security policies security policies for large
play

Security Policies Security Policies for Large Who is allowed to do - PDF document

Security Policies Security Policies for Large Who is allowed to do what when Systems And what happens if they do CS 239 something else Security for Networks and And whos responsible for making sure System Software thats


  1. Security Policies Security Policies for Large • Who is allowed to do what when Systems • And what happens if they do CS 239 something else Security for Networks and • And who’s responsible for making sure System Software that’s done, if needed May 7, 2002 • And what to do if something goes wrong Page 1 Page 2 CS 239, Spring 2002 CS 239, Spring 2002 What Should a Security Policy More Formally, Cover? • Who are the legitimate users? • A security policy is a written statement that describes an organization’s • What are the assets being protected? approach to securing its computer • Who has what responsibilities for assets security? • What is appropriate use of the system? • Useful for many purposes • What are the consequences of inappropriate use? Page 3 Page 4 CS 239, Spring 2002 CS 239, Spring 2002 Some Details on the Department Getting Down to Brass Tacks Facility • The UCLA Computer Science • Meant to support CS department needs Department doesn’t have a formal –Research security policy –Education • I think it should –Administration • What should it be? • No service provided to other departments Page 5 Page 6 CS 239, Spring 2002 CS 239, Spring 2002 1

  2. Types of Users Machines on the Network • Sun machines – 220 • Faculty and lecturers (58) • Intel-based PCs – 450 • Staff (26) • Macintoshes – 30 • Graduate students (343) • HP, SGI, Digital workstations – 21 • Guests (21) • PDAs – 50 • Nobody else should have access • Several printers –Except to web sites • Scanner Page 7 Page 8 CS 239, Spring 2002 CS 239, Spring 2002 Network Configuration Our Wireless Network Campus Backbone CISCO • 802.11 equipment 6509 • Covers essentially all of the 3d and 4 th Switch CISCO 2900 Switch floors of Boelter Hall – With a little “spill” elsewhere CISCO Pix 525 Firewall CISCO Pix 525 Firewall • Currently uses both static IP addresses and CISCO DHCP CISCO CISCO 6509 – DHCP use requires registered HW 6509 Switch 6513 address for wireless card Switch Switch Page 9 Page 10 CS 239, Spring 2002 CS 239, Spring 2002 What Kind of Data Do We Store? Our Staff • Lots of research data • Pete Follett • Some class-related data • Steve Sakamoto • A fair amount of administrative data • Peter Schultze –Much critical stuff in other systems • Charlie Fritzius –But things like the CS web site are • Often part-time student helpers under our control • I’m the faculty contact for the facility Page 11 Page 12 CS 239, Spring 2002 CS 239, Spring 2002 2

  3. What Are We Protecting? What Are Our Priorities? Page 13 Page 14 CS 239, Spring 2002 CS 239, Spring 2002 What Are the Users’ Security What Is Appropriate Use? Responsibilities? Page 15 Page 16 CS 239, Spring 2002 CS 239, Spring 2002 What Are the Consequences of A Special Question for Us Inappropriate Use? • What about the labs that run their own networks and systems? Page 17 Page 18 CS 239, Spring 2002 CS 239, Spring 2002 3

Recommend


More recommend