A huge improvement in CALS computer security
Computer systems throughout CALS are more secure than they were three years ago, and CALS users are more clued in to security risks. Over the past several years, there’s been a 90 percent decrease in the number of CALS computers reported as having serious vulnerabilities.
That’s thanks to a multi-leveled partnership with staff representation at the department, college and campus level. The CALS Security Team, comprised of departmental IT staff and CALS IT, has worked with departments and Office of Campus Information Security (OCIS) on initiatives focused on three key areas: networking, server infrastructure, and workstation computing devices. CALS helped lay the groundwork for the campuswide security partnership.
These efforts have employed both network security services and centrally managed tools. In addition to increasing security and awareness, the projects have also brought more efficiency and cost savings.
More info: 11 simple security tips and tricks
Scanning for Weak Spots
The first security effort has focused on the network. CALS IT actively scans the public side of all CALS departmental and administrative networks at regular intervals. The scans show all ports and services of computers that are open to the world. It is important to identify weak spots because open ports and services could be an invitation to less-well-intentioned parties.
This can be tricky. Part of our higher education mission is to share information with the public. This means there are many good reasons for having some ports and services accessible through firewalls. But this openness also makes higher education a target. It’s essential to make sure that we are using appropriate security tools and keeping our software up to date on these outward-facing devices as we continue to provide these services.
When scans are completed, a report is sent to each department’s IT staff that details the ports and services that can be seen through the firewall. This report rates potential vulnerabilities as “critical”, “high”, “medium”, or “low” importance. “Critical” and “high” are reserved for potentially vulnerable services where an exploit is documented and available in the wild. Lower categories are aimed at informational and best practice recommendations.
Even though the number of computers on the CALS network has increased by nearly 10 percent from 2011-2013, our network security efforts have resulted in a 50-percent reduction in the number of computers with serious vulnerabilities—less than 2 percent of all networked devices.
Installing Security Software
While there are a number security software packages available, we’ve focused on two that offer the greatest return on investment: Symantec Endpoint Protection (SEP) and Tivoli Endpoint Management (TEM). You’re probably familiar with the free Symantec software. The current campus-run centralized version defends against both viruses and malware. Nearly all CALS departments have installed a version of Symantec AV on their unit’s workstations and servers, comprising more than 1500 computers. Departmental IT staff can update the software and scan computers remotely, and be notified automatically about a possible infected machine. This shortens response time and yields better service.
Tivoli Endpoint Management is an automated software patching tool purchased by CALS. It allows IT staff to update software remotely on workstations and servers running all recent operating systems as well as many 3rd party software programs. Once a unit’s devices have the TEM software installed, multiple settings, patches, updates and even whole software packages can be efficiently installed to hundreds of them simultaneously. Status reports can be gathered from a central console, so administrators can know which devices need updating without a need to visit every single device.
The CALS Security Team
The inaugural foray into centralized services for CALS departments began with forming a team tasked with improving the overall security of all IT infrastructure and services. This team of volunteers from the larger CALS IT Group ranks consists of long-term CALS technology staff and brings a breadth of experience and institutional knowledge from administrative and departmental backgrounds. With a passion for improving security, this team has proven to be essential in increasing awareness, rolling out services, forming CALS IT policy, and serving as a part of the decision-making process with the CALS IT Director.
A 90 percent drop in reported security incidents
When there is a suspected infection or other security incident that requires IT staff to look at a machine, OCIS will send a report to the local administrator. CALS IT has tracked these reports for the last several years. The correlation between deploying, maintaining, and using these two software packages, along with the security awareness campaign, is striking. We have seen a 90 percent decrease in the number of computers that are marked as having serious vulnerabilities, even as the number of computers within our networks continues to grow.
Jason Pursian
Information Security Officer
Assistant Director, Information Technology
jpursian@cals.wisc.edu