UC Davis Vulnerability Scanning and Remediation 2005 Larry Sautter Award UC Davis, Information and Education Technology.

Slides:



Advertisements
Similar presentations
SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.
Advertisements

University of Florida Incident Tracking and Reporting Kathy Bergsma
Bucharest, July 31, 2012 | Bitdefender 2012 Cloud Security for Endpoints Customer Presentation.
Network Security aka CyberSecurity Monitor and manage security risks at the network level for the entire Johns Hopkins Network.
Summer IAVA1 NATIONAL INFORMATION ASSURANCE TRAINING STANDARD FOR SYSTEM ADMINISTRATORS (SA) Minimum.
Graduate System for Management of Admissions, Alumni & Records Tracking (Grad SMAART) January 8, 2007 Office of Graduate Studies.
Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.
University of California, Davis1 Draft Wireless Network Policy Administrative Computing Coordinating Council September 10, 2001.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
Trend Micro Round Table May 19, Agenda Introduction – why switch? Timeline for implementation Related policies Trend Micro product descriptions.
Computer Security: Principles and Practice
IBM Security Network Protection (XGS)
© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.
Network and Systems Security Security Awareness, Risk Management, Policies and Network Architecture.
Department Of Computer Engineering
Fermilab VPN Service What is a VPN ?.
Being Proactive with Computer Posture Assessment Department of Housing and Residence Education Charles Benjamin.
Trend Micro Deployment Kelvin Hwang IT Services University of Windsor.
EDUCAUSE Security 2006 Internet John Brown University.
Managing Client Access
Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.
Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.
© 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker.
The Operator Neutral Access At KistaIP. KistaIP ? Is a student dorm with 144 apartments.
HIPAA COMPLIANCE WITH DELL
Cosmos Security Feature Overview Product Planning Group Samsung IT Solutions Business 12 July 2010.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
September 29, 2009Computer Security Awareness Day1 Fermilab.
Honeypot and Intrusion Detection System
Rwanda GovNet Xuan Pan Nkusi Issa Claude Hakizimana Joakim Slettengren Innocent Nkurunziza Xuan Pan Nkusi Issa Claude Hakizimana Joakim Slettengren Innocent.
SALSA-NetAuth Joint Techs Vancouver, BC July 2005.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Chapter 6 of the Executive Guide manual Technology.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.
RINGS (ResNet Integrated Next Generation Solution) Educause Security Professionals Conference 2006.
1 Improving Security Through Automated Policy Compliance Christopher Stevens Director of Network and Technical Services Lewis & Clark College Educause.
Module 4 Quiz. 1. Which of the following statements about Network Address Translation (NAT) are true? Each correct answer represents a complete solution.
SECURE WIRELESS NETWORK IN IŞIK UNIVERSITY ŞİLE CAMPUS.
April 09, 2008 The Demilitarized Zone as an Information Protection Network, By Parvathy Subramanian 1 The Demilitarized Zone as an Information Protection.
Resnet Enhancements and Directions Part 1, Bruce Campbell, Information Systems and Technology.
Addressing Unauthorized Release of Personal Information at UC Davis August 12, 2003.
Cisco 3 - Switch Perrine. J Page 111/6/2015 Chapter 5 At which layer of the 3-layer design component would users with common interests be grouped? 1.Access.
Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.
The Impact of Evolving IT Security Concerns On Cornell Information Technology Policy.
CU – Boulder Security Incidents Jon Giltner. Our Challenge.
INDIANAUNIVERSITYINDIANAUNIVERSITY Indiana University Update Tom Zeller
Chapter 6: Securing the Local Area Network
IT Security Policy: Case Study March 2008 Copyright , All Rights Reserved.
Chapter 12 Implementation and Maintenance
Robert Ono Office of the Vice Provost, Information and Educational Technology September 9, 2010 TIF-Security Cyber-safety Plans for 2010.
Understand Network Isolation Part 2 LESSON 3.3_B Security Fundamentals.
I NTRUSION P REVENTION S YSTEM (IPS). O UTLINE Introduction Objectives IPS’s Detection methods Classifications IPS vs. IDS IPS vs. Firewall.
Quickly Establishing A Workable IT Security Program EDUCAUSE Mid-Atlantic Regional Conference January 10-12, 2006 Copyright Robert E. Neale This.
WINS Monthly Meeting 06/05/2003 WINS Monthly Meeting 06/05/2003.
ORNL Site Report ESCC July 15, 2013 Susan Hicks David Wantland.
GFI LANguard Matt Norris Dave Hone Chris Gould. GFI LANguard: Description Through the performances of the three (3) cornerstones of vulnerability management:
ASHRAY PATEL Securing Public Web Servers. Roadmap Web server security problems Steps to secure public web servers Securing web servers and contents Implementing.
Welcome Information Security Office Services Available to Counties Security Operations Center Questions.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Creating the Network Design Designing and Supporting Computer Networks – Chapter.
Introducing Kaspersky Anti-Virus 6.0 for Windows Workstations Introducing Kaspersky ® Anti-Virus 6.0 for Windows Workstations.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
Isolating and Protecting Devices on the Network A database-driven methodology Tom Zeller June 2008.
Secure Software Confidentiality Integrity Data Security Authentication
Access Portal
SECURE WIRELESS NETWORK IN IŞIK UNIVERSITY ŞİLE CAMPUS
Healthcare Cloud Security Stack for Microsoft Azure
IS4680 Security Auditing for Compliance
Cloud Security for Endpoints
Healthcare Cloud Security Stack for Microsoft Azure
Presentation transcript:

UC Davis Vulnerability Scanning and Remediation 2005 Larry Sautter Award UC Davis, Information and Education Technology

UC Davis Vulnerability Scanning and Remediation Project description and background Project description and background Project Objectives Project Objectives Protecting the campus network Protecting the campus network Scalable technology Scalable technology Education Education Questions Questions

Project Description A proactive approach to reducing threats to computing resources and enhancing the protection of university electronic information.

