Security Issues Steve Lovaas, ACNS IAC, 22 April 2008 Colorado State University1.

Slides:



Advertisements
Similar presentations
An Indispensable Quality Assurance Tool for Dairy Processing Plants.
Advertisements

A Reliable and Secure Network TM105: ESTABLISHING SANE TECHNOLOGY POLICIES FOR YOUR PROGRAM.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
The World of Access Controls
1 Creating a Data Backup Oakland University University Relations Updated - June 2006.
1 SANS Technology Institute - Candidate for Master of Science Degree 1 Automating Crosswalk between SP 800, 20 Critical Controls, and Australian Government.
CTS IT Security Enhancement Projects December 10, 2014.
DEV333. Describe each main attack Demo how the attack works Fix our poor vulnerable application! Why Script Kiddies, Why? Click to Hack.
David A. Brown Chief Information Security Officer State of Ohio
Current Security Threats WMO CBS ET-CTS Toulouse, France May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.
Strengthening Password Policy via Outlook Features Password Policy and How-To Guide Richard Steiner December 16, 2003
WCL317 Disclaimer The information in this presentation relates to a pre-released product which may be substantially modified before it’s commercially.
-Ajay Babu.D y5cs022.. Contents Who is hacker? History of hacking Types of hacking Do You Know? What do hackers do? - Some Examples on Web application.
SLAC Vulnerability Scanning Cyber Security Working Group - LBL December 5, 2005 Teresa Downey - SLAC.
Open-MS (Open-Management System) Ethan Hann
Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
Client Server Security. Introduction Although client/server architecture is the most popular and widely used computing environment, it the most vulnerable.
Varun Sharma Security Engineer | ACE Team | Microsoft Information Security
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Client Server Security DeSiaMorePowered by DeSiaMore1.
Security Scanning OWASP Education Nishi Kumar Computer based training
Using Cornell’s Spider to scan for sensitive information January 27, 2009 Steve Lovaas, ACNS Colorado State University.
MIT Libraries’ FileMaker Use Policy as an example local DLC policy.
Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.
Evolving Threats. Application Security - Understanding the Problem DesktopTransportNetworkWeb Applications Antivirus Protection Encryption (SSL) Firewalls.
IDENTITY MANAGEMENT: PROTECTING FROM THE INSIDE OUT MICHAEL FORNAL, SECURITY ANALYST PROVIDENCE HEALTH & SERVICES SOURCE SEATTLE CONFERENCE
Sensitive Data Accessibility Financial Management College of Education Michigan State University.
Watchfire AppScan Web Application Security Software Omen Wild September 2007.
Chapter 6 of the Executive Guide manual Technology.
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
I CLUB central Don’t fear the online © 2002, ICLUBcentral, Inc., all rights reserved Common concerns about NAIC Online Club Accounting
Introduction to Barracuda IM Firewall. Two Security Products in One Public IM Management –Manages traffic from public IM clients, including AIM, Yahoo!
Instructional & Information Technology Services Fall, Activities and Updates Teresa Macklin Information Security Officer Information Security.
TAMUCC EPA SECURITY Security Training for Users of Canopy for Creation and Approval of Payroll Documents.
Information Technology at Emory Information Technology Division Technical Services IT Briefing Agenda 7/17/05 New scanning tools EOL/eVax & BTS Oracle.
The University of Georgia. /1002 Ensure that the University is appropriately managing risk to information assets and information services.
How to Integrate Security Tools to Defend Data Assets Robert Lara Senior Enterprise Solutions Consultant, GTSI.
Behind Enemy Lines Administrative Web Application Attacks Rafael Dominguez Vega 12 th of March 2009.
Security (Keep your site secure at extension level) Sergey Gorstka Fastw3b.
CHECO Jared Owensby – Technical Paul Herbka – Pricing & Purchasing South Seas Corporation.
Presentation to the CIO PREPARED BY: JOSHUA SMITH, GARY FAULKNER, BRANDON VAN GUILDER, AND ERIC RUSCH.
Lesson 19-E-Commerce Security Needs. Overview Understand e-commerce services. Understand the importance of availability. Implement client-side security.
1 ECE 4112 Internetwork Security: Web Application Security 28 April 2005 John Owens Shantan Pesaru.
Utimaco Disk Encryption at Colorado State University Steve Lovaas Mike Willard Academic Computing & Networking Services.
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
| nectar.org.au NECTAR TRAINING Module 5 The Research Cloud Lifecycle.
Robert Ono Office of the Vice Provost, Information and Educational Technology September 9, 2010 TIF-Security Cyber-safety Plans for 2010.
Computer Security By Duncan Hall.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Web Security.
EECS 354: Network Security Group Members: Patrick Wong Eric Chan Shira Schneidman Web Attacks Project: Detecting XSS and SQL Injection Vulnerabilities.
Chapter 9  Definition of terms  List advantages of client/server architecture  Explain three application components:
SSN Rescan and Purge Redux Pat Burns, VPIT January 29, 2008.
(2011) Security Breach Compromises 75,000 Staff/Student Social Security Numbers Image from this Site Presenters: Aron Eisold, Matt Mickelson, Bryce Nelson,
OWASP ASVS Levels1234 Tools Manual Test and Review Manual Design Review At higher levels in ASVS,the use of tools is encouraged. But to be effective,the.
Cyber Security in the Mobile Era KEEPING ENTERPRISE DATA SAFE IN THE BYOD ERA.
Enterprise Mobility Suite: Simplify security, stay productive Protect data and empower workers Unsecured company data can cost millions in lost research,
Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.
Introduction to Barracuda IM Firewall
EITAC Cybersecurity program and IT Security updates
BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT
A “Future-Proof” Firewall: Juniper SRX 5800
A Future-Proof Firewall: Juniper SRX 5800
Technology Audit Plan ----BCSY University
Vulnerability Management Team Information Security Office
Topic 5: Communication and the Internet
Vulnerability in an Android App I Found last November - Attack and Countermeasure - Ken Okuyama Sony Digital Network Applications.
6. Application Software Security
Fy ‘08 NETWORK PLANNING TASK FORCE
Presentation transcript:

