This article describes a couple of security enhancements which the Computing Team will be developing over the next few months.
As I mentioned last time, we have recently started scanning all our externally-visible machines for security vulnerabilities using the JANET ESISS penetration-testing service. In order to use the service as effectively as possible we need an up-to-date list of the URLs of web sites to be tested. For managed servers, our configuration database contains the necessary information. For self-managd machines we propose extracting URLs from the traffic going to the servers on those machines, which we expect should keep the list automatically current.
We are also evaluating the use of the snort intrusion detection system, in the hope that it might be able to alert us to the presence of compromised machines or services on our network. This does sound a promising system, but we are still at the initial stages with it and it is not yet clear whether it would have too much of an effect on our edge routers to be able to run it as we would like.
Both of these will require the automated inspection of traffic passing through our edge routers, with the Head of School’s permission under the terms of the Lawful Business Practice regulations. This will, of course, be kept to the absolute minimum necessary for the purpose.