290 likes | 460 Views
IT Briefing Agenda 7/17/05. New scanning tools EOL/eVax & BTS Oracle Names to OID Manage IT self-service TS Update NetCom Q&A. Jay Flanagan Marisa Benson Mark Parten Karen Jenkins Theresa Goriczynski Paul Petersen. Web Application Vulnerability Protection. Jay D. Flanagan.
E N D
IT Briefing Agenda 7/17/05 • New scanning tools • EOL/eVax & BTS • Oracle Names to OID • Manage IT self-service • TS Update • NetCom Q&A • Jay Flanagan • Marisa Benson • Mark Parten • Karen Jenkins • Theresa Goriczynski • Paul Petersen
Web Application Vulnerability Protection Jay D. Flanagan
Web Application Vulnerability Scanner • SpiDynamics WebInspect Tool • Implemented in Spring of 2005 • Part of our audit process • Scan web applications before they go into production • Regularly scan currently implemented web applications for new vulnerabilities • Scans for specific web application vulnerabilities • cross-site scripting • buffer overflows • injection (SQL) • denial of service
Web Application Vulnerability Scanner • Web Application Vulnerability Security Awareness Training • August 8, 2005 • 8 am to 12 pm • Review web application vulnerabilities and how they can be protected against in the development of these applications
Web Application Firewall • Web Application Firewall - NetContinuum • Monitors all web specific traffic on ports 80 and 443 that is not monitored by a regular firewall. • Acts as a proxy to check this traffic before passing it on to the web servers. • Blocks attacks including cross-site scripting, buffer overflows, injection (SQL) and denial of service.
Web Application Firewall • Currently protecting the following ITD managed web applications. • Account Management System (ACM) • Black Board – Prod and Dev • Password Services • The App Prod and Dev Web Server • The Oak Dev Web Server
Self-Service Vulnerability Scanning • Self-Service Vulnerability scanning available via Nessus • Contact Security Team for setup • Manage IT (C=University Applications; T=Security; I=Work Request) –or- SecurityTeam-L@listserv.emory.edu • Following information needed • Name and organization you support • The IP address range on your network that you would like to scan • Phone number and e-mail address • Your network ID
Self-Service Vulnerability Scanning • You will be set up on the Nessus Scanner with an account • You will be able to scan your range of IP addresses for both desktops and servers • You will only have access to your IP range for scanning • You will be able to scan as little or as often as you deem necessary • You will receive a report on what vulnerabilities are active • Security Team available for consultation on reports and to answer any questions or help with any issues
Contact Information • Jay D. Flanagan – Security Team Lead • jflanag@emory.edu • Andy Efting – Security Analyst • aefting@emory.edu • Alan White – Security Analyst • awhite7@emory.edu • SecurityTeam-L@listserv.emory.edu
EOL/eVax & Back to School Marisa Benson
Oracle Names to OID Mark Parten
… many to still convert • Most recent list will be included in the meeting meetings posting • Use tool on TechTools to make the conversion
Manage IT Self-service Karen Jenkins
Manage IT Status • Self-service Phase 1 scheduled for 7/29 @ 7:00pm • Phase 2 • Reports, Port Status Table, Flashboards, & two-way email scheduled for 8/19/2005 • Any self-service enhancements that could not be developed for Phase 1 (PS Status, “on behalf of”) • SLAs … investigating & planning stage
TS Update Theresa Goriczynski