1 / 27

Statenet Security on the cheap and easy

Learn about the free and affordable security services offered by MOREnet, Missouri's Research and Education network. Explore network monitoring tools, incident response techniques, and training opportunities. Contact Beth Young, a certified network security analyst.

vtomes
Download Presentation

Statenet Security on the cheap and easy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Statenet Security on the cheap and easy Beth Young MOREnet Security youngba@more.net

  2. Objectives • Introduction • What is MOREnet • Free security services • Cheap security services

  3. Beth Young • Network Security Analyst • Certified Information System Security Professional (CISSP) • MOREnet 6 years

  4. What is MOREnet?Missouri Research and Education network • ISP for • K-12 (515), • higher education (67), • state libraries (131), • state government • Technical support • Training • Incident Response • Video conferencing

  5. Hub Site Services • DNS • Netflow Collectors • Internet Content Filtering Servers • E-mail/Web Hosting Servers • Akamai Servers • Ruckus Servers • Multi-Point Conference Units (video)

  6. It isn’t all about the technology

  7. Free Services • Incident Response • Blackhole DNS • Good Net Neighbor Phase I • Good Net Neighbor Phase II • Network Monitoring tools • Single machine nmap scan • Open Mail Relay testing • Monthly Web Seminars • Security Awareness

  8. Incident response • Wait, don’t we all do incident response? • Reading SecCheck logs • Reviewing email headers • Bandwidth reviews • Netflow reviews • Ethereal captures

  9. Blackhole DNShttp://www.bleedingthreats.net/blackhole-dns/ • Another BIND process on current DNS servers • No changes to the downloaded zone files • cron job to download/update • DHCP scope change

  10. Good Net Neighbor – Phase I • Block Microsoft file and print sharing ports (135, 137-139, 445) • Protect members from common viruses • Stopped a lot of “nuisance” calls

  11. Good Net Neighbor – Phase II • Block outbound port 25 traffic except from approved mail servers

  12. Network Monitoring tools • Behind our secure portal – MyMOREnet • Access to MRTG graphs • Access to Netflow reports

  13. Single machine NMAP scan • Behind our secure portal – MyMOREnet • Only scans the machine you are logged into • Set a time-out value of 5 minutes • Can email the report to us for review

  14. Open Mail Relay Test • Custom PERL script • Does 55 tests • Still occasionally find a misconfigured mail server

  15. Monthly Web Seminars • CENTRA product for application sharing • Any topic can be covered • Securing Windows • Securing Linux • Social Networking do’s and don’ts • CALEA • Law Enforcement requests • Using NMAP and Ethereal

  16. Security Awareness • Cyber Security Awareness Month • Regional Site Visits • On-line games/scavenger hunts • Booth at State Teacher Conference • Internet Safety Night • Internal Tips • Internet Safety Night – April 10, 2007 http://besafe.more.net

  17. Communication and outreach • Security contact at each organization • Email lists • Security-l • MERC-security • Web site • breaking news links • MOREnet status indicator • Community outreach • InfraGard • Security Community

  18. Cheap Services • Email Virus and Spam Filtering • Remote Vulnerability Assessment • Security Symposium • SANS@EDU conferences • MOREnet Connections and HELIX conference

  19. Email Virus and Spam Filtering • Solution for hosted mail and web • Able to expanded to others with little additional effort • ClamAV • Greylisting, policyd, other open source products

  20. Remote Vulnerability Assessment • Nessus scan • Nikto report • Distilled into “human readable” format • Instructions on mitigating vulnerability

  21. Security Symposium • “What works” type sessions from MOREnet members • Cost covers hotel and breaks so usually $150-200 for 1.5 days

  22. Connections and Helix conferences • Held in conjunction • Spring time - usually over spring break • Connections - K-12 • Helix - Higher education

  23. Other Training opportunities • SANS@EDU conference • 2006 – 508 Forensics • 2007 – 504 Hacking Techniques, IR • 2007 – 505 Securing Windows • 2008 – ??

  24. Things that didn’t work so well • Firewall Management • CALEA compliance • Centralized Anti-Virus • Comprehensive Network Security Service

  25. Where do we go from here? • SANS Mentoring program • Darknet project • Writing Security Policy workshop • Expand Good Net Neighbor Policy

  26. Questions? Beth Young (573) 884-9396 youngba@more.net http://www.more.net/security

More Related