With thousands of new bring-your-own-devices (BYOD) connecting to their networks each year, it’s not easy managing and mitigating cybersecurity risks at universities.
Having witnessed an increase in the number of phishing and spamming incidents at some of Sri Lanka’s prominent universities, as well as several cases of webpage defacement, the Sri Lanka National Research and Education Network, LEARN, held its first network security workshop early this year to build awareness and develop the capacity of its members.
“As the NREN, we are compelled to assist our members to solve these issues,” says Dinesh Gunawardena, who coordinated the three-day workshop held at the University of Peradeniya IT Center in June.
“Many of our members only have very basic network security skills, such as filtering and setting up firewalls, so they are keen to learn more advanced methods to improve the security of their servers, as well as the best practices for handling incidents.”
The workshop was facilitated by the LEARN technical team, Senevi Herath, Thilina Pathirana and Dilum Samarasinghe, and included sessions run by APNIC’s security specialists Adli Wahid and Jamie Gillespie, as well as Chief Inspector of the CID Digital Forensics Division for Sri Lanka Police, S.K. Senarathne.
“We developed the workshop based on our collective experiences attending previous network security workshops organized by APNIC and the NSRC,” says Dinesh.
“Adli and Jamie covered a host of topics related to monitoring for, and responding to, security risks including: setting up and analysing data collected from Honeypots, examples of best practice incident handling policies and protocols, and understanding the role of Computer Security Incident Response Teams [CSIRTs].”
Dinesh says LEARN currently doesn’t operate a CSIRT for its network but is now in discussions to implement such a service due to the overwhelming feedback from participants during the workshop.
Who ya gonna call…when confronted with an incident?
Chief Inspector Senarathne’s session was also a real highlight of the workshop — he is one of the few qualified digital forensic personnel in Sri Lanka.
“The Chief Inspector did a very interesting and informative session on the roles and responsibilities of law enforcement agencies in Sri Lanka when it comes to investigating and prosecuting cybercrimes, and what our engineers should do if they encounter incidents.
“There have been recent incidents where some of our members have had their websites hacked, which resulted in the police acquiring their hardware devices, including live systems, for forensics. However, there were problems with the investigations, as information on these devices had been mistakenly destroyed or not recorded due to the lack of knowledge of the engineers looking after these servers on how to handle these sorts of scenarios.
“CI Senarathne discussed what network engineers could do when incidents happen, who to report incidents to, how to collect and protect evidence, and, most importantly, how to recover quickly from such incidents.”
Based on the positive feedback from the 55 attendees and the overwhelming interest in the workshop since, Dinesh says that LEARN plans to continue to provide further network security workshops, including more advanced workshops, as part of its suite of technical trainings on offer to its members.
The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.
LEARN started to host 2-3 free workshops annually for the members some years ago and I am glad to be a part of this process. From campus network designs, IPv6, eduroam etc. and now this security workshop which started opening eyes of our (LEARN) Network Admins to look at security loop holes and on the things they do wrongfully, has had a great impact on developing technical skills among our engineers. Also this workshop on security was a foundation to build their own IAM systems in their respective institutes as well.