140 likes | 258 Views
Security: Great Expectations. Clifford Collins Manager, Network Security Services. Network Security Services. Focused on higher education in Ohio Driven by feedback from OSTEER Supplements existing services Fee-based Two additional staff expected before the end of summer
E N D
Security: Great Expectations Clifford Collins Manager, Network Security Services
Network Security Services • Focused on higher education in Ohio • Driven by feedback from OSTEER • Supplements existing services • Fee-based • Two additional staff expected before the end of summer • Full support of OARnet’s management
Initial service offering • Site security audit • On-site investigation of infrastructure • Inventory of critical services • Internet scan for vulnerabilities • Intranet scan for vulnerabilities • Telephone scan for modem vulnerabilities • Analysis of results • Presentation and report of findings
Why a network security audit? • You can’t manage a service you aren’t measuring -- would you manage your personal finances without a bank statement? • You can better justify the expenditure of funds to fix problems when you have facts to support your assertions • It’s where the corporate world starts!
The deliverables: presentation and final report • 1-hour presentation at an executive level • Written executive summary • Technical assessment with recommendations for remediation and projected costs and time estimates • CD-ROM copy of all documents in password-protected Acrobat files
Technical report content Interesting ports on foo.bar.edu (10.0.0.2): Port State Service 21/tcp open ftp 23/tcp open telnet 80/tcp open http 513/tcp open login TCP Sequence Prediction: Class=random positive increments Difficulty=49978 (Worthy challenge) Remote operating system guess: FreeBSD 2.2.1 - 4.0
Technical report content (cont.) Interesting ports on re.bar.edu (10.0.0.3): Port State Service 135/tcp open loc-srv 139/tcp open netbios-ssn 1030/tcp open iad1 TCP Sequence Prediction: Class=trivial time dependency Difficulty=8 (Trivial joke) Remote operating system guess: Windows NT4 / Win95 / Win98
Technical report content (cont.) IP Address DNS Name Additional Info 10.1.1.225 oracle:oracle port 7 Vulnerability NameSeverity HighRexec default account accessible Description: An accessible default account was detected through rexec. Default accounts allow attackers easy access to remote systems. Fix: Disable the Rexec account or change the password to something difficult to guess.
Technical report content (cont.) Unix: Disable login access to this Unix account if it is not needed. To remove login access for a Unix account, follow these steps: 1. Edit the /etc/passwd file. 2. Locate the account. 3. Place an * (asterisk) in the password field. 4. Place the string /bin/false in the shell field. An example of the /etc/passwd entry for a disabled guest account should resemble the following: guest:*:2311:50:Guest User:/home/guest:/bin/false 5. Save and exit the file.
Technical report content (cont.) Windows: Change the password on this account to something difficult to guess, or disable login access to this Windows account. To change a password on a Windows account, follow these steps: 1. Open User Manager. From the Windows NT Start menu, select Programs, Administrative Tools (Common), User Manager. 2. Double-click the account to display the User Properties dialog box. 3. In the Password field, type the new password. 4. In the Confirm Password field, confirm the new password. 5. Click OK. --OR--
Technical report content (cont.) Windows continued: To disable login access to a Windows account, follow these steps: 1. Open User Manager. From the Windows NT Start menu, select Programs, Administrative Tools (Common), User Manager. 2. Double-click the account to display the User Properties dialog box. 3. To disable the account, select the Account Disabled check box. 4. Click OK.
How much will this cost? • Guidance from last October’s meeting • Principally driven by size of address space • Must cover the cost to support a central infrastructure and some staff • Can be reduced by committing to periodic audits to amortize licensing costs
Future expectations • Security education and training • Security resources web site • Certificate Authority and PKI • Incident response support • Site licensing of security software • Broaden firewall offering