Message-Id: <199802181619.IAA11956@mailhost2.cac.washington.edu> From: "James W DeRoest" <deroest@cac.washington.edu> To: "AST Webpage" <astweb@u.washington.edu> Subject: UW Security Incident Task Force Meeting Date: Wed, 18 Feb 1998 08:19:21 -0800 In-Reply-To: <Pine.WNT.4.00.9802061003070.-249791@manta_cac>
-----Original Message----- From: Lori Stevens [mailto:lrs@cac.washington.edu] Sent: Monday, February 09, 1998 5:05 PM To: Sandy Moy; Terry Gray; Ed Lightfoot; Oren Sreebny; Jim DeRoest; Sid McHarg; Alisa Hata; Steve Corbato Subject: UW Security Incident Task Force Meeting
These notes are *really* late, however, I thought it would still be useful to send them out given the importance of the issue. These notes do not include the status of each action item. Feel free to forward.
Lori
****
The UW Security Incident Task Force meeting occurred on 12/15/97 Attendees: Dave D, Eliot L, Alisa H, Art D, Brad G, Steve W, Lori S
This meeting followed a major security incident at the ACC where several passwords, including many C&C staff passwords, were compromised. We discussed the following in our meeting:
- what we can do now to help prevent another major incident - tools that would have been helpful for tracking the extent of any damage - how to be better prepared for handling the next security incident
The pervasiveness of sniffers together with clear text passwords on our network is currently one of our biggest security problems. One of the goals of the security infrastructure project is to significantly reduce the number of clear text passwords on our network. One way we'll do this is by implementing Kerberos but this won't happen immediately. (We're also taking measures to reduce the number of logins required on our web pages, however once again, this will not happen immediately. Web security was not discussed in this meeting.)
A few factors for discussion:
- casually administered workstations - clear text passwords (sniffers availability) - inconsistent logging - account sharing - poor password-use behavior
Action Items:
- Eliot will develop a security incident web page--UW departments will have access to this information. - Dave D will give his security incident awareness talk to the client support folks. - Art (and Dave D) will work towards putting switches on the ACC subnet (there seem to be problems on this subnet). C&C labs should also be considered. We realize this is an expensive solution and therefore we're not sure what makes sense here. - Eliot will work on a C&C policy for user-managed workstations (e.g. that one has to keep security patches up to date). - Continue to move towards Kerberos and other technologies that help reduce the number of logins and don't put clear text passwords on the wire (SSH will continue to be used and may grow in use, where applicable)--Brad and others are working on this. - C&C systems security audit in order to identify systems with security issues (Dave and Eliot). - When there is a major security incident, we should notify cac-all and put out a notice with information and options on cac-tools (Dave and Eliot). - Steve W will put up wtmp daemons on NDC systems so all UA and NDC system logs get logged to the same system for tracking purposes. - Steve W will help ensure that there is a centralized collection of the wrapper logs for ndc-managed systems.