IT Briefing Agenda 7/17/05 - PowerPoint PPT Presentation

1 / 29
About This Presentation
Title:

IT Briefing Agenda 7/17/05

Description:

IT Briefing Agenda 7/17/05 New scanning tools EOL/eVax & BTS Oracle Names to OID Manage IT self-service TS Update NetCom Q&A Jay Flanagan Marisa Benson – PowerPoint PPT presentation

Number of Views:60
Avg rating:3.0/5.0
Slides: 30
Provided by: KarenJ99
Category:

less

Transcript and Presenter's Notes

Title: IT Briefing Agenda 7/17/05


1
IT Briefing Agenda 7/17/05
  • New scanning tools
  • EOL/eVax BTS
  • Oracle Names to OID
  • Manage IT self-service
  • TS Update
  • NetCom QA
  • Jay Flanagan
  • Marisa Benson
  • Mark Parten
  • Karen Jenkins
  • Theresa Goriczynski
  • Paul Petersen

2
Web Application Vulnerability Protection
  • Jay D. Flanagan

3
(No Transcript)
4
Web Application Vulnerability Scanner
  • SpiDynamics WebInspect Tool
  • Implemented in Spring of 2005
  • Part of our audit process
  • Scan web applications before they go into
    production
  • Regularly scan currently implemented web
    applications for new vulnerabilities
  • Scans for specific web application
    vulnerabilities
  • cross-site scripting
  • buffer overflows
  • injection (SQL)
  • denial of service

5
Web Application Vulnerability Scanner
6
Web Application Vulnerability Scanner
7
Web Application Vulnerability Scanner
  • Web Application Vulnerability Security Awareness
    Training
  • August 8, 2005
  • 8 am to 12 pm
  • Review web application vulnerabilities and how
    they can be protected against in the development
    of these applications

8
Web Application Firewall
  • Web Application Firewall - NetContinuum
  • Monitors all web specific traffic on ports 80 and
    443 that is not monitored by a regular firewall.
  • Acts as a proxy to check this traffic before
    passing it on to the web servers.
  • Blocks attacks including cross-site scripting,
    buffer overflows, injection (SQL) and denial of
    service.

9
Web Application Firewall
  • Currently protecting the following ITD managed
    web applications.
  • Account Management System (ACM)
  • Black Board Prod and Dev
  • Password Services
  • The App Prod and Dev Web Server
  • The Oak Dev Web Server

10
Self-Service Vulnerability Scanning
  • Self-Service Vulnerability scanning available via
    Nessus
  • Contact Security Team for setup
  • Manage IT (CUniversity Applications TSecurity
    IWork Request) or- SecurityTeam-L_at_listserv.emory
    .edu
  • Following information needed
  • Name and organization you support
  • The IP address range on your network that you
    would like to scan
  • Phone number and e-mail address
  • Your network ID

11
Self-Service Vulnerability Scanning
  • You will be set up on the Nessus Scanner with an
    account
  • You will be able to scan your range of IP
    addresses for both desktops and servers
  • You will only have access to your IP range for
    scanning
  • You will be able to scan as little or as often as
    you deem necessary
  • You will receive a report on what vulnerabilities
    are active
  • Security Team available for consultation on
    reports and to answer any questions or help with
    any issues

12
Contact Information
  • Jay D. Flanagan Security Team Lead
  • jflanag_at_emory.edu
  • Andy Efting Security Analyst
  • aefting_at_emory.edu
  • Alan White Security Analyst
  • awhite7_at_emory.edu
  • SecurityTeam-L_at_listserv.emory.edu

13
(No Transcript)
14
EOL/eVax Back to School
  • Marisa Benson

15
Oracle Names to OID
  • Mark Parten

16
Move to OID by July 31st!
17
Continued
18
Continued
19
Continued
20
Continued
21
Continued
22
many to still convert
  • Most recent list will be included in the meeting
    meetings posting
  • Use tool on TechTools to make the conversion

23
(No Transcript)
24
Manage IT Self-service
  • Karen Jenkins

25
Manage IT Status
  • Self-service Phase 1 scheduled for 7/29 _at_ 700pm
  • Phase 2
  • Reports, Port Status Table, Flashboards,
    two-way email scheduled for 8/19/2005
  • Any self-service enhancements that could not be
    developed for Phase 1 (PS Status, on behalf of)
  • SLAs investigating planning stage

26
DEMO
27
(No Transcript)
28
TS Update
  • Theresa Goriczynski

29
NetCom QA
Write a Comment
User Comments (0)
About PowerShow.com