Download
uc davis vulnerability scanning and remediation n.
Skip this Video
Loading SlideShow in 5 Seconds..
UC Davis Vulnerability Scanning and Remediation PowerPoint Presentation
Download Presentation
UC Davis Vulnerability Scanning and Remediation

UC Davis Vulnerability Scanning and Remediation

510 Views Download Presentation
Download Presentation

UC Davis Vulnerability Scanning and Remediation

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. UC Davis Vulnerability Scanning and Remediation 2005 Larry Sautter Award UC Davis, Information and Education Technology

  2. UC Davis Vulnerability Scanning and Remediation • Project description and background • Project Objectives • Protecting the campus network • Scalable technology • Education • Questions

  3. Project Description A proactive approach to reducing threats to computing resources and enhancing the protection of university electronic information.

  4. Project Objectives • Protect the integrity of the campus computing environment • Provide a cost-effective solution for vulnerability scanning and remediation • Develop a scalable system • Educate campus computer users, support staff and system administrators

  5. Timeline • September 2003 • Temporary scanning system deployed to detect RPC vulnerabilities • October 2003 • Reduction in vulnerable and/or infected systems on campus network from more than 700 to fewer than 40 in four weeksMay 2004 • Planning for a permanent vulnerability scanning system was initiated • September 2004 • Computer Vulnerability Scanning Policy adopted by Campus • Rebuilding/redeployment of the campus vulnerability scanning system components • Threat analysis subscription begins • Database upgrades made • January 2005 • Honeypot integrated into permanent scanning system • June 2005 • Intrusion detection system (IDS) integrated into vulnerability scanning system • July 2005 • Campus vulnerability scanning system is in full production mode

  6. Computer Vulnerability Scanning Policy • All computers, servers, and other electronic devices connected to the campus network shall be kept free of critical security vulnerabilities. • Individuals whose computers present critical security vulnerabilities must correct those vulnerabilities in a timely manner before connecting to the campus network. • Computers found to contain critical security vulnerabilities that threaten the integrity or performance of campus network will be denied access to campus computing resources, and may be disconnected from the campus network to prevent further dissemination of infectious or malicious network activity.

  7. Protecting the Campus Network

  8. Vulnerability Assessment Mechanisms • Nessus (scanlite perl module) is used to scan campus systems daily for 1-3 vulnerabilities • Nessus is used to identify compromised systems during web-based authentication • Labrea (honeypot) is used to identify malicious network traffic on an unannounced network segment • Bro (IDS) identifies malicious network traffic. Bro can use the snort rule set.

  9. Vulnerability Assessment Database • IP Address • Date • Type (honeypot, scan, IDS) • MAC address • Username

  10. Input Sources • VLAN assignments (What IPs shall we scan?) • VLAN technical contact (Who do we contact if there is a problem?) • ARP table records (What MAC address is associated with a particular IP?) • MAC address ownership (Who registered a particular MAC address?) • Web authentication (What IP is attempting to authenticate to a UCD web site?) • Threat selection (What threats represent highest risk to campus?) • Web/Daily Scan Capability (What Nessus security plug-ins are available?)

  11. Scalable Technology

  12. Educating the Campus Community

  13. Faculty, Staff and Students • Formal discussions with senior campus administrators and advisory groups • Email alerts/announcements • Print and Web publications • Posters and Flyers • Self-initiated scans • Scan results pages

  14. http://selfscan.ucdavis.edu

  15. Technical Staff • Formal discussions • Computer & Network Security Report (secalert.ucdavis.edu) • Email notifications • “Top Ten” graphs

  16. http://secalert.ucdavis.edu

  17. http://secalert.ucdavis.edu

  18. http://secalert.ucdavis.edu/ids

  19. http://secalert.ucdavis.edu/ids

  20. Lessons Learned and Next Steps • Nessus limitations • Reliance on campus unit system administrators • Enhance integration with Remedy trouble-ticketing system • Product integration via database is not readily available

  21. Questions

  22. Contact Information • Robert Ono, raono@ucdavis.edu