Security Issues Steve Lovaas, ACNS IAC, 22 April 2008 Colorado State University1

2 The big issues this month… Encryption Utimaco SafeGuard Enterprise SQL Injection, database attacks WatchFire AppScan User behavior and culture Risk Analysis Background Checks SSN rescan and purge

Encryption: Utimaco SafeGuard Disk encryption product, protecting sensitive data loss on mobile computers Architecture in place, testing the deployment process Departments that participated in the January training are beginning to deploy Training for other departments coming soon Network share encryption – new module expected next month Colorado State University 3

Web Apps: WatchFire AppScan Web application vulnerability scanner  SQL injections [just had one this month!]  Cross-site scripting  IIS/Apache/.NET vulnerabilities Complex tool, requires consultation for setup and interpretation of results Have scanned a number of departments, contact ACNS if you’re interested Colorado State University 4

Behavior/Culture: Risk Analysis Have a draft tool, reviewing with Internal Auditing Goals for the first iteration  Responsibilities  Behavior  Controls Test first round this summer Colorado State University 5

Behavior/Culture: Background Checks Last year, IAC strengthened sub-committee’s recommendation: check ALL employees w/ access to sensitive data New committee working on University-wide policy Seeking clarification on policy overlap More details in April… Colorado State University 6

Behavior/Culture: SSN scanning Most colleges/departments are done  Removed a substantial number of SSNs (mostly from servers that didn’t get scanned last time around) Huge amount of extra, unexpected work  Both necessary and greatly appreciated A few larger departments are still finishing up with removal/remediation Remaining SSNs require an exception request, and will need to be encrypted Colorado State University 7

Please contact me Dealing with security is my job – both planning to prevent issues and responding to issues after the fact… Feel free! 6 th Floor, USC Building Colorado State University 8

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.