Federated Security Services Ken Klingenstein Day Job: Middleware Night Job: Network Security.

Slides:

Advertisements

Similar presentations

Pie(s) in the Sky Mark Crovella Boston University Computer Science.

Advertisements

Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.

Science Gateway Security Recommendations Jim Basney Von Welch This material is based upon work supported by the.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

DICOM INTERNATIONAL DICOM INTERNATIONAL CONFERENCE & SEMINAR April 8-10, 2008 Chengdu, China DICOM Security Eric Pan Agfa HealthCare.

XACML 2.0 and Earlier Hal Lockhart, Oracle. What is XACML? n XML language for access control n Coarse or fine-grained n Extremely powerful evaluation.

Trusted Internet Connections. Background Pervasive and sustained cyber attacks against the United States continue to pose a potentially devastating impact.

Computer Security: Principles and Practice

Security Architectures and Advanced Networks Ken Klingenstein Day Job: Middleware Night Job: Network Security.

Department Of Computer Engineering

Building a Campus Dshield Randy Marchany IT Security Lab VA Tech Blacksburg, VA 24060

Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.

Securing Legacy Software SoBeNet User group meeting 25/06/2004.

IT-security in the Ubiquitous Computing World Chris Kuo, CISSP, CISA Acer eDC (e-Enabling Data Center) Acer Inc. 2007/3/27.

Addressing Diagnostic Complexity The EDDY Approach End-to-end Diagnostic DiscoveryY Chas DiFatta Mark Poepping

Outline  Infections  1) r57 shell  2) rogue software  What Can We Do?  1) Seccheck  2) Virus total  3) Sandbox  Prevention  1) Personal Software.

Title: HP OpenView Network Node Manager SPI for SNMPv3 Session #: 326 Speakers: Jeff Scheaffer, HP OpenView NSM David Reid, SNMP Research.

Shib in the present and the future Ken Klingenstein Director, Internet2 Middleware and Security.

Middleware challenges to service providers, the Nordic view TERENA, Ingrid Melve, UNINETT.

David Groep Nikhef Amsterdam PDP & Grid Traceability in the face of Clouds EGI-GEANT Symposium – cloud security track With grateful thanks for the input.

Registration Processing for the Wireless Internet Ian Gordon Director, Market Development Entrust Technologies.

SOS EGEE ‘06 GGF Security Auditing Service: Draft Architecture Brian Tierney Dan Gunter Lawrence Berkeley National Laboratory Marty Humphrey University.

Health Insurance Portability and Accountability Act of 1996 (HIPAA) Proposed Rule: Security and Electronic Signature Standards.

COEN 252 Computer Forensics Collecting Network-based Evidence.

11 MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY Chapter 5.

CSC8320. Outline Content from the book Recent Work Future Work.

INFSO-RI Enabling Grids for E-sciencE SA1: Cookbook (DSA1.7) Ian Bird CERN 18 January 2006.

Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.

Salsa Bits: A few things that the analysts aren't talking about... December 2006.

Module 2: Installing and Maintaining ISA Server. Overview Installing ISA Server 2004 Choosing ISA Server Clients Installing and Configuring Firewall Clients.

The New Problem Space: Issues for the Future Ken Klingenstein Director, Internet2 Middleware and Security.

ISS SiteProtector and Internet Scanner LanAdmin Group Meeting 12/8/2005.

Network Security Technologies CS490 - Security in Computing Copyright © 2005 by Scott Orr and the Trustees of Indiana University.

Knowing What You Missed Forensic Techniques for Investigating Network Traffic.

Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.

Exchange Deployment Planning Services Exchange 2010 Complementary Products.

Enterprise and Federated Security: Some Frontiers.

Security at Line Speed: Integrating Academic Research and Enterprise Security.

NSF Middleware Initiative Purpose To design, develop, deploy and support a set of reusable, expandable set of middleware functions and services that benefit.

XACML Showcase RSA Conference What is XACML? n XML language for access control n Coarse or fine-grained n Extremely powerful evaluation logic n.

Attribute Release and Scalable Consent \. Part of the original vision for federated identity and necessary for it to succeed Federated identity is less.

