Georgia Tech Information Security

Slides:



Advertisements
Similar presentations
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
Advertisements

5-Network Defenses Dr. John P. Abraham Professor UTPA.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Firewalls and Intrusion Detection Systems
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
Host Intrusion Prevention Systems & Beyond
Department Of Computer Engineering
Being Proactive with Computer Posture Assessment Department of Housing and Residence Education Charles Benjamin.
Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
EDUCAUSE Security 2006 Internet John Brown University.
Information Security Information Technology and Computing Services Information Technology and Computing Services
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
Chapter 2 Information Security Overview The Executive Guide to Information Security manual.
FIREWALL Mạng máy tính nâng cao-V1.
Agenda Review route summarization Cisco acquire Sourcefire Review Final Exam.
Firewalls Nathan Long Computer Science 481. What is a firewall? A firewall is a system or group of systems that enforces an access control policy between.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
VolNet2 Bill White Network Services. September 20, 2004OIT Fall Staff Meeting Why Volnet2? Based on the Security Assessment findings Insecure protocols.
Georgia Tech Information Security Campus Architecture for ECE6612 November 2, 2005 Peter N. Wan Senior Information Security Engineer Office of Information.
Note1 (Admi1) Overview of administering security.
TASHKENT UNIVERSITY OF INFORMATION TECHNOLOGIES Lesson №18 Telecommunication software design for analyzing and control packets on the networks by using.
EECS 4482 Fall 2014 Session 8 Slides. IT Security Standards and Procedures An information security policy is at a corporate, high level and generally.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Network Forensics - III November 3, 2008.
Ed Tech Audit Case Study Pete Reilly. Process Meetings with the Superintendent Extended meetings with the technology coordinator Meeting with each administrator.
I NTRUSION P REVENTION S YSTEM (IPS). O UTLINE Introduction Objectives IPS’s Detection methods Classifications IPS vs. IDS IPS vs. Firewall.
Proposed UW Minimum Computer Security Standards From C&C 28 Jan 2005 Draft.
Network Security Terms. Perimeter is the fortified boundary of the network that might include the following aspects: 1.Border routers 2.Firewalls 3.IDSs.
Role Of Network IDS in Network Perimeter Defense.
WINS Monthly Meeting 06/05/2003 WINS Monthly Meeting 06/05/2003.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
FIREWALLS By k.shivakumar 08k81f0025. CONTENTS Introduction. What is firewall? Hardware vs. software firewalls. Working of a software firewalls. Firewall.
Intrusion Detection Systems Dj Gerena. What is an Intrusion Detection System Hardware and/or software Attempts to detect Intrusions Heuristics /Statistics.
25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.
Incident Response Strategy and Implementation Anthony J. Scaturro University IT Security Officer September 22, 2004.
Central Management of 300 Firewalls and Access-Lists Fabian Mauchle TNC 2012 Reykjavík, 21-May-2012.
Information Technology Overview Welcome to NC State!
Security fundamentals
OIT Security Operations
Managing Windows Security
CompTIA Security+ Study Guide (SY0-401)
Firmware threat Dhaval Chauhan MIS 534.
Proventia Network Intrusion Prevention System
Working at a Small-to-Medium Business or ISP – Chapter 8
Critical Security Controls
Chapter 6 Application Hardening
CONNECTING TO THE INTERNET
Click to edit Master subtitle style
Firewall – Survey Purpose of a Firewall Characteristic of a firewall
1.
To Join the Teleconference
CompTIA Security+ Study Guide (SY0-401)
Based on work by DoIT Network Services, UW-Madison
ISMS Information Security Management System
IS4680 Security Auditing for Compliance
Identity & Access Management
Firewalls Routers, Switches, Hubs VPNs
TRIP WIRE INTRUSION DETECTION SYSYTEM Presented by.
Firewalls Types of Firewalls Inspection Methods Firewall Architecture
Intrusion Prevention Systems
Firewalls Jiang Long Spring 2002.
Introduction to Network Security
Leaders’ Forum, March 16, 2006 The Invisible Risk: Leaders’ Role in Protecting Western’s Electronic Information.
Session 20 INST 346 Technologies, Infrastructure and Architecture
Implementing Firewalls
Hosted Security.
Using Software Restriction Policies
Presentation transcript:

