![Page 1: OUHSC Information Security Update IT, Information Security Services Randy Moore Mike Waller Nathan Gibson Greg Bostic IT, Information Security Services](https://reader034.vdocuments.us/reader034/viewer/2022052603/56649ddd5503460f94ad554a/html5/thumbnails/1.jpg)
OUHSC Information Security UpdateOUHSC Information Security Update
IT, Information Security Services
Randy Moore
Mike Waller
Nathan Gibson
Greg Bostic
IT, Information Security Services
Randy Moore
Mike Waller
Nathan Gibson
Greg Bostic
![Page 2: OUHSC Information Security Update IT, Information Security Services Randy Moore Mike Waller Nathan Gibson Greg Bostic IT, Information Security Services](https://reader034.vdocuments.us/reader034/viewer/2022052603/56649ddd5503460f94ad554a/html5/thumbnails/2.jpg)
Security Project Update (the three Ps)Security Project Update (the three Ps)
• Policy baseline completed– See http://it.ouhsc.edu/policies/
• Perimeter firewall management project complete– All externally accessible servers registered in db– Firewall rules updated with db– Servers scanned and vulnerabilities mitigated– https://www.ouhsc.edu/acl/admin23/allacl.cfm
• Private IPs for hosts on new network
• Policy baseline completed– See http://it.ouhsc.edu/policies/
• Perimeter firewall management project complete– All externally accessible servers registered in db– Firewall rules updated with db– Servers scanned and vulnerabilities mitigated– https://www.ouhsc.edu/acl/admin23/allacl.cfm
• Private IPs for hosts on new network
![Page 3: OUHSC Information Security Update IT, Information Security Services Randy Moore Mike Waller Nathan Gibson Greg Bostic IT, Information Security Services](https://reader034.vdocuments.us/reader034/viewer/2022052603/56649ddd5503460f94ad554a/html5/thumbnails/3.jpg)
Security Personnel UpdateSecurity Personnel Update
• Kenneth Reed: moved to Engineering• Nathan Gibson: moving on risk assessments• Mike Waller is moving on to Charlotte• Greg Bostic is moving into security
• Kenneth Reed: moved to Engineering• Nathan Gibson: moving on risk assessments• Mike Waller is moving on to Charlotte• Greg Bostic is moving into security
![Page 4: OUHSC Information Security Update IT, Information Security Services Randy Moore Mike Waller Nathan Gibson Greg Bostic IT, Information Security Services](https://reader034.vdocuments.us/reader034/viewer/2022052603/56649ddd5503460f94ad554a/html5/thumbnails/4.jpg)
New ProjectsNew Projects
• Payment Card Industry Data Security Standard• Risk Assessments• Security policy implementation• Active Directory Baseline Security Configuration
• Payment Card Industry Data Security Standard• Risk Assessments• Security policy implementation• Active Directory Baseline Security Configuration
![Page 5: OUHSC Information Security Update IT, Information Security Services Randy Moore Mike Waller Nathan Gibson Greg Bostic IT, Information Security Services](https://reader034.vdocuments.us/reader034/viewer/2022052603/56649ddd5503460f94ad554a/html5/thumbnails/5.jpg)
OUHSC Group Policy ObjectsOUHSC Group Policy Objects
![Page 6: OUHSC Information Security Update IT, Information Security Services Randy Moore Mike Waller Nathan Gibson Greg Bostic IT, Information Security Services](https://reader034.vdocuments.us/reader034/viewer/2022052603/56649ddd5503460f94ad554a/html5/thumbnails/6.jpg)
PurposePurpose
• Compliance• Security• Ease administrative overhead• High level Polices Only• Tier 1s can still apply organizational preferred
settings• User “buy-in”
• Compliance• Security• Ease administrative overhead• High level Polices Only• Tier 1s can still apply organizational preferred
settings• User “buy-in”
![Page 7: OUHSC Information Security Update IT, Information Security Services Randy Moore Mike Waller Nathan Gibson Greg Bostic IT, Information Security Services](https://reader034.vdocuments.us/reader034/viewer/2022052603/56649ddd5503460f94ad554a/html5/thumbnails/7.jpg)
Time LineTime Line
• 4 Week Implementation Life Cycle– Week 1: IT will create and test the AD GP settings.– Week 2-4: Tier 1s will apply and test each GP to their
respective AD Organizational Unit (OU) and present feedback to IT. For settings that present a change for their end-users Tier 1’s should communicate those changes in advance to their user community. IT will assist in developing appropriate communications.
