Hey guys,
Mark and I are presenting to the CIOs on Friday. I'll do an overview of the assessments over the past 2 years, what we've found, etc.
Just wanted to some input from all of you on a few things... I can guess what a lot of these will be:
From your point of view, what are the pervasively good, and pervasively bad things we've found across the institutions? (wifi evil twin, etc)
What could we be spending money or effort on as a system to help fix some of these issues (system-license of Duo, Cloudpath, etc)
I just want to be able to demonstrate things that the whole system does well or struggles with. I'll talk about the assessments moving forward, some of our new equipment, etc. Will also bring up the idea of increasing the time we have available to poke at stuff before we come on-site.
Anything else on your wish list for me to talk to the CIOs about?
Also, for those who were on the SUU assessment, if you can get me your report materials, that would be awesome.
Thanks, Andrew
On Mon, Jun 22, 2015 at 11:45 AM, Andrew Goble goble@dixie.edu wrote:
From your point of view, what are the pervasively good, and pervasively bad things we've found across the institutions? (wifi evil twin, etc)
What could we be spending money or effort on as a system to help fix some
of these issues (system-license of Duo, Cloudpath, etc
Things I think everyone is struggling to do or affording where USHE bulk purchasing may help.
IPS, IDS Logging Alerting, where logs do exist Detecting out of norm behaviours. Softwares like Rapid7 UserInsight. The Responder, broadcast stuff Jon has alerted us to and that we've massively exploited already and I can see is going to be trouble for everyone. This is a config and mentality change, not necessarily something to spend money on as a body.
Will also bring up the idea of increasing the time we have available to poke at stuff before we come on-site
I still like this idea, if we can devote any time to it, as APT is such an issue these days. It helps us give a sense of how an APT might play out, albeit on a shorter time period.
Also, this will come up Friday as well... scheduling:
First off, how does everyone feel about a 1.5 - 2 day team meeting in July somewhere centralish (UofU or UVU)? Be an opportunity to distribute new hardware and work on tools without the distraction of actually being on an assessment.
Second, I'd like to stick as best as possible to the order we established this last round:
FY 2016 Weber - Dixie - SLCC - Utah State
FY 2017 UofU - Snow - UVU - SUU
I'd like to see if we can get to Weber in early August, with mid-to-late September as a backup. That would put Dixie October / Novemberish (with the contingency of a new arrival in my family due in late November that might influence timing for me/Dixie.) Worst case scenario we'd be looking at Weber in the fall sometime and Dixie in January. I just want to avoid a situation where we go 5 or 6 months with no assessment. We get rusty and have to cram them into the Spring.
Thoughts?
Thanks, Andrew
On 06/22/2015 12:07 PM, Chuck Kimber wrote:
On Mon, Jun 22, 2015 at 11:45 AM, Andrew Goble <goble@dixie.edu mailto:goble@dixie.edu> wrote:
From your point of view, what are the pervasively good, and pervasively bad things we've found across the institutions? (wifi evil twin, etc) What could we be spending money or effort on as a system to help fix some of these issues (system-license of Duo, Cloudpath, etcThings I think everyone is struggling to do or affording where USHE bulk purchasing may help.
IPS, IDS Logging Alerting, where logs do exist Detecting out of norm behaviours. Softwares like Rapid7 UserInsight. The Responder, broadcast stuff Jon has alerted us to and that we've massively exploited already and I can see is going to be trouble for everyone. This is a config and mentality change, not necessarily something to spend money on as a body.
Will also bring up the idea of increasing the time we have available to poke at stuff before we come on-siteI still like this idea, if we can devote any time to it, as APT is such an issue these days. It helps us give a sense of how an APT might play out, albeit on a shorter time period.
Sounds good to me, on both suggestions
Thanks Jake
On 6/22/15, 4:57 PM, "Andrew Goble" goble@dixie.edu wrote:
Also, this will come up Friday as well... scheduling:
First off, how does everyone feel about a 1.5 - 2 day team meeting in July somewhere centralish (UofU or UVU)? Be an opportunity to distribute new hardware and work on tools without the distraction of actually being on an assessment.
Second, I'd like to stick as best as possible to the order we established this last round:
FY 2016 Weber - Dixie - SLCC - Utah State
FY 2017 UofU - Snow - UVU - SUU
I'd like to see if we can get to Weber in early August, with mid-to-late September as a backup. That would put Dixie October / Novemberish (with the contingency of a new arrival in my family due in late November that might influence timing for me/Dixie.) Worst case scenario we'd be looking at Weber in the fall sometime and Dixie in January. I just want to avoid a situation where we go 5 or 6 months with no assessment. We get rusty and have to cram them into the Spring.
Thoughts?
Thanks, Andrew
On 06/22/2015 12:07 PM, Chuck Kimber wrote:
On Mon, Jun 22, 2015 at 11:45 AM, Andrew Goble <goble@dixie.edu mailto:goble@dixie.edu> wrote:
From your point of view, what are the pervasively good, and pervasively bad things we've found across the institutions? (wifi evil twin, etc) What could we be spending money or effort on as a system to help fix some of these issues (system-license of Duo, Cloudpath, etcThings I think everyone is struggling to do or affording where USHE bulk purchasing may help.
IPS, IDS Logging Alerting, where logs do exist Detecting out of norm behaviours. Softwares like Rapid7 UserInsight. The Responder, broadcast stuff Jon has alerted us to and that we've massively exploited already and I can see is going to be trouble for everyone. This is a config and mentality change, not necessarily something to spend money on as a body.
Will also bring up the idea of increasing the time we have available to poke at stuff before we come on-siteI still like this idea, if we can devote any time to it, as APT is such an issue these days. It helps us give a sense of how an APT might play out, albeit on a shorter time period.
USHE-assess mailing list USHE-assess@lists.dixie.edu http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess
I second everything that's been said. Doing an assessment in August sounds great, and I'm up for a couple of tooling/prep days.
I like the idea of being able to do recon work prior to being on campus. If we are allowed to begin things like phishing and recon earlier it would be important to have a scope then as well.
The things we all seem to be weak at are detection of abuse of privileged accounts. We are not quiet on these assessments, but most of the time the scans are what get detected, not user accounts logging into hundreds of systems. Alerting on abnormal use of accounts would go a long way. It seems like PowerShell is the next frontier for attackers, and we've started to use it as well. Being able to detect abnormal PowerShell activity would also be a huge win.
