Computing at UW-MadisonDivision of Information Technology
Students Faculty/Staff Services Services A through D Services E through L Services M through R Services S through Z Help Desk Tech Store About DoIT   

Lockdown 2003

Presentations

Legal Issues in IT Security for Higher Education

PowerPoint
This presentation will explore the legal landscape for IT security in higher education, including an overview of federal and state privacy and security related laws, and the factors contributing to an atmosphere of uncertainty. The presentation will also describe several practical implications of such laws for institutions of higher education. The presenter is the author of a white paper, "IT Security for Higher Education: A Legal Perspective," recently commissioned by the EDUCAUSE/Internet2 Computer and Network Security Task Force.

OCTAVE: Risk Assessment

PowerPoint
Determining the requirements for securing information technology is a ongoing pursuit. Solutions must accommodate the business environment, evolving standards, new threats, expanding boundaries, increased integration, and uncertainty. One important component of security is the use of risk assessments to gain control of information security, providing the same sort of insight and management over risks to information assets that businesses have over other key components of their business. Risk assessment helps to answer the question: what is the biggest gap in your organization's readiness to deal with e-risk?

One approach to risk assessment is OCTAVE, Operationally Critical Threat, Asset and Vulnerability Evaluation. OCTAVE is a comprehensive, repeatable methodology for identifying risks in networked systems through organizational self-assessment.

Virtual Honeypots

Presentation slides
Honeypots are closely monitored network decoys serving several purposes: they can distract adversaries from more valuable machines on a network, they can provide early warning about new attack and exploitation trends and they allow in-depth examination of adversaries during and after exploitation of a honeypot. This talk gives an overview of Honeypot technologies and the Honeynet Project. However, deploying physical honeypots is often time intensive and expensive as different operating systems require specialized hardware and every honeypot requires its own physical system. So, this talk also presents Honeyd, a framework for virtual honeypots, that simulates virtual computer systems at the network level. The simulated computer systems appear to run on unallocated network addresses. To fool network fingerprinting tools, Honeyd simulates the networking stack of different operating systems and can provide arbitrary services for an arbitrary number of virtual systems. Furthermore, the system supports virtual routing topologies that allow the creation of large virtual networks including characteristics like latency and packet loss. The talk discusses Honeyd's design and some implementation details.

Wireless U

Joe and Doug will talk about UW-Stout's experience with wireless LAN technology. UW-Stout is a laptop campus and utilizes wireless technology in support of the laptop program. Joe and Doug will discuss the context in which they made wireless decisions, other programs in support of the laptop campus, and the elements that led them to believe that wireless would enhance the student's experience. They will also discuss engineering studies they commissioned to determine where and how much wireless to deploy; as well as, decisions regarding the use of antennas. Current and future protocols will also be addressed.

Securing OSX

PDF of presentation

Security Update

PowerPoint of presentation

Encryption for IT Staff

PowerPoint of presentation

ISS/NESSUS Case Study

PowerPoint of presentation

Wireless Security

PowerPoint of presentation