– Week 5: IT will evaluate any feedback given and make necessary modification before applying the settings at the campus wide level.
• 4 Week Implementation Life Cycle– Week 1: IT will create and test the AD GP settings.– Week 2-4: Tier 1s will apply and test each GP to their
respective AD Organizational Unit (OU) and present feedback to IT. For settings that present a change for their end-users Tier 1’s should communicate those changes in advance to their user community. IT will assist in developing appropriate communications.
– Week 5: IT will evaluate any feedback given and make necessary modification before applying the settings at the campus wide level.
![Page 8: OUHSC Information Security Update IT, Information Security Services Randy Moore Mike Waller Nathan Gibson Greg Bostic IT, Information Security Services](https://reader034.vdocuments.us/reader034/viewer/2022052603/56649ddd5503460f94ad554a/html5/thumbnails/8.jpg)
Time Line(cont)Time Line(cont)
• 20 Settings– Will be separate into 4 separate groups containing at most 3
sets of related settings to limit impact.
Example:
• 20 Settings– Will be separate into 4 separate groups containing at most 3
sets of related settings to limit impact.
Example:
![Page 9: OUHSC Information Security Update IT, Information Security Services Randy Moore Mike Waller Nathan Gibson Greg Bostic IT, Information Security Services](https://reader034.vdocuments.us/reader034/viewer/2022052603/56649ddd5503460f94ad554a/html5/thumbnails/9.jpg)
Time Line (cont)Time Line (cont)
Group 1:Setting 1: - – Network access: Allow anonymous SID/Name translation – Disabled– Network access: Do not allow anonymous enumeration of SAM
accounts – Enabled– Network access: Do not allow anonymous enumeration of SAM
accounts and shares –Enabled– Network access: Let Everyone permissions apply to anonymous users – Disabled
Setting 2 : – Add workstations to domain (Added Groups: OUHSC\Domain Admins, OUHSC\Computer-
Account-Creators)
Setting 3:– Turn on the auto-complete feature for user names and passwords on forms – DISABLED
Group 1:Setting 1: - – Network access: Allow anonymous SID/Name translation – Disabled– Network access: Do not allow anonymous enumeration of SAM
accounts – Enabled– Network access: Do not allow anonymous enumeration of SAM
accounts and shares –Enabled– Network access: Let Everyone permissions apply to anonymous users – Disabled
Setting 2 : – Add workstations to domain (Added Groups: OUHSC\Domain Admins, OUHSC\Computer-
Account-Creators)
Setting 3:– Turn on the auto-complete feature for user names and passwords on forms – DISABLED
![Page 10: OUHSC Information Security Update IT, Information Security Services Randy Moore Mike Waller Nathan Gibson Greg Bostic IT, Information Security Services](https://reader034.vdocuments.us/reader034/viewer/2022052603/56649ddd5503460f94ad554a/html5/thumbnails/10.jpg)
IT ResponsibilitiesIT Responsibilities
• Create GPOs and configure settings• Assist Tier 1s in communicating GPO results to users• Receive feedback from Tier 1s and assist in resolving
problems• Apply GPO settings at the Domain level after testing
phase
• Create GPOs and configure settings• Assist Tier 1s in communicating GPO results to users• Receive feedback from Tier 1s and assist in resolving
problems• Apply GPO settings at the Domain level after testing
phase
![Page 11: OUHSC Information Security Update IT, Information Security Services Randy Moore Mike Waller Nathan Gibson Greg Bostic IT, Information Security Services](https://reader034.vdocuments.us/reader034/viewer/2022052603/56649ddd5503460f94ad554a/html5/thumbnails/11.jpg)
Tier 1 ResponsibilitiesTier 1 Responsibilities
• Advise Users• Apply GPOs to Active Directory Organization Units• Give feedback to IT-OPS and IT-ISS
• Advise Users• Apply GPOs to Active Directory Organization Units• Give feedback to IT-OPS and IT-ISS
![Page 12: OUHSC Information Security Update IT, Information Security Services Randy Moore Mike Waller Nathan Gibson Greg Bostic IT, Information Security Services](https://reader034.vdocuments.us/reader034/viewer/2022052603/56649ddd5503460f94ad554a/html5/thumbnails/12.jpg)
GPO ReviewGPO Review
• Group Policy Objects:1. Allows you to configure baseline settings to ensure all
