1 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 ISS e G Integrated Site Security for.

Slides:



Advertisements
Similar presentations
Security Update Server Registration, Active scanning and Windows patching.
Advertisements

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Computer Security: Principles and Practice
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
1 I ntegrated S ite S ecurity for G rids © Members of the ISSeG Collaboration, 2008 See: ISS e G Integrated Site Security.
1 I ntegrated S ite S ecurity for G rids © Members of the ISSeG Collaboration, 2008 See: ISS e G Computer Security: Advice for computer.
System and Network Security Practices COEN 351 E-Commerce Security.
Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.
Chapter 7 HARDENING SERVERS.
Developing Network Security Strategies Network Security D ESIGN Network Security M ECHANISMS.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Payment Card Industry (PCI) Data Security Standard
Installing and Configuring a Secure Web Server COEN 351 David Papay.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Course 201 – Administration, Content Inspection and SSL VPN
Chapter 8 Hardening Your SQL Server Instance. Hardening  Hardening The process of making your SQL Server Instance more secure  New features Policy based.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
Securing Operating Systems Chapter 10. Security Maintenance Practices and Principles Basic proactive security can prevent many problems Maintenance involves.
1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)
Securing Microsoft® Exchange Server 2010
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter.
C HAPTER 6 NTFS PERMISSIONS & SECURITY SETTING. INTRODUCTION NTFS provides performance, security, reliability & advanced features that are not found in.
Common Cyber Defenses Tom Chothia Computer Security, Lecture 18.
Module 14: Configuring Server Security Compliance
Brent Mosher Senior Sales Consultant Applications Technology Oracle Corporation.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Chapter 12 Operating System Security Strategies The 2010 Australian Signals Directorate (ASD) lists the “Top 35 Mitigation Strategies” Over 85% of.
Lesson 9-Information Security Best Practices. Overview Understanding administrative security. Security project plans. Understanding technical security.
Training and Dissemination Enabling Grids for E-sciencE Jinny Chien, ASGC 1 Training and Dissemination Jinny Chien Academia Sinica Grid.
Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.
Sebastian Lopienski CERN Computer Security Team Securing your servers and code (and how we can help you)
RootKit By Parrag Mehta OUTLINE What is a RootKit ? Installation Types How do RootKits work ? Detection Removal Prevention Conclusion References.
Wireless Intrusion Prevention System
Chapter 2 Securing Network Server and User Workstations.
Small Business Security Keith Slagle April 24, 2007.
Vulnerability Scanning Vulnerability scanners are automated tools that scan hosts and networks for known vulnerabilities and weaknesses Credentialed vs.
Computer Security Risks for Control Systems at CERN Denise Heagerty, CERN Computer Security Officer, 12 Feb 2003.
Security Environment Assessment. Outline  Overview  Key Sources and Participants  General Findings  Policy / Procedures  Host Systems  Network Components.
1 I ntegrated S ite S ecurity for G rids © Members of the ISSeG Collaboration, EU-FP6 Project ISS e G Integrated Site Security for.
Information Security In the Corporate World. About Me Graduated from Utica College with a degree in Economic Crime Investigation (ECI) in Spring 2005.
Implementing Server Security on Windows 2000 and Windows Server 2003 Fabrizio Grossi.
1 I ntegrated S ite S ecurity for G rids © Members of the ISSeG Collaboration, 2008 See: ISS e G Integrated Site Security.
IPv6 security for WLCG sites (preparing for ISGC2016 talk) David Kelsey (STFC-RAL) HEPiX IPv6 WG, CERN 22 Jan 2016.
1 I ntegrated S ite S ecurity for G rids © Members of the ISSeG Collaboration, 2008 See: ISS e G Integrated Site Security.
1 I ntegrated S ite S ecurity for G rids WP2 – Site Assessment Methodology, 20 June 2007 WP2 - Methodology ISS e G Integrated Site Security.
UNIX SYSTEM SECURITY Tanusree Sen Agenda Introduction Three Different Levels of Security Security Policies Security Technologies Future of.
Policies and Security for Internet Access
1 Integrated Site Security Project Denise Heagerty CERN 22 May 2007.
Computer Security Sample security policy Dr Alexei Vernitski.
Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.
Chapter 12 Operating System Security. Possible for a system to be compromised during the installation process before it can install the latest patches.
1 I ntegrated S ite S ecurity for G rids © Members of the ISSeG Collaboration, EU-FP6 Project ISS e G Integrated Site Security for.
By: Matt Winkeler.  PCI – Payment Card Industry  DSS – Data Security Standard  PAN – Primary Account Number.
By the end of this lesson you will be able to: 1. Determine the preventive support measures that are in place at your school.
© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 10 Network Security Management.
Chapter 14.  Upon completion of this chapter, you should be able to:  Identify different types of Intrusion Detection Systems and Prevention Systems.
1 I ntegrated S ite S ecurity for G rids © Members of the ISSeG Collaboration, EU-FP6 Project ISS e G Integrated.
Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.
Review of IT General Controls
Working at a Small-to-Medium Business or ISP – Chapter 8
CompTIA Server+ Certification (Exam SK0-004)
Integrated Site Security for Grids
12 STEPS TO A GDPR AWARE NETWORK
Information Security Awareness
Operating System Hardening
6. Application Software Security
Presentation transcript:

