CSU - DCE 0735 - Internet Security... Privacy Overview - Fort Collins, CO Copyright © XTR Systems, LLC Setting Up & Using a Site Security Policy Instructor:

Slides:



Advertisements
Similar presentations
Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
Advertisements

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
System and Network Security Practices COEN 351 E-Commerce Security.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
© Copyright 1997, The University of New Mexico C-1 Internet Service Provider Services What to do once you’re connected.
Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
LAN Management © Abdou Illia, Spring 2007 School of Business Eastern Illinois University 3/6/2007 Lab.
Lesson 19: Configuring Windows Firewall
Concepts of Database Management Seventh Edition
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
کامیار نیرومند کارشناس تیم تجهیزات مرکز تخصصی آپا دانشگاه صنعتی اصفهان پاییز
Network security policy: best practices
Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Incident Response Updated 03/20/2015
Active Directory Administration Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Creating Users, Computers, and Groups Automate creation.
1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.
Configuring a Web Server. Overview Overview of IIS Preparing for an IIS Installation Installing IIS Configuring a Web Site Administering IIS Troubleshooting.
Webmaster Overview Fort Collins, CO Copyright © XTR Systems, LLC Webmaster Overview Instructor: Joseph DiVerdi, Ph.D., MBA.
The University of Akron Summit College Business Technology Dept.
Concepts of Database Management Sixth Edition
11 SECURITY TEMPLATES AND PLANNING Chapter 7. Chapter 7: SECURITY TEMPLATES AND PLANNING2 OVERVIEW  Understand the uses of security templates  Explain.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
Current Job Components Information Technology Department Network Systems Administration Telecommunications Database Design and Administration.
Chapter 9: Novell NetWare
Chapter 8 The Internet: A Resource for All of Us.
5 Chapter Five Web Servers. 5 Chapter Objectives Learn about the Microsoft Personal Web Server Software Learn how to improve Web site performance Learn.
Concepts of Database Management Eighth Edition
Course ILT Internet/intranet support Unit objectives Use the Internet Information Services snap-in to manage IIS, Web sites, virtual directories, and WebDAV.
Understanding Linux Directories Fort Collins, CO Copyright © XTR Systems, LLC Understanding the Linux Directory Structure Instructor: Joseph DiVerdi, Ph.D.,
CSU - DCE Advanced Perl CGI Operation - Fort Collins, CO Copyright © XTR Systems, LLC Introduction to the Common Gateway Interface (CGI) on the.
DIT314 ~ Client Operating System & Administration CHAPTER 5 MANAGING USER ACCOUNTS AND GROUPS Prepared By : Suraya Alias.
Chapter 13 Users, Groups Profiles and Policies. Learning Objectives Understand Windows XP Professional user accounts Understand the different types of.
Auditing Information Systems (AIS)
CSU - DCE Webmaster I HTML - Forms - Fort Collins, CO Copyright © XTR Systems, LLC Designing Web Sites using HTML - Introduction to Forms Instructor:
Jenkins Independent Schools NETWORK STAFF USER CONTRACT Acceptable Use Policy 2007 – 2008.
KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Unit 4 IT 484 Networking Security Course Name – IT Networking Security 1203C Term Instructor.
Computer Emergency Notification System (CENS)
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
Web Site Access Control with Apache Fort Collins, CO Copyright © XTR Systems, LLC Web Site Access Control Using the Apache Web Server Instructor: Joseph.
Securing Internet Access Designing an Internet Acceptable Use Policy Securing Access to the Internet by Private Network Users Restricting Access to Content.
2  Supervisor : MENG Sreymom  SNA 2012_Group4  Group Member  CHAN SaratYUN Sinot  PRING SithaPOV Sopheap  CHUT MattaTHAN Vibol  LON SichoeumBEN.
CSU - DCE Advanced Perl First Web Page - Fort Collins, CO Copyright © XTR Systems, LLC Creating Your First Web Page Instructor: Joseph DiVerdi,
Overview Managing a DHCP Database Monitoring DHCP
Safeguarding your Business Assets through Understanding of the Win32 API.
CSU - DEO Introduction to CGI - Fort Collins, CO Copyright © XTR Systems, LLC Introduction to the Common Gateway Interface (CGI) Instructor: Joseph DiVerdi,
1 Network Firewalls CSCI Web Security Spring 2003 Presented By Yasir Zahur.
CSU - DCE Webmaster I HTML - Tables - Fort Collins, CO Copyright © XTR Systems, LLC Designing Web Sites using HTML - Introduction to Tables Instructor:
Creating a Remotely-Hosted Web Site Fort Collins, CO Copyright © XTR Systems, LLC Creating Your First Remotely-Hosted Web Site Instructor: Joseph DiVerdi,
1 Chapter Overview Creating Web Sites and FTP Sites Creating Virtual Directories Managing Site Security Troubleshooting IIS.
WEB SERVER SOFTWARE FEATURE SETS
CHAPTER 5 MANAGING USER ACCOUNTS & GROUPS. User Accounts Windows 95, 98 & Me do not need a user account like Windows XP Professional to access computer.
Configuring and Deploying Web Applications Lesson 7.
Mark Shtern.  Our life depends on computer systems  Traffic control  Banking  Medical equipment  Internet  Social networks  Growing number of.
CSU - DCE Introduction to CSS CSS URLs - Fort Collins, CO Copyright © XTR Systems, LLC Cascading Style Sheets - Specifying URLs Instructor: Joseph.
CSU - DCE Advanced Perl Introductions - Fort Collins, CO Copyright © XTR Systems, LLC Advanced Perl Programming Instructor: Joseph DiVerdi, Ph.D.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
CSU - DCE Webmaster I HTML & URLs - Fort Collins, CO Copyright © XTR Systems, LLC Designing Web Sites With HTML - Using Effective Links Instructor:
Configuring Windows Firewall with Advanced Security
SUBMITTED BY: NAIMISHYA ATRI(7TH SEM) IT BRANCH
TYPES OF SERVER. TYPES OF SERVER What is a server.
Common Security Mistakes
Chapter 27: System Security
Information Security Awareness
Communications & Computer Networks Resource Notes - Introduction
Chapter 7 – and 8 pp 155 – 202 of Web security by Lincoln D. Stein
Designing IIS Security (IIS – Internet Information Service)
08 | Configuring SharePoint Online
Presentation transcript:

