Presentation is loading. Please wait.

Presentation is loading. Please wait.

Update and Discussions on Technology Initiatives TSAG Meeting 4/11/02.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Update and Discussions on Technology Initiatives TSAG Meeting 4/11/02."— Presentation transcript:

1 Update and Discussions on Technology Initiatives TSAG Meeting 4/11/02

2 Announcements: Webmail caching problems:  Logout of webmail, and  Close the web browser Webmail Sorting Criteria: Limiting SMTP Vulnerabilities (4/15/02  4/20/02) Unification of Majordomo, Vacation, and Campus Account (5/6/02) DNS Naming and cleanup (coming!)

3 Topics for Today Wireless Network Update (Will Trask) Active-Directory Testing Update (Ed Stark) Network Access Control Desktop and Server Standards  Supported OS (Tim Boyle)  Required Software  Desktop Security “Best Practices” (Caleb Fahey)

4 Goal for Network Access Control Reduce the amount of SPAM mail Reduce exposure to copyright infringement Reduce exposure to DOS attacks Increase bandwidth to campus community Increase the integrity of inter- and intra-campus network communications Increase productivity of all by not dealing with SPAM and other such attacks To address the LARGE number of current system vulnerabilities !

5 Approach to Network Security Steps to Improve Security:  Security Assessment  Education (and immediate remedies)  Policy Generation Network Policies:  Today: Anyone at anytime from any location can physical connect any server to the Network.  Future? Paradigms:  Allow all, deny exceptions  Deny all, allow exceptions

6 Current Snapshot Internet Services housed at CSUN: AFS and NFS: 13 + 71Kerberos: 41 Jet Direct: 586pcanywhere: 19 Flexlm: 744netbios-ssn: 2279 loc-srv: 2069svrloc: 433 ldap: 82ldaps: 636 http/s (601+114 + 343(MGMT) 80 (proxy)): 557 ftp: 648telnet: 793 ssh: 221  Number of Servers: 2703  Number of Ports: 17094  Number of Ports < 1024: 13527

7 Current Snapshot Internet Services housed at CSUN: AFS and NFS: 13 + 71Kerberos: 41 Jet Direct: 586pcanywhere: 19 Flexlm: 744netbios-ssn: 2279 loc-srv: 2069svrloc: 433 ldap: 82ldaps: 636 http/s (601+114 + 343(MGMT) 80 (proxy)): 557 ftp: 648telnet: 793 ssh: 221  Number of Servers: 2703  Number of Ports: 17094  Number of Ports < 1024: 13527

8 Current Snapshot Internet Services housed at CSUN: AFS and NFS: 13 + 71Kerberos: 41 Jet Direct: 586pcanywhere: 19 Flexlm: 744netbios-ssn: 2279 loc-srv: 2069svrloc: 433 ldap: 82ldaps: 636 http/s (601+114 + 343 (MGMT) 80 (proxy)): 557 ftp: 648 telnet: 793 ssh: 221  Number of Servers: 2703  Number of Ports: 17094  Number of Ports < 1024: 13527

9 Current Snapshot Internet Services housed at CSUN: AFS and NFS: 13 + 71Kerberos: 41 Jet Direct: 586pcanywhere: 19 Flexlm: 744netbios-ssn: 2279 loc-srv: 2069svrloc: 433 ldap: 82ldaps: 636 http/s (601+114 + 343(MGMT) 80 (proxy)): 557 ftp: 648telnet: 793 ssh: 221  Number of Servers: 2703  Number of Ports: 17094  Number of Ports < 1024: 13527

10 Activities to Address Vulnerabilities: Attack problem in levels First step: Focus on campus/internet boundary  Reduce the number of entry points to campus  Reduce the number of exit points to campus Move towards authenticated and encrypted protocols and applications, e.g., https, ssh Focus on prominent vulnerabilities, e.g., mail protocols:  smtp (142 => ~16)  pop2, pop3, imap2 (155)

11 Tasks and Next Steps? ACLs deployed for several colleges/units and for several protocols (snmp, smtp!) Provide information on:  Deployed servers on campus  Required inbound ports for servers  Required outbound ports for servers Block all inbound traffic to non-servers (date?) Block all unwanted traffic to servers (date?) Recommend and then deploy SSH client (date?)

12 Desktop and Server Standards Goals: To educate the campus and the IT staffs on the needs for appropriate security controls To collaboratively define and implement these controls, which will result in  improved security for the campus computing infrastructure  reduced work load for the technical staffs  increased productivity of the end users To ensure that local autonomy/flexibility is retained via the local IT units

13 Standards Should Include Operating Systems (Tim Boyle) Administrator Access and Passwords Software requirements?  Secure Shell http://www.macssh.com http://www.ssh.com  Antivirus software Mail Server Standards?  Antivirus Filter  Authenticated SMTP and IMAP  Directory Aware Shutdown Policy (ITR Internal Draft)

14 ITR’s Top Five Practices for NT Administration 1. Eliminate well-known accounts: administrator, guest,... 2. Only administrators should have administrator privileges 3. Provide a separate and unique administration account for each administrator Naming convention should be a_ 4. All desktops must require login passwords and must enable screen savers 5. Default login name on login prompt should be blank

Download ppt "Update and Discussions on Technology Initiatives TSAG Meeting 4/11/02."

