Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Improving Security Through Automated Policy Compliance Christopher Stevens Director of Network and Technical Services Lewis & Clark College Educause.

Published byEvelyn Reynold Tucker Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Improving Security Through Automated Policy Compliance Christopher Stevens Director of Network and Technical Services Lewis & Clark College Educause."— Presentation transcript:

1 1 Improving Security Through Automated Policy Compliance Christopher Stevens Director of Network and Technical Services Lewis & Clark College Educause Live! November 12, 2004

2 2 Campus Statistics 3260 Students 1875 Undergraduate, 750 Law and 635 Graduate 2300 Active Student Computers 80% PC, 20% Mac

3 3 Network Registration and Policy Enforcement at LC Fall 2002 –Web based registration (Nomadix). Wireless and Public Wired areas only. Fall 2003 – Blaster hits the residence halls Like many campuses, we experienced 100s of infected machines which required hours of staff time to locate and patch infected computers. We needed a better solution. Fall 2004 – Perfigo gateway with “SmartEnforcer”.

4 4 Implementing Policy Enforcement Commercial vs. Open Source Small staff made supporting open source products more challenging. We also needed to implement a solution in a short amount of time. Products NetReg (Southwestern) – Open source network registration. BlueSocket – Gateway only (although they now offer BlueSecure as an IDS add-on product) Nomadix – Gateway only. Geared toward the hospitality market. Bradford Software (Campus Manager) – Users are moved into VLANs until they have registered. Also has a plug-in to Packetshaper that gives it some passive monitoring ability. Perfigo – Gateway with optional agent.

5 5 Implementing Policy Enforcement (Continued) Policy Detection – Active, Passive or Agent Active – Determine policy compliance externally. Passive – Determine policy compliance by monitoring network traffic. Agent – Client installed on workstation. We originally wanted active detection but host-based firewalls made products such as Nessus less reliable. Ultimately decided that a local agent would provide the greatest ability to determine compliance. We are also looking to supplement the installed agent with Passive monitoring (via ISS RealSecure).

6 6 Implementing Policy Enforcement (Continued) Isolation/Segregation Once a computer has been found to be out of compliance, we assign that user a Temporary Role. However, there may be better ways to contain these users (i.e. segment using “/30” IP subnets, moving VLAN ports, etc). Detection Interval Currently we can only verify compliance when a user logs into the network (which could be once a semester). Ideally we would like to check on a daily or weekly basis. Remediation We wanted users to be as self-sufficient as possible so we provide step by step instructions about each failed policy.

7 7 Sample PC Walkthrough

8 8 Web Registration Login Page

9 9 SmartEnforcer Web Download Page

10 10 SmartEnforcer Client Login

11 11 SmartEnforcer Policy Evaluation

12 12 SmartEnforcer Failed Policy

13 13 SmartEnforcer Windows Update Policy

14 14 SmartEnforcer Windows Update Webpage

15 15 SmartEnforcer Antivirus Policy

16 16 SmartEnforcer Antivirus Webpage

17 17 SmartEnforcer Antivirus Updates Webpage

18 18 SmartEnforcer Success

19 19 How is it working? No worms or viruses on the student network (yet) Knock on wood – we have not had any outbreaks since we started. Reduced End User Support 85% of our users were able to install the client and other software updates on their own. We also reduced our time in the residence halls from 4 weeks to 1 week. However, we ended up touching the remaining 15% (~300 computers). Most were problems related to spyware interfering with windows updates. Surprisingly Few Complaints Most undergraduate students don’t mind having the software installed. We get more complaints from graduate and law students.

20 20 Future “RemoteEnforcer” Instead of students coming to campus and trying to download all the windows updates and virus definitions at once, they can check and see if they meet all the policy requirements from home. Real Time Policy Enforcement Currently, we can only check to see if a user has the necessary updates when they login. However, there is a new PC client that will check for policies on a schedule that we can set. Integration with Cisco With the purchase of Perfigo in October, Cisco will integrate the SmartEnforcer client with their “Self-Defending Network” suite.

21 21 Questions? Please contact me at cstevens@lclark.edu cstevens@lclark.edu Additional information can also be found at: http://www.lclark.edu/~infotech/NETWORK/sefaq.html

Download ppt "1 Improving Security Through Automated Policy Compliance Christopher Stevens Director of Network and Technical Services Lewis & Clark College Educause."