CSU - DCE Internet Security... Privacy Overview - Fort Collins, CO Copyright © XTR Systems, LLC Setting Up & Using a Site Security Policy Instructor: Joseph DiVerdi, Ph.D.

CSU - DCE Internet Security... Privacy Overview - Fort Collins, CO Copyright © XTR Systems, LLC Need for a Security Policy If you don't have a written, published Web Security Policy –You can't know if your Web site is secure –Security is defined by policy A policy is a list of what is & is not permissible Must reflect your organization's –Needs –Values –Political Realities Reflects trade-off between risk & convenience

CSU - DCE Internet Security... Privacy Overview - Fort Collins, CO Copyright © XTR Systems, LLC Issues for Security Policy Who is allowed access? What is the nature of that access? Who authorizes such access? Who is responsible for security? Who is responsible for upgrades? Who is responsible for backups? Who is responsible for maintenance? What kinds of material are allowed on served pages?

CSU - DCE Internet Security... Privacy Overview - Fort Collins, CO Copyright © XTR Systems, LLC Issues for Security Policy Which sites & external users are to be allowed access to pages & data served? What kinds of testing & evaluation must be performed on software and pages before they are installed? How are complaints & requests about the server & page content to be handled? How should the organization react to security incidents?

CSU - DCE Internet Security... Privacy Overview - Fort Collins, CO Copyright © XTR Systems, LLC Issues for Security Policy How and when should the policy itself be updated? Who is allowed to speak to members of the press, law enforcement, and other outside entities in the event of questions or an incident?

CSU - DCE Internet Security... Privacy Overview - Fort Collins, CO Copyright © XTR Systems, LLC Sample XXX Security Policy PERSONNEL Access Levels The Web site grants five levels of access: 1. The public - read-only access to all URLs with the exception of the /private directory. 2. Employees of XXX Corporation - read-only access to all URLs including the /private directory. 3. HTML Authors - ability to create, modify, & delete HTML files in the document tree. 4. Site Administrators - ability to modify Web server configuration files, install CGI scripts, & start/stop the Web Server. 5. System Administrators - ability to modify the Web server host configuration, and start/stop the host machine.

CSU - DCE Internet Security... Privacy Overview - Fort Collins, CO Copyright © XTR Systems, LLC Sample XXX Security Policy Authorization Procedure For access levels 3, 4, & 5, personnel must obtain written authorization from the Director or Deputy Director of Information Systems. The written authorization must be presented to the system administrator, who will set up the appropriate account & privileges. Access level 2 is granted automatically to all new employees when they receive their account and LAN password.

