iss siteprotector and internet scanner lanadmin group meeting 12/8/2005
TRANSCRIPT
ISS SiteProtector and ISS SiteProtector and Internet ScannerInternet Scanner
LanAdmin Group MeetingLanAdmin Group Meeting
12/8/200512/8/2005
SiteProtectorSiteProtector
SiteProtector is an enterprise command, SiteProtector is an enterprise command, control and monitoring system. It allows us control and monitoring system. It allows us to use vulnerability assessment information to use vulnerability assessment information
to protect our operations ahead of the threat. to protect our operations ahead of the threat.
Internet ScannerInternet Scanner
Internet Scanner minimizes our risk by identifying Internet Scanner minimizes our risk by identifying the security holes, or vulnerabilities, in our network the security holes, or vulnerabilities, in our network
so we can protect them before an attack occurs.so we can protect them before an attack occurs.
Once all of our networked devices are identified, Once all of our networked devices are identified, Internet Scanner analyzes the configurations, Internet Scanner analyzes the configurations, patch levels, operating systems and installed patch levels, operating systems and installed
applications to find vulnerabilities that could be applications to find vulnerabilities that could be exploited by hackers trying to gain unauthorized exploited by hackers trying to gain unauthorized
access.access.
Benefits to UTMB from Benefits to UTMB from SiteProtector/Internet ScannerSiteProtector/Internet Scanner
Scanner ConfigurationScanner Configuration
Multiple in-line scannersMultiple in-line scanners
Less time and network trafficLess time and network traffic
More scanningMore scanning
Different scan configurations Different scan configurations
““Local” (10.10.x.x) scansLocal” (10.10.x.x) scans
Centralized scan managementCentralized scan management
Benefits to UTMB from Benefits to UTMB from SiteProtector/Internet ScannerSiteProtector/Internet Scanner
““Enterprise” ConfigurationEnterprise” Configuration
Logical group scanningLogical group scanning
User rolesUser roles
Distributed visibility of our security postureDistributed visibility of our security posture
Compliance and remediation monitoringCompliance and remediation monitoring
Departmental scanning capabilityDepartmental scanning capability
Benefits to UTMB from Benefits to UTMB from SiteProtector/Internet ScannerSiteProtector/Internet Scanner
Process FlowProcess Flow
Discovery scansDiscovery scans
Certification scansCertification scans
On-line query and reportsOn-line query and reports
Self scans - remediationSelf scans - remediation
Exception DocumentationException Documentation
Scanning ProcessesScanning Processes
Current scanning process is under review and Current scanning process is under review and revision due to:revision due to:
Improved capability of tools (ISS)Improved capability of tools (ISS)
Staffing and priority changesStaffing and priority changes
Changing institutional requirementsChanging institutional requirements
Best practices in response to changing Best practices in response to changing environmentenvironment
Scanning ProcessesScanning Processes
Discovery Scan
Identification & Grouping
Vulnerability Scans
Remediation Scans
Remediation Reporting
• Identify new systems
• Initiated by NSS• Schedule to be determined
• Feeds Cert. & Accreditation process
• NSS / Department collaboration
• Initiated by NSS (vulnerability assessments/system certifications) and/or Audit Services (server reviews)• Servers - Quarterly• Workstations/printer - Yearly
• Initiated by Department or NSS
• Verify status of remediation efforts
• On-line!!
• Exception/Risk Acceptance notes• Available to Department Management, IS Security and Audit Services
Scanning ProcessesScanning Processes
Patch Scan
Delta Scan
Exception Reports
• Verify Patch Management
• Initiated by Department with Admin. Credentials• Schedule to be determined (Quarterly, as needed)
Ad-hoc Processes
• Track Changes to system configuration
• Schedule to be determined
• Verify Exception processing
• Working with ISS to develop process• 30-days to request Exception, then yearly review
Significant EventsSignificant Events
SiteProtector 2.0, SP6 release – 12/6/05SiteProtector 2.0, SP6 release – 12/6/05
Scanner deployment – December 2005Scanner deployment – December 2005
Initial Group Configurations - Dec. ’05 – Jan. ’06Initial Group Configurations - Dec. ’05 – Jan. ’06
Department POC Training – Dec. ’05 – Jan. ’06Department POC Training – Dec. ’05 – Jan. ’06
Transition to Group Scanning – March-April Transition to Group Scanning – March-April 20052005
Q & AQ & A
Email additional questions and Email additional questions and system inventory to:system inventory to:
Network & Security Services Network & Security Services ([email protected])([email protected])