Security Scans

Durham:

Nicholas IT runs security scans on our network subnets on the 15th of each month using the program Nessus.

The Nicholas IT sysadmins will review the reports each month for the 111-112, and 110 networks, and briefly scan the others.  Any machines that are lacking serious security patches will be manually patched unless yum provides a patch.   Any systems which appear to be compromised or are a security risk will be immediately removed from the network and rebuilt.

Email is sent to Nicholas IT staff stating that the scans have been done - for the 111-112, and 110 networks, and to the respective machine/subnet owners (Malin, Halpin, and Katul-Oren) letting them know that the scans on their machines/subnets have been completed. 

Durham and Marine Lab:

The OIT Security office scans for known vulnerabilities on a regular basis. Currently, vulnerability scanning of the Nicholas School and Marine Lab subnets occurs on Thursday of the first full week of each month.

Password scans are performed quarterly and e-mails are sent to users who have insecure passwords, requiring them to change their password. Users are educated to use at least 8-character passwords, non-dictionary words, and to include uppercase letters, numbers, and non-letter, non-numeric characters in their passwords.

OS Updates

Operating systems are kept current by using Yum, BigFix, Microsoft or Apple Software Updates.  Security patches are applied as soon as possible after released. 

McAfee Enterprise VirusScan is installed and configured to look for "unwanted" programs.  Virus definitions are updated daily. 

Firewall

Marine Lab:

IPSEC rules are used via group policy.

Durham:

Windows Firewall is enabled and configured on desktop computers to only allow file sharing and printing on the Nicholas School subnets.

Linux servers and workstations use a host-based firewall and Solaris systems which have no host-based firewall and that are running NFS, are placed behind a firewall which uses NAT to communicate with the rest of the network.

Miscellaneous

Durham:

Epylog is used to digest and create a daily report of attempted root logins (failed or successful), dictionary attacks, SSH scans and/ or any other potentially maliciously-intended activity on linux/unix-bases workstations and servers.

Durham and Marine Lab:

To avoid compromising information to the unexpected visitor, we educate users to either lock or log-off of their workstation when they leave the office.