SIRT Contact Orientation Security Incident Response Team Departmental Security Contacts April 16, 2004.

Slides:



Advertisements
Similar presentations
By Hiranmayi Pai Neeraj Jain
Advertisements

Current Security Threats WMO CBS ET-CTS Toulouse, France May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.
Intrusion Detection Systems By: William Pinkerton and Sean Burnside.
Computer Security Workshops Security Introduction, Central Principles and Concepts.
Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Oct 4, 2006Dept Security Contacts Training1 Security Roles and Responsibilities Harvard Townsend Interim University IT Security Officer
UNITS meeting September 30, 2004 Network Security Roger Safian
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Trend Micro Round Table May 19, Agenda Introduction – why switch? Timeline for implementation Related policies Trend Micro product descriptions.
Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.
Protect Your Computer Protect Your Work Computing & Communications.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.
Automating Endpoint Security Policy Enforcement Computing and Networking Services University of Toronto.
Incident Response Updated 03/20/2015
Information Security Information Technology and Computing Services Information Technology and Computing Services
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.
York Secure Scan vs Microsoft Windows Our story and how we dealt with it.
Networking Security Chapter 8 powered by dj. Chapter Objectives  Explain various security threats  Monitor security in Windows Vista  Explain basic.
CERN’s Computer Security Challenge
IT Security Essentials Lesley A. Bidwell, IT Security Administrator.
Talking points Attacks are more frequent, more aggressive, require more time to repair and prevent Machines get compromised in 2003 for the same reasons.
September 29, 2009Computer Security Awareness Day1 Fermilab.
Common Cyber Defenses Tom Chothia Computer Security, Lecture 18.
Safeguarding OECD Information Assets Frédéric CHALLAL Head, Systems Engineering Team OECD.
بسم الله الرحمن الرحيم Islamic University of Gaza Electrical & Computer Engineering Department Prepared By : Eman Khaled El-mashharawi Miriam Mofeed El-Mukhallalati.
Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
1 CERN’s Computer Security Challenges Denise Heagerty CERN Computer Security Officer Openlab Security Workshop, 27 Apr 2004.
Lecture 19 Page 1 CS 236 Online 16. Account Monitoring and Control Why it’s important: –Inactive accounts are often attacker’s path into your system –Nobody’s.
Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.
Data Communications and Networks Chapter 10 – Network Hardware and Software ICT-BVF8.1- Data Communications and Network Trainer: Dr. Abbes Sebihi.
CU – Boulder Security Incidents Jon Giltner. Our Challenge.
Chapter 2 Securing Network Server and User Workstations.
Small Business Security Keith Slagle April 24, 2007.
Introduction to Systems Security (January 12, 2015) © Abdou Illia – Spring 2015.
HO © 2012 Fluor. All rights reserved. Quick Wins in Vulnerability Management Classification: Confidential Owner: Michael Holcomb Approver: Phil.
Computer Security Risks for Control Systems at CERN Denise Heagerty, CERN Computer Security Officer, 12 Feb 2003.
Lecture 19 Page 1 CS 236 Online Securing Your System CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Defense in Depth. 1.A well-structured defense architecture treats security of the network like an onion. When you peel away the outermost layer, many.
Computer Security Status Update FOCUS Meeting, 28 March 2002 Denise Heagerty, CERN Computer Security Officer.
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
Information Security In the Corporate World. About Me Graduated from Utica College with a degree in Economic Crime Investigation (ECI) in Spring 2005.
W elcome to our Presentation. Presentation Topic Virus.
Computer Security Status C5 Meeting, 2 Nov 2001 Denise Heagerty, CERN Computer Security Officer.
Network Security Terms. Perimeter is the fortified boundary of the network that might include the following aspects: 1.Border routers 2.Firewalls 3.IDSs.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
Windows Administration How to protect your computer.
Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.
ASHRAY PATEL Securing Public Web Servers. Roadmap Web server security problems Steps to secure public web servers Securing web servers and contents Implementing.
By the end of this lesson you will be able to: 1. Determine the preventive support measures that are in place at your school.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
NETWORK SECURITY LAB 1170 REHAB ALFALLAJ CT1406. Introduction There are a number of technologies that exist for the sole purpose of ensuring that the.
Incident Response Strategy and Implementation Anthony J. Scaturro University IT Security Officer September 22, 2004.
Working at a Small-to-Medium Business or ISP – Chapter 8
Critical Security Controls
Your Computer Wants To Ruin Your Life
Introduction to System Administration
Introduction to System Administration
Information Security Session November 11, 2004
Information Security Session October 24, 2005
Introduction to Systems Security
Information Security Awareness
16. Account Monitoring and Control
Presentation transcript:

SIRT Contact Orientation Security Incident Response Team Departmental Security Contacts April 16, 2004

SIRT Departmental Security Contact Orientation Why Are We Here? Introductions The SIRT and you Compromise recovery procedure Current security issues Resources Future events Free refreshments

SIRT Departmental Security Contact Orientation Introductions Dr. Elizabeth Unger, VPAST Security Incident Response Team –And their alternates –Representatives from all academic colleges and major administrative units Departmental contacts –When this is all over, introduce yourself to your SIRT representatives

