Site Security and Administration Steve Cobrin.

Slides:



Advertisements
Similar presentations
Presented by Nikita Shah 5th IT ( )
Advertisements

Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.
CN Objectives of the course To build and maintain a UNIX-based Network Systems & Servers Install Linux, fine tune the system, enable required server,
NERC Security Requirements – What Vendors Should Provide James W. Sample, CISSP, CISM Manager of Information Security California ISO.
Privileged Account Management Jason Fehrenbach, Product Manager.
Security SIG: Introduction to Tripwire Chris Harwood John Ives.
Potions of Protection Server Security. What does that do again? Familiarity Differing levels of protection –Low, does not exist –Medium, No private data.
1 Pertemuan 9 Network Security and E-Commerce Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi: >
Voyager Server Security and Monitoring Best practices and tools.
Tripwire Enterprise Server – Getting Started Doreen Meyer and Vincent Fox UC Davis, Information and Education Technology June 6, 2006.
This courseware is copyrighted © 2011 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.
Monitor Linux OS health & performance Monitor log files Monitor JEE app servers Monitor line-of-business applications Monitor databases and web.
T RIP W IRE Karthik Mohanasundaram Wright State University.
© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Strategies in Linux Platforms and.
What is Network Administration ??
Introduction to Computer Administration System Administration
EGI-Engage Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.
Va-scanCopyright 2002, Marchany Securing Solaris Servers Randy Marchany.
1 TAC2000/ IP Telephony Lab Advanced Linux Administration Language: Offered in English Instructor: Dr. Quincy Wu (
Linux & UNIX Version 5.3 (Power) Version 6.1 (Power) Version 7.1 (Power) AIX Version 11iv2 (PA-RISC/IA64) Version 11iv3 (PA-RISC/IA64) HP-UX Version.
Kaseya Fundamentals Workshop Developed by Kaseya University Powered by IT Scholars Kaseya Version 6.5 Last updated March, 2014 DAY FOUR.
Tim Vander Kooi Systems
Configuration Management, Tracking and Reporting of Unix Machines using BCFG Gene Rackow Argonne National Laboratory 2007 DOE, OCIO Cyber Security Training.
Academy : Red Hat Certified Engineer (RHCE) is an advanced level certification for Red Hat Certified System Administrator (RHCSA) and determines.
A Comparison of Linux vs. Windows Bhargav A. Sorathiya B.E. 4 th C.E. Roll no:6456.
University of Washington Windows and Unix Servers IEEAF – RENU Network Design Workshop Seattle - 30 Nov 2007 Lori Stevens, Director, Distributed Systems.
INFSO-RI Enabling Grids for E-sciencE SA1: Cookbook (DSA1.7) Ian Bird CERN 18 January 2006.
Overview of Unix System Administration Bambang A.B. Sarif Unix System Administrator CCSE, KFUPM.
KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Unit 4 IT 484 Networking Security Course Name – IT Networking Security 1203C Term Instructor.
CS 390 Unix Programming Summer Unix Programming - CS 3902 Course Details Online Information Please check.
1 Quick Overview Overview Network –IPTables –Snort Intrusion Detection –Tripwire –AIDE –Samhain Monitoring & Configuration –Beltaine –Lemon –Prelude Conclusions.
UNIX (Linux) Introduction Module-1. OS Kernel In computing, the kernel is the central component of OS. It is a bridge between applications and the actual.
12 Steps to Cloud Security A guide to securing your Cloud Deployment Vishnu Vettrivel Principal Engineering Lead,
Training and Dissemination Enabling Grids for E-sciencE Jinny Chien, ASGC 1 Training and Dissemination Jinny Chien Academia Sinica Grid.
Ph No: Mob: , plot No-27, NGGO's Colony, Pattabhi reddy gardens, Visakhapatnam-07 Oracle.
Security monitoring boxes Andrew McNab University of Manchester.
OSG Cyber Security OSG Site Administrators workshop Indianapolis August Doug Olson LBNL Health.
Jonathan Loving Fermi Lab Computing Division
CS2204: Introduction to Unix January 19 th, 2004 Class Meeting 1 * Notes adapted by Christian Allgood from previous work by other members of the CS faculty.
Project management Topic 3 Quality.
Lecture 29 Information Security
Computer Security Status Update FOCUS Meeting, 28 March 2002 Denise Heagerty, CERN Computer Security Officer.
| nectar.org.au NECTAR TRAINING Module 5 The Research Cloud Lifecycle.
Configuration Life-Cycle Management on the TeraGrid Ti Leggett.
Introduction to UNIX Karl Harrison September 2004.
Information Security In the Corporate World. About Me Graduated from Utica College with a degree in Economic Crime Investigation (ECI) in Spring 2005.
CS223: Software Engineering Lecture 2: Introduction to Software Engineering.
The Claromentis Digital Workplace An Introduction
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Best Practice and Training Mingchao Ma Operation.
Information Security tools for records managers Frank Rankin.
EMI INFSO-RI Testbed for project continuous Integration Danilo Dongiovanni (INFN-CNAF) -SA2.6 Task Leader Jozef Cernak(UPJŠ, Kosice, Slovakia)
This courseware is copyrighted © 2016 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.
Introduction to System Administration. System Administration  System Administration  Duties of System Administrator  Types of Administrators/Users.
Logging and Monitoring. Motivation Attacks are common (see David's talk) – Sophisticated – hard to reveal, (still) quite limited in our environment –
OSSEC HIDS ● Jonathan Schipp ● Dubois County Linux User Group ● Sept 4 th, 2011 ● jonschipp (at) gmail.com.
INFSO-RI Enabling Grids for E-sciencE Workshop WLCG Security for Grid Sites Louis Poncet System Engineer SA3 - OSCT.
Linux Systems Administration
Karl Harrison September 2004
Linux Security Presenter: Dolev Farhi |
ISO Smart and Sustainable Cities developments
Academy : Red Hat Certified Engineer (RHCE) is an advanced level certification for Red Hat Certified System Administrator (RHCSA) and determines.
Academy : Red Hat Certified Engineer (RHCE) is an advanced level certification for Red Hat Certified System Administrator (RHCSA) and determines.
CompTIA Server+ Certification (Exam SK0-004)
Overview – SOE PatchTT November 2015.
Chapter 27: System Security
Academy : Red Hat Certified Engineer (RHCE) is an advanced level certification for Red Hat Certified System Administrator (RHCSA) and determines.
Klopotek is transitioning to a Global Organization
ISO Smart and Sustainable Cities developments
Chapter 7 – and 8 pp 155 – 202 of Web security by Lincoln D. Stein
Presentation transcript:

