SLAC Vulnerability Scanning Cyber Security Working Group - LBL December 5, 2005 Teresa Downey - SLAC.

Slides:



Advertisements
Similar presentations
Process Improvement Analysis and Reporting APPLICATIONS TOOLS COMPONENTS CONSULTING.
Advertisements

Security Update Server Registration, Active scanning and Windows patching.
The Free IT Management App & Community. What Do I Have? How Do I Keep Track of Everything? Is Everything Working? How Do I Fix IT? IT Admin What IT Pros.
MY INTERNSHIP AT TFA BY: LARRY NGUYEN. WHAT I LEARNED  TECHNICAL  TECHNICAL SKILLS  TEAM  TEAM WORK  BASIC  BASIC FUNDAMENTALS  COMPUTER  COMPUTER.
System and Network Security Practices COEN 351 E-Commerce Security.
Terri Lahey LCLS Facility Advisory Committee 20 April 2006 LCLS Network Security Terri Lahey.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
Patching MIT SUS Services IS&T Network Infrastructure Services Team.
Information Technology Audit Process Business Practices Seminar Paul Toffenetti, CISA Internal Audit 29 February 2008.
Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.
Spiceworks Overview Enterprise Business Group Jul-2015.
Fermilab VPN Service What is a VPN ?.
UNIT 9 SEMINAR – THE LAST ONE  ! Unit 9 Chapter 9 in CompTIA Security + 1 Course Name – IT Introduction to Network Security Instructor – Jan McDanolds,
Automating Endpoint Security Policy Enforcement Computing and Networking Services University of Toronto.
Desktop Security: Worms and Viruses Brian Arkills, C&C NDC-Sysmgt.
W3af LUCA ALEXANDRA ADELA – MISS 1. w3af  Web Application Attack and Audit Framework  Secures web applications by finding and exploiting web application.
First Community Bank Prevx Safe Online Rollout & Best Practice Presentation.
1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.
Chapter 14: Remote Server Administration BAI617. Chapter Topics Configure Windows Server 2008 R2 servers for remote administration Remotely connect to.
Module 4: Add Client Computers and Devices to the Network.
Deploying Vulnerability Management and Policy Compliance on a Global Scale ON TIME – ON BUDGET – ON DEMAND Implementation Best Practices by David French.
Home Media Network Hard Drive Training for Update to 2.0 By Erik Collett Revised for Firmware Update.
CERN’s Computer Security Challenge
Kabissa – Space for Change in Africa Developing Country Access to Online Scientific Publishing October 4-5, 2002 Trieste, Italy.
CIS 460 – Network Design Seminar Network Security Scanner Tool GFI LANguard.
Separate your corporate environment from unknown threats of the WEB. Define trusted WEB policy. Enforce the use of WEB browsers. Automatically distribute.
Network Operating Systems versus Operating Systems Computer Networks.
September 29, 2009Computer Security Awareness Day1 Fermilab.
Once you have contacted me to set up a new account, your computer needs to be configured to dial into.DevlinEx and use our servers for things like .
Vulnerabilities in peer to peer communications Web Security Sravan Kunnuri.
A New Production Environment for LCLS Controls System Ernest and Jingchen.
The Microsoft Baseline Security Analyzer A practical look….
1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.
Brian Arkills Software Engineer, LDAP geek, AD guy, Chief Troublemaking Officer Windows HiEd Conference 2006 Managed Workstations: UW Nebula.
Computing Division Helpdesk Activity Report Rick Thies May 23, 2006.
© 2001 by Carnegie Mellon University SS5 -1 OCTAVE SM Process 5 Background on Vulnerability Evaluations Software Engineering Institute Carnegie Mellon.
ISS SiteProtector and Internet Scanner LanAdmin Group Meeting 12/8/2005.
Google Apps (Education Edition) A step guide to a successful deployment January 10 th, 2008 California Technology Assistance Project
1 The System Menu. 2 The System menu Dashboard Page displayed upon every login. It encompasses several boxes organised in two columns that provide a complete.
Network Monitor By Zhenhong Zhao. What is the Network Monitor? The Network Monitor is a tool that gets information off of the host on the LAN. – Enumerating.
My Workspace ELearning in Sakai Randy Graff, PhD HSC Training.
Research Report Summary CIS Benchmark Security Configurations Eliminate 80 – 90 % of Known Operating System Vulnerabilities Bert Miuccio
Terri Lahey Control System Cyber-Security Workshop October 14, SLAC Controls Security Overview Introduction SLAC has multiple.
Small Business Security Keith Slagle April 24, 2007.
Microsoft Management Seminar Series SMS 2003 Change Management.
TCOM Information Assurance Management System Hacking.
Computer Security Status Update FOCUS Meeting, 28 March 2002 Denise Heagerty, CERN Computer Security Officer.
NetTech Solutions Protecting the Computer Lesson 10.
James S. Rothfuss, Computer Protection Program COMPUTING SCIENCES NETS Network Equipment Tracking System.
CAIU Technology Essentials All Staff Day, 2016 Instructor: Stefan Moyer.
Welcome and Logistics Joel Butler Fermilab. Outline Welcome from organizers Welcome from Fermilab Logistics.
Writing Security Alerts tbird Last modified 2/25/2016 8:55 PM.
Exchange and Anti-Virus Teresa Downey SLAC.
Yahoo Help Phone Number Get Instant Help.
Gaspar Modelo-Howard NEEScomm Cybersecurity Software Engineer Saurabh Bagchi NEEScomm Cybersecurity Officer.
Computing Division Helpdesk Activity Report Rick Thies October 10, 2006.
/Reimage-Repair-Tool/ /u/6/b/ /channel/UCo47kkB-idAA-IMJSp0p7tQ /alexwaston14/reimage-system-repair/
Common System Exploits Tom Chothia Computer Security, Lecture 17.
Switchvox SMB 4.6 for your peace of mind
The new dialup procedure requires the use of the EVPN client software to establish an active connection to the Lockheed Martin network. After January 31st,
CompTIA Security+ SY0-401 Real Exam Question Answer
Secure Software Confidentiality Integrity Data Security Authentication
How to Fix HP Printer Server Connection Error 403
Call to Fix QuickBooks Error
MEASURE I CITIZEN’S OVERSIGHT COMMITTEE MEETING
Nessus Vulnerability Scanning
Chapter 27: System Security
Designing IIS Security (IIS – Internet Information Service)
Computer Networks Protocols
Division of Engineering Computing Services
Presentation transcript:

