Gaspar Modelo-Howard NEEScomm Cybersecurity Software Engineer Saurabh Bagchi NEEScomm Cybersecurity Officer.

Slides:

Advertisements

Similar presentations

Identification and Disposition of Official University Records University of Texas at Arlington Records Management.

Advertisements

Secure Systems Research Group - FAU Process Standards (and Process Improvement)

Security Controls – What Works

System and Network Security Practices COEN 351 E-Commerce Security.

SLAC Vulnerability Scanning Cyber Security Working Group - LBL December 5, 2005 Teresa Downey - SLAC.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

Computer Security: Principles and Practice

Introduction <Header Title> Last saved: YYYY-MM-DD

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

COEN 252: Computer Forensics Router Investigation.

CyberSecurity for NEEShub: Best-Practices and Lessons Learned Gaspar Modelo-Howard CyberSecurity Engineer George E. Brown, Jr. Network for Earthquake Engineering.

Incident Response Updated 03/20/2015

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Website Hardening HUIT IT Security | Sep

 Review the security rule as it pertains to ›Physical Safeguards ♦ How to protect the ePHI in the work environment ♦ Implementation ideas for your office.

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

HIPAA COMPLIANCE WITH DELL

What if you suspect a security incident or software vulnerability? What if you suspect a security incident at your site? DON’T PANIC Immediately inform:

Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.

CERN’s Computer Security Challenge

Asset & Security Management Chapter 9. IT Asset Management (ITAM) Is the process of tracking information about technology assets through the entire asset.

Chapter 6 of the Executive Guide manual Technology.

What if you suspect a security incident or software vulnerability? What if you suspect a security incident at your site? DON’T PANIC Immediately inform:

Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.

Computer and Network Security Issues –the Security Officer’s Perspective Jeff Savoy, Information Security Officer.

Safeguarding OECD Information Assets Frédéric CHALLAL Head, Systems Engineering Team OECD.

TECHNOLOGY GUIDE THREE Protecting Your Information Assets.

1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.

Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,

H UMAN R ESOURCES M ANAGEMENT Beki Webster Director, HR, Intelligence Systems Division Northrop Grumman Information Systems July 31, 2009.

© 2001 by Carnegie Mellon University SS5 -1 OCTAVE SM Process 5 Background on Vulnerability Evaluations Software Engineering Institute Carnegie Mellon.

Lesson 9-Information Security Best Practices. Overview Understanding administrative security. Security project plans. Understanding technical security.

Session 7 - Maintenance - contract and day-to-day Maintenance Support Presenter  Grenville Powell (Managing Director - of Shokaz Integrated Computing.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

Note1 (Admi1) Overview of administering security.

MP Failover DNS Option 1 for API Failover The same DNS structure that allows ERCOT to fail over services between sites can also be used to allow MPs to.

Information System Audit : © South-Asian Management Technologies Foundation Chapter 10 Case Study: Conducting an Information Systems Audit.

Chapter 2 Securing Network Server and User Workstations.

Computer Security Risks for Control Systems at CERN Denise Heagerty, CERN Computer Security Officer, 12 Feb 2003.

PCI Training for PointOS Resellers PointOS Updated September 28, 2010.

Retina Network Security Scanner

Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.

IPv6 security for WLCG sites (preparing for ISGC2016 talk) David Kelsey (STFC-RAL) HEPiX IPv6 WG, CERN 22 Jan 2016.

CSCE 201 Identification and Authentication Fall 2015.

“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.

Syo-401 Question Answer. QUESTION 1 An achievement in providing worldwide Internet security was the signing of certificates associated with which of the.

GFI LANguard Matt Norris Dave Hone Chris Gould. GFI LANguard: Description Through the performances of the three (3) cornerstones of vulnerability management:

The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit.

Contingency Management Indiana University of Pennsylvania John P. Draganosky.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.

Information Systems Security

Blackboard Security System

Review of IT General Controls

Securing Network Servers

Cybersecurity - What’s Next? June 2017

Working at a Small-to-Medium Business or ISP – Chapter 8

Critical Security Controls

TECHNOLOGY GUIDE THREE

MEASURE I CITIZEN’S OVERSIGHT COMMITTEE MEETING

Printer Admin Print Job Manager

ISMS Information Security Management System

Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.

County HIPAA Review All Rights Reserved 2002.

Information Security Awareness

IT and Development support services

Neopay Practical Guides #2 PSD2 (Should I be worried?)

Features Overview.

Presentation transcript:

Gaspar Modelo-Howard NEEScomm Cybersecurity Software Engineer Saurabh Bagchi NEEScomm Cybersecurity Officer

 Scanning of Remote Sites  Incident Response Procedure  Best Security Practices  Remote Authentication Service  NEEScomm Security Operational Duties GOAL  Ensure that NEEScomm can operate and maintain its IT resources to serve the NEES community

 Objective: To check the security of the IT resources at the sites  Guiding principles: ◦ Be proactive ◦ Minimize impact to the sites’ activities  Will be done once per year ◦ Remote (non-intrusive) scans from “inside” the network ◦ Limited to site IT assets from inventory ◦ Time schedule determined between SIM and CSO

 Candidate scanners to be used: Nessus, Nikto, web app scanners  Critical vulnerabilities will be immediately identified and reported to SIM with mitigation hints  Each discovered vulnerability will follow an incident report procedure  Results of the scan will be documented in a comprehensive archival report

 If it pertains to operation of NEES IT resources, at earliest possible opportunity  Form available from (not working yet)  Telephone line set up ◦ Report the incident via a voice message ◦ Greeting message will prompt for required information and will trigger a ticket which will notify NEEScomm IT support ◦ NEEScomm IT will contact the person reporting the cybersecurity incident to gather standard information, primarily IP and description of incident ◦ Information will be recorded in the current ticketing system and will be tagged as a cybersecurity incident

 A team for resolving the incident will be developed by the CSO in consultation with the SIM  Criticality level of the incident will be determined: critical, important, moderate, low  Site IT resource may be taken offline to prevent spread of the security incident  Record will be kept of the incident progression through the ticketing system  Incidents of a grave nature will need to be reported to NSF, as per agreement with NSF

 Modification of previous remote authentication service (gridauth.cgi) by Karan Bhatia ◦ Objective was to make as few changes (to users) as possible  Accessible thru  Complete URL: /gridauth.cgi?username=uuuuuuu&password =ppppppp

 User account administration  NEEScomm servers audit ◦ Source code  File integrity checker  Intrusion detection system

1. Encourage difficult to guess, easy to remember passwords, especially administrators accounts 2. Keep your systems up-to-date with patches and updated software versions 3. Monitor system logs periodically 4. Have backup and disaster recovery processes 5. Create educational sessions for users – we can help 6. Screen lock on unattended user terminals 7. Decide from which IP addresses you will allow users to connect to your critical IT assets  Sites’ feedback is appreciated

Contact: Gaspar Modelo-Howard / Saurabh Bagchi, PhD /

gama.neeshub.org Existing Accts.: 222 Migrated: 1258 NOT migrated: 367 Migrated: 1258 neesforge.neeshub.org Migrated: 159 NOT migrated: 138 ml.neeshub.org Migrated: zero NOT migrated: 1788 Migrated: 159 Migrated: zero Total Number of Accounts: 1639

 Unix47%  Windows44%  Others9%