Educause Security Discussion mailing list archives
Re: success stories
From: Bob Bayn <bob.bayn () USU EDU>
Date: Wed, 19 Nov 2008 13:28:24 -0700
Emilio is right. We have a couple of real-time graphics that help to convey the message without a lot of tech-talk. We depict the traffic crossing our border with a 256x256 grid of dots for every possible IP address here. When a packet passes the border, the corresponding dot for the sender/recipient on our end lights up. So, we see how busy various parts of our network are. We also see when we get scanned. In a 5 minute presentation to one or a group of VPs, you can usually see a scan. Sometimes it's a sequential scan and is pretty obvious, and the rest of the time it's "snow" from a randomized scan that hits our darknet areas as well as the subnets that are assigned. We include in the display the probes that are blocked by border firewall rules. That shows how much we are pre-emptively blocking as well as how much is still getting through. We've talked about having an outside machine that we could use to launch a scan (with a small TTL) during a presentation, but we've never needed to go to the trouble. The hackers are always very accommodating. This is a useful tool for talking with local reporters who can then help get the word out to our users about the importance of patches, updates, firewalls, virus protection, etc. The second graphic is a dynamic visualization of a subset of our traffic, selected by port or IP range, showing the source and destination and bandwidth in use. We can show unauthorized email servers (like hacked spammers), or unusual DNS queries, or remote desktop connections to unusual outsiders or to sensitive insiders, etc. We mention that we are careful to not show this second display to reporters. ;-) With these tools we can visually demonstrate to administrators that we are always subject to probes and frequently have "misbehaving" systems. A picture is worth a thousand words and, for us, a realtime dynamic visualization is worth a thousand pictures. Bob Bayn (435)797-2396 Security Team coordinator "IT will NEVER ask for your password via email, honest!" Office of Information Techology at Utah State University ________________________________________ From: The EDUCAUSE Security Constituent Group Listserv [SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Emilio Valente [evalente () SDSC EDU] Sent: Wednesday, November 19, 2008 12:36 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] success stories In advance, evaluation and testing of new security tools and bringing very colorful graphs to senior management, before ask for anything. (altogether: Working behind the scene and Metrics) Emilio. -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Kathy Bergsma Sent: Wednesday, November 19, 2008 11:22 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] success stories I'm interested in hearing about your success stories engaging senior management support for security initiatives. What methods worked at your institution? I've suggested some methods below. Let me know which ones have worked for you and identify others ideas not listed. Fear, uncertainty and doubt Metaphors and analogies Comparison with peer institutions Financial benefits such as ROI (return on investment) Leverage an incident Metrics Working behind the scenes Ask forgiveness rather than permission Little by little baby steps Relationship building with key players? Who are the key players Other ideas -- Kathy Bergsma UF Information Security Manager 352-392-2061
Current thread:
- success stories Kathy Bergsma (Nov 19)
- <Possible follow-ups>
- Re: success stories Wayne Samardzich (Nov 19)
- Re: success stories Ardoth Hassler (Nov 19)
- Re: success stories Steve Brukbacher (Nov 19)
- Re: success stories Emilio Valente (Nov 19)
- Re: success stories Allison Dolan (Nov 19)
- Re: success stories Brenda B Gombosky (Nov 19)
- Re: success stories Bob Bayn (Nov 19)
- Re: success stories Lazor, Joseph (Nov 20)
- Re: success stories Doug Markiewicz (Nov 20)
- Re: success stories Steve Schuster (Nov 20)
- Re: success stories Suresh Balakrishnan (Nov 20)
- Re: success stories Brian T Nichols (Nov 20)
- Re: success stories Colleen Hurd (Nov 21)