Skip to the content

Kansas State University

SIRT Roundtable Schedule

SIRT Roundtable discussions are open to the K-State community and focus on IT security topics that impact the campus. SIRT reserves the right to change discussion topics based on current IT events affecting K-Staters.

Check this page periodically for updates. Questions about the roundtable discussions should be sent to a SIRT representative.

Next Roundtable Presentations

No roundtables are scheduled at this time.


Past Roundtable Presentations

Friday, May 4, 2012

Traveling Safely
Facilitator: Harvard Townsend
Presentation Slides

Summertime makes Manhattan seem like a ghost town as K-State students, faculty and staff hit the roads and airways for distant lands. The potential rewards of personal and professional travel are great, but so are the security risks.

This seminar will provide tips on how to protect yourself from identity theft, financial fraud and other threats related to information and technology while traveling for business or pleasure.

Topics discussed included:

  • What and where are the travel risks?
  • Using Internet cafes and other wireless/WiFi "hot spots" safely (is that possible?!)
  • Protecting your eID and other passwords
  • Protecting your personal and financial information
  • Risks of ATM machines (ATM “skimmers” are a growing threat)
  • Airport risks
  • Laptop security
  • Things to do before you leave (like backing up your files and not announcing your absence in Facebook)

Friday, April 6, 2012

K-State's Firewall Infrastructure
Facilitator: Richard Becker

Every day, K-State systems are scanned by malicious remote hosts looking for vulnerabilities to exploit for nefarious purposes. Firewalls play a critical role in reducing the risk that these vulnerabilities will be exploited and university data exposed. If you would like to learn more about K-State's firewall environment and how it can be leveraged to help you secure the IT assets you manage, please plan on joining us.

Topics discussed:

  • Network protocol and firewall concepts
  • K-State's firewall infrastructure, including the VPN service
  • Protocols/services currently blocked at the campus border, and what will be blocked in the near future
  • How departments can utilize the firewall infrastructure to improve security
  • How to request firewall services, configuration changes, and special VPN services

Friday, Aug 12, 2011

Patching Security Vulnerabilities in Operating System and Application Software
Facilitator: Nick Brown

Nick Brown from iTAC will demonstrate how to apply patches on systems imaged with Deep Freeze. The rest of the time will be an open discussion about the topics listed above, the challenges you face in supporting a wide variety of systems, and tips and tricks you've found to meet those challenges.

  • What are the most important applications to keep patched (i.e., which ones are most often exploited)?
  • How often should patches be applied (once a semester is not enough!)?
  • WSUS for patching Microsoft Windows and Office products; using the central IT WSUS service.
  • Challenges of patching systems imaged with the likes of Deep Freeze.
  • How do you deal with patches that require a reboot?
  • How do you handle patches that typically require user interaction?
  • How do you manage patches for the different types of systems you have to support, like laptops, office staff workstations, faculty workstations, labs, servers that are expected to be up 7x24.
  • The trade-off between applying patches asap (esp. if it fixes a vulnerability that's being actively exploited) and testing them to make sure they don't break anything.
  • The trade-off between the risk exposure of an un-patched system versus the effort required to keep systems patched.

This roundtable is intended to be an information sharing session among practitioners as opposed to formal presentation. Come share your experiences and knowledge so all can benefit from the collective wisdom. As always, the IT security roundtable is open to anyone.

Friday, May 6, 2011

Summer Traveling Safety Tips, Redeux
Facilitator: Harvard Townsend

Presentation Materials available here:
Presentation Slides

Summertime makes Manhattan seem like a ghost town as K-State students, faculty, and staff hit the roads and airways for distant lands. The potential rewards of personal and professional travel are great, but so are the security risks. This IT security roundtable discussed tips on how to travel safely so you know what to do to stay protected from identity theft, financial fraud, and other threats related to information and technology while on vacation.

Topics discussed included:

  • What and where are the travel risks?
  • Using Internet cafes safely (is that possible?!)
  • Using wireless/WiFi “hot spots” safely (with K-State's new SSL-based VPN service)
  • Protecting your eID and other passwords
  • Protecting your personal and financial information
  • Risks of ATM machines (ATM “skimmers” are a growing threat)
  • Airport risks
  • Laptop security
  • Things to do before you leave (like backing up your files and not announcing your absence in Facebook)

January 14, 2011

Protecting Credit Card Information
Facilitator: Harvard Townsend

Presentation Materials available here:
Presentation Slides
Handouts:
PCI DSS Primer
PCI Basics

The payment card industry (PCI) has rather strict security requirements for any merchant that accepts credit cards for payment.

If your department at K-State accepts credit card payments, then you must comply with these data security standards (DSS), for which version 2.0 was recently published.

