Ination Security.ppt

InformationSecurity BertHayesUTAustinInformationSecurityOfficebhayes infosec utexas edu Objective Learnaboutinformationsecuritybestpracticeswithinthecampusenvironment Overview ISOOfficeComputerSecurityBestPracticesDataSecurityandConfidentialityImportanceofTSCToolsISORAReportingComputerMisuseorAbuseIncidentResponseDisasterRecoveryPlanningRiskAssessmentServices ISOMission Function Managetheuniversityinformationsecurityprogram Providedirectionforuniversityinformationsecuritypolicies standards andprocedures Developandmaintainaninstitutionalinformationsecurityriskmanagementprogramfortheuniversity WorkinpartnershipwithcampusITleaders committeesandboards audit compliance andlegaldepartmentstocreateappropriateinstitutionalinformationsecuritystrategiesandplans Assurealluniversitynetworkandsystemsecuritymonitoringandtestingactivitiesareconductedinaccordancewithfederal state anduniversityregulatoryrequirements ISOMission Function continued ManageuniversityresponsetoITsecurityincidentsandauthorizedtotakeanyactiondeemednecessarytoprotectuniversityITresources Adviseuniversitydepartmentsregardingsecurityadministration implementation andmanagement Promoteinformationsecurityawarenessandeducationthroughouttheuniversity http security utexas edu consensusMission http security utexas edu about Initiatives http security utexas edu about initiatives htmlISOOrganizationalChart http security utexas edu about orgchart html SecurityBestPractices AccountandUserManagementSecurelydeploy maintain anddisposeofasystemKeepuptodateonthelatestvulnerabilitiesforyoursystemsPatchyouroperatingsystem Useahost basedfirewallandvirusprotectionPhysicalSecurityMonitoryoursystemsTrainyourusersonsecurityawarenessSystem levelsecurityApplicationsecurity AccountandUserManagement Userswhohavespecialaccessmustcompletea PositionofSpecialTrustform http www utexas edu hr PDF secsens pdfChoosestrongpasswordshttp www utexas edu its secure articles keep safe with strong passwords phpDisableunuseddefaultaccountsandsetpasswordsforrequireddefaultaccounts Disableorupdateaccountspromptlywhenanaccountholder sstatuschanges Whenavendororother3rdpartyrequiresaccesstoaUniversitymachine ensurethattheyhaveonlytheminimumnecessaryaccess fortheshortesttimepossible Secure deploy maintaindisposeofsystems Securemachinesbeforeplacingthemonthenetwork Developaninstallation configurationchecklistWidevarietyofchecklists http www cisecurity orgISOHardeningChecklists http security utexas edu personal http security utexas edu admin Minimizeservices removeunusedservicesConfiguretheremainingservicestobeassecureaspossibleUsescripts templatestoautomatetheprocessDisposeofhardwaresecurely overwritethecontentsofdrivesandothermediasothatitisnolongerrecoverable Secure deploy maintaindisposeofsystems continued Utilizeachangemanagementstrategytoensurethatinformationtechnologyresourcesareprotectedagainstimpropermodificationbefore during andaftersystemimplementation Keepuptodateonvulnerabilities S HomeofBugtraqandallofitsspin offs PatchOperatingSystem Windows WindowsUpdateCampusSUSServershttp www utexas edu its wsus MacintoshUseSoftwareUpdate Useahost basedfirewallandvirusprotection Personalfirewallsandanti virussoftwareforMacsandWindowsdesktopcomputersareavailableviaBevowarehttp www utexas edu its bevoware CheckOSXversion ConsolesareavailableforuseinacentrallymanagedenvironmentWindowsXP Vista and2003Serverwiththelatestservicepackofferahost basedfirewallAppleFirewall Behavesdifferentlyin10 5vs10 4Unix Linux iptablesBSD ipfw PhysicalSecurity PhysicallysecureinformationresourcesappropriatelyfortheirroleServersshouldbekeptinsecuredareaswithaccesslimitedtosystemsadministrators