Table of Contents
Policies and Procedures
Quick Overview of Network Security at MIT
What? No firewalls?
MITnet Rules of Use�http://web.mit.edu/olh/Rules/
Security Team History
Volume of incoming requests, statistics
Composition of team
Team Rules, AKA, "The Riot Act"
The interchangeable role of staff and students
How we track our cases: Casetracker
First Response
Different situations that call for different responses
General procedures
Machine is doing "something bad"
Machine is compromised, but not actively doing "something bad"
Machine is merely vulnerable
In All Cases:
Another site reports a scan from MIT
Another site says we are scanning them (more)
Another site scans MITnet
Scanning our own network for�vulnerabilities
Someone tells us that a machine is vulnerable
Site visits
Checking up
Non-obvious MIT web policies
Non-obvious MIT web policies
Lawyers - who needs them? :-)
|
Author: Bob Mahoney
Email: bobmah@mit.edu
Download presentation source
|