Download presentation
Presentation is loading. Please wait.
Published byAngela Walsh Modified over 9 years ago
1
Information Technology at Emory Information Technology Division Technical Services IT Briefing Agenda 7/17/05 New scanning tools EOL/eVax & BTS Oracle Names to OID Manage IT self-service TS Update NetCom Q&A Jay Flanagan Marisa Benson Mark Parten Karen Jenkins Theresa Goriczynski Paul Petersen
2
Information Technology at Emory Web Application Vulnerability Protection Jay D. Flanagan
3
Information Technology at Emory Information Technology Division Technical Services
4
Information Technology at Emory Information Technology Division Technical Services Web Application Vulnerability Scanner SpiDynamics WebInspect Tool –Implemented in Spring of 2005 –Part of our audit process –Scan web applications before they go into production –Regularly scan currently implemented web applications for new vulnerabilities –Scans for specific web application vulnerabilities cross-site scripting buffer overflows injection (SQL) denial of service
5
Information Technology at Emory Information Technology Division Technical Services Web Application Vulnerability Scanner
6
Information Technology at Emory Information Technology Division Technical Services Web Application Vulnerability Scanner
7
Information Technology at Emory Information Technology Division Technical Services Web Application Vulnerability Scanner Web Application Vulnerability Security Awareness Training –August 8, 2005 –8 am to 12 pm –Review web application vulnerabilities and how they can be protected against in the development of these applications
8
Information Technology at Emory Information Technology Division Technical Services Web Application Firewall Web Application Firewall - NetContinuum –Monitors all web specific traffic on ports 80 and 443 that is not monitored by a regular firewall. –Acts as a proxy to check this traffic before passing it on to the web servers. –Blocks attacks including cross-site scripting, buffer overflows, injection (SQL) and denial of service.
9
Information Technology at Emory Information Technology Division Technical Services Web Application Firewall Currently protecting the following ITD managed web applications. –Account Management System (ACM) –Black Board – Prod and Dev –Password Services –The App Prod and Dev Web Server –The Oak Dev Web Server
10
Information Technology at Emory Information Technology Division Technical Services Self-Service Vulnerability Scanning Self-Service Vulnerability scanning available via Nessus –Contact Security Team for setup Manage IT (C=University Applications; T=Security; I=Work Request) –or- SecurityTeam-L@listserv.emory.edu SecurityTeam-L@listserv.emory.edu Following information needed –Name and organization you support –The IP address range on your network that you would like to scan –Phone number and e-mail address –Your network ID
11
Information Technology at Emory Information Technology Division Technical Services Self-Service Vulnerability Scanning You will be set up on the Nessus Scanner with an account You will be able to scan your range of IP addresses for both desktops and servers –You will only have access to your IP range for scanning You will be able to scan as little or as often as you deem necessary You will receive a report on what vulnerabilities are active Security Team available for consultation on reports and to answer any questions or help with any issues
12
Information Technology at Emory Information Technology Division Technical Services Contact Information Jay D. Flanagan – Security Team Lead –jflanag@emory.edujflanag@emory.edu Andy Efting – Security Analyst –aefting@emory.eduaefting@emory.edu Alan White – Security Analyst –awhite7@emory.eduawhite7@emory.edu SecurityTeam-L@listserv.emory.edu
13
Information Technology at Emory Information Technology Division Technical Services
14
Information Technology at Emory EOL/eVax & Back to School Marisa Benson
15
Information Technology at Emory Oracle Names to OID Mark Parten
16
Information Technology at Emory Information Technology Division Technical Services Move to OID by July 31 st !
17
Information Technology at Emory Information Technology Division Technical Services Continued …
18
Information Technology at Emory Information Technology Division Technical Services Continued …
19
Information Technology at Emory Information Technology Division Technical Services Continued …
20
Information Technology at Emory Information Technology Division Technical Services Continued …
21
Information Technology at Emory Information Technology Division Technical Services Continued …
22
Information Technology at Emory Information Technology Division Technical Services … many to still convert Most recent list will be included in the meeting meetings posting Use tool on TechTools to make the conversion
23
Information Technology at Emory Information Technology Division Technical Services
24
Information Technology at Emory Manage IT Self-service Karen Jenkins
25
Information Technology at Emory Information Technology Division Technical Services Manage IT Status Self-service Phase 1 scheduled for 7/29 @ 7:00pm Phase 2 –Reports, Port Status Table, Flashboards, & two-way email scheduled for 8/19/2005 –Any self-service enhancements that could not be developed for Phase 1 (PS Status, “on behalf of”) SLAs … investigating & planning stage
26
Information Technology at Emory Information Technology Division Technical Services DEMO
27
Information Technology at Emory Information Technology Division Technical Services
28
Information Technology at Emory TS Update Theresa Goriczynski
29
Information Technology at Emory Information Technology Division Technical Services NetCom Q&A
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.