Security Essentials for Desktop System Administrators

67
Security Essentials for Desktop System Administrators

TAGS:

description

Security Essentials for Desktop System Administrators. Civilization Is Made Of People …. Civilization is Risk. -- Not Big Brother. Dave Barry On Civilization …. New Technology Is Invented Largely To Overcome Previous "Advances". Dave Barry On Civilization …. - PowerPoint PPT Presentation

Transcript of Security Essentials for Desktop System Administrators

Page 1: Security Essentials for Desktop System Administrators

Security Essentials for Desktop System Administrators

Security Essentials for Desktop System Administrators

Page 2: Security Essentials for Desktop System Administrators

Civilization Is Made Of People …Civilization Is Made Of People …

Civilization is Risk.-- Not Big Brother

Civilization is Risk.-- Not Big Brother

November 9, 2010November 9, 2010 Security Essentials for Desktop System AdministratorsSecurity Essentials for Desktop System Administrators 33

Page 3: Security Essentials for Desktop System Administrators

Dave Barry On Civilization …Dave Barry On Civilization …

New Technology Is Invented LargelyTo Overcome Previous "Advances"

New Technology Is Invented LargelyTo Overcome Previous "Advances"

November 9, 2010November 9, 2010 Security Essentials for Desktop System AdministratorsSecurity Essentials for Desktop System Administrators 44

Page 4: Security Essentials for Desktop System Administrators

Dave Barry On Civilization …Dave Barry On Civilization …

Fields -> Trees -> Caves -> HousesFields -> Trees -> Caves -> Houses

November 9, 2010November 9, 2010 Security Essentials for Desktop System AdministratorsSecurity Essentials for Desktop System Administrators 55

Page 5: Security Essentials for Desktop System Administrators

Dave Barry On Civilization …Dave Barry On Civilization …

Houses -> Windows -> GlassHouses -> Windows -> Glass

November 9, 2010November 9, 2010 Security Essentials for Desktop System AdministratorsSecurity Essentials for Desktop System Administrators 66

Page 6: Security Essentials for Desktop System Administrators

Dave Barry On Civilization …Dave Barry On Civilization …

Glass -> Drapes -> TentsGlass -> Drapes -> Tents

November 9, 2010November 9, 2010 Security Essentials for Desktop System AdministratorsSecurity Essentials for Desktop System Administrators 77

Page 7: Security Essentials for Desktop System Administrators

Dave Barry On Civilization …Dave Barry On Civilization …

Fireplaces -> Microwaves -> Bean BurritosFireplaces -> Microwaves -> Bean Burritos

November 9, 2010November 9, 2010 Security Essentials for Desktop System AdministratorsSecurity Essentials for Desktop System Administrators 88

Page 8: Security Essentials for Desktop System Administrators

Dave Barry On Civilization …Dave Barry On Civilization …

-> ->

November 9, 2010November 9, 2010 Security Essentials for Desktop System AdministratorsSecurity Essentials for Desktop System Administrators 99

Page 9: Security Essentials for Desktop System Administrators

Computer Security …Computer Security …

Essentially A People ProblemEssentially A People Problem

November 9, 2010November 9, 2010 Security Essentials for Desktop System AdministratorsSecurity Essentials for Desktop System Administrators 1010

Page 10: Security Essentials for Desktop System Administrators

Internet

A Basic “People Problem”A Basic “People Problem”

November 9, 2010November 9, 2010 Security Essentials for Desktop System AdministratorsSecurity Essentials for Desktop System Administrators 1111

Privacy

Page 11: Security Essentials for Desktop System Administrators

Internet

A Slightly More Precise ViewA Slightly More Precise View

November 9, 2010November 9, 2010 Security Essentials for Desktop System AdministratorsSecurity Essentials for Desktop System Administrators 1212

Privacy

Blog Posts (tl;dr)

Page 12: Security Essentials for Desktop System Administrators

Bruce SchneierBruce Schneier

Once the technology is in place, there willalways be the temptation to use it ...

(Secrets and Lies, 2000)

Once the technology is in place, there willalways be the temptation to use it ...

