Presentation is loading. Please wait.

Presentation is loading. Please wait.

SIRT Contact Orientation Security Incident Response Team Departmental Security Contacts April 16, 2004.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "SIRT Contact Orientation Security Incident Response Team Departmental Security Contacts April 16, 2004."— Presentation transcript:

1 SIRT Contact Orientation Security Incident Response Team Departmental Security Contacts April 16, 2004

2 SIRT Departmental Security Contact Orientation Why Are We Here? Introductions The SIRT and you Compromise recovery procedure Current security issues Resources Future events Free refreshments

3 SIRT Departmental Security Contact Orientation Introductions Dr. Elizabeth Unger, VPAST Security Incident Response Team –And their alternates –Representatives from all academic colleges and major administrative units Departmental contacts –When this is all over, introduce yourself to your SIRT representatives

4 SIRT Departmental Security Contact Orientation The SIRT And You SIRT History –March 2003: IT Security SWAT team chaired by Roger Terry recommends formation of SIRT –Summer 2003: Interim SIRT formed –September 2003: Permanent SIRT formed Representatives from all colleges and major administrative units 0.3 time spent on SIRT activities

5 SIRT Departmental Security Contact Orientation The SIRT And You SIRT’s charge (reactive/proactive/advisory): –Coordinated security incident response –Alerts to new vulnerabilities and attacks –Implement/coordinate preventative security measures –Security awareness and best practice training –Advise on secure design of apps, systems, networks –Host an annual security workshop

6 SIRT Departmental Security Contact Orientation The SIRT And You SIRT is: –Coordinate rapid incident response for campus –Advise on security best practices –Communication channel SIRT is NOT: –A policy body (that’s IRMC) –IT police –Additional technical support for your department

7 SIRT Departmental Security Contact Orientation The SIRT And You Role of Departmental Security Contact (and your local IT support people): –Respond to incidents in your unit –Repair compromised systems –Implement preventative measures –Alert your SIRT rep. about unusual activities –Enforce policies at the local level –Educate your users on security best practices –Pass along security information to your unit

8 SIRT Departmental Security Contact Orientation The SIRT And You The goal is for you, your users, the SIRT, and central IT services to work together to protect K-State’s information and technology resources.

9 SIRT Departmental Security Contact Orientation Compromise Recovery Procedure A compromised host is detected –By IDS, network monitoring, or abuse report The host is blocked –Usually by CNS with a router filter –Sometimes you’ll pull the plug

10 SIRT Departmental Security Contact Orientation Procedure, Cont. The departmental contact is notified –That’s you –Via email to SIRT-CONTACTS So you need to watch this email list –See also Blocked Hosts web page You notify the affected user

11 SIRT Departmental Security Contact Orientation Procedure, Cont. You arrange for the host to be cleaned up –Try to find out what caused the compromise –Recovery may mean reformat / reinstall You contact your SIRT representative to have the host unblocked –Or their alternate, if they’re unavailable Your SIRT rep contacts CNS

12 SIRT Departmental Security Contact Orientation Current Security Issues Network-based worms E-mail viruses and worms Accounts without good password Poor patch management Insecure servers

13 SIRT Departmental Security Contact Orientation Problem: Network-based Worms Currently our biggest issue –Navpaw, Gaobot No user interaction necessary Exploiting security vulnerabilities Exploiting Windows accounts without good password Leaving behind back doors

14 SIRT Departmental Security Contact Orientation Network-based Worms: Solutions Patch, patch, patch Symantec Antivirus with daily updates Good passwords on Windows accounts Network vulnerability scans

15 SIRT Departmental Security Contact Orientation Problem: E-mail Viruses And Worms (“Malware”) ‘Zero-Day’, fast propagation Smarter social engineering Leaving behind back doors Cleanup is costly and painful

16 SIRT Departmental Security Contact Orientation E-mail Viruses And Worms: Solutions New version of Symantec is anomaly-based as well as signature-based Symantec Antivirus with daily updates Coming soon to central e-mail: real anti- virus filtering Managed antivirus installations Users are learning to be careful

17 SIRT Departmental Security Contact Orientation Problem: Accounts Without Good Password Network-based worms are exploiting Windows accounts with no or weak password Hackers can do the same thing

18 SIRT Departmental Security Contact Orientation Accounts Without Good Password: Solutions All Windows accounts should be disabled or have a good password Future versions of Windows should enforce this Network scans (by the White Hats)

19 SIRT Departmental Security Contact Orientation Problem: Poor Patch Management Applications as well as OS New Microsoft Update critical patches released this week –Did you know that? –Were they applied to your computers?