SIRT Departmental Security Contact Orientation The SIRT And You SIRT History –March 2003: IT Security SWAT team chaired by Roger Terry recommends formation of SIRT –Summer 2003: Interim SIRT formed –September 2003: Permanent SIRT formed Representatives from all colleges and major administrative units 0.3 time spent on SIRT activities

SIRT Departmental Security Contact Orientation The SIRT And You SIRT’s charge (reactive/proactive/advisory): –Coordinated security incident response –Alerts to new vulnerabilities and attacks –Implement/coordinate preventative security measures –Security awareness and best practice training –Advise on secure design of apps, systems, networks –Host an annual security workshop

SIRT Departmental Security Contact Orientation The SIRT And You SIRT is: –Coordinate rapid incident response for campus –Advise on security best practices –Communication channel SIRT is NOT: –A policy body (that’s IRMC) –IT police –Additional technical support for your department

SIRT Departmental Security Contact Orientation The SIRT And You Role of Departmental Security Contact (and your local IT support people): –Respond to incidents in your unit –Repair compromised systems –Implement preventative measures –Alert your SIRT rep. about unusual activities –Enforce policies at the local level –Educate your users on security best practices –Pass along security information to your unit

SIRT Departmental Security Contact Orientation The SIRT And You The goal is for you, your users, the SIRT, and central IT services to work together to protect K-State’s information and technology resources.

SIRT Departmental Security Contact Orientation Compromise Recovery Procedure A compromised host is detected –By IDS, network monitoring, or abuse report The host is blocked –Usually by CNS with a router filter –Sometimes you’ll pull the plug

SIRT Departmental Security Contact Orientation Procedure, Cont. The departmental contact is notified –That’s you –Via to SIRT-CONTACTS So you need to watch this list –See also Blocked Hosts web page You notify the affected user

SIRT Departmental Security Contact Orientation Procedure, Cont. You arrange for the host to be cleaned up –Try to find out what caused the compromise –Recovery may mean reformat / reinstall You contact your SIRT representative to have the host unblocked –Or their alternate, if they’re unavailable Your SIRT rep contacts CNS

SIRT Departmental Security Contact Orientation Current Security Issues Network-based worms viruses and worms Accounts without good password Poor patch management Insecure servers

SIRT Departmental Security Contact Orientation Problem: Network-based Worms Currently our biggest issue –Navpaw, Gaobot No user interaction necessary Exploiting security vulnerabilities Exploiting Windows accounts without good password Leaving behind back doors

SIRT Departmental Security Contact Orientation Network-based Worms: Solutions Patch, patch, patch Symantec Antivirus with daily updates Good passwords on Windows accounts Network vulnerability scans

SIRT Departmental Security Contact Orientation Problem: Viruses And Worms (“Malware”) ‘Zero-Day’, fast propagation Smarter social engineering Leaving behind back doors Cleanup is costly and painful

SIRT Departmental Security Contact Orientation Viruses And Worms: Solutions New version of Symantec is anomaly-based as well as signature-based Symantec Antivirus with daily updates Coming soon to central real anti- virus filtering Managed antivirus installations Users are learning to be careful

SIRT Departmental Security Contact Orientation Problem: Accounts Without Good Password Network-based worms are exploiting Windows accounts with no or weak password Hackers can do the same thing

SIRT Departmental Security Contact Orientation Accounts Without Good Password: Solutions All Windows accounts should be disabled or have a good password Future versions of Windows should enforce this Network scans (by the White Hats)

SIRT Departmental Security Contact Orientation Problem: Poor Patch Management Applications as well as OS New Microsoft Update critical patches released this week –Did you know that? –Were they applied to your computers?

SIRT Departmental Security Contact Orientation Poor Patch Management: Solutions Windows Software Update Services Automatic Updates Phase out older OS versions

SIRT Departmental Security Contact Orientation Problem: Insecure Servers MS/SQL Blaster IIS Open SMTP relays UNIX / Linux / Mac OS/X A server on every desktop –Which are legitimate?

SIRT Departmental Security Contact Orientation Insecure Servers: Solutions Minimal OS install Turn off unneeded servers Windows 2003 gets this right Regular port scans to detect new servers Firewall the campus

SIRT Departmental Security Contact Orientation Problem: Lack Of Security Awareness

SIRT Departmental Security Contact Orientation Solution: You

SIRT Departmental Security Contact Orientation Resources SIRT / Security web site Your SIRT representative Your peers Central IT Training

SIRT Departmental Security Contact Orientation SIRT Web Site –Blocked hosts –Departmental security contact list –SIRT representative and backup list –Work in progress

SIRT Departmental Security Contact Orientation Training CNS TSC Incident Remediation training in May All-day training planned for Tuesday, June 29 in Union Little Theatre –You really really should attend. Refreshments! Microsoft security training planned for June More in the future, probably semi-annually

SIRT Departmental Security Contact Orientation The Future Regular network scans of connected devices –Identify new hosts –Identify new services (open ports) –Vulnerability scans Server registration IDS, ADS Firewalls

SIRT Departmental Security Contact Orientation Questions?

Thanks For Coming! Remember to introduce yourself to your SIRT representative

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.