Discovering and managing a university attack surface

A crime scene investigator can piece together a pretty good profile of you without ever meeting you. By swabbing surfaces you’ve touched, collecting hairs you’ve shed, lifting your fingerprints and examining your shoe prints they can – so the TV shows would have us believe – estimate your age, how tall you are, and so on.

Similar principles apply to discovering the size of your university’s attack surface. Taken in isolation, each piece of evidence may not tell you very much. But when put together, a picture of your institution emerges that is much closer to what an external threat actor sees – including facts that will surprise you. This is an invaluable perspective for you to have if your IT security team is to have any chance of minimising the number of attack vectors a cyber criminal can identify.

This is especially urgent in higher education, where an ever-changing number of students, faculty and administrators not only have access to your network, but can sometimes set up websites on your domain that soon become nothing more than another security risk.

Detecting the true scale of your university’s exposure to cyber risk involves understanding all the components and systems that comprise its network infrastructure.

1. Get a map

No more running down blind alleys – it’s time to figure out exactly how many different devices, servers, switches, routers, firewalls, and other network components are part of the network. With the move to smart campuses and remote working, alongside the rise of the Internet of Things (IoT), there’s never been a better time to create a detailed network map.

2. Secure the scene

Speaking of portable devices and the IoT, make sure you implement network access control to ensure that only authorised devices are connected to your network. Everyone likes working in a secure and controlled environment.

3. Sort out the paperwork

Gather together all the documentation you can about your network – diagrams, IP address assignments, and network device configurations. It will teach you something about the network’s layout and connectivity.

4. Have an identity parade

Identifying the devices present on the network and their associated services is a task best left to automated network scanning. Find a solution that will not only scan the network for live hosts, open ports, and services running on those ports, but report back on the ones you should keep an eye on.

5. Track down addresses

An IP address management (IPAM) solution can help you to track IP address assignments, identify active IP addresses, and provide a comprehensive view of the network’s IP space. Most universities are shocked by just how many they have.

6. Surveillance

Network monitoring does not, thankfully, require that you sit up all night in your car waiting for something – anything – to happen. Instead, use automation to detect illicit network activity and monitor traffic. A good cyber security solution will continuously monitor your threat environment, and will not even require coffee by way of thanks.

7. Probe for vulnerabilities

Regular vulnerability assessments and penetration testing will highlight areas of possible weakness in your network’s infrastructure. You may also find devices that were overlooked or unidentified during previous scans.

8. Build a team

Engage with the university’s various departmental IT teams, buddy up with network administrators, and talk to all the security personnel you can to gather their insights and expertise. They may have additional knowledge of the network infrastructure and can assist in identifying any missing components or areas of concern.

Meet Orbit Security, your new partner

Instead of juggling multiple open-source and paid-for tools, Orbit Security is a single source of threat intelligence that automatically and continuously discovers your attack surface, monitors for breaches, vulnerabilities and misconfigurations, and recommends priorities for your remediation roadmap.

• Discover your attack surface using Orbit Security’s proprietary Network Footprint Discovery ML algorithm. From a single parent domain, we will discover all your interconnected infrastructure to a high degree of accuracy, regardless of who manages it.
• Analyse the threat intelligence assessments provided for every domain and sub-domain in your infrastructure, or view your risk exposure aggregated by the six threat categories in our methodology: Breach, Configuration, Mail, DNS, HTTP, SSL/TLS.
• Mitigate risks according to clear priorities set out in Orbit Security’s assessments, improve your security posture, monitor your third parties and report with confidence to your board.

Reporting is essential to any IT security team, and speaking senior management’s language is crucial. We help by providing off-the-shelf reports:

Management reporting

Our cyber security ratings present complex information in a way that’s easy for both stakeholders outside your team and senior management to understand, allowing you to communicate clearly and effectively what your security pain points are and what resources you need to address them.

Vendor risk reporting

You will be instantly notified if one of your third parties has its security rating downgraded. Thomas Murray will engage with them at your request to provide free and full access to their own threat intelligence assessment, improving the security of your entire ecosystem.