Operated by the Southeastern Universities Research Association for the U.S. Depart. Of Energy Thomas Jefferson National Accelerator Facility Mike Memory.

Slides:

Advertisements

Similar presentations

Operated by the Southeastern Universities Research Association for the U.S. Depart. Of Energy Thomas Jefferson National Accelerator Facility Strained superlattice.

Advertisements

Security Policy. TOPICS Objectives WLAN Security Policy General Security Policy Functional Security Policy Conclusion.

CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.

U.S. Department of Energy Pacific Northwest National Laboratory July 2004 Presented by Jeffery Mauth Pacific Northwest National Laboratory

HIPAA Security Standards What’s happening in your office?

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Terri Lahey LCLS Facility Advisory Committee 20 April 2006 LCLS Network Security Terri Lahey.

Jefferson Lab Remote Access Andy Kowalski December 1, 2010.

Computer Security Fundamentals

Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.

Payment Card Industry (PCI) Data Security Standard

Sample Diagram.

Enterprise Security. Mark Bruhn, Assoc. VP, Indiana University Jack Suess, VP of IT, UMBC.

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

NASA PKI for PKI FORUM Presenters: Paul Ma, NASA-Ames Research Center

Audit – Proof Information System Security Controls Wednesday, August 18, 2010 John R. Robles Tel:

May 29, 2002 BUSINESS SERVICES GOALS AND OBJECTIVES

Unified Student-Centric Authentication and Authorization Nathan Wilder Special Assistant - Technology Office of the CIO.

Internet Service Provisioning Phase - I August 29, 2003 TSPT Web:

Section Seven: Information Systems Security Note: All classified markings contained within this presentation are for training purposes only.

©Kwan Sai Kit, All Rights Reserved Windows Small Business Server 2003 Features.

What is FORENSICS? Why do we need Network Forensics?

Project Management Methodology Project Closing. Project closing stage Must be performed for all projects, successfully completed or shut off by management.

DISCOVER IT PEACE OF MIND Staying HIPAA-Compliant Revised: April 13, 2015.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

Internet Engineering Course Network Design. Internet Engineering Course; Sharif University of Technology Contents Define and analyse an organization network.

Module 14: Configuring Server Security Compliance

Module 2: Installing and Maintaining ISA Server. Overview Installing ISA Server 2004 Choosing ISA Server Clients Installing and Configuring Firewall Clients.

U.S. Department of Agriculture eGovernment Program July 15, 2003 eAuthentication Initiative Pre-Implementation Status eGovernment Program.

Jefferson Lab Remote Access Review: Free-Electron Laser Wesley Moore FEL Computer Scientist 01 December 2010.

Troubleshooting Windows Vista Lesson 11. Skills Matrix Technology SkillObjective DomainObjective # Troubleshooting Installation and Startup Issues Troubleshoot.

Lesson 9-Information Security Best Practices. Overview Understanding administrative security. Security project plans. Understanding technical security.

IS Network and Telecommunications Risks Chapter Six.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

Initial Tiger Team Briefing New Dells with TPM Peter Leight Richard Hammer May 2006.

Module 8: Designing Security for Authentication. Overview Creating a Security Plan for Authentication Creating a Design for Security of Authentication.

Scott Butson District Technology Manager. Provide professional to all district staff Professional development has been provided on a regular basis to.

Note1 (Admi1) Overview of administering security.

IMFO Annual Conference – 2015 S21: Good Governance & Oversight B2B.

Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.

NUOL Internet Application Services Midterm presentation 22 nd March, 2004.

Chapter 2 Securing Network Server and User Workstations.

Operated by the Southeastern Universities Research Association for the U.S. Department of Energy Thomas Jefferson National Accelerator Facility Page 1.

Cyber Security Review, April 23-24, 2002, 0 Operated by the Southeastern Universities Research Association for the U.S. Depart. Of Energy Thomas Jefferson.

IT Security Policies and Campus Networks The dilemma of translating good security policies to practical campus networking Sara McAneney IT Security Officer.

©Dr. Respickius Casmir Network Security Best Practices – Session 2 By Dr. Respickius Casmir.

Information Security Standards 2015 Update IIPS Security Standards Committee Roderick Brower - Chair.

Security Environment Assessment. Outline  Overview  Key Sources and Participants  General Findings  Policy / Procedures  Host Systems  Network Components.

Best Practices in Enterprise IAM Liza Lowery Massey Montana Government IT Conference December 6, 2007.

Implementing Server Security on Windows 2000 and Windows Server 2003 Fabrizio Grossi.

Be Microsoft’s first and best customer Enabling world-class and predictable customer, client, and partner experience Protecting Microsoft’s physical and.

Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.

