Proposed UW Minimum Computer Security Standards From C&C 28 Jan 2005 Draft.

Slides:

Advertisements

Similar presentations

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.

Advertisements

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

Personal Info 1 Prepared by: Mr. NHEAN Sophan  Presenter: Mr. NHEAN Sophan  Position: Desktop Support  Company: Khalibre Co,. Ltd 

© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.

Network Security Philadelphia UniversityAhmad Al-Ghoul Module 11 Exploring Secure Topologies  MModified by :Ahmad Al Ghoul  PPhiladelphia.

Security+ Guide to Network Security Fundamentals

N ETWORK S ECURITY Presented by: Brent Vignola. M ATERIAL OVERVIEW … Basic security components that exist in all networks Authentication Firewall Intrusion.

24/7/365 Remote Computer Support. Program Overview.

UW Security Policy and Implementation 26 Apr 2010 TINFO 340: Information Assurance Stephen Rondeau Institute of Technology Labs Administrator.

Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.

Network Security Testing Techniques Presented By:- Sachin Vador.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

1 University of WashingtonComputing & Communications CAMPUS NETWORKING & SECURITY UPDATE Terry Gray 16 Dec 2004.

Firewalls As Presented by Brian Dunn. Definition General Protects computer(s) from unauthorized access Types Hardware devices Software programs.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Computer Security Fundamentals

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Morris Bennett Altman Director of Network Services Internet Security Officer Queens College, CUNY Are You Exposed? Network Security.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

New Data Regulation Law 201 CMR TJX Video.

OPSEC Awareness Briefing Multi-Function Printer (MFP) Security.

Security Guide for Interconnecting Information Technology Systems

Internet Safety By Megan Wilkinson. Viruses If your computer haves a viruses on it, it will show one of them or a different one. All commuters have different.

Chapter 2 Information Security Overview The Executive Guide to Information Security manual.

Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

Introduction to Information and Computer Science Security Lecture b This material (Comp4_Unit8b) was developed by Oregon Health and Science University,

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 2 This material was developed by Oregon Health & Science University,

Common Cyber Defenses Tom Chothia Computer Security, Lecture 18.

Chapter 6 of the Executive Guide manual Technology.

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

A virus is software that spreads from program to program, or from disk to disk, and uses each infected program or disk to make copies of itself. Basically.

Firewalls Nathan Long Computer Science 481. What is a firewall? A firewall is a system or group of systems that enforces an access control policy between.

Chapter 01: Introduction to Network Security. Network  A Network is the inter-connection of communications media, connectivity equipment, and electronic.

Lesson 9-Information Security Best Practices. Overview Understanding administrative security. Security project plans. Understanding technical security.

Note1 (Admi1) Overview of administering security.

Completing network setup. INTRODUCTION Course Overview Course Objectives.

Wireless Intrusion Prevention System

Small Business Security Keith Slagle April 24, 2007.

Module 11: Designing Security for Network Perimeters.

IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.

IT Security Policy: Case Study March 2008 Copyright , All Rights Reserved.

Computer Security Status Update FOCUS Meeting, 28 March 2002 Denise Heagerty, CERN Computer Security Officer.

IPv6 security for WLCG sites (preparing for ISGC2016 talk) David Kelsey (STFC-RAL) HEPiX IPv6 WG, CERN 22 Jan 2016.

“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

Information Systems CS-507 Lecture 32. Physical Intrusion The intruder could physically enter an organization to steal information system assets or carry.

Computer Security Sample security policy Dr Alexei Vernitski.

Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.

Unit 2 Personal Cyber Security and Social Engineering Part 2.

Antivirus Software Technology By Mitchell Zell. Intro  Computers are vulnerable to attack  Most common type of attack is Malware  Short for malicious.

SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #

NETWORK SECURITY LAB 1170 REHAB ALFALLAJ CT1406. Introduction There are a number of technologies that exist for the sole purpose of ensuring that the.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.

Critical Security Controls

Instructor Materials Chapter 7 Network Security

Systems Security Keywords Protecting Systems

Cyber Security By: Pratik Gandhi.

Business Risks of Insecure Networks

Answer the questions to reveal the blocks and guess the picture.

Security in Networking

Information Security Session October 24, 2005

12 STEPS TO A GDPR AWARE NETWORK

Networking for Home and Small Businesses – Chapter 8

Network hardening Chapter 14.

24/7/365 Remote Computer Support

Networking for Home and Small Businesses – Chapter 8

Networking for Home and Small Businesses – Chapter 8

Presentation transcript:

Proposed UW Minimum Computer Security Standards From C&C 28 Jan 2005 Draft

Background 80K computers, plus more used from outside Compromised computers threat to neighbors and any other connected computers Computing devices must be managed in order to be allowed access to network and network services

Goals Prevent computing devices from: –being accessed or used by unauthorized entities –causing harm to other computers at UW or elsewhere –causing harm to UW network or other networks Nongoal: information security –to be standardized later

Applicability Device is: –owned by UW –directly connected to UW network –accessing UW network via: UW dial-in wireless access point attached to UW network VPN connection, if effectively part of UW network Audience: sys admins and computer owners

Minimum Standards by Type Devices must not be attached to network: unless protected by a firewall or properly managed Types: –servers, desktops and laptops –PDAs and smartphones –office machines –specialized computing equipment –firewalls Exemptions: intrusion detection, security research

Servers, Desktops, Laptops Control access: via good passwords optionally, secure tokens Disable/block all unnecessary network services Servers: allow only traffic essential for services Desktop/laptop: block unsolicited connections Use only operating systems for which security updates are readily available, or put behind firewall

Servers, Desktops, Laptops (cont) Enable auto-patching if provided, or provide other configuration management Install security updates for applications, too Don’t install software which grants unauthorized users access to non-public data Counteract malicious software via: antiviral programs spyware removal programs etc. Enable logging, and periodically review logs

PDAs and Smartphones As viruses and worms become more commonplace, since no other method available: –keep up with security bulletins –update as needed

Office Machines Printers, copiers and fax machines on network may have software faults that allow compromise or can cause damage Auto-patching and use of integral firewalls may not be an option May be difficult to detect when compromised, but when detected: remove from network until repaired or put behind firewall

Specialized Computing Equipment PI or unit head is responsible Still must be protected from attack or exploit May require external security applicances (e.g. firewalls and VPN)

Security Audits All devices covered by standard are subject to audit at any time; cooperation is “expected” Periodic reviews by UW Internal Audits; includes: interviews and inspection of documents showing adherence to procedures technical means such as vulnerability scans Examine not only min standards, but info security standards and best practices –others besides those responsible must conduct reviews Departments expected to conduct periodic reviews

Consequences Noncompliant devices disconnected Responsible parties may be subject to reconnection fee Disconnection could be automatic or from a manual intervention PASS Council may take action if multiple incidents or willful disregard