Table of Contents
- AMP - Advanced Malware Protection
- Nessus Agents
- Splunk Forwarding
- Windows Virtual Desktop Service
- Remote Desktop Gateway
- Disaster Recovery Plan Testing
AMP – Advanced Malware Protection (PC | Mac | Linux)
AMP can be used on university-owned systems or personally owned systems performing university business at no cost. AMP is available for the Windows, Mac, Linux, iOS, and Android operating systems.
The Information Security Office considers AMP one of the most effective malware protection tools on the market and has seen marked improvement from campus units that have deployed it.
Nessus Agents (PC | Mac | Linux)
As part of the UT Austin Information Security Office's vulnerability management program, we encourage organizational units to deploy Nessus Agents, which are client-side applications that perform thorough, accurate scans of hosts without the need for traditional, credentialed network vulnerability scans.
- Provides more accurate results than traditional network scanning
- Allows for scanning of hosts that are only intermittently online
- Eliminates the need to send administrator credentials over your network to perform credentialed scanning
In combination with the ISO's automated network vulnerability scanning program, Nessus Agents provide organizational units with timely, accurate information about critical vulnerabilities, helping units to manage, mitigate, and remediate their IT risks.
Armed with this information, units can identify and resolve vulnerabilities before they are exploited — heading off network quarantines, decreasing headaches for IT support staff, and preventing system compromises.
Best of all, Nessus Agents are easy to deploy and configure, including at scale. We recommend broadly deploying Agents on both workstations and servers. Make sure that you are not blocking the agents from reaching our scanning/reporting range (126.96.36.199/25 outbound on port 8834/TCP), as this can severely impact the data gathering process.
Splunk Forwarding (PC | Mac | Linux)
Splunk is an advanced IT search tool that offers users, administrators, and developers the ability to instantly search all data generated by applications, servers, and network devices in the IT infrastructure. Splunk Forwarding is the method by which this data is collected.
IT Support Community members who sign up for both of these services are able to better understand the vulnerabilities in their networks and make necessary adjustments to increase their security posture. Departments not using a custom Splunk instance can reach their dashboards here.
Windows Virtual Desktop Service (PC)
For client bases consisting largely of remote users that do not have access to University managed devices, the Windows Virtual Desktop Service can provide much needed security without the overhead of dealing with physical devices. This setup is ideal for those who need to work on sensitive UT information not suited for non-UT computers.
Remote Desktop Gateway (PC)
The Remote Desktop Gateway (RDG) allows compatible clients to securely access Windows computers on campus using the Remote Desktop Protocol (RDP) remotely without connecting to the UT Virtual Private Network (VPN). The RDG requires two-factor authentication with Duo.
While both the RDG and VPN allow for external access to campus resources, the key difference is that the RDG reduces the scope of access to the host(s) required, while the VPN connects the remote client directly to the UT network. This reduction in scope dramatically limits the exposure of the UT network from potentially comprised remote clients.
ISORA (PC | Mac | Linux)
The Information Security Office Risk Assessment application, or, ISORA, is how the ISO keeps track of systems and applications. Participation in this program is required by the state and UT policy, and helps to facilitate incident response and vulnerability management automation.
Departments that leverage the ISORA API to track systems and applications on their network on a regular basis greatly reduce the amount of work required to complete the yearly Assessment Survey.
Disaster Recovery Plan Testing
Simply having a Disaster Recovery Plan is not enough to ensure continuance of operation. Testing your Disaster Recovery Plan is a critical, and often overlooked, part of the process. You should test your Disaster Recovery Plan annually, leveraging standard maintenance windows where possible.