ISS SiteProtector and ISS SiteProtector and Internet ScannerInternet Scanner

LanAdmin Group MeetingLanAdmin Group Meeting

12/8/200512/8/2005

SiteProtectorSiteProtector

SiteProtector is an enterprise command, SiteProtector is an enterprise command, control and monitoring system. It allows us control and monitoring system. It allows us to use vulnerability assessment information to use vulnerability assessment information

to protect our operations ahead of the threat. to protect our operations ahead of the threat.

Internet ScannerInternet Scanner

Internet Scanner minimizes our risk by identifying Internet Scanner minimizes our risk by identifying the security holes, or vulnerabilities, in our network the security holes, or vulnerabilities, in our network

so we can protect them before an attack occurs.so we can protect them before an attack occurs.

Once all of our networked devices are identified, Once all of our networked devices are identified, Internet Scanner analyzes the configurations, Internet Scanner analyzes the configurations, patch levels, operating systems and installed patch levels, operating systems and installed

applications to find vulnerabilities that could be applications to find vulnerabilities that could be exploited by hackers trying to gain unauthorized exploited by hackers trying to gain unauthorized

access.access.

Benefits to UTMB from Benefits to UTMB from SiteProtector/Internet ScannerSiteProtector/Internet Scanner

Scanner ConfigurationScanner Configuration

Multiple in-line scannersMultiple in-line scanners

Less time and network trafficLess time and network traffic

More scanningMore scanning

Different scan configurations Different scan configurations

““Local” (10.10.x.x) scansLocal” (10.10.x.x) scans

Centralized scan managementCentralized scan management

Benefits to UTMB from Benefits to UTMB from SiteProtector/Internet ScannerSiteProtector/Internet Scanner

““Enterprise” ConfigurationEnterprise” Configuration

Logical group scanningLogical group scanning

User rolesUser roles

Distributed visibility of our security postureDistributed visibility of our security posture

Compliance and remediation monitoringCompliance and remediation monitoring

Departmental scanning capabilityDepartmental scanning capability

Benefits to UTMB from Benefits to UTMB from SiteProtector/Internet ScannerSiteProtector/Internet Scanner

Process FlowProcess Flow

Discovery scansDiscovery scans

Certification scansCertification scans

On-line query and reportsOn-line query and reports

Self scans - remediationSelf scans - remediation

Exception DocumentationException Documentation

Scanning ProcessesScanning Processes

Current scanning process is under review and Current scanning process is under review and revision due to:revision due to:

Improved capability of tools (ISS)Improved capability of tools (ISS)

Staffing and priority changesStaffing and priority changes

Changing institutional requirementsChanging institutional requirements

Best practices in response to changing Best practices in response to changing environmentenvironment

Scanning ProcessesScanning Processes

Discovery Scan

Identification & Grouping

Vulnerability Scans

Remediation Scans

Remediation Reporting

• Identify new systems

• Initiated by NSS• Schedule to be determined

• Feeds Cert. & Accreditation process

• NSS / Department collaboration

• Initiated by NSS (vulnerability assessments/system certifications) and/or Audit Services (server reviews)• Servers - Quarterly• Workstations/printer - Yearly

• Initiated by Department or NSS

• Verify status of remediation efforts

• On-line!!

• Exception/Risk Acceptance notes• Available to Department Management, IS Security and Audit Services

Scanning ProcessesScanning Processes

Patch Scan

Delta Scan

Exception Reports

• Verify Patch Management

• Initiated by Department with Admin. Credentials• Schedule to be determined (Quarterly, as needed)

Ad-hoc Processes

• Track Changes to system configuration

• Schedule to be determined

• Verify Exception processing

• Working with ISS to develop process• 30-days to request Exception, then yearly review

Significant EventsSignificant Events

SiteProtector 2.0, SP6 release – 12/6/05SiteProtector 2.0, SP6 release – 12/6/05

Scanner deployment – December 2005Scanner deployment – December 2005

Initial Group Configurations - Dec. ’05 – Jan. ’06Initial Group Configurations - Dec. ’05 – Jan. ’06

Department POC Training – Dec. ’05 – Jan. ’06Department POC Training – Dec. ’05 – Jan. ’06

Transition to Group Scanning – March-April Transition to Group Scanning – March-April 20052005

Q & AQ & A

Email additional questions and Email additional questions and system inventory to:system inventory to:

Network & Security Services Network & Security Services (SecurityVAR@utmb.edu)(SecurityVAR@utmb.edu)