(Secrets and Lies, 2000)

November 9, 2010November 9, 2010 Security Essentials for Desktop System AdministratorsSecurity Essentials for Desktop System Administrators 1313

Page 13: Security Essentials for Desktop System Administrators

Technology

How Technology WorksHow Technology Works

November 9, 2010November 9, 2010 Security Essentials for Desktop System AdministratorsSecurity Essentials for Desktop System Administrators 1414

SurprisingUses

Page 14: Security Essentials for Desktop System Administrators

(Unsurprising Useless Utopias)(Unsurprising Useless Utopias)

November 9, 2010November 9, 2010 Security Essentials for Desktop System AdministratorsSecurity Essentials for Desktop System Administrators 1515

Page 15: Security Essentials for Desktop System Administrators

MUDFLAPSSO I HERD U LIEK THEM

MUDFLAPSSO I HERD U LIEK THEM

Surprising Technology UseSurprising Technology Use

November 9, 2010November 9, 2010 Security Essentials for Desktop System AdministratorsSecurity Essentials for Desktop System Administrators 1616

Page 16: Security Essentials for Desktop System Administrators

Surprising Technology UseSurprising Technology Use

November 9, 2010November 9, 2010 Security Essentials for Desktop System AdministratorsSecurity Essentials for Desktop System Administrators 1717

Page 17: Security Essentials for Desktop System Administrators

Bruce SchneierBruce Schneier

And it is poor civic hygiene to installtechnologies that could somedayfacilitate a police state.

And it is poor civic hygiene to installtechnologies that could somedayfacilitate a police state.

November 9, 2010November 9, 2010 Security Essentials for Desktop System AdministratorsSecurity Essentials for Desktop System Administrators 1818

Page 18: Security Essentials for Desktop System Administrators

Technology

Technology And RiskTechnology And Risk

November 9, 2010November 9, 2010 Security Essentials for Desktop System AdministratorsSecurity Essentials for Desktop System Administrators 1919

SurprisingUses

MaliciousActivity

Page 19: Security Essentials for Desktop System Administrators

Grace Hopper

Grace Hopper

Life was simple before World War II.After that we had systems.

Life was simple before World War II.After that we had systems.

November 9, 2010November 9, 2010 Security Essentials for Desktop System AdministratorsSecurity Essentials for Desktop System Administrators 2020

Page 20: Security Essentials for Desktop System Administrators

xkcd …xkcd …

November 9, 2010November 9, 2010 Security Essentials for Desktop System AdministratorsSecurity Essentials for Desktop System Administrators 2121

Page 21: Security Essentials for Desktop System Administrators

… xkcd… xkcd

November 9, 2010November 9, 2010 Security Essentials for Desktop System AdministratorsSecurity Essentials for Desktop System Administrators 2222

Page 22: Security Essentials for Desktop System Administrators

Dealing With RiskDealing With Risk

Recognition | Reduction | RecoveryRecognition | Reduction | Recovery

November 9, 2010November 9, 2010 Security Essentials for Desktop System AdministratorsSecurity Essentials for Desktop System Administrators 2323

Page 23: Security Essentials for Desktop System Administrators

Recognizing RisksRecognizing Risks

High BandwidthEnormous StoragePosh .gov Location

Nothing Marketable

High BandwidthEnormous StoragePosh .gov Location

Nothing Marketable

November 9, 2010November 9, 2010 Security Essentials for Desktop System AdministratorsSecurity Essentials for Desktop System Administrators 2424

Page 24: Security Essentials for Desktop System Administrators

Recognizing RisksRecognizing Risks

Caching warezSending SPAM

Spreading malwareControlling bots

Caching warezSending SPAM

Spreading malwareControlling bots

November 9, 2010November 9, 2010 Security Essentials for Desktop System AdministratorsSecurity Essentials for Desktop System Administrators 2525

Page 25: Security Essentials for Desktop System Administrators

Recognizing RisksRecognizing Risks

Destruction Of DataWaste Of Bandwidth

Waste Of TimeFrustration

Destruction Of DataWaste Of Bandwidth

Waste Of TimeFrustration

November 9, 2010November 9, 2010 Security Essentials for Desktop System AdministratorsSecurity Essentials for Desktop System Administrators 2626

Page 26: Security Essentials for Desktop System Administrators

Recognizing RisksRecognizing Risks

Default admin privsVisiting malicious sitesPromiscuous USBingLack of gruntlement

Default admin privsVisiting malicious sitesPromiscuous USBingLack of gruntlement

November 9, 2010November 9, 2010 Security Essentials for Desktop System AdministratorsSecurity Essentials for Desktop System Administrators 2727

Page 27: Security Essentials for Desktop System Administrators

Strategic TLA ReservesStrategic TLA Reserves

TLAs not specifically delegated …are reserved to the States, or to the

people.

