Campus Technology Day Campus Security Review

605 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
605
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Campus Technology Day Campus Security Review

  1. 1. Campus Technology Day Campus Security Review September 25, 2003
  2. 2. <ul><li>Looking at the Network – Sean Atkinson </li></ul><ul><li>Campus Security Requirements – Dick Bednar </li></ul><ul><li>Meeting the Requirements – Dick Bednar </li></ul><ul><li>Notification Processes - Mike Marcinkevicz </li></ul><ul><li>ACAD, AD, & Other Domain Review – Mike Marcinkevicz </li></ul><ul><li>Questions </li></ul>Campus Security Review Session
  3. 3. Looking at the Network Sean Atkinson
  4. 4. Attacks in the Last 24 Hours  DOS Cisco attempt 6  DOS MSDTC attempt 74  SCAN FIN 79  WEB-IIS cmd.exe access 82  WEB-IIS ISAPI . ida attempt 99  Known Attacker - SCAN nmap TCP Ping 142  WEB-IIS WEBDAV nessus safe scan attempt 214  SCAN nmap TCP 227  SCAN FIN 315  WEB-MISC apache DOS attempt 353 Attack Type # of Attempts
  5. 5. Attacks in the Last 7 Days  DOS Cisco attempt 33  WEB-IIS CodeRed v2 root.exe access 64  DOS MSDTC attempt 67  WEB-IIS ISAPI . ida attempt 633  WEB-IIS cmd.exe access 707  Known Attacker - SCAN nmap TCP Ping 887  SCAN FIN 1048  SCAN nmap TCP 1056  WEB-MISC apache DOS attempt 1878  DOS MSDTC attempt 2369  WEB-MISC http directory traversal 7359  SCAN FIN 7575  DDOS shaft synflood 19885 Attack Type # of Attempts
  6. 6. Attacks in the Last 24 Days  DOS Cisco attempt 49  WEB-IIS CodeRed v2 root.exe access 109  DOS MSDTC attempt 159  WEB-IIS ISAPI . ida attempt 1152  Known Attacker - SCAN nmap TCP Ping 1553  WEB-IIS cmd.exe access 2005  SCAN FIN 2388  SCAN FIN 10561  DDOS shaft synflood 19885  DOS MSDTC attempt 34757 Attack Type # of Attempts
  7. 7. What's attacking us today?
  8. 8. Network Security Requirements Dick Bednar
  9. 9. <ul><li>Administrative Accounts for IT Security Group scanning & patching </li></ul><ul><li>Password minimums for duration, length, and complexity </li></ul><ul><li>Technical and Administrative Contacts for network devices </li></ul><ul><li>Installation and Update of critical service packs, hot fixes, and anti - virus </li></ul>Campus Security Requirements
  10. 10. <ul><li>Administrative Accounts </li></ul><ul><ul><li>Creation of domain and local admin accounts </li></ul></ul><ul><ul><li>Daily scanning of network devices </li></ul></ul><ul><li>Password mins. (local and domain) </li></ul><ul><ul><li>Must expire twice a year </li></ul></ul><ul><ul><li>Must be between 8 and 14 characters with the exception of ACAD system accounts </li></ul></ul><ul><ul><li>Must contain at least 3 of 4 character types of (lower case letter, upper case letter, special character, and numbers) </li></ul></ul>Meeting the Requirements
  11. 11. <ul><li>Establish Contacts for All Devices </li></ul><ul><ul><li>Technical contacts must be Unit 9, 12 month FT employees with a 24x7 accessible contact </li></ul></ul><ul><ul><li>Administrative contacts must be 12 month FT employees </li></ul></ul><ul><li>Critical OS And Application Updates </li></ul><ul><ul><li>Operating system and application critical patches must be installed and updated regularly. Minimums required for latest patch are the minimums required on network. </li></ul></ul><ul><ul><li>Update Expert and McAfee Anti-Virus are available for installation on campus workstations. </li></ul></ul><ul><ul><li>GPO’s available for use on qualified systems. </li></ul></ul>Meeting the Requirements II
  12. 12. Notification Processes & Domain Review Mike Marcinkevicz
