PNNL Vulnerability Scanning - PowerPoint PPT Presentation

1 / 20
About This Presentation
Title:

PNNL Vulnerability Scanning

Description:

Redhat, Solaris, IRIX, Suse, and Ubuntu. Macintosh. Network printers and other operating systems ... Provide comprehensive and effective vulnerability and ... – PowerPoint PPT presentation

Number of Views:156
Avg rating:3.0/5.0
Slides: 21
Provided by: vahidsh
Category:

less

Transcript and Presenter's Notes

Title: PNNL Vulnerability Scanning


1
PNNL Vulnerability Scanning
  • Integrating Contiguous Scanning While Maintaining
    a
  • Comprehensive Program
  • Presented by Vahid Hackler at NLIT 2007
  • Unclassified Cyber Security (UCS)
  • Pacific Northwest National Laboratory

2
Agenda
  • Program Objective
  • Vulnerabilities Focus
  • Tools
  • Detection and Follow-Through
  • Scanning Timetable
  • Remediation
  • Metrics
  • Lessons Learned

3
PNNL Network Environment
  • Approx. 8,500 networked systems
  • Windows operating system
  • Server, XP, and 2000
  • UNIX including Linux
  • Redhat, Solaris, IRIX, Suse, and Ubuntu
  • Macintosh
  • Network printers and other operating systems

4
Program Objective
  • Provide comprehensive and effective vulnerability
    and configuration management in a heterogeneous
    environment
  • Managed and unmanaged systems
  • Dispersed workforce environment
  • Constant patch releases from various sources
  • Users with administrative privileges
  • with minimal impact to staff productivity

5
Vulnerabilities Focus
  • Critical, High, and Medium
  • Variety of operating systems and platforms
  • Wide array of user and organizational deployed
    applications
  • Configuration Management
  • Clear text protocols such as telnet, ftp, rlogin,
    and xdcmp
  • Inherently vulnerable protocols such as SSHv1,
    SNMP, and SMTP
  • Unused services such as chargen, finger, echo,
    daytime, discard, and systat

6
Todays Tools
  • Vulnerability Program Management System
  • Managed system providing scheduled scans
  • Ticketing system
  • Foundstone Enterprise Management System
  • Verification Scanner
  • Accurate
  • Common, reputable auditing tool
  • Nessus
  • Password Cracker
  • L0phtcrack

7
Scanning TimetableIssues for Consideration
  • Benefits of multiple types of scans
  • Finite network bandwidth capacity
  • Identify most critical issues quickly
  • Strategic remediation of enterprise wide issues

8
Scanning Timetable
  • Patch Tuesday
  • Monthly
  • Authenticated Scan
  • Local Admin Password Scan
  • Weekly
  • Non-authenticated Scan
  • Contiguously
  • Top 20 Scan
  • Targeted Scans (project scans)
  • Used when tackling new issues (e.g. Symantec
    LiveUpdate vulnerability)

9
Monthly Authenticated Scan
  • Acts as independent patch deployment verification
  • Utilized for strategic remediation
  • Conducted using Vulnerability Program Management
    System

10
Monthly Local Admin Password Scan
  • Identify 10 to 15 of the most commonly guessed
    passwords
  • Performed after authenticated scans
  • Passwords identified as weak are changed through
    a separate, automated process
  • Uses homegrown plug-in for Verification Scanner

11
Weekly Non-Authenticated Scan
  • All non-authenticated checks
  • Used to determine checks for the contiguous Top
    20 scans
  • Remediation completed on all issues identified
  • Uses a combination of the Vulnerability Program
    Management and Verification Scanner systems

12
Contiguous Top 20 Scan
  • FBI/SANS recommendations
  • PNNL previous vulnerability issues
  • All issues identified are corrected on an
    individual basis by PNNL Help Desk

13
Targeted Scans
  • Used to further assess specific issues identified
    in routine scans
  • Performed as needed or requested by management
  • Results dealt with as required

14
Remediation A Team Effort
  • Unclassified Cyber Security (UCS)
  • Scan and identify issues to be resolved
  • Desktop and Hosting Services
  • Implement strategic and large scale vulnerability
    remediation
  • User Support Services
  • Remediate isolated issues

Unclassified Cyber Security
Desktop and Hosting Services
User Support Services
15
Remediation After the Scan
  • Authenticated scans
  • Issues identified are passed via metric reports
    to Desktop and Hosting Services
  • Non-authenticated scans
  • Vulnerabilities are treated as isolated issues
    and passed to User Support Services for
    remediation
  • All remediation actions are reported to UCS
  • Effectiveness measured by follow-up scans

16
Measuring SuccessIssues to Consider
  • Keep it simple
  • Track number of vulnerabilities on the network
  • Keep it readable
  • Show the key issues and trends
  • Provide data for management action
  • Keep it consistent
  • Give a clear picture that tells the story as it
    was told before

17
The Vulnerability Scanning Report
  • General Discussion
  • Narrative of authenticated and non-authenticated
    scan issues
  • Scanning System Health
  • Uptime, performance
  • Password Scan Summary
  • Non-Authenticated Vulnerabilities
  • High and Medium
  • Authenticated Vulnerabilities
  • High and Medium

18
Vulnerability Scanning Report cont.
  • Top Ten
  • High Vulnerabilities
  • Medium Vulnerabilities
  • Worst Systems
  • Number of Non-authenticated Vulnerabilities per
    Operating System
  • Watch for non-managed operating system issues

19
Lessons Learned
  • Increase Efforts to Fix Root Causes
  • Bring more systems under managed umbrella
  • Ensure system management tools are working
  • Provide Realistic and Meaningful Reports
  • Build metrics that management can act upon
  • Integrate Asset and Vulnerability Management
  • Vulnerability tracking system feeds and gets
    information to/from other systems such as Help
    Desk incident ticketing system
  • Vulnerability tracking system that utilizes
    multiple scanning technologies through integrated
    management tool

20
Questions and Contact
  • vahid.hackler_at_pnl.gov
  • 509-372-6721
Write a Comment
User Comments (0)
About PowerShow.com