This document outlines security policies and procedures for Fermilab system administrators. It discusses the lab's strategy of integrated security management and defense in depth. System administrators are responsible for securing systems by applying patches, configuring systems securely, and communicating policies to users. All systems and users must meet baseline security requirements like using central authentication and keeping antivirus software up to date. System administrators must also monitor systems, report any suspicious activity, and help respond to security incidents.
The complexities of NERC CIP-007-5 Requirement 1 (R1) make this one of the most violated requirements in all the NERC standards. NERC CIP-007-5 is the standard focused on Systems Security Management. R1 is intended to minimize the attack surface of critical systems by disabling or limiting access to unnecessary network accessible logical ports and services. For most electric utilities, meeting the mandatory controls of this requirement is an incredibly tedious and labor-intensive effort.
Tripwire has a unique whitelisting profiler extension that can automate monitoring ports, services, user accounts, software, and other requirements within NERC CIP-007-05-R1. Join Robert Held, Senior Systems Engineer, as he live-demos how customer sites are saving man-years of effort in preparing and automating for their audits. Also joining to share their customer experience will be Marc Child, CISSP , Information Security Program Manager at Great River Energy.
Key Takeaways:
-Understand what CIP-007-5-R1 means to your organization
-Learn how to automate the processes required for assessing High and Medium Impact Cyber Assets
-Get audit-ready “Evidence of Compliance” reporting to provide auditors with what they need
-Hear how Marc Child at Great River Energy uses the whitelisting profiler for security and compliance
How to Audit Firewall, what are the standard Practices for Firewall Auditkeyuradmin
Firewalls continue to secure a countless number of organizations across the world and remain first line of defense against known cyber attacks and network risks. Avalanche of IT-led forces and evolution in threat landscape has brought increased onus on firewalls. On the other side, as enterprises extend their business leveraging internet driven business models and increasingly collaborative networks, embracing cloud and virtual environments, there's a need to understand how this ties with the changing role of security technologies such as a firewall. This webinar explains how a tectonic shift in enterprise networking requires rethinking firewall deployment and management for effective security management.
The following presentation presents a 5 step data security plan for small businesses. The plan is easy and inexpensive to implement, and it will provide you a strong plan to protect your proprietary company assets as well as your client's information. To learn more or to read the article, please visit http://www.wilkins-consulting.com/small-biz-security-plan.html.
The complexities of NERC CIP-007-5 Requirement 1 (R1) make this one of the most violated requirements in all the NERC standards. NERC CIP-007-5 is the standard focused on Systems Security Management. R1 is intended to minimize the attack surface of critical systems by disabling or limiting access to unnecessary network accessible logical ports and services. For most electric utilities, meeting the mandatory controls of this requirement is an incredibly tedious and labor-intensive effort.
Tripwire has a unique whitelisting profiler extension that can automate monitoring ports, services, user accounts, software, and other requirements within NERC CIP-007-05-R1. Join Robert Held, Senior Systems Engineer, as he live-demos how customer sites are saving man-years of effort in preparing and automating for their audits. Also joining to share their customer experience will be Marc Child, CISSP , Information Security Program Manager at Great River Energy.
Key Takeaways:
-Understand what CIP-007-5-R1 means to your organization
-Learn how to automate the processes required for assessing High and Medium Impact Cyber Assets
-Get audit-ready “Evidence of Compliance” reporting to provide auditors with what they need
-Hear how Marc Child at Great River Energy uses the whitelisting profiler for security and compliance
How to Audit Firewall, what are the standard Practices for Firewall Auditkeyuradmin
Firewalls continue to secure a countless number of organizations across the world and remain first line of defense against known cyber attacks and network risks. Avalanche of IT-led forces and evolution in threat landscape has brought increased onus on firewalls. On the other side, as enterprises extend their business leveraging internet driven business models and increasingly collaborative networks, embracing cloud and virtual environments, there's a need to understand how this ties with the changing role of security technologies such as a firewall. This webinar explains how a tectonic shift in enterprise networking requires rethinking firewall deployment and management for effective security management.
