Blocked - PowerPoint PPT Presentation

1 / 9
About This Presentation
Title:

Blocked

Description:

... search engines scanning internal web sites (use robots.txt to disable ... nodes to unblock ... for nodes with critical vulnerabilities even if not blocked ... – PowerPoint PPT presentation

Number of Views:171
Avg rating:3.0/5.0
Slides: 10
Provided by: securi3
Category:
Tags: blocked | sites | unblock

less

Transcript and Presenter's Notes

Title: Blocked


1
Blocked?
  • How to react to having your network connection
    blocked.

2
Blocking Strategies
  • External Blocks
  • Applied at Border Router
  • Autoblocker automated tool
  • Internal Blocks
  • Applied to systems vulnerable to bad guys, viri
    and worms
  • Declared Critical Vulnerabilities
  • Applied to systems already infected
  • At request of FCIRT
  • Requires FCIRT approval for removal

3
Blocked by Autoblocker
  • Automated utility
  • Blocks installed at the border router
  • Outbound system behavior that triggers the
    Autoblocker
  • Multiple systems accessed in short time
  • Multiple ports accessed on single system
  • Outbound block triggers E-mail to
  • User or system administrator
  • Nightwatch

4
Blocked by Autoblocker
  • Autoblocker usually triggered by
  • Infected (virus) systems
  • Peer-to-Peer file sharing
  • Online gaming
  • Web search engines scanning internal web sites
    (use robots.txt to disable indexing)
  • When the bad identified behavior stops, block
    automatically removed 30 minutes after the
    triggering behavior has stopped

5
Vulnerability (internal) Blocks
  • Scanners look for systems with critical
    vulnerabilities
  • http//computing.fnal.gov/security/CriticalVuln/
  • Looks for vulnerability, not absence of patch
  • Busy subnets scanned more frequently
  • Mail sent with vulnerabilities found
  • Vulnerability triggers E-mail to
  • Registered system administrator

6
Vulnerability (internal) Blocks
  • Summary mail to Nightwatch twice a day
  • Manually select candidates for blocking
  • Immediate if multiple vulnerabilities
  • Immediate if no contact or no E-mail address for
    system administrator
  • Otherwise allow 24 hours to fix problem after
    first time system is on list
  • To be automated in the future

7
Vulnerability (internal) Blocks
  • Manually select nodes to unblock
  • User must send mail to Nightwatch stating problem
    has been fixed and including identification of
    the system
  • Please do this for nodes with critical
    vulnerabilities even if not blocked
  • Current block lists checked manually by CST
    before unblocking
  • List of Blocked nodes at
  • http//www-dcn.fnal.gov/netadmin/blocked/

8
Vulnerability (internal) Blocks
  • List of block/unblock nodes sent to Data
    Communications for processing
  • Into ACLs for routers
  • Done twice a day (morning and afternoon) only
    (and only during work days now)
  • To be automated and running 24x7 in future
  • Nodes blocked Friday afternoon will NOT be
    unblocked until Monday morning

9
Vulnerability (internal) Blocks
  • Make sure someone is registered as system
    administrator with a valid E-mail address
  • Promptly install the necessary patches or
    configuration changes
  • Send mail to Nightwatch after correction and
    include identification of the system
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Blocked" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!