Logical Security

Table of Contents

Governing UH Policy

IT Practices and Guidelines

Governing UH Policy

Manual of Administrative Policies and Procedures (MAPP):

Computer User Responsibilities

MAPP Policy: 10.03.01
SECTION: Information Technology
AREA: User Guidelines and Responsibilities; Security
SUBSECTION: IV (Security Responsibilities)

Computer Security

MAPP Policy: 10.03.02
SECTION: Information Technology
AREA: User Guidelines and Responsibilities; Security
SUBSECTION: IV (Security Responsibilities)

University of Houston System, System Administrative Memoranda (SAM):

Notification of Automated System Security Guidelines

SAM Number: 07.A.03
SECTION: Information Technology
AREA: Computing Services

IT Practices and Guidelines

IT recommends that logical security start at the lowest level, the OS, and moves up with securing the desktop functions and usability of applications (Also called "Hardening" a system).

A. Vulnerability Assessment

The objective of a vulnerability assessment is to examine systems for weaknesses that could be exploited, and to determine the chances of someone attacking any of those weaknesses.

Numerous types of vulnerabilities, both physical and electronic, are possible. Each should be examined and documented; controlling all the risks associated with electronic access to systems is moot if someone could physically tamper with them and modify or walk away with data.

Many tools exist for evaluating electronic vulnerabilities. We recommend the use of Internet Security Systems (ISS) Scanner to determine these vulnerabilities. The primary value of this tool lies in automation and detection; that is, typically ISS is used to scan systems for configurations and services, compare the results with a database of known exploits, and produce a report. This prevents the laborious task of examining systems manually and researching the latest exploits. It also provides a method of easily obtaining consistent data on system vulnerabilities.

A list of vulnerabilities starts with host-and network-level exploits that could have an impact on your systems. Although Internet Scanner is confined to the electronic environment, be sure to examine exploits that could occur with physical access as well as electronically. Finally for completeness, examine scripts and applications on systems for potential vulnerabilities. This ensures that all vectors for attack are included in the assessment, so that efforts at reducing risk are based on real threats, not just those that are technical or well advertised.

Once a list of vulnerabilities per system is compiled, each vulnerability should be classified according to the probability that it could be exploited. This probability is the threat associated with vulnerability, and methods for determining this threat level are likely. They can be as complicated as completing a tree analysis, which documents the different series of conditions that could lead to exploitation of a vulnerability, or a simple as relying on reports about the frequency of exploits in the wild. CERT (Computer Emergency Response Team), the SANS (System Administration, Networking, and Security) Institute and other such groups routinely publish listings of exploits that are being seen frequently and thus are high-threat areas.

The combination of vulnerabilities and threats provides a measure of where exposures are, and what the chance is that a motivated attacker might exploit them. This is the level of inherent risk, or the risk that exists in the absence of any control measures.

IT is available for consultation upon request.

B. Access Security

Desktop administrators should ensure that workstations are configured consistent with the job function of the computer user. This may include, but is not limited to:

Password guidelines:
(as stated in the Information Technology Security Policy, Item 16 "Password Control")

C. Data and Software Availability

D. Confidential Information

E. Local System Protection

  1. Firewalls
    Firewalls are hardware devices or software that protect a system or systems from access or intrusion by outside or untrusted systems or users, especially malicious hackers. A firewall should also keep a log of any such attempts. Much of the functionality of a firewall can be implemented through the enabling and disabling of selected system services, Operating System auditing and control of Access Control Lists (ACLs). However, for greater security and more detailed reporting, a personal firewall or a system-based intrusion-detection agent should be installed.
  2. Viruses
    Computer viruses are self-propagating programs that infect other programs. Viruses and worms may destroy programs and data as well as using the computer's memory and processing power. Viruses, worms, and Trojan horses are of particular concern in networked and shared resource environments because the possible damage they can cause is greatly increased. Some of these cause damage by exploiting holes in system software. Fixes to infected software should be made as soon as a problem is found.
    To decrease the risk of viruses and limit their spread: