. .

Recent News

The Compensating Controls & Exceptions Form is up

Here are the Compensating Controls & Exception process submision forms for the UCSS.

GeoTrust SSL Certificate Purchasing Explained

Instructions on how to order SSL Certificates through GeoTrust can be found on this page

Security Boot Camp outline up for comment

The CIO Security Group is developing an "Information Security Boot Camp" program that will be taught later this year. Comment on the proposed outline is encouraged during development. Check out the basic outline here

Check the Blackhole List

To see the current Blackhole listing click here

Report an Incident

To report a security breach or other security incident send an email to Security@osu.edu

2006

December 7, 2006 - SECWOG

Ho, ho, ho :-)

Steve Romig
Slides:

Its time for our annual year-end review meeting. We'll look back over the last year, and look ahead to the next year.

We've got a new security group member - Shawn Sines. Come meet him!

I'll also talk about some changes to the contents of our block/warn messages.

November 2, 2006 - SECWOG

We've got a wide variety of short presentations this month. We've been finding many potential security issues on web based applications at OSU.

  • Seth Hall will talk briefly about what he's been seeing and what can be done about it. I'm going to try to arrange more in-depth coverage on this at an upcoming meeting.
  • House Bill 104 requires that we notify the owners of certain combinations of information ( sensitive data - like SSNs and credit cards) if we have reason to believe that that data has been disclosed to unauthorized parties. We've talked about this a bit at past meetings, and will again in the future - this month we'll talk about new language we're going to insert into our block/warn messages and our plans for investigations of potential sensitive data breaches. We'll also talk briefly about practices that you can follow to reduce the risk of having these sorts of issues in the first place.
  • Chuck Morrow-Jones will briefly discuss the hard drive shredding event that we held recently, and our future plans in that arena.
    Assuming that we have time, I'll cover some of the more noteworthy recent security news items.

October 16, 2006 - Security day

The speakers were Steve Straib from Microsoft and SSA Shannon Fuson of the FBI.

October 5, 2006 - SECWOG

SECWOG cancelled, security day instead

September 7, 2006 - SECWOG

Firewall Updates
Brian Moeller

Brian Moeller will talk about the most recent version of the OSU FireMarshall

Searching for Sensitive Data

Charles Morrow-Jones, Director of Security, Office of the CIO
Slides: PowerPoint, PDF

Charles Morrow-Jones will talk about searching for sensitive data and will demonstrate the use of the Cornell Spider program, which makes it easy to do so.

August 3, 2006 - SECWOG

No meeting - sorry!

July 6, 2006 - SECWOG

Network Traffic Analysis with tcpdump
Seth Hall

Seth Hall will talk about doing network traffic analysis using tools such as tcpdump.

The FIRST 2006 Annual Conference
Steve Romig

Steve Romig will talk about the highlights from the 2006 FIRST Annual Conference in Baltimore, which he recently attended.

June 1, 2006 - SECWOG

Scanning, Phonehome, Encryption and More

Members of the security group will lead a discussion about several topics that have come up lately, including network vulnerability scanning, the PhoneHome project and encryption tools for sensitive data.

The discussion is likely to be pretty OSU-specific this month, but anyone's welcome to attend.

May 10, 2006 - Academic Leaders

Security Fundamentals for Leaders
Charles Morrow-Jones and Steve Romig
Slides: PDF

May 4, 2006 - SECWOG

Multi-Tiered Network Access Control
Kyle Evans and Chris Hartley
Slides: not available yet

In order to provide quality service to the students and staff who rightfully use the network, ResNet needs to limit access to only students and staff of the Ohio State University.

In addition, ResNet must be able to track the activity of specific users in order to identify and contain network abuse such as "bot" infected computers, rogue DHCP servers, machines performing denial-of-service attacks, and sharing of copyrighted materials. Previously, ResNet required no authentication for any network resources, and anyone who could gain physical access to the network could use it.

The implementation of Muli-Tiered NAC (Network Access Control) consisting of Cisco Clean Access and tools developed at ResNet has enabled both network authentication and quarantine of malicious hosts, drastically improving over-all quality of service, and shoring up some troubling security issues.

In time for Fall, 2006, Resnet implemented a network-wide multi-tiered NAC, composed of Cisco Clean Access and custom-developed tools. Almost 10,000 users (and their security-challenged computers) came raging onto the network, greeted for the first time by a password prompt.

Now, users whose machines are irretrievably infected with malware (bots!) are placed into a true quarantine network, with access only to patch and update-related resources and a slim 'client' tool to validate their clean reinstallation, presence of Service Pack 2, and conditionally "auto-unquarantine" their machine.

Learn from some of the challenges and solutions encountered during a successful wide-scale implementation of a departmental NAC. Also, we'll discuss how Resnet and Student Affairs cope with issues like Rogue DHCP servers, wireless access points, bandwidth abuse and abuse prevention, other abuses and mediaforce violation notices. Depending on interest, we may discuss technical components of the Cisco Clean Access(R) system itself. Any other closely related topics are fair game.

April 6, 2006 - SECWOG

Cancelled - sorry!

March 2, 2006 - SECWOG

Lessons Learned from Katrina Continuity and Recovery Operations
Bill Yang (CISSP, WDY Enterprises, LLC)
Slides: not available yet

The disaster of Hurricane Katrina rocked the United States and the world, rippling through all levels of government. While the brunt of the disaster was bourne by the Gulf Coast, the economic and business impact was felt even in Ohio. Follow the unplanned business continuity and disaster recovery operations we managed from Ohio on behalf of a multi-state services company that, until the storm, had its primary data center in downtown New Orleans.

Another Day in the Life of an Internet Storm Center Handler
Jim Clausing
Slides: not available yet

Jim will tell us more exciting stories about his work in the Internet Storm Center.

February 2, 2006 - SECWOG

PKI and CaCERT
We've got two presentations this month:

Enterprise PKI Implementional Issues
Charles Morrow-Jones

Several of the Big 10 schools have recently conducted PKI pilots. In this talk, I'll try to summarize what they have learned, what we know about the infrastructure required by PKI, and what we know about OSU's operating environment.

Based on these facts, I'll argue that Enterprise PKI at OSU is not currently justifiable, but that relatively minor changes in our environment could necessitate a rapid Enterprise PKI deployment.

CaCERT
Russ Herrold

Russ Herrold will talk about CaCERT. From their web site (www.cacert.org), "CAcert.org is a community driven, Certificate Authority that issues certificates to the public at large for free."

At the end of the meeting we'll have some time for people to have their CaCERT keys validated by qualified assurers. You'll need to bring two forms of picture ID with you. We'll have blank forms on hand.

January 5, 2006 - SECWOG

Windows Meta File Vulnerability
Steve Romig
Slides: PDF

It seems appropriate to devote this meeting to the Windows Meta File (WMF) vulnerability, so we'll have a Q&G (G for Guessing :-) Feel free to bring other questions for us to discuss also.