Without the constant refresh of Stanford's information security systems, many of the institution's online services would simply stop functioning. On a typical day, over two million email messages are rejected at the email gateway. The trend has consistently increased over the years and is periodically much more severe, requiring additional emergency filtering. Even with this aggressive filtering, some malicious code and spam content is delivered. Another growing problem is phishing attacks.
The technologies included in this category are used to protect data, computer systems, and the integrity of other services. There must be continuous improvement in these technologies to minimize unwanted and often dangerous content from Stanford's computer systems or compromise of user accounts and data. To stay ahead of the ever-increasing risks, IT Services' strategy is to implement a coordinated cycle of campus education, monitor for new attacks, evaluate the effectiveness of current solutions, and properly manage information security incident response. The integration of security information across campus in order to correlate and respond to online attacks, as well as a more systematic and managed encryption of user data, will also help in building a strong defense system.
Technology trends that IT Services is tracking in the development of its strategy include: content inspection improvements to limit phishing attacks by scanning for words or phrases, while avoiding any violation of institutional policy (e.g., credit cards, social security numbers, hate speech); digital server certificates with degrees of assurance (so-called Extended Value certificates); virtual directories that offer multi-sourced data rendered to applications automatically; and the stabilization of technical standards and decreasing prices in the smartcard sector.
Technologies in this section
Goals
- Increase the auditabilty of encryption services, with the ability to know the encryption state of all computers or datasets at any given time.
- Constantly improve spam and virus filtering accuracy, both inbound and outbound, through the email infrastructure.
- Correlate logged security information from across campus and partner with select peer universities to gain earlier warning to network-based attacks or malware that is infecting systems.
- Reduce the cost of digital server certificates by purchasing them from an Internet2 certificate authority.
- Support user awareness of threats via managed client tools that provide alerts; this goal requires very low false positive alerts.
Roadmap
- Evaluate adopting ISP policies and practices for blocking known sources of spam.
- Improve auditability of encrypted laptops and desktop computers.
- Engage with partner institutions to pilot new technologies like DNSSEC (Domain Name Systems Security Extensions) to limit network-based threats.
- Work with Internet2 to refine requirements for upcoming SSL (Secure Sockets Layer) secure certificate authority.
- Evaluate new content inspection technologies.
- Better integrate monitored and logged data to correlate security events.
Measures of success
- Reduction of security incidents and incident response actions.
- Reduction of spam and viruses and their negative impact on user productivity (e.g., email inboxes overwhelmed with spam, blocked web server access).
- Reduction of compromised user computers, department servers, and user accounts.
- Reduction of service impact from denial-of-service attacks.
