sirt contact orientation l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
SIRT Contact Orientation PowerPoint Presentation
Download Presentation
SIRT Contact Orientation

Loading in 2 Seconds...

play fullscreen
1 / 30

SIRT Contact Orientation - PowerPoint PPT Presentation


  • 400 Views
  • Uploaded on

SIRT Contact Orientation Security Incident Response Team Departmental Security Contacts April 16, 2004 Why Are We Here? Introductions The SIRT and you Compromise recovery procedure Current security issues Resources Future events Free refreshments Introductions

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

SIRT Contact Orientation


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
sirt contact orientation

SIRT Contact Orientation

Security Incident Response Team

Departmental Security Contacts

April 16, 2004

why are we here
Why Are We Here?
  • Introductions
  • The SIRT and you
  • Compromise recovery procedure
  • Current security issues
  • Resources
  • Future events
  • Free refreshments

SIRT Departmental Security Contact Orientation

introductions
Introductions
  • Dr. Elizabeth Unger, VPAST
  • Security Incident Response Team
    • And their alternates
    • Representatives from all academic colleges and major administrative units
  • Departmental contacts
    • When this is all over, introduce yourself to your SIRT representatives

SIRT Departmental Security Contact Orientation

the sirt and you
The SIRT And You
  • SIRT History
    • March 2003: IT Security SWAT team chaired by Roger Terry recommends formation of SIRT
    • Summer 2003: Interim SIRT formed
    • September 2003: Permanent SIRT formed
      • Representatives from all colleges and major administrative units
      • 0.3 time spent on SIRT activities

SIRT Departmental Security Contact Orientation

the sirt and you5
The SIRT And You
  • SIRT’s charge (reactive/proactive/advisory):
    • Coordinated security incident response
    • Alerts to new vulnerabilities and attacks
    • Implement/coordinate preventative security measures
    • Security awareness and best practice training
    • Advise on secure design of apps, systems, networks
    • Host an annual security workshop

SIRT Departmental Security Contact Orientation

the sirt and you6
The SIRT And You
  • SIRT is:
    • Coordinate rapid incident response for campus
    • Advise on security best practices
    • Communication channel
  • SIRT is NOT:
    • A policy body (that’s IRMC)
    • IT police
    • Additional technical support for your department

SIRT Departmental Security Contact Orientation

the sirt and you7
The SIRT And You
  • Role of Departmental Security Contact (and your local IT support people):
    • Respond to incidents in your unit
    • Repair compromised systems
    • Implement preventative measures
    • Alert your SIRT rep. about unusual activities
    • Enforce policies at the local level
    • Educate your users on security best practices
    • Pass along security information to your unit

SIRT Departmental Security Contact Orientation

the sirt and you8
The SIRT And You
  • The goal is for you, your users, the SIRT, and central IT services to work together to protect K-State’s information and technology resources.

SIRT Departmental Security Contact Orientation

compromise recovery procedure
Compromise Recovery Procedure
  • A compromised host is detected
    • By IDS, network monitoring, or abuse report
  • The host is blocked
    • Usually by CNS with a router filter
    • Sometimes you’ll pull the plug

SIRT Departmental Security Contact Orientation

procedure cont
Procedure, Cont.
  • The departmental contact is notified
    • That’s you
    • Via email to SIRT-CONTACTS
      • So you need to watch this email list
    • See also Blocked Hosts web page
  • You notify the affected user

SIRT Departmental Security Contact Orientation

procedure cont11
Procedure, Cont.
  • You arrange for the host to be cleaned up
    • Try to find out what caused the compromise
    • Recovery may mean reformat / reinstall
  • You contact your SIRT representative to have the host unblocked
    • Or their alternate, if they’re unavailable
  • Your SIRT rep contacts CNS

SIRT Departmental Security Contact Orientation

current security issues
Current Security Issues
  • Network-based worms
  • E-mail viruses and worms
  • Accounts without good password
  • Poor patch management
  • Insecure servers

