270 likes | 284 Views
Learn about the free and affordable security services offered by MOREnet, Missouri's Research and Education network. Explore network monitoring tools, incident response techniques, and training opportunities. Contact Beth Young, a certified network security analyst.
E N D
Statenet Security on the cheap and easy Beth Young MOREnet Security youngba@more.net
Objectives • Introduction • What is MOREnet • Free security services • Cheap security services
Beth Young • Network Security Analyst • Certified Information System Security Professional (CISSP) • MOREnet 6 years
What is MOREnet?Missouri Research and Education network • ISP for • K-12 (515), • higher education (67), • state libraries (131), • state government • Technical support • Training • Incident Response • Video conferencing
Hub Site Services • DNS • Netflow Collectors • Internet Content Filtering Servers • E-mail/Web Hosting Servers • Akamai Servers • Ruckus Servers • Multi-Point Conference Units (video)
Free Services • Incident Response • Blackhole DNS • Good Net Neighbor Phase I • Good Net Neighbor Phase II • Network Monitoring tools • Single machine nmap scan • Open Mail Relay testing • Monthly Web Seminars • Security Awareness
Incident response • Wait, don’t we all do incident response? • Reading SecCheck logs • Reviewing email headers • Bandwidth reviews • Netflow reviews • Ethereal captures
Blackhole DNShttp://www.bleedingthreats.net/blackhole-dns/ • Another BIND process on current DNS servers • No changes to the downloaded zone files • cron job to download/update • DHCP scope change
Good Net Neighbor – Phase I • Block Microsoft file and print sharing ports (135, 137-139, 445) • Protect members from common viruses • Stopped a lot of “nuisance” calls
Good Net Neighbor – Phase II • Block outbound port 25 traffic except from approved mail servers
Network Monitoring tools • Behind our secure portal – MyMOREnet • Access to MRTG graphs • Access to Netflow reports
Single machine NMAP scan • Behind our secure portal – MyMOREnet • Only scans the machine you are logged into • Set a time-out value of 5 minutes • Can email the report to us for review
Open Mail Relay Test • Custom PERL script • Does 55 tests • Still occasionally find a misconfigured mail server
Monthly Web Seminars • CENTRA product for application sharing • Any topic can be covered • Securing Windows • Securing Linux • Social Networking do’s and don’ts • CALEA • Law Enforcement requests • Using NMAP and Ethereal
Security Awareness • Cyber Security Awareness Month • Regional Site Visits • On-line games/scavenger hunts • Booth at State Teacher Conference • Internet Safety Night • Internal Tips • Internet Safety Night – April 10, 2007 http://besafe.more.net
Communication and outreach • Security contact at each organization • Email lists • Security-l • MERC-security • Web site • breaking news links • MOREnet status indicator • Community outreach • InfraGard • Security Community
Cheap Services • Email Virus and Spam Filtering • Remote Vulnerability Assessment • Security Symposium • SANS@EDU conferences • MOREnet Connections and HELIX conference
Email Virus and Spam Filtering • Solution for hosted mail and web • Able to expanded to others with little additional effort • ClamAV • Greylisting, policyd, other open source products
Remote Vulnerability Assessment • Nessus scan • Nikto report • Distilled into “human readable” format • Instructions on mitigating vulnerability
Security Symposium • “What works” type sessions from MOREnet members • Cost covers hotel and breaks so usually $150-200 for 1.5 days
Connections and Helix conferences • Held in conjunction • Spring time - usually over spring break • Connections - K-12 • Helix - Higher education
Other Training opportunities • SANS@EDU conference • 2006 – 508 Forensics • 2007 – 504 Hacking Techniques, IR • 2007 – 505 Securing Windows • 2008 – ??
Things that didn’t work so well • Firewall Management • CALEA compliance • Centralized Anti-Virus • Comprehensive Network Security Service
Where do we go from here? • SANS Mentoring program • Darknet project • Writing Security Policy workshop • Expand Good Net Neighbor Policy
Questions? Beth Young (573) 884-9396 youngba@more.net http://www.more.net/security