ITSD Information Security Service Delivery Team by vivi07


									Information Security Advisory Group Agenda February 16, 2005 DPHHS Auditorium, 10:30 am – 11:30 am

1. Welcome 2. Current Threats – Linux: Updated Kerberos (krb5) packages that correct a buffer overflow bug are now available for Red Hat Enterprise Linux 4. An updated xpdf package that fixes several security issues is now available. Updated kdegraphics packages that resolve security issues in kpdf are now available. Updated libtiff packages that fix various integer overflows are now available for Red Hat Enterprise Linux 4.

Microsoft released 13 patches at the beginning of the month, 11 recommended by OCP. MS05-015 Vulnerability in Hyperlink Object Library Could Allow Remote Code Execution MS05-014 Cumulative Security Update for Internet Explorer MS05-013 Vulnerability in the DHTML Editing Component ActiveX Control Could Allow Remote Code Execution MS05-012 Vulnerability in OLE and COM Could Allow Remote Code Execution MS05-011 Vulnerability in Server Message Block Could Allow Remote Code Execution MS05-010 Vulnerability in the License Logging Service Could Allow Code Execution MS05-009 Vulnerability in PNG Processing Could Allow Remote Code Execution MS05-008 Vulnerability in Windows Shell Could Allow Remote Code Execution MS05-007 Vulnerability in Windows Could Allow Information Disclosure MS05-005: Vulnerability in Microsoft Office XP could allow Remote Code Execution MS05-004 ASP.NET Path Validation Vulnerability Exploit out in the wild for MS05-009 and MS05-005 ZoneAlarm has a vulnerability but no fix yet. Information will be provided as soon as a patch is available. 3. Desktop Protection Software – subcommittee update

Working on putting together and IFB. Send requirements to Alex. 4. McAfee - VirusScan 4.5.1 SP1 will continue to be supported with .DATs, engines, and technical support (best effort work around only) through 30 June, 2005. If an issue requires an updated engine/.DAT that the EOL product does not have the capability to support, the recommendation would be to upgrade to a newer version of the product for full resolution. 5. Network changes to meet IRS audit requirements.       Set up logging on all routers and switches and send to auditing sw. Have routers use authentication to each other. Add a warning banner to all network devices. Router ACL’s for telnet. TFM for Network. FW Timeout lower.

6. XP SP2 update – White paper is due out the end of March. Putting together suggested configuration. 7. Disposal of Computers – Recently, the Legislative Auditors went to surplus property and looked at computers being surplussed. They found several from several agencies that did not meet the policy requirement for removal of data. This group had put together recommendations 2 years ago that are still applicable. It is suggested that wiping utilities be used instead of Fdisk do insure all sensitive information is removed. Some agencies do not deal with sensitive information and therefore, may choose to use Fdisk. It was also mentioned that Surplus Property is no longer taking computers. Lynne was asked to have someone from Surplus Property or the Legislative Auditors office at the next meeting to address some questions that they have. 8. Adware/Spyware Protection – This continues to be a problem. Lynne will put together a group to research, please let her know if you want to participate. Looking at McAfee’s add-on product to VirusScan. 9. Other Issues - None

To top