Thanks,
Jon
-----Original Message----- From: ushe-assess-bounces@lists.dixie.edu [mailto:ushe-assess-bounces@lists.dixie.edu] On Behalf Of Jake Johansen Sent: Tuesday, June 23, 2015 9:06 AM To: Andrew Goble; Chuck Kimber; ushe-assess@lists.dixie.edu Subject: Re: [USHE-assess] CIO Presentation
Sounds good to me, on both suggestions
Thanks Jake
On 6/22/15, 4:57 PM, "Andrew Goble" goble@dixie.edu wrote:
Also, this will come up Friday as well... scheduling:
First off, how does everyone feel about a 1.5 - 2 day team meeting in July somewhere centralish (UofU or UVU)? Be an opportunity to distribute new hardware and work on tools without the distraction of actually being on an assessment.
Second, I'd like to stick as best as possible to the order we established this last round:
FY 2016 Weber - Dixie - SLCC - Utah State
FY 2017 UofU - Snow - UVU - SUU
I'd like to see if we can get to Weber in early August, with mid-to-late September as a backup. That would put Dixie October / Novemberish (with the contingency of a new arrival in my family due in late November that might influence timing for me/Dixie.) Worst case scenario we'd be looking at Weber in the fall sometime and Dixie in January. I just want to avoid a situation where we go 5 or 6 months with no assessment. We get rusty and have to cram them into the Spring.
Thoughts?
Thanks, Andrew
On 06/22/2015 12:07 PM, Chuck Kimber wrote:
On Mon, Jun 22, 2015 at 11:45 AM, Andrew Goble <goble@dixie.edu mailto:goble@dixie.edu> wrote:
From your point of view, what are the pervasively good, and pervasively bad things we've found across the institutions? (wifi evil twin, etc) What could we be spending money or effort on as a system to help fix some of these issues (system-license of Duo, Cloudpath, etcThings I think everyone is struggling to do or affording where USHE bulk purchasing may help.
IPS, IDS Logging Alerting, where logs do exist Detecting out of norm behaviours. Softwares like Rapid7 UserInsight. The Responder, broadcast stuff Jon has alerted us to and that we've massively exploited already and I can see is going to be trouble for everyone. This is a config and mentality change, not necessarily something to spend money on as a body.
Will also bring up the idea of increasing the time we have available to poke at stuff before we come on-siteI still like this idea, if we can devote any time to it, as APT is such an issue these days. It helps us give a sense of how an APT might play out, albeit on a shorter time period.
USHE-assess mailing list USHE-assess@lists.dixie.edu http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess
_______________________________________________ USHE-assess mailing list USHE-assess@lists.dixie.edu http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess
One last favor, I've dropped a couple of files on the dump under the CIO- June2015 folder, these will be used during the presentation to the CIOs on Friday. If you have a moment, please take a look and fact and sanity check me.
Thanks, Andrew
On 06/23/2015 09:23 AM, Jon Barclay wrote:
I second everything that's been said. Doing an assessment in August sounds great, and I'm up for a couple of tooling/prep days.
I like the idea of being able to do recon work prior to being on campus. If we are allowed to begin things like phishing and recon earlier it would be important to have a scope then as well.
The things we all seem to be weak at are detection of abuse of privileged accounts. We are not quiet on these assessments, but most of the time the scans are what get detected, not user accounts logging into hundreds of systems. Alerting on abnormal use of accounts would go a long way. It seems like PowerShell is the next frontier for attackers, and we've started to use it as well. Being able to detect abnormal PowerShell activity would also be a huge win.
Thanks,
Jon
-----Original Message----- From: ushe-assess-bounces@lists.dixie.edu [mailto:ushe-assess-bounces@lists.dixie.edu] On Behalf Of Jake Johansen Sent: Tuesday, June 23, 2015 9:06 AM To: Andrew Goble; Chuck Kimber; ushe-assess@lists.dixie.edu Subject: Re: [USHE-assess] CIO Presentation
Sounds good to me, on both suggestions
Thanks Jake
On 6/22/15, 4:57 PM, "Andrew Goble" goble@dixie.edu wrote:
Also, this will come up Friday as well... scheduling:
First off, how does everyone feel about a 1.5 - 2 day team meeting in July somewhere centralish (UofU or UVU)? Be an opportunity to distribute new hardware and work on tools without the distraction of actually being on an assessment.
Second, I'd like to stick as best as possible to the order we established this last round:
FY 2016 Weber - Dixie - SLCC - Utah State
FY 2017 UofU - Snow - UVU - SUU
I'd like to see if we can get to Weber in early August, with mid-to-late September as a backup. That would put Dixie October / Novemberish (with the contingency of a new arrival in my family due in late November that might influence timing for me/Dixie.) Worst case scenario we'd be looking at Weber in the fall sometime and Dixie in January. I just want to avoid a situation where we go 5 or 6 months with no assessment. We get rusty and have to cram them into the Spring.
Thoughts?
Thanks, Andrew
On 06/22/2015 12:07 PM, Chuck Kimber wrote:
On Mon, Jun 22, 2015 at 11:45 AM, Andrew Goble <goble@dixie.edu mailto:goble@dixie.edu> wrote:
From your point of view, what are the pervasively good, and pervasively bad things we've found across the institutions? (wifi evil twin, etc) What could we be spending money or effort on as a system to help fix some of these issues (system-license of Duo, Cloudpath, etcThings I think everyone is struggling to do or affording where USHE bulk purchasing may help.
IPS, IDS Logging Alerting, where logs do exist Detecting out of norm behaviours. Softwares like Rapid7 UserInsight. The Responder, broadcast stuff Jon has alerted us to and that we've massively exploited already and I can see is going to be trouble for everyone. This is a config and mentality change, not necessarily something to spend money on as a body.
Will also bring up the idea of increasing the time we have available to poke at stuff before we come on-siteI still like this idea, if we can devote any time to it, as APT is such an issue these days. It helps us give a sense of how an APT might play out, albeit on a shorter time period.
USHE-assess mailing list USHE-assess@lists.dixie.edu http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess
USHE-assess mailing list USHE-assess@lists.dixie.edu http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess _______________________________________________ USHE-assess mailing list USHE-assess@lists.dixie.edu http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess
Looks good. You've done a lot of work. My only comment would be your bullet under "The Good" which talks about IDS/IPS at the institutions. SUU is completely lacking a formal IDS/IPS solution. We did have some other controls/tools that helped detect some of the team's activity when they were here. But I'm afraid your bullet might give a false sense of capabilities, at least for SUU. So if you're talking about general detection capabilities, then I wouldn't use the IDS/IPS acronym, as that implies (at least to me) a formal IDS/IPS solution.