Site Security and Administration Steve Cobrin

Site Security and Administration Proposing a wiki to be used to discuss some basic Site Security and SysAdmin issues –focusing on Unix, Unix-like and Unix-derived systems. e.g. Solaris, AIX, HP-UX, Linux, GNU/Linux, FreeBSD, MacOSX, OpenBSD, etc Will not look at deploying or using LCG/EGEE middleware

Introduction There are quite a few areas of security and administration, which don't seem to be discussed enough. Why not? –Old topics (been doing this for > 20 years) –Boring –Done it! Been there! Read the book (Practical Unix Security) However if overlooked –Less security –Forever reinventing the wheel –Less stability –Less quality –Poor mentorship So, lets share best practices!

Initial commissioning of machines (building, configuration, deployment) Defining the life-cycle / work-flow of machines.

Initial commissioning of machines (building, configuration, deployment) (continued) Differing type of operating systems –Many different Linux distributions –Some centrally administered others ad-hoc administration –Linux and Unix system interoperability –MacOSX

Security Documents Internal Documents: –Site Security Policies –Acceptable Use Policies –Incident Response Procedures –Baseline Security Documents –Local Security Hardening Procedures Standard off the shelf documents: –BSI 7799 /ISO Standards –The Centre for Internet Security BenchmarksThe Centre for Internet Security Benchmarks

SysAdmin Procedures Initial build and deployment of systems - Kickstart, Imaging Documentation - Useful documentation used at sites Patch Management - e.g. OS Vendor and Distribution patches –up2date –yumit/pakiti ( Software Management - e.g. 3rd party software, compiling from source, etc Cluster management - for example how you perform kernel updates across a large cluster

SysAdmin Procedures (continued) Admin methods - how you go about configuration tasks (e.g. logging in as root, use of SSH keys, Sudo ( Managing non-user accounts Helpdesk Systems - Configuration Management and Change Control –CFengine ( –RT ( and FootprintsRT –SubVersion

Security Monitoring & Forensics Logging - –Central Syslogging (syslog-ng) –level of error logging for tools like ssh Network Monitoring –Any network tracing or forensics that you perform (tracing IDs via processes) Snort( Sguil( General Monitoring –Nagios ( –Tripwire ( & AIDE ( AIDE

Security Monitoring & Forensics (continued) Inventorying & Auditing - –Tests that are performed to check security. Bastille( Nessus( SARA( Forensics - procedures, techniques Benchmarking - performance, network Alerts and Escalation

SysAdmin Training SAGE Job Descriptions ( Job Descriptions Linux Professional Institute ( Professional Institute Red Hat Certification

THANK YOU Please visit web site

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.