Harvard Townsend, K-State’s chief information security officer, will provide an overview of PCI DSS 2.0 and plans for compliance at K-State. This primer will benefit both the staff who handle credit card transactions for a department as well as the IT staff who support the technology associated with credit card payments.

Beyond complying with this industry requirement, proper protection of credit card information is critical to maintaining the trust of those who purchase goods and services from K-State. Furthermore, the cost of a breach is enormous both in financial terms as well as the potential damage to K-State’s reputation. The importance of protecting credit card information cannot be overstated. If you are involved in handling or supporting credit card transactions, plan now to attend this important seminar.

November 5 and December 3, 2010

SecureIT@K-State
Facilitator: Neil Sindicich
Presentation not available online at this time

These presentations were live versions of the online training which is required of all state employees. The session covered the basics of online security that K-Staters need to know in order to stay prepared to handle any threat. Attendees registered online so that their HR files could be updated to reflect their attendance.

Future live sessions of SecureIT@K-State are being planned, but most individuals are expected to take the online version of the course which will be available in January.

Social Networking Risks
Facilitator: Harvard Townsend
Presentation Available

Social networks like Facebook, Twitter, YouTube, and MySpace are a fact of life (and for some, obsessions!), especially for the current generation of students at K-State. The reality is if you want to communicate with that generation, you need to have a presence in social media. The other reality is that hackers/criminals know this is where people spend their time and therefore target these platforms.

Social networks have also permanently altered the privacy landscape on many fronts — the information we post about ourselves, what others post about us, and the information about you that the social networking sites themselves harvest and perhaps share with third parties.

Join us for a discussion on the security risks of social networking. We will discuss the ways hackers are using social networks to try to infect your computer with malicious software and/or steal your personal information; the subtle and not-so-subtle threats to your privacy; and tips on how to navigate the social networking landscape safely.

Harvard Townsend, K-State’s chief information security officer, will give a presentation and facilitate the discussion. Come share your experiences and tips so all can benefit from the collective wisdom. As always, the IT security roundtable is open to anyone.

Friday, May 7, 2010

Traveling Safety!
Facilitator: Harvard Townsend
Presentation Available

Summertime makes Manhattan seem like a ghost town as K-State students, faculty, and staff hit the roads and airways for distant lands. The potential rewards of personal and professional travel are great, but so are the security risks. Thus, this month’s IT security roundtable will discuss tips on how to travel safely so people can protect themselves from identity theft, financial fraud, and other threats related to information and technology while on vacation.

  • What and where are the travel risks?
  • Using Internet cafes safely (is that possible?!)
  • Using wireless/WiFi “hot spots” safely
  • Protecting your eID and other passwords
  • Protecting your personal and financial information
  • Risks of ATM machines (ATM “skimmers” are a growing threat)
  • Airport risks
  • Laptop security
  • Things to do before you leave (like backing up your files)
  • Beware of export restrictions on certain technologies (and nonsensical government policies like Israel’s temporary ban of Apple iPads)

This is a repeat of the roundtable given a year ago, updated with new information.

Friday, April 9, 2010

Safe Web Browsing for Everyone!
Facilitator: Harvard Townsend
Powerpoint Available

Did you know your computer can get infected simply by visiting a website and not clicking on any links? Furthermore, it doesn’t have to be a nefarious site — many reputable, popular websites have inadvertently hosted malicious advertisements. If that isn't scary enough, one study found that 13 percent of Google searches for popular or trendy topics yielded malicious links near the top of the search results.

Web browsing is now the most popular target used by hackers to try to take over control of your computer, so this month’s IT security roundtable will discuss how to browse the Web safely, or at least lower the risk of infecting your computer since there is no way to be 100 percent secure browsing the Web these days.

Topics covered include:

  • The dangers of web browsing, like “drive-by downloads” from seemingly passive advertisements and how hackers trick search engines into promoting malicious links
  • Features built into web browsers to help protect you from these dangers
  • Tools you can add to your web browser, like NoScript and the Web of Trust
  • Trend Micro’s Web Reputation Services
  • Other tips and tricks for safer web browsing

Friday, January 15, 2010

Help! Passwords are driving me crazy!
Facilitator: Harvard Townsend
Powerpoint Available

It’s time once again to change your eID password so what better topic for this month’s IT security roundtable than managing your passwords. Online shopping, social networking sites, games, iTunes, PayPal, travel sites (frequent flier accounts, Expedia, Orbitz, etc.), online banking (checking, savings, credit cards, loans), news and sports sites, blogs and wikis, cellphone account, home Internet provider, cable/satellite TV, your home computer, your laptop, your office computer, your departmental server, K-State’s eID, personal e-mail, K-State e-mail, flexible spending accounts… the list keeps growing. And all of them require a username and password. It’s enough to drive you crazy!