Mark
On Tue, Jun 23, 2015 at 4:06 PM, Andrew Goble goble@dixie.edu wrote:
One last favor, I've dropped a couple of files on the dump under the CIO- June2015 folder, these will be used during the presentation to the CIOs on Friday. If you have a moment, please take a look and fact and sanity check me.
Thanks, Andrew
On 06/23/2015 09:23 AM, Jon Barclay wrote:
I second everything that's been said. Doing an assessment in August sounds great, and I'm up for a couple of tooling/prep days.
I like the idea of being able to do recon work prior to being on campus. If we are allowed to begin things like phishing and recon earlier it would be important to have a scope then as well.
The things we all seem to be weak at are detection of abuse of privileged accounts. We are not quiet on these assessments, but most of the time the scans are what get detected, not user accounts logging into hundreds of systems. Alerting on abnormal use of accounts would go a long way. It seems like PowerShell is the next frontier for attackers, and we've started to use it as well. Being able to detect abnormal PowerShell activity would also be a huge win.
Thanks,
Jon
-----Original Message----- From: ushe-assess-bounces@lists.dixie.edu [mailto: ushe-assess-bounces@lists.dixie.edu] On Behalf Of Jake Johansen Sent: Tuesday, June 23, 2015 9:06 AM To: Andrew Goble; Chuck Kimber; ushe-assess@lists.dixie.edu Subject: Re: [USHE-assess] CIO Presentation
Sounds good to me, on both suggestions
Thanks Jake
On 6/22/15, 4:57 PM, "Andrew Goble" goble@dixie.edu wrote:
Also, this will come up Friday as well... scheduling:
First off, how does everyone feel about a 1.5 - 2 day team meeting in July somewhere centralish (UofU or UVU)? Be an opportunity to distribute new hardware and work on tools without the distraction of actually being on an assessment.
Second, I'd like to stick as best as possible to the order we established this last round:
FY 2016 Weber - Dixie - SLCC - Utah State
FY 2017 UofU - Snow - UVU - SUU
I'd like to see if we can get to Weber in early August, with mid-to-late September as a backup. That would put Dixie October / Novemberish (with the contingency of a new arrival in my family due in late November that might influence timing for me/Dixie.) Worst case scenario we'd be looking at Weber in the fall sometime and Dixie in January. I just want to avoid a situation where we go 5 or 6 months with no assessment. We get rusty and have to cram them into the Spring.
Thoughts?
Thanks, Andrew
On 06/22/2015 12:07 PM, Chuck Kimber wrote:
On Mon, Jun 22, 2015 at 11:45 AM, Andrew Goble <goble@dixie.edu mailto:goble@dixie.edu> wrote:
From your point of view, what are the pervasively good, and pervasively bad things we've found across the institutions? (wifi evil twin, etc) What could we be spending money or effort on as a system to helpfix some of these issues (system-license of Duo, Cloudpath, etc
Things I think everyone is struggling to do or affording where USHE bulk purchasing may help.
IPS, IDS Logging Alerting, where logs do exist Detecting out of norm behaviours. Softwares like Rapid7 UserInsight. The Responder, broadcast stuff Jon has alerted us to and that we've massively exploited already and I can see is going to be trouble for everyone. This is a config and mentality change, not necessarily something to spend money on as a body.
Will also bring up the idea of increasing the time we haveavailable to poke at stuff before we come on-site
I still like this idea, if we can devote any time to it, as APT is such an issue these days. It helps us give a sense of how an APT might play out, albeit on a shorter time period.
USHE-assess mailing list USHE-assess@lists.dixie.edu http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess
USHE-assess mailing list USHE-assess@lists.dixie.edu http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess _______________________________________________ USHE-assess mailing list USHE-assess@lists.dixie.edu http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess
USHE-assess mailing list USHE-assess@lists.dixie.edu http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess
Think I'll change the sentence to read something like "IDS/IPS or other event detection capabilities are installed across most..." to cover that.
On 06/24/2015 11:35 AM, Mark Walton wrote:
Looks good. You've done a lot of work. My only comment would be your bullet under "The Good" which talks about IDS/IPS at the institutions. SUU is completely lacking a formal IDS/IPS solution. We did have some other controls/tools that helped detect some of the team's activity when they were here. But I'm afraid your bullet might give a false sense of capabilities, at least for SUU. So if you're talking about general detection capabilities, then I wouldn't use the IDS/IPS acronym, as that implies (at least to me) a formal IDS/IPS solution.