SIRT Departmental Security Contact Orientation

problem network based worms
Problem: Network-based Worms
  • Currently our biggest issue
    • Navpaw, Gaobot
  • No user interaction necessary
  • Exploiting security vulnerabilities
  • Exploiting Windows accounts without good password
  • Leaving behind back doors

SIRT Departmental Security Contact Orientation

network based worms solutions
Network-based Worms: Solutions
  • Patch, patch, patch
  • Symantec Antivirus with daily updates
  • Good passwords on Windows accounts
  • Network vulnerability scans

SIRT Departmental Security Contact Orientation

problem e mail viruses and worms malware
Problem: E-mail Viruses And Worms (“Malware”)
  • ‘Zero-Day’, fast propagation
  • Smarter social engineering
  • Leaving behind back doors
  • Cleanup is costly and painful

SIRT Departmental Security Contact Orientation

e mail viruses and worms solutions
E-mail Viruses And Worms: Solutions
  • New version of Symantec is anomaly-based as well as signature-based
  • Symantec Antivirus with daily updates
  • Coming soon to central e-mail: real anti-virus filtering
  • Managed antivirus installations
  • Users are learning to be careful

SIRT Departmental Security Contact Orientation

problem accounts without good password
Problem: Accounts Without Good Password
  • Network-based worms are exploiting Windows accounts with no or weak password
  • Hackers can do the same thing

SIRT Departmental Security Contact Orientation

accounts without good password solutions
Accounts Without Good Password: Solutions
  • All Windows accounts should be disabled or have a good password
  • Future versions of Windows should enforce this
  • Network scans (by the White Hats)

SIRT Departmental Security Contact Orientation

problem poor patch management
Problem: Poor Patch Management
  • Applications as well as OS
  • New Microsoft Update critical patches released this week
    • Did you know that?
    • Were they applied to your computers?

SIRT Departmental Security Contact Orientation

poor patch management solutions
Poor Patch Management: Solutions
  • Windows Software Update Services
  • Automatic Updates
  • Phase out older OS versions

SIRT Departmental Security Contact Orientation

problem insecure servers
Problem: Insecure Servers
  • MS/SQL Blaster
  • IIS
  • Open SMTP relays
  • UNIX / Linux / Mac OS/X
  • A server on every desktop
    • Which are legitimate?

SIRT Departmental Security Contact Orientation

insecure servers solutions
Insecure Servers: Solutions
  • Minimal OS install
  • Turn off unneeded servers
  • Windows 2003 gets this right
  • Regular port scans to detect new servers
  • Firewall the campus

SIRT Departmental Security Contact Orientation

problem lack of security awareness
Problem: Lack Of Security Awareness

SIRT Departmental Security Contact Orientation

solution you
Solution: You

SIRT Departmental Security Contact Orientation

resources
Resources
  • SIRT / Security web site
  • Your SIRT representative
  • Your peers
  • Central IT
  • Training

SIRT Departmental Security Contact Orientation

sirt web site
SIRT Web Site
  • http://www.ksu.edu/InfoTech/security/SIRT
    • Blocked hosts
    • Departmental security contact list
    • SIRT representative and backup list
    • Work in progress

SIRT Departmental Security Contact Orientation

training
Training
  • CNS TSC Incident Remediation training in May
  • All-day training planned for Tuesday, June 29 in Union Little Theatre
    • You really really should attend. Refreshments!
  • Microsoft security training planned for June
  • More in the future, probably semi-annually

SIRT Departmental Security Contact Orientation

the future
The Future
  • Regular network scans of connected devices
    • Identify new hosts
    • Identify new services (open ports)
    • Vulnerability scans
  • Server registration
  • IDS, ADS
  • Firewalls

SIRT Departmental Security Contact Orientation

questions
Questions?

SIRT Departmental Security Contact Orientation

thanks for coming

Thanks For Coming!

Remember to introduce yourself to your SIRT representative