190 likes | 374 Views
OUHSC Information Security Update. IT, Information Security Services Randy Moore Nathan Gibson Greg Bostic. Security Project Update. Active Directory Cleanup Project “Cleaning the house” -- getting rid of old computer accounts Active Directory GPO project Establishing a security baseline
E N D
OUHSC Information Security Update IT, Information Security Services Randy Moore Nathan Gibson Greg Bostic
Security Project Update • Active Directory Cleanup Project • “Cleaning the house” -- getting rid of old computer accounts • Active Directory GPO project • Establishing a security baseline • E-Policy Orchestrator Project • Mirroring ePO with AD • Centrally Managing • Using the tools we have available
Purpose • GPOs cannot be applied on the computers container • ePO Sync would be inaccurate • Hard to manage with erroneous accounts present
Current Status • 1200 inactive computer accounts disabled and moved into the disabled.comps OU • Computer Accounts have been moved from the Computers container into the UnAssigned.Comps OU • GPO w/ login script applied to UnAssigned.Comps OU
New Procedures • All new computers should have account created prior to joining domain. • Computer Account Lifecycle procedure • 30 days UnAssigned.Comp – Active • 30 days disabled.comps – Inactive • On the 60th day Computer Account deleted • New Computer Checklist
Cleaning Your OU • Weed out old Computer Accounts • Use Active Directory Users and Computers • Go to “View” in the MMC • Check “Advanced Features” • Go to “View” and choose “Add/Remove Columns” • In the left hand “Available columns” table choose “Modified” and click “Add ->” • Hit OK
ePO McAfee E Policy Orchestrator • Provides a way to centrally manage Anti Virus protection on all managed devices • Syncs with Active Directory • Automatically installs/uninstalls AV • Automatic DAT updates • Customizable policies • Notification Capabilities • Report Generation
Training Greg Bostic 2nd Annual Cyber Security Day October 24, 2007 10:00 am
Cyber Security Day • Tier 1 Training • Business Manager Briefings • End User Briefings
Security Baseline Active Directory GPO Project
GPO Review • Group Policy Objects: • Allows you to configure baseline settings to ensure all resources have the same settings • Ease the administrative overhead in applying and modifying end user device and servers. • “One-Stop-Shop” for demonstrating policy compliance
AD GPO Project • Round 2 Settings Setting 1- HSC-IT-Automatic Updates (Workstation Only) • Enable Windows Updates Power management to automatically wake up the system: Enabled • 4- Auto Download and Schedule the Install • Schedule Install Day: 0-Everyday • Scheduled Install Time: 0300 Setting 2- HSC-IT-No Display Last User Login • Interactive logon: do not display last user name: Enabled
House Cleaning Help • Standardize GPO naming scheme • Dept-XXXX • Delete Old GPOs • Combine GPOs If possible • Remove GPOs with settings applied at higher lever
FUTURE GPO Settings • Event Logging • Account Management: Success • Account Logon/Logoff: Success/Failure • Policy Change: Success • System Events: Success/Failure • Screen Saver • Hide Screen Saver Tab: Enabled • Screen Saver: Enabled • Password protect the Screen Saver: Enabled • Screen Saver Timeout: 600(900?)
Let’s Talk Questions & Concerns ??? http://it.ouhsc.edu/services/infosecurity/Projects.asp