Mark
On Tue, Jun 23, 2015 at 4:06 PM, Andrew Goble <goble@dixie.edu mailto:goble@dixie.edu> wrote:
One last favor, I've dropped a couple of files on the dump under the CIO- June2015 folder, these will be used during the presentation to the CIOs on Friday. If you have a moment, please take a look and fact and sanity check me. Thanks, Andrew On 06/23/2015 09:23 AM, Jon Barclay wrote: I second everything that's been said. Doing an assessment in August sounds great, and I'm up for a couple of tooling/prep days. I like the idea of being able to do recon work prior to being on campus. If we are allowed to begin things like phishing and recon earlier it would be important to have a scope then as well. The things we all seem to be weak at are detection of abuse of privileged accounts. We are not quiet on these assessments, but most of the time the scans are what get detected, not user accounts logging into hundreds of systems. Alerting on abnormal use of accounts would go a long way. It seems like PowerShell is the next frontier for attackers, and we've started to use it as well. Being able to detect abnormal PowerShell activity would also be a huge win. Thanks, Jon -----Original Message----- From: ushe-assess-bounces@lists.dixie.edu <mailto:ushe-assess-bounces@lists.dixie.edu> [mailto:ushe-assess-bounces@lists.dixie.edu <mailto:ushe-assess-bounces@lists.dixie.edu>] On Behalf Of Jake Johansen Sent: Tuesday, June 23, 2015 9:06 AM To: Andrew Goble; Chuck Kimber; ushe-assess@lists.dixie.edu <mailto:ushe-assess@lists.dixie.edu> Subject: Re: [USHE-assess] CIO Presentation Sounds good to me, on both suggestions Thanks Jake On 6/22/15, 4:57 PM, "Andrew Goble" <goble@dixie.edu <mailto:goble@dixie.edu>> wrote: Also, this will come up Friday as well... scheduling: First off, how does everyone feel about a 1.5 - 2 day team meeting in July somewhere centralish (UofU or UVU)? Be an opportunity to distribute new hardware and work on tools without the distraction of actually being on an assessment. Second, I'd like to stick as best as possible to the order we established this last round: FY 2016 Weber - Dixie - SLCC - Utah State FY 2017 UofU - Snow - UVU - SUU I'd like to see if we can get to Weber in early August, with mid-to-late September as a backup. That would put Dixie October / Novemberish (with the contingency of a new arrival in my family due in late November that might influence timing for me/Dixie.) Worst case scenario we'd be looking at Weber in the fall sometime and Dixie in January. I just want to avoid a situation where we go 5 or 6 months with no assessment. We get rusty and have to cram them into the Spring. Thoughts? Thanks, Andrew On 06/22/2015 12:07 PM, Chuck Kimber wrote: On Mon, Jun 22, 2015 at 11:45 AM, Andrew Goble <goble@dixie.edu <mailto:goble@dixie.edu> <mailto:goble@dixie.edu <mailto:goble@dixie.edu>>> wrote: From your point of view, what are the pervasively good, and pervasively bad things we've found across the institutions? (wifi evil twin, etc) What could we be spending money or effort on as a system to help fix some of these issues (system-license of Duo, Cloudpath, etc Things I think everyone is struggling to do or affording where USHE bulk purchasing may help. IPS, IDS Logging Alerting, where logs do exist Detecting out of norm behaviours. Softwares like Rapid7 UserInsight. The Responder, broadcast stuff Jon has alerted us to and that we've massively exploited already and I can see is going to be trouble for everyone. This is a config and mentality change, not necessarily something to spend money on as a body. Will also bring up the idea of increasing the time we have available to poke at stuff before we come on-site I still like this idea, if we can devote any time to it, as APT is such an issue these days. It helps us give a sense of how an APT might play out, albeit on a shorter time period. _______________________________________________ USHE-assess mailing list USHE-assess@lists.dixie.edu <mailto:USHE-assess@lists.dixie.edu> http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess _______________________________________________ USHE-assess mailing list USHE-assess@lists.dixie.edu <mailto:USHE-assess@lists.dixie.edu> http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess _______________________________________________ USHE-assess mailing list USHE-assess@lists.dixie.edu <mailto:USHE-assess@lists.dixie.edu> http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess _______________________________________________ USHE-assess mailing list USHE-assess@lists.dixie.edu <mailto:USHE-assess@lists.dixie.edu> http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess
One other thing. The scoring for SUU for the SANS controls shows Pending for the three I had evaluated. Is there any way to at least get the scores from everybody so that could be complete?
Mark
On Tue, Jun 23, 2015 at 4:06 PM, Andrew Goble goble@dixie.edu wrote:
One last favor, I've dropped a couple of files on the dump under the CIO- June2015 folder, these will be used during the presentation to the CIOs on Friday. If you have a moment, please take a look and fact and sanity check me.
Thanks, Andrew
On 06/23/2015 09:23 AM, Jon Barclay wrote:
I second everything that's been said. Doing an assessment in August sounds great, and I'm up for a couple of tooling/prep days.
I like the idea of being able to do recon work prior to being on campus. If we are allowed to begin things like phishing and recon earlier it would be important to have a scope then as well.
The things we all seem to be weak at are detection of abuse of privileged accounts. We are not quiet on these assessments, but most of the time the scans are what get detected, not user accounts logging into hundreds of systems. Alerting on abnormal use of accounts would go a long way. It seems like PowerShell is the next frontier for attackers, and we've started to use it as well. Being able to detect abnormal PowerShell activity would also be a huge win.
Thanks,
Jon
-----Original Message----- From: ushe-assess-bounces@lists.dixie.edu [mailto: ushe-assess-bounces@lists.dixie.edu] On Behalf Of Jake Johansen Sent: Tuesday, June 23, 2015 9:06 AM To: Andrew Goble; Chuck Kimber; ushe-assess@lists.dixie.edu Subject: Re: [USHE-assess] CIO Presentation
Sounds good to me, on both suggestions
Thanks Jake
On 6/22/15, 4:57 PM, "Andrew Goble" goble@dixie.edu wrote:
Also, this will come up Friday as well... scheduling:
First off, how does everyone feel about a 1.5 - 2 day team meeting in July somewhere centralish (UofU or UVU)? Be an opportunity to distribute new hardware and work on tools without the distraction of actually being on an assessment.
Second, I'd like to stick as best as possible to the order we established this last round:
FY 2016 Weber - Dixie - SLCC - Utah State
FY 2017 UofU - Snow - UVU - SUU
I'd like to see if we can get to Weber in early August, with mid-to-late September as a backup. That would put Dixie October / Novemberish (with the contingency of a new arrival in my family due in late November that might influence timing for me/Dixie.) Worst case scenario we'd be looking at Weber in the fall sometime and Dixie in January. I just want to avoid a situation where we go 5 or 6 months with no assessment. We get rusty and have to cram them into the Spring.
Thoughts?
Thanks, Andrew
On 06/22/2015 12:07 PM, Chuck Kimber wrote:
On Mon, Jun 22, 2015 at 11:45 AM, Andrew Goble <goble@dixie.edu mailto:goble@dixie.edu> wrote:
From your point of view, what are the pervasively good, and pervasively bad things we've found across the institutions? (wifi evil twin, etc) What could we be spending money or effort on as a system to helpfix some of these issues (system-license of Duo, Cloudpath, etc
Things I think everyone is struggling to do or affording where USHE bulk purchasing may help.
IPS, IDS Logging Alerting, where logs do exist Detecting out of norm behaviours. Softwares like Rapid7 UserInsight. The Responder, broadcast stuff Jon has alerted us to and that we've massively exploited already and I can see is going to be trouble for everyone. This is a config and mentality change, not necessarily something to spend money on as a body.
Will also bring up the idea of increasing the time we haveavailable to poke at stuff before we come on-site
I still like this idea, if we can devote any time to it, as APT is such an issue these days. It helps us give a sense of how an APT might play out, albeit on a shorter time period.
USHE-assess mailing list USHE-assess@lists.dixie.edu http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess
USHE-assess mailing list USHE-assess@lists.dixie.edu http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess _______________________________________________ USHE-assess mailing list USHE-assess@lists.dixie.edu http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess
USHE-assess mailing list USHE-assess@lists.dixie.edu http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess
I don't have any scores back for SUU from the team, and even if I did, I still wouldn't have the report ready for you and Thom to look at first so I didn't want to put scores in and blindside you.
