1. Al Lilianstrom CD/LSC/SOS/ESG lilstrom@fnal.gov

2.  Blocked?  Operating Systems  Baselines  Detection  TiSSUE  Compliance  Windows  OS/X  Questions

3.  What does it mean to get BLOCKED?  When a system is blocked it is prevented from accessing the network  Symptoms  The use of the computer that is blocked is suddenly unable to  Read email  Browse the web  Access file servers Other users in the same area are not experiencing any problems

4.  Windows 7, Windows XP sp3, Windows Vista sp2  Leopard, Snow Leopard  SLF4, SLF 5  Operating systems that have not been approved or have reached end of life can be blocked from the network  Windows 2000  Windows XP sp2  Scientific Linux (Fermi) 3.0

5.  Approved operating systems have baselines defined for them  The baseline documents set the minimum required configuration for the operating system to be allowed on the Fermilab network  Firewall  Antivirus  Operating System

6.  In addition Computer Security may deem a certain patch or minimum OS level be required  Variances can be requested from Computer Security for required items that negatively impact production services  Submit requests for variances through the Service Desk

7.  For a variance to be approved you must supply:  The business reason why you cannot comply with the baseline  Using a hardware device for which no driver exists in the current version of the operating system  Saying it would be inconvenient to upgrade is NOT a sufficient justification  The compensatory security controls that will be applied to provide adequate security  Typically this will involve limitations on network connections, applications, and users for that particular system

8.  CST continuously scans all systems on site  Scans originate from both on and off site systems  Scans are also done of central inventory and anti-virus systems looking for non-compliant systems  A system with a detected vulnerability will generate a TiSSUE event

9.  Blocking and non-blocking events  Registered system administrators of the system are notified  The event must be remediated and closed in TiSSUE  If the event is closed without the cause being remediated a new event will be created the next time the system is scanned

10.  Use an approved operating system  Abide by the applicable baseline  Patches  AV  Firewall settings  System configuration

11.  Participate in  Central AV  Central Inventory  Central Patching  Meet baseline standard  If the system is a member of the Fermi Windows domain the baseline for the system is met. Non- domain systems MUST meet the same baselines as domain systems.

12.  Reminder  Don’t use an account with Administrator access to read mail, surf the web, etc. Use a regular user account.

13.  Approved for use on the Fermilab network  Improved User Account Control (UAC)  Less intrusive  Easier to run as a standard user rather than an administrator  Advanced firewall  Data Execution Prevention (DEP)  Address Space Layout Randomization (ASLR)

14.  Centralized management not as mature  Rapidly improving  Participate in  Central AV  Central Inventory  Centralized Patching (coming soon…)