CSU - DCE Internet Security... Privacy Overview - Fort Collins, CO Copyright © XTR Systems, LLC Sample XXX Security Policy Revocation of Authorization For access levels 2 through 5, authorization may be revoked without warning at the discretion of the Director or Deputy Director of Information Systems. In case of emergency, a system administrator may also revoke access. This action must be reviewed and confirmed within 24 hours by the Director or Deputy Director of Information Systems.

CSU - DCE Internet Security... Privacy Overview - Fort Collins, CO Copyright © XTR Systems, LLC Sample XXX Security Policy ACCESS PRIVILEGES Local Login Local (console) login to the Web server host is allowed for system & site administrators only. Logins are for the purpose of site maintenance only. Network Login All forms of network login are forbidden, including file sharing.

CSU - DCE Internet Security... Privacy Overview - Fort Collins, CO Copyright © XTR Systems, LLC Sample XXX Security Policy ACCESS PRIVILEGES (con't) Authoring Access HTML authors & site administrators have the right to make changes to the document tree. all authorizing access is via FTP from machines located with the.XXXcorp.com domain. Modifications are time stamped & logged. Except in emergencies, direct modifications to the document tree via local login are forbidden.

CSU - DCE Internet Security... Privacy Overview - Fort Collins, CO Copyright © XTR Systems, LLC Sample XXX Security Policy ACCESS PRIVILEGES (con't) Remote Server Administration Not allowed. All server administration is done locally. Browsing Access With the exception of the /private URL, anonymous Web browsing is allowed throughout the site. /private is restricted to computers within the.XXXcorp.com domain.

CSU - DCE Internet Security... Privacy Overview - Fort Collins, CO Copyright © XTR Systems, LLC Sample XXX Security Policy ACCESS PRIVILEGES (con't) CGI Script Installation CGI scripts can be installed by site administrators after at least two members of the site administrators group have reviewed & approved the code. CGI scripts for which source code is unavailable cannot be installed without prior approval by the Director of Deputy Director of Information Systems.

CSU - DCE Internet Security... Privacy Overview - Fort Collins, CO Copyright © XTR Systems, LLC Sample XXX Security Policy ACCESS PRIVILEGES (con't) Access to the /private Directory The /private directory contains information that is confidential to the XXX Corporation. Access is restricted to host computers in the.XXXcorp.com domain.

CSU - DCE Internet Security... Privacy Overview - Fort Collins, CO Copyright © XTR Systems, LLC Sample XXX Security Policy NETWORK SERVICES Web The Web site will serve static HTML documents & the output of CGI scripts. Incoming Web data is limited to customer feedback & discussion groups, whose scripts deposit their information in isolated databases. Neither CGI scripts nor the server itself are to make connections with other databases, files systems, or services on the LAN without prior written authorization by the Director of Information Systems.

CSU - DCE Internet Security... Privacy Overview - Fort Collins, CO Copyright © XTR Systems, LLC Sample XXX Security Policy NETWORK SERVICES (con't) FTP Incoming & outgoing FTP are provided for the purpose of updating Web pages only. FTP access is restricted to HTML authors, site & system administrators, and only to computers located within the.XXXcorp.com domain. Anonymous FTP & all access from outside the.XXXcorp.com domain is forbidden. Other Services No other network services are provided by the Web host.

CSU - DCE Internet Security... Privacy Overview - Fort Collins, CO Copyright © XTR Systems, LLC Sample XXX Security Policy MAINTENANCE 24 x 7 Operation The site should be accessible 24 hours a day, 7 days a week, except for a 2-hour maintenance period between 7 AM and 9 AM on Sundays. System administrators should be prepared to switch to a backup server in a timely manner in case the primary server develops hardware problems.

CSU - DCE Internet Security... Privacy Overview - Fort Collins, CO Copyright © XTR Systems, LLC Sample XXX Security Policy MAINTENANCE (con't) Backups A complete backup of the Web server host will be done weekly, and incremental backups daily.

CSU - DCE Internet Security... Privacy Overview - Fort Collins, CO Copyright © XTR Systems, LLC Sample XXX Security Policy MAINTENANCE (con't) Monitoring A system administrator is responsible for monitoring the Web server host system logs for errors & other unusual activity. A site administrator has similar responsibility for the Web server logs. Any suspicious activity should be brought to the attention of the Director of Information Systems immediately. A system or site administrator who detects suspicious activity & has reason to believe that the integrity of the system or XXX Corporation confidential is imminently threatened is authorized to take the Web server off-line.