Presentation is loading. Please wait.

Presentation is loading. Please wait.

Greg Williams. IT Security Program  Objective is to maintain integrity of University systems  Minimum Security Standard.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Greg Williams. IT Security Program  Objective is to maintain integrity of University systems  Minimum Security Standard."— Presentation transcript:

1 Greg Williams

2 IT Security Program  Objective is to maintain integrity of University systems  Minimum Security Standard

3 Why Scan? An example

4 Planning for a scan  Questions to consider: Is the scan going to be on production services? How do I want it scanned? Do I have the man power to fix something right away (you knew about it, why didn’t you fix it)? What monitoring do I have in place and how do I watch it in case something goes wrong?

5 Nessus  Vulnerability Scanner  Scans Windows, *nix, network infrastructures for known vulnerabilities  Web scanning – directory traversal, CGI vulnerability scanning  Compliance scanning – PCIDSS, DISA, CERT, NIST, GLBA, HIPAA

6 Nessus con’t

7  Safe Checks – Turns off possibly unsafe operations performed during scan.  Authentication – Ability to check the server fully via SMB, Kerberos, Windows, SSH  Plugins – Turn on or off specific types of scans  Preferences – Granular checks (DB, Web including HTTP form authentication, CGI scans, etc)

8 Nessus Reporting

9 Nessus Reporting con’t

10 What do you do after reporting  OS Patching  Coding changes  Turn off ports  Develop metrics

11

Download ppt "Greg Williams. IT Security Program  Objective is to maintain integrity of University systems  Minimum Security Standard."

Similar presentations

Approaches to meeting the PCI Vulnerability Management and Penetration Testing Requirements Clay Keller.

Approaches to meeting the PCI Vulnerability Management and Penetration Testing Requirements Clay Keller.
Driving Factors Security Risk Mgt Controls Compliance.

Driving Factors Security Risk Mgt Controls Compliance.
CN 8822. Objectives of the course To build and maintain a UNIX-based Network Systems & Servers Install Linux, fine tune the system, enable required server,

CN Objectives of the course To build and maintain a UNIX-based Network Systems & Servers Install Linux, fine tune the system, enable required server,
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.
Network Security and Audits LITN Fall Conference 2006 Presented by Katie Givens Mosaic.

Network Security and Audits LITN Fall Conference 2006 Presented by Katie Givens Mosaic.
Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.

Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.
Host Hardening (March 21, 2011) © Abdou Illia – Spring 2011.

Host Hardening (March 21, 2011) © Abdou Illia – Spring 2011.
Red Team “You keep using that word, I do not think it means what you think it means” – Inigo Montoya.

Red Team “You keep using that word, I do not think it means what you think it means” – Inigo Montoya.
Barracuda Web Application Firewall

Barracuda Web Application Firewall
Vulnerability Assessments with Nessus 3 Columbia Area LUG January 10 2007.

Vulnerability Assessments with Nessus 3 Columbia Area LUG January
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
Vulnerability Analysis Borrowed from the CLICS group.

Vulnerability Analysis Borrowed from the CLICS group.
CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.

CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.
Information Networking Security and Assurance Lab National Chung Cheng University 1 A Vulnerability Assessment NIKTO.

Information Networking Security and Assurance Lab National Chung Cheng University 1 A Vulnerability Assessment NIKTO.
Web server security Dr Jim Briggs WEBP security1.

Web server security Dr Jim Briggs WEBP security1.
Greg Williams. IT Security Program  Objective is to maintain integrity of University systems  Minimum Security Standard 12/5/2010Greg Williams CS591.

Greg Williams. IT Security Program  Objective is to maintain integrity of University systems  Minimum Security Standard 12/5/2010Greg Williams CS591.
Windows To WebDAV A File Server Case Study John F. Hall IT-User Services, University of Delaware MARC ‘05 Copyright John F. Hall 2005. This work is the.

Windows To WebDAV A File Server Case Study John F. Hall IT-User Services, University of Delaware MARC ‘05 Copyright John F. Hall This work is the.
Vulnerability Types And How to Use Them.

Vulnerability Types And How to Use Them.
Capture The Flag Review Fall 2003 Giovanni Vigna University of California Santa Barbara

Capture The Flag Review Fall 2003 Giovanni Vigna University of California Santa Barbara
Computerized Networking of HIV Providers Networking Fundamentals Presented by: Tom Lang – LCG Technologies Corp. May 8, 2003.

Computerized Networking of HIV Providers Networking Fundamentals Presented by: Tom Lang – LCG Technologies Corp. May 8, 2003.

Similar presentations

Ads by Google