uc davis vulnerability scanning and remediation
Download
Skip this Video
Download Presentation
UC Davis Vulnerability Scanning and Remediation

Loading in 2 Seconds...

play fullscreen
1 / 23

UC Davis Vulnerability Scanning and Remediation - PowerPoint PPT Presentation


  • 489 Views
  • Uploaded on

UC Davis Vulnerability Scanning and Remediation. 2005 Larry Sautter Award UC Davis, Information and Education Technology. UC Davis Vulnerability Scanning and Remediation. Project description and background Project Objectives Protecting the campus network Scalable technology Education

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'UC Davis Vulnerability Scanning and Remediation' - Sharon_Dale


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
uc davis vulnerability scanning and remediation

UC Davis Vulnerability Scanning and Remediation

2005 Larry Sautter Award

UC Davis, Information and Education Technology

uc davis vulnerability scanning and remediation2
UC Davis Vulnerability Scanning and Remediation
  • Project description and background
  • Project Objectives
  • Protecting the campus network
  • Scalable technology
  • Education
  • Questions
project description
Project Description

A proactive approach to reducing threats to computing resources and enhancing the protection of university electronic information.

project objectives
Project Objectives
  • Protect the integrity of the campus computing environment
  • Provide a cost-effective solution for vulnerability scanning and remediation
  • Develop a scalable system
  • Educate campus computer users, support staff and system administrators
timeline
Timeline
  • September 2003
    • Temporary scanning system deployed to detect RPC vulnerabilities
  • October 2003
    • Reduction in vulnerable and/or infected systems on campus network from more than 700 to fewer than 40 in four weeksMay 2004
    • Planning for a permanent vulnerability scanning system was initiated
  • September 2004
    • Computer Vulnerability Scanning Policy adopted by Campus
    • Rebuilding/redeployment of the campus vulnerability scanning system components
    • Threat analysis subscription begins
    • Database upgrades made
  • January 2005
    • Honeypot integrated into permanent scanning system
  • June 2005
    • Intrusion detection system (IDS) integrated into vulnerability scanning system
  • July 2005
    • Campus vulnerability scanning system is in full production mode
computer vulnerability scanning policy
Computer Vulnerability Scanning Policy
  • All computers, servers, and other electronic devices connected to the campus network shall be kept free of critical security vulnerabilities.
  • Individuals whose computers present critical security vulnerabilities must correct those vulnerabilities in a timely manner before connecting to the campus network.
  • Computers found to contain critical security vulnerabilities that threaten the integrity or performance of campus network will be denied access to campus computing resources, and may be disconnected from the campus network to prevent further dissemination of infectious or malicious network activity.
vulnerability assessment mechanisms
Vulnerability Assessment Mechanisms
  • Nessus (scanlite perl module) is used to scan campus systems daily for 1-3 vulnerabilities
  • Nessus is used to identify compromised systems during web-based authentication
  • Labrea (honeypot) is used to identify malicious network traffic on an unannounced network segment
  • Bro (IDS) identifies malicious network traffic. Bro can use the snort rule set.
vulnerability assessment database
Vulnerability Assessment Database
  • IP Address
  • Date
  • Type (honeypot, scan, IDS)
  • MAC address
  • Username
input sources
Input Sources
  • VLAN assignments (What IPs shall we scan?)
  • VLAN technical contact (Who do we contact if there is a problem?)
  • ARP table records (What MAC address is associated with a particular IP?)
  • MAC address ownership (Who registered a particular MAC address?)
  • Web authentication (What IP is attempting to authenticate to a UCD web site?)
  • Threat selection (What threats represent highest risk to campus?)
  • Web/Daily Scan Capability (What Nessus security plug-ins are available?)
faculty staff and students
Faculty, Staff and Students
  • Formal discussions with senior campus administrators and advisory groups
  • Email alerts/announcements
  • Print and Web publications
  • Posters and Flyers
  • Self-initiated scans
  • Scan results pages
technical staff
Technical Staff
  • Formal discussions
  • Computer & Network Security Report (secalert.ucdavis.edu)
  • Email notifications
  • “Top Ten” graphs
lessons learned and next steps
Lessons Learned and Next Steps
  • Nessus limitations
  • Reliance on campus unit system administrators
  • Enhance integration with Remedy trouble-ticketing system
  • Product integration via database is not readily available
ad