Research Cybersecurity

The Quick Fives

Five steps UMD researchers can take to improve cybersecurity, protect confidential information, and prevent data loss:

1. Use campus email for university business (IT-14: Standard on Institutional Email), always pay attention to the sender’s email, and be suspicious of unfamiliar links.
2. Back up your data and store offline copies.
3. Use UMD owned devices with campus anti-malware solution (FireEye) or use the UMD Virtual Workspace.
4. Automatically install updates onto your devices.
5. Use UMD Box to collaborate with high risk data. Use Secure Share to send messages and files containing sensitive information.

Five steps UMD researchers with servers and lab equipment can take to improve cybersecurity, protect confidential information and prevent data loss:

1. Back up your data and store offline copies.
2. Use UMD owned devices with campus anti-malware solution (FireEye).
3. Automatically install updates onto your servers and periodically scan for vulnerabilities.
4. Use Duo Multi-Factor Authentication to access your servers and contact DIT to help set up network firewalls.
5. Limit, monitor, and log physical access to your server facilities.

IT Managers/System Security Officers: Review the IT-5 Checklist (Standard on the Security of Information Technology Resources) and ensure your systems are meeting campus standards.

Restricted Research Data: Some data types require specific controls and processes for protections. Contact it-compliance@umd.edu or it-research-consult@umd.edu for assistance if your research involves this data.

Prevent data loss and harm to the university by following best practices, documenting your security-focused implementations, and sharing your contact information with us so we can reach out to you when there are cybersecurity threats to our campus and data. DIT provides various cybersecurity tools and services that you can use to secure your systems. The practices are based on guidelines listed in NIST 800-171, UMD IT-4: Standard for Protecting Sensitive Information, and UMD IT-5: Standard on the Security of Information Technology Resources.

Research Cybersecurity Toolkit

DIT Resources for Data Management Plans
Data Risk Guide to Commonly Used DIT Services

Data Protection

Key Tools: Code42 Workstation Backups, Spectrum Protect, Secure Share, Storage Device Destruction, OneTrust, InCommon Certificates

• Fully understand the sensitivity of the function or operation being supported by the system and the data being stored or manipulated on the system.
• Encrypt stored sensitive data wherever possible to minimize disclosure if the system is compromised. Ensure that sensitive data can be recovered.
• Encrypt sensitive data being transmitted to-and-from the system to ensure the data is protected in transit.
• Securely remove data from media once that data or device is no longer required, in order to prevent unauthorized disclosure of data. Drive destruction is a very effective method.
• Provide protection of scientific data from ransomware and other data integrity attack mechanisms.
• Control any non-public information posted or processed on publicly accessible information systems.

System Security

Key Tools: MECM, Nexpose, FireEye, Firewalls, InCommon Certificates

• Choose not to employ operating systems or software for which security support is no longer provided. If you must, strictly limit network access to those systems.
• Proactively seek out and apply vendor-supplied fixes necessary to repair security vulnerabilities, within a time frame commensurate with the level of risk.
• Remove or disable unneeded services and software, especially those that are network accessible.
• Unless a system is on a private network, scan computers for security vulnerabilities at least monthly, to ensure new vulnerabilities are promptly identified and addressed. Scans should also be conducted:
  • Immediately after installation or configuration of a new system is completed.
  • Immediately after introduction of a new operating system or an upgrade to an existing operating system.
  • Immediately after installation or upgrade of networking or other system software.
• Install and maintain anti-virus software on operating systems for which the university has licensed such software and maintain current virus pattern files.
• Subscribe to vendor and other advisory services applicable to the operating environment being maintained.
• Stay current on security issues that affect the university environment by joining the UTCC community of practice and visiting the security section of the DIT website.
• Monitor, control, and protect organizational communications (i.e., information transmitted or received by organizational information systems) at the external boundaries and key internal boundaries of the information systems.
• Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks.
• Identify, report, and correct information and information system flaws in a timely manner.
• Provide protection from malicious code at appropriate locations within organizational information systems.
• Update malicious code protection mechanisms when new releases are available.
• Perform periodic scans of the information system and real-time scans of files from external sources as files are downloaded, opened, or executed.

Access Control

Key Tools: CAS, Active Directory, Duo, InCommon Certificates, MECM, Admin accounts

• Ensure that IT resources are secured against theft and systems holding sensitive data are protected from unauthorized physical access.
• Deploy encrypted communications methods for secure access to the system.
• Where technically possible, only allow legitimate and authorized network access to systems.
• Require all users to be identified and authenticated before access is allowed.
• Perform day-to-day work as a non-privileged user and only use privileged accounts for tasks that require additional capabilities.
  • How to comply:
    • Create non-privileged accounts for all users.
    • Create separate accounts for users who need additional privileges and instruct them to only use those accounts when they need to utilize those additional privileges.
• Ensure that all accounts require a password. When technically feasible, utilize CAS (Central Authentication Service) for authentication to leverage central account management and multi-factor authentication.
• Where technically practicable, use multi-factor authentication for privileged access to servers, applications, and network infrastructure.
  • How to comply:
    • Use CAS for authentication and authorization for your web application which will automatically add MFA.
    • Request a Duo API key to integrate Duo into your app application: IT Support request form.
    • Review the list of the applications that integrate with Duo.
• Ensure that reusable passwords are not sent over the network in clear-text.
  • How to comply:
    • Enable SSL or other encryption capabilities.
    • SSL certificates can be requested free of charge from the IT Service Catalog.
• Limit information system access to authorized users, processes acting on behalf of authorized users, or devices (including other information systems).
• Limit information system access to the types of transactions and functions that authorized users are permitted to execute.
• Verify and control/limit connections to and use of external information systems.
• Identify information system users, processes acting on behalf of users, or devices.
• Authenticate (or verify) the identities of those users, processes, or devices, as a prerequisite to allowing access to organizational information systems.

Accountability

Key Tools: Splunk, Cybersecurity Training

• If a system is capable, log the following list of system activities. Work with DIT to determine if these logs are a good candidate for inclusion in the centralized Splunk enterprise logging solution: [IA.1.076]
  • Successful user logins, including the location from which the logins originated.
  • Unsuccessful login attempts, including the location from which the attempts originated.
  • Unsuccessful file access attempts.
  • Successful file accesses for files and databases containing sensitive data.
• The following activities must be reported immediately to the DIT IT Security Office (301-226-4225):
  • Suspected or actual security breaches of university information or of information systems.
  • Systematic unsuccessful attempts to compromise information.
  • Suspected or actual weaknesses in the safeguards protecting university information or information systems.
  • Missing or stolen equipment. Such incidents must also be reported to University Police.
• Provide regular cybersecurity awareness training for authorized users of information systems, including in recognizing and responding to social engineering threats and breaches.

How to Implement
Use Splunk log management software:

• Request Splunk log management by emailing splunk-admins@umd.edu. Logs can be reviewed in the Splunk Web UI.
• Complete Defend Your Shell training. Additional training is available through Linkedin Learning.

Contact

Division of IT, Research Computing 
it-research-consult@umd.edu