Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 ISS e G Integrated Site Security for.

Published byMarion Morrison Modified over 8 years ago

Similar presentations

Presentation on theme: "1 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 ISS e G Integrated Site Security for."— Presentation transcript:

1 1 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 ISS e G Integrated Site Security for Grids EU-FP6 Project 026745 Checklist for System Administrators David Jackson, STFC CHEP 07, Victoria BC, 4 September 2007

2 2 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 Checklist 1. Harden the OS and Applications 2. Keep the OS and Applications up-to-date 3. Use a local firewall 4. Take advantage of the logs 5. Ensure that all passwords are secure 6. Take extra precautions for privileged accesses 7. Use security products when relevant 8. Take into account physical security 9. Keep your security knowledge up-to-date.

3 3 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 1. Harden the OS & applications  minimise the number of packages installed  minimise the number of accounts enabled  minimise the number of network services offered  minimise the number of privileged processes running (this includes running with least privileges whenever possible)  tighten the configuration of the major services (this includes limiting access to the minimum) If your users have “admin rights”…

4 4 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 user training – e.g. www.isseg.eu

5 5 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 2. Keep the OS & Apps up-to-date  install all the security patches as soon as possible  ideally, use a system that automates patching

6 6 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 3. Use a local firewall  install a local firewall configured to only allow what is expected (i.e. default policy is deny)  ideally, also filter outgoing network traffic

7 7 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 4. Take advantage of the logs  select appropriate logging levels for all sensitive components  frequently review the logs to detect suspicious activity  ideally, store the logs remotely to avoid tampering

8 8 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 5. Ensure that all passwords are secure  make sure the passwords used are good enough (ideally, enforce this with the appropriate tools)  make sure the passwords are not exposed (this includes using encrypted protocols such as https)  make sure the passwords are changed regularly

9 9 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 6. Take extra precautions for privileged a/c  restrict privileged accesses to the bare minimum  use delegation to minimise the number of operations requiring  full privileges (for instance use sudo on Unix)  log all actions executed with system privileges

10 10 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 7. Use security products when relevant  anti-virus (ideally, with automatic signature update)  Intrusion Detection Systems (both host-based and network-based)  integrity checkers to detect system modifications

11 11 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 8. Physical access & 9 Security Knowledge  8. Take into account physical security (when relevant)  9. Keep your security knowledge up-to-date

12 12 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 Implementing the checklist  The ISSeG project are developing a number of recommendations that will include links to practical advice on how to implement some or all of the above suggestions. http://www.isseg.eu/

Download ppt "1 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 ISS e G Integrated Site Security for."

Similar presentations

Security Update Server Registration, Active scanning and Windows patching.

Security Update Server Registration, Active scanning and Windows patching.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
1 I ntegrated S ite S ecurity for G rids © Members of the ISSeG Collaboration, 2008 See: ISS e G Integrated Site Security.

1 I ntegrated S ite S ecurity for G rids © Members of the ISSeG Collaboration, 2008 See: ISS e G Integrated Site Security.
1 I ntegrated S ite S ecurity for G rids © Members of the ISSeG Collaboration, 2008 See: ISS e G Computer Security: Advice for computer.

1 I ntegrated S ite S ecurity for G rids © Members of the ISSeG Collaboration, 2008 See: ISS e G Computer Security: Advice for computer.
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.

Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
Developing Network Security Strategies Network Security D ESIGN Network Security M ECHANISMS.

Developing Network Security Strategies Network Security D ESIGN Network Security M ECHANISMS.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.

Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard
Installing and Configuring a Secure Web Server COEN 351 David Papay.

Installing and Configuring a Secure Web Server COEN 351 David Papay.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Course 201 – Administration, Content Inspection and SSL VPN

Course 201 – Administration, Content Inspection and SSL VPN
Chapter 8 Hardening Your SQL Server Instance. Hardening  Hardening The process of making your SQL Server Instance more secure  New features Policy based.

Chapter 8 Hardening Your SQL Server Instance. Hardening  Hardening The process of making your SQL Server Instance more secure  New features Policy based.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
Securing Operating Systems Chapter 10. Security Maintenance Practices and Principles Basic proactive security can prevent many problems Maintenance involves.

Securing Operating Systems Chapter 10. Security Maintenance Practices and Principles Basic proactive security can prevent many problems Maintenance involves.

Similar presentations

Ads by Google