ISO

1
ISO

• November, 2009

2
ISO Agenda

• October Vulnerability Scanning Results
• Wireless services on UGuest

3
Vulnerability Scanning

• General Trending
• Focus on the level 5 first, then work down
• Intruders can easily gain control of the host,
  which can lead to the compromise of your entire
  network security. For example, vulnerabilities at
  this level may include full read and write access
  to files, remote execution of commands, and the
  presence of backdoors.
• Holding steady needs improvement
• 16 fixed
• 71 active
• 6 new
• 7 re-opened
• ISO is now developing more granular statistics on
  the scanning results for OIT/ITS leadership
• ISO and ISPO both looking at implementing threat
  mgt tools

4
Vulnerability Scanning (Cont)

• Top 5 Highest severity vulnerabilities for
  action
• SMB Remote code Execution (complete control of
  system)
• FTP backdoor (admin privileges)
• Statd Format Bug (Linux/execute remote code as
  root)
• Cisco IOS Firewall (remotely exploitable buffer
  overflow)
• NFS Exported Directories mountable by unauth.
  Users
• Trending indicates little or no change from
  September

5
Wireless Port Services

• Discussion on outbound services
• Follow up from Wireless meeting Oct 28
• Ref. D Feyler email Nov 2 with draft list
• Thanks to many for suggestions
• ISO has broken down the last 30 days or so
• At top, shows (as expected) web, flash streaming,
  port 445 then usage stats plunge off the table
• ISO continuing to evaluate
• Will send out updated recommendation soon

6
Conclusion

• Contact info
• ISO_at_utah.edu
• ISO Group Phone (801) 213-3446
• Pager (801) 339-4599
• Daves office phone (801) 585-1012
• Please let us know if you would like us to visit
  your office, attend a staff meeting, etc.
• Questions?