Chair: Ian Shepherd, product manager, Janet connectivity, Jisc
Network monitoring and prevention in education
Speaker: Arthur Gordon, senior product manager, WatchGuard Technologies.
WatchGuard Technologies, Inc. is a leading network security vendor for over two decades in the information security realm for small-medium enterprises.
WatchGuard continues to innovate best-of-breed unified threat management services for the education sector including, but not limited to Chromebook monitoring, URL filtering, Wi-Fi intrusion prevention, and network activity reporting.
Security for universities made easy
Speaker: Henry Seddon, Duo Security.
With 450 universities using Duo they will share their experience using Duo and how universities can easily protect themselves from the most common hack.
2. Please switch your mobile phones to silent
19:30
No fire alarms scheduled. In the event of an
alarm, please follow directions of NCC staff
Dinner (now full)
Entrance via Goldsmith Street
16:30 -
17:30
Birds of a feather sessions
15:20 -
16:00 Lightning talks
19. Duo for Education
“ Security made easy for
Universities”
Henry Seddon VP EMEA
20. Sadly - No one gets hacked James Bond or
Mission Impossible style
Real compromises can be quite boring
21. Top 3 Real World Threats
● Phishing
o Credential theft
o Malware installation
o Information gathering
● Ransomware
o Encrypt all the things, profit.
o Data Exposure
● Other Malware / Attacks
23. No! Numbers! Who are Duo…..?
15,000+ customers
450 Universities
10M+ authentication events per day
Millions of unique endpoints analysed every day
18,000+ Microsoft-related integrations analyzed
24. What Does The Data Tell Us?
● Android versions as old as 2.2 are still seen. 6.01(marshmallow) most popular version in the wild.
● iOS versions as old as 2.1 are still found. 7.2 most popular while 10.2.1 is latest.
27. What Does The Data Tell Us?
● 60% average of out of date Flash installations
● 45% average out of date Java installations (92% of endpoints have this enabled vs. 81% in NA)
28. But What About Windows 10 and Edge?
28% of endpoints run Windows 10
47% of Win10 browsers are IE/Edge
8% of IE/Edge are Edge v14
29. Phishing The Data Tell Us?P
● 44% of recipients opened the phish email
● 26% clicked on the link
● 14% entered in credentials
● 15% were using out of date browsers
● 0% had out of date flash or java
● Average time to first click: 23269 seconds
● Median time to first click: 790 seconds
● Average time to first phish: 26331 seconds
● Median time to first phish: 1455 seconds
● Average time to first out of date device: 23832 seconds
● Median time to first out of date device: 857 seconds
Credit: Kaspersky
30. Mitigations
Healthy Paranoia
● User Awareness
○ Educate - Phishing
○ Helpful, but not the answer
● Proactive Monitoring
○ Logging - Don’t box tick
○ Prove to me you are good!
● Incident Response
○ Have a plan & test it
31. Mitigations
Cyber Hygiene
● Secure Design
○ Back-Up, 2FA, Device Encryption
● Secure Configuration
○ Build, Patching / Updates, Passwords
● Manage Privileges
○ Enough, but not too much
34. 4 reasons why EDUs choose Duo
1. Duo works for any end-user device
2. Duo can be rolled out easily to all students and faculty in less than a week with
75% fewer helpdesk calls
3. Duo helps protect all users and applications
4. We offer site license for Students, Faculty Staff, IT & Contractors
35. World’s easiest two-factor authentication
Push Soft Token SMS Phone Call U2F Wearables Biometrics HW Tokens
Several Auth Methods: Protect all your users easily
Deploy 2FA for your entire organization within a day
VPNs Windows Cloud Apps Custom Apps Web Apps SSO Unix SSH Legacy
Out-of-the-box: Protect all your apps easily
36. Rolling out is fast and easy with Duo
Students and faculty self-enroll into Duo
✓ Students and faculty can manage devices themselves
✓ Each department can manage their own sub-account in Duo
✓ Duo can help train your help desk team
✓ Easy documentation to integrate apps and train your staff
75%fewer help desk
calls with Duo
“With Duo, you expend 10% effort and you get 90% benefit. The fact that the value for money comes
along with what I consider to be one of the most robust 2FA systems out there is just icing on the
cake. I would highly recommend Duo to other organizations.” - Loyola University Maryland
37. unix
Secure access to all your apps with ease
MICROSOFT
RRAS
VPNs CLOUD APPs EDUCATION CUSTOMIDENTITY
REST
APIS
WEB SDK
RADIUS
SAML
OIDC
Out-of-the-box integrations with 100s of apps
38. Duo’s Commitment to Accessibility
38
✓ Works with screen readers such as
VoiceOver, NVDA and JAWS*
✓ End-users with low or no vision authenticate
with Yubikeys or Push
✓ Full keyboard support for users who cannot
use a mouse
✓ Zoomable text and big clickable buttons for
authentication
Companies like Duo Security, who are committed to enhancing the accessibility of their
services, can provide an exceptional user experience for all people - Michigan State University
*Following the Federal Section 508 and WCAG 2.0 guidelines
The classroom has changed almost beyond recognition in the past decade. Interactive white boards have replaced traditional chalk boards and tablets have replaced paper and pens.
More than anything else, it is important that any filtering system is intuitive to use and flexible enough to allow the IT administrator to be able to whitelist and blacklist sites and content in line with future changes in policy.
The Internet Watch Foundation (IWF) and the UK Safer Internet Centre have offered the following guidance in regard to appropriate levels of filtering and monitoring in light of the new KCSiE regulations. It recommends that filtering technologies meet the following principles:
Age appropriate, differentiated filtering – includes the ability to vary filtering strength appropriate to age and role
Control – has the ability and ease of use that allows schools to control the filter themselves to permit or deny access to specific content
Filtering Policy – the filtering provider publishes a rationale that details their approach to filtering with classification and categorisation as well as over blocking
Identification – the filtering system should have the ability to identify users
Mobile and App content – isn’t limited to filtering web traffic and includes the blocking of inappropriate content via mobile and app technologies
Multiple language support – the ability for the system to manage relevant languages
Network level – filtering should be applied at ‘network level’ i.e., not reliant on any software on user devices
Reporting mechanism – the ability to report inappropriate content for access or blocking
Reports – the system offers clear historical information on the websites visited by users
Contains policy map, geo-located threat maps, health reports, machine health dashboards
Fake Portals
IoT - Dyn DDOS - October 2016 166K active
All trying to get access to your Data (as the new Oil)
Can’t force mobile device to upgrade
BYOD - More and More
Unsupported Software - November 2015 - Air Traffic Control Weather Software running 3.1 - updating ion 2017
Can’t underestimate the potential of end users
Data is based on over 10 million auth events a day across over approx 15K customers
Matt Smith Dr Who
Sandboxing E-mails… Physical and Virtual detonation testing. Prove to me you are Good, not i don’t think you are bad
Log Shipping, CESG Advice on password relaxation requires proactive breach protection
Sandboxing E-mails… Physical and Virtual detonation testing. Prove to me you are Good, not i don’t think you are bad
Log Shipping, CESG Advice on password relaxation requires proactive breach protection
We do the job - reduce the risk of data breach or protect apps, etc.
Easy and love - end users
Cheaper and faster - IT admin persona