Presentation is loading. Please wait.

Presentation is loading. Please wait.

University of Missouri System 1 Security – Defending your Customers from Themselves StateNets Annual Meeting February, 2004.

Similar presentations


Presentation on theme: "University of Missouri System 1 Security – Defending your Customers from Themselves StateNets Annual Meeting February, 2004."— Presentation transcript:

1 http://www.more.net University of Missouri System 1 Security – Defending your Customers from Themselves StateNets Annual Meeting February, 2004

2 2 Security, what do we do? What do we do to protect ourselves? What do we do to protect our customers? What do we do to our customers? If this is where we are today, where should we be tomorrow?

3 3 What do we do to protect ourselves? Physical security Backup and TEST RESTORES! Internal awareness –Monitor most appropriate lists –Membership in security organizations Configuration control –Protected circuits –Tripwire OS and configuration files –Evaluate and Patch OS –Change control

4 4 What do we do to protect ourselves? Limit access –Size-appropriate connections – limit DoS, DDoS participation –Require SSH for shell accounts –Radius authentication/access logs –Disable unused services –Packet filtering software firewalls –Enforce complex, limited-life passwords

5 5 What do we do to protect ourselves? Monitor and Maintain –Intrusion detection for core systems –Network scanners –READ THE LOGS! Logcheck –Follow-up

6 6 What do we do to protect ourselves? Disaster Recovery/Risk Profile –Carrier-class or Enterprise-class equipment –Vendor maintenance – understand ”Acts of God” clauses –Document recovery procedures/responsibilities –Sponsor/Bill Payers understand and accept risks

7 7 What do we do for our customers? Managed services – web and mail hosting Virus filtering for managed mail services Spam filtering for managed mail services Remote Vulnerability Assessment Awareness/Education –Formal training Customer advisories

8 8 What do we do for our customers? Incidence Response Monitored endpoints at customer edge –Proactive connectivity and performance monitoring –Reactive security monitoring Provide customer network tools –Netflow –MRTG –NetHealth –“looking glass” utilities

9 9 What do we do to our customers? Acceptable Use Policy –“reasonable efforts” Access lists –Block offending servers, connection –Block outside attacks “Open Relay” Scans

10 10 If this is where we are today, where do think we should be tomorrow? Proactive security measures –Better intrusion detection, automatic notification Security policy –Require desktop virus scanning Central security services – –Cross institution authentication

11 11 If this is where we are today, where do think we should be tomorrow? Customer Services –Security Operations Center –Enhanced Advisory Services (awareness of new developments before formal public advisories, enhanced information sharing) –Managed Firewall Service –Managed Intrusion Detection –Managed Event Response –On-site vulnerability/audit services

12 12 MOREnet Security Link http://www.more.net/security/index.html


Download ppt "University of Missouri System 1 Security – Defending your Customers from Themselves StateNets Annual Meeting February, 2004."

Similar presentations


Ads by Google