“BOR” (10th Amendment)

TLAs not specifically delegated …are reserved to the States, or to the

people.

“BOR” (10th Amendment)

November 9, 2010November 9, 2010 Security Essentials for Desktop System AdministratorsSecurity Essentials for Desktop System Administrators 2828

Page 28: Security Essentials for Desktop System Administrators

TCB? DID!TCB? DID!

Integrated Security Management (ISM)

Defense In Depth (DID)

Integrated Security Management (ISM)

Defense In Depth (DID)

November 9, 2010November 9, 2010 Security Essentials for Desktop System AdministratorsSecurity Essentials for Desktop System Administrators 2929

Page 29: Security Essentials for Desktop System Administrators

Reducing Risks: DIDReducing Risks: DID

Perimeter ControlsAuto-blocking

Mail virus scanningCentral Authentication

(via LDAP/Kerberos)

Perimeter ControlsAuto-blocking

Mail virus scanningCentral Authentication

(via LDAP/Kerberos)

November 9, 2010November 9, 2010 Security Essentials for Desktop System AdministratorsSecurity Essentials for Desktop System Administrators 3030

Page 30: Security Essentials for Desktop System Administrators

Reducing Risks: DIDReducing Risks: DID

Patch and configuration mgmtCritical Vulnerabilities

Prompt response via FCIRTIntelligent and informed usersGeneral and special enclaves

Patch and configuration mgmtCritical Vulnerabilities

Prompt response via FCIRTIntelligent and informed usersGeneral and special enclaves

November 9, 2010November 9, 2010 Security Essentials for Desktop System AdministratorsSecurity Essentials for Desktop System Administrators 3131

Page 31: Security Essentials for Desktop System Administrators

Reducing Risks: DIDReducing Risks: DID

Computer Security not an add-onNot “one-size-fits-all”

Largely common sense

Computer Security not an add-onNot “one-size-fits-all”

Largely common sense

November 9, 2010November 9, 2010 Security Essentials for Desktop System AdministratorsSecurity Essentials for Desktop System Administrators 3232

Page 32: Security Essentials for Desktop System Administrators

Reducing Risks: ISM PerimeterReducing Risks: ISM Perimeter

Exploitable protocols blockedRegistered web servers allowed

Dynamic blocks on exploitsSome carefully configured services

allowed (like Skype)

Exploitable protocols blockedRegistered web servers allowed

Dynamic blocks on exploitsSome carefully configured services

allowed (like Skype)

November 9, 2010November 9, 2010 Security Essentials for Desktop System AdministratorsSecurity Essentials for Desktop System Administrators 3333

Page 33: Security Essentials for Desktop System Administrators

Reducing Risks: ISM AuthReducing Risks: ISM Auth

Primary passwords off the netSingle turn-off point

No visible services without StrongAuthLab systems scanned for compliance

Primary passwords off the netSingle turn-off point

No visible services without StrongAuthLab systems scanned for compliance

November 9, 2010November 9, 2010 Security Essentials for Desktop System AdministratorsSecurity Essentials for Desktop System Administrators 3434

Page 34: Security Essentials for Desktop System Administrators

Recovery: ISMRecovery: ISM

General Computer Security CoordinatorsWork with Computer Security Team

Disseminate informationDeal with incidents

See http://security.fnal.gov/ for list

General Computer Security CoordinatorsWork with Computer Security Team

Disseminate informationDeal with incidents

See http://security.fnal.gov/ for list

November 9, 2010November 9, 2010 Security Essentials for Desktop System AdministratorsSecurity Essentials for Desktop System Administrators 3535

Page 35: Security Essentials for Desktop System Administrators

What About Us Users?What About Us Users?

