Linux Security Baseline Implementation Efforts at the INL Jason Miller NLIT 2009.

Slides:



Advertisements
Similar presentations
File Server Organization and Best Practices IT Partners June, 02, 2010.
Advertisements

FDCC Implementation Efforts at Idaho National Laboratory Justin Hansen NLIT 2009.
What to expect.  Linux  Windows Server (2008 or 2012)
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
15.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 15: Configuring a Windows.
24/7/365 Remote Computer Support. Program Overview.
Chapter 1 Network Operating Systems ISQA424 Instructor: Rob Knauerhase Portland State University.
Andrew Schroeder Networking Aspects of Cloud Computing.
Exchange server Mail system Four components Mail user agent (MUA) to read and compose mail Mail transport agent (MTA) route messages Delivery agent.
Bar|Scan ® Asset Inventory System The leader in asset and inventory management.
Installing Windows XP Professional Using Attended Installation Slide 1 of 41Session 2 Ver. 1.0 CompTIA A+ Certification: A Comprehensive Approach for all.
Patch Management Module 13. Module You Are Here VMware vSphere 4.1: Install, Configure, Manage – Revision A Operations vSphere Environment Introduction.
Hands-On Microsoft Windows Server 2008 Chapter 11 Server and Network Monitoring.
Windows Server 2008 Chapter 11 Last Update
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Strategies in Linux Platforms and.
Linux Operations and Administration
November 2009 Network Disaster Recovery October 2014.
Section 6.1 Explain the development of operating systems Differentiate between operating systems Section 6.2 Demonstrate knowledge of basic GUI components.
SUSE Linux Enterprise Desktop Administration Chapter 1 Install SUSE Linux Enterprise Desktop 10.
Hands-On Microsoft Windows Server 2008
By Jacques Terblanche Johnson Matthey
Concepts of Database Management Sixth Edition
©Kwan Sai Kit, All Rights Reserved Windows Small Business Server 2003 Features.
SUSE Linux Enterprise Server Administration (Course 3037) Chapter 4 Manage Software for SUSE Linux Enterprise Server.
© 2010 VMware Inc. All rights reserved Patch Management Module 13.
Open Web App. Purpose To explain Open Web Apps To explain Open Web Apps To demonstrate some opportunities for a small business with this technology To.
Implementation - Deployment Methods of deployment –User PC –Network shared (workstation install) –Terminal server –Web Deployment (ActiveX) (Note: this.
Instant Messaging for the Workplace A pure collaborative communication tool that does not distract users from their normal activities.
10/1/2015 Chapter 2 Installing Windows XP Professional.
Instant Messaging for the Workplace A pure collaborative communication tool that does not distract users from their normal activities.
11 MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY Chapter 5.
Installation Overview Lab#2 1Hanin Abdulrahman. Installing Ubuntu Linux is the process of copying operating system files from a CD, DVD, or USB flash.
Contents 1.Introduction, architecture 2.Live demonstration 3.Extensibility.
© 2002 IBM Corporation LANDP 24 th April 2003 LANDP for Linux Web Lecture.
1 Chapter Overview Publishing Resources in Active Directory Service Redirecting Folders Using Group Policies Deploying Applications Using Group Policies.
Introduction After seeing the pressure of license and proprietary software users where a lot of money is needed to make sure the software is in good condition,
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Operating Systems Networking for Home and Small Businesses – Chapter.
General rules 1. Rule: 2. Rule: 3. Rule: 10. Rule: Ask questions ……………………. 11. Rule: I do not know your skill. If I tell you things you know, please stop.
Linux Overview Why Linux ? Not-so-ancient history –Torvalds, Linus Torvalds, 002 the Helsinki University, as a student, low budget, work home –rapid and.
Microsoft Management Seminar Series SMS 2003 Change Management.
A Network Operating System
Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.
Introduction TO Network Administration
Configuring, Managing and Maintaining Windows Server® 2008 Servers Course 6419A.
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter One Introduction to Exchange Server 2003.
Automating Installations by Using the Microsoft Windows 2000 Setup Manager Create setup scripts simply and easily. Create and modify answer files and UDFs.
IST 222 Day 2. Homework for Today Take up homework and go over Go to CompTIA web site and view objectives for A+ certification test.
TECHDOTCOMP SUPPORT TECHDOTCOMP nd Ave, Seattle, WA 98122, USA Phone:
Office 365 is cloud- based productivity, hosted by Microsoft. Business-class Gain large, 50GB mailboxes that can send messages up to 25MB in size,
A Brief Introduction to Linux Cheng-Han Du. History.
Windows Vista Configuration MCTS : Installing and Upgrading.
Short Customer Presentation September The Company  Storgrid delivers a secure software platform for creating secure file sync and sharing solutions.
Scientific Linux Inventory Project (SLIP) Troy Dawson Connie Sieh.
Patch Management Module 13.
Containers as a Service with Docker to Extend an Open Platform
A Network Operating System
Web Application.
Overview – SOE PatchTT November 2015.
OPEN SOURCE SOFTWARE (OSS)
To Join the Teleconference
02 | Hosting Services in Windows Azure
OPS235: Lab 2 Virtual Machines – Part I
24/7/365 Remote Computer Support
Section 1: Linux Basics and SLES9 Installation
Convergence IT Services Pvt. Ltd
Web Application Development Using PHP
IT Management, Simplified
IT Management, Simplified
Presentation transcript:

