1 Improving Security Through Automated Policy Compliance Christopher Stevens Director of Network and Technical Services Lewis & Clark College Educause.

Slides:

Advertisements

Similar presentations

Securing BSC’s Wireless Network Nercomp Annual Conference March 7, 2005 Pat Cronin, Assoc. VP Information Technology Mike King, Telecommunications Technician.

Advertisements

Overview of Wireless Network Steven Fetcie Infrastructure Manager Information Services.

Network Asset Management at Jefferson Lab Bryan Hess, Andy Kowalski, Brent Morris,

Introducing Kaspersky OpenSpace TM Security Introducing Kaspersky ® OpenSpace TM Security Available February 15, 2007.

WCL Office of Technology Student IT Services Korin Munsterman Director, Office of Technology August 2007.

NetPass and Northwestern By Julian Y. Koh As told by Robert Vance NUIT-Telecom & Network Services.

User Security Behavior Denise Anthony PKI Unlocked Summit Dartmouth College July 2004.

Information Security in Real Business

Brandeis University Network Registration Joshua West 03/15/2011 LTS Staff Meeting.

Trend Micro Round Table May 19, Agenda Introduction – why switch? Timeline for implementation Related policies Trend Micro product descriptions.

SIRT Contact Orientation Security Incident Response Team Departmental Security Contacts April 16, 2004.

Viruses and Spyware. What is a Virus? A virus can be defined as a computer program that can reproduce by changing other programs to include a copy of.

Juniper Bridge Ltd | Suite 5, Crescent House | Yonge Close, Eastleigh | Hampshire SO50 9SX | |

HawkHelp: Integrated Live Help in the Information Commons Nancy Burich, Frances Devlin and Debra Ludwig University of Kansas Libraries, University of Kansas,

Advanced Internet Bandwidth and Security Strategies Fred Miller Illinois Wesleyan University.

Office of Information Technologies CAMP: Bridging Security and Identity Management Christopher Misra 14 February 2008 Tempe, AZ Protecting Network Assets.

Securing the Campus Network Copyright, University of South Carolina (2004). This work is the intellectual property of the University of South Carolina.

Being Proactive with Computer Posture Assessment Department of Housing and Residence Education Charles Benjamin.

Automating Endpoint Security Policy Enforcement Computing and Networking Services University of Toronto.

Trend Micro Deployment Kelvin Hwang IT Services University of Windsor.

EDUCAUSE Security 2006 Internet John Brown University.

Effective Customer Service: Exploring the process from beginning to end.

Desktop Security: Worms and Viruses Brian Arkills, C&C NDC-Sysmgt.

Be Aware You’re Uploading - BAYU Alok Vimawala Sr. Network Administrator University Housing University of Michigan

Information Security Information Technology and Computing Services Information Technology and Computing Services

Course 201 – Administration, Content Inspection and SSL VPN

NetReg – Virus Killer? Spam Stopper? Copyright – 2006This work is the intellectual property of the authors. Permission is granted for this material to.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 IT Essentials PC Hardware and Software 4.1 Instructional Resource Chapter.

FNAL Configuration Management Jack Schmidt Cyber Security Workshop May th 2006.

Protect Your Computer from Viruses and Other Threats! 1. Use antivirus software. 2. Run Windows updates. 3. Use a strong password. 4. Only install reputable.

Campus Firewalling Dearbhla O’Reilly Network Manager Dublin Institute of Technology.

CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.

Antivirus Technology in State Government Kym Patterson State Chief Cyber Security Officer Department of Information Systems.

1 Network Admission Control to WLAN at WIT Presented by: Aidan McGrath B.Sc. M.A.

WISER: Remote access to databases and datasets This session will help you to set up access to Oxford online resources from your home computer. The key.

Outline  Infections  1) r57 shell  2) rogue software  What Can We Do?  1) Seccheck  2) Virus total  3) Sandbox  Prevention  1) Personal Software.

Infected Host Isolation via Packeteer PacketShaper Ben Freitag Grand Valley State University

Security 101 Harper P. Johnson Information Technology Services Director of Information Security.

Learning In A Techno World How Safe is Your Cyberspace?

Pc Naming Configuration 1.WEB REGISTER 2.FIXNAME 3.MCAFEE AGENT SETUP ITC Training: Session 2.

2007 Office of the CIO Technology Poll Results Information Technology Questions Office of the Chief Information Officer.

Campus Manager Presenters: Andy Babb & Ryan Lininger Denison University.

2006 Office of the CIO Technology Poll Results Information Technology Questions Office of the Chief Information Officer.

TRUSTPORT PRODUCT PORTFOLIO Marcela Parolkova Sales Director.

Presented by: Eric Rosenberg – Student Manager Client Support Behzad Barzideh – Network Manager Stony Brook Remote Support For Students.

University of Montana - Missoula Adam Ormesher & Chase Maier.

1 Phil Rodrigues, Sr Network Security Analyst, NYU ITS Automated Policy Enforcement November 12, 2004.

A virus is software that spreads from program to program, or from disk to disk, and uses each infected program or disk to make copies of itself. Basically.

A computer virus is a computer program that can replicate itself and spread from one computer to another. The term "virus" is also commonly, but erroneously.

RINGS (ResNet Integrated Next Generation Solution) Educause Security Professionals Conference 2006.

Simplifying the Configuration of Student Laptops — StirlingVPNSetup Simon Booth University of Stirling Laptop Forum 27th June 2006.

