270 likes | 348 Views
Statenet Security on the cheap and easy. Beth Young MOREnet Security youngba@more.net. Objectives. Introduction What is MOREnet Free security services Cheap security services. Beth Young. Network Security Analyst Certified Information System Security Professional (CISSP)
E N D
Statenet Security on the cheap and easy Beth Young MOREnet Security youngba@more.net
Objectives • Introduction • What is MOREnet • Free security services • Cheap security services
Beth Young • Network Security Analyst • Certified Information System Security Professional (CISSP) • MOREnet 6 years
What is MOREnet?Missouri Research and Education network • ISP for • K-12 (515), • higher education (67), • state libraries (131), • state government • Technical support • Training • Incident Response • Video conferencing
Hub Site Services • DNS • Netflow Collectors • Internet Content Filtering Servers • E-mail/Web Hosting Servers • Akamai Servers • Ruckus Servers • Multi-Point Conference Units (video)
Free Services • Incident Response • Blackhole DNS • Good Net Neighbor Phase I • Good Net Neighbor Phase II • Network Monitoring tools • Single machine nmap scan • Open Mail Relay testing • Monthly Web Seminars • Security Awareness
Incident response • Wait, don’t we all do incident response? • Reading SecCheck logs • Reviewing email headers • Bandwidth reviews • Netflow reviews • Ethereal captures
Blackhole DNShttp://www.bleedingthreats.net/blackhole-dns/ • Another BIND process on current DNS servers • No changes to the downloaded zone files • cron job to download/update • DHCP scope change
Good Net Neighbor – Phase I • Block Microsoft file and print sharing ports (135, 137-139, 445) • Protect members from common viruses • Stopped a lot of “nuisance” calls
Good Net Neighbor – Phase II • Block outbound port 25 traffic except from approved mail servers
Network Monitoring tools • Behind our secure portal – MyMOREnet • Access to MRTG graphs • Access to Netflow reports
Single machine NMAP scan • Behind our secure portal – MyMOREnet • Only scans the machine you are logged into • Set a time-out value of 5 minutes • Can email the report to us for review
Open Mail Relay Test • Custom PERL script • Does 55 tests • Still occasionally find a misconfigured mail server
Monthly Web Seminars • CENTRA product for application sharing • Any topic can be covered • Securing Windows • Securing Linux • Social Networking do’s and don’ts • CALEA • Law Enforcement requests • Using NMAP and Ethereal
Security Awareness • Cyber Security Awareness Month • Regional Site Visits • On-line games/scavenger hunts • Booth at State Teacher Conference • Internet Safety Night • Internal Tips • Internet Safety Night – April 10, 2007 http://besafe.more.net
Communication and outreach • Security contact at each organization • Email lists • Security-l • MERC-security • Web site • breaking news links • MOREnet status indicator • Community outreach • InfraGard • Security Community
Cheap Services • Email Virus and Spam Filtering • Remote Vulnerability Assessment • Security Symposium • SANS@EDU conferences • MOREnet Connections and HELIX conference
Email Virus and Spam Filtering • Solution for hosted mail and web • Able to expanded to others with little additional effort • ClamAV • Greylisting, policyd, other open source products
Remote Vulnerability Assessment • Nessus scan • Nikto report • Distilled into “human readable” format • Instructions on mitigating vulnerability
Security Symposium • “What works” type sessions from MOREnet members • Cost covers hotel and breaks so usually $150-200 for 1.5 days
Connections and Helix conferences • Held in conjunction • Spring time - usually over spring break • Connections - K-12 • Helix - Higher education
Other Training opportunities • SANS@EDU conference • 2006 – 508 Forensics • 2007 – 504 Hacking Techniques, IR • 2007 – 505 Securing Windows • 2008 – ??
Things that didn’t work so well • Firewall Management • CALEA compliance • Centralized Anti-Virus • Comprehensive Network Security Service
Where do we go from here? • SANS Mentoring program • Darknet project • Writing Security Policy workshop • Expand Good Net Neighbor Policy
Questions? Beth Young (573) 884-9396 youngba@more.net http://www.more.net/security