Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 University of WashingtonComputing & Communications UTAC SECURITY UPDATE Terry Gray 1 Oct 2004.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 University of WashingtonComputing & Communications UTAC SECURITY UPDATE Terry Gray 1 Oct 2004."— Presentation transcript:

1 1 University of WashingtonComputing & Communications UTAC SECURITY UPDATE Terry Gray 1 Oct 2004

2 2 University of WashingtonComputing & Communications AGENDA I. Background II. Activities III. Recommendations

3 3 University of WashingtonComputing & Communications I. BACKGROUND

4 4 University of WashingtonComputing & Communications PREMISE Insecure computers threaten : –their users –UW systems & networks –UW reputation & resources –UW staff, students, patients, partners

5 5 University of WashingtonComputing & Communications UW's PERFECT (Security) STORM All the usual Fortune 500 security issues Two hospitals, multiple clinics Classified government & commercial research 45,000 students 75,000 computers of amazing diversity Academic “pseudo-anonymity” requirements Residence Halls with students as well as non-UW renters Extraordinary connectivity (fast attack propagation) Decentralized culture (hundreds of independent biz units) Increasingly sophisticated/hostile attack environment Increasing dependency on network apps Decreasing tolerance for outages Increasing legal/regulatory risk and liability Importance of research/clinical leverage complicates perimeter definitions

6 6 University of WashingtonComputing & Communications FUNDAMENTAL TENSIONS Security vs. complexity Security vs. supportability (esp MTTR) Security vs. local autonomy Security vs. convenience Security vs. innovation Networking is about connectivity; Security is about isolation.

7 7 University of WashingtonComputing & Communications CONCERNS False sense of security Increasing complexity Decentralized culture --> inconsistent solutions Unfunded security mandates Cost shifting from guilty to innocent Perimeter defense won't stop next-gen attacks Users often don’t know their machine is infected The devil is in the details (e.g. FW config) Security policy often looks like network failure

8 8 University of WashingtonComputing & Communications IMPACT Security: the gift that keeps on taking –High incident risk with potentially big liability –Network assumptions have fundamentally changed –Prevention and cleanup costs will continue to grow Solutions: –Still no substitute for well-managed hosts –More constraints/isolation/inconvenience inevitable –Defense-in-depth mandatory... but: –Increasing solution complexity implies increasing TTR

9 9 University of WashingtonComputing & Communications II. ACTIVITIES

10 10 University of WashingtonComputing & Communications UW MEDICINE ACTIVITIES Policy definition and training Inventories and informal compliance reviews Centrally-managed host-based firewalls Secure server sanctuaries in data center Working with C&C on perimeter defense Improved application auditing Improved authentication Minimum Security for all SOM devices –Desktop firewall –Anti-virus with automatic updates –Automatic updates of operating system

11 11 University of WashingtonComputing & Communications C&C SECURITY ROLE Past: –Protect the infrastructure Future: –Help protect unmanaged hosts (“the guilty”) –Support Defense-In-Depth objectives

12 12 University of WashingtonComputing & Communications C&C SECURITY GROUPS Security Operations (detection & remediation) Security Solutions (policy & prevention) Security Administration (of C&C systems) Security Middleware development (auth tools) Network Architecture/Engineering/Tools

13 13 University of WashingtonComputing & Communications C&C SECURITY ACTIVITIES -1 Working with UW Medicine and PASSC –On policies and implementation Security Operations –Monitoring and incident response –Quarantine infected hosts –Proactive scanning for vulnerabilities Perimeter defense –Logical firewalls (LFWs) –Managed inline firewalls –Intrusion Prevention System –UW Medicine zone perimeter firewall

14 14 University of WashingtonComputing & Communications C&C SECURITY ACTIVITIES -2 Indirect/proxy host management –Probe machine status when authenticating –Proactive vulnerability scanning –Quarantine vulnerable hosts? Client services –Supporting EPLT Computer Vet stations SW licensing & distribution -antivirus, uwick, etc Network Architecture changes Host management services (Nebula) Datacenter colo facilities (server sanctuaries) Email virus (and Spam) blocking

15 15 University of WashingtonComputing & Communications III. RECOMMENDATIONS

16 16 University of WashingtonComputing & Communications MINIMUM O.S. STANDARDS Use only O.S. versions supported by vendor Enable host firewall or equiv. access restrictions Enable auto-patching or equiv. central config mgt Use anti-virus software (with auto-updating) Enable logging

