Center for Information Technology Services

Home > CITS > Communications > Archives > Priorities > Feb 2003 > Security

UMB Security Strategy
Updated 2/04/03

Goal: To have a robust, secure campus networked environment that protects against security breaches while supporting appropriate access to data for UMB research, teaching, and administrative operations.

Objectives: 

  • To implement and maintain for the campus: a central firewall (completed), central intrusion detection system software (completed) and other appropriate hardware and software security measures (on-going).
  • To provide a proactive means in which campus resources (servers and desktops) can be kept current with the latest security updates (underway).
  • To develop an awareness of the need for security throughout the entire UMB community (on-going). 

 Current State: UMB now has a central firewall (hardware and software) for monitoring and when necessary, blocking intrusions from inside UMB as well as from outside the campus network via the Internet. The University has purchased contemporary security hardware and software for monitoring and analyzing network traffic leaving as well as coming into the University. These analyses and data will help in forming security procedures and the development of security policies.

Schedule:

April - May:

  • Procured and installed Cisco Pix 535 Firewall(s).
  • Procured and installed central Intrusion Detection System.
  • Procured "NetVCR" software for analyzing campus network traffic.
  • Assembled inventory data on campus resources (server, operating system, user, system administrator, etc.).
  • Established communication lists for contacting campus IT administrators.

 June - August:

  • Continued monitoring network traffic to establish baselines.
  • Communicated network traffic findings to users.
  • Maintained ongoing communications with campus IT administrators.
  • Investigated and applied additional security measures.

 September:

  • Procured "Packeteer" (hardware and software) for analyzing network traffic and for more efficiently "shaping" network traffic through the University. The data are being used to formulate network policies.

 Oct.-Nov.:

  • Draft Security Policy as part of the University IT Use and Ethics Policy statement.
  • Re-assess security technology in light of HIPAA regulations.
  • Begin implementing any remaining security technologies for HIPAA compliance.
  • Diminished (virtually eliminated) access to illegal entertainment protocols.

 Dec.-Jan.:

  • Purchase, configure and test VPN server.
  • Block NetBIOS protocol and packets coming through the Internet/Network gateway.
  • Offer VPN solution to the University for getting remote access to UMB servers.

 Feb./March:

  • Install Firewall Switch Module (FWSM) in the core 6509 switch (strengthen security at the sub-network level).
  • Write customized access lists using the functionality offered in the FWSM.
  • Finalize Security Policy.
  • Continue sending certification alerts and security "patch" information in order to strengthen security on networked servers.
  • Continue activating the firewall and applying effective and reasonable technology security for the safety and protection of all UMB confidential information. Follow-up with IT Leaders to see where vulnerabilities persist, and why. 

 Outcome: UMB has gained knowledge of security breaches and addressed the situations quickly and effectively. Collaboration and communication with campus IT administrators has resulted in common solutions for protecting data, while at the same time, ensuring data access for those who need it. Security awareness will continue to be heightened and more widespread throughout the University. UMB faculty, students and staff will work in a networked environment that is monitored and protected by appropriate tools and by a skilled and knowledgeable staff. In addition, by blocking illegal and intrusive activity, the University will save on Internet expenses, since these charges are based on total usage.