Linux Security Baseline Implementation Efforts at the INL Jason Miller NLIT 2009

Linux Minimum Security Configurations Informational – Some Numbers – Project Specific Stuff – General Information Technical – In-depth how it works – Some Gotcha's – If I could do it over…

INL’s IT By The Numbers 12,000 IT Devices owned by INL 9,000 Devices on the Network 5,500 Desktop & Laptop Computers Windows Shop (85% Windows, 9% MAC’s, 6% Linux)

Linux Install Base SuSE 80% Ubuntu 12% RHE 7% Gentoo 1%

45% of all internet servers POSIX based – Hard drive Storage Capacities Information Security Is Paramount

Why Do We Have Linux Users? High Performance Computing GPL/GNU Available software (Open Source) More Control of their own PC’s Want to be cool!

Who’s Responsible For What? Managed Devices – Patches, Vulnerability Scans, Upgrades… Self-Managed Devices – Require more in-depth support – Might be Rev-locked Collaboration… little of both – Linux users that have no time to manage their PC’s

Linux Minimum Security Configuration Project Goals Primary Goals – Verify Compliance level – Apply necessary changes – Report to some kind of database While keeping in mind: – Modular (upgradable, easily expandable) – Platform Diversity – User Friendly

End User Responses As we expected they were wary… – Will I lose root privileges? – Will this slow my PC down? – If I do this, will you people promise to leave me alone forever… MSCs were demonstrated and our users responded – Provided multiple implementation suggestions – Received Kudos

Linux Minimum Security Configuration Project Build Time MSC Installer & Individual MSC scripts – 360 Hours, One individual Reporting Database – 15 Hours, One individual Additional hours: – MSC Installer add-ons to suit our customer’s needs – Chronological adjustments (crontab) – Diverse Platforms require modifications to code

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?

Linux Minimum Security Configuration Installer Simple BASH scripting Easy to understand User can opt-out

Linux Minimum Security Configuration Installer – For the Technicians Quick Installer Allows for on the fly modifications

Reporting An IT perspective – PCs report daily – Compliance history

User Friendly It’s more than just a benchmark – Keeps the PC compliant – Several runtime methods to choose from – Non-intrusive, helpful information pop-ups Enforce Mode Verify Mode

Installer invokes individual MSC script  MSC scripts apply/verify settings Installer invokes next individual MSC script When all MSC scripts are complete, the installer sends off the report Modular Code Installer() Determine Platform Create Recovery Code Apply Setting Generate Report Report to Server

Individual MSC scripts in-depth There are two types of MSC scripts – Configure Services chkconfig sysvconfig, runlevel, /etc/rc2.d… (Ubuntu) – Modify Configuration files awk, sed, grep…

Gotcha's! Platform differences Third party application dependencies Delivery methods had to meet MSC compliance Exceptions to the CIS benchmarks – esound – cups – …

Spin-Off Projects – Let’s use LANDesk! – We’re already using LANDesk for 85% of our install base – Perform extremely detailed queries

Spin-off Projects – Quest Authentication Services (aka Vintela or VAS) – Brings Linux into Active Directory – Centralized management tool – Another way to distribute MSC scripts

If I Could Do It Over Again ‘Configuration file code’ could be more modular – What configuration file do you have in mind? – sshd.conf – What do you want me to find? – Protocol 1 – OK, what do I change it to – Protocol 2 (all as a variable) Include a definitions file for all text based responses – A centralized file for all grammar used in the scripts Better package management… somehow – Negate the need for a user to satisfy dependencies

Questions Jason Miller Desktop Management Idaho National Laboratory

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.