Malicious Surprises aboundUse reasonable caution

Use up-to-date virus scanning

Malicious Surprises aboundUse reasonable caution

Use up-to-date virus scanning

November 9, 2010November 9, 2010 Security Essentials for Desktop System AdministratorsSecurity Essentials for Desktop System Administrators 3636

Page 36: Security Essentials for Desktop System Administrators

Users: We Get MailUsers: We Get Mail

Can you trust the so-called sender?Can you trust the so-called sender?Received: from [123.28.41.241] (unknown [123.28.41.241]) by hepa1.fnal.gov

(Postfix) with ESMTP id 808F76F247 for <[email protected]>; Thu, 01 Apr 2010 09:41:02 -0500 (CDT)

From: Wayne E Baisley <[email protected]>To: Wayne E Baisley <[email protected]>

route: 123.28.32.0/19descr: VietNam Post and Telecom Corporation (VNPT)address: Lo IIA Lang Quoc te Thang Long, Cau Giay, Ha Noi

Can you trust the so-called sender?Can you trust the so-called sender?Received: from [123.28.41.241] (unknown [123.28.41.241]) by hepa1.fnal.gov

(Postfix) with ESMTP id 808F76F247 for <[email protected]>; Thu, 01 Apr 2010 09:41:02 -0500 (CDT)

From: Wayne E Baisley <[email protected]>To: Wayne E Baisley <[email protected]>

route: 123.28.32.0/19descr: VietNam Post and Telecom Corporation (VNPT)address: Lo IIA Lang Quoc te Thang Long, Cau Giay, Ha Noi

November 9, 2010November 9, 2010 Security Essentials for Desktop System AdministratorsSecurity Essentials for Desktop System Administrators 3737

Page 37: Security Essentials for Desktop System Administrators

Users: We Get MailUsers: We Get Mail

You haven’t won $10MRampant account hijacking

Don’t open (most) attachmentsBest not to click links in mail

Disable scripting for mail

You haven’t won $10MRampant account hijacking

Don’t open (most) attachmentsBest not to click links in mail

Disable scripting for mail

November 9, 2010November 9, 2010 Security Essentials for Desktop System AdministratorsSecurity Essentials for Desktop System Administrators 3838

Page 38: Security Essentials for Desktop System Administrators

Royko any social engineering attemptsProtect your Kerberos password

and it will protect youDon’t run unkerberized network services

(like telnet or read/write ftp)

Royko any social engineering attemptsProtect your Kerberos password

and it will protect youDon’t run unkerberized network services

(like telnet or read/write ftp)

November 9, 2010November 9, 2010 Security Essentials for Desktop System AdministratorsSecurity Essentials for Desktop System Administrators 3939

Page 39: Security Essentials for Desktop System Administrators

Users: Security IncidentsUsers: Security Incidents

Report suspicious stuff tox2345 or [email protected]

Follow FCIRT instructions during incidents Keep infected machines off the network Preserve system for expert investigation

Report suspicious stuff tox2345 or [email protected]

Follow FCIRT instructions during incidents Keep infected machines off the network Preserve system for expert investigation

November 9, 2010November 9, 2010 Security Essentials for Desktop System AdministratorsSecurity Essentials for Desktop System Administrators 4040

Page 40: Security Essentials for Desktop System Administrators

Users: DataUsers: Data

Decide what data requires protectionHow to be recovered, if neededArrange backups with Sysadmins

Or do your own backupsOccasionally test retrieval

Decide what data requires protectionHow to be recovered, if neededArrange backups with Sysadmins

Or do your own backupsOccasionally test retrieval

November 9, 2010November 9, 2010 Security Essentials for Desktop System AdministratorsSecurity Essentials for Desktop System Administrators 4141

Page 41: Security Essentials for Desktop System Administrators

The Incidental ComputistThe Incidental Computist

Some non-Lab-business Surprising Useallowed in the guidelines:

http://security.fnal.gov/ProperUse.htm

Some non-Lab-business Surprising Useallowed in the guidelines:

http://security.fnal.gov/ProperUse.htm

November 9, 2010November 9, 2010 Security Essentials for Desktop System AdministratorsSecurity Essentials for Desktop System Administrators 4242

Page 42: Security Essentials for Desktop System Administrators

Activities to AvoidActivities to Avoid

Anything that is illegalProhibited by Lab/DOE policy

Embarrassing to the LabInterferes with job performanceConsumes excessive resources

Anything that is illegalProhibited by Lab/DOE policy

Embarrassing to the LabInterferes with job performanceConsumes excessive resources

November 9, 2010November 9, 2010 Security Essentials for Desktop System AdministratorsSecurity Essentials for Desktop System Administrators 4343

Page 43: Security Essentials for Desktop System Administrators

Activities to AvoidActivities to Avoid

Services like Skype and BitTorrentnot forbidden but very easy to misuse!