17 17 University of WashingtonComputing & Communications BEST TECHNICAL PRACTICES For applications: –Use secure protocols (e.g. SSH, SSL/TLS, K5, RDP) –Use central authentication infrastructure –Use two-factor authentication and/or one-time keys –No cleartext passwords on the wire! For operating systems: –Disable or block unneeded services –Tunnel insecure OS protocols (e.g. NTLM in IPSEC)

18 18 University of WashingtonComputing & Communications BEST OPERATIONAL PRACTICES Adequately fund security support & training Manage hosts en masse (cheaper, more effective) Do risk assessments Do penetration tests Do periodic reviews/audits Put servers in dedicated and secure facilities Regularly review the logs!

19 19 University of WashingtonComputing & Communications DISCUSSION ISSUES Consensus on recommendations? Exceptions policy? Enforcement policy? Consequences/sanctions? Funding?

Download ppt "1 University of WashingtonComputing & Communications UTAC SECURITY UPDATE Terry Gray 1 Oct 2004."

Similar presentations

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Firewalls & VPNs Terry Gray UW Computing & Communications 13 September 2000.

Firewalls & VPNs Terry Gray UW Computing & Communications 13 September 2000.
Unleashing the Power of Ubiquitous Connectivity with IPv6 Sandeep K. Singhal, Ph.D Director of Program Management Windows Networking.

Unleashing the Power of Ubiquitous Connectivity with IPv6 Sandeep K. Singhal, Ph.D Director of Program Management Windows Networking.
1 10/31/05 NETWORK PLANNING TASK FORCE Information Security.

1 10/31/05 NETWORK PLANNING TASK FORCE Information Security.
The State of Security Management By Jim Reavis January 2003.

The State of Security Management By Jim Reavis January 2003.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
University of WashingtonComputing & Communications Ten Minutes on Five Nines Terry Gray Associate VP, IT Infrastructure University of Washington Common.

University of WashingtonComputing & Communications Ten Minutes on Five Nines Terry Gray Associate VP, IT Infrastructure University of Washington Common.
Network Insecurity: challenging conventional wisdom Terry Gray UW Computing & Communications 10 October 2000.

Network Insecurity: challenging conventional wisdom Terry Gray UW Computing & Communications 10 October 2000.
August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.

August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
University of WashingtonComputing & Communications Open Network Security or “closed network” insecurity? Terry Gray Director, Networks & Distributed Computing.

University of WashingtonComputing & Communications Open Network Security or “closed network” insecurity? Terry Gray Director, Networks & Distributed Computing.
Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.

Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.
Uw network security 2003 Terry Gray University of Washington Computing & Communications 17 October 2003.

Uw network security 2003 Terry Gray University of Washington Computing & Communications 17 October 2003.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
1 University of WashingtonComputing & Communications CAMPUS NETWORKING & SECURITY UPDATE Terry Gray 16 Dec 2004.

1 University of WashingtonComputing & Communications CAMPUS NETWORKING & SECURITY UPDATE Terry Gray 16 Dec 2004.
Security in the post-Internet era: the needs of the many the needs of the few Terry Gray University of Washington Fall Internet2 Meeting 16 October 2003.

Security in the post-Internet era: the needs of the many the needs of the few Terry Gray University of Washington Fall Internet2 Meeting 16 October 2003.
Symantec AntiVirus Update Mark Reynolds Manager of Support Services Technology Support Services Michael Satut Manager of Distributed Support Services Technology.

Symantec AntiVirus Update Mark Reynolds Manager of Support Services Technology Support Services Michael Satut Manager of Distributed Support Services Technology.
Trend Micro Round Table May 19, 2006. Agenda Introduction – why switch? Timeline for implementation Related policies Trend Micro product descriptions.

Trend Micro Round Table May 19, Agenda Introduction – why switch? Timeline for implementation Related policies Trend Micro product descriptions.
SIRT Contact Orientation Security Incident Response Team Departmental Security Contacts April 16, 2004.

SIRT Contact Orientation Security Incident Response Team Departmental Security Contacts April 16, 2004.
Network Access Management Trends in IT Applications for Management Prepared by: Ahmed Ibrahim S09761197.

Network Access Management Trends in IT Applications for Management Prepared by: Ahmed Ibrahim S

Similar presentations

Ads by Google