Similar presentations

Presenter: Mark Elkins Topic: Things not getting done.

Presenter: Mark Elkins Topic: Things not getting done.
Technology Update TSAG Meeting 8/8/02. Announcements: Account Cleanup  Number of Accounts: 41,338  Number of Faculty/Staff:~ 3,000  Number of Students:~30,000(~

Technology Update TSAG Meeting 8/8/02. Announcements: Account Cleanup  Number of Accounts: 41,338  Number of Faculty/Staff:~ 3,000  Number of Students:~30,000(~
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Password?. Project CLASP: Common Login and Access rights across Services Plan

Password?. Project CLASP: Common Login and Access rights across Services Plan
Case Studies for Projects. Network Audit A brief description of the systems (via fingerprinting, if black box is used) Network perimeter should be described.

Case Studies for Projects. Network Audit A brief description of the systems (via fingerprinting, if black box is used) Network perimeter should be described.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
Technology Update TSAG Meeting 9/12/02. Announcements: Mandatory Password Changes Coming in October! (Postponed) End of BootP (November 1) DNS Cleanup.

Technology Update TSAG Meeting 9/12/02. Announcements: Mandatory Password Changes Coming in October! (Postponed) End of BootP (November 1) DNS Cleanup.
Technology Update TSAG Meeting 6/13/02. Announcements: DNS Naming and Cleanup (coming!)  imap: email, mail, mail1, mailsrv1  telnet, csun1: csun2, hp9k2,

Technology Update TSAG Meeting 6/13/02. Announcements: DNS Naming and Cleanup (coming!)  imap: , mail, mail1, mailsrv1  telnet, csun1: csun2, hp9k2,
CLIENT / SERVER ARCHITECTURE AYRİS UYGUR & NİLÜFER ÇANGA.

CLIENT / SERVER ARCHITECTURE AYRİS UYGUR & NİLÜFER ÇANGA.
Technology Update TSAG Meeting 3/13/03. Announcements: Disaster Recovery Test:[Bill]  (2/18-19) Networking Infrastructure: DNS, DHCP, Authentication.

Technology Update TSAG Meeting 3/13/03. Announcements: Disaster Recovery Test:[Bill]  (2/18-19) Networking Infrastructure: DNS, DHCP, Authentication.
Technology Update TSAG Meeting 2/13/03. Announcements: Self-Service Account Utility Available Disaster Recovery Test:  (2/18-19)

Technology Update TSAG Meeting 2/13/03. Announcements: Self-Service Account Utility Available Disaster Recovery Test:  (2/18-19)
Technology Update TSAG Meeting 11/14/02. Announcements: Spam Open Forum  Monday November 18, 2pm-3pm  OV Presentation Room Campus Operations Center:

Technology Update TSAG Meeting 11/14/02. Announcements: Spam Open Forum  Monday November 18, 2pm-3pm  OV Presentation Room Campus Operations Center:
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Enumeration. Local IP addresses Local IP addresses (review)  Some special IP addresses  localhost 127.0.0.1 (loopback address)  Internal networks 

Enumeration. Local IP addresses Local IP addresses (review)  Some special IP addresses  localhost (loopback address)  Internal networks 
Technology Update TSAG Meeting 10/10/02. Announcements: DNS Cleanup Send periodic ICMP ping probes to all DNS entries (8/26- 9/13) Correlate data obtained.

Technology Update TSAG Meeting 10/10/02. Announcements: DNS Cleanup Send periodic ICMP ping probes to all DNS entries (8/26- 9/13) Correlate data obtained.
TSAG Meeting 3/14/02 Update on Current Technology Initiatives.

TSAG Meeting 3/14/02 Update on Current Technology Initiatives.
Technology Update TSAG Meeting 7/11/02. Announcements: DNS Naming and Cleanup (coming!)  imap: email, mail, mail1, mailsrv1  telnet, csun1: csun2, hp9k2,

Technology Update TSAG Meeting 7/11/02. Announcements: DNS Naming and Cleanup (coming!)  imap: , mail, mail1, mailsrv1  telnet, csun1: csun2, hp9k2,
Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard
Barracuda Web Filter Overview March 26, 2008 Alan Pearson, Monroe County School District Marcus Burge, Network Engineer.

Barracuda Web Filter Overview March 26, 2008 Alan Pearson, Monroe County School District Marcus Burge, Network Engineer.
Implementing Exchange Server Security Ward Solutions.

Implementing Exchange Server Security Ward Solutions.

Similar presentations

Ads by Google