security self-help program summary. purpose to provide a way to automate the “hardening” of...
TRANSCRIPT
Security Self-Help
Program Summary
Purpose
To provide a way to automate the “hardening” of computer systems by applying security settings and configuration changes. Insure consistency Save time Encourage secure configuration of desktops
Currently Windows 2000 and XP only (OSX version may be developed, but is currently not critical)
Who do we want to run it?
By end users who want to make sure that their computers are configured properly for Stanford’s infrastructure.
By schools and departments that want to use the tool to configure new computers before they connect to Stanford’s infrastructure.
By students that bring computers that will connect to Stanford’s network.
By other universities that want to establish their own set of security standards.
By ITSS consultants to quickly apply security settings to their client’s computers to insure consistency of configuration settings.
History
January – June 2003 Security Awareness Campaign (Security Self-Test tool)
August 2003 RPC worm attack August – September 2003 RpcCleaner September 2003 host-security group September – December 2003 Self-Help working
group March 2004 – July 16 program design, coding, and
testing of Self-Help tool July 16 Release
Program Features
Auto Update
Network
User Interface
Settings Controller
Configuration Files
Function DLL Function DLL Function DLL
Configuration Files
Function DLL Function DLL Function DLL
CoreProgram
DynamicContent
Setup.exe
Auto Update
Auto Update
Function Upgrade ExampleAdd a new version of SAV to SAV install check
Add a routine tosecApps.DLL
Copy new DLL tothe network
Process to initiate change
Update the siteconfiguration file toreference the newDLL (version # and
size)
Self-Help Program Load Sequence
Download a newsite configuration
file
Compare theversion of the local
secApps.DLL tothe version listed
in the siteconfiguration file
If they do notmatch, download a
new version ofsecApps.DLL
The program willnow be able toidentify the newversion of SAV
Core Program Upgrade Example Core Program Upgrade Example
Change theprogram versionnumber, build it,and update the
installer(Setup.exe)
Copy newSetup.exe to the
network
Process to initiate change
Update the siteconfiguration file toreference the newprogram version
number
Self-Help Program Load Sequence
Download a newsite configuration
file
Compare theversion of the
program that isrunning to the
version listed inthe site
configuration file
If they do notmatch, ask the
user if they want toupgrade the
program.
If the user wants toupgrade,download
Setup.exe, run itand end.
After Setup.exeinstalls the new
version, it will runthe new Self-Help
program
Program Features
Built in “Run As” capability All Functionality is dynamic, & updated at run time Most UI elements are configurable & external to
core program Local group support Undo Wizard Password strength test (improved from Self-Test
tool) High Risk Services display and control improved
from Self-Test tool
Program Features
Blank admin password change Tests for password strength before setting Can change Administrator password on XP home
machines without booting into safe mode Batch mode (auto run without UI) Does not require Stanford’s infrastructure
(can be used by other universities)
What Next
Review the documents http://security-self-help.stanford.edu/docs
TechnicalDocumentation.doc (~ 100 pages) program_summary.html Security-Self-Help.ppt Essential Stanford Software http://security-self-help.stanford.edu
Demo…