resources have them same settings
2. Ease the administrative overhead in applying and modifying end user device and servers.
3. “One-Stop-Shop” for demonstrating policy compliance
• Group Policy Objects:1. Allows you to configure baseline settings to ensure all
resources have them same settings
2. Ease the administrative overhead in applying and modifying end user device and servers.
3. “One-Stop-Shop” for demonstrating policy compliance
![Page 13: OUHSC Information Security Update IT, Information Security Services Randy Moore Mike Waller Nathan Gibson Greg Bostic IT, Information Security Services](https://reader034.vdocuments.us/reader034/viewer/2022052603/56649ddd5503460f94ad554a/html5/thumbnails/13.jpg)
GPO Review (cont) GPO Review (cont)
• Applying Group Policy Objects1. Use MS built in Group Policy Management Console
(gpmc.msc)1. Start > Run > gpmc.msc
• Applying Group Policy Objects1. Use MS built in Group Policy Management Console
(gpmc.msc)1. Start > Run > gpmc.msc
![Page 14: OUHSC Information Security Update IT, Information Security Services Randy Moore Mike Waller Nathan Gibson Greg Bostic IT, Information Security Services](https://reader034.vdocuments.us/reader034/viewer/2022052603/56649ddd5503460f94ad554a/html5/thumbnails/14.jpg)
![Page 15: OUHSC Information Security Update IT, Information Security Services Randy Moore Mike Waller Nathan Gibson Greg Bostic IT, Information Security Services](https://reader034.vdocuments.us/reader034/viewer/2022052603/56649ddd5503460f94ad554a/html5/thumbnails/15.jpg)
GPO Review (cont)GPO Review (cont)
