Campus Technology Day

Campus Security Review

September 25, 2003

– Looking at the Network Sean Atkinson

– Campus Security Requirements Dick Bednar

– Meeting the Requirements Dick Bednar

- Notification Processes Mike Marcinkevicz

, , – ACAD AD & Other Domain Review Mike Marcinkevicz

Questions

Campus Security Review Session

Looking at the Network

Sean Atkinson

Attacks in the Last 24 Hours

 DOS Cisco attempt6  DOS MSDTC attempt74  SCAN FIN79

-  WEB IIS .cmd exe access82- . WEB IIS ISAPI ida attempt99

-  Known Attacker SCAN nmap TCP Ping142

-  WEB IIS WEBDAVnessus safe scan attempt214

 SCAN nmap TCP227  SCAN FIN315

-  WEB MISC apache DOS attempt353 Atta ck Type

# ofAtte m pts

Attacks in the Last 7 Days

 DOS Cisco attempt33

-  WEB IIS CodeRed 2 v .root exe access64

 DOS MSDTC attempt67- . WEB IIS ISAPI ida attempt633-  WEB IIS .cmd exe access707

-  Known Attacker SCAN nmap TCP Ping887

 SCAN FIN1048  SCAN nmap TCP1056

-  WEB MISC apache DOS attempt1878  DOS MSDTC attempt2369-  WEB MISC http directory traversal7359  SCAN FIN7575  DDOS shaft synflood19885 Atta ck Type

# ofAtte m pts

Attacks in the Last 24 Days

 DOS Cisco attempt49

-  WEB IIS CodeRed 2 v .root exe access109

 DOS MSDTC attempt159- . WEB IIS ISAPI ida attempt1152

-  Known Attacker SCAN nmap TCP Ping1553

-  WEB IIS .cmd exe access2005  SCAN FIN2388  SCAN FIN10561  DDOS shaft synflood19885

 DOS MSDTC attempt34757 Atta ck Type

# ofAtte m pts

What's attacking us today?

Network Security Requirements

Dick Bednar

Administrative Accounts for IT Security Group scanning & patching

, , Password minimums for duration length and complexity

Technical and Administrative Contacts for network devices

Installa tion and Update of critical service, , - packs hot fixes and anti virus

Campus Security Requirements

Administrative Accounts

Creation of domain and local admin accounts

Daily scanning of network devices

. ( )Password mins local and domain Must expire twice a year

8 14 Must be between and characters with the exception of ACAD system accounts

3 4 Must contain at least of character types of( , , lower case letter upper case letter special

, )character and numbers

Meeting the Requirements

Establish Contacts for All Devices 9, 12 Technical contacts must be Unit month

24 7 FT employees with a x accessible contact

12 Administrative contacts must be month FT employees

Critical OS And Application Updates

Operating system and application critical . patches must be installed and updated regularly

Minimums required for latest patch are the minimums required on network. - Update Expert and McAfee Anti Virus are

available for installation on campus. workstations

’ .GPO s available for use on qualified systems

Meeting the Requirements II

Notification Processes & Domain Review

Mike Marcinkevicz

1. Vulnerability Identified

2. Vulnerability List Generated

3. List & Email sent to technical & admincontacts

4. / Systems Patched by ITand or local unit and :depends upon

Domain membership

OU membership

Type of system

Vulnerability Notification

Exploit Notification

When an exploit is available it is TOO LATE to try and patch

workstations

Vulnerable and exploited systems are disconnected from the network and are not reconnected until they are patched and cleaned.

ACADACADDOMAINDOMAIN

TrustTrust

ADADDOMAINDOMAIN

WinTel Domains Review

– AD ADministrative Domain – ACAD ACADemic Domain

AD authenticated users can log into labs and resources in ACAD

ACAD students and users cannot login to AD .campus resources

Accounts can be created by ITcoordinator ( ) request ITRF for Students working in

Department offices who need access to AD resources

AD Domain – Services - Existing

IT Purchase & Support

Update Expert UpdatesMcAfee EPO InstalledGPO Software Apps

Rollout

Dept. Purchased Dept. Supported

Manual Updates McAfee EPO Available Dept. Software Apps

Campus

Domain Polices for Passwords

Dept. PurchasedDept. Supported

Manual UpdatesMcAfee EPO AvailableDept. Software Apps

Local

**Servers are members of the ‘ Server’ OU.

AD Domain Services – New (10/03)

IT Purchase & Support

Update Expert UpdatesGPO Critical PatchesMcAfee EPO InstalledGPO Software Apps

Rollout

Dept. Purchased IT Supported Admin Contact GPO Critical Patches Update Expert Updates McAfee EPO Installed Dept. Software Apps

Campus

Domain Polices for Passwords

Dept. PurchasedDept. Supported Tech & Admin ContactUpdate Expert AvailableMcAfee EPO AvailableDept. Software Apps

Local

**Servers are members of the ‘ Server’ OU.

Dept PurchaseDept Support

Manual Updates McAfee EPO AvailableDept. Software Update

Depts.

Division/Dept LabsDept Support/Admin

Manual UpdatesMcAfee EPO AvailableDept. Software Update

Labs

All ServersIT or Dept. Support

Manual UpdatesMcAfee EPO Available Dept. Software Update

Servers

No Domain Policies

ACAD Domain Services - Existing

Dept PurchasedHelp Desk SupportGPO Critical PatchesUpdate Expert Updates McAfee EPO InstalledDept. Software Apps

Campus

Division/Dept LabsDept Support/Admin

Update Expert UpdatesMcAfee EPO AvailableDept. Software Apps

Local

All ServersIT or Dept. Support

Manual UpdatesMcAfee EPO Available Dept. Software Apps

Servers

Domain Policies for PasswordsDomain Updates for critical patches

ACAD Domain Services – New 10/03

Other Wintel Domains Review Other domains on the campus network do

.not have trusts with ACAD or AD

These other domains must follow the Campus Network Security Standards and

Practices

Meetings for Lab Conventions and Domain .Standards Compliance now being setup

These other domains will be collapsed into the AD or ACAD domains by July 2004 unless exempted by CITO. Migration plans for other domains into AD/ACAD are due by November 2003.

ACADACADDOMAINDOMAIN

ADADDOMAINDOMAIN

OTHEROTHERDOMAINSDOMAINS

Tru

stT

rust

Local Purchase & Support

Password RequirementsAdmin ContactTechnical Contact IT Admin AccessMcAfee EPO AvailableUpdate Expert AvailableDept. Software Apps

OTHER

OTHER Domain Services

Setting conventions for Labs and Opensystems

Setting conventions for Hardware and Software Minimums

Individual meetings in November with those units running domains for migration

Campus Security Follow Up Meetings

QUESTIONS ??