UC Davis Vulnerability Scanning and Remediation - PowerPoint PPT Presentation

1 / 23
About This Presentation
Title:

UC Davis Vulnerability Scanning and Remediation

Description:

VLAN assignments (What IPs shall we scan? ... Self-initiated scans. Scan results pages. http://selfscan.ucdavis.edu. Technical Staff ... – PowerPoint PPT presentation

Number of Views:65
Avg rating:3.0/5.0
Slides: 24
Provided by: doreen5
Learn more at: http://uccsc.ucr.edu
Category:

less

Transcript and Presenter's Notes

Title: UC Davis Vulnerability Scanning and Remediation


1
UC Davis Vulnerability Scanning and Remediation
  • 2005 Larry Sautter Award
  • UC Davis, Information and Education Technology

2
UC Davis Vulnerability Scanning and Remediation
  • Project description and background
  • Project Objectives
  • Protecting the campus network
  • Scalable technology
  • Education
  • Questions

3
Project Description
  • A proactive approach to reducing threats to
    computing resources and enhancing the protection
    of university electronic information.

4
Project Objectives
  • Protect the integrity of the campus computing
    environment
  • Provide a cost-effective solution for
    vulnerability scanning and remediation
  • Develop a scalable system
  • Educate campus computer users, support staff and
    system administrators

5
Timeline
  • September 2003
  • Temporary scanning system deployed to detect RPC
    vulnerabilities
  • October 2003
  • Reduction in vulnerable and/or infected systems
    on campus network from more than 700 to fewer
    than 40 in four weeksMay 2004
  • Planning for a permanent vulnerability scanning
    system was initiated
  • September 2004
  • Computer Vulnerability Scanning Policy adopted by
    Campus
  • Rebuilding/redeployment of the campus
    vulnerability scanning system components
  • Threat analysis subscription begins
  • Database upgrades made
  • January 2005
  • Honeypot integrated into permanent scanning
    system
  • June 2005
  • Intrusion detection system (IDS) integrated into
    vulnerability scanning system
  • July 2005
  • Campus vulnerability scanning system is in full
    production mode

6
Computer Vulnerability Scanning Policy
  • All computers, servers, and other electronic
    devices connected to the campus network shall be
    kept free of critical security vulnerabilities.
  • Individuals whose computers present critical
    security vulnerabilities must correct those
    vulnerabilities in a timely manner before
    connecting to the campus network.
  • Computers found to contain critical security
    vulnerabilities that threaten the integrity or
    performance of campus network will be denied
    access to campus computing resources, and may be
    disconnected from the campus network to prevent
    further dissemination of infectious or malicious
    network activity.

7
Protecting the Campus Network
8
Vulnerability Assessment Mechanisms
  • Nessus (scanlite perl module) is used to scan
    campus systems daily for 1-3 vulnerabilities
  • Nessus is used to identify compromised systems
    during web-based authentication
  • Labrea (honeypot) is used to identify malicious
    network traffic on an unannounced network segment
  • Bro (IDS) identifies malicious network traffic.
    Bro can use the snort rule set.

9
Vulnerability Assessment Database
  • IP Address
  • Date
  • Type (honeypot, scan, IDS)
  • MAC address
  • Username

10
Input Sources
  • VLAN assignments (What IPs shall we scan?)
  • VLAN technical contact (Who do we contact if
    there is a problem?)
  • ARP table records (What MAC address is
    associated with a particular IP?)
  • MAC address ownership (Who registered a
    particular MAC address?)
  • Web authentication (What IP is attempting to
    authenticate to a UCD web site?)
  • Threat selection (What threats represent highest
    risk to campus?)
  • Web/Daily Scan Capability (What Nessus security
    plug-ins are available?)

11
(No Transcript)
12
Scalable Technology
Production System Component Hardware Operating System Application
Web Authentication Scanner Sun V210 (2) Solaris Nessus/Scan Lite
Daily Network Scanner Sun V210 (2) Solaris Nessus/Scan Lite
Intrusion Detection Sensor Dell 2650 (2) Linux BRO
Network Honeypot Dell 1750 (1) Linux LaBrea
Database Dell 2650 (1) and Dell PowerVault 220 (2) with 2TB Storage Linux MySQL
Web Server Sun V210 (1) Solaris Apache
Test Server Dell 1750 (1) Linux VMware
13
  • Educating the Campus Community

14
Faculty, Staff and Students
  • Formal discussions with senior campus
    administrators and advisory groups
  • Email alerts/announcements
  • Print and Web publications
  • Posters and Flyers
  • Self-initiated scans
  • Scan results pages

15
http//selfscan.ucdavis.edu
16
Technical Staff
  • Formal discussions
  • Computer Network Security Report
    (secalert.ucdavis.edu)
  • Email notifications
  • Top Ten graphs

17
http//secalert.ucdavis.edu
18
http//secalert.ucdavis.edu
19
http//secalert.ucdavis.edu/ids
20
http//secalert.ucdavis.edu/ids
21
Lessons Learned and Next Steps
  • Nessus limitations
  • Reliance on campus unit system administrators
  • Enhance integration with Remedy trouble-ticketing
    system
  • Product integration via database is not readily
    available

22
Questions
23
Contact Information
  • Robert Ono, raono_at_ucdavis.edu
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "UC Davis Vulnerability Scanning and Remediation" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!