1 / 24

OUHSC Information Security Update

OUHSC Information Security Update. IT, Information Security Services Randy Moore Mike Waller Nathan Gibson Greg Bostic. Security Project Update (the three Ps). Policy baseline completed See http://it.ouhsc.edu/policies/ Perimeter firewall management project complete

ita
Download Presentation

OUHSC Information Security Update

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. OUHSC Information Security Update IT, Information Security Services Randy Moore Mike Waller Nathan Gibson Greg Bostic

  2. Security Project Update (the three Ps) • Policy baseline completed • See http://it.ouhsc.edu/policies/ • Perimeter firewall management project complete • All externally accessible servers registered in db • Firewall rules updated with db • Servers scanned and vulnerabilities mitigated • https://www.ouhsc.edu/acl/admin23/allacl.cfm • Private IPs for hosts on new network

  3. Security Personnel Update • Kenneth Reed: moved to Engineering • Nathan Gibson: moving on risk assessments • Mike Waller is moving on to Charlotte • Greg Bostic is moving into security

  4. New Projects • Payment Card Industry Data Security Standard • Risk Assessments • Security policy implementation • Active Directory Baseline Security Configuration

  5. OUHSC Group Policy Objects

  6. Purpose • Compliance • Security • Ease administrative overhead • High level Polices Only • Tier 1s can still apply organizational preferred settings • User “buy-in”

  7. Time Line • 4 Week Implementation Life Cycle • Week 1: IT will create and test the AD GP settings. • Week 2-4:Tier 1s will apply and test each GP to their respective AD Organizational Unit (OU) and present feedback to IT. For settings that present a change for their end-users Tier 1’s should communicate those changes in advance to their user community. IT will assist in developing appropriate communications. • Week 5: IT will evaluate any feedback given and make necessary modification before applying the settings at the campus wide level.

  8. Time Line(cont) • 20 Settings • Will be separate into 4 separate groups containing at most 3 sets of related settings to limit impact. Example:

  9. Time Line (cont) Group 1: Setting 1: - • Network access: Allow anonymous SID/Name translation – Disabled • Network access: Do not allow anonymous enumeration of SAM accounts – Enabled • Network access: Do not allow anonymous enumeration of SAM accounts and shares –Enabled • Network access: Let Everyone permissions apply to anonymous users • Disabled Setting 2 : • Add workstations to domain (Added Groups: OUHSC\Domain Admins, OUHSC\Computer-Account-Creators) Setting 3: • Turn on the auto-complete feature for user names and passwords on forms – DISABLED

  10. IT Responsibilities • Create GPOs and configure settings • Assist Tier 1s in communicating GPO results to users • Receive feedback from Tier 1s and assist in resolving problems • Apply GPO settings at the Domain level after testing phase

  11. Tier 1 Responsibilities • Advise Users • Apply GPOs to Active Directory Organization Units • Give feedback to IT-OPS and IT-ISS

  12. GPO Review • Group Policy Objects: • Allows you to configure baseline settings to ensure all resources have them same settings • Ease the administrative overhead in applying and modifying end user device and servers. • “One-Stop-Shop” for demonstrating policy compliance

  13. GPO Review (cont) • Applying Group Policy Objects • Use MS built in Group Policy Management Console (gpmc.msc) • Start > Run > gpmc.msc

  14. GPO Review (cont) • Applying Group Policy Objects 1. Use MS built in Group Policy Management Console (gpmc.msc) a. Start > Run > gpmc.msc 2. Apply GPOs to your Workstations OU.

  15. GPO Review (cont) • Applying Group Policy Objects 1. Use MS built in Group Policy Management Console (gpmc.msc) a. Start > Run > gpmc.msc 2. Apply GPOs to your Workstations OU 3. To apply the GPOs you right click on your OU and choose “Link an existing GPO”

  16. GPO Review (cont) • Applying Group Policy Objects 1. Use MS built in Group Policy Management Console (gpmc.msc) a. Start > Run > gpmc.msc 2. Apply GPOs to your Workstations OU 3. To apply the GPOs you right click on your OU and choose “Link an existing GPO” 4. All GPOs that are in this project will have a common naming convention

  17. GPO Review (cont) • Applying Group Policy Objects 4. All GPOs that are in this project will have a common naming convention 5. Choose the GPO you would like to link and repeat the steps 2- 5 for each GPO you would like to apply there after.

  18. House Cleaning Help • Clean up Computers OU • Standardize GPO naming scheme • HSC-Dept-XXXX • Delete Old GPOs • Combine GPOs If possible • Remove GPOs with settings applies at higher lever

  19. House Cleaning Help (cont)

  20. Let’s Talk Questions & Concerns ???

More Related