(Better off with iPhone/Droid/etc.)

Services like Skype and BitTorrentnot forbidden but very easy to misuse!

(Better off with iPhone/Droid/etc.)

November 9, 2010November 9, 2010 Security Essentials for Desktop System AdministratorsSecurity Essentials for Desktop System Administrators 4444

Page 44: Security Essentials for Desktop System Administrators

Data PrivacyData Privacy

Generally, Fermilab respects privacyYou are required to do likewise

Exemptions for Sysadmins and SecurityOthers must have Directorate approval

Generally, Fermilab respects privacyYou are required to do likewise

Exemptions for Sysadmins and SecurityOthers must have Directorate approval

November 9, 2010November 9, 2010 Security Essentials for Desktop System AdministratorsSecurity Essentials for Desktop System Administrators 4545

Page 45: Security Essentials for Desktop System Administrators

Privacy of Email and FilesPrivacy of Email and Files

May not use information in another person’s files seen incidental to any activity (legitimate or not) for any

purpose, w/o either explicit permission of the owner or a “reasonable belief the file was meant to be accessed by others.”

May not use information in another person’s files seen incidental to any activity (legitimate or not) for any

purpose, w/o either explicit permission of the owner or a “reasonable belief the file was meant to be accessed by others.”

November 9, 2010November 9, 2010 Security Essentials for Desktop System AdministratorsSecurity Essentials for Desktop System Administrators 4646

Page 46: Security Essentials for Desktop System Administrators

Offensive MaterialsOffensive Materials

Material on a computer ≈ Material in a deskThis is a line management concernNot computer security issues per se

Material on a computer ≈ Material in a deskThis is a line management concernNot computer security issues per se

November 9, 2010November 9, 2010 Security Essentials for Desktop System AdministratorsSecurity Essentials for Desktop System Administrators 4747

Page 47: Security Essentials for Desktop System Administrators

Software LicensingSoftware Licensing

Fermilab is strongly committed to respecting intellectual property rights

Use of unlicensed commercial software is a direct violation of lab policy

Fermilab is strongly committed to respecting intellectual property rights

Use of unlicensed commercial software is a direct violation of lab policy

November 9, 2010November 9, 2010 Security Essentials for Desktop System AdministratorsSecurity Essentials for Desktop System Administrators 4848

Page 48: Security Essentials for Desktop System Administrators

Summary: User ResponsibilitiesSummary: User Responsibilities

Appropriate use of computing resourcesEnsuring your data is backed up

Respecting others’ privacyProtecting Personal Information (course)

Reporting incidents promptly

Appropriate use of computing resourcesEnsuring your data is backed up

Respecting others’ privacyProtecting Personal Information (course)

Reporting incidents promptly

November 9, 2010November 9, 2010 Security Essentials for Desktop System AdministratorsSecurity Essentials for Desktop System Administrators 4949

Page 49: Security Essentials for Desktop System Administrators

Which Brings Us To SysadminsWhich Brings Us To Sysadmins

That wrench ain’t gonna swing itself.That wrench ain’t gonna swing itself.

November 9, 2010November 9, 2010 Security Essentials for Desktop System AdministratorsSecurity Essentials for Desktop System Administrators 5050

Page 50: Security Essentials for Desktop System Administrators

Sysadmins Get Risk-RoledSysadmins Get Risk-Roled

System manager for securityAssist and instruct users to do it right

Vigilant observer of your systems (and sometimes user) behavior

System manager for securityAssist and instruct users to do it right

Vigilant observer of your systems (and sometimes user) behavior

November 9, 2010November 9, 2010 Security Essentials for Desktop System AdministratorsSecurity Essentials for Desktop System Administrators 5252

Page 51: Security Essentials for Desktop System Administrators

Patch/Configuration ManagementPatch/Configuration Management

Baselines: Linux, Mac, WindowsAll systems must meet their baseline

All systems must be regularly patchedNon-essential services off

Windows, especially, must run AV

Baselines: Linux, Mac, WindowsAll systems must meet their baseline

All systems must be regularly patchedNon-essential services off

Windows, especially, must run AV

November 9, 2010November 9, 2010 Security Essentials for Desktop System AdministratorsSecurity Essentials for Desktop System Administrators 5353