SLAC Vulnerability Scanning Cyber Security Working Group - LBL December 5, 2005 Teresa Downey - SLAC

Tools Used  ISS RealSecure SiteProtector Consoles  1 ISS RealSecure SiteProtector DB  5 ISS Internet Scanners  1 DNS Registration DB (CANDO)  2 Windows Automated Patching Methods (that mostly work)  ~20 Desktop Admins (for when the automated patching doesn’t work)

“Daily” Scans  Lab is 24x7 – scans run 3x/day  “Daily” policy runs tests  Most are recent “critical” Windows patches  P2P and Remote Admin software tests  “No SA password” test  Finds the unexpected…

Updates to “Daily” Policy  All tests are listed in SLAC Security web page  Deadlines (if set) are found on same page  URLs to “disconnect” procedures as well  DHCP/VPN/Dial-UP Users  Deadline of ~10 days after patch release  Mailing list used to reach all “remote” users  Fixed IP Users  Only set deadlines on vulns w/ active exploits  Mailing list to reach all “windows” users

Enforcement of “Daily” Scan  Vulnerabilities found are dumped to CSV  Imported into Oracle DB; merged with DNS Registration DB (CANDO); and exported to Excel file on network  Tue/Thu = Desktop Admin  If past deadline – fix it or IP is blocked from Internet at 6PM – blocked immediately if dhcp/vpn/dial-up user  Fridays = System Admin “Nag”  If vulnerable (w/o deadline) for > 2 weeks  Mon/Wed/Sat – just Security – or notify SysAdmin if extremely critical patch missing  “Daily” scan & enforcement is 30 to 60 mins/day

“Quarterly” Scans  Web Servers  Standard ISS L4 Web Server Policy  Could switch to monthly  SANS TOP 20  Visitor Network  Public Networks  “Special” Networks (open, but critical apps)  Private Networks (haven’t gotten to these yet…)

Enforcement of “Quarterly” Scans  Trouble Tickets Created in RT  Most of the “highs” & a few of the “mediums”  Work with System Admins to get resolved or…  Move systems into Internet-Free-Zone  Rescanning; Assisting Admins; Closing Tickets is a huge effort. Takes about 1 month of my time. Hoping this drops each quarter.

ScanMe Application  To keep the Desktop Admins from constantly contacting me to re-scan…  One dedicated Internet Scanner with a Web front-end  Windows Authentication  Enter IP and Policy to use  Verify caller is authorized  PDF report is ed to requester  Big time-saver for me – Admins like it!

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.