Project Objectives Protect the integrity of the campus computing environment Protect the integrity of the campus computing environment Provide a cost-effective solution for vulnerability scanning and remediation Provide a cost-effective solution for vulnerability scanning and remediation Develop a scalable system Develop a scalable system Educate campus computer users, support staff and system administrators Educate campus computer users, support staff and system administrators

Timeline September 2003 September 2003 –Temporary scanning system deployed to detect RPC vulnerabilities October 2003 October 2003 –Reduction in vulnerable and/or infected systems on campus network from more than 700 to fewer than 40 in four weeksMay 2004 –Planning for a permanent vulnerability scanning system was initiated September 2004 September 2004 –Computer Vulnerability Scanning Policy adopted by Campus –Rebuilding/redeployment of the campus vulnerability scanning system components –Threat analysis subscription begins –Database upgrades made January 2005 January 2005 –Honeypot integrated into permanent scanning system June 2005 June 2005 –Intrusion detection system (IDS) integrated into vulnerability scanning system July 2005 July 2005 –Campus vulnerability scanning system is in full production mode

Computer Vulnerability Scanning Policy All computers, servers, and other electronic devices connected to the campus network shall be kept free of critical security vulnerabilities. All computers, servers, and other electronic devices connected to the campus network shall be kept free of critical security vulnerabilities. Individuals whose computers present critical security vulnerabilities must correct those vulnerabilities in a timely manner before connecting to the campus network. Individuals whose computers present critical security vulnerabilities must correct those vulnerabilities in a timely manner before connecting to the campus network. Computers found to contain critical security vulnerabilities that threaten the integrity or performance of campus network will be denied access to campus computing resources, and may be disconnected from the campus network to prevent further dissemination of infectious or malicious network activity. Computers found to contain critical security vulnerabilities that threaten the integrity or performance of campus network will be denied access to campus computing resources, and may be disconnected from the campus network to prevent further dissemination of infectious or malicious network activity.

Protecting the Campus Network

Vulnerability Assessment Mechanisms Nessus (scanlite perl module) is used to scan campus systems daily for 1-3 vulnerabilities Nessus (scanlite perl module) is used to scan campus systems daily for 1-3 vulnerabilities Nessus is used to identify compromised systems during web-based authentication Nessus is used to identify compromised systems during web-based authentication Labrea (honeypot) is used to identify malicious network traffic on an unannounced network segment Labrea (honeypot) is used to identify malicious network traffic on an unannounced network segment Bro (IDS) identifies malicious network traffic. Bro can use the snort rule set. Bro (IDS) identifies malicious network traffic. Bro can use the snort rule set.

Vulnerability Assessment Database IP Address IP Address Date Date Type (honeypot, scan, IDS) Type (honeypot, scan, IDS) MAC address MAC address Username Username

Input Sources VLAN assignments (What IPs shall we scan?) VLAN assignments (What IPs shall we scan?) VLAN technical contact (Who do we contact if there is a problem?) VLAN technical contact (Who do we contact if there is a problem?) ARP table records (What MAC address is associated with a particular IP?) ARP table records (What MAC address is associated with a particular IP?) MAC address ownership (Who registered a particular MAC address?) MAC address ownership (Who registered a particular MAC address?) Web authentication (What IP is attempting to authenticate to a UCD web site?) Web authentication (What IP is attempting to authenticate to a UCD web site?) Threat selection (What threats represent highest risk to campus?) Threat selection (What threats represent highest risk to campus?) Web/Daily Scan Capability (What Nessus security plug-ins are available?) Web/Daily Scan Capability (What Nessus security plug-ins are available?)

Scalable Technology Production System ComponentHardwareOperating SystemApplication Web Authentication ScannerSun V210 (2)Solaris Nessus/Scan Lite Daily Network ScannerSun V210 (2)Solaris Nessus/Scan Lite Intrusion Detection SensorDell 2650 (2) LinuxBRO Network HoneypotDell 1750 (1)LinuxLaBrea DatabaseDell 2650 (1) and Dell PowerVault 220 (2) with 2TB Storage LinuxMySQL Web ServerSun V210 (1)SolarisApache Test ServerDell 1750 (1)LinuxVMware

Educating the Campus Community

Faculty, Staff and Students Formal discussions with senior campus administrators and advisory groups Formal discussions with senior campus administrators and advisory groups alerts/announcements alerts/announcements Print and Web publications Print and Web publications Posters and Flyers Posters and Flyers Self-initiated scans Self-initiated scans Scan results pages Scan results pages

Technical Staff Formal discussions Formal discussions Computer & Network Security Report (secalert.ucdavis.edu) Computer & Network Security Report (secalert.ucdavis.edu) notifications notifications “Top Ten” graphs “Top Ten” graphs

ids ids

/ids

Lessons Learned and Next Steps Nessus limitations Nessus limitations Reliance on campus unit system administrators Reliance on campus unit system administrators Enhance integration with Remedy trouble-ticketing system Enhance integration with Remedy trouble-ticketing system Product integration via database is not readily available Product integration via database is not readily available

Questions

Contact Information Robert Ono, Robert Ono,

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.