staffer detected an error message in one of the 
university's systems at 10 p.m. on a Wednesday evening in May, and began 
to escalate the issue, bringing in the security team, which investigated 
the activity and monitored some suspicious behavior throughout the night.

"By that next afternoon, we had figured out what had happened," says 
Joshua Mauk, information security officer for the University of Nebraska. 
An insider had accessed the university's PeopleSoft-based database.

Mauk says the university used logs from all of its database, applications, 
network, and security tools -- including the SIEM -- to piece together a 
picture of the breach within 48 hours of its occurrence. "That [let us] 
provide enough information to the police for them to execute warrants to 
confiscate the person of interest's computing equipment that may have been 
used in the breach," he says. "We used this data and more to conduct a 
more detailed analysis, with the assistance of an external security firm, 
to produce a summary and timeline of what we believe the attacker did."

[...]

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.