2012 NATIONAL CYBERSECURITY MONTH: Intrusion Detection, Incident Response and System Auditing Covered in Technical Track of Day-Long Program - 10/25/12

Matt Jonkman, CTO of Emerging Threats Pro, presented at ITaP Security and Policy’s Oct. 5 cybersecurity event, where he spoke about the Suricata Engine, an open-source, next-generation intrusion detection and prevention engine. Jonkman is a graduate of Purdue and worked for CERIAS as a student. He now runs his international company headquartered in Lafayette.

Emerging Threats is a world-leading provider of open-source and commercial threat and malware intelligence. Founded in 2003 as a cybersecurity research community, Emerging Threats has become the de facto standard in network-based malware threat detection. The company’s ET Open Ruleset and ET Pro Ruleset are platform agnostic for easy integration with Suricata, Snort, and other network intrusion protection and detection systems. With ET Pro Ruleset, organizations can achieve the highest standards of malicious threat detection with world-class support and research for extended vulnerability coverage. ET Pro Ruleset is ideal for enterprises, government agencies, financial institutions, higher education, and service providers.

Jonkman founded and leads the Open Information Security Foundation (OISF), which is part of and funded by the Navy’s Space and Naval Warfare Systems Command (SPAWAR) and the Department of Homeland Security's Directorate for Science and Technology HOST program (Homeland Open Security Technology). Membership in the consortium allows organizations to help guide and develop the engine, as well as gain access to a less restrictive license.

Also featured at the Oct. 5 event were Doug Couch and Nathan Heck, security engineers with ITaP Security and Policy. Their presentation outlined the incident response process to manage a security incident. This process starts when an individual believes something is wrong with the way their computer is behaving. At that point, they should contact their IT person or report their issue using the online Incident Report Form. It is important to submit the form as soon as possible so the incident response team can effectively address the incident.

Important note regarding restricted and/or sensitive data on compromised machine(s):

  1. Unplug the network cable.
  2. Do not unplug the machine from the power source! Keep the machine powered on.
  3. Finally … ensure that the machine is located in a secure location, step away, complete this form in its entirety, and click “Submit.”

A video of these presentations is archived and may be viewed on SecurePurdue’s 2012 Cybersecurity Web page. More information may be found on the Security Incident page of the SecurePurdue website.

In addition, George Bailey, security/technical operations manager at Purdue Healthcare Advisors, and Josh Gillam, IT auditor, Internal Audit for Purdue University, presented on the topic of “System Auditing for System Administrators.” They use NMAP, a network mapper, to scan machines when conducting an audit. NMAP uses many port scanning mechanisms. Scanning multiple systems can produce massive amounts of data to analyze which keeps Josh very busy. NMAP is an open source tool, and is supported by a very active forum and community.

CIS CAT is supported by the Center for Internet Security (CIS) and is an automated OS benchmarking tool. It can check multiple operating systems. It checks to see what security features of the assessment system are enabled. CIS CAT is a commercial tool you pay for but is free to Purdue system admins through University membership. This runs on Java JRE 1.5 or newer.

Baily and Gillamn’s presentation may be also found on SecurePurdue’s 2012 Cybersecurity Web page. A link to the streaming video is provided.

The National Cybersecurity Awareness Month helps raise awareness about online security and safety, protection of personal digital information, and the nation’s critical cyber infrastructure. It has taken place every October since 2001. This is the seventh year the University has observed the month-long campaign.