20 SIRT Departmental Security Contact Orientation Poor Patch Management: Solutions Windows Software Update Services Automatic Updates Phase out older OS versions

21 SIRT Departmental Security Contact Orientation Problem: Insecure Servers MS/SQL Blaster IIS Open SMTP relays UNIX / Linux / Mac OS/X A server on every desktop –Which are legitimate?

22 SIRT Departmental Security Contact Orientation Insecure Servers: Solutions Minimal OS install Turn off unneeded servers Windows 2003 gets this right Regular port scans to detect new servers Firewall the campus

23 SIRT Departmental Security Contact Orientation Problem: Lack Of Security Awareness

24 SIRT Departmental Security Contact Orientation Solution: You

25 SIRT Departmental Security Contact Orientation Resources SIRT / Security web site Your SIRT representative Your peers Central IT Training

26 SIRT Departmental Security Contact Orientation SIRT Web Site http://www.ksu.edu/InfoTech/security/SIRT –Blocked hosts –Departmental security contact list –SIRT representative and backup list –Work in progress

27 SIRT Departmental Security Contact Orientation Training CNS TSC Incident Remediation training in May All-day training planned for Tuesday, June 29 in Union Little Theatre –You really really should attend. Refreshments! Microsoft security training planned for June More in the future, probably semi-annually

28 SIRT Departmental Security Contact Orientation The Future Regular network scans of connected devices –Identify new hosts –Identify new services (open ports) –Vulnerability scans Server registration IDS, ADS Firewalls

29 SIRT Departmental Security Contact Orientation Questions?

30 Thanks For Coming! Remember to introduce yourself to your SIRT representative

Download ppt "SIRT Contact Orientation Security Incident Response Team Departmental Security Contacts April 16, 2004."

Similar presentations

By Hiranmayi Pai Neeraj Jain

By Hiranmayi Pai Neeraj Jain
Current Security Threats WMO CBS ET-CTS Toulouse, France 26-30 May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.

Current Security Threats WMO CBS ET-CTS Toulouse, France May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.
Intrusion Detection Systems By: William Pinkerton and Sean Burnside.

Intrusion Detection Systems By: William Pinkerton and Sean Burnside.
Computer Security Workshops Security 101 - Introduction, Central Principles and Concepts.

Computer Security Workshops Security Introduction, Central Principles and Concepts.
Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Oct 4, 2006Dept Security Contacts Training1 Security Roles and Responsibilities Harvard Townsend Interim University IT Security Officer

Oct 4, 2006Dept Security Contacts Training1 Security Roles and Responsibilities Harvard Townsend Interim University IT Security Officer
UNITS meeting September 30, 2004 Network Security Roger Safian

UNITS meeting September 30, 2004 Network Security Roger Safian
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Trend Micro Round Table May 19, 2006. Agenda Introduction – why switch? Timeline for implementation Related policies Trend Micro product descriptions.

Trend Micro Round Table May 19, Agenda Introduction – why switch? Timeline for implementation Related policies Trend Micro product descriptions.
Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.

Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.
Protect Your Computer Protect Your Work Computing & Communications.

Protect Your Computer Protect Your Work Computing & Communications.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.

Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.
Automating Endpoint Security Policy Enforcement Computing and Networking Services University of Toronto.

Automating Endpoint Security Policy Enforcement Computing and Networking Services University of Toronto.
Incident Response Updated 03/20/2015

Incident Response Updated 03/20/2015
Information Security Information Technology and Computing Services Information Technology and Computing Services

Information Security Information Technology and Computing Services Information Technology and Computing Services
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

Similar presentations

Ads by Google