Georgia Tech Information Security Campus Architecture for ECE6612 November 2, 2005 Peter N. Wan Senior Information Security Engineer Office of Information Technology, Information Security Directorate

Information Security Architecture - Outline InfoSec Architecture diagram Network Architecture diagram Security Technology Policies User Awareness Campaign Q&A

Information Security Architecture(1) http://www. oit. gatech

Information Security Architecture(2) Layered Defense in Depth Host firewalls and other defensive measures are still important even if there is a network firewall Business of the Institute must continue so security must help enable business processes

Network Architecture (1)

Network Architecture (2) Border routers receive traffic from Tech ISPs (Cogent, Quest, Level3, Peachnet, SoX/Abilene, etc.) Border routers feed traffic to campus gateway routers Campus gateway routers feed the campus backbone, where departmental and other routers/firewalls are connected

Campus Security Technology Border/Backbone Routers Intrusion Prevention Systems (not in production yet) Intrusion Detection Systems Network Firewalls Host-Based Security

Campus Security Technology – Border/Backbone Routers Pass traffic only Protocols that are not passed over a Wide Area Network (tftp, file sharing, database services, etc.) are blocked by internal firewalls, not ACLs at the border “Netflows” are collected at various routers to identify suspicious traffic; content is not examined

Campus Security Technology – Intrusion Prevention Systems Two ISS Proventia G1000F intrusion prevention devices were installed at the border of the campus network IPSes are designed to be installed in-line, and to provide blocking of traffic that does not meet their security policy (more flexibility than router port filters, which are all-or-none type enforcement) “Deep Inspection”

Campus Security Technology – Intrusion Detection Systems Campus border traffic is mirrored by a switch to two types of IDSes Enterasys Dragon is a signature-based IDS Lancope Stealthwatch is an anomaly-based IDS

Example Status from Lancope Stealthwatch

Campus Security Technology – Network Firewalls Business Office/Ferst Center incidents emphasized the need for better monitoring/control of certain departments/servers Program for deploying firewalls at the connection of departments to the campus network has been progressing

Campus Security Mechanisms – Host-Based Security(1) Antivirus software (NAI/McAfee site-licensed for campus) Host firewalls (ISS RealSecure Desktop Protector) Spyware removal software (no site-licensed packages currently, though Spybot Search & Destroy is free even for university use)

Campus Security Mechanisms – Host-Based Security(2) Operating system, application, utility patching very important; use vendor-supplied or 3rd party products (e.g., PatchLink or HFNetChk) Activate automatic updates wherever possible (antivirus, spyware remover, operating system); this may not be appropriate for servers

Incident Response Many incidents consist of virus/spyware infections, and are handled locally by departments or ResNet/EastNet staff A “Sensitive Server Database” records machines which are critical to a unit’s function or which contain sensitive information (classifications per the Data Access Policy); incident response for these type of systems requires more attention Some incidents are serious enough to require disk/system forensic examinations

Campus Security Policies Federal/State/Local (FERPA, HIPAA, GLBA, Open Records, etc.) Campus Network Usage/Security Policy Unit Level Network Usage Policies Data Access Policy Copyrighted Material Usage (DMCA, fair use, etc.) Employee/Student Handbooks

User Awareness Security awareness tutorial at http://oit.gatech.edu/information_security/education_and_awareness/safe/ Educational campaign in Fall 2005 Semester with posters, etc. Outreach such as talks with classes and other groups For more information, please see the OIT-IS page at http://oit.gatech.edu/information_security

Thank You! Any Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.