Strategic Agenda We want to be connected to the internet……… We may even want to host our own web site……… We must have a secure network! What are the.

VPN. CONFIDENTIAL Agenda Introduction Types of VPN What are VPN Tokens Types of VPN Tokens RSA How tokens Work How does a user login to VPN using VPN.

How the Port of Seattle Is Proceeding Wireless Security Policies Session How the Port of Seattle Is Proceeding Ernie Hayden, CISSP Chief Information Security.

IS3220 Information Technology Infrastructure Security

Project Management Methodology Project Closing. Project closing stage Must be performed for all projects, successfully completed or shut off by management.

Operated by the Southeastern Universities Research Association for the U.S. Department of Energy Thomas Jefferson National Accelerator Facility Page 1.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 10 Network Security Management.

Managed IT Services JND Consulting Group LLC

Supporting Advanced Scientific Computing Research Basic Energy Sciences Biological and Environmental Research Fusion Energy Sciences High Energy Physics.

Jefferson Lab Site Update Winter 2010 ESCC Meeting Andy Kowalski Bryan Hess February 4, 2010.

Chapter 7. Identifying Assets and Activities to Be Protected

Risks of Wireless Access Points

Level 2 Diploma Unit 11 IT Security

Implementing Client Security on Windows 2000 and Windows XP Level 150

Creating a University IT Service Portfolio

PLANNING A SECURE BASELINE INSTALLATION

Presentation transcript:

Operated by the Southeastern Universities Research Association for the U.S. Depart. Of Energy Thomas Jefferson National Accelerator Facility Mike Memory ESCC Ohio State University July 21–22, 2004 Wireless and Post OA Security Review Mike Memory

Operated by the Southeastern Universities Research Association for the U.S. Depart. Of Energy Thomas Jefferson National Accelerator Facility Mike Memory Outline Administrative Issues Purchasing Policy Credit Cards ADP Approval Documentation Policy Procedure Configuration Management

Operated by the Southeastern Universities Research Association for the U.S. Depart. Of Energy Thomas Jefferson National Accelerator Facility Mike Memory Outline Cont. Technical Issues Wireless Issues with Technology Lab daily users Lab Guest Flat Network Security Model Enclaves Access control

Operated by the Southeastern Universities Research Association for the U.S. Depart. Of Energy Thomas Jefferson National Accelerator Facility Mike Memory Administrative Issues Purchasing What purchases are for network capable items? ADP approval required for a gas analyzer, key lock box, etc.? Need better control from procurement regarding credit cards and requisitions Once purchased, how do we deal with it Documentation User awareness of Policies and CSPP Risk assessments Procedures regarding testing and deployment of new technology Configuration Management for hosts, network devices, etc.

Operated by the Southeastern Universities Research Association for the U.S. Depart. Of Energy Thomas Jefferson National Accelerator Facility Mike Memory Technical Issues - Wireless WEP was not in use on our Guest/Conference Wireless Needed WEP and a Firewall (or ACL in router) at minimum Limit access to the site and to the Internet WEP was in use on the JLab user wireless network But that is not enough Suggested VPN, IPSec, Firewall Need to treat WEP keys like user passwords Storing, Changing, Distributing issues Need detection for rouge access points Other suggestions x, i, etc.

Operated by the Southeastern Universities Research Association for the U.S. Depart. Of Energy Thomas Jefferson National Accelerator Facility Mike Memory Technical Issues - Network Problem Flat Network Security Model Users can access most (not all) networks freely Resolution Segmentation of network Enclaves need to be created based on: security requirements, work group, functionality Greater access controls between enclaves with ACL’s Access to DAQ systems from desktop? No.

Operated by the Southeastern Universities Research Association for the U.S. Depart. Of Energy Thomas Jefferson National Accelerator Facility Mike Memory Fixing The Issues Most issues we knew about and had plan for Tough to implement with limited resources Our timelines for implementation were seen as taking to long Developed 5 Teams – Driven by our CIO Network Security Team Wireless Security Team X11 Host Configuration and Management Authentication and Authorization

Operated by the Southeastern Universities Research Association for the U.S. Depart. Of Energy Thomas Jefferson National Accelerator Facility Mike Memory What we have done since OA Determined Risk Assessment for all issues via teams Tightened down our conference network Done - WEP and ACL now limiting access Deploying more VLANs as we categorize users and services for enclave assignment Evaluating other wireless solutions for new technologies Policies for purchasing changes well underway Working hard to get more human resources

Operated by the Southeastern Universities Research Association for the U.S. Depart. Of Energy Thomas Jefferson National Accelerator Facility Mike Memory Conclusion The OA review was educational Lots of work has already occurred Lots of work still to do in all areas of computing Collaboration with other Labs a must to help us “NOT” re- invent the wheel