Presentation is loading. Please wait.

Presentation is loading. Please wait.

SLAC Vulnerability Scanning Cyber Security Working Group - LBL December 5, 2005 Teresa Downey - SLAC.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "SLAC Vulnerability Scanning Cyber Security Working Group - LBL December 5, 2005 Teresa Downey - SLAC."— Presentation transcript:

1 SLAC Vulnerability Scanning Cyber Security Working Group - LBL December 5, 2005 Teresa Downey - SLAC

2 Tools Used  ISS RealSecure SiteProtector Consoles  1 ISS RealSecure SiteProtector DB  5 ISS Internet Scanners  1 DNS Registration DB (CANDO)  2 Windows Automated Patching Methods (that mostly work)  ~20 Desktop Admins (for when the automated patching doesn’t work)

3 “Daily” Scans  Lab is 24x7 – scans run 3x/day  “Daily” policy runs 30-40 tests  Most are recent “critical” Windows patches  P2P and Remote Admin software tests  “No SA password” test  Finds the unexpected…

4 Updates to “Daily” Policy  All tests are listed in SLAC Security web page  Deadlines (if set) are found on same page  URLs to “disconnect” procedures as well  DHCP/VPN/Dial-UP Users  Deadline of ~10 days after patch release  Mailing list used to reach all “remote” users  Fixed IP Users  Only set deadlines on vulns w/ active exploits  Mailing list to reach all “windows” users

5 Enforcement of “Daily” Scan  Vulnerabilities found are dumped to CSV  Imported into Oracle DB; merged with DNS Registration DB (CANDO); and exported to Excel file on network  Tue/Thu = Desktop Admin e-mail  If past deadline – fix it or IP is blocked from Internet at 6PM – blocked immediately if dhcp/vpn/dial-up user  Fridays = System Admin “Nag” e-mail  If vulnerable (w/o deadline) for > 2 weeks  Mon/Wed/Sat – just e-mail Security – or notify SysAdmin if extremely critical patch missing  “Daily” scan & enforcement is 30 to 60 mins/day

6 “Quarterly” Scans  Web Servers  Standard ISS L4 Web Server Policy  Could switch to monthly  SANS TOP 20  Visitor Network  Public Networks  “Special” Networks (open, but critical apps)  Private Networks (haven’t gotten to these yet…)

7 Enforcement of “Quarterly” Scans  Trouble Tickets Created in RT  Most of the “highs” & a few of the “mediums”  Work with System Admins to get resolved or…  Move systems into Internet-Free-Zone  Rescanning; Assisting Admins; Closing Tickets is a huge effort. Takes about 1 month of my time. Hoping this drops each quarter.

8 ScanMe Application  To keep the Desktop Admins from constantly contacting me to re-scan…  One dedicated Internet Scanner with a Web front-end  Windows Authentication  Enter IP and Policy to use  Verify caller is authorized  PDF report is emailed to requester  Big time-saver for me – Admins like it!

9 Questions?

Download ppt "SLAC Vulnerability Scanning Cyber Security Working Group - LBL December 5, 2005 Teresa Downey - SLAC."

Similar presentations

Process Improvement Analysis and Reporting APPLICATIONS TOOLS COMPONENTS CONSULTING.

Process Improvement Analysis and Reporting APPLICATIONS TOOLS COMPONENTS CONSULTING.
Security Update Server Registration, Active scanning and Windows patching.

Security Update Server Registration, Active scanning and Windows patching.
The Free IT Management App & Community. What Do I Have? How Do I Keep Track of Everything? Is Everything Working? How Do I Fix IT? IT Admin What IT Pros.

The Free IT Management App & Community. What Do I Have? How Do I Keep Track of Everything? Is Everything Working? How Do I Fix IT? IT Admin What IT Pros.
MY INTERNSHIP AT TFA BY: LARRY NGUYEN. WHAT I LEARNED  TECHNICAL  TECHNICAL SKILLS  TEAM  TEAM WORK  BASIC  BASIC FUNDAMENTALS  COMPUTER  COMPUTER.

MY INTERNSHIP AT TFA BY: LARRY NGUYEN. WHAT I LEARNED  TECHNICAL  TECHNICAL SKILLS  TEAM  TEAM WORK  BASIC  BASIC FUNDAMENTALS  COMPUTER  COMPUTER.
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
Terri Lahey LCLS Facility Advisory Committee 20 April 2006 LCLS Network Security Terri Lahey.

Terri Lahey LCLS Facility Advisory Committee 20 April 2006 LCLS Network Security Terri Lahey.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
Patching MIT SUS Services IS&T Network Infrastructure Services Team.

Patching MIT SUS Services IS&T Network Infrastructure Services Team.
Information Technology Audit Process Business Practices Seminar Paul Toffenetti, CISA Internal Audit 29 February 2008.

Information Technology Audit Process Business Practices Seminar Paul Toffenetti, CISA Internal Audit 29 February 2008.
Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.

Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.
Spiceworks Overview Enterprise Business Group Jul-2015.

Spiceworks Overview Enterprise Business Group Jul-2015.
Fermilab VPN Service What is a VPN ?.

Fermilab VPN Service What is a VPN ?.
UNIT 9 SEMINAR – THE LAST ONE  ! Unit 9 Chapter 9 in CompTIA Security + 1 Course Name – IT286-01 Introduction to Network Security Instructor – Jan McDanolds,

UNIT 9 SEMINAR – THE LAST ONE  ! Unit 9 Chapter 9 in CompTIA Security + 1 Course Name – IT Introduction to Network Security Instructor – Jan McDanolds,
Automating Endpoint Security Policy Enforcement Computing and Networking Services University of Toronto.

Automating Endpoint Security Policy Enforcement Computing and Networking Services University of Toronto.
Desktop Security: Worms and Viruses Brian Arkills, C&C NDC-Sysmgt.

Desktop Security: Worms and Viruses Brian Arkills, C&C NDC-Sysmgt.
W3af LUCA ALEXANDRA ADELA – MISS 1. w3af  Web Application Attack and Audit Framework  Secures web applications by finding and exploiting web application.

W3af LUCA ALEXANDRA ADELA – MISS 1. w3af  Web Application Attack and Audit Framework  Secures web applications by finding and exploiting web application.
First Community Bank www.fcbnm.com Prevx Safe Online Rollout & Best Practice Presentation.

First Community Bank Prevx Safe Online Rollout & Best Practice Presentation.
1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.

1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.
Chapter 14: Remote Server Administration BAI617. Chapter Topics Configure Windows Server 2008 R2 servers for remote administration Remotely connect to.

Chapter 14: Remote Server Administration BAI617. Chapter Topics Configure Windows Server 2008 R2 servers for remote administration Remotely connect to.
Module 4: Add Client Computers and Devices to the Network.

Module 4: Add Client Computers and Devices to the Network.

Similar presentations

Ads by Google