1 I ntegrated S ite S ecurity for G rids © Members of the ISSeG Collaboration, EU-FP6 Project ISS e G Integrated Site Security for Grids EU-FP6 Project Checklist for System Administrators David Jackson, STFC CHEP 07, Victoria BC, 4 September 2007

2 I ntegrated S ite S ecurity for G rids © Members of the ISSeG Collaboration, EU-FP6 Project Checklist 1. Harden the OS and Applications 2. Keep the OS and Applications up-to-date 3. Use a local firewall 4. Take advantage of the logs 5. Ensure that all passwords are secure 6. Take extra precautions for privileged accesses 7. Use security products when relevant 8. Take into account physical security 9. Keep your security knowledge up-to-date.

3 I ntegrated S ite S ecurity for G rids © Members of the ISSeG Collaboration, EU-FP6 Project Harden the OS & applications  minimise the number of packages installed  minimise the number of accounts enabled  minimise the number of network services offered  minimise the number of privileged processes running (this includes running with least privileges whenever possible)  tighten the configuration of the major services (this includes limiting access to the minimum) If your users have “admin rights”…

4 I ntegrated S ite S ecurity for G rids © Members of the ISSeG Collaboration, EU-FP6 Project user training – e.g.

5 I ntegrated S ite S ecurity for G rids © Members of the ISSeG Collaboration, EU-FP6 Project Keep the OS & Apps up-to-date  install all the security patches as soon as possible  ideally, use a system that automates patching

6 I ntegrated S ite S ecurity for G rids © Members of the ISSeG Collaboration, EU-FP6 Project Use a local firewall  install a local firewall configured to only allow what is expected (i.e. default policy is deny)  ideally, also filter outgoing network traffic

7 I ntegrated S ite S ecurity for G rids © Members of the ISSeG Collaboration, EU-FP6 Project Take advantage of the logs  select appropriate logging levels for all sensitive components  frequently review the logs to detect suspicious activity  ideally, store the logs remotely to avoid tampering

8 I ntegrated S ite S ecurity for G rids © Members of the ISSeG Collaboration, EU-FP6 Project Ensure that all passwords are secure  make sure the passwords used are good enough (ideally, enforce this with the appropriate tools)  make sure the passwords are not exposed (this includes using encrypted protocols such as https)  make sure the passwords are changed regularly

9 I ntegrated S ite S ecurity for G rids © Members of the ISSeG Collaboration, EU-FP6 Project Take extra precautions for privileged a/c  restrict privileged accesses to the bare minimum  use delegation to minimise the number of operations requiring  full privileges (for instance use sudo on Unix)  log all actions executed with system privileges

10 I ntegrated S ite S ecurity for G rids © Members of the ISSeG Collaboration, EU-FP6 Project Use security products when relevant  anti-virus (ideally, with automatic signature update)  Intrusion Detection Systems (both host-based and network-based)  integrity checkers to detect system modifications

11 I ntegrated S ite S ecurity for G rids © Members of the ISSeG Collaboration, EU-FP6 Project Physical access & 9 Security Knowledge  8. Take into account physical security (when relevant)  9. Keep your security knowledge up-to-date

12 I ntegrated S ite S ecurity for G rids © Members of the ISSeG Collaboration, EU-FP6 Project Implementing the checklist  The ISSeG project are developing a number of recommendations that will include links to practical advice on how to implement some or all of the above suggestions.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.