Information Security in University Campus and Open Environments

Explore information security challenges in university campuses and open environments through this conference talk from Louisville InfoSec 2013. Delve into topics such as attack motivations, vulnerable applications, physical security concerns, and privilege escalation techniques. Learn about password reuse risks, remote password attacks, and the importance of network awareness. Discover mitigation strategies including open file share protection, log monitoring, and consistent patching. Gain insights on compliance issues, particularly FERPA regulations in educational settings. Understand the multifaceted nature of cybersecurity in academic environments and develop a comprehensive approach to addressing potential threats.

Intro
Mile Wide, Inch Deep
Why Attack?
Crappy Apps
Not even a physical perimeter
Reset the local admin
Bypass the password
All sorts of boot media
Privilege Escalation First frat boy Bob becomes a local admin on a workstation using a boot device
Password Reuse Bytes You In The Buttox
Other Cred on the Box
What is a Hacker?
Performance, Policy
Common?
Remote Password Attacks
NetScan
Reverse DNS Example
Open File Share Mitigations
Watching the logs
Network Awareness
Patch, Patch, Patch
Compliance
FERPA DERPA