Strong Authentication | Critical Systems | Critical Vulnerabilities and Vulnerability Scanning | FCIRT

 Strong Authentication

• Avoid disclosure of passwords on the network
• No network services (logon or read/write ftp) visible on the general internet can be offered with out requiring Kerberos authentication (unless a formal exemption is applied for and granted)
• Kerberos provides a single sign in, minimizing use of multiple passwords for different systems
• Lab systems are constantly scanned for violations of this policy

Critical Systems

• Defined as “critical to the mission of the Laboratory”, i.e. disruption may have major impact on Laboratory operations;
• Most things do not fall in this category; 
• Special (more stringent) rules & procedures apply;
• Including periodic reviews;
• You’ll know if you’re in this category;

Critical Vulnerabilities and Vulnerability Scanning

1. Certain security vulnerabilities are declared critical when they are (or are about to) being actively exploited and represent a clear and present danger
2. Upon notification of a critical vulnerability, systems must be patched by a given date or they will be blocked from network access

FCIRT (Fermi Computer Security Incident Response Team) 

• Security experts drawn form throughout the lab
• Investigate (“triage”) initial reports;
• Coordinate investigation overall;
• Work with local system managers;
• Call in technical experts;
• May take control of affected systems;
• Maintain confidentiality;

Incoming Search Tearms

Strong Authentication

Critical Systems

Critical Vulnerabilities and Vulnerability Scanning

FCIRT