On 06/24/2015 11:38 AM, Mark Walton wrote:
One other thing. The scoring for SUU for the SANS controls shows Pending for the three I had evaluated. Is there any way to at least get the scores from everybody so that could be complete?
Mark
On Tue, Jun 23, 2015 at 4:06 PM, Andrew Goble <goble@dixie.edu mailto:goble@dixie.edu> wrote:
One last favor, I've dropped a couple of files on the dump under the CIO- June2015 folder, these will be used during the presentation to the CIOs on Friday. If you have a moment, please take a look and fact and sanity check me. Thanks, Andrew On 06/23/2015 09:23 AM, Jon Barclay wrote: I second everything that's been said. Doing an assessment in August sounds great, and I'm up for a couple of tooling/prep days. I like the idea of being able to do recon work prior to being on campus. If we are allowed to begin things like phishing and recon earlier it would be important to have a scope then as well. The things we all seem to be weak at are detection of abuse of privileged accounts. We are not quiet on these assessments, but most of the time the scans are what get detected, not user accounts logging into hundreds of systems. Alerting on abnormal use of accounts would go a long way. It seems like PowerShell is the next frontier for attackers, and we've started to use it as well. Being able to detect abnormal PowerShell activity would also be a huge win. Thanks, Jon -----Original Message----- From: ushe-assess-bounces@lists.dixie.edu <mailto:ushe-assess-bounces@lists.dixie.edu> [mailto:ushe-assess-bounces@lists.dixie.edu <mailto:ushe-assess-bounces@lists.dixie.edu>] On Behalf Of Jake Johansen Sent: Tuesday, June 23, 2015 9:06 AM To: Andrew Goble; Chuck Kimber; ushe-assess@lists.dixie.edu <mailto:ushe-assess@lists.dixie.edu> Subject: Re: [USHE-assess] CIO Presentation Sounds good to me, on both suggestions Thanks Jake On 6/22/15, 4:57 PM, "Andrew Goble" <goble@dixie.edu <mailto:goble@dixie.edu>> wrote: Also, this will come up Friday as well... scheduling: First off, how does everyone feel about a 1.5 - 2 day team meeting in July somewhere centralish (UofU or UVU)? Be an opportunity to distribute new hardware and work on tools without the distraction of actually being on an assessment. Second, I'd like to stick as best as possible to the order we established this last round: FY 2016 Weber - Dixie - SLCC - Utah State FY 2017 UofU - Snow - UVU - SUU I'd like to see if we can get to Weber in early August, with mid-to-late September as a backup. That would put Dixie October / Novemberish (with the contingency of a new arrival in my family due in late November that might influence timing for me/Dixie.) Worst case scenario we'd be looking at Weber in the fall sometime and Dixie in January. I just want to avoid a situation where we go 5 or 6 months with no assessment. We get rusty and have to cram them into the Spring. Thoughts? Thanks, Andrew On 06/22/2015 12:07 PM, Chuck Kimber wrote: On Mon, Jun 22, 2015 at 11:45 AM, Andrew Goble <goble@dixie.edu <mailto:goble@dixie.edu> <mailto:goble@dixie.edu <mailto:goble@dixie.edu>>> wrote: From your point of view, what are the pervasively good, and pervasively bad things we've found across the institutions? (wifi evil twin, etc) What could we be spending money or effort on as a system to help fix some of these issues (system-license of Duo, Cloudpath, etc Things I think everyone is struggling to do or affording where USHE bulk purchasing may help. IPS, IDS Logging Alerting, where logs do exist Detecting out of norm behaviours. Softwares like Rapid7 UserInsight. The Responder, broadcast stuff Jon has alerted us to and that we've massively exploited already and I can see is going to be trouble for everyone. This is a config and mentality change, not necessarily something to spend money on as a body. Will also bring up the idea of increasing the time we have available to poke at stuff before we come on-site I still like this idea, if we can devote any time to it, as APT is such an issue these days. It helps us give a sense of how an APT might play out, albeit on a shorter time period. _______________________________________________ USHE-assess mailing list USHE-assess@lists.dixie.edu <mailto:USHE-assess@lists.dixie.edu> http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess _______________________________________________ USHE-assess mailing list USHE-assess@lists.dixie.edu <mailto:USHE-assess@lists.dixie.edu> http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess _______________________________________________ USHE-assess mailing list USHE-assess@lists.dixie.edu <mailto:USHE-assess@lists.dixie.edu> http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess _______________________________________________ USHE-assess mailing list USHE-assess@lists.dixie.edu <mailto:USHE-assess@lists.dixie.edu> http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess
I'm just looking for the scores so the report to the CIOs was fairly complete. I know the SUU report won't be available for years to come. And honestly, I'm not too worried about the scores. At the worst, they stay the same, at the best, we slightly improve. I don't think it will be a blindside either way for us. So I just thought it would be fairly easy for the three people to give a score without worrying about the justifications or the write-ups. But I'm good with either way.
Mark
On Wed, Jun 24, 2015 at 11:45 AM, Andrew Goble goble@dixie.edu wrote:
I don't have any scores back for SUU from the team, and even if I did, I still wouldn't have the report ready for you and Thom to look at first so I didn't want to put scores in and blindside you.
On 06/24/2015 11:38 AM, Mark Walton wrote:
One other thing. The scoring for SUU for the SANS controls shows Pending for the three I had evaluated. Is there any way to at least get the scores from everybody so that could be complete?
