Technical Security Council (TSC)
Bi-Weekly Status Meeting
Meeting Date/Time: Tuesday, July 18, 2011 /1:30 PM Eastern Time
Present: Jessica Alson, Steve Maresca, Jeremy Pollack, Ed Swindelles, Jeff Farese, Mick DiGrazia, Andy Washington, Victor Schiavi, Connie Tomecko, Linda Baker, Nicholas Eshelman, Jon Loux, Michael Virone, Phil Dean, Jeff Pasiuk, Mike Oatley, Dan Nevelos
Absent: Mike Lang, Matt Smith, Jason Pufahl, Dan Capetta, Bruce Gerber, Rob Chudzik, Brett Paulson, Robert Sheahan, John Gwinnell, Jonathan Gill
Documenter: Catherine Rhodes
|1||Structure of this meeting||Mick||More structure coming to make this meeting more useful. We want to move from information sharing to using this meeting to accomplish specific goals.
Jason will discuss this more during the next meeting.
|More structure coming for this meeting.|
|2||TSC Agenda||Mick||Will have a rolling agenda so we know what will be discussed in upcoming meetings.||TSC will move to a rolling agenda format|
|3||Identity Finder||Mick||Mick provided a handout that described the findings of the Identity Finder sub-committee. This handout can be found on the Security website.
The members of the ID Finder sub-committee: Jonathan Gil, Steve Maresca, Ed Swindelles, Jon Loux, Mick DiGrazia
|Identity Finder sub-committee findings are in. Finding document is on Security website.|
|4||SafeConnect||Steve||Steve provided an update on the SafeConnect rollout.
25 subnets applied this week. 15 support calls received.
120 days has been set as the time to re-authenticate for faculty and students.
Users need a GuestID or NetID to use the system.
4,500 people have touched SafeConnect 65% have installed the Policy Key.
|SafeConnect rollout is in progress. 15 support calls reported on 25 subnets rolled out last week.|
|5||Compromise||Steve||UConn experienced a compromise a few weeks ago. A PHP Server upload script was modified to remove some of the authentication required to upload.
100 sites were impacted and repaired. Took 4 days to clean up mess.
Ultimate root cause was the configuration option enabled to allow attacker to install a back-door. This was disabled and touch files were cleaned.
PHP safe mode helps prevent attacks.
|Several legacy websites will be updated to secure them from the attack we experienced a few weeks ago.|
|6||Incident Response||Mick||Security Office has written an incident response document that describes the action to take for different security incidents.
Need to distribute this to this group. Mick will distribute to this group for feedback.
|Security Office has written an incident response document.|
|7||Top 3 Security Issues||ALL||Top 3 security issues in your departments.||TSC members will provide top 3 security issues they see at next meeting.|
|8||Next Meeting Agenda||Mick||Next meeting is 8/2. Agenda
||Next meeting is 8/2.|
|9||Other Topics||Steve||TSC would like Steve to provide a walkthrough of an attack on the system||Steve to provide a walkthrough of an attack on the system at a future meeting|
|10||Drop Box||Mick||8/1 is planned date to stop allowing uploading files to Drop Box||Drop Box will be sunsetted.|
Open Action Items:
|Action – 4||Jason Pufahl||Jason to send document on UConn Public to this group.||Open||6/29/2011|
|Action – 5||Jason Pufahl||Jason will ask the FBI to do a security presentation to this group.||Open||7/30/2011|
|Action – 7||Jason Pufahl||Jason will work on a presentation related to Privacy. What do we collect, why, and what we do with it?||Open||7/30/2011|
|Action – 8||Jason Pufahl||Jason will see if he can have someone provide a presentation of Sassafras to TSC.||Open||7/30/2011|
|Action – 9||Mick DiGrazia||Distribute incident response document to TSC||Open||7/20/2011|
|Action – 10||ALL||Review and come to next meeting with feedback on the incident response document.||Open||8/2/2011|
|Action – 11||Steve Maresca||Steve to provide a walkthrough of an attack on the system at a future meeting||Open||8/31/2011|
Closed Action Items:
|Action-1||All||Review Information Security Policies. Be prepared to discuss short-comings you recognize in your review.||Closed||4/21/2011
|Action-2||Jason||Send Outlook calendar invitation for future meetings||Closed||4/15/2011|
|Action-3||Jason||Change location of meeting invitation.||Closed||4/25/2011
|Action – 6||ALL||Please review the SafeConnect tools and provide feedback to Steve Maresca.||Closed||6/25/2011|