  13. 13. <ul><ul><li>Vulnerability Identified </li></ul></ul><ul><ul><li>Vulnerability List Generated </li></ul></ul><ul><ul><li>List & Email sent to technical & admin contacts </li></ul></ul><ul><ul><li>Systems Patched by IT and/or local unit and depends upon: </li></ul></ul><ul><ul><ul><li>Domain membership </li></ul></ul></ul><ul><ul><ul><li>OU membership </li></ul></ul></ul><ul><ul><ul><li>Type of system </li></ul></ul></ul>Vulnerability Notification
  14. 14. Exploit Notification <ul><ul><li>When an exploit is available it is TOO LATE to try and patch workstations </li></ul></ul><ul><ul><li>Vulnerable and exploited systems are disconnected from the network and are not reconnected until they are patched and cleaned. </li></ul></ul>
  15. 15. WinTel Domains Review <ul><li>AD – ADministrative Domain </li></ul><ul><li>ACAD – ACADemic Domain </li></ul><ul><li>AD authenticated users can log into labs and resources in ACAD </li></ul><ul><li>ACAD students and users cannot login to AD campus resources. </li></ul><ul><li>Accounts can be created by IT coordinator request (ITRF) for Students working in Department offices who need access to AD resources </li></ul>ACAD DOMAIN Trust AD DOMAIN
  16. 16. AD Domain – Services - Existing <ul><ul><li>**Servers are members of the ‘Server’ OU. </li></ul></ul>IT Purchase & Support Update Expert Updates McAfee EPO Installed GPO Software Apps Rollout Dept. Purchased Dept. Supported Manual Updates McAfee EPO Available Dept. Software Apps Campus Domain Polices for Passwords Dept. Purchased Dept. Supported Manual Updates McAfee EPO Available Dept. Software Apps Local
  17. 17. AD Domain Services – New (10/03) <ul><ul><li>**Servers are members of the ‘Server’ OU. </li></ul></ul>IT Purchase & Support Update Expert Updates GPO Critical Patches McAfee EPO Installed GPO Software Apps Rollout Dept. Purchased IT Supported Admin Contact GPO Critical Patches Update Expert Updates McAfee EPO Installed Dept. Software Apps Campus Domain Polices for Passwords Dept. Purchased Dept. Supported Tech & Admin Contact Update Expert Available McAfee EPO Available Dept. Software Apps Local
  18. 18. No Domain Policies ACAD Domain Services - Existing Dept Purchase Dept Support Manual Updates McAfee EPO Available Dept. Software Update Depts. Division/Dept Labs Dept Support/Admin Manual Updates McAfee EPO Available Dept. Software Update Labs All Servers IT or Dept. Support Manual Updates McAfee EPO Available Dept. Software Update Servers
  19. 19. Domain Policies for Passwords Domain Updates for critical patches ACAD Domain Services – New 10/03 Dept Purchased Help Desk Support GPO Critical Patches Update Expert Updates McAfee EPO Installed Dept. Software Apps Campus Division/Dept Labs Dept Support/Admin Update Expert Updates McAfee EPO Available Dept. Software Apps Local All Servers IT or Dept. Support Manual Updates McAfee EPO Available Dept. Software Apps Servers
  20. 20. Other Wintel Domains Review <ul><li>Other domains on the campus network do not have trusts with ACAD or AD. </li></ul><ul><li>These other domains must follow the Campus Network Security Standards and Practices </li></ul><ul><li>Meetings for Lab Conventions and Domain Standards Compliance now being setup. </li></ul><ul><li>These other domains will be collapsed into the AD or ACAD domains by July 2004 unless exempted by CITO. </li></ul><ul><li>Migration plans for other domains into AD/ACAD are due by November 2003. </li></ul>ACAD DOMAIN AD DOMAIN OTHER DOMAINS Trust
  21. 21. OTHER Domain Services Local Purchase & Support Password Requirements Admin Contact Technical Contact IT Admin Access McAfee EPO Available Update Expert Available Dept. Software Apps OTHER
  22. 22. <ul><li>Setting conventions for Labs and Open systems </li></ul><ul><li>Setting conventions for Hardware and Software Minimums </li></ul><ul><li>Individual meetings in November with those units running domains for migration </li></ul>Campus Security Follow Up Meetings
  23. 23. QUESTIONS ??

×