Mark
On Tue, Jun 23, 2015 at 4:06 PM, Andrew Goble <goble@dixie.edu mailto:goble@dixie.edu> wrote:
One last favor, I've dropped a couple of files on the dump under the CIO- June2015 folder, these will be used during the presentation to the CIOs on Friday. If you have a moment, please take a look and fact and sanity check me. Thanks, Andrew On 06/23/2015 09:23 AM, Jon Barclay wrote: I second everything that's been said. Doing an assessment in August sounds great, and I'm up for a couple of tooling/prep days. I like the idea of being able to do recon work prior to being on campus. If we are allowed to begin things like phishing and recon earlier it would be important to have a scope then as well. The things we all seem to be weak at are detection of abuse of privileged accounts. We are not quiet on these assessments, but most of the time the scans are what get detected, not user accounts logging into hundreds of systems. Alerting on abnormal use of accounts would go a long way. It seems like PowerShell is the next frontier for attackers, and we've started to use it as well. Being able to detect abnormal PowerShell activity would also be a huge win. Thanks, Jon -----Original Message----- From: ushe-assess-bounces@lists.dixie.edu <mailto:ushe-assess-bounces@lists.dixie.edu> [mailto:ushe-assess-bounces@lists.dixie.edu <mailto:ushe-assess-bounces@lists.dixie.edu>] On Behalf Of Jake Johansen Sent: Tuesday, June 23, 2015 9:06 AM To: Andrew Goble; Chuck Kimber; ushe-assess@lists.dixie.edu <mailto:ushe-assess@lists.dixie.edu> Subject: Re: [USHE-assess] CIO Presentation Sounds good to me, on both suggestions Thanks Jake On 6/22/15, 4:57 PM, "Andrew Goble" <goble@dixie.edu <mailto:goble@dixie.edu>> wrote: Also, this will come up Friday as well... scheduling: First off, how does everyone feel about a 1.5 - 2 day team meeting in July somewhere centralish (UofU or UVU)? Be an opportunity to distribute new hardware and work on tools without the distraction of actually being on an assessment. Second, I'd like to stick as best as possible to the order we established this last round: FY 2016 Weber - Dixie - SLCC - Utah State FY 2017 UofU - Snow - UVU - SUU I'd like to see if we can get to Weber in early August, with mid-to-late September as a backup. That would put Dixie October / Novemberish (with the contingency of a new arrival in my family due in late November that might influence timing for me/Dixie.) Worst case scenario we'd be looking at Weber in the fall sometime and Dixie in January. I just want to avoid a situation where we go 5 or 6 months with no assessment. We get rusty and have to cram them into the Spring. Thoughts? Thanks, Andrew On 06/22/2015 12:07 PM, Chuck Kimber wrote: On Mon, Jun 22, 2015 at 11:45 AM, Andrew Goble <goble@dixie.edu <mailto:goble@dixie.edu> <mailto:goble@dixie.edu <mailto:goble@dixie.edu>>> wrote: From your point of view, what are the pervasively good, and pervasively bad things we've found across the institutions? (wifi evil twin, etc) What could we be spending money or effort on as a system to help fix some of these issues (system-license of Duo, Cloudpath, etc Things I think everyone is struggling to do or affording where USHE bulk purchasing may help. IPS, IDS Logging Alerting, where logs do exist Detecting out of norm behaviours. Softwares like Rapid7 UserInsight. The Responder, broadcast stuff Jon has alerted us to and that we've massively exploited already and I can see is going to be trouble for everyone. This is a config and mentality change, not necessarily something to spend money on as a body. Will also bring up the idea of increasing the time we have available to poke at stuff before we come on-site I still like this idea, if we can devote any time to it, as APT is such an issue these days. It helps us give a sense of how an APT might play out, albeit on a shorter time period. _______________________________________________ USHE-assess mailing list USHE-assess@lists.dixie.edu <mailto:USHE-assess@lists.dixie.edu> http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess
_______________________________________________ USHE-assess mailing list USHE-assess@lists.dixie.edu <mailto:USHE-assess@lists.dixie.edu> http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess _______________________________________________ USHE-assess mailing list USHE-assess@lists.dixie.edu <mailto:USHE-assess@lists.dixie.edu> http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess _______________________________________________ USHE-assess mailing list USHE-assess@lists.dixie.edu <mailto:USHE-assess@lists.dixie.edu> http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess
I like what you have in the document Andrew.
One thing we might add is the benefit of cross pollination that has happened between the schools because of the team structure. After an assessment team members are able to bring back ideas of best practices to their school, and weaknesses observed at the other school can be checked and hopefully corrected before the 2 year cycle rolls around again. We have all learned new tools and techniques from each other and put into practice things we have seen done exceptionally well at the other schools.
Jon
From: ushe-assess-bounces@lists.dixie.edu [mailto:ushe-assess-bounces@lists.dixie.edu] On Behalf Of Mark Walton Sent: Wednesday, June 24, 2015 1:12 PM To: Andrew Goble Cc: USHE-assess@lists.dixie.edu Subject: Re: [USHE-assess] CIO Presentation
I'm just looking for the scores so the report to the CIOs was fairly complete. I know the SUU report won't be available for years to come. And honestly, I'm not too worried about the scores. At the worst, they stay the same, at the best, we slightly improve. I don't think it will be a blindside either way for us. So I just thought it would be fairly easy for the three people to give a score without worrying about the justifications or the write-ups. But I'm good with either way.
Mark
On Wed, Jun 24, 2015 at 11:45 AM, Andrew Goble <goble@dixie.edumailto:goble@dixie.edu> wrote: I don't have any scores back for SUU from the team, and even if I did, I still wouldn't have the report ready for you and Thom to look at first so I didn't want to put scores in and blindside you.
On 06/24/2015 11:38 AM, Mark Walton wrote: One other thing. The scoring for SUU for the SANS controls shows Pending for the three I had evaluated. Is there any way to at least get the scores from everybody so that could be complete?
Mark
On Tue, Jun 23, 2015 at 4:06 PM, Andrew Goble <goble@dixie.edumailto:goble@dixie.edu <mailto:goble@dixie.edumailto:goble@dixie.edu>> wrote:
One last favor, I've dropped a couple of files on the dump under the CIO- June2015 folder, these will be used during the presentation to the CIOs on Friday. If you have a moment, please take a look and fact and sanity check me.
Thanks, Andrew
On 06/23/2015 09:23 AM, Jon Barclay wrote:
I second everything that's been said. Doing an assessment in August sounds great, and I'm up for a couple of tooling/prep days.
I like the idea of being able to do recon work prior to being on campus. If we are allowed to begin things like phishing and recon earlier it would be important to have a scope then as well.
The things we all seem to be weak at are detection of abuse of privileged accounts. We are not quiet on these assessments, but most of the time the scans are what get detected, not user accounts logging into hundreds of systems. Alerting on abnormal use of accounts would go a long way. It seems like PowerShell is the next frontier for attackers, and we've started to use it as well. Being able to detect abnormal PowerShell activity would also be a huge win.
