1 / 19

OUHSC Information Security Update

OUHSC Information Security Update. IT, Information Security Services Randy Moore Nathan Gibson Greg Bostic. Security Project Update. Active Directory Cleanup Project “Cleaning the house” -- getting rid of old computer accounts Active Directory GPO project Establishing a security baseline

cinnamon-mitchell
Download Presentation

OUHSC Information Security Update

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. OUHSC Information Security Update IT, Information Security Services Randy Moore Nathan Gibson Greg Bostic

  2. Security Project Update • Active Directory Cleanup Project • “Cleaning the house” -- getting rid of old computer accounts • Active Directory GPO project • Establishing a security baseline • E-Policy Orchestrator Project • Mirroring ePO with AD • Centrally Managing • Using the tools we have available

  3. Active Directory Cleanup

  4. Purpose • GPOs cannot be applied on the computers container • ePO Sync would be inaccurate • Hard to manage with erroneous accounts present

  5. Current Status • 1200 inactive computer accounts disabled and moved into the disabled.comps OU • Computer Accounts have been moved from the Computers container into the UnAssigned.Comps OU • GPO w/ login script applied to UnAssigned.Comps OU

  6. New Procedures • All new computers should have account created prior to joining domain. • Computer Account Lifecycle procedure • 30 days UnAssigned.Comp – Active • 30 days disabled.comps – Inactive • On the 60th day Computer Account deleted • New Computer Checklist

  7. Cleaning Your OU • Weed out old Computer Accounts • Use Active Directory Users and Computers • Go to “View” in the MMC • Check “Advanced Features” • Go to “View” and choose “Add/Remove Columns” • In the left hand “Available columns” table choose “Modified” and click “Add ->” • Hit OK

  8. McAfee E-Policy Orchestrator Project(ePO)

  9. ePO McAfee E Policy Orchestrator • Provides a way to centrally manage Anti Virus protection on all managed devices • Syncs with Active Directory • Automatically installs/uninstalls AV • Automatic DAT updates • Customizable policies • Notification Capabilities • Report Generation

  10. Training Greg Bostic 2nd Annual Cyber Security Day October 24, 2007 10:00 am

  11. Cyber Security Day • Tier 1 Training • Business Manager Briefings • End User Briefings

  12. Security Baseline Active Directory GPO Project

  13. GPO Review • Group Policy Objects: • Allows you to configure baseline settings to ensure all resources have the same settings • Ease the administrative overhead in applying and modifying end user device and servers. • “One-Stop-Shop” for demonstrating policy compliance

  14. AD GPO Project • Round 2 Settings Setting 1- HSC-IT-Automatic Updates (Workstation Only) • Enable Windows Updates Power management to automatically wake up the system: Enabled • 4- Auto Download and Schedule the Install • Schedule Install Day: 0-Everyday • Scheduled Install Time: 0300 Setting 2- HSC-IT-No Display Last User Login • Interactive logon: do not display last user name: Enabled

  15. No Last User Name Impact

  16. Screen Saver Impact

  17. House Cleaning Help • Standardize GPO naming scheme • Dept-XXXX • Delete Old GPOs • Combine GPOs If possible • Remove GPOs with settings applied at higher lever

  18. FUTURE GPO Settings • Event Logging • Account Management: Success • Account Logon/Logoff: Success/Failure • Policy Change: Success • System Events: Success/Failure • Screen Saver • Hide Screen Saver Tab: Enabled • Screen Saver: Enabled • Password protect the Screen Saver: Enabled • Screen Saver Timeout: 600(900?)

  19. Let’s Talk Questions & Concerns ??? http://it.ouhsc.edu/services/infosecurity/Projects.asp

More Related