Intrusion

Technical Resources

Technical Resources

This section of the website contains links to tools and documentation specifically for use by administrators. Scroll to the bottom of the page to access these resources.

What are my responsibilities as an administrator?

You are responsible for ensuring that all web resources, computers, servers, network devices, and any other types of computing devices that you support comply with all published standards.

You are also responsible for prompt reporting of computer incidents to the ISO in accordance with the Computer Incident Handling Standard.

Computer Incident Handling Resources

Security Checklists

Protocols

  • Prohibited network protocols include LDAP without use TLS, FTP, telnet, remote host protocols, SSHv1, SSLv1, SSLv2, and SSLv3.

Exceptions

The Information Security Office has provided a method for obtaining an exception to compliance with the published security standards.

Questions

If you have any questions or feedback about specific information security requirements, please e-mail us at infosec@rit.edu.

Updated 12/5/14

Host Intrusion Prevention (RIT-owned/leased computers only)

Host Intrusion Prevention (RIT-owned/leased computers only)

Note: This requirement applies only to RIT-owned and leased computers. There is currently no requirement for personally-owned machines to run host intrusion prevention.

Currently, personal networking devices used on the RIT residential network (such as routers, switches, etc.) do not need to meet the Network Security Standard. Resnet has created separate guidelines for Using a Router/Wireless Router on the RIT Network.

The following products have all been tested by the Information Security Office and approved for use on RIT-owned/leased computers.

Recommended Host-based Intrusion Prevention Software

Server

Program

Description

OSSEC

Open source intrusion detection (multiple platforms) (ISO-tested). Active protection feature must be enabled.

McAfee HIPS

Desktop and server intrusion prevention (Windows) (ISO-tested)

Bit9

Application whitelisting (Windows) (non ISO-tested)

Cimcor

Protects against unauthorized changes (Server and Network) (non ISO-tested)

Tripwire (commercial version)

Configuration assessment and change auditing (Desktops and Servers; VMware coming) (non ISO-tested)

Desktop

Program

Description

OSSEC

Open source intrusion detection (multiple platforms) (ISO-tested). Active protection feature must be enabled.

McAfee HIPS

Desktop intrusion prevention (Windows) (ISO-tested)

Comodo

Internet Security Suite (ISO-tested)

Online Armor - Tall - Emu

Firewall (ISO-tested)

E-mail us at infosec@rit.edu if you have any questions or suggestions.

Subscribe to RSS - Intrusion