IT Briefing Agenda 7/17/05

1
IT Briefing Agenda 7/17/05

• New scanning tools
• EOL/eVax BTS
• Oracle Names to OID
• Manage IT self-service
• TS Update
• NetCom QA

• Jay Flanagan
• Marisa Benson
• Mark Parten
• Karen Jenkins
• Theresa Goriczynski
• Paul Petersen

2
Web Application Vulnerability Protection

• Jay D. Flanagan

3
(No Transcript)
4
Web Application Vulnerability Scanner

• SpiDynamics WebInspect Tool
• Implemented in Spring of 2005
• Part of our audit process
• Scan web applications before they go into
  production
• Regularly scan currently implemented web
  applications for new vulnerabilities
• Scans for specific web application
  vulnerabilities
• cross-site scripting
• buffer overflows
• injection (SQL)
• denial of service

5
Web Application Vulnerability Scanner
6
Web Application Vulnerability Scanner
7
Web Application Vulnerability Scanner

• Web Application Vulnerability Security Awareness
  Training
• August 8, 2005
• 8 am to 12 pm
• Review web application vulnerabilities and how
  they can be protected against in the development
  of these applications

8
Web Application Firewall

• Web Application Firewall - NetContinuum
• Monitors all web specific traffic on ports 80 and
  443 that is not monitored by a regular firewall.
• Acts as a proxy to check this traffic before
  passing it on to the web servers.
• Blocks attacks including cross-site scripting,
  buffer overflows, injection (SQL) and denial of
  service.

9
Web Application Firewall

• Currently protecting the following ITD managed
  web applications.
• Account Management System (ACM)
• Black Board Prod and Dev
• Password Services
• The App Prod and Dev Web Server
• The Oak Dev Web Server

10
Self-Service Vulnerability Scanning

• Self-Service Vulnerability scanning available via
  Nessus
• Contact Security Team for setup
• Manage IT (CUniversity Applications TSecurity
  IWork Request) or- SecurityTeam-L_at_listserv.emory
  .edu
• Following information needed
• Name and organization you support
• The IP address range on your network that you
  would like to scan
• Phone number and e-mail address
• Your network ID

11
Self-Service Vulnerability Scanning

• You will be set up on the Nessus Scanner with an
  account
• You will be able to scan your range of IP
  addresses for both desktops and servers
• You will only have access to your IP range for
  scanning
• You will be able to scan as little or as often as
  you deem necessary
• You will receive a report on what vulnerabilities
  are active
• Security Team available for consultation on
  reports and to answer any questions or help with
  any issues

12
Contact Information

• Jay D. Flanagan Security Team Lead
• jflanag_at_emory.edu
• Andy Efting Security Analyst
• aefting_at_emory.edu
• Alan White Security Analyst
• awhite7_at_emory.edu
• SecurityTeam-L_at_listserv.emory.edu

13
(No Transcript)
14
EOL/eVax Back to School

• Marisa Benson

15
Oracle Names to OID

• Mark Parten

16
Move to OID by July 31st!
17
Continued
18
Continued
19
Continued
20
Continued
21
Continued
22
many to still convert

• Most recent list will be included in the meeting
  meetings posting
• Use tool on TechTools to make the conversion

23
(No Transcript)
24
Manage IT Self-service

• Karen Jenkins

25
Manage IT Status

• Self-service Phase 1 scheduled for 7/29 _at_ 700pm
• Phase 2
• Reports, Port Status Table, Flashboards,
  two-way email scheduled for 8/19/2005
• Any self-service enhancements that could not be
  developed for Phase 1 (PS Status, on behalf of)
• SLAs investigating planning stage

26
DEMO
27
(No Transcript)
28
TS Update

• Theresa Goriczynski

29
NetCom QA