Similar presentations

Securing BSC’s Wireless Network Nercomp Annual Conference March 7, 2005 Pat Cronin, Assoc. VP Information Technology Mike King, Telecommunications Technician.

Securing BSC’s Wireless Network Nercomp Annual Conference March 7, 2005 Pat Cronin, Assoc. VP Information Technology Mike King, Telecommunications Technician.
Overview of Wireless Network Steven Fetcie Infrastructure Manager Information Services.

Overview of Wireless Network Steven Fetcie Infrastructure Manager Information Services.
Network Asset Management at Jefferson Lab Bryan Hess, Andy Kowalski, Brent Morris,

Network Asset Management at Jefferson Lab Bryan Hess, Andy Kowalski, Brent Morris,
Introducing Kaspersky OpenSpace TM Security Introducing Kaspersky ® OpenSpace TM Security Available February 15, 2007.

Introducing Kaspersky OpenSpace TM Security Introducing Kaspersky ® OpenSpace TM Security Available February 15, 2007.
WCL Office of Technology Student IT Services Korin Munsterman Director, Office of Technology August 2007.

WCL Office of Technology Student IT Services Korin Munsterman Director, Office of Technology August 2007.
NetPass and Northwestern By Julian Y. Koh As told by Robert Vance NUIT-Telecom & Network Services.

NetPass and Northwestern By Julian Y. Koh As told by Robert Vance NUIT-Telecom & Network Services.
User Security Behavior Denise Anthony PKI Unlocked Summit Dartmouth College July 2004.

User Security Behavior Denise Anthony PKI Unlocked Summit Dartmouth College July 2004.
Information Security in Real Business

Information Security in Real Business
Brandeis University Network Registration Joshua West 03/15/2011 LTS Staff Meeting.

Brandeis University Network Registration Joshua West 03/15/2011 LTS Staff Meeting.
Trend Micro Round Table May 19, 2006. Agenda Introduction – why switch? Timeline for implementation Related policies Trend Micro product descriptions.

Trend Micro Round Table May 19, Agenda Introduction – why switch? Timeline for implementation Related policies Trend Micro product descriptions.
SIRT Contact Orientation Security Incident Response Team Departmental Security Contacts April 16, 2004.

SIRT Contact Orientation Security Incident Response Team Departmental Security Contacts April 16, 2004.
Viruses and Spyware. What is a Virus? A virus can be defined as a computer program that can reproduce by changing other programs to include a copy of.

Viruses and Spyware. What is a Virus? A virus can be defined as a computer program that can reproduce by changing other programs to include a copy of.
Juniper Bridge Ltd | Suite 5, Crescent House | Yonge Close, Eastleigh | Hampshire SO50 9SX 0845 683 6966 | |

Juniper Bridge Ltd | Suite 5, Crescent House | Yonge Close, Eastleigh | Hampshire SO50 9SX | |
HawkHelp: Integrated Live Help in the Information Commons Nancy Burich, Frances Devlin and Debra Ludwig University of Kansas Libraries, University of Kansas,

HawkHelp: Integrated Live Help in the Information Commons Nancy Burich, Frances Devlin and Debra Ludwig University of Kansas Libraries, University of Kansas,
Advanced Internet Bandwidth and Security Strategies Fred Miller Illinois Wesleyan University.

Advanced Internet Bandwidth and Security Strategies Fred Miller Illinois Wesleyan University.
Office of Information Technologies CAMP: Bridging Security and Identity Management Christopher Misra 14 February 2008 Tempe, AZ Protecting Network Assets.

Office of Information Technologies CAMP: Bridging Security and Identity Management Christopher Misra 14 February 2008 Tempe, AZ Protecting Network Assets.
Securing the Campus Network Copyright, University of South Carolina (2004). This work is the intellectual property of the University of South Carolina.

Securing the Campus Network Copyright, University of South Carolina (2004). This work is the intellectual property of the University of South Carolina.
Being Proactive with Computer Posture Assessment Department of Housing and Residence Education Charles Benjamin.

Being Proactive with Computer Posture Assessment Department of Housing and Residence Education Charles Benjamin.
Automating Endpoint Security Policy Enforcement Computing and Networking Services University of Toronto.

Automating Endpoint Security Policy Enforcement Computing and Networking Services University of Toronto.
Trend Micro Deployment Kelvin Hwang IT Services University of Windsor.

Trend Micro Deployment Kelvin Hwang IT Services University of Windsor.

Similar presentations

Ads by Google