Campus Technology Day Campus Security Review
-
Upload
webhostingguy -
Category
Documents
-
view
480 -
download
0
Transcript of Campus Technology Day Campus Security Review
Campus Technology Day
Campus Security Review
September 25, 2003
– Looking at the Network Sean Atkinson
– Campus Security Requirements Dick Bednar
– Meeting the Requirements Dick Bednar
- Notification Processes Mike Marcinkevicz
, , – ACAD AD & Other Domain Review Mike Marcinkevicz
Questions
Campus Security Review Session
Looking at the Network
Sean Atkinson
Attacks in the Last 24 Hours
DOS Cisco attempt6 DOS MSDTC attempt74 SCAN FIN79
- WEB IIS .cmd exe access82- . WEB IIS ISAPI ida attempt99
- Known Attacker SCAN nmap TCP Ping142
- WEB IIS WEBDAVnessus safe scan attempt214
SCAN nmap TCP227 SCAN FIN315
- WEB MISC apache DOS attempt353 Atta ck Type
# ofAtte m pts
Attacks in the Last 7 Days
DOS Cisco attempt33
- WEB IIS CodeRed 2 v .root exe access64
DOS MSDTC attempt67- . WEB IIS ISAPI ida attempt633- WEB IIS .cmd exe access707
- Known Attacker SCAN nmap TCP Ping887
SCAN FIN1048 SCAN nmap TCP1056
- WEB MISC apache DOS attempt1878 DOS MSDTC attempt2369- WEB MISC http directory traversal7359 SCAN FIN7575 DDOS shaft synflood19885 Atta ck Type
# ofAtte m pts
Attacks in the Last 24 Days
DOS Cisco attempt49
- WEB IIS CodeRed 2 v .root exe access109
DOS MSDTC attempt159- . WEB IIS ISAPI ida attempt1152
- Known Attacker SCAN nmap TCP Ping1553
- WEB IIS .cmd exe access2005 SCAN FIN2388 SCAN FIN10561 DDOS shaft synflood19885
DOS MSDTC attempt34757 Atta ck Type
# ofAtte m pts
What's attacking us today?
Network Security Requirements
Dick Bednar
Administrative Accounts for IT Security Group scanning & patching
, , Password minimums for duration length and complexity
Technical and Administrative Contacts for network devices
Installa tion and Update of critical service, , - packs hot fixes and anti virus
Campus Security Requirements
Administrative Accounts
Creation of domain and local admin accounts
Daily scanning of network devices
. ( )Password mins local and domain Must expire twice a year
8 14 Must be between and characters with the exception of ACAD system accounts
3 4 Must contain at least of character types of( , , lower case letter upper case letter special
, )character and numbers
Meeting the Requirements
Establish Contacts for All Devices 9, 12 Technical contacts must be Unit month
24 7 FT employees with a x accessible contact
12 Administrative contacts must be month FT employees
Critical OS And Application Updates
Operating system and application critical . patches must be installed and updated regularly
Minimums required for latest patch are the minimums required on network. - Update Expert and McAfee Anti Virus are
available for installation on campus. workstations
’ .GPO s available for use on qualified systems
Meeting the Requirements II
Notification Processes & Domain Review
Mike Marcinkevicz
1. Vulnerability Identified
2. Vulnerability List Generated
3. List & Email sent to technical & admincontacts
4. / Systems Patched by ITand or local unit and :depends upon
Domain membership
OU membership
Type of system
Vulnerability Notification
Exploit Notification
When an exploit is available it is TOO LATE to try and patch
workstations
Vulnerable and exploited systems are disconnected from the network and are not reconnected until they are patched and cleaned.
ACADACADDOMAINDOMAIN
TrustTrust
ADADDOMAINDOMAIN
WinTel Domains Review
– AD ADministrative Domain – ACAD ACADemic Domain
AD authenticated users can log into labs and resources in ACAD
ACAD students and users cannot login to AD .campus resources
Accounts can be created by ITcoordinator ( ) request ITRF for Students working in
Department offices who need access to AD resources
AD Domain – Services - Existing
IT Purchase & Support
Update Expert UpdatesMcAfee EPO InstalledGPO Software Apps
Rollout
Dept. Purchased Dept. Supported
Manual Updates McAfee EPO Available Dept. Software Apps
Campus
Domain Polices for Passwords
Dept. PurchasedDept. Supported
Manual UpdatesMcAfee EPO AvailableDept. Software Apps
Local
**Servers are members of the ‘ Server’ OU.
AD Domain Services – New (10/03)
IT Purchase & Support
Update Expert UpdatesGPO Critical PatchesMcAfee EPO InstalledGPO Software Apps
Rollout
Dept. Purchased IT Supported Admin Contact GPO Critical Patches Update Expert Updates McAfee EPO Installed Dept. Software Apps
Campus
Domain Polices for Passwords
Dept. PurchasedDept. Supported Tech & Admin ContactUpdate Expert AvailableMcAfee EPO AvailableDept. Software Apps
Local
**Servers are members of the ‘ Server’ OU.
Dept PurchaseDept Support
Manual Updates McAfee EPO AvailableDept. Software Update
Depts.
Division/Dept LabsDept Support/Admin
Manual UpdatesMcAfee EPO AvailableDept. Software Update
Labs
All ServersIT or Dept. Support
Manual UpdatesMcAfee EPO Available Dept. Software Update
Servers
No Domain Policies
ACAD Domain Services - Existing
Dept PurchasedHelp Desk SupportGPO Critical PatchesUpdate Expert Updates McAfee EPO InstalledDept. Software Apps
Campus
Division/Dept LabsDept Support/Admin
Update Expert UpdatesMcAfee EPO AvailableDept. Software Apps
Local
All ServersIT or Dept. Support
Manual UpdatesMcAfee EPO Available Dept. Software Apps
Servers
Domain Policies for PasswordsDomain Updates for critical patches
ACAD Domain Services – New 10/03
Other Wintel Domains Review Other domains on the campus network do
.not have trusts with ACAD or AD
These other domains must follow the Campus Network Security Standards and
Practices
Meetings for Lab Conventions and Domain .Standards Compliance now being setup
These other domains will be collapsed into the AD or ACAD domains by July 2004 unless exempted by CITO. Migration plans for other domains into AD/ACAD are due by November 2003.
ACADACADDOMAINDOMAIN
ADADDOMAINDOMAIN
OTHEROTHERDOMAINSDOMAINS
Tru
stT
rust
Local Purchase & Support
Password RequirementsAdmin ContactTechnical Contact IT Admin AccessMcAfee EPO AvailableUpdate Expert AvailableDept. Software Apps
OTHER
OTHER Domain Services
Setting conventions for Labs and Opensystems
Setting conventions for Hardware and Software Minimums
Individual meetings in November with those units running domains for migration
Campus Security Follow Up Meetings
QUESTIONS ??