1 / 9

UCAR Security Training Update

UCAR Security Training Update. Aaron Andersen for Peter Burkholder 12 March 2007. Overview. Hired Peter Burkholder as casual to complete training assessment and modules Peter made excellent progress but was hired by a firm in Maryland

kamali
Download Presentation

UCAR Security Training Update

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. UCAR Security Training Update • Aaron Andersen • for • Peter Burkholder • 12 March 2007

  2. Overview • Hired Peter Burkholder as casual to complete training assessment and modules • Peter made excellent progress but was hired by a firm in Maryland • Plan is to complete the training and will likely fly him back to give the first required training here in April.

  3. Training Update • CSAC required on-site security training for “designated sysadmins” in early 2006 • Eight hours of training annually • Improve quality of security and system administration practices at UCAR

  4. Needs assessment • Keep training focussed on pragmatic needs and specific to UCAR practices • Peter Burkholder has analyzed training implications of CSAC policies and done an initial survey of the 112 ‘designated’ sysadmin (vs. 54 SAs by job title) • Formed an advisory group of sysadmins to provide content feedback and guidance

  5. Survey Highlights • Many small site SAs (41< 5 systems), and these systems are a mix of platforms • Small sites SAs self-assess as OK at security • Comments: • As long as I follow established procedures, I feel confident in the security of our systems. • I gave myself a 5 [Outstanding] based on the fact that I promply upgrade my system to deal with security issues as soon as they are identified by UCAR experts and they make me aware of the need for an upgrade. I am not personally a security expert. • Certainly my process of installing/applying security updates is not as timely as I'd like. For the most part, updates still need to be manually/individually applied on Mac systems. • Anybody who says "Outstanding" is lying :-)

  6. Training Structure • 5 modules of 2-3 hours each • UCAR Security Essentials will be required • Choose among the following courses to meet or exceed 8 hours • Securing Unix/Linux, Securing MacOSX, Securing Windows, Service Hardening

  7. UCAR Security Essentials • First course, targeted April 2007 • Guiding principles in UCAR InfoSec • UCAR security incident response • UCAR security infrastructure (network, passwords) • Law and Ethics for sysadmins

  8. Other Courses • Given the number of people managing a few machines, focus on specifics of system hardening, with intro infrastructure tools • Securing Unix/Linux & Securing MacOSX -- May 2007? • Hardening Services -- June 2007? • Securing Windows – Additional expertise needed may (outsource)

  9. Windows Training • Jason Fossen • http://www.enclaveconsulting.com/ • Randy Franklin Smith • http://www.ultimatewindowssecurity.com/ • Mark Minasi • http://www.minasi.com/

More Related