Information Security Office Service Catalog

Students and Colleagues with a Personal Email address

Protects the University community from Spam, Phishing, and email-borne Malware.

The spam filter is an automated and self-service system that protects university email addresses from SPAM by:

• blocking connections from known SPAM hosts
• quarantining inbound and outbound messages that look like SPAM.
• Departments requesting to have their contracted mass emailers whitelisted for the entire University, must provide the Information Security Office with a message that is actually caught in spam filter quarantine.

Students, Faculty, and Staff, as well as outside contractors

Allows the sending of RESTRICTED information securely, as well as transmitting files too large to be carried in normal emails.

Secure Attachments is a website and service that transmits large files, or files that require secure transit like RESTRICTED data.

• Available to all users with an @pepperdine.edu address and can be used to send files to external users as well.
• Retains files for later use (downloading them again or sending to another user): 14 days for files larger than 2GB, 45 days for files smaller than 2GB.
• Supported for the transfer of RESTRICTED data as an attachment (body of the email is in clear text, but attachments are fully encrypted).
• The web-based interface is cross-platform compatible with all OS types.

Students, Faculty, and Staff, as well as outside contractors

Protects Students, Faculty, Staff, and Person of Interest accounts from unauthorized access by requiring a second factor of authentication in addition to a password.

SecureConnect adds an additional layer of security by requiring additional confirmation from a personal device when logging into Pepperdine resources from off campus.

• Protect University data, personal payroll/benefit information, and private student information in case your password is phished or stolen.
• Extend your University password expiration for four (4) years.
• DUO Mobile app is flexible and quick to use with any smartphone or tablet.
• Use phone numbers, text messages, or DUO-generated passcodes, whether online or offline, as backup to a smartphone or tablet.

Students, Faculty, and Staff are auto-enrolled in SecureConnect.

Students and Colleagues accessing the University network

Computer Registration is used to block and inform users and provide appropriate access.

Having every machine on the network registered allows university wide actions to be taken swiftly and precisely for a given case. Most often this is demonstrated when a compromised machine is quarantined on the network to prevent damaging other users. However, it serves other functions as well, including providing easy self-registration for guests, providing limited network access.

• All devices on the network are accounted for and monitored for network compliance.
• Provides the framework for the remediation of at-risk machines, protecting users from spam and malware dissemination.
• Allows enforcement on behalf of general counsel when notified of copyright infringement.
• Lost or stolen devices are monitored, and when they appear anywhere on the University network, DPS officials are notified through the Campus Management system.
• The system prevents registration of certain network devices that could cause disruptions to overall network integrity.

(Registration: Self-service with local technician or Tech Central troubleshooting | WavesConnect is hosted on a virtual appliance).

Colleagues with RESTRICTED information on their computer

Helps users prevent financial damages or loss of trust when a University computer with RESTRICTED data is lost or stolen.

Whole disk encryption and the related procedures and signed agreement allow the University to secure RESTRICTED data and prevent costly compliance/litigation in the event a computer is stolen. Computers that must occasionally or regularly access or store RESTRICTED information are required to be encrypted by University policy; Information Security provides manager/end-user training on RESTRICTED information policy and technical training for IT and school technical staff that install the software. Software installation requires justification of RESTRICTED data storage and a signed security agreement per user. Information Security runs the server that manages the software to end users and which provides install/recovery tools to field technicians. In addition, backup end-user support is provided for recovery when alternate users and field technicians are unable to log into a machine (Verification of identity and lack of local resources required; call x4357).

• PGP Whole Disk Encryption is used for encryption of Windows computers.
• SafeGuard is used to manage native FileVault encryption of Apple Computers.

(Client installation: Service Desk & School technicians can be scheduled.  Recovery: real-time by phone call to Tech Central or local technician. | pgp.pepperdine.edu is a virtual appliance on imperator for system management only)

All University online services

Maps user-friendly system names to network-friendly IP numbers.

If attackers can control the DNS service, they can provide user-friendly names mapped to evil IP addresses, trivially facilitating the capture of information.

(24x7 uptime | newton, maxwell & tesla are high availability load balanced caching local & external DNS servers)

All student and colleague client computers on the University network

Automatically provides appropriate network parameters for client computers.

If attackers can control the DHCP service, they can provide inappropriate network parameters for clients' computers, including evil DNS servers, compromised subnet gateways, and other options, trivially facilitating the capture of information.

(24x7 uptime | DHCP provided by newton, maxwell & tesla, wavesconnect are load balanced/high availability DHCP systems)

None

The University firewalls are the first line of defense against network threats.

The University is bombarded daily with traffic, and a lot of it is unwanted, unneeded, and just plain bad. The firewall stops this kind of traffic before it ever enters the University network. Many websites and servers host malicious content that would be dangerous to allow into the network, and the firewall prevents their traffic from getting in, even when you may not be aware of it. Ads fetching images and compromising code are shunned at the firewall and never get any further.

(24x7 traffic passing and filtering | 2 high availability internet firewall appliance pairs (Malibu & Calabasas), high availability datacenter firewall appliance pairs (Malibu), virtual high availability internet and datacenter pairs (WLA), & 3 PCI internet firewall appliances)

None

Analyzes permitted traffic used as a vector for attacks.

Firewalls are used to protect some services and systems -- and to expose others for use! The exposed services may have vulnerabilities or points of attack; the IDS is used to watch for bad traffic to intended services.

(24x7 alerting and blocks | 3 Sensors & 8 Storage hardware appliances, 1 Console on virtual appliance)

All servers at the University

Provides a consistent time to all network hosts and clients.

This service is not only critical to end-user services like Kerberos authentication, but ensures that logs from disparate systems can be easily correlated to track intrusions, problems, or suspicious activity.

(24x7 uptime | clock & clock2 are independent services on maxwell & newton )

None

Enables network forensics to determine how and when a machine became compromised, and implement changes to prevent it.

The node sensors are a network of machines placed at strategic locations throughout the university. They hold a running buffer for network traffic and allow us an opportunity for retrospective analysis. This allows us to make changes and suggestions with a sound understanding of network activity. Through these systems, we're able to bring up malicious websites to the firewall for a shun, or determine what vulnerability was exploited so that a fix can be applied or recommended. They act as our eyes and ears on the network when we can't be everywhere at once.

(24x7 capture | 13 different independent physical hardware capture systems in the node telecom rooms)