Greg Williams. IT Security Program  Objective is to maintain integrity of University systems  Minimum Security Standard.

Slides:

Advertisements

Similar presentations

Approaches to meeting the PCI Vulnerability Management and Penetration Testing Requirements Clay Keller.

Advertisements

Driving Factors Security Risk Mgt Controls Compliance.

CN Objectives of the course To build and maintain a UNIX-based Network Systems & Servers Install Linux, fine tune the system, enable required server,

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.

Network Security and Audits LITN Fall Conference 2006 Presented by Katie Givens Mosaic.

Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.

Host Hardening (March 21, 2011) © Abdou Illia – Spring 2011.

Red Team “You keep using that word, I do not think it means what you think it means” – Inigo Montoya.

Barracuda Web Application Firewall

Vulnerability Assessments with Nessus 3 Columbia Area LUG January

System and Network Security Practices COEN 351 E-Commerce Security.

Vulnerability Analysis Borrowed from the CLICS group.

CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.

Information Networking Security and Assurance Lab National Chung Cheng University 1 A Vulnerability Assessment NIKTO.

Web server security Dr Jim Briggs WEBP security1.

Greg Williams. IT Security Program  Objective is to maintain integrity of University systems  Minimum Security Standard 12/5/2010Greg Williams CS591.

Windows To WebDAV A File Server Case Study John F. Hall IT-User Services, University of Delaware MARC ‘05 Copyright John F. Hall This work is the.

Vulnerability Types And How to Use Them.

Capture The Flag Review Fall 2003 Giovanni Vigna University of California Santa Barbara

Computerized Networking of HIV Providers Networking Fundamentals Presented by: Tom Lang – LCG Technologies Corp. May 8, 2003.

100 % UPTIME SLAs 27 | 8 DATA CLOUD CENTERSPODS SSAE-16, SOC 2 TYPE II, PCI-DSS, HIPAA, HITECH AT101, NIST , SAFE HARBOR COMPLIANT POWER INFRASTRUCTURE.

Vulnerabilities. flaws in systems that allow them to be exploited provide means for attackers to compromise hosts, servers and networks.

1 Objectives Windows Firewalls with Advanced Security Bit-Lock Update and maintain your clients using Windows Server Update Service Microsoft Baseline.

Introducing… …taking desktop computing to the cloud making business effortless!

1 Nessus - NASL Marmagna Desai [592- Project]. 2 Agenda Introduction –Nessus –Nessus Attack Scripting Language [ N A S L] Features –Nessus –NASL Testing.

Security of Web Technologies: WebObjects Keshava P Subramanya

CIS 460 – Network Design Seminar Network Security Scanner Tool GFI LANguard.

Shadow Security Scanner Li,Guorui. Introduction Remote computer vulnerabilities scanner Runs on Windows Operating Systems SSS also scans servers built.

Common Cyber Defenses Tom Chothia Computer Security, Lecture 18.

The Microsoft Baseline Security Analyzer A practical look….

Security at NCAR David Mitchell February 20th, 2007.

© 2001 by Carnegie Mellon University SS5 -1 OCTAVE SM Process 5 Background on Vulnerability Evaluations Software Engineering Institute Carnegie Mellon.

12 Steps to Cloud Security A guide to securing your Cloud Deployment Vishnu Vettrivel Principal Engineering Lead,

Some Printer Notes Printers today come with OS, a filesystem, big hard drives, and (open) network access Risks include: 1.Sniffing print jobs going over.

Assessing a Target System Source: Chapter 3 Computer Security Fundamentals Chuck Easttom Prentice Hall, 2006.

Network Monitor By Zhenhong Zhao. What is the Network Monitor? The Network Monitor is a tool that gets information off of the host on the LAN. – Enumerating.

1 Security Penetration Testing Angela Davis Mrinmoy Ghosh ECE4112 – Internetwork Security Georgia Institute of Technology.

MIS Week 6 Site:

IT Security – Scanning / Vulnerability Assessment David Geick State of Connecticut IT Security.

Jonathan Loving Fermi Lab Computing Division

Introduction A security scanner is a software which will audit remotely a given network and determine whether bad guys may break into it,or misuse it.

Vulnerability Scanning Vulnerability scanners are automated tools that scan hosts and networks for known vulnerabilities and weaknesses Credentialed vs.

Web Security Group 5 Adam Swett Brian Marco. Why Web Security? Web sites and web applications constantly growing Complex business applications are now.

Lesson 19-E-Commerce Security Needs. Overview Understand e-commerce services. Understand the importance of availability. Implement client-side security.

1 Security. 2 Linux is not secure No computer system can ever be "completely secure". –make it increasingly difficult for someone to compromise your system.

5/18/2006 Department of Technology Services Security Architecture.

Securing the Linux Operating System Erik P. Friebolin.

VULN SCANNING Dr. Andy Wu BCIS 4630 Fundamentals of IT Security.

Configuring, Managing and Maintaining Windows Server® 2008 Servers Course 6419A.

How to Mitigate Stay Safe. Patching Patches Software ‘fixes’ for vulnerabilities in operating systems and applications Why Patch Keep your system secure.

Enumeration. Definition Scanning identifies live hosts and running services Enumeration probes the identified services more fully for known weaknesses.

Enumeration March 2, 2010 MIS 4600 – MBA © Abdou Illia.

NESSUS. Nessus Vulnerability Scanner Features: Ease of use Deep Vulnerability Analysis Discover network based and local vulnerabilities Perform configuration.

Gaspar Modelo-Howard NEEScomm Cybersecurity Software Engineer Saurabh Bagchi NEEScomm Cybersecurity Officer.

 December 2010 US Chief Information Officer Vivek Kundra released the Federal Cloud Computing Strategy. This became to be what is known as “Cloud First”

Microsoft OS Vulnerabilities April 1, 2010 MIS 4600 – MBA © Abdou Illia.

Vulnerability Management Programs & The Lessons Learned

QlikView and Salesforce.com Integration

Web Application Protection Against Hackers and Vulnerabilities

Nessus Vulnerability Scan Report

Vulnerability Scanning with Credentials

Everything You Need To Know About Penetration Testing.

Nessus Vulnerability Scanning

Chapter 27: System Security

ISMS Information Security Management System

Identity & Access Management

CLASP Project AAI Workshop, Nov 2000 Denise Heagerty, CERN

Technical Issues with Establishing Levels of Assurance

Using a Nessus Scanner on a

Presentation transcript:

Greg Williams

IT Security Program  Objective is to maintain integrity of University systems  Minimum Security Standard

Why Scan? An example

Planning for a scan  Questions to consider: Is the scan going to be on production services? How do I want it scanned? Do I have the man power to fix something right away (you knew about it, why didn’t you fix it)? What monitoring do I have in place and how do I watch it in case something goes wrong?

Nessus  Vulnerability Scanner  Scans Windows, *nix, network infrastructures for known vulnerabilities  Web scanning – directory traversal, CGI vulnerability scanning  Compliance scanning – PCIDSS, DISA, CERT, NIST, GLBA, HIPAA

Nessus con’t

 Safe Checks – Turns off possibly unsafe operations performed during scan.  Authentication – Ability to check the server fully via SMB, Kerberos, Windows, SSH  Plugins – Turn on or off specific types of scans  Preferences – Granular checks (DB, Web including HTTP form authentication, CGI scans, etc)

Nessus Reporting

Nessus Reporting con’t

What do you do after reporting  OS Patching  Coding changes  Turn off ports  Develop metrics