Page 52: Security Essentials for Desktop System Administrators

Patch/Configuration ManagementPatch/Configuration Management

All systems must run up-to-date,supported version of the OS

Exceptions/Exemptions:Documented case why OS is “stuck”

Patch and manage as securely

All systems must run up-to-date,supported version of the OS

Exceptions/Exemptions:Documented case why OS is “stuck”

Patch and manage as securely

November 9, 2010November 9, 2010 Security Essentials for Desktop System AdministratorsSecurity Essentials for Desktop System Administrators 5454

Page 53: Security Essentials for Desktop System Administrators

Critical VulnerabilitiesCritical Vulnerabilities

Active exploits declared criticalPose a clear and present danger

Must patch by a given date or be blockedHandled via TIssue events

Active exploits declared criticalPose a clear and present danger

Must patch by a given date or be blockedHandled via TIssue events

November 9, 2010November 9, 2010 Security Essentials for Desktop System AdministratorsSecurity Essentials for Desktop System Administrators 5555

Page 54: Security Essentials for Desktop System Administrators

NOISE, n.NOISE, n.

…The chief product and authenticatingsign of civilization.

Ambrose Bierce, The Devil’s Dictionary

…The chief product and authenticatingsign of civilization.

Ambrose Bierce, The Devil’s Dictionary

November 9, 2010November 9, 2010 Security Essentials for Desktop System AdministratorsSecurity Essentials for Desktop System Administrators 5656

Page 55: Security Essentials for Desktop System Administrators

Computer Security IncidentsComputer Security Incidents

Must report all suspicious activityIf urgent -- Service Desk at x2345

Or to system manager(if immediately available)

Not to be discussed!

Must report all suspicious activityIf urgent -- Service Desk at x2345

Or to system manager(if immediately available)

Not to be discussed!

November 9, 2010November 9, 2010 Security Essentials for Desktop System AdministratorsSecurity Essentials for Desktop System Administrators 5757

Page 56: Security Essentials for Desktop System Administrators

Computer Security IncidentsComputer Security Incidents

Non-urgent to [email protected]

Fermi Computer Incident Response Team (FCIRT) will investigate

Non-urgent to [email protected]

Fermi Computer Incident Response Team (FCIRT) will investigate

November 9, 2010November 9, 2010 Security Essentials for Desktop System AdministratorsSecurity Essentials for Desktop System Administrators 5858

Page 57: Security Essentials for Desktop System Administrators

Recovery: FCIRTRecovery: FCIRT

Triage initial reportsCoordinate investigation

Work with local SysadminsCall in technical experts

Triage initial reportsCoordinate investigation

Work with local SysadminsCall in technical experts

November 9, 2010November 9, 2010 Security Essentials for Desktop System AdministratorsSecurity Essentials for Desktop System Administrators 5959

Page 58: Security Essentials for Desktop System Administrators

Recovery: FCIRTRecovery: FCIRT

May take control of affected systemsMaintain confidentiality

May take control of affected systemsMaintain confidentiality

November 9, 2010November 9, 2010 Security Essentials for Desktop System AdministratorsSecurity Essentials for Desktop System Administrators 6060

Page 59: Security Essentials for Desktop System Administrators

Mandatory Sysadmin RegistrationMandatory Sysadmin Registration

All Sysadmins must be registeredPrimary Sysadmin is responsible for

configuring and patchinghttp://security.fnal.gov ->

“Verify your node registration”

All Sysadmins must be registeredPrimary Sysadmin is responsible for

configuring and patchinghttp://security.fnal.gov ->

“Verify your node registration”

November 9, 2010November 9, 2010 Security Essentials for Desktop System AdministratorsSecurity Essentials for Desktop System Administrators 6161

Page 60: Security Essentials for Desktop System Administrators

Major applicationsMajor applications

Critical to the mission of the LabRequire moderate level security controlsEach MA has its own security plan with

enhanced / compensatory security controls

Critical to the mission of the LabRequire moderate level security controlsEach MA has its own security plan with

enhanced / compensatory security controls

November 9, 2010November 9, 2010 Security Essentials for Desktop System AdministratorsSecurity Essentials for Desktop System Administrators 6262

