Presentation on theme: "Security Self-Help Program Summary. Purpose To provide a way to automate the “hardening” of computer systems by applying security settings and configuration."— Presentation transcript:
Purpose To provide a way to automate the “hardening” of computer systems by applying security settings and configuration changes. Insure consistency Save time Encourage secure configuration of desktops Currently Windows 2000 and XP only (OSX version may be developed, but is currently not critical)
Who do we want to run it? By end users who want to make sure that their computers are configured properly for Stanford’s infrastructure. By schools and departments that want to use the tool to configure new computers before they connect to Stanford’s infrastructure. By students that bring computers that will connect to Stanford’s network. By other universities that want to establish their own set of security standards. By ITSS consultants to quickly apply security settings to their client’s computers to insure consistency of configuration settings.
History January – June 2003 Security Awareness Campaign (Security Self-Test tool) August 2003 RPC worm attack August – September 2003 RpcCleaner September 2003 host-security group September – December 2003 Self-Help working group March 2004 – July 16 program design, coding, and testing of Self-Help tool July 16 Release
Program Features Built in “Run As” capability All Functionality is dynamic, & updated at run time Most UI elements are configurable & external to core program Local group support Undo Wizard Password strength test (improved from Self-Test tool) High Risk Services display and control improved from Self-Test tool
Program Features Blank admin password change Tests for password strength before setting Can change Administrator password on XP home machines without booting into safe mode Batch mode (auto run without UI) Does not require Stanford’s infrastructure (can be used by other universities)
What Next Review the documents http://security-self-help.stanford.edu/docs http://security-self-help.stanford.edu/docs TechnicalDocumentation.doc (~ 100 pages) program_summary.html Security-Self-Help.ppt Essential Stanford Software http://security-self-help.stanford.edu Demo…