1 / 12

University of Maryland I.T. Security

University of Maryland I.T. Security. Gerry Sneeringer IT Security Officer Sneeri@umd.edu. Slides Online. http://nts.umd.edu/~sneeri/6dec02.ppt. Information Technology Security Officer. Develop University Security Architecture Lead Incident Handling Efforts Develop User Education Program

gray-boone
Download Presentation

University of Maryland I.T. Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. University of MarylandI.T. Security Gerry Sneeringer IT Security Officer Sneeri@umd.edu

  2. Slides Online http://nts.umd.edu/~sneeri/6dec02.ppt

  3. Information Technology Security Officer • Develop University Security Architecture • Lead Incident Handling Efforts • Develop User Education Program • .

  4. University Environment • Major administrative and business systems ($1 Billion enterprise) • 30,000 research and administration computers (hundreds of system managers) • 11,000 networked residential students • 12,500 remote access users • Wireless access • .

  5. Vulnerabilities • Discovery of new weaknesses in common software • Poorly maintained computers • Human Nature • Poor Passwords • Accepting strange attachments • Operating dangerous software • .

  6. Current Threats • Computer Viruses/Worms • Script Kiddies • Media Pirates • Denial of Service • .

  7. Security Architecture • Three Objectives • PROTECT • DETECT • INFORM • .

  8. PROTECT • Deployment of Multiple Layers of Firewall • Campus Borders • Individual Networks • Individual Computers • Distribution of Anti-Virus Software • On all computers • On campus mail server • Virtual Private Networks • .

  9. DETECT • Deployment of several layers of Intrusion Detection Systems • Watch traffic entering/exiting University • Watch traffic between segments within University • Host based software to detect unauthorized changes • .

  10. DETECT - II • Systemic use of vulnerability scanning software. • Monitor bandwidth trends • .

  11. INFORM • User Education Programs • Project NEThics (www.umd.edu/nethics) • Forums for System Administrators • Forums for computer users • Web Pages • .

  12. Additional URLs • Intrusion Detection System: • www.snort.org • Vulnerability Scanning • www.nessus.org

More Related