1 University of WashingtonComputing & Communications UTAC SECURITY UPDATE Terry Gray 1 Oct 2004.

Slides:

Advertisements

Similar presentations

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

Advertisements

Firewalls & VPNs Terry Gray UW Computing & Communications 13 September 2000.

Unleashing the Power of Ubiquitous Connectivity with IPv6 Sandeep K. Singhal, Ph.D Director of Program Management Windows Networking.

1 10/31/05 NETWORK PLANNING TASK FORCE Information Security.

The State of Security Management By Jim Reavis January 2003.

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Chapter 7 HARDENING SERVERS.

University of WashingtonComputing & Communications Ten Minutes on Five Nines Terry Gray Associate VP, IT Infrastructure University of Washington Common.

Network Insecurity: challenging conventional wisdom Terry Gray UW Computing & Communications 10 October 2000.

August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.

University of WashingtonComputing & Communications Open Network Security or “closed network” insecurity? Terry Gray Director, Networks & Distributed Computing.

Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.

Uw network security 2003 Terry Gray University of Washington Computing & Communications 17 October 2003.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

1 University of WashingtonComputing & Communications CAMPUS NETWORKING & SECURITY UPDATE Terry Gray 16 Dec 2004.

Security in the post-Internet era: the needs of the many the needs of the few Terry Gray University of Washington Fall Internet2 Meeting 16 October 2003.

Symantec AntiVirus Update Mark Reynolds Manager of Support Services Technology Support Services Michael Satut Manager of Distributed Support Services Technology.

Trend Micro Round Table May 19, Agenda Introduction – why switch? Timeline for implementation Related policies Trend Micro product descriptions.

SIRT Contact Orientation Security Incident Response Team Departmental Security Contacts April 16, 2004.

Network Access Management Trends in IT Applications for Management Prepared by: Ahmed Ibrahim S

University of WashingtonComputing & Communications Network Insecurity: challenging conventional wisdom Terry Gray Director, Networks & Distributed Computing.

The new state of the network: how security issues are reshaping our world Terry Gray UW Computing & Communications Quarterly Computing Support Meeting.

Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.

Stephen S. Yau CSE , Fall Security Strategies.

Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Automating Endpoint Security Policy Enforcement Computing and Networking Services University of Toronto.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

University of Missouri System 1 Security – Defending your Customers from Themselves StateNets Annual Meeting February, 2004.

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.

Securing Legacy Software SoBeNet User group meeting 25/06/2004.

Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.

SEC835 Database and Web application security Information Security Architecture.

Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.

Implementing Network Access Protection

Module 14: Configuring Server Security Compliance

Information Assurance Program Manager U.S. Army Europe and Seventh Army Information Assurance in Large-Scale Practice International Scientific NATO PfP/PWP.

Chapter 6 of the Executive Guide manual Technology.

Module 9: Configuring IPsec. Module Overview Overview of IPsec Configuring Connection Security Rules Configuring IPsec NAP Enforcement.

A virus is software that spreads from program to program, or from disk to disk, and uses each infected program or disk to make copies of itself. Basically.

Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Lesson 9-Information Security Best Practices. Overview Understanding administrative security. Security project plans. Understanding technical security.

Note1 (Admi1) Overview of administering security.

Training and Dissemination Enabling Grids for E-sciencE Jinny Chien, ASGC 1 Training and Dissemination Jinny Chien Academia Sinica Grid.

Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.

Wireless Intrusion Prevention System

Chapter 2 Securing Network Server and User Workstations.

Scott Teeters, Jr. MicroSolved, Inc. in partnership with Sogeti USA How to Fail A Penetration Test Concepts in Securing a Network.

Module 11: Designing Security for Network Perimeters.

5/18/2006 Department of Technology Services Security Architecture.

Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.

Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.

Security Discussion IST Retreat June IT Security Statement definition In the context of computer science, security is the prevention of, or protection.

Development of a Clean Room/Highly Restricted Zone June 12, 2012 Thomas Garrubba - CVS Caremark; Manager, Technical Assessments Group ©2011 The Shared.

Module 10: Windows Firewall and Caching Fundamentals.

IPv6 security for WLCG sites (preparing for ISGC2016 talk) David Kelsey (STFC-RAL) HEPiX IPv6 WG, CERN 22 Jan 2016.

Proposed UW Minimum Computer Security Standards From C&C 28 Jan 2005 Draft.

Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.

IS3220 Information Technology Infrastructure Security

Syo-401 Question Answer. QUESTION 1 An achievement in providing worldwide Internet security was the signing of certificates associated with which of the.

SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #

Managed IT Services JND Consulting Group LLC

Building a Security Operations Center

11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

Implementing Client Security on Windows 2000 and Windows XP Level 150

Network Security in Academia: an Oxymoron?