Page 61: Security Essentials for Desktop System Administrators

Security Essentials for Grid System Administrators CourseSecurity Essentials for Grid System Administrators Course

Credentials other than Fermilab Kerberos

Fermi Grid infrastructure (GUMS / VOMS)

Developer of grid middleware

Credentials other than Fermilab Kerberos

Fermi Grid infrastructure (GUMS / VOMS)

Developer of grid middleware

November 9, 2010November 9, 2010 Security Essentials for Desktop System AdministratorsSecurity Essentials for Desktop System Administrators 6363

Page 62: Security Essentials for Desktop System Administrators

Grid Security TrainingGrid Security Training

Grid Resource Users also requiretraining on PKI Authentication

Grid Resource Users also requiretraining on PKI Authentication

November 9, 2010November 9, 2010 Security Essentials for Desktop System AdministratorsSecurity Essentials for Desktop System Administrators 6464

Page 63: Security Essentials for Desktop System Administrators

Do Not Want: Prohibited ActivitiesDo Not Want: Prohibited Activities

Blatant disregard of computer securityUnauthorized or malicious actions

Unethical behaviorRestricted central services

Security & cracker toolshttp://security.fnal.gov/policies/cpolicy.html

Blatant disregard of computer securityUnauthorized or malicious actions

Unethical behaviorRestricted central services

Security & cracker toolshttp://security.fnal.gov/policies/cpolicy.html

November 9, 2010November 9, 2010 Security Essentials for Desktop System AdministratorsSecurity Essentials for Desktop System Administrators 6565

Page 64: Security Essentials for Desktop System Administrators

Role of SysadminsRole of Sysadmins

Manage your systems sensibly, securelyServices comply with Strong Auth rules

Report potential incidents to FCIRTAct on relevant bulletins

Keep your eyes open

Manage your systems sensibly, securelyServices comply with Strong Auth rules

Report potential incidents to FCIRTAct on relevant bulletins

Keep your eyes open

November 9, 2010November 9, 2010 Security Essentials for Desktop System AdministratorsSecurity Essentials for Desktop System Administrators 6666

Page 65: Security Essentials for Desktop System Administrators

We Can Do It …We Can Do It …

November 9, 2010November 9, 2010 Security Essentials for Desktop System AdministratorsSecurity Essentials for Desktop System Administrators 6767

Page 66: Security Essentials for Desktop System Administrators

We Can Do It. Statistically.We Can Do It. Statistically.

November 9, 2010November 9, 2010 Security Essentials for Desktop System AdministratorsSecurity Essentials for Desktop System Administrators 6868

Page 67: Security Essentials for Desktop System Administrators

Questions?Questions?

[email protected] questions about security policy

[email protected] reporting security incidents

http://security.fnal.gov/

[email protected] questions about security policy

[email protected] reporting security incidents

http://security.fnal.gov/

November 9, 2010November 9, 2010 Security Essentials for Desktop System AdministratorsSecurity Essentials for Desktop System Administrators 6969


Security Essentials for Fermilab System Administrators.

Security Essentials for Fermilab System Administrators.

OpenFox® Desktop User Manual - Texas Department of Public ...€¦ · Desktop Administrators Guide for more information on this topic. ... Choosing this menu option displays the

OpenFox® Desktop User Manual - Texas Department of Public ...€¦ · Desktop Administrators Guide for more information on this topic. ... Choosing this menu option displays the

Security Essentials for Desktop System Administrors

Security Essentials for Desktop System Administrors

Polycom VVX 500 Administrators' Guide ·  · 2011-11-30Polycom ® VVX® 500 Administrators’ Guide. ... 7 Polycom Desktop Connector Integration ... 4.0.1 Administrators’ Guide

Polycom VVX 500 Administrators' Guide ·  · 2011-11-30Polycom ® VVX® 500 Administrators’ Guide. ... 7 Polycom Desktop Connector Integration ... 4.0.1 Administrators’ Guide

Apple Remote Destkop · 2009-08-01 · Apple Remote Desktop is easy-to-use, powerful, desktop management software for all your networked Macs. System administrators can remotely control

Apple Remote Destkop · 2009-08-01 · Apple Remote Desktop is easy-to-use, powerful, desktop management software for all your networked Macs. System administrators can remotely control

