Presentation is loading. Please wait.

Presentation is loading. Please wait.

Greg Williams. IT Security Program  Objective is to maintain integrity of University systems  Minimum Security Standard 12/5/2010Greg Williams CS591.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Greg Williams. IT Security Program  Objective is to maintain integrity of University systems  Minimum Security Standard 12/5/2010Greg Williams CS591."— Presentation transcript:

1 Greg Williams

2 IT Security Program  Objective is to maintain integrity of University systems  Minimum Security Standard 12/5/2010Greg Williams CS591 F20102

3 Why Scan? An example 12/5/2010Greg Williams CS591 F20103

4 Planning for a scan Is the scan going to be on production services? How do I want it scanned? Do I have the man power to fix something right away (you knew about it, why didn’t you fix it)? What monitoring do I have in place and how do I watch it in case something goes wrong? Are there subnets that have specialized servers that need to be scanned for compliance? 12/5/2010Greg Williams CS591 F20104

5 Nessus  Vulnerability Scanner  Scans Windows, *nix, network infrastructures for known vulnerabilities  Web scanning – directory traversal, CGI vulnerability scanning  Compliance scanning – PCIDSS, DISA, CERT, NIST, GLBA, HIPAA  Ability to scan zero-day exploits 12/5/2010Greg Williams CS591 F20105

6 Nessus con’t 12/5/2010Greg Williams CS591 F20106

7 Nessus con’t  Safe Checks – Turns off possibly unsafe operations performed during scan.  Authentication – Ability to check the server fully via SMB, Kerberos, Windows, SSH  Plugins – Turn on or off specific types of scans  Preferences – Granular checks (DB, Web including HTTP form authentication, CGI scans, etc) 12/5/2010Greg Williams CS591 F20107

8 Nessus Reporting 12/5/2010Greg Williams CS591 F20108

9 Nessus Reporting con’t 12/5/2010Greg Williams CS591 F20109

10 What do you do after reporting  OS Patching  Coding changes  Turn off ports 12/5/2010Greg Williams CS591 F201010

11 Maintain integrity  Fine tune scanning – if you aren’t logging into the server to check for vulnerabilities, you should be  Setup a scanning schedule, include systems that aren’t a high risk. Scan after a patch (2 days after Microsoft Tuesday)  Develop a baseline and scan immediately after a server comes online 12/5/2010Greg Williams CS591 F201011

12 12/5/2010Greg Williams CS591 F201012

Download ppt "Greg Williams. IT Security Program  Objective is to maintain integrity of University systems  Minimum Security Standard 12/5/2010Greg Williams CS591."

Similar presentations

Driving Factors Security Risk Mgt Controls Compliance.

Driving Factors Security Risk Mgt Controls Compliance.
Attie Naude 14 May 2013 Windows Azure Mobile Services.

Attie Naude 14 May 2013 Windows Azure Mobile Services.
CN 8822. Objectives of the course To build and maintain a UNIX-based Network Systems & Servers Install Linux, fine tune the system, enable required server,

CN Objectives of the course To build and maintain a UNIX-based Network Systems & Servers Install Linux, fine tune the system, enable required server,
Network Security and Audits LITN Fall Conference 2006 Presented by Katie Givens Mosaic.

Network Security and Audits LITN Fall Conference 2006 Presented by Katie Givens Mosaic.
Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.

Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.
Host Hardening (March 21, 2011) © Abdou Illia – Spring 2011.

Host Hardening (March 21, 2011) © Abdou Illia – Spring 2011.
Red Team “You keep using that word, I do not think it means what you think it means” – Inigo Montoya.

Red Team “You keep using that word, I do not think it means what you think it means” – Inigo Montoya.
Barracuda Web Application Firewall

Barracuda Web Application Firewall
Vulnerability Assessments with Nessus 3 Columbia Area LUG January 10 2007.

Vulnerability Assessments with Nessus 3 Columbia Area LUG January
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
University of Alaska System and UAF Information Technology Security Review 2007.

University of Alaska System and UAF Information Technology Security Review 2007.
Vulnerability Analysis Borrowed from the CLICS group.

Vulnerability Analysis Borrowed from the CLICS group.
CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.

CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.
Greg Williams. IT Security Program  Objective is to maintain integrity of University systems  Minimum Security Standard.

Greg Williams. IT Security Program  Objective is to maintain integrity of University systems  Minimum Security Standard.
Web server security Dr Jim Briggs WEBP security1.

Web server security Dr Jim Briggs WEBP security1.
Installing and Configuring a Secure Web Server COEN 351 David Papay.

Installing and Configuring a Secure Web Server COEN 351 David Papay.
Patch Management Module 13. Module 2-421 You Are Here VMware vSphere 4.1: Install, Configure, Manage – Revision A Operations vSphere Environment Introduction.

Patch Management Module 13. Module You Are Here VMware vSphere 4.1: Install, Configure, Manage – Revision A Operations vSphere Environment Introduction.
Vulnerability Types And How to Use Them.

Vulnerability Types And How to Use Them.
NovaBACKUP 10 xSP Technical Training By: Nathan Fouarge

NovaBACKUP 10 xSP Technical Training By: Nathan Fouarge
Capture The Flag Review Fall 2003 Giovanni Vigna University of California Santa Barbara

Capture The Flag Review Fall 2003 Giovanni Vigna University of California Santa Barbara

Similar presentations

Ads by Google