1 / 9

ESCC Ohio State University July 21 – 22, 2004

Wireless and Post OA Security Review. Mike Memory. ESCC Ohio State University July 21 – 22, 2004. Outline. Administrative Issues Purchasing Policy Credit Cards ADP Approval Documentation Policy Procedure Configuration Management. Outline Cont. Technical Issues Wireless

timko
Download Presentation

ESCC Ohio State University July 21 – 22, 2004

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Wireless and Post OA Security Review Mike Memory ESCC Ohio State University July 21–22, 2004

  2. Outline • Administrative Issues • Purchasing Policy • Credit Cards • ADP Approval • Documentation • Policy • Procedure • Configuration Management

  3. Outline Cont. • Technical Issues • Wireless • Issues with Technology • Lab daily users • Lab Guest • Flat Network Security Model • Enclaves • Access control

  4. Administrative Issues • Purchasing • What purchases are for network capable items? • ADP approval required for a gas analyzer, key lock box, etc.? • Need better control from procurement regarding credit cards and requisitions • Once purchased, how do we deal with it • Documentation • User awareness of Policies and CSPP • Risk assessments • Procedures regarding testing and deployment of new technology • Configuration Management for hosts, network devices, etc.

  5. Technical Issues - Wireless • WEP was not in use on our Guest/Conference Wireless • Needed WEP and a Firewall (or ACL in router) at minimum • Limit access to the site and to the Internet • WEP was in use on the JLab user wireless network • But that is not enough • Suggested VPN, IPSec, Firewall • Need to treat WEP keys like user passwords • Storing, Changing, Distributing issues • Need detection for rouge access points • Other suggestions - 802.1x, 802.11i, etc.

  6. Technical Issues - Network • Problem • Flat Network Security Model • Users can access most (not all) networks freely • Resolution • Segmentation of network • Enclaves need to be created based on: • security requirements, work group, functionality • Greater access controls between enclaves with ACL’s • Access to DAQ systems from desktop? No.

  7. Fixing The Issues • Most issues we knew about and had plan for • Tough to implement with limited resources • Our timelines for implementation were seen as taking to long • Developed 5 Teams – Driven by our CIO • Network Security Team • Wireless Security Team • X11 • Host Configuration and Management • Authentication and Authorization

  8. What we have done since OA • Determined Risk Assessment for all issues via teams • Tightened down our conference network • Done - WEP and ACL now limiting access • Deploying more VLANs as we categorize users and services for enclave assignment • Evaluating other wireless solutions for new technologies • Policies for purchasing changes well underway • Working hard to get more human resources

  9. Conclusion • The OA review was educational • Lots of work has already occurred • Lots of work still to do in all areas of computing • Collaboration with other Labs a must to help us “NOT” re-invent the wheel

More Related