Vulnerability Management Team Information Security Office

Slides:

Advertisements

Similar presentations

“The Honeywell Web-based Corrective Action Solution”

Advertisements

KompoZer. This is what KompoZer will look like with a blank document open. As you can see, there are a lot of icons for beginning users. But don't be.

M2 – Explain the tools and techniques used in the creation of an interactive website. By Arturas Vitkovskij.

Technical Methodology (bottom-up) Lesson 8. 6-step Process Step 1: Site Survey Step 2: Develop a test plan Step 3: Build the toolkit Step 4: Conduct the.

SecurityCenter Reporting Nessus Scan Report. SecurityCenter Reports For customers who use Nessus for vulnerability scanning and then move to SecurityCenter,

We are partners in learning.. Note: Office 365 works best in Internet Explorer V 9 or above. Some features do not work in PWCS’s Chrome Browser or in.

How to Establish a Blog. What is a Blog A blog is a collection of informational articles/ideas intended to update a viewer on new information associated.

EASY TEAM MANAGER By Dave Abineri EASYWARE: PO Box 231, Milford, OHIO (Cincinnati) Phone: (513) Use UP arrow to move to the NEXT slide Use.

E-Newsletter Guide April, © 2003, Cisco Systems, Inc. All rights reserved. Web-based E-Newsletter Template Tool for WWE & Academy Theater staff.

EVIDENCE-BASED ASSESSMENT … COMOX VALLEY SCHOOL DISTRICT #71.

Website Development and Web Presence ASSISTANCE CREATING EFFECTIVE ONLINE PRESENCE-- CUSTOMIZING YOUR ONLINE BRAND TO MAXIMIZE BENEFIT TARGETING GOALS.

Network Address Translation (NAT)

How to Pay for a Food Order in TechBuy using America To Go Texas Tech University System August 2014.

A Step by Step Guide How to add your own pages to the website.

Go to your school’s web locker site school name.schoolweblockers.com) Your user name is the first letter of your first name, the first four.

© 2012 Cengage Learning. All Rights Reserved. This edition is intended for use outside of the U.S. only, with content that may be different from the U.S.

Go to your school’s web locker site Your user name is the first letter of your first name, the first four letters of.

Office of Information Technology Help Desk: ECS 020 Phone: Web UMBC Uploading your personal.

Selling a Product or Service Website. Website Objective Developing or Designing a Website 40 Questions and Questionnaire with 30 questions are to be filled.

Welcome Teachers! - WELCOME TO TEACHER WEBSITE BUILDING 101.

Big6 Research and Problem Solving Skills 6 th Grade Project Creating a Travel Brochure.

7 th Grade Big6 Project Assignment: Make a children’s informational book (It can be in graphic novel format or regular picture-book format)

MAKE YOUR BUSINESS GROW WITH WEB CONTENT MANAGEMENT In today’s world, internet is used as one of the most important and effective marketing tool. For.

Why Work In Groups ? Tahoma Jr. High 8 th Grade Science Maple Valley, WA.

THE NEW MOBILE WORKSPACE Enable Business Applications on Mobile Devices hopTo Work “I am amazed to see how easily hopTo transforms the user interface of.

© Ms. Masihi.  A Web page contains text and images that convey specific information to viewers.  To create a new web page, open Dreamweaver and select.

Here’s Why You Should Choose Website Builders over Other Options Squarespace allows you to add and move around your content (text, video, images, sounds,

A Marketer’s Template for Creating Buyer Personas [name] [demographic]

Local Points of Contact Webinar

Can the Patient Registration Department get value from collection agency data?

Core ELN Training: Office Web Apps (OWA)

Frequently Asked Questions

2 March 2017 Jevgenija Sevcova, EIFL Programmes and events coordinator

SurveyDIG 2.1 Tutorial.

University Wide Vulnerability Scanning Program

Automating Security Frameworks

ROUTERS AND REDUNDANCY

Routers and Redundancy

Welcome to Employee Self Service

Reading and taking notes

Submitting Requests to IT

Using Cornell Notes in the Math classroom.

