OAAIS Enterprise Information Security

1
UCSF Security Tools

• Sean Schluntz
• April 10, 2007

2
Outcomes

• Identify Information Security tools available at
  UCSF
• Describe how these tools are being used at UCSF
• Describe how you can and should be using these
  tools

3
SituationMalware

• Malicious Software or software designed to
  infiltrate or modify a computer system without
  the owners informed consent

• Viruses
• Trojans
• Worms

• Spyware
• Adware

4
What is UCSF doing about it?

• Providing free Anti-virus and Anti-Spyware
  software to the Campus Community
• Even at home!
• Training on the use of the software and best
  practices

5
Sophos Anti-Virus

• Available for Windows 2000, XP, 2003, Vista (32
  and 64bit), MacOS x 10.2 Linux, Solaris,
  FreeBSD, AIX and Novell.
• Windows and MacOS X versions are centrally
  managed
• Most versions receive updates from UCSF first,
  and then Sophos if needed

6
What do you need to do?Know if Sophos is Running

• Happy Sophos
• Unhappy Sophos
• Grey means on access scanning is inactive
• Green bar scrolling means updating
• No icon means off

7
Why Could Sophos be Unhappy

• The red X will appear if there is a problem with
  downloading an update
• The red X will appear if it has been to long
  since it talked to the console (Windows and MacOS
  X only)

8
What do you need to do?Know if Spysweeper is
running

• Happy Spysweeper
• There is no icon for unhappy Spysweeper, it just
  goes away!
• You have to look to make sure it is there.

9
What do you need to do?(whats your
responsibility)

• Do not turn the software off or uninstall it
• you never know when you will need it
• Keep an eye on the task bar
• Is the software running?

10
SituationNetwork Attacks

• It only takes minutes, at time only seconds, for
  a computer to be attacked and compromised on a
  public network (like UCSF)

11
What is UCSF doing about it?

• Providing a free software based firewall and
  intrusion prevention software package called
  Sygate
• It acts as a firewall blocking some types of
  traffic
• It also recognizes thousands of forms of attacks
  and will block them as they are happening

12
What do you need to do?Know what Sygate is doing.

• Passing Traffic
• Idle
• Blocking Traffic
• Blocking Attack

13
There is a Lot of GoodInformation In Sygate

• Sygate watches all of the applications on your
  computer that communicate with the network
• It has statistics on network usage and attacks

14
What do you need to do?(whats your
responsibility)

• Do not turn the software off or uninstall it
• You need it any time you are connected to a
  network, or have your wireless network card
  turned on.
• If you think it is causing a problem just right
  click on the icon and select Disable Sygate
  Security Agent, it will allow everything for 10
  minutes and then start blocking again.
• Keep an eye on the task bar
• Is the software running?

15
SituationRemotely Connecting to UCSF

• Do you need to access a resource that is only
  available to computers on the UCSF network?
• Are you somewhere you cant trust your network
  neighbors?
• Any wireless network, even the one at your home!

16
What is UCSF doing about it?

• Providing a free and easy VPN service
• https//vpn.ucsf.edu

17
What do you need to do?(whats your
responsibility)

• Use the VPN to access non-public Campus resources
• Use the VPN to access data which needs to be
  protected
• Use the VPN even if you dont have to
• Do you really want your password going over the
  air?

18
How do you use it?

• The SSL VPN is like three different VPN systems
  with one interface
• Quick Proxy for Web and File Access as well as
  Host Connectivity
• Full Client Enabled VPN (Like the Nortel)
• Advanced Port Based Tunneling Engine

19
Additional information / resources

• Sophos
• http//its.ucsf.edu/information/software/license/s
  ophos/
• http//www.sophos.com
• Spy Sweeper
• http//its.ucsf.edu/information/software/license/s
  pysweeper/
• http//www.webroot.com
• Juniper SSL VPN
• http//its.ucsf.edu/information/network/vpn/ssl/