Presentation is loading. Please wait.

Presentation is loading. Please wait.

Automating Endpoint Security Policy Enforcement Computing and Networking Services University of Toronto.

Published byShanna Jones Modified over 8 years ago

Similar presentations

Presentation on theme: "Automating Endpoint Security Policy Enforcement Computing and Networking Services University of Toronto."— Presentation transcript:

1 Automating Endpoint Security Policy Enforcement Computing and Networking Services University of Toronto

2 Computing and Networking Services University of Toronto Unmanaged ‘Endpoints’ Systems not proactively managed by University IT staff:  7000 student residents – Sept & Jan overload.  12000 active unique wireless user accounts. Subject to:  Missing OS updates, missing/expired AV protection, unsupported/pirated OS/SP.  Already compromised – spyware, V / W / T.

3 Computing and Networking Services University of Toronto Automation Framework Network Isolation VulnerabilityDetectionRemediation Missing Patches ↔ user - WindowsUpdate Missing Patches ↔ user - WindowsUpdate … ↔ … … ↔ … CompromiseDetectionRemediation V / W / T ↔ user – SAV scan V / W / T ↔ user – SAV scan … ↔ … … ↔ …

4 Computing and Networking Services University of Toronto Isolation  IP based – DHCP using two address pools, routable and non-routable (SWU Netreg) with full DNS.  HTTP control (Squid) – configure access for users in restricted zone.  Dynamic firewall port control (IPtables) – block services in restricted zone – except for IDS test interval

5 Computing and Networking Services University of Toronto Detection Framework  Active  Scanning from external source, eg. Nmap, Nessus.  Passive  Monitoring network traffic, eg. Tcpdump, Snort.  Agent  Client software, continuous or run-once.

6 Computing and Networking Services University of Toronto Detection Implementation Vulnerability  Missing critical patches: MBSA (cli version)  Missing antivirus: registry check and wmic  Weak passwords: John the Ripper  Insecure user configuration: user privileges, AutoUpdates, root cert audit Compromise  Virus/worm/trojan: IDS (Snort, TCPView), Microsoft MSR*  Spyware: Spybot cli  Rootkit: RootkitRevealer

7 Computing and Networking Services University of Toronto Remediation Vulnerability  WindowsUpdate (user)  Install SAV (user)  Weak passwords (user)  Insecure user configuration (user-run wizard) Compromise  Virus/worm/trojan: SAV scan, TrendMicro Sysclean, Microsoft MSR MSR  Spyware: (user-run Spybot)  Rootkit: (assisted )

8 Computing and Networking Services University of Toronto Tools in Detail Wizard UI  CLI utilities wrapped using open source Windows installers: NSIS, InnoSetup.  Provides familiar wizard user interface for detection/remediation tools.  Provides ‘run-once’ function – no installation required.  API includes registry read/write, cookie writing.  Two formats – stand-alone and server integration. MBSA  Detection of all critical updates available day of release, also detects updates to existing versions. Detection

9 Computing and Networking Services University of Toronto Tools in Detail Password Audit  Checks for blank password, password=username, dictionary lookup of words found in blended threats. Checks IDS  Snort check for host/port scan (20 sec. sample) Note: Isolation opened up to allow client server connections. Snort  TCPView check for excessive SYN rate. TCPView

10 Computing and Networking Services University of Toronto Applications - ESP  integration of isolation, MBSA detection, user remediation. integration  admin functions: init registration cycle, isolation/block MAC, configure isolation access.

11 Computing and Networking Services University of Toronto Applications - HealthChk  integration of isolation, compromise detection for assisted detection and remediation.  admin functions: convenient access to external utilities.

12 Computing and Networking Services University of Toronto Applications - Future  Create a remote HealthChk system.  User runs detection and remediation tools remotely, support for Linux?  Other Applications?  Managed environment use – encourage users to use automated systems, no isolation, enforcement via email reminders.

13 Computing and Networking Services University of Toronto More Information  http://www.utoronto.ca/security/UTORprotect http://www.utoronto.ca/security/UTORprotect  http://security.internet2.edu/netauth http://security.internet2.edu/netauth  http://www.netreg.org http://www.netreg.org

Download ppt "Automating Endpoint Security Policy Enforcement Computing and Networking Services University of Toronto."

Similar presentations

Chapter 10 Securing Windows Server 2008 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration.

Chapter 10 Securing Windows Server 2008 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration.
Introducing Kaspersky OpenSpace TM Security Introducing Kaspersky ® OpenSpace TM Security Available February 15, 2007.

Introducing Kaspersky OpenSpace TM Security Introducing Kaspersky ® OpenSpace TM Security Available February 15, 2007.
Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.

Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Vulnerability Analysis Borrowed from the CLICS group.

Vulnerability Analysis Borrowed from the CLICS group.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Trend Micro Round Table May 19, 2006. Agenda Introduction – why switch? Timeline for implementation Related policies Trend Micro product descriptions.

Trend Micro Round Table May 19, Agenda Introduction – why switch? Timeline for implementation Related policies Trend Micro product descriptions.
How PNNL Manages Windows Desktops 1 Will Jorgensen.

How PNNL Manages Windows Desktops 1 Will Jorgensen.
Potions of Protection Server Security. What does that do again? Familiarity Differing levels of protection –Low, does not exist –Medium, No private data.

Potions of Protection Server Security. What does that do again? Familiarity Differing levels of protection –Low, does not exist –Medium, No private data.
Microsoft Baseline Security Analyzer INLS 187 Security Software Presentation by Hinár György Polczer

Microsoft Baseline Security Analyzer INLS 187 Security Software Presentation by Hinár György Polczer
Patching MIT SUS Services IS&T Network Infrastructure Services Team.

Patching MIT SUS Services IS&T Network Infrastructure Services Team.
Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard
Installing and Configuring a Secure Web Server COEN 351 David Papay.

Installing and Configuring a Secure Web Server COEN 351 David Papay.
Bullet-Proofing Your Wireless Router By Steve Janss.

Bullet-Proofing Your Wireless Router By Steve Janss.
Windows Anti-virus and Security WNUG Meeting 2-7-2002.

Windows Anti-virus and Security WNUG Meeting
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Additional SugarCRM details for complete, functional, and portable deployment.

Additional SugarCRM details for complete, functional, and portable deployment.

Similar presentations

Ads by Google