How To Make Your Content Marketing

Introducing To Networking

Create your Benner - intro

How To Make Your Content Marketing

Content Strategy: What is it and why is it Important

SOCIAL MEDIA MARKETING

Intro to Ethical Hacking

Research Presentation

Social Media and Networking for a University

CTAERN/DOE System Level Counselor Coordinator Profile Entry Initiative

2-1-1 Automated Verifications

FACULTY & STAFF ONLY WEB SPACE

with Pearson’s MyITLab for Office 2013

The Welcoming Walkthrough

Topic 5: Communication and the Internet

CTAERN/DOE System Level Counselor Coordinator Profile Entry Initiative

APPROPRIATE POINT OF CARE DIAGNOSTICS

with Pearson’s MyITLab for Office 2010

Crowdfunding Let’s Grow State Getting Started

Contents Co-operation about one common register Public accessible

Hands-On: FSA Assessments For Foreign Schools

The Deming Prize.

with Pearson’s MyAccountingLab

DNS Security The Domain Name Service (DNS) translates human-readable names to IP addresses E.g., thesiger.cs.ucla.edu translates to DNS.

Live Event resources Pre- event checklist Planning template

Management How-To Guide

KRV GURU Imagination & Innovation ISO 9001:2015 Certified An Award-Winning Company Website: |

Research Presentation

Presentation transcript:

Vulnerability Management Team Information Security Office Web Cluster Scans Vulnerability Management Team Information Security Office Intro!

Where do we start? Why is this important? What is the web cluster? To understand a web cluster, you need to start with a web server. A single server that hosts web content for others to see. A cluster is simply a group of servers that all host the same content, and you do this when you expect a large amount of traffic, as our main web presence does. In order to make this cluster work, you need staff. Lots of staff. You need staff to manage the servers themselves, which we have within OIT, and you need developers to manage the code, content, and functionality of the web applications, which we also have through University Web Services and the departmental developers that work for specific areas of the campus community. Once you have both of these elements, along with a sound network to host them on, you get your www.utdallas.edu web presence. This is important because our web presence is our number one way that the world gets to know us. It’s helpful to those who are a part of UT Dallas, but it is much more valuable to the outside world. So, between the servers, the different departments who own different sections of our web presence through the cluster, and everything in-between – where do we start?

786 57 28% Inventory Document Contact Report Plan Scan We start with an inventory, which we already have completed for the top level directory structure of the web cluster. There are 786 top level directories within the cluster. Then, we start getting in touch with those who we have identified as the content owners or custodians for those areas. This is usually the department web developer or UWS. We have identified at least 57 unique points of contact. We are still waiting to hear back from a few areas, but this number could easily be above 60 by the time everything is finalized. We then plan out our strategy. When to scan, what to include, what to prepare for, etc. will all be asked at this point in time. During this planning process, we’re going to be working through some findings we have come across during the inventory process, including 28% of all top level directories leading to some form of error page, which we believe is most likely going to be some easy cleanup. Once we feel good about our plan, we move forward and scan the application(s) using our web application scanning tool, Trustwave App Scanner. After the scans have finished, we then report our findings, even if the findings are that the application looks good. If items need to be addressed, we report those findings and rescan the application to verify that changes have resolved the findings. Finally, after all of those steps are done, we document everything. We want to retain this information for future usage. Let’s not forget this important arrow, which will actually get his own slide right after this. I’ve colored him different from the others for easy recognition. Since there are hundreds of top level directories, each will need to be tested and run through this cycle. We can do more than one at a time, but those determinations will be made at a later date. Report Plan Scan

Web Application Classification “All applications are subject to periodic application vulnerability scans conducted or sponsored by the Information Security Office. For applications that are Internet-accessible or host Confidential or Controlled Data, these scans must be conducted at least annually. All other applications must be scanned for application vulnerabilities every two years.” -ISO Web-based Application Standard We have established a web classification format within our group. This qualitative assessment uses multiple factors, some weighted higher than other, to establish how frequently something should be rescanned. The more important the data, for instance, the more likely we would want to rescan that application. With that in mind, we want to take this opportunity to also discuss the results of each directory scan with the responsible parties for each area and have the classification conversation. We will need to work out details on how to perform the subsequent rescans in the future, but for now, just getting started with the initial conversation would be a big help for future efforts.

Questions? Questions?