[Previous] [Table of contents] [Next]
[Previous]
[Table of contents]
[Next]
SCD and UCAR have continued to implement and extend CSAC security recommendations. The following paragraphs provide a brief synopsis of the FY1999 activities.Enhanced UCAR's security perimeter:
- The gatekeeper host systems and the security perimeter were enhanced after running under the original plan for FY1998. More protection was added for the majority of departmental exposed servers.
- The gatekeeper hosts will be enhanced in FY2000 with more fail-safe, fail-over, and load-sharing capabilities. In the interim, the existing systems will be upgraded to Solaris 7.
- Exposed hosts are actively scanned for known security vulnerabilities and new services on a regular basis with open-source and commercial port and vulnerability scanner software. Our license for NAI, Inc.'s "Cybercop Scanner" was upgraded, and the software was placed into regular service. The open-source "nmap" port scanner was enhanced and used to catalog changes in services available on our exposed hosts.
- Host security was enhanced by maintaining and applying a local knowledge base of security vulnerabilities and patches for the various operating systems in use at UCAR. Some patches and advisories are already available from the local repository; more (and pointers to vendor-supplied patches) are being added on a routine basis.
- Security practices were enhanced by the Security Administrator acting as a consulting resource. The Security Administrator expanded assistance for system administrators, software engineers, and administrative personnel who had concerns about topics such as secure programming techniques, web scripting, login and email encryption, and host security tools.
- The Security Administrator and CSAC finished creating security policies to implement the CSAC Security Plan. These policies address the security implications of external connections to UCAR networks and the configuration of UCAR hosts.
Enhanced UCAR's security incident detection and response:
- Continued development of UCAR-wide incident response plan and policy. The incident response team will be modeled along the lines of a volunteer fire department.
- Installed Anzen, Inc.'s "Flight Jacket" (AFJ) intrusion detection system, built on top of Network Flight Recorder (NFR).
- Participated in AFJ/NFR beta program, in order to help add support for decoding Cisco's Inter-Switch Link (ISL) trunking. This will allow us to detect incidents more reliably, as we place the scanner in the path taken by most of our Internet traffic.
- Provided much appreciated warnings to organizations with hosts seen to be attacking UCAR hosts regarding the possible host compromises on those organizations' networks. Provided limited information to assist law enforcement with investigation of widespread attacks involving state university networks on the east coast.
Established assured connection integrity and privacy:
- Encouraged use of "ssh" end-to-end encryption within UCAR for authentication of both users and hosts, session integrity, and data privacy. Arranged for group purchase of PC/Mac ssh clients and UNIX ssh servers. Made libraries available for building UNIX clients compatible with UCAR gatekeeper systems.
- Operated certification services for UCAR web, mail, and login use. SSL proxy was put in place for providing internal pages to authorized outside users. A UCAR Certificate Authority was made available for web server and user email certificates.
- Began to use security perimeter authentication server and caching system, originally developed for providing internal pages to authorized outside users, for Finance and Administration user identification. In FY2000, this capability will be made more widely available across the organization.
- Installed proof-of-concept Virtual Private Network (VPN) built on the IPSec standard. This stands to provide more transparent and secure connectivity for remote authorized users than any other technique in FY2000 - 2001.
The majority of the security changes were evaluated and implemented by the UCAR Security Administrator in conjunction with the Computer Security Advisory Committee (CSAC). The UCAR Security Administrator advises UCAR administrators in matters concerning security and possible violations. The goal is producing an environment that, as much as possible, retains our open network's advantages for our external and internal users, while also protects their work from damage and disruption by external attackers.