Simplifying enterprise desktop deployment and management ... · virtualization framework A s enterprise computing environments become increasingly distributed and mobile, administrators

Simplifying enterprise desktop deployment and management ... · virtualization framework A s enterprise computing environments become increasingly distributed and mobile, administrators

visionapp Remote Desktop (vRD) Remote Desktop (vRD) ... you can tailor visionapp Remote Desktop to your individual ... > In database mode, administrators can work simultaneously with

visionapp Remote Desktop (vRD) Remote Desktop (vRD) ... you can tailor visionapp Remote Desktop to your individual ... > In database mode, administrators can work simultaneously with

Working with the Desktop Environmentsvig.pearsoned.com/samplechapter/0672327902.pdfCHAPTER 3 Working with the Desktop Environments Although many administrators are perfectly content

Working with the Desktop Environmentsvig.pearsoned.com/samplechapter/0672327902.pdfCHAPTER 3 Working with the Desktop Environments Although many administrators are perfectly content

Salesforce CPQ Admin Essentials for Experienced Administrators

Salesforce CPQ Admin Essentials for Experienced Administrators

COURSE MAPPING - TestOut · 1 TestOut Office Pro to Desktop Pro Course Mapping Office Pro 6.0 Desktop Pro 4.1 1.0 ONLINE ESSENTIALS 1.1 The Information Age 1.1.1 Introduction to Desktop

COURSE MAPPING - TestOut · 1 TestOut Office Pro to Desktop Pro Course Mapping Office Pro 6.0 Desktop Pro 4.1 1.0 ONLINE ESSENTIALS 1.1 The Information Age 1.1.1 Introduction to Desktop

Security Essentials for Desktop System Administrators.

Security Essentials for Desktop System Administrators.

Desktop Central In IT Administrators’ Perspective.

Desktop Central In IT Administrators’ Perspective.

It essentials virtual desktop

It essentials virtual desktop

SCHOOL FINANCE ESSENTIALS WASDA NEW ADMINISTRATORS WORKSHOP Deb Brown & Erin Fath School Finance Team – DPI November 13, 2012 1.

SCHOOL FINANCE ESSENTIALS WASDA NEW ADMINISTRATORS WORKSHOP Deb Brown & Erin Fath School Finance Team – DPI November 13, 2012 1.

Getting Started with ArcGIS Pro Pro Essentials for ArcMap Users... · ArcGIS Desktop Desktop Web Device Server Online Content and Services Portal ArcMap ArcCatalog ArcScene ArcGlobe

Getting Started with ArcGIS Pro Pro Essentials for ArcMap Users... · ArcGIS Desktop Desktop Web Device Server Online Content and Services Portal ArcMap ArcCatalog ArcScene ArcGlobe

RTI: The Essentials for Elementary School Administrators Jim Wright interventioncentral

RTI: The Essentials for Elementary School Administrators Jim Wright interventioncentral

Augmenting VMware View Horizon (VDI) with Micro … Requirements . . . . . . . . . . . ... administrators to deploy virtual desktop images on machines running Windows XP, Windows Vista,

Augmenting VMware View Horizon (VDI) with Micro … Requirements . . . . . . . . . . . ... administrators to deploy virtual desktop images on machines running Windows XP, Windows Vista,

Personnel Essentials Presented by V. Wayne Young Executive Director and General Counsel Kentucky Association of School Administrators November 2008.

Personnel Essentials Presented by V. Wayne Young Executive Director and General Counsel Kentucky Association of School Administrators November 2008.

How Schools, Colleges and Universities ... - NoTouch Desktop€¦ · NoTouch Desktop helps boost security with its low footprint NoTouch OS, and saves your system administrators time

How Schools, Colleges and Universities ... - NoTouch Desktop€¦ · NoTouch Desktop helps boost security with its low footprint NoTouch OS, and saves your system administrators time

Dual Language Essentials for Teachers and Administrators ... · Dual Language Essentials for Teachers and Administrators, 2005, 232 pages, Yvonne S. Freeman, David E. Freeman, Sandra

Dual Language Essentials for Teachers and Administrators ... · Dual Language Essentials for Teachers and Administrators, 2005, 232 pages, Yvonne S. Freeman, David E. Freeman, Sandra