The following presentation presents a 5 step data security plan for small businesses. The plan is easy and inexpensive to implement, and it will provide you a strong plan to protect your proprietary company assets as well as your client's information. To learn more or to read the article, please visit http://www.wilkins-consulting.com/small-biz-security-plan.html.
The Truth About Viruses on Power Systems - PowertechHelpSystems
It's time to take action: protect Power Systems servers and the network that connects to them.
Protecting your data from viruses or malicious code is not an unfamiliar concept, but understanding how these threats affect your Power Systems server may not be as easy to grasp. Many Power Systems managers still don't see viruses as a risk because they see them as a Windows threat. While this was once true, today's connected environments operate under different rules.
It's time to take action and protect IBM i, AIX, and the network that connects to them. Join noted cybersecurity expert Robin Tatam to find out common ways these business-critical operating systems may be vulnerable and how you can minimize your exposure to viruses. Learn the facts to ensure you are fully protected.
Network Field Day 11 - Skyport Systems PresentationDouglas Gourlay
A presentation at NetField Day 11 that covered how Skyport Systems builds Secure Enclaves that are designed to host and secure critical workloads. This includes building micro-segmentation capabilities, trusted computing, secure boot, and preventing malware and rootkits from affecting IT systems.
In this session, you'll learn the basics of setting up Firewall Analyzer by configuring firewall devices and application settings. You'll also see all the different ways to import logs, as well as an overview of various ad hoc reports
A firewall is a device that controls what gets in and comes out of our network. The firewall is placed between an organization network and the outside world.
SYMANTEC ENDPOINT PROTECTION Advanced Monitoring and ReportingDsunte Wilson
Symantec Endpoint Protection collects information about the security events in your network. You can use log and reports to view these events, and you can use notifications to stay informed about the events as they occur.
Endpoint security will helps in enhancing protection to corporate networks. It prevents from threats, virus and monitor potential entry in the network. Would you like to know more about the endpoint security working mechanism, then click here https://www.comodo.com/business-enterprise/endpoint-protection/endpoint-security-manager.php
OpManager is an integrated network management tool that helps you monitor your network, physical & virtual servers, bandwidth, configurations, firewall, switch ports and IP addresses
It's Your Move: The Changing Game of Endpoint SecurityLumension
It’s time to refine enterprise security strategies at your organization. While we were installing firewalls, antivirus suites, and other technologies that block known threats, the bad guys were out rewriting the rulebook. Don't let cybercriminals stay one step ahead and put you in “checkmate.”
In this information-packed presentation, you'll learn:
* How our opponents have changed the IT security rules
* What role your employees play in this “game”
* Key moves IT security professionals can make to regain control of endpoints
* How one organization has implemented a proactive security approach successfully
The Truth About Viruses on Power Systems - PowertechHelpSystems
It's time to take action: protect Power Systems servers and the network that connects to them.
Protecting your data from viruses or malicious code is not an unfamiliar concept, but understanding how these threats affect your Power Systems server may not be as easy to grasp. Many Power Systems managers still don't see viruses as a risk because they see them as a Windows threat. While this was once true, today's connected environments operate under different rules.
It's time to take action and protect IBM i, AIX, and the network that connects to them. Join noted cybersecurity expert Robin Tatam to find out common ways these business-critical operating systems may be vulnerable and how you can minimize your exposure to viruses. Learn the facts to ensure you are fully protected.
Network Field Day 11 - Skyport Systems PresentationDouglas Gourlay
A presentation at NetField Day 11 that covered how Skyport Systems builds Secure Enclaves that are designed to host and secure critical workloads. This includes building micro-segmentation capabilities, trusted computing, secure boot, and preventing malware and rootkits from affecting IT systems.
In this session, you'll learn the basics of setting up Firewall Analyzer by configuring firewall devices and application settings. You'll also see all the different ways to import logs, as well as an overview of various ad hoc reports
A firewall is a device that controls what gets in and comes out of our network. The firewall is placed between an organization network and the outside world.
