Security Operations (SecOps)
For end users and workstation support, please visit the Security service page, or start at the 24/7 Support Center.
SecOps Overview
Security Operations (SecOps) is tasked with protecting the University of Arizona network. Our primary function is the deployment and maintenance of the network security infrastructure, composed of devices such as firewalls, intrusion detection systems, and virtual private networks (VPN). SecOps also acts as a triage point for security incidents, provides containment and prevention guidance to departments and network managers in the event of a security breach, and may block either external IPs or internal network devices due to security threats. We also offer vulnerability scanning services, either by request or setting up an account for on-demand self-service scanning.
Security Operations services for network managers:
(please note that depending on the configuration of your subnet, not all services may be available for your subnet)
- Network Firewalls
- VPN (Virtual Private Network) Customization
- Vulnerability Scanning
- Intrusion Detection
- PCI (Payment Card Industry) Compliance Support
- Requirement 1.1-1.3: Managed Local Firewalls
- Requirement 9.1.2: Port Security
- Requirement 11.2: Internal Vulnerability Scanning
Our operationally adjacent units are Network Operations (org chart) which handles the design and management of the University network, and the Information Security Office, which handles University security policies as well as security awareness and education. Units which provide direct user support include UITS' FrontLine Services, which includes the 24/7 Support Center, and departmental IT staff/network managers.
- Network Operations handles the design and management of the University network.
- Information Security Office handles University security policies as well as security awareness and education.
- UITS 24/7 Support Center provides direct user support.
UA network managers ONLY: Service requests for Security Operations should be submitted through the NetOps/SecOps Service Request form
SecOps primarily manages network security infrastructure and provides security related support to other IT support groups, and typically does not provide direct technical support to end users or for workstations/laptops.
For end user and workstation support, please check the Security service page, or start at the 24/7 Support Center.
Make sure your networks are registered in the Network Manager Database
If you are the network manager for an IP range on campus, please make sure that your information is up to date in UITS' Network Manager Database. Keeping your contact information and IP ranges of responsibility up to date allows us to contact you in the event of a security incident involving your machines, lets you request certain services such as managed firewalls, gives you access to certain tools, and has a number of other rights and responsibilities. For more information, see the Network Managers Database.
Technical Announcements and Alerts
There are a number of resources available to keep up with new vulnerabilities and security events as they are announced:
- The SANS Internet Storm Center is arguably the single best source for up-to-date and ‘how it affects my network’ security information when trouble is brewing, although if it’s a quiet day there may be more ‘off-topic’ diary entries on computer security. [http://www.incidents.org/]
- There are a number of newsletters and archives which announce vulnerabilities as they are made public. Trying to keep track of all new vulnerabilities as they come out is an improbable task -- it may be more advisable to note the network-aware applications which you run on your systems, particularly critical systems, and keep an eye out for vulnerability announcements regarding those applications.
- SANS @RISK [http://www.sans.org/newsletters/#risk]
- US-CERT [http://www.us-cert.gov/nav/t01/]
- Bugtraq [http://www.securityfocus.com/archive/1]
- NIST CVE Archive [http://nvd.nist.gov/nvd.cfm ]
- There is a mailing list on campus where security issues are discussed, and where we try to post vulnerabilities which seem likely to affect a large percentage of campus. To sign up, follow the instructions on this link, using 'sirt-discuss' (without the quotes) as the listserv name
- If you are looking for security awareness training for yourself or your department, the Information Security Office has an active campaign to raise the computer security awareness of our community.
- Our links page also references a number of useful security resources, including some of the ones described above.