Evolving Security in WLCG Ian Collier, STFC Rutherford Appleton Laboratory Group info (if required) 1 st February 2016, WLCG Workshop Lisbon.

Chapter 3 Pre-Incident Preparation Spring Incident Response & Computer Forensics.

Role Of Network IDS in Network Perimeter Defense.

Joe Budzyn Jeff Goeke-Smith Jeff Utter. Risk Analysis  Match the technologies used with the security need  Spend time and resources covering the most.

Security Architectures and Advanced Networks Ken Klingenstein Day Job: Middleware Night Job: Network Security.

 Full scale audit of all their current network environment  Examination of the current security policy and physical security  Full scale audits will.

The GRIDS Center, part of the NSF Middleware Initiative Grid Security Overview presented by Von Welch National Center for Supercomputing.

IS3220 Information Technology Infrastructure Security

© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 10 Network Security Management.

Information Technology Acceptable Use An Overview CSTMC All Staff Meeting February 10, 2014.

Integrating the Healthcare Enterprise The Integration Profiles: Basic Security Profile.

INFSO-RI Enabling Grids for E-sciencE Workshop WLCG Security for Grid Sites Louis Poncet System Engineer SA3 - OSCT.

1 Rethinking Cybersecurity for Distributed Science Deb Agarwal Lawrence Berkeley Laboratory.

Information Security KRISHNAKUMAR RAGHAVAN (KK) NASWA's Information Technology Support Center 1.

11 | Managing User Info Jeremy Foster Michael Palermo

HIPS. Host-Based Intrusion Prevention Systems  One of the major benefits to HIPS technology is the ability to identify and stop known and unknown attacks,

Information Technology Acceptable Use An Overview

Critical Security Controls

Module Overview Installing and Configuring a Network Policy Server

High Performance Computing Lab.

LCG/EGEE Incident Response Planning

VCE Practice Test Questions Answers

To Join the Teleconference

BoF: Campus and Federation (and Interfederation) Policy Issues

Extending the Measurement Infrastructure of Pipes beyond Abilene

Presentation transcript:

Federated Security Services Ken Klingenstein Day Job: Middleware Night Job: Network Security

CHANGE DATE 2 Federated Security Services  Federated networks Share a common network substrate Share a common trust fabric Together they could permit…  Collaborative incident analysis and response Network-wide views Leveraged diagnostic help Ability for automated tools to use distributed monitors Protect privacy at several layers  Security-aware capabilities Trust-moderated transparency Integrated security/performance diagnostics  Moving it into the broader Internet

CHANGE DATE 3 Collaborative Incident Analysis  Moving beyond the “border” to see network-wide views I’m seeing activity X? Are others seeing it? What variants are they seeing? Real-time attack recognition From the central observatory, let me see the full address of the attacking node at site Y in the federation I’m seeing an attack ostensibly from source address z at enterprise Y. Let me look at logging within site Y to verify Correlate signatures and traffic among sites A-Z to provide an early warning system of DDOS Let external experts from site Z examine our forensic information to assist our diagnostics  Requires federated backbone (meters, log files, etc) and federated trust fabric (for scaling, role-based access control, contact info, etc.)

CHANGE DATE 4 Collaborative incident analysis  Scaling requires managing large data sets Centralized – the Abilene Observatory, perhaps others Distributed – on a per enterprise level  Which in turn requires a clear data model Common event records, likely distilled and reformatted from native logs Is enterprise-level security sufficient  And also pluggable modules for harvesting records by tools  Tools  And also a trust fabric that permits multiple levels of authentication and fine-grain authorization

CHANGE DATE 5 Federated Security-aware Capabilities  Federated user network authentication for on-the-road science  Control spam through federated verification of sending enterprises  Tell me which firewall is dropping which service request  Permit end-end videoconferencing through firewalls and NATs  Allow enterprise-specific patching paradigms to coexist  Create end-end transparency for use of Grids  Personal firewall configuration based on authorization

CHANGE DATE 6 Moving it into the broader Internet  Picking approaches that are deployable and build on embedded bases  Federated substrata among those on common backbones  Interfederation issues – how hard will they be  International discrepancies in privacy  International IdSP’s - legalisms