Presentation transcript:

1 University of WashingtonComputing & Communications UTAC SECURITY UPDATE Terry Gray 1 Oct 2004

2 University of WashingtonComputing & Communications AGENDA I. Background II. Activities III. Recommendations

3 University of WashingtonComputing & Communications I. BACKGROUND

4 University of WashingtonComputing & Communications PREMISE Insecure computers threaten : –their users –UW systems & networks –UW reputation & resources –UW staff, students, patients, partners

5 University of WashingtonComputing & Communications UW's PERFECT (Security) STORM All the usual Fortune 500 security issues Two hospitals, multiple clinics Classified government & commercial research 45,000 students 75,000 computers of amazing diversity Academic “pseudo-anonymity” requirements Residence Halls with students as well as non-UW renters Extraordinary connectivity (fast attack propagation) Decentralized culture (hundreds of independent biz units) Increasingly sophisticated/hostile attack environment Increasing dependency on network apps Decreasing tolerance for outages Increasing legal/regulatory risk and liability Importance of research/clinical leverage complicates perimeter definitions

6 University of WashingtonComputing & Communications FUNDAMENTAL TENSIONS Security vs. complexity Security vs. supportability (esp MTTR) Security vs. local autonomy Security vs. convenience Security vs. innovation Networking is about connectivity; Security is about isolation.

7 University of WashingtonComputing & Communications CONCERNS False sense of security Increasing complexity Decentralized culture --> inconsistent solutions Unfunded security mandates Cost shifting from guilty to innocent Perimeter defense won't stop next-gen attacks Users often don’t know their machine is infected The devil is in the details (e.g. FW config) Security policy often looks like network failure

8 University of WashingtonComputing & Communications IMPACT Security: the gift that keeps on taking –High incident risk with potentially big liability –Network assumptions have fundamentally changed –Prevention and cleanup costs will continue to grow Solutions: –Still no substitute for well-managed hosts –More constraints/isolation/inconvenience inevitable –Defense-in-depth mandatory... but: –Increasing solution complexity implies increasing TTR

9 University of WashingtonComputing & Communications II. ACTIVITIES

10 University of WashingtonComputing & Communications UW MEDICINE ACTIVITIES Policy definition and training Inventories and informal compliance reviews Centrally-managed host-based firewalls Secure server sanctuaries in data center Working with C&C on perimeter defense Improved application auditing Improved authentication Minimum Security for all SOM devices –Desktop firewall –Anti-virus with automatic updates –Automatic updates of operating system

11 University of WashingtonComputing & Communications C&C SECURITY ROLE Past: –Protect the infrastructure Future: –Help protect unmanaged hosts (“the guilty”) –Support Defense-In-Depth objectives

12 University of WashingtonComputing & Communications C&C SECURITY GROUPS Security Operations (detection & remediation) Security Solutions (policy & prevention) Security Administration (of C&C systems) Security Middleware development (auth tools) Network Architecture/Engineering/Tools

13 University of WashingtonComputing & Communications C&C SECURITY ACTIVITIES -1 Working with UW Medicine and PASSC –On policies and implementation Security Operations –Monitoring and incident response –Quarantine infected hosts –Proactive scanning for vulnerabilities Perimeter defense –Logical firewalls (LFWs) –Managed inline firewalls –Intrusion Prevention System –UW Medicine zone perimeter firewall

14 University of WashingtonComputing & Communications C&C SECURITY ACTIVITIES -2 Indirect/proxy host management –Probe machine status when authenticating –Proactive vulnerability scanning –Quarantine vulnerable hosts? Client services –Supporting EPLT Computer Vet stations SW licensing & distribution -antivirus, uwick, etc Network Architecture changes Host management services (Nebula) Datacenter colo facilities (server sanctuaries) virus (and Spam) blocking

15 University of WashingtonComputing & Communications III. RECOMMENDATIONS

16 University of WashingtonComputing & Communications MINIMUM O.S. STANDARDS Use only O.S. versions supported by vendor Enable host firewall or equiv. access restrictions Enable auto-patching or equiv. central config mgt Use anti-virus software (with auto-updating) Enable logging

17 University of WashingtonComputing & Communications BEST TECHNICAL PRACTICES For applications: –Use secure protocols (e.g. SSH, SSL/TLS, K5, RDP) –Use central authentication infrastructure –Use two-factor authentication and/or one-time keys –No cleartext passwords on the wire! For operating systems: –Disable or block unneeded services –Tunnel insecure OS protocols (e.g. NTLM in IPSEC)

18 University of WashingtonComputing & Communications BEST OPERATIONAL PRACTICES Adequately fund security support & training Manage hosts en masse (cheaper, more effective) Do risk assessments Do penetration tests Do periodic reviews/audits Put servers in dedicated and secure facilities Regularly review the logs!

19 University of WashingtonComputing & Communications DISCUSSION ISSUES Consensus on recommendations? Exceptions policy? Enforcement policy? Consequences/sanctions? Funding?