SYMANTEC ENDPOINT PROTECTION Advanced Monitoring and ReportingDsunte Wilson
Symantec Endpoint Protection collects information about the security events in your network. You can use log and reports to view these events, and you can use notifications to stay informed about the events as they occur.
Endpoint security will helps in enhancing protection to corporate networks. It prevents from threats, virus and monitor potential entry in the network. Would you like to know more about the endpoint security working mechanism, then click here https://www.comodo.com/business-enterprise/endpoint-protection/endpoint-security-manager.php
OpManager is an integrated network management tool that helps you monitor your network, physical & virtual servers, bandwidth, configurations, firewall, switch ports and IP addresses
It's Your Move: The Changing Game of Endpoint SecurityLumension
It’s time to refine enterprise security strategies at your organization. While we were installing firewalls, antivirus suites, and other technologies that block known threats, the bad guys were out rewriting the rulebook. Don't let cybercriminals stay one step ahead and put you in “checkmate.”
In this information-packed presentation, you'll learn:
* How our opponents have changed the IT security rules
* What role your employees play in this “game”
* Key moves IT security professionals can make to regain control of endpoints
* How one organization has implemented a proactive security approach successfully
An introduction to Security in Control Systems.
Includes a brief description of what a Control System is, and what the basic constraints that are encountered when attempting to secure these systems
"Backoff" Malware: How to Know If You're InfectedTripwire
The US-CERT organization recently updated its Alert TA14-212A, which warns that Point-of-Sale (POS) memory-scraping malware has been found in 3 separate forensic investigations. The Secret Service estimates over 1000+ businesses of all types that accept credit card transactions may be affected. Most may not know it yet.
Join us to learn key “Indicators of Compromise” (IOCs) for Backoff, and what you can do about it.
What is penetration testing and why is it important for a business to invest ...Alisha Henderson
A penetration test is also called a pen test, and a penetration tester is also referred to as an ethical hacker. We can figure out the vulnerable loopholes of a network, a web app or a network through penetration testing services.https://bit.ly/2Zq44xn
A secure system is one where the features are relatively inaccessible to unauthorized users, therefore the system is protected.
A safe system needs to be secure, whereas, a secure system may not need to be safe depending on the application.
5 Things to Know about Safety and Security of Embedded SystemsMEN Micro
A secure system is one where the features are relatively inaccessible to unauthorized users, therefore the system is protected.
A safe system needs to be secure, whereas, a secure system may not need to be safe depending on the application.
Cyberoam offers next-generation firewall and UTM firewall that provide stateful and deep packet inspection for network, application and user identity-based security. Cyberoam firewall appliances provide ease of management and high security with flexibility.
Securing the Data in Big Data Security Analytics by Kevin Bowers, Nikos Triandopoulos of RSA Laboratories and catherine Hart and Ari Juels of Bell Canada
IBM Security Strategy Intelligence, Integration and Expertise
by Marc van Zadelhoff, VP, WW Strategy and Product Management and Joe Ruthven IBM MEA Security Leader
Read| The latest issue of The Challenger is here! We are thrilled to announce that our school paper has qualified for the NATIONAL SCHOOLS PRESS CONFERENCE (NSPC) 2024. Thank you for your unwavering support and trust. Dive into the stories that made us stand out!
The Indian economy is classified into different sectors to simplify the analysis and understanding of economic activities. For Class 10, it's essential to grasp the sectors of the Indian economy, understand their characteristics, and recognize their importance. This guide will provide detailed notes on the Sectors of the Indian Economy Class 10, using specific long-tail keywords to enhance comprehension.
For more information, visit-www.vavaclasses.com
Palestine last event orientationfvgnh .pptxRaedMohamed3
An EFL lesson about the current events in Palestine. It is intended to be for intermediate students who wish to increase their listening skills through a short lesson in power point.
