Presentation is loading. Please wait.

Presentation is loading. Please wait.

Server Security Office of the Vice President for Information Technology, Texas State University-San Marcos Mr.

Similar presentations


Presentation on theme: "Server Security Office of the Vice President for Information Technology, Texas State University-San Marcos Mr."— Presentation transcript:

1 Server Security Office of the Vice President for Information Technology, Texas State University-San Marcos Mr. Shawn Pearcy, Information Security Analyst Mr. Corbett Consolvo, Senior Information Security Analyst Ms. Lori McElroy, Information Security Officer Mr. Don Volz, Special Assistant to the Vice President for Information Technology April 3-4, 2008

2 Agenda Who is IT Security at Texas State University? Our Mission Server Hardening and Checklists Incident Detection Incident Reporting

3 Who is IT Security? Sarmita Tuladhar, Student Technical Assistant Shawn Pearcy, Information Security Analyst CompTIA Security+, Network+, A+, MCP 2K Mr. Corbett Consolvo, Senior Information Security Analyst Ms. Lori McElroy, Information Security Officer CISSP, GIAC Certified Incident Handler (GCIH) Mr. Don Volz, Special Assistant to the Vice President for Information Technology

4 Mission IT Security at Texas State exists to ensure the confidentiality, integrity, and availability of University data, information, communications and services.

5 Server Hardening and Checklists Best practices Server hardening Server checklists Tools overview Hands-on practice

6 Server Incident Detection SANS Intrusion Discovery Cheat Sheets Linux commands Hands on practice Windows commands Hands on practice X-cleaner

7 Spyware at Texas State Infecting ProductCategoryAttempts Threat Rating (1-10) CovenanteyesCommercial Monitoring Software Search AssistantAdware847 Agobot.genTrojan14618 XrenoderAdware2617 BandjammerTrojan277 CovenanteyesCommercial Monitoring Software8777 BandjammerTrojan97 Ardamax KeyloggerCommercial Monitoring Software47 RK-70164Trojan257 BandjammerTrojan27 NextDoorWorm18 GRI.BotWorm27 w32.Kmeth WormWorm17 NextDoorWorm18 NextDoorWorm18 GRI.BotWorm207 Spyware Rule Summary Report Spyware Type: Download Source/Phone Home Period: 3/1/2008-3/31/2008

8 SPAM at Texas State SPAM Volume Over 7 Days

9 Server Incident Detection Vulnerability scanning Core Impact Hands on – MBSA and Nmap Network based intrusion detection systems Demo – Current solutions Hands on – packet capture and Snort Securing Services Hands on – SSH and RDP Logs Remote logging and regular review

10 Incident Reporting What is an incident Incident lifecycle Common incidents at Texas State Incident priorities Incident response and mitigation

11 What is an Incident? Attempted or successful unauthorized access Theft or exposure of confidential or sensitive data either intentionally or unintentionally Wrongful modifications of data Inappropriate use (excessive bandwidth use, spam, etc…)

12 What is an Incident? Violates state or federal law Ex: Copyright violation Violates Appropriate Use UPPS ( ) Is determined to be harmful to the security and privacy of University data, or IT resources Is construed as harassment Involves the unexpected disruption of University services

13 Laptop Theft EDUCAUSE 2006 Security Awareness Video Contest Honorable Mention By Adam Stackhouse, College of William & Mary

14 Incident Lifecycle Alert / Notification Investigation / Analysis Containment & Eradication Recovery Assessment

15 Our Priorities - Incident Response Contact law enforcement if incident involves criminal activity Limit exposure Maintain / restore service Protect students / faculty / staff Support prosecution / legal action ** The order of priorities may vary by incident **

16 Incident Prevention – Our Part Perimeter and LAN firewalls Hands on - VPN access Intrusion Prevention and Detection Patch Management Keep Windows and McAfee Up-To-Date Education and Awareness Annual Risk Assessments

17 Incident Response – Our Part We use our logs to attempt to locate: Attacking computers Attack method Other vulnerable computers (warn and fix) Other victims (warn, possibly block)

18 Incident Response – Our Part We disable ports on computers that have been compromised Protects the individual machine as well as the rest of campus Evaluating additional tools for automation and quarantine

19 Avoid Infection EDUCAUSE 2007 Security Awareness Video Contest Gold Award - 1st Prize Winner Joseph Ellis and Eric Collins, University of Delaware

20 Incident Response – Your Part UPPS – Section 4.02: Individuals are responsible for the security of any computer account issued to them and are accountable for any activity that takes place in their account. Individuals who discover or suspect that the security of their account has been compromised must immediately change their password and report the incident to their supervisor. Any suspected or attempted violation of system security should be reported immediately to the Office of the Assistant Vice President for Technology Resources at Policy is in revision – Contact IT Security

21 Incident Response – Your Part If you suspect a compromise: Notify us immediately (HACK), After hours contact UPD to If IT Security is not reachable, contact Information Technology Assistance Center (ITAC), by at **Do not send sensitive information via **

22 Incident Response – Your Part Important information to gather: Detailed description of suspected incident What led you to believe an incident has occurred Who, what, where, when, how Be as specific as possible Do not attempt to gather evidence or perform any technical investigation before contacting IT Security This may contaminate data and destroy critical evidence

23 Incident Prevention – Your Part Backup and recovery Patch Management Keep Windows and McAfee Up-To-Date Restrict Power User Access Disable unused / unnecessary services est/server.htmlhttp://www.vpit.txstate.edu/security/items_inter est/server.html

24 Incident Prevention – Your Part Install / activate software firewall Hands on – IP Tables Windows XP and Server 2003 Physical and environmental security Examples of not-so-good practices Examples of good practices

25 Other IT Security Services Consulting Backup strategies Vendor contract review Software analysis Risk Assessments Customized training Vulnerability Scanning Penetration testing

26 University Policies (UPPS) Security of Texas State Information Resources UPPS Appropriate Use of Information Resources UPPS Appropriate Release of Information UPPS

27 Summary Technology alone will not keep our systems safe By protecting your own computer system, you're also doing your part to protect computers throughout the university IT Security is here to help YOU!

28 Tools ListServs TSP-Security TxState-ServerAdmins

29 Tools on DVD IT Security Best Practices SANS Hardening Checklists fba77bde5e9cc6f136http://www.sans.org/score/checklists.php?portal= b5313f fba77bde5e9cc6f136 Microsoft Security Baseline Analyzer (MSBA) Wireshark Nmap Spybot Proventure ction.ziphttp://www.proventsure.com/Proventsure%20Self%20PII%20Dete ction.zip

30 Questions? Q&A

31

32 Contact Info IT Security (HACK)

33 Thanks for attending! Please complete your evaluation form!


Download ppt "Server Security Office of the Vice President for Information Technology, Texas State University-San Marcos Mr."

Similar presentations


Ads by Google