http:// university of missouri system 1 security – defending your customers from themselves...
TRANSCRIPT
1
http://www.more.net
University of Missouri System
Security – Defending your Customers from Themselves
StateNets Annual MeetingFebruary, 2004
2
Security, what do we do?
• What do we do to protect ourselves?• What do we do to protect our
customers?• What do we do to our customers?• If this is where we are today, where
should we be tomorrow?
3
What do we do to protect ourselves?
• Physical security• Backup and TEST RESTORES!• Internal awareness
– Monitor most appropriate lists– Membership in security organizations
• Configuration control– Protected circuits– Tripwire OS and configuration files– Evaluate and Patch OS– Change control
4
What do we do to protect ourselves?
• Limit access– Size-appropriate connections – limit DoS,
DDoS participation– Require SSH for shell accounts– Radius authentication/access logs– Disable unused services– Packet filtering software firewalls– Enforce complex, limited-life passwords
5
What do we do to protect ourselves?
• Monitor and Maintain– Intrusion detection for core systems– Network scanners– READ THE LOGS! Logcheck– Follow-up
6
What do we do to protect ourselves?
• Disaster Recovery/Risk Profile– Carrier-class or Enterprise-class equipment– Vendor maintenance – understand ”Acts of
God” clauses– Document recovery
procedures/responsibilities– Sponsor/Bill Payers understand and accept
risks
7
What do we do for our customers?
• Managed services – web and mail hosting• Virus filtering for managed mail services• Spam filtering for managed mail services• Remote Vulnerability Assessment• Awareness/Education
– Formal training
• Customer advisories
8
What do we do for our customers?
• Incidence Response• Monitored endpoints at customer edge
– Proactive connectivity and performance monitoring
– Reactive security monitoring
• Provide customer network tools– Netflow – MRTG– NetHealth– “looking glass” utilities
9
What do we do to our customers?
• Acceptable Use Policy– “reasonable efforts”
• Access lists– Block offending servers, connection– Block outside attacks
• “Open Relay” Scans
10
If this is where we are today, where do think we should be tomorrow?
• Proactive security measures– Better intrusion detection, automatic
notification• Security policy
– Require desktop virus scanning• Central security services –
– Cross institution authentication
11
If this is where we are today, where do think we should be tomorrow?
• Customer Services– Security Operations Center – Enhanced Advisory Services (awareness of new
developments before formal public advisories, enhanced information sharing)
– Managed Firewall Service– Managed Intrusion Detection – Managed Event Response– On-site vulnerability/audit services
12
MOREnet Security Link
• http://www.more.net/security/index.html