Instructions for Submissions thorugh G- Classroom.pptxJheel Barad
This presentation provides a briefing on how to upload submissions and documents in Google Classroom. It was prepared as part of an orientation for new Sainik School in-service teacher trainees. As a training officer, my goal is to ensure that you are comfortable and proficient with this essential tool for managing assignments and fostering student engagement.
The Art Pastor's Guide to Sabbath | Steve ThomasonSteve Thomason
What is the purpose of the Sabbath Law in the Torah. It is interesting to compare how the context of the law shifts from Exodus to Deuteronomy. Who gets to rest, and why?
2024.06.01 Introducing a competency framework for languag learning materials ...Sandy Millin
http://sandymillin.wordpress.com/iateflwebinar2024
Published classroom materials form the basis of syllabuses, drive teacher professional development, and have a potentially huge influence on learners, teachers and education systems. All teachers also create their own materials, whether a few sentences on a blackboard, a highly-structured fully-realised online course, or anything in between. Despite this, the knowledge and skills needed to create effective language learning materials are rarely part of teacher training, and are mostly learnt by trial and error.
Knowledge and skills frameworks, generally called competency frameworks, for ELT teachers, trainers and managers have existed for a few years now. However, until I created one for my MA dissertation, there wasn’t one drawing together what we need to know and do to be able to effectively produce language learning materials.
This webinar will introduce you to my framework, highlighting the key competencies I identified from my research. It will also show how anybody involved in language teaching (any language, not just English!), teacher training, managing schools or developing language learning materials can benefit from using the framework.
2. Outline
Why Computer Security
Fermilab Strategy:
– Integrated Computer Security
– Defense in Depth
Your role and special responsibilities as a user and system
administrator
Other Computing Policy Issues
–
–
–
–
–
Data backup
Incidental use
Privacy
Offensive material
Licensing
3. Why Computer Security
The Internet is a dangerous place
– We are constantly being scanned for weak or
vulnerable systems; new unpatched systems will be
exploited within minutes.
Fermilab is an attractive target
– High network bandwidth is useful for attackers who
take over lab computers
– Publicity value of compromising a .gov site
– Attackers may not realize we have no information
useful to them
4. Why Computer Security - 2
We need to protect
– Our data
– Our ability to use our computers (denial of service
attacks)
– Our reputation with DOE, Congress and the general
public
Major sources of danger
– Running malicious code on your machine due to system
or application vulnerabilities or improper user actions
– Carrying infected machines (laptops) in from off site
5. FNAL Strategy
Integrated Security Management
Defense in Depth
–
–
–
–
–
–
–
Perimeter Controls and auto blocking
Mail gateway virus scanning
Central Authentication (Kerberos)
Major Applications with enhanced security concerns
Patching and configuration management
Critical vulnerabilities
Prompt response to computer security incidents
(FCIRT)
– Intelligent and informed user community
6. Integrated Security
Management
Computer Security is not an add-on or something external,
it is part and parcel of everything you do with computers
(analogy with ES&H)
Not “one-size-fits-all”, but appropriate for the needs and
vulnerabilities of each system
In most cases, it is simply common sense + a little
information and care
Each Division/Section or large experiment has a GCSC
(General Computer Security Coordinator) who acts as
liaison with the Computer Security Team in disseminating
information and dealing with incidents; see
http://security.fnal.gov/ for an up to date list
7. Perimeter Controls
Certain
protocols are blocked at the site
border (email to anything other than lab
mail servers; web to any but registered web
servers; other frequently exploited services)
Temporary (automatic) blocks are imposed
on incoming or outgoing traffic that appears
similar to hacking activity; these blocks are
released when the activity ceases (things
like MySpace and Skype will trigger
autoblocker unless properly configured)
8. Central Authentication
All use of lab computing services requires central
authentication
Avoid disclosure of passwords on the network
No network services (logon or read/write ftp)
visible on the general internet can be offered with
out requiring strongest authentication, currently
Kerberos (unless a formal exemption is applied for
and granted)
Kerberos provides a single sign in, minimizing use
of multiple passwords for different systems
Lab systems are constantly scanned for violations
of this policy
9. Major applications
Defined as “critical to the mission of the
Laboratory”, i.e. disruption may have major
impact on Laboratory operations; these require
moderate level security controls (as opposed to the
lab baseline low level controls)
– Most things do not fall in this category;
Special (more stringent) rules & procedures apply;
each MA has its own security plan with enhanced
and compensatory security controls beyond the
baseline security controls. (Some “Minor
Applications” will also have their own security
plans.)
