OUHSC Information Security Update IT Information Security Services
- Slides: 19
OUHSC Information Security Update IT, Information Security Services Randy Moore Nathan Gibson Greg Bostic
Security Project Update – Active Directory Cleanup Project • “Cleaning the house” -- getting rid of old computer accounts – Active Directory GPO project • Establishing a security baseline – E-Policy Orchestrator Project • Mirroring e. PO with AD • Centrally Managing • Using the tools we have available
Active Directory Cleanup
Purpose • GPOs cannot be applied on the computers container • e. PO Sync would be inaccurate • Hard to manage with erroneous accounts present
Current Status • 1200 inactive computer accounts disabled and moved into the disabled. comps OU • Computer Accounts have been moved from the Computers container into the Un. Assigned. Comps OU • GPO w/ login script applied to Un. Assigned. Comps OU
New Procedures • All new computers should have account created prior to joining domain. • Computer Account Lifecycle procedure – 30 days Un. Assigned. Comp – Active – 30 days disabled. comps – Inactive – On the 60 th day Computer Account deleted • New Computer Checklist
Cleaning Your OU • Weed out old Computer Accounts – – – Use Active Directory Users and Computers Go to “View” in the MMC Check “Advanced Features” Go to “View” and choose “Add/Remove Columns” In the left hand “Available columns” table choose “Modified” and click “Add ->” – Hit OK
Mc. Afee E-Policy Orchestrator Project(e. PO)
e. PO Mc. Afee E Policy Orchestrator • Provides a way to centrally manage Anti Virus protection on all managed devices • Syncs with Active Directory • Automatically installs/uninstalls AV • Automatic DAT updates • Customizable policies • Notification Capabilities • Report Generation
Training Greg Bostic 2 nd Annual Cyber Security Day October 24, 2007 10: 00 am
Cyber Security Day • Tier 1 Training • Business Manager Briefings • End User Briefings
Security Baseline Active Directory GPO Project
GPO Review • Group Policy Objects: 1. Allows you to configure baseline settings to ensure all resources have the same settings 2. Ease the administrative overhead in applying and modifying end user device and servers. 3. “One-Stop-Shop” for demonstrating policy compliance
AD GPO Project • Round 2 Settings Setting 1 HSC-IT-Automatic Updates (Workstation Only) – Enable Windows Updates Power management to automatically wake up the system: Enabled – 4 - Auto Download and Schedule the Install – Schedule Install Day: 0 -Everyday – Scheduled Install Time: 0300 Setting 2 HSC-IT-No Display Last User Login – Interactive logon: do not display last user name: Enabled
No Last User Name Impact
Screen Saver Impact
House Cleaning Help • Standardize GPO naming scheme – – Dept-XXXX Delete Old GPOs Combine GPOs If possible Remove GPOs with settings applied at higher lever
FUTURE GPO Settings • Event Logging – – Account Management: Success Account Logon/Logoff: Success/Failure Policy Change: Success System Events: Success/Failure • Screen Saver – – Hide Screen Saver Tab: Enabled Screen Saver: Enabled Password protect the Screen Saver: Enabled Screen Saver Timeout: 600(900? )
Let’s Talk Questions & Concerns ? ? ? http: //it. ouhsc. edu/services/infosecurity/Projects. asp
- Backup and recovery techniques
- Ouhsc student counseling services
- Ouhsc pa program
- Ouhsc student health
- Microsoft windows 10 security update
- Microsoft security essential tidak bisa update
- Private secuirty
- Ouhsc staff senate
- Ouhsc registrar
- My health access network
- Ouhsc housing
- Ouhsc health insurance
- Ouhsc writing center
- Ouhsc parking
- Ouhsc secure file transfer
- Ouhsc sonography
- Concur ouhsc
- What is pain
- Notenexpress
- Ouhsc dental hygiene