120 likes | 127 Views
Discover the strategies we employ to protect ourselves and our customers, including physical security, configuration control, and disaster recovery. We also provide managed services such as virus and spam filtering, vulnerability assessments, and proactive monitoring. Join us in shaping a future that emphasizes proactive security measures, enhanced advisory services, and on-site vulnerability audits.
E N D
Security – Defending your Customers from Themselves StateNets Annual Meeting February, 2004
Security, what do we do? • What do we do to protect ourselves? • What do we do to protect our customers? • What do we do to our customers? • If this is where we are today, where should we be tomorrow?
What do we do to protect ourselves? • Physical security • Backup and TEST RESTORES! • Internal awareness • Monitor most appropriate lists • Membership in security organizations • Configuration control • Protected circuits • Tripwire OS and configuration files • Evaluate and Patch OS • Change control
What do we do to protect ourselves? • Limit access • Size-appropriate connections – limit DoS, DDoS participation • Require SSH for shell accounts • Radius authentication/access logs • Disable unused services • Packet filtering software firewalls • Enforce complex, limited-life passwords
What do we do to protect ourselves? • Monitor and Maintain • Intrusion detection for core systems • Network scanners • READ THE LOGS! Logcheck • Follow-up
What do we do to protect ourselves? • Disaster Recovery/Risk Profile • Carrier-class or Enterprise-class equipment • Vendor maintenance – understand ”Acts of God” clauses • Document recovery procedures/responsibilities • Sponsor/Bill Payers understand and accept risks
What do we do for our customers? • Managed services – web and mail hosting • Virus filtering for managed mail services • Spam filtering for managed mail services • Remote Vulnerability Assessment • Awareness/Education • Formal training • Customer advisories
What do we do for our customers? • Incidence Response • Monitored endpoints at customer edge • Proactive connectivity and performance monitoring • Reactive security monitoring • Provide customer network tools • Netflow • MRTG • NetHealth • “looking glass” utilities
What do we do to our customers? • Acceptable Use Policy • “reasonable efforts” • Access lists • Block offending servers, connection • Block outside attacks • “Open Relay” Scans
If this is where we are today, where do think we should be tomorrow? • Proactive security measures • Better intrusion detection, automatic notification • Security policy • Require desktop virus scanning • Central security services – • Cross institution authentication
If this is where we are today, where do think we should be tomorrow? • Customer Services • Security Operations Center • Enhanced Advisory Services (awareness of new developments before formal public advisories, enhanced information sharing) • Managed Firewall Service • Managed Intrusion Detection • Managed Event Response • On-site vulnerability/audit services
MOREnet Security Link • http://www.more.net/security/index.html