Uc davis vulnerability scanning and remediation
Download
1 / 23

UC Davis Vulnerability Scanning and Remediation - PowerPoint PPT Presentation


  • 487 Views
  • Updated On :

UC Davis Vulnerability Scanning and Remediation. 2005 Larry Sautter Award UC Davis, Information and Education Technology. UC Davis Vulnerability Scanning and Remediation. Project description and background Project Objectives Protecting the campus network Scalable technology Education

Related searches for UC Davis Vulnerability Scanning and Remediation

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'UC Davis Vulnerability Scanning and Remediation' - Sharon_Dale


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Uc davis vulnerability scanning and remediation l.jpg

UC Davis Vulnerability Scanning and Remediation

2005 Larry Sautter Award

UC Davis, Information and Education Technology


Uc davis vulnerability scanning and remediation2 l.jpg
UC Davis Vulnerability Scanning and Remediation

  • Project description and background

  • Project Objectives

  • Protecting the campus network

  • Scalable technology

  • Education

  • Questions


Project description l.jpg
Project Description

A proactive approach to reducing threats to computing resources and enhancing the protection of university electronic information.


Project objectives l.jpg
Project Objectives

  • Protect the integrity of the campus computing environment

  • Provide a cost-effective solution for vulnerability scanning and remediation

  • Develop a scalable system

  • Educate campus computer users, support staff and system administrators


Timeline l.jpg
Timeline

  • September 2003

    • Temporary scanning system deployed to detect RPC vulnerabilities

  • October 2003

    • Reduction in vulnerable and/or infected systems on campus network from more than 700 to fewer than 40 in four weeksMay 2004

    • Planning for a permanent vulnerability scanning system was initiated

  • September 2004

    • Computer Vulnerability Scanning Policy adopted by Campus

    • Rebuilding/redeployment of the campus vulnerability scanning system components

    • Threat analysis subscription begins

    • Database upgrades made

  • January 2005

    • Honeypot integrated into permanent scanning system

  • June 2005

    • Intrusion detection system (IDS) integrated into vulnerability scanning system

  • July 2005

    • Campus vulnerability scanning system is in full production mode


Computer vulnerability scanning policy l.jpg
Computer Vulnerability Scanning Policy

  • All computers, servers, and other electronic devices connected to the campus network shall be kept free of critical security vulnerabilities.

  • Individuals whose computers present critical security vulnerabilities must correct those vulnerabilities in a timely manner before connecting to the campus network.

  • Computers found to contain critical security vulnerabilities that threaten the integrity or performance of campus network will be denied access to campus computing resources, and may be disconnected from the campus network to prevent further dissemination of infectious or malicious network activity.



Vulnerability assessment mechanisms l.jpg
Vulnerability Assessment Mechanisms

  • Nessus (scanlite perl module) is used to scan campus systems daily for 1-3 vulnerabilities

  • Nessus is used to identify compromised systems during web-based authentication

  • Labrea (honeypot) is used to identify malicious network traffic on an unannounced network segment

  • Bro (IDS) identifies malicious network traffic. Bro can use the snort rule set.


Vulnerability assessment database l.jpg
Vulnerability Assessment Database

  • IP Address

  • Date

  • Type (honeypot, scan, IDS)

  • MAC address

  • Username


Input sources l.jpg
Input Sources

  • VLAN assignments (What IPs shall we scan?)

  • VLAN technical contact (Who do we contact if there is a problem?)

  • ARP table records (What MAC address is associated with a particular IP?)

  • MAC address ownership (Who registered a particular MAC address?)

  • Web authentication (What IP is attempting to authenticate to a UCD web site?)

  • Threat selection (What threats represent highest risk to campus?)

  • Web/Daily Scan Capability (What Nessus security plug-ins are available?)




Faculty staff and students l.jpg
Faculty, Staff and Students

  • Formal discussions with senior campus administrators and advisory groups

  • Email alerts/announcements

  • Print and Web publications

  • Posters and Flyers

  • Self-initiated scans

  • Scan results pages



Technical staff l.jpg
Technical Staff

  • Formal discussions

  • Computer & Network Security Report (secalert.ucdavis.edu)

  • Email notifications

  • “Top Ten” graphs






Lessons learned and next steps l.jpg
Lessons Learned and Next Steps

  • Nessus limitations

  • Reliance on campus unit system administrators

  • Enhance integration with Remedy trouble-ticketing system

  • Product integration via database is not readily available



Contact information l.jpg
Contact Information

  • Robert Ono, [email protected]


ad