Download presentation
Presentation is loading. Please wait.
Published byMakayla Holloway Modified over 10 years ago
1
Security Update Server Registration, Active scanning and Windows patching
2
Bastion Host Policy Ensure that critical servers are managed with appropriate levels of security Define the overheads: management, operation and security Identify all network servers and establish purpose, security requirements, user base and support staff Limit exposure of network servers to those apps that are critical for their primary purpose Establish network ACLs for specific IP applications. ACLs will restrict access to specific apps to those servers that have been registered to provide them
3
Bastion Host A network system that may be exposed to attack from other internal or external network systems Deployed, configured, operated and managed in a manner that mitigates this exposure Fulfills a specific role All unnecessary services, protocols, applications disabled or removed Avoids trust relationships with other systems to guard against 'key to the castle' attacks Apply bastion host principles to all University servers
4
Role Purpose - services and applications User community Sensitivity Legal / regulatory requirements Security Considerations Availability requirements
5
Location Physical security Environmental –Air conditioning –Emergency power source –Fire prevention Dedicated network ports Not in staff offices
6
Management, Support and Operation Identify personnel responsible –System administrators –System operators –Application support specialists –Maintenance contractors At least 2 individuals identified with at least one being the system administrator
7
Management, Support and Operation 2 Asset register detailing hardware and software components, including licensed software System configuration details inc security measures and details of admin/root accounts System change procedures –including reversion procedures Contractors callout procedures Disaster recovery plans
8
Sys Admin Guidelines
9
Protection via the Network Filtering policies –Default allow –Default deny Default deny –Inbound –Outbound ? Protect –Servers –Clients
10
Client Campus Internet Segment 2 Segment 3 sshsmbssh http rdp http https imap pop smtp FileWebMailstore Segment 1 Client
11
Server Registration Database Demo
12
Friendly Probing Identify remotely exploitable systems –new machines missing critical patches –old machines brought out of the cupboard Locate holes before the enemy do Automatic notification for IT staff Initially, testing the most critical Microsoft holes –Then including other OSes Scanner host: friendly-probe1.cent.gla.ac.uk( currently 130.209.16.157 )
13
Windows Patching TRG working group investigated options for automated patching of Microsoft systems Recommended WSUS Evolution: –SUS –WUS –WSUS Available at: www.gla.ac.uk/cert/wsus/
14
Patch Classes Updates Installed –Security Updates –Critical Updates –Definition Updates (Windows Defender) –Service Packs –Update Roll Ups –Tools –Updates (non-critical fixes) Not Installed –Drivers –Feature packs
15
Does not help with: Weak passwords Lack of configuration hardening –Removing unneeded services better than patching Executing untrustworthy code Social Engineering
16
Thanks: Andrew Cooper Steve McIntosh - WSUS Service Derek Higgins - Server Registration System
17
Thats all folks! Questions…
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.