Presentation is loading. Please wait.

Presentation is loading. Please wait.

IT Audit 2006 Deborah Joyner, Marjorie Tucker, Kay Simpson, Dawn Rountree, Kathy Jones.

Published byJoshua James Modified over 9 years ago

Similar presentations

Presentation on theme: "IT Audit 2006 Deborah Joyner, Marjorie Tucker, Kay Simpson, Dawn Rountree, Kathy Jones."— Presentation transcript:

1 IT Audit 2006 Deborah Joyner, Marjorie Tucker, Kay Simpson, Dawn Rountree, Kathy Jones

2 What This Is  Report of Draft Findings from schools that have been audited so far  The names of the schools have been changed to protect the innocent!

3 What this is NOT  Recommendations on how to fix any of these issues  That would take way more than 15 minutes!

4 Draft Report  Sensitive Security Letter  Public Letter  Minor Findings

5 Sensitive Security Letter  Access Controls World Writable Files. Users with the ability to add programs to the job scheduler and batch functions User profiles not set up appropriately, specifically the PATH statement. Password aging for the root account is not appropriate

6 Access Controls, cont. The system did not have any /.profiles for our sample of users. Therefore, there is no PATH statement to direct the users to the /.coll.menu prior to logging into the Colleague application. The system did not have any /.profiles for our sample of users. Therefore, there is no PATH statement to direct the users to the /.coll.menu prior to logging into the Colleague application. The Users' actual home directories do not agree with the listing in the /etc/passwd file. Therefore, the users without home directories could directly login at the root level by default.

7 Access Controls, cont.  College provides too much information about the operating system by providing the version and vendor name of the operating system in its welcome banner. This weakness allows an unauthorized user to easily research known vulnerabilities that can affect the operating system.  College has not configured the system to expire passwords.

8 Network Access Controls  Configuration files were not appropriately configured to secure the operating system from common Network attacks, such as Ping floods, and SYN floods.  The FTP service has not been configured appropriately to restrict access to only authorized users.  The operating system can act as a router, which poses a security risk.

9 Security and Maintenance of the Operating System  Solaris security patches should be installed in a timely matter.

10 Public Letter  NCCCS has not provided Community Colleges with a baseline configuration for securing the critical operating system. The critical operating systems may not be secure from commonly known vulnerabilities.  Risk Assessment  Test of Disaster Recover Plan

11 Minor Findings  UPS had not been tested within the past twelve months.  Various unnecessary services (ports) were running on the operating system.  Fire extinguisher is not equipped for use around computer equipment.

Download ppt "IT Audit 2006 Deborah Joyner, Marjorie Tucker, Kay Simpson, Dawn Rountree, Kathy Jones."

Similar presentations

Maintaining Tivoli Workload Scheduler Agents with IBM Endpoint Manager Mark Delaney

Maintaining Tivoli Workload Scheduler Agents with IBM Endpoint Manager Mark Delaney
Network Detective Prepared For: ABC Corp Prepared By: Roger G. Best.

Network Detective Prepared For: ABC Corp Prepared By: Roger G. Best.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.

Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
Vulnerability Analysis Borrowed from the CLICS group.

Vulnerability Analysis Borrowed from the CLICS group.
Linux Security 資管研究生 劉順德. Outline General Security –Account –Local –Network –Patch Services Security –Sendmail –BIND/DNS –Apache –FTP Recent Linux security.

Linux Security 資管研究生 劉順德. Outline General Security –Account –Local –Network –Patch Services Security –Sendmail –BIND/DNS –Apache –FTP Recent Linux security.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
F HEPNT/HEPIX Sept, 1999 Use of SPQuery and STAT At FNAL.

F HEPNT/HEPIX Sept, 1999 Use of SPQuery and STAT At FNAL.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Chapter 3 Unix Overview. Figure 3.1 Unix file system.

Chapter 3 Unix Overview. Figure 3.1 Unix file system.
Information Technology Audit Process Business Practices Seminar Paul Toffenetti, CISA Internal Audit 29 February 2008.

Information Technology Audit Process Business Practices Seminar Paul Toffenetti, CISA Internal Audit 29 February 2008.
Installing and Configuring a Secure Web Server COEN 351 David Papay.

Installing and Configuring a Secure Web Server COEN 351 David Papay.
Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.

Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Privilege Levels Cisco IOS provides for 16 different privilege levels ranging from 0 to 15. Cisco IOS comes with 2 predefined user levels. User mode.

Privilege Levels Cisco IOS provides for 16 different privilege levels ranging from 0 to 15. Cisco IOS comes with 2 predefined user levels. User mode.
Router Hardening Nancy Grover, CISSP ISC2/ISSA Security Conference November 2004.

Router Hardening Nancy Grover, CISSP ISC2/ISSA Security Conference November 2004.
Reconnaissance & Enumeration Baseline, Monitor, Detect, Analyze, Respond, & Recover Hervey Allen Chris Evans Phil Regnauld September 3 – 4, 2009 Santiago,

Reconnaissance & Enumeration Baseline, Monitor, Detect, Analyze, Respond, & Recover Hervey Allen Chris Evans Phil Regnauld September 3 – 4, 2009 Santiago,
Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.
(2011) Security Breach Compromises 75,000 Staff/Student Social Security Numbers Image from this Site Presenters: Aron Eisold, Matt Mickelson, Bryce Nelson,

(2011) Security Breach Compromises 75,000 Staff/Student Social Security Numbers Image from this Site Presenters: Aron Eisold, Matt Mickelson, Bryce Nelson,

Similar presentations

Ads by Google