Center for Information Technology Services

Home > CITS > Communications > Archives > Priorities > October 2004 > Security

UMB Security Strategy
Updated November 2003

Goal:
To have a robust, secure campus networked environment that protects against security breaches while supporting appropriate access to data for UMB research, teaching, and administrative operations.

Objectives: 

  • To implement and maintain for the campus: a central firewall (completed), central intrusion detection system software (completed) and other appropriate hardware and software security measures (on-going).
  • To provide a proactive means in which campus resources (servers and desktops) can be kept current with the latest security updates (underway).
  • To develop an awareness of the need for security throughout the entire UMB community (on-going).

Current State:
UMB now has a central firewall (hardware and software) for monitoring and when necessary, blocking intrusions from inside UMB as well as from outside the campus network via the Internet. The University has purchased contemporary security hardware and software for monitoring and analyzing network traffic leaving as well as coming into the University. These analyses and data will help in forming security procedures and the development of security policies.

Schedule:
Feb. 2003 to April 2003

  • Installed firewall Switch Module (FWSM) in the core 6509 switch (strengthen security at the sub-network level).
  • Finalized Security Policy
  • Developed and distributed for review server security standard, workstation security, and wireless security standard.
  • Identified IT Security Officer
  • Worked with Schools and Central Administrative Units to tighten access to their services from the outside CITS Security Group and Infrastructure Services Group worked to provide access to only the ports needed by the University community.
  • Used the IDS to identify potential hack attacks on the network.
  • Sent certification alerts and security "patch" information in order to strengthen security on networked servers.
  • CITS staff conducted vulnerability tests against campus and school servers and workstations.
  • Followed-up with IT Leaders to see where vulnerabilities persist, and why.
  • Investigated the use of host based IDS services as additional layer of IDS security.
  • Activated the firewall and applying effective and reasonable technology security for the safety and protection of all UMB confidential information.

May 2003 to June 2003

  • Developed and will maintain a security web page with approved policies, standards and security alerts.
  • Finalized a document for GLBA compliance.
  • Created separate listserv to make security related announcements.
  • Became a secure member of the National Infragard program. We will receive daily updates from the FBI on the state of cyber security in the nation.

July 2003 to November 2003 and On-going

  • Introduced Campus security web page, updated as needed to reflect latest in security vulnerabilities and threats. URL: http://www.umaryland.edu/cits/security/index.html
  • Collaborating with SOM, UMM and UPI to develop more comprehensive Campus Network Standards that better address security issues due to problems associated with recent worm and virus attacks.
  • Collaborating with SOM, UMMS, and UPI to develop comprehensive Technology Security/Infrastructure, policies and standards.
  • Addressing security issues discovered in recent Legislative Audit.

Outcome:
UMB has gained knowledge of security breaches and addressed the situations quickly and effectively. Collaboration and communication with campus IT administrators has resulted in common solutions for protecting data, while at the same time, ensuring data access for those who need it. Security awareness will continue to be heightened and more widespread throughout the University. UMB faculty, students and staff will work in a networked environment that is monitored and protected by appropriate tools and by a skilled and knowledgeable staff. In addition, by blocking illegal and intrusive activity, the University will save on Internet expenses, since these charges are based on total usage.