OUHSC Information Security Update IT Information Security Services
- Slides: 19
OUHSC Information Security Update IT, Information Security Services Randy Moore Nathan Gibson Greg Bostic
Security Project Update – Active Directory Cleanup Project • “Cleaning the house” -- getting rid of old computer accounts – Active Directory GPO project • Establishing a security baseline – E-Policy Orchestrator Project • Mirroring e. PO with AD • Centrally Managing • Using the tools we have available
Active Directory Cleanup
Purpose • GPOs cannot be applied on the computers container • e. PO Sync would be inaccurate • Hard to manage with erroneous accounts present
Current Status • 1200 inactive computer accounts disabled and moved into the disabled. comps OU • Computer Accounts have been moved from the Computers container into the Un. Assigned. Comps OU • GPO w/ login script applied to Un. Assigned. Comps OU
New Procedures • All new computers should have account created prior to joining domain. • Computer Account Lifecycle procedure – 30 days Un. Assigned. Comp – Active – 30 days disabled. comps – Inactive – On the 60 th day Computer Account deleted • New Computer Checklist
Cleaning Your OU • Weed out old Computer Accounts – – – Use Active Directory Users and Computers Go to “View” in the MMC Check “Advanced Features” Go to “View” and choose “Add/Remove Columns” In the left hand “Available columns” table choose “Modified” and click “Add ->” – Hit OK
Mc. Afee E-Policy Orchestrator Project(e. PO)
e. PO Mc. Afee E Policy Orchestrator • Provides a way to centrally manage Anti Virus protection on all managed devices • Syncs with Active Directory • Automatically installs/uninstalls AV • Automatic DAT updates • Customizable policies • Notification Capabilities • Report Generation
Training Greg Bostic 2 nd Annual Cyber Security Day October 24, 2007 10: 00 am
Cyber Security Day • Tier 1 Training • Business Manager Briefings • End User Briefings
Security Baseline Active Directory GPO Project
GPO Review • Group Policy Objects: 1. Allows you to configure baseline settings to ensure all resources have the same settings 2. Ease the administrative overhead in applying and modifying end user device and servers. 3. “One-Stop-Shop” for demonstrating policy compliance
AD GPO Project • Round 2 Settings Setting 1 HSC-IT-Automatic Updates (Workstation Only) – Enable Windows Updates Power management to automatically wake up the system: Enabled – 4 - Auto Download and Schedule the Install – Schedule Install Day: 0 -Everyday – Scheduled Install Time: 0300 Setting 2 HSC-IT-No Display Last User Login – Interactive logon: do not display last user name: Enabled
No Last User Name Impact
Screen Saver Impact
House Cleaning Help • Standardize GPO naming scheme – – Dept-XXXX Delete Old GPOs Combine GPOs If possible Remove GPOs with settings applied at higher lever
FUTURE GPO Settings • Event Logging – – Account Management: Success Account Logon/Logoff: Success/Failure Policy Change: Success System Events: Success/Failure • Screen Saver – – Hide Screen Saver Tab: Enabled Screen Saver: Enabled Password protect the Screen Saver: Enabled Screen Saver Timeout: 600(900? )
Let’s Talk Questions & Concerns ? ? ? http: //it. ouhsc. edu/services/infosecurity/Projects. asp
Backup and recovery techniques
Ouhsc student counseling services
Ouhsc pa program
Ouhsc student health
Microsoft windows 10 security update
Microsoft security essential tidak bisa update
Private secuirty
Ouhsc staff senate
Ouhsc registrar
My health access network
Ouhsc housing
Ouhsc health insurance
Ouhsc writing center
Ouhsc parking
Ouhsc secure file transfer
Ouhsc sonography
Concur ouhsc
What is pain
Notenexpress
Ouhsc dental hygiene