PublicaccessworkstationsshouldbesecuredagainsttheftTerminateaccessquicklyforthosewhonolongerneedphysicalaccesstofacilitiesReviewaccesslogsregularlyandinvestigateanyunusualaccessProtectaccesscards keys etc andreportthempromptlyiftheyarelostorstolenUseapassword protectedscreensaver Monitoryoursystems LogsSystemlogssuchasauthenticationlogsandApplicationlogs suchasweblogs LookforactivitythatisoutofthenormalprofileConsiderautomatedlog monitoringsoftwareforhigh volumelogsUTEnterpriselicenseforSplunkChecktomakesurethatpatchesandupdatesareinstalledChecktomakesurethatthesystemisn tmodifiedeitherinnocentlyormaliciouslyCheckconfigurationfilesandservicesafterapplyingpatchesandupdatesConsiderrunninganintegritycheckingtoollikeTripwire samhain AIDEtocheckformodificationstocriticalfilesConsiderrunningahost basedIDSlikeOSSECHIDS TrainYourUsers EncouragethemtoreadandunderstandtheAUPaswellasotherpoliciesandproceduresthatareapplicable ManyusersaccidentallyorintentionallydothingsthatresultinahostbeingcompromisedVirusscanningsoftwareisreactiveTraininguserstorecognizeandcorrectlyrespondtosecurityissuescansignificantlylightenyourworkloadinthelongrun TrainYourUsers Continued EmailisNOTsecure TreatattachmentslikesuspiciouspackagesTrainthemtochooseastrongpassword withUpPerCaSeand s Becarefulwithphishing Nolegitbankwouldaskforyourpassword pin and3 digitcode muchlessoveranemail remember emailisnotsecure TheBigThree PatchYourOperatingSystemRunuptodateanti virussoftwareRunuptodatefirewallsoftware DidYouKnow WhatistheminimumamountoftimethatavulnerablesystemhasbeencompromisedonUTcampus 15seconds DataSecurityandConfidentiality DataclassificationguidelinesCategoryICategoryIICategoryIIIProtectingData general ProtectingCategoryIData CategoryIData Protectionofdataisrequiredbylaw HIPAAandFERPA SystemisimmediatelycategorizedasahigherriskExamplesofdata Medical Studentinformation Contracts CreditCardNumbers certainresearchinformationSystemswiththistypeofinformationshouldbereportedtotheInformationSecurityOfficeTSCUtilitiesAriskassessmentorsecurityreviewbytheISOmayberequired CategoryIIandIIIData CategoryII Moderatesensitivity WehaveacontractualobligationtoprotectthisdataExamples DatareleasableinaccordancewiththeTexasPublicInformationAct contentsofspecifice mail dateofbirth salary etc datathatmustbeprotectedduetoproprietary ethical orprivacyconsiderations CategoryIII Low Nosensitivity Thisisinformationthatmaybepubliclyavailable itstillmaybeimportanttoprotecttheoriginalsourcedatafrommodification Example Datathatmightotherwisebeconsideredpubliclyavailable personalInternetbrowsingdata personalnotes etc ProtectingData UseFilesystem OperatingsystempermissionstorestrictwhohasaccesstodataandwhatkindsofaccesstheyhaveDon tforgetaboutprotectingdatainotherforms includingremovablemedia print outs andon screendisplayBackupyourdataregularly BackupmediashouldbesecurelystoredinaphysicallyseparateANDSECURElocation ProtectingCategoryIData EncryptthecontentsofthedataonmediaandwhileitisbeingtransmittedTransportencryptionsuchasSSL SSH unencryptedprotocolsthroughTLS IPSecEncryptdatawhileitisatrestFile Drive VolumeencryptionSafebootBitlockerFileVaultProtectthedisplayofthedataDatashouldonlybevisibletothoseauthorizedtoseeit Printersshouldbeattendedatalltimesorplacedinsecurearea ImportanceoftheTSCTools AllsystemsconnectedtotheUniversitynetworkmustberegisteredviatheTSCtools Thisinformationshouldinclude DataclassificationSystemPriorityTSCContactInformationAfterhourscontactinformation ifappropriate ImportanceofTSCTools continued ThisdataisusedbyseveraldifferentapplicationsISORAIncidentHandlers