Thanks,
Jon
-----Original Message----- From: ushe-assess-bounces@lists.dixie.edumailto:ushe-assess-bounces@lists.dixie.edu <mailto:ushe-assess-bounces@lists.dixie.edumailto:ushe-assess-bounces@lists.dixie.edu> [mailto:ushe-assess-bounces@lists.dixie.edumailto:ushe-assess-bounces@lists.dixie.edu <mailto:ushe-assess-bounces@lists.dixie.edumailto:ushe-assess-bounces@lists.dixie.edu>] On Behalf Of Jake Johansen Sent: Tuesday, June 23, 2015 9:06 AM To: Andrew Goble; Chuck Kimber; ushe-assess@lists.dixie.edumailto:ushe-assess@lists.dixie.edu <mailto:ushe-assess@lists.dixie.edumailto:ushe-assess@lists.dixie.edu> Subject: Re: [USHE-assess] CIO Presentation
Sounds good to me, on both suggestions
Thanks Jake
On 6/22/15, 4:57 PM, "Andrew Goble" <goble@dixie.edumailto:goble@dixie.edu <mailto:goble@dixie.edumailto:goble@dixie.edu>> wrote:
Also, this will come up Friday as well... scheduling:
First off, how does everyone feel about a 1.5 - 2 day team meeting in July somewhere centralish (UofU or UVU)? Be an opportunity to distribute new hardware and work on tools without the distraction of actually being on an assessment.
Second, I'd like to stick as best as possible to the order we established this last round:
FY 2016 Weber - Dixie - SLCC - Utah State
FY 2017 UofU - Snow - UVU - SUU
I'd like to see if we can get to Weber in early August, with mid-to-late September as a backup. That would put Dixie October / Novemberish (with the contingency of a new arrival in my family due in late November that might influence timing for me/Dixie.) Worst case scenario we'd be looking at Weber in the fall sometime and Dixie in January. I just want to avoid a situation where we go 5 or 6 months with no assessment. We get rusty and have to cram them into the Spring.
Thoughts?
Thanks, Andrew
On 06/22/2015 12:07 PM, Chuck Kimber wrote:
On Mon, Jun 22, 2015 at 11:45 AM, Andrew Goble <goble@dixie.edumailto:goble@dixie.edu <mailto:goble@dixie.edumailto:goble@dixie.edu> <mailto:goble@dixie.edumailto:goble@dixie.edu <mailto:goble@dixie.edumailto:goble@dixie.edu>>> wrote:
From your point of view, what are the pervasively good, and pervasively bad things we've found across the institutions? (wifi evil twin, etc)
What could we be spending money or effort on as a system to help fix some of these issues (system-license of Duo, Cloudpath, etc
Things I think everyone is struggling to do or affording where USHE bulk purchasing may help.
IPS, IDS Logging Alerting, where logs do exist Detecting out of norm behaviours. Softwares like Rapid7 UserInsight. The Responder, broadcast stuff Jon has alerted us to and that we've massively exploited already and I can see is going to be trouble for everyone. This is a config and mentality change, not necessarily something to spend money on as a body.
Will also bring up the idea of increasing the time we have available to poke at stuff before we come on-site
I still like this idea, if we can devote any time to it, as APT is such an issue these days. It helps us give a sense of how an APT might play out, albeit on a shorter time period.
_______________________________________________ USHE-assess mailing list USHE-assess@lists.dixie.edumailto:USHE-assess@lists.dixie.edu <mailto:USHE-assess@lists.dixie.edumailto:USHE-assess@lists.dixie.edu> http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess
_______________________________________________ USHE-assess mailing list USHE-assess@lists.dixie.edumailto:USHE-assess@lists.dixie.edu <mailto:USHE-assess@lists.dixie.edumailto:USHE-assess@lists.dixie.edu> http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess _______________________________________________ USHE-assess mailing list USHE-assess@lists.dixie.edumailto:USHE-assess@lists.dixie.edu <mailto:USHE-assess@lists.dixie.edumailto:USHE-assess@lists.dixie.edu> http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess
_______________________________________________ USHE-assess mailing list USHE-assess@lists.dixie.edumailto:USHE-assess@lists.dixie.edu <mailto:USHE-assess@lists.dixie.edumailto:USHE-assess@lists.dixie.edu> http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess
I added a section on this...
On 06/24/2015 04:59 PM, Jon Barclay wrote:
I like what you have in the document Andrew.
One thing we might add is the benefit of cross pollination that has happened between the schools because of the team structure. After an assessment team members are able to bring back ideas of best practices to their school, and weaknesses observed at the other school can be checked and hopefully corrected before the 2 year cycle rolls around again. We have all learned new tools and techniques from each other and put into practice things we have seen done exceptionally well at the other schools.
Jon
*From:*ushe-assess-bounces@lists.dixie.edu [mailto:ushe-assess-bounces@lists.dixie.edu] *On Behalf Of *Mark Walton *Sent:* Wednesday, June 24, 2015 1:12 PM *To:* Andrew Goble *Cc:* USHE-assess@lists.dixie.edu *Subject:* Re: [USHE-assess] CIO Presentation
I'm just looking for the scores so the report to the CIOs was fairly complete. I know the SUU report won't be available for years to come. And honestly, I'm not too worried about the scores. At the worst, they stay the same, at the best, we slightly improve. I don't think it will be a blindside either way for us. So I just thought it would be fairly easy for the three people to give a score without worrying about the justifications or the write-ups. But I'm good with either way.