To help maintain your sanity, join us to hear solutions to effectively manage your passwords:

  • Tools and tips to manage passwords for myriad accounts and websites
  • Of all the passwords, which ones do you really need to worry about?
  • What are the real threats to passwords? Aren’t all these rules about passwords the result of the hyped-up fantasy of paranoid IT security officers?
  • Password/passcode/passphrase/PIN – what’s the difference?
  • What’s the big deal about your eID password? We’ll review recent security incidents at K-State that underscore the need to protect your eID password and change it regularly.
  • What are the password rules at K-State and why do the rules keep changing? Are longer passwords really better?
  • Should you let your web browser or computer save passwords so you don’t have to type them every time?
  • Why does your online bank account keep asking separate “security questions” when you try to sign in? Are they important?

Friday, December 4, 2009

Recognizing Email Scams
Facilitator: Harvard Townsend
Powerpoint Available

Malicious e-mail attachments wreaked havoc on K-State computers a few weeks ago, while spear phishing scams that steal eID passwords have been a persistent plague. As hackers continue to find new, more clever ways to trick people, it is important for all users to educate themselves about e-mail scams and be constantly on the alert for new scams that arrive in people’s K-State e-mail daily. Consequently, December’s monthly IT security roundtable discussion will provide tips to help people recognize e-mail scams and thus protect themselves from identity theft, financial fraud, compromised computers, and more. Some of the topics discussed are:

  • Different types of e-mail scams seen at K-State and the associated threats
  • Examples of scams that have been particularly effective at tricking K-Staters
  • How to identify a scam e-mail
  • How to determine if it is safe to open an e-mail attachment
  • Which scams you should report and to whom

Friday, November 6, 2009

New Versions of Trend Micro Security Software
Facilitator: Harvard Townsend & Shea McGrew
Powerpoint Available

The November roundtable covered the new versions of Trend Micro security software deploying the week of November 9th. The discussion included the following for both Trend Micro OfficeScan 10 for Windows and Trend Micro Security for Macs 1.5:

  • Features
  • New operating system support (Windows 7 and Mac OS X 10.6)
  • Why it is important to move to upgrade as soon as possible
  • Deployment schedule for central IT Trend Micro service
  • What users should expect with the upgrade
  • General availability on K-State's antivirus web site

In addition, the removal of Symantec Antivirus from Macs before installing Trend Micro was discussed since K-State's Symantec license expired on October 27.

Friday, September 11, 2009

New Operating Systems
Facilitator: Harvard Townsend
Powerpoint Available

Covered topics included:

  • Mac OS X 10.6 and Windows 7 issues
    • Why you should delay deployment but start testing now
    • Application compatibility is more than an antivirus issue
    • Why antivirus protection is important, even for Macs
    • When will supported antivirus products be available for each OS?
    • Security features in each OS
  • Dealing with those pesky infected USB flash drives
    • What we’ve seen on campus recently
    • Explanation of Autorun/Autoplay
    • Demonstration of how to disable Autorun/Autoplay

Friday, August 14, 2009

Malicious Email
Facilitator: Harvard Townsend
Powerpoint Available

Topic: Thousands of people at K-State received malicious e-mails over the last month claiming to be shipping instructions from Amazon.com, an eCard greeting from Hallmark, or Jessica wanting to meet you. This attack was particularly effective, resulting in well over 100 compromised computers around campus. This discussion helped attendees learn the characteristics of this attack, why it was so effective compared to others, and what you they can do to prevent becoming a victim in the future.

Friday, June 5, 2009

Deploying PGP Whole Disk Encryption
Facilitator: Josh McCune
No Powerpoint Available

The June roundtable covered deployment of PGP Whole Disk Encryption software. Josh McCune demonstrated a client installation, which several of you had requested to see before doing your own installations. It was also a chance for anyone involved in deploying PGP to encrypt laptops and desktops to ask questions and share experiences.

Friday, May 8, 2009

Traveling Safety
Facilitator: Harvard Townsend
Powerpoint Available

Summary: Attendees discussed things that can be done to ensure that even while traveling this summer your data remains safe and secure. Topics covered included both physical and electronic security measures for using your computer on the road, from simply keeping a close eye on your laptop while it goes through the airport screener, to using a VPN client when logging onto the K-State network when off campus.

Friday, January 16, 2009

New IT Security Policies at K-State
Facilitator: Harvard Townsend
Powerpoint Available

Summary: Attendees discussed the creation of policies based on the state review of K-State's existing policies. Consideration was given to how these guidelines could help to harden the K-State's security as well as the difficulty in implementing some of them on a shoestring budget.

Friday, December 12, 2008

PGP Laptop Encryption
Facilitators: Harvard Townsend and Marin Dowlin
Powerpoint Available

Summary: Attendees discussed the implementation and installation of PGP Whole Disk Encryption on laptops containing confidential K-State information. The install process was discussed and the product was demonstrated in Windows and Mac OS.