Center for Information Technology Services

Home > CITS > Communications > Archives > Priorities > Oct 2002 > Security

UMB Security Strategy
October 14th, 2002

Goal: To have a robust, secure campus networked environment that protects against security breaches while supporting appropriate access to data for UMB research, teaching, and administrative operations.

Objectives: To implement and maintain for the campus: a central firewall (completed), central intrusion detection system software (completed) and other appropriate hardware and software security measures (on-going). To provide a proactive means in which campus resources (servers and desktops) can be kept current with the latest security updates (completed and on-going). To develop an awareness of the need for security throughout the entire UMB community (on-going).

Current State: UMB now has a central firewall hardware and software for monitoring and when necessary, blocking intrusions from inside UMB as well as from outside the campus network via the Internet. The University has purchased contemporary security hardware and software for monitoring and analyzing network traffic leaving as well as coming into the University. These analyses and data will help in forming security procedures and the development of security policies.

Schedule:

April - May: Procured and installed Cisco Pix 535 Firewall(s). Procured and installed central Intrusion Detection System. Procured "NetVCR" software for detecting intrusions to campus machines. Assembled inventory data on campus resources (server, operating system, user, system administrator, etc.). Established communication lists for contacting campus IT administrators.

June - August: Continued monitoring network traffic to establish baselines. Communicated network traffic findings to users. Maintained ongoing communications with campus IT administrators. Investigated and applied additional security measures.

September: Procured "Packeteer" software for analyzing network traffic and for more efficiently "shaping" network traffic through the University. The data are being used to form Security guidelines and policy statements.

Oct.-Nov.: Draft Security Policy as part of the University IT Use and Ethics Policy statement. Re-assess security technology in light of HIPAA regulations. Begin implementing any remaining security technologies for HIPAA compliance. Continue to apply effective and reasonable technology security for the safety and protection of all UMB confidential information.

Outcome: UMB has gained knowledge of security breaches and addressed the situations quickly and effectively. Collaboration and communication with campus IT administrators has resulted in common solutions for protecting data, while at the same time, ensuring data access for those who need it. Security awareness will continue to be heightened and more widespread throughout the University. UMB faculty, students and staff will work in a networked environment that is monitored and protected by appropriate tools and by a skilled and knowledgeable staff. In addition, by blocking illegal and intrusive activity, the University has saved on Internet expenses, since these charges are based on total usage.