Download presentation
Presentation is loading. Please wait.
Published byShona Lucas Modified over 9 years ago
1
www.more.net | University of Missouri Copyright ©2007 MOREnet and The Curators of the University of Missouri Statenet Security on the cheap and easy Beth Young MOREnet Security youngba@more.net
2
www.more.net | University of Missouri Copyright ©2007 MOREnet and The Curators of the University of Missouri Objectives Introduction What is MOREnet Free security services Cheap security services
3
www.more.net | University of Missouri Copyright ©2007 MOREnet and The Curators of the University of Missouri Beth Young Network Security Analyst Certified Information System Security Professional (CISSP) MOREnet 6 years
4
www.more.net | University of Missouri Copyright ©2007 MOREnet and The Curators of the University of Missouri What is MOREnet? Missouri Research and Education network ISP for –K-12 (515), –higher education (67), –state libraries (131), –state government Technical support Training Incident Response Video conferencing
5
www.more.net | University of Missouri Copyright ©2007 MOREnet and The Curators of the University of Missouri
6
www.more.net | University of Missouri Copyright ©2007 MOREnet and The Curators of the University of Missouri Hub Site Services DNS Netflow Collectors Internet Content Filtering Servers E-mail/Web Hosting Servers Akamai Servers Ruckus Servers Multi-Point Conference Units (video)
7
www.more.net | University of Missouri Copyright ©2007 MOREnet and The Curators of the University of Missouri It isn’t all about the technology
8
www.more.net | University of Missouri Copyright ©2007 MOREnet and The Curators of the University of Missouri Free Services Incident Response Blackhole DNS Good Net Neighbor Phase I Good Net Neighbor Phase II Network Monitoring tools Single machine nmap scan Open Mail Relay testing Monthly Web Seminars Security Awareness
9
www.more.net | University of Missouri Copyright ©2007 MOREnet and The Curators of the University of Missouri Incident response Wait, don’t we all do incident response? –Reading SecCheck logs –Reviewing email headers –Bandwidth reviews –Netflow reviews –Ethereal captures
10
www.more.net | University of Missouri Copyright ©2007 MOREnet and The Curators of the University of Missouri Blackhole DNS http://www.bleedingthreats.net/blackhole-dns/ Another BIND process on current DNS servers No changes to the downloaded zone files cron job to download/update DHCP scope change
11
www.more.net | University of Missouri Copyright ©2007 MOREnet and The Curators of the University of Missouri Good Net Neighbor – Phase I Block Microsoft file and print sharing ports (135, 137-139, 445) Protect members from common viruses Stopped a lot of “nuisance” calls
12
www.more.net | University of Missouri Copyright ©2007 MOREnet and The Curators of the University of Missouri Good Net Neighbor – Phase II Block outbound port 25 traffic except from approved mail servers
13
www.more.net | University of Missouri Copyright ©2007 MOREnet and The Curators of the University of Missouri Network Monitoring tools Behind our secure portal – MyMOREnet Access to MRTG graphs Access to Netflow reports
14
www.more.net | University of Missouri Copyright ©2007 MOREnet and The Curators of the University of Missouri Single machine NMAP scan Behind our secure portal – MyMOREnet Only scans the machine you are logged into Set a time-out value of 5 minutes Can email the report to us for review
15
www.more.net | University of Missouri Copyright ©2007 MOREnet and The Curators of the University of Missouri Open Mail Relay Test Custom PERL script Does 55 tests Still occasionally find a misconfigured mail server
16
www.more.net | University of Missouri Copyright ©2007 MOREnet and The Curators of the University of Missouri Monthly Web Seminars CENTRA product for application sharing Any topic can be covered –Securing Windows –Securing Linux –Social Networking do’s and don’ts –CALEA –Law Enforcement requests –Using NMAP and Ethereal
17
www.more.net | University of Missouri Copyright ©2007 MOREnet and The Curators of the University of Missouri Security Awareness Cyber Security Awareness Month –Regional Site Visits –On-line games/scavenger hunts –Booth at State Teacher Conference –Internet Safety Night –Internal Tips Internet Safety Night – April 10, 2007 http://besafe.more.net
18
www.more.net | University of Missouri Copyright ©2007 MOREnet and The Curators of the University of Missouri Communication and outreach Security contact at each organization Email lists –Security-l –MERC-security Web site – breaking news links –MOREnet status indicator Community outreach –InfraGard –Security Community
19
www.more.net | University of Missouri Copyright ©2007 MOREnet and The Curators of the University of Missouri Cheap Services Email Virus and Spam Filtering Remote Vulnerability Assessment Security Symposium SANS@EDU conferences MOREnet Connections and HELIX conference
20
www.more.net | University of Missouri Copyright ©2007 MOREnet and The Curators of the University of Missouri Email Virus and Spam Filtering Solution for hosted mail and web Able to expanded to others with little additional effort ClamAV Greylisting, policyd, other open source products
21
www.more.net | University of Missouri Copyright ©2007 MOREnet and The Curators of the University of Missouri Remote Vulnerability Assessment Nessus scan Nikto report Distilled into “human readable” format Instructions on mitigating vulnerability
22
www.more.net | University of Missouri Copyright ©2007 MOREnet and The Curators of the University of Missouri Security Symposium “What works” type sessions from MOREnet members Cost covers hotel and breaks so usually $150-200 for 1.5 days
23
www.more.net | University of Missouri Copyright ©2007 MOREnet and The Curators of the University of Missouri Connections and Helix conferences Held in conjunction Spring time - usually over spring break Connections - K-12 Helix - Higher education
24
www.more.net | University of Missouri Copyright ©2007 MOREnet and The Curators of the University of Missouri Other Training opportunities SANS@EDU conference –2006 – 508 Forensics –2007 – 504 Hacking Techniques, IR –2007 – 505 Securing Windows –2008 – ??
25
www.more.net | University of Missouri Copyright ©2007 MOREnet and The Curators of the University of Missouri Things that didn’t work so well Firewall Management CALEA compliance Centralized Anti-Virus Comprehensive Network Security Service
26
www.more.net | University of Missouri Copyright ©2007 MOREnet and The Curators of the University of Missouri Where do we go from here? SANS Mentoring program Darknet project Writing Security Policy workshop Expand Good Net Neighbor Policy
27
www.more.net | University of Missouri Copyright ©2007 MOREnet and The Curators of the University of Missouri Questions? Beth Young (573) 884-9396 youngba@more.net http://www.more.net/security
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.