- Количество слайдов: 14
Security: Great Expectations Clifford Collins Manager, Network Security Services
Network Security Services ¨ Focused on higher education in Ohio ¨ Driven by feedback from OSTEER ¨ Supplements existing services ¨ Fee-based ¨ Two additional staff expected before the end of summer ¨ Full support of OARnet’s management
Initial service offering ¨ Site security audit – On-site investigation of infrastructure – Inventory of critical services – Internet scan for vulnerabilities – Intranet scan for vulnerabilities – Telephone scan for modem vulnerabilities – Analysis of results – Presentation and report of findings
Why a network security audit? ¨ You can’t manage a service you aren’t measuring -- would you manage your personal finances without a bank statement? ¨ You can better justify the expenditure of funds to fix problems when you have facts to support your assertions ¨ It’s where the corporate world starts!
The deliverables: presentation and final report ¨ 1 -hour presentation at an executive level ¨ Written executive summary ¨ Technical assessment with recommendations for remediation and projected costs and time estimates ¨ CD-ROM copy of all documents in password-protected Acrobat files
Technical report content Interesting ports on foo. bar. edu (10. 0. 0. 2): Port 21/tcp 23/tcp 80/tcp 513/tcp State open Service ftp telnet http login TCP Sequence Prediction: Class=random positive increments Difficulty=49978 (Worthy challenge) Remote operating system guess: Free. BSD 2. 2. 1 - 4. 0
Technical report content (cont. ) Interesting ports on re. bar. edu (10. 0. 0. 3): Port 135/tcp 139/tcp 1030/tcp State open Service loc-srv netbios-ssn iad 1 TCP Sequence Prediction: Class=trivial time dependency Difficulty=8 (Trivial joke) Remote operating system guess: Windows NT 4 / Win 95 / Win 98
Technical report content (cont. ) IP Address 10. 1. 1. 225 Vulnerability High DNS Name oracle: oracle Name Rexec Additional Info port 7 Severity default account accessible Description: An accessible default account was detected through rexec. Default accounts allow attackers easy access to remote systems. Fix: Disable the Rexec account or change the password to something difficult to guess.
Technical report content (cont. ) Unix: Disable login access to this Unix account if it is not needed. To remove login access for a Unix account, follow these steps: 1. Edit the /etc/passwd file. 2. Locate the account. 3. Place an * (asterisk) in the password field. 4. Place the string /bin/false in the shell field. An example of the /etc/passwd entry for a disabled guest account should resemble the following: guest: *: 2311: 50: Guest User: /home/guest: /bin/false 5. Save and exit the file.
Technical report content (cont. ) Windows: Change the password on this account to something difficult to guess, or disable login access to this Windows account. To change a password on a Windows account, follow these steps: 1. Open User Manager. From the Windows NT Start menu, select Programs, Administrative Tools (Common), User Manager. 2. Double-click the account to display the User Properties dialog box. 3. In the Password field, type the new password. 4. In the Confirm Password field, confirm the new password. 5. Click OK. --OR--
Technical report content (cont. ) Windows continued: To disable login access to a Windows account, follow these steps: 1. Open User Manager. From the Windows NT Start menu, select Programs, Administrative Tools (Common), User Manager. 2. Double-click the account to display the User Properties dialog box. 3. To disable the account, select the Account Disabled check box. 4. Click OK.
How much will this cost? ¨ Guidance from last October’s meeting ¨ Principally driven by size of address space ¨ Must cover the cost to support a central infrastructure and some staff ¨ Can be reduced by committing to periodic audits to amortize licensing costs
Future expectations ¨ Security education and training ¨ Security resources web site ¨ Certificate Authority and PKI ¨ Incident response support ¨ Site licensing of security software ¨ Broaden firewall offering