• Applying Group Policy Objects
1. Use MS built in Group Policy Management Console (gpmc.msc)
a. Start > Run > gpmc.msc
2. Apply GPOs to your Workstations OU.
• Applying Group Policy Objects
1. Use MS built in Group Policy Management Console (gpmc.msc)
a. Start > Run > gpmc.msc
2. Apply GPOs to your Workstations OU.
![Page 16: OUHSC Information Security Update IT, Information Security Services Randy Moore Mike Waller Nathan Gibson Greg Bostic IT, Information Security Services](https://reader034.vdocuments.us/reader034/viewer/2022052603/56649ddd5503460f94ad554a/html5/thumbnails/16.jpg)
GPO Review (cont)GPO Review (cont)
• Applying Group Policy Objects
1. Use MS built in Group Policy Management Console (gpmc.msc)
a. Start > Run > gpmc.msc
2. Apply GPOs to your Workstations OU
3. To apply the GPOs you right click on your OU and choose “Link an existing GPO”
• Applying Group Policy Objects
1. Use MS built in Group Policy Management Console (gpmc.msc)
a. Start > Run > gpmc.msc
2. Apply GPOs to your Workstations OU
3. To apply the GPOs you right click on your OU and choose “Link an existing GPO”
![Page 17: OUHSC Information Security Update IT, Information Security Services Randy Moore Mike Waller Nathan Gibson Greg Bostic IT, Information Security Services](https://reader034.vdocuments.us/reader034/viewer/2022052603/56649ddd5503460f94ad554a/html5/thumbnails/17.jpg)
![Page 18: OUHSC Information Security Update IT, Information Security Services Randy Moore Mike Waller Nathan Gibson Greg Bostic IT, Information Security Services](https://reader034.vdocuments.us/reader034/viewer/2022052603/56649ddd5503460f94ad554a/html5/thumbnails/18.jpg)
GPO Review (cont)GPO Review (cont)
• Applying Group Policy Objects
1. Use MS built in Group Policy Management Console (gpmc.msc)
a. Start > Run > gpmc.msc
2. Apply GPOs to your Workstations OU
3. To apply the GPOs you right click on your OU and choose “Link an existing GPO”
4. All GPOs that are in this project will have a common naming convention
• Applying Group Policy Objects
1. Use MS built in Group Policy Management Console (gpmc.msc)
a. Start > Run > gpmc.msc
2. Apply GPOs to your Workstations OU
3. To apply the GPOs you right click on your OU and choose “Link an existing GPO”
4. All GPOs that are in this project will have a common naming convention
![Page 19: OUHSC Information Security Update IT, Information Security Services Randy Moore Mike Waller Nathan Gibson Greg Bostic IT, Information Security Services](https://reader034.vdocuments.us/reader034/viewer/2022052603/56649ddd5503460f94ad554a/html5/thumbnails/19.jpg)
![Page 20: OUHSC Information Security Update IT, Information Security Services Randy Moore Mike Waller Nathan Gibson Greg Bostic IT, Information Security Services](https://reader034.vdocuments.us/reader034/viewer/2022052603/56649ddd5503460f94ad554a/html5/thumbnails/20.jpg)
GPO Review (cont)GPO Review (cont)
• Applying Group Policy Objects
4. All GPOs that are in this project will have a common naming convention
5. Choose the GPO you would like to link and repeat the steps 2- 5 for each GPO you would like to apply there
after.
• Applying Group Policy Objects
4. All GPOs that are in this project will have a common naming convention
5. Choose the GPO you would like to link and repeat the steps 2- 5 for each GPO you would like to apply there
after.
![Page 21: OUHSC Information Security Update IT, Information Security Services Randy Moore Mike Waller Nathan Gibson Greg Bostic IT, Information Security Services](https://reader034.vdocuments.us/reader034/viewer/2022052603/56649ddd5503460f94ad554a/html5/thumbnails/21.jpg)
House Cleaning HelpHouse Cleaning Help
• Clean up Computers OU• Standardize GPO naming scheme
– HSC-Dept-XXXX– Delete Old GPOs– Combine GPOs If possible– Remove GPOs with settings applies at higher lever
• Clean up Computers OU• Standardize GPO naming scheme
– HSC-Dept-XXXX– Delete Old GPOs– Combine GPOs If possible– Remove GPOs with settings applies at higher lever
![Page 22: OUHSC Information Security Update IT, Information Security Services Randy Moore Mike Waller Nathan Gibson Greg Bostic IT, Information Security Services](https://reader034.vdocuments.us/reader034/viewer/2022052603/56649ddd5503460f94ad554a/html5/thumbnails/22.jpg)
House Cleaning Help (cont)House Cleaning Help (cont)
![Page 23: OUHSC Information Security Update IT, Information Security Services Randy Moore Mike Waller Nathan Gibson Greg Bostic IT, Information Security Services](https://reader034.vdocuments.us/reader034/viewer/2022052603/56649ddd5503460f94ad554a/html5/thumbnails/23.jpg)
![Page 24: OUHSC Information Security Update IT, Information Security Services Randy Moore Mike Waller Nathan Gibson Greg Bostic IT, Information Security Services](https://reader034.vdocuments.us/reader034/viewer/2022052603/56649ddd5503460f94ad554a/html5/thumbnails/24.jpg)
Let’s TalkLet’s Talk
Questions & Concerns
???