Mark
On Wed, Jun 24, 2015 at 11:45 AM, Andrew Goble <goble@dixie.edu mailto:goble@dixie.edu> wrote:
I don't have any scores back for SUU from the team, and even if I did, I still wouldn't have the report ready for you and Thom to look at first so I didn't want to put scores in and blindside you. On 06/24/2015 11:38 AM, Mark Walton wrote: One other thing. The scoring for SUU for the SANS controls shows Pending for the three I had evaluated. Is there any way to at least get the scores from everybody so that could be complete? Mark On Tue, Jun 23, 2015 at 4:06 PM, Andrew Goble <goble@dixie.edu <mailto:goble@dixie.edu> <mailto:goble@dixie.edu <mailto:goble@dixie.edu>>> wrote: One last favor, I've dropped a couple of files on the dump under the CIO- June2015 folder, these will be used during the presentation to the CIOs on Friday. If you have a moment, please take a look and fact and sanity check me. Thanks, Andrew On 06/23/2015 09:23 AM, Jon Barclay wrote: I second everything that's been said. Doing an assessment in August sounds great, and I'm up for a couple of tooling/prep days. I like the idea of being able to do recon work prior to being on campus. If we are allowed to begin things like phishing and recon earlier it would be important to have a scope then as well. The things we all seem to be weak at are detection of abuse of privileged accounts. We are not quiet on these assessments, but most of the time the scans are what get detected, not user accounts logging into hundreds of systems. Alerting on abnormal use of accounts would go a long way. It seems like PowerShell is the next frontier for attackers, and we've started to use it as well. Being able to detect abnormal PowerShell activity would also be a huge win. Thanks, Jon -----Original Message----- From: ushe-assess-bounces@lists.dixie.edu <mailto:ushe-assess-bounces@lists.dixie.edu> <mailto:ushe-assess-bounces@lists.dixie.edu <mailto:ushe-assess-bounces@lists.dixie.edu>> [mailto:ushe-assess-bounces@lists.dixie.edu <mailto:ushe-assess-bounces@lists.dixie.edu> <mailto:ushe-assess-bounces@lists.dixie.edu <mailto:ushe-assess-bounces@lists.dixie.edu>>] On Behalf Of Jake Johansen Sent: Tuesday, June 23, 2015 9:06 AM To: Andrew Goble; Chuck Kimber; ushe-assess@lists.dixie.edu <mailto:ushe-assess@lists.dixie.edu> <mailto:ushe-assess@lists.dixie.edu <mailto:ushe-assess@lists.dixie.edu>> Subject: Re: [USHE-assess] CIO Presentation Sounds good to me, on both suggestions Thanks Jake On 6/22/15, 4:57 PM, "Andrew Goble" <goble@dixie.edu <mailto:goble@dixie.edu> <mailto:goble@dixie.edu <mailto:goble@dixie.edu>>> wrote: Also, this will come up Friday as well... scheduling: First off, how does everyone feel about a 1.5 - 2 day team meeting in July somewhere centralish (UofU or UVU)? Be an opportunity to distribute new hardware and work on tools without the distraction of actually being on an assessment. Second, I'd like to stick as best as possible to the order we established this last round: FY 2016 Weber - Dixie - SLCC - Utah State FY 2017 UofU - Snow - UVU - SUU I'd like to see if we can get to Weber in early August, with mid-to-late September as a backup. That would put Dixie October / Novemberish (with the contingency of a new arrival in my family due in late November that might influence timing for me/Dixie.) Worst case scenario we'd be looking at Weber in the fall sometime and Dixie in January. I just want to avoid a situation where we go 5 or 6 months with no assessment. We get rusty and have to cram them into the Spring. Thoughts? Thanks, Andrew On 06/22/2015 12:07 PM, Chuck Kimber wrote: On Mon, Jun 22, 2015 at 11:45 AM, Andrew Goble <goble@dixie.edu <mailto:goble@dixie.edu> <mailto:goble@dixie.edu <mailto:goble@dixie.edu>> <mailto:goble@dixie.edu <mailto:goble@dixie.edu> <mailto:goble@dixie.edu <mailto:goble@dixie.edu>>>> wrote: From your point of view, what are the pervasively good, and pervasively bad things we've found across the institutions? (wifi evil twin, etc) What could we be spending money or effort on as a system to help fix some of these issues (system-license of Duo, Cloudpath, etc Things I think everyone is struggling to do or affording where USHE bulk purchasing may help. IPS, IDS Logging Alerting, where logs do exist Detecting out of norm behaviours. Softwares like Rapid7 UserInsight. The Responder, broadcast stuff Jon has alerted us to and that we've massively exploited already and I can see is going to be trouble for everyone. This is a config and mentality change, not necessarily something to spend money on as a body. Will also bring up the idea of increasing the time we have available to poke at stuff before we come on-site I still like this idea, if we can devote any time to it, as APT is such an issue these days. It helps us give a sense of how an APT might play out, albeit on a shorter time period. _______________________________________________ USHE-assess mailing list USHE-assess@lists.dixie.edu <mailto:USHE-assess@lists.dixie.edu> <mailto:USHE-assess@lists.dixie.edu <mailto:USHE-assess@lists.dixie.edu>> http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess _______________________________________________ USHE-assess mailing list USHE-assess@lists.dixie.edu <mailto:USHE-assess@lists.dixie.edu> <mailto:USHE-assess@lists.dixie.edu <mailto:USHE-assess@lists.dixie.edu>> http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess _______________________________________________ USHE-assess mailing list USHE-assess@lists.dixie.edu <mailto:USHE-assess@lists.dixie.edu> <mailto:USHE-assess@lists.dixie.edu <mailto:USHE-assess@lists.dixie.edu>> http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess _______________________________________________ USHE-assess mailing list USHE-assess@lists.dixie.edu <mailto:USHE-assess@lists.dixie.edu> <mailto:USHE-assess@lists.dixie.edu <mailto:USHE-assess@lists.dixie.edu>> http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess
USHE-assess mailing list USHE-assess@lists.dixie.edu http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess
One thing that would be good to remind the schools about is that they hire us to help them and sandboxing us or hiding the skeletons doesn¹t help any of us. It wastes everyones time and money to try and hinder what we scan see out of the gate. Yes I am thinking about one school in particular and maybe I just need to get over it because the other assessments I have been on haven¹t been as bad.
Tools: I know that they are cheap and I will probably get my own, but a couple of lock-pick sets would be good to have with the gear, just incase folks forget their own or don¹t have one.
Thanks, Dustin
On 6/22/15, 11:45 AM, "Andrew Goble" goble@dixie.edu wrote:
Hey guys,
Mark and I are presenting to the CIOs on Friday. I'll do an overview of the assessments over the past 2 years, what we've found, etc.
Just wanted to some input from all of you on a few things... I can guess what a lot of these will be:
From your point of view, what are the pervasively good, and pervasively bad things we've found across the institutions? (wifi evil twin, etc)
What could we be spending money or effort on as a system to help fix some of these issues (system-license of Duo, Cloudpath, etc)
I just want to be able to demonstrate things that the whole system does well or struggles with. I'll talk about the assessments moving forward, some of our new equipment, etc. Will also bring up the idea of increasing the time we have available to poke at stuff before we come on-site.
Anything else on your wish list for me to talk to the CIOs about?
Also, for those who were on the SUU assessment, if you can get me your report materials, that would be awesome.
Thanks, Andrew _______________________________________________ USHE-assess mailing list USHE-assess@lists.dixie.edu http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess
participants (6)
-
Andrew Goble -
Chuck Kimber -
Dustin Udy -
Jake Johansen -
Jon Barclay -
Mark Walton