Security Administrator Goals

First written: 09/10/97
Last modified: 11/18/97

• Run SATAN or similar tools regularly on C&C computers to probe for security holes. Work with other administrators towards fixing those holes.

• Monitor all security related mailing lists and keep abreast of known security holes and make sure all C&C computers are patched appropriately. Ensure C&C computers stay up to the highest patch level needed to address security problems.

• Advise management of security issues and recommend solutions.

• Screen all suid programs for buffer overrun exploits. Inform programmer and pursue resolution of exposure.
• Respond to and assist in investigating security incidents, for a defined % of time.

• Work with law enforcement on security-related issues.

• Attend BAP meetings as they arise to represent C&C disuserment of account holders.

• Work with management and technical personnel towards security infrastructure solutions.

• Develop logging/reporting files/tools to assist in investigating security incidents and maintaining history.

• Liason to campus groups concerning security issues in concert with client services representation (lanadmin, sysadmin, netsys, etc).

• Educate law enforcement representatives concerning current security problem areas.

• Work with Client Services (particularly Dave Dittrich) on solving security vulnerabilities, for a defined % of time.

• Work with Dave Dittrich to disseminate pertinent security information to departments that will help departments defend themselves.

• Make recommendations for which daemons may be removed from all C&C systems (e.g. rexecd).

• Find and try out the latest hacker programs to see what holes exist and how to plug them up.

• Work with point people within C&C to implement any C&C-wide security measures mentioned above.

• Work with Client Services to develop recommendations and to raise awareness of social engineering issues related to security.

• Publish security related web pages for campus community