You’ll know if you’re in this category;
10. Grid Security Training
If you are:
- a system administrator of systems that accepts grid jobs
(generally jobs that are authenticated by credentials other
than standard Fermilab Kerberos credentials); or
- a system administrator of one of the associated systems
that provides support for the Fermi Grid infrastructure
(such as GUMS and VOMS servers); or
- a developer of grid middleware software
then in addition to this course you require the training
course entitled
"Security Essentials for Grid System Administrators”
which is available both in face to face sessions and online.
If you are a user of grid computing resources you require
the training course about PKI Authentication
11. Patching and Configuration
Management
Baseline configurations exist for each major operating
system (Windows, linux, MAC)
All systems must meet the baseline requirements and be
regularly patched (in particular running an up-to-date
supported version of the operating system) UNLESS:
– A documented case is made as to why the older OS version cannot
be upgraded
– Documentation exists to demonstrate that the system is patched
and managed a securely as baseline systems
– All non essential services (such as web servers) are turned off
All systems with Windows file systems must run anti virus
You as a system administrator are responsible for
configuration and patching!
12. Critical Vulnerabilities and
Vulnerability Scanning
Certain security vulnerabilities are declared
critical when they are (or are about to) being
actively exploited and represent a clear and
present danger
Upon notification of a critical vulnerability,
systems must be patched by a given date or they
will be blocked from network access
This network block remains until remediation of
the vulnerability is reported to the TISSUE
security issue tracking system (as are blocks
imposed for other security policy violations)
13. Computer Security Incidents
Mandatory
incident reporting;
– Report all suspicious activity:
• If urgent to FCC Service Desk, x2345, 24x7;
• Or to system manager (if immediately available);
• Non-urgent to computer_security@fnal.gov;
– Incidents investigated by Fermi Computer
Incident Response Team (FCIRT);
– Not to be discussed!
14. FCIRT (Fermi Computer
Security Incident Response
Team)
Security experts drawn from throughout the lab
Investigate (“triage”) initial reports;
Coordinate investigation overall;
Work with local system managers;
Call in technical experts;
May take control of affected systems;
Maintain confidentiality;
15. Prohibited Activities
“Blatant disregard” of computer security;
– First time perhaps only warning, repeat offense
disciplinary action;
Unauthorized or malicious actions;
– Damage of data, unauthorized use of accounts, denial
of service, etc., are forbidden;
Unethical behavior;
– Same standards as for non-computer activities;
Restricted central services;
– May only be provided by approved service owners;
Security & cracker tools;
– Possession (& use) must be authorized;
See http://security.fnal.gov/policies/cpolicy.html
16. Mandatory System Manager
Registration
System
managers must be registered with
FCSC
Go to http://security.fnal.gov and click on
“verify your node registration” to see who
is registered as sysadmin for your system
See:
http://www.miscomp.fnal.gov/sysadmindb
to make changes in registration (you need a
KCA certificate)
17. Your role as a user and system
administrator
You have a special role as sysadmin of 3 or more systems, a major
application, or a central server.
Sysadmins are on the “front line” of computer security:
“Fermilab’s continuing policy has been to put its first line of defense at the
individual responsible for the data and the local system manager.”
Three roles for a sys admin:
– System manager (configure system, remove unneeded services, apply
patches promptly);
– examples for users;
– vigilant observers of system (and sometimes user) behavior
Sysadmins are expected to communicate computer security guidelines
and policies to the users of systems they administer;
Most important: know how to tell what services are running on your
desktop, turn off those not needed, know where you are getting your
patches from (FERMI domain, Patchlink, yum, Microsoft, …)
18. Role of sysadmins
Manage
your systems sensibly, remaining
aware of computer security while
conducting everyday business
Advise and help users
Keep your eyes open
Report potential incidents to FCIRT
Act on relevant bulletins
19. Protecting Your Systems
Most of the measures you’d take to protect system and data integrity
against random hardware failures or user error are also effective
against network attacks, viruses and other malicious code.
The other basic measures are fairly simple.
–
Shut off services you don’t need. They may be vulnerable to attack,
attacks may be discovered at a later date, or they may require careful
configuration to be secured.
– Understand the services you do need. Configure them properly and keep
up to date with patches.
– Keep yourself informed about security issues with the OS and applications
you use.
– Don’t trust your system logs, they are the first thing an attacker will
modify if your system is compromised
20. Your role as a computer user
Guard against malicious code in email
– Don’t open attachments unless you are sure they are safe
– Don’t trust who email is from
– Updated and enabled virus signatures
Guard against malicious code from web browsing
Watch out for social engineering (obtaining passwords or entry to your
computer through personal rather than technical interaction)
Obey Central Authentication Policy (Kerberos)
– Don’t run network services (login or read write ftp) unless they demand
Kerberos authentication
– Treat your kerberos password as a sacred object (never expose it over the
network)
Promptly report potential computer security incidents
– X2345 or computer_security@fnal.gov
– Follow FCIRT instructions during incidents (especially about keeping
infected machines off the network and preserving the status of an infected
machine for expert investigation)
21. Other Computing Policy Issues
Data
backup
Incidental use
Privacy
Offensive material
Licensing
22. Data Backup Policy - Users
– Users (data owners) responsible for
determining:
• What data requires protection;
• How destroyed data would be recovered, if needed;
• Coordinating backup plan w/ sysadmins;
– or doing their own backups;
• If the backup is done for you it might be worth
occasionally checking that you can really retrieve
the data
23. Incidental Computer Usage
Fermilab
permits some non business use of
lab computers
Guidelines are at
http://security.fnal.gov/ProperUse.htm
24. Activities to Avoid
Large grey area, but certain activities are “over the
line”;
–
–
–
–
–
Illegal;
Prohibited by Lab or DOE policy;
Embarrassment to the Laboratory;
Interfere w/ performance of job;
Consume excessive resources;
Example: P2P (peer to peer) software like Skype
and BitTorrent: not explicitly forbidden but very
easy to misuse!
25. Privacy of Email and Files
Fermilab
normally respects the privacy of
electronic files and email;
Employees and users are required to do
likewise;
Certain exemptions for system managers
and computer security response;
All others must have Director(ate) approval;
26. Privacy of Email and Files
May
not use information in another
person’s files seen incidental to any activity
(legitimate or not) for any purpose w/o
either explicit permission of the owner or a
“reasonable belief the file was meant to be
accessed by others.”
– Whether or not group/world accessible;
– “Group” files implicitly may be used by the
group for the mission of the group;
27. Offensive Material on
computers
Many
“computer security” complaints are
not;
Material in a computer is like material in a
desk;
– With respect to both privacy and
appropriateness;
This
is a line management, not computer
security, concern (except in egregious
cases).
28. Software Licensing
Fermilab
is strongly committed to
respecting intellectual property rights
Any use of unlicensed commercial software
is a direct violation of lab policy
29. Summary: User
Responsibilities
Appropriate
use of computing resources
Prompt incident reporting
Proper Information handling (see Protecting
Personal Information course)
Know how your data is backed up
Receive computer security training
Respect privacy of electronic information
30. Summary: System Admin
Responsibilities
System
registration
Virus protection, patching and configuration
management
Access control: telnet an ftp type services
require kerberos authentication
Do not offer any of the restricted central
services