ExamSoft at BU LAW Boston University School of Law Office of Systems & Technology.

CAEN Wireless Network College of Engineering University of Michigan October 16, 2003 Dan Maletta.

VolNet2 Bill White Network Services. September 20, 2004OIT Fall Staff Meeting Why Volnet2? Based on the Security Assessment findings Insecure protocols.

Georgia Tech Information Security Campus Architecture for ECE6612 November 2, 2005 Peter N. Wan Senior Information Security Engineer Office of Information.

WISER: Remote access to databases and datasets This session will help you to set up access to Oxford online resources from your home computer. The session.

Project Scenario # 3 Daniel Gomez. I am the Information Systems Security Manager at Western Technical College. A virus has penetrated the network firewall.

Wireless Intrusion Prevention System

CS460 Final Project Service Provider Scenario David Bergman Dong Jin Richard Bae Scott Greene Suraj Nellikar Wee Hong Yeo Virtual Customer: Mark Scifres.

Small Business Security Keith Slagle April 24, 2007.

Computer Security Risks for Control Systems at CERN Denise Heagerty, CERN Computer Security Officer, 12 Feb 2003.

Chapter 12: How Private are Web Interactions?. Why we care? How much of your personal info was released to the Internet each time you view a Web page?

TrainingRegister® Training Management Software Maintain Permanent Training Records for Each Individual Monitor and Track Required Training Know Who Needs.

By the end of this lesson you will be able to: 1. Determine the preventive support measures that are in place at your school.

Chapter 14.  Upon completion of this chapter, you should be able to:  Identify different types of Intrusion Detection Systems and Prevention Systems.

Network Admission Control: A Survey of Approaches Educause 2008

Virus Protection Update

How to Patch Norton Antivirus?

Protecting Network Assets

24/7/365 Remote Computer Support

Presentation transcript:

1 Improving Security Through Automated Policy Compliance Christopher Stevens Director of Network and Technical Services Lewis & Clark College Educause Live! November 12, 2004

2 Campus Statistics 3260 Students 1875 Undergraduate, 750 Law and 635 Graduate 2300 Active Student Computers 80% PC, 20% Mac

3 Network Registration and Policy Enforcement at LC Fall 2002 –Web based registration (Nomadix). Wireless and Public Wired areas only. Fall 2003 – Blaster hits the residence halls Like many campuses, we experienced 100s of infected machines which required hours of staff time to locate and patch infected computers. We needed a better solution. Fall 2004 – Perfigo gateway with “SmartEnforcer”.

4 Implementing Policy Enforcement Commercial vs. Open Source Small staff made supporting open source products more challenging. We also needed to implement a solution in a short amount of time. Products NetReg (Southwestern) – Open source network registration. BlueSocket – Gateway only (although they now offer BlueSecure as an IDS add-on product) Nomadix – Gateway only. Geared toward the hospitality market. Bradford Software (Campus Manager) – Users are moved into VLANs until they have registered. Also has a plug-in to Packetshaper that gives it some passive monitoring ability. Perfigo – Gateway with optional agent.

5 Implementing Policy Enforcement (Continued) Policy Detection – Active, Passive or Agent Active – Determine policy compliance externally. Passive – Determine policy compliance by monitoring network traffic. Agent – Client installed on workstation. We originally wanted active detection but host-based firewalls made products such as Nessus less reliable. Ultimately decided that a local agent would provide the greatest ability to determine compliance. We are also looking to supplement the installed agent with Passive monitoring (via ISS RealSecure).

6 Implementing Policy Enforcement (Continued) Isolation/Segregation Once a computer has been found to be out of compliance, we assign that user a Temporary Role. However, there may be better ways to contain these users (i.e. segment using “/30” IP subnets, moving VLAN ports, etc). Detection Interval Currently we can only verify compliance when a user logs into the network (which could be once a semester). Ideally we would like to check on a daily or weekly basis. Remediation We wanted users to be as self-sufficient as possible so we provide step by step instructions about each failed policy.

7 Sample PC Walkthrough

8 Web Registration Login Page

9 SmartEnforcer Web Download Page

10 SmartEnforcer Client Login

11 SmartEnforcer Policy Evaluation

12 SmartEnforcer Failed Policy

13 SmartEnforcer Windows Update Policy

14 SmartEnforcer Windows Update Webpage

15 SmartEnforcer Antivirus Policy

16 SmartEnforcer Antivirus Webpage

17 SmartEnforcer Antivirus Updates Webpage

18 SmartEnforcer Success

19 How is it working? No worms or viruses on the student network (yet) Knock on wood – we have not had any outbreaks since we started. Reduced End User Support 85% of our users were able to install the client and other software updates on their own. We also reduced our time in the residence halls from 4 weeks to 1 week. However, we ended up touching the remaining 15% (~300 computers). Most were problems related to spyware interfering with windows updates. Surprisingly Few Complaints Most undergraduate students don’t mind having the software installed. We get more complaints from graduate and law students.

20 Future “RemoteEnforcer” Instead of students coming to campus and trying to download all the windows updates and virus definitions at once, they can check and see if they meet all the policy requirements from home. Real Time Policy Enforcement Currently, we can only check to see if a user has the necessary updates when they login. However, there is a new PC client that will check for policies on a schedule that we can set. Integration with Cisco With the purchase of Perfigo in October, Cisco will integrate the SmartEnforcer client with their “Self-Defending Network” suite.

21 Questions? Please contact me at Additional information can also be found at: