Lessons In Campus Cybersecurity

[InfoSec News <alerts () infosecnews org>]

http://www.darkreading.com/database-security/167901020/security/attacks-breaches/240006411/lessons-in-campus-cybersecurity.html

By Kelly Jackson Higgins
Dark Reading
Aug 28, 2012

The University of Nebraska had just deployed a new security information 
event management (SIEM) system when an undergraduate student there 
apparently broke into the school's student information system, exposing 
sensitive information of 654,000 students, alumni, and employees.

While the breach was a serious one that is still under investigation, 
Nebraska was actually better off in the end than most universities that 
get hacked. An IT staffer detected an error message in one of the 
university's systems at 10 p.m. on a Wednesday evening in May, and began 
to escalate the issue, bringing in the security team, which investigated 
the activity and monitored some suspicious behavior throughout the 
night.

"By that next afternoon, we had figured out what had happened," says 
Joshua Mauk, information security officer for the University of 
Nebraska. An insider had accessed the university's PeopleSoft-based 
database.

Mauk says the university used logs from all of its database, 
applications, network, and security tools -- including the SIEM -- to 
piece together a picture of the breach within 48 hours of its 
occurrence. "That [let us] provide enough information to the police for 
them to execute warrants to confiscate the person of interest's 
computing equipment that may have been used in the breach," he says. "We 
used this data and more to conduct a more detailed analysis, with the 
assistance of an external security firm, to produce a summary and 
timeline of what we believe the attacker did."

[...]