• No results found

Integrating Network Security into your Site

N/A
N/A
Protected

Academic year: 2021

Share "Integrating Network Security into your Site"

Copied!
20
0
0

Loading.... (view fulltext now)

Full text

(1)

Integrating Network Security

into your Site

Rich Pinder

Los Angeles Cancer Surveillance Progra m

rpinder @ usc.edu

(2)

Q

Big Picture thoughts on Security

Q

Co m ponents of organization wide security

Q

Rich’s ‘Top 10’

(3)

Q

“Security - it’s TO O co m plicated !!!”

(4)

Q

Doing nothing no longer acceptable.

Q

Its HU G E. But why not take it piece meal

? So mething BETTER than nothing!

Q

Little money? Few hours of the techies ?

Couple days time ?? Hire a techie ???

(5)

Q

Start s m all – go to the infor mational

websites (look for .org and .gov sites) and

search for ‘getting started’.

Q

Decide which steps you can handle

Q

Consultants sources

Attend local user groups - _nix

Los Angeles costs ~ 100/hr

(6)

Q

Big Picture thoughts on Security

Q

Co m ponents of organization wide security

Q

Rich’s ‘Top 10’

(7)

Co m ponents

Q

User authentication and environ m ent

Q

Filtering – Port & Process control

Q

Firewalls

Q

Encryption

(8)

Q

User authentication and environ m ent

– Password protect ALL machines !

– One point login using to multiple system s can

be dangerous (breach on weak machines

obtains sam e password used on hardened

m achines). Long. Co m plex. Changing (???).

– Use password policy progra m s

– Bio metrics – pro mises both higher security

(9)

Q

User authentication and environ m ent

(cont)

Environ m ent

User Training & Awareness

Part of your annual confidentiality briefings

Ramifications of bad practices

User Accountability

(10)

Q

Filtering – Port & Process control

– Control the ‘doors’ to your com p uters

– Should be done for all syste m s.

Should be done for all ALL

A L L

major

syste ms !

– Software to do this exists for your system

(IPSec on WinNT/2k – IP Chains/IPTables on Linux)

– Rules: Inco ming – Outgoing – Forward… … …..

(11)

Q

Filtering – Port & Process control

(cont)

– Li mit what’s running on your co m puter – KILL

Unecessary Services ! (watch default installs)

– Port Scans – reports tell which ‘doors’ open

– Threat assess ment – goes one better – tells

you what’s open, and what to D O about it.

– Even so m e ‘Auto mated Mitigation’ software to

(12)

Q

Firewalls

– There are really no fla mes involved!

– Firewall is Centralized Filtering – typically

hardware and software solution. (Sa m e

software as we discussed for Filtering)

– T wo NIC’s – pass through design

– Not a panacea! As soon as they’re in place,

requests to bypass the m co me in!

M odifications can induce error.

(13)

Q

Encryption

– W hy send info in ‘plain text’ when you can

send it Encrypted ?

Pgp – public key type encryption we’ve heard about for a long tim e (GP G better alternative ?)

‘public’ key algorith m necessary to share with others with out knowing the key.

(14)

Q

Virtual Private Network (VP N) &

Tunneling

– Defines a secure interconnected conduit

between geographically separated system s

– Based on encryption

– Includes Filtering concepts

Allows multiple (and future) applications to operate securely – similar in concept to using your ‘server’ at work

(15)

Q

Big Picture thoughts on Security

Q

Co m ponents of organization wide security

Q

Rich’s ‘Top 10’

(16)

Top 10

Q M ake a security co m mitm ent – to do so mething when you get ho me! Start a “Security Procedures” manual –

docu ment what you do.

Q Do User Training & Authentication Hardening – access control

Q Don’t use Telnet & Ftp. Get SSL enabled apps to substitute. (SSH, SCP)

Q Use (and keep CUR RE N T) virus control software (Sy mantec or McAffee)

Q Encrypt ALL confidential data that you send fro m your organization.

(17)

Top 10

Q Run vulnerability scanners (ie Nessus). Co mpare reports to the SA NS/FBI top 20 vulnerabilities list and be SURE to mitigate the biggies

Q Port filtering – Cheap: Install / configure IPSec for windows servers & IPChains or IPTables for Linux

servers. Expensive: Do ‘Cheap’ AND install dedicated Firewall machine. Router: Have your network folks be sure the routers and switches are configured properly

Q Wireless? Secure the access point! (they co me initially wide open). If not implem ented yet, look at 802.11b spec – with W E P2 security.

(18)

Security Resources

Q SA N S – GREAT site

http://w w w.sans.org/

Syste m Ad ministration, Networking and Security - since 1989 SA N S incident site: http://ww w.incidents.org/

Good starting place: http://ww w.sans.org/newlook/publications/road map.ht m

Top 20 security issues: http://w w w.sans.org/top20.htm

Q Technical Tutorials

http://w w w.syste mexperts.com /tutorial.html

Hodgepodge tutorial..great for showing what OT HERS are looking to do to get into your site.

Q Good source of info: (not just for linux)

(19)

Q Govern ment / University inform ation sources

National Security Agency

http://w w w.nsa.gov/isso/infosec

Windows 2000 security guidelines, including actual .inf files that can be applied to deal with config / do main /ad min stuff

CERT

w w w.cert.org

Carnegie melon Software Engineering Institute

See the ‘tech tips’ section – sign up for mailing list

National Infrastructure Protection Center

http://w w w.nipc.gov/

(20)

Q Filtering – port and process control

http://w w w.nessus.org/ Nessus port scaner and threat assess ment tool

http://w w w.tinysoftware.co m relatively inexpensive - $39 for new version. Zonealar m has free version still… but ‘best’ versions around sa me price. Deerfield, Norton (Sy mantec), Black Ice, Zonealar m, Tiny Personal

firewall… all available

http://w w w.citadel.co m Hercules – a threat mitigation tool

Q Locating user groups

Linux user groups: ww w.ssc.co m/glue

Unix user groups: http://dark.wustl.ecu/~newton/othr_uug.html

http://w w w.netip.co m Keith Pal mgren page Check out Articles & Security links pages

Q Virtual Private networks

References

Related documents

With a two-party oblivious transfer protocol, OKS allows the user to retrieve the plain data containing the keyword of his choice while the supplier learns nothing about the

Integrating new Linux servers automatically with AD AD User&Groups AD Kerberos Msktutil Kerberos keytab Create user Create principal.. Integrating new

Importance of Log Analysis   

It describes Windows Firewall, IPsec connection security rules, and Windows Defender, and how to configure these tools to manage network

It describes Windows Firewall, IPsec connection security rules, and Windows Defender, and how to configure these tools to manage network

/sbin/iptables –t filter –A INPUT –m state \ --state ESTABLISHED, RELATED –j ACCEPT. /sbin/iptables –t filter –A INPUT –p udp \ –s $DNS –source-port domain

1) Clear the Data and address integrity without encryption (AH) check box. 2) Select the Data integrity and encryption (ESP) check box. 3) From the Integrity Algorithm

There are several promo codes that you can input into the FREE ROBUX platform itself or specific games to unlock these free items.. If you want to take your gameplay to the next