1 / 19

UTAC SECURITY UPDATE

UTAC SECURITY UPDATE. Terry Gray 1 Oct 2004. AGENDA. I. Background II. Activities III. Recommendations. I. BACKGROUND. PREMISE. Insecure computers threaten : their users UW systems & networks UW reputation & resources UW staff, students, patients, partners.

shayla
Download Presentation

UTAC SECURITY UPDATE

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. UTAC SECURITY UPDATE Terry Gray 1 Oct 2004

  2. AGENDA I. Background II. Activities III. Recommendations

  3. I. BACKGROUND

  4. PREMISE • Insecure computers threaten: • their users • UW systems & networks • UW reputation & resources • UW staff, students, patients, partners

  5. UW's PERFECT (Security) STORM • All the usual Fortune 500 security issues • Two hospitals, multiple clinics • Classified government & commercial research • 45,000 students • 75,000 computers of amazing diversity • Academic “pseudo-anonymity” requirements • Residence Halls with students as well as non-UW renters • Extraordinary connectivity (fast attack propagation) • Decentralized culture (hundreds of independent biz units) • Increasingly sophisticated/hostile attack environment • Increasing dependency on network apps • Decreasing tolerance for outages • Increasing legal/regulatory risk and liability • Importance of research/clinical leverage complicates perimeter definitions

  6. FUNDAMENTAL TENSIONS • Security vs. complexity • Security vs. supportability (esp MTTR) • Security vs. local autonomy • Security vs. convenience • Security vs. innovation • Networking is about connectivity;Security is about isolation.

  7. CONCERNS • False sense of security • Increasing complexity • Decentralized culture --> inconsistent solutions • Unfunded security mandates • Cost shifting from guilty to innocent • Perimeter defense won't stop next-gen attacks • Users often don’t know their machine is infected • The devil is in the details (e.g. FW config) • Security policy often looks like network failure

  8. IMPACT • Security: the gift that keeps on taking • High incident risk with potentially big liability • Network assumptions have fundamentally changed • Prevention and cleanup costs will continue to grow • Solutions: • Still no substitute for well-managed hosts • More constraints/isolation/inconvenience inevitable • Defense-in-depth mandatory... but: • Increasing solution complexity implies increasing TTR

  9. II. ACTIVITIES

  10. UW MEDICINE ACTIVITIES • Policy definition and training • Inventories and informal compliance reviews • Centrally-managed host-based firewalls • Secure server sanctuaries in data center • Working with C&C on perimeter defense • Improved application auditing • Improved authentication • Minimum Security for all SOM devices • Desktop firewall • Anti-virus with automatic updates • Automatic updates of operating system

  11. C&C SECURITY ROLE • Past: • Protect the infrastructure • Future: • Help protect unmanaged hosts (“the guilty”) • Support Defense-In-Depth objectives

  12. C&C SECURITY GROUPS • Security Operations (detection & remediation) • Security Solutions (policy & prevention) • Security Administration (of C&C systems) • Security Middleware development (auth tools) • Network Architecture/Engineering/Tools

  13. C&C SECURITY ACTIVITIES -1 • Working with UW Medicine and PASSC • On policies and implementation • Security Operations • Monitoring and incident response • Quarantine infected hosts • Proactive scanning for vulnerabilities • Perimeter defense • Logical firewalls (LFWs) • Managed inline firewalls • Intrusion Prevention System • UW Medicine zone perimeter firewall

  14. C&C SECURITY ACTIVITIES -2 • Indirect/proxy host management • Probe machine status when authenticating • Proactive vulnerability scanning • Quarantine vulnerable hosts? • Client services • Supporting EPLT Computer Vet stations • SW licensing & distribution -antivirus, uwick, etc • Network Architecture changes • Host management services (Nebula) • Datacenter colo facilities (server sanctuaries) • Email virus (and Spam) blocking

  15. III. RECOMMENDATIONS

  16. MINIMUM O.S. STANDARDS • Use only O.S. versions supported by vendor • Enable host firewall or equiv. access restrictions • Enable auto-patching or equiv. central config mgt • Use anti-virus software (with auto-updating) • Enable logging

  17. BEST TECHNICAL PRACTICES • For applications: • Use secure protocols (e.g. SSH, SSL/TLS, K5, RDP) • Use central authentication infrastructure • Use two-factor authentication and/or one-time keys • No cleartext passwords on the wire! • For operating systems: • Disable or block unneeded services • Tunnel insecure OS protocols (e.g. NTLM in IPSEC)

  18. BEST OPERATIONAL PRACTICES • Adequately fund security support & training • Manage hosts en masse (cheaper, more effective) • Do risk assessments • Do penetration tests • Do periodic reviews/audits • Put servers in dedicated and secure facilities • Regularly review the logs!

  19. Consensus on recommendations? Exceptions policy? Enforcement policy? Consequences/sanctions? Funding? DISCUSSION ISSUES

More Related