Presentation Title - Tennessee Technological University
Download
Report
Transcript Presentation Title - Tennessee Technological University
IT Asset Visibility
Kevin Watson and Ammar Ammar
The University of Tennessee Health Science Center
What is Total Asset Visibility?
• Capability to provide users with timely and
accurate information
•
•
•
•
Location
Movement
Status
Identity of units
•
•
•
•
Personnel
Equipment
Material
Supplies
• Capability to act upon that information to
improve overall performance
The University of Tennessee Health Science Center
Total Asset Visibility
• As applied to IT
•
•
•
•
•
•
Hardware
Software
Endpoints
Portable devices
Servers
Network/infrastructure devices
“If it has an IP Address, it is an asset, and
you need visibility into it.”
The University of Tennessee Health Science Center
Why is it important?
• SANS 20 Critical Controls for an Effective
Cyber Defense
•
Without knowing what you have, you can’t
effectively protect it
• Attackers continuously scan target
organizations waiting on vulnerable
systems to appear on the network
•
•
•
Devices off and on the network
Out of date devices
New systems and applications
The University of Tennessee Health Science Center
• Foreign systems should be isolated to
prevent compromises from affecting
security
•
•
•
•
Test systems
Vender portables
Personal assets
Guest systems
• BYOD is becoming increasingly
common
The University of Tennessee Health Science Center
How do we do it?
Managed control
1. Deploy and leverage asset discovery tool to build an
inventory
2. Deploy dynamic host configuration protocol
(DHCP) server logging
3. Ensure all IP enabled acquisitions update the
inventory system as new, approved devices
The University of Tennessee Health Science Center
4. Inventory should include every system that has an
Internet protocol (IP) address
•
•
•
•
•
•
Network IP address(es)
Hostname
Function of system
Asset owner, steward, and custodian
Business units serviced
Portable? Personal?
5. Use network level authentication via 802.1x and tie
inventory data to determine authorized and
unauthorized systems
6. Network Access Control (NAC) monitors
authorized systems to facilitate remediation when
necessary
The University of Tennessee Health Science Center
How does this help the organization?
• Accounts for and manages inventory
•
Network devices can be reconciled with the asset inventory
• Active scanning tools and passive listening tools
can pair to improve detection of new or
unauthorized devices
• Switches can be configured to implement 802.1x
•
Only properly configured devices can connect to the network
The University of Tennessee Health Science Center
Effectiveness Metrics
• Average time to detect a new devices
• Average time for scanners to alert the security
administrators to unauthorized devices
• Average time to isolate/remove unauthorized
devices
• Ability to identify location, department, and other
critical details about the detected, unauthorized
device
•
SANS, http://www.sans.org/critical-securitycontrols/control/1
The University of Tennessee Health Science Center
What tools can help?
The University of Tennessee Health Science Center
Questions?
The University of Tennessee Health Science Center
• Kevin Watson
• 901-448-7010
• [email protected]
• Ammar Ammar
• 901-448-2163
• [email protected]
• http://uthsc.edu/its/information-security
Contact information