University of WashingtonComputing & Communications Network Security Principles & Practice for UW Medicine Terry Gray April 2004.

Slides:

Advertisements

Similar presentations

Network Security Essentials Chapter 11

Advertisements

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Guide to Network Defense and Countermeasures Second Edition

Cosc 4765 Network Security: Routers, Firewall, filtering, NAT, and VPN.

Firewalls & VPNs Terry Gray UW Computing & Communications 13 September 2000.

1 Telstra in Confidence Managing Security for our Mobile Technology.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

1 University of WashingtonComputing & Communications security in the post-Internet era Terry Gray C&C all-hands meeting 09 March 2004.

Firewall Configuration Strategies

University of WashingtonComputing & Communications Ten Minutes on Five Nines Terry Gray Associate VP, IT Infrastructure University of Washington Common.

Network Insecurity: challenging conventional wisdom Terry Gray UW Computing & Communications 10 October 2000.

University of WashingtonComputing & Communications Open Network Security or “closed network” insecurity? Terry Gray Director, Networks & Distributed Computing.

University of WashingtonComputing & Communications Networking Update Terry Gray Director, Networks & Distributed Computing University of Washington UW.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.

Uw network security 2003 Terry Gray University of Washington Computing & Communications 17 October 2003.

Security in the post-Internet era: the needs of the many the needs of the few Terry Gray University of Washington Fall Internet2 Meeting 16 October 2003.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

Disconnect: security in the post-Internet era Terry Gray University of Washington 12 August 2003.

University of WashingtonComputing & Communications Network Insecurity: challenging conventional wisdom Terry Gray Director, Networks & Distributed Computing.

The new state of the network: how security issues are reshaping our world Terry Gray UW Computing & Communications Quarterly Computing Support Meeting.

Uw network security 2003 Terry Gray University of Washington Computing & Communications 17 October 2003.

1 University of WashingtonComputing & Communications UTAC SECURITY UPDATE Terry Gray 1 Oct 2004.

1 University of WashingtonComputing & Communications UW Network Status 2006 Terry Gray Computing Support Meeting 13 February 2006.

Stephen S. Yau CSE , Fall Security Strategies.

Copyright Microsoft Corp Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.

CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,

EDUCAUSE Security 2006 Internet John Brown University.

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.

BY- NIKHIL TRIPATHI 12MCMB10.  What is a FIREWALL?  Can & Can’t in Firewall perspective  Development of Firewalls  Firewall Architectures  Some Generalization.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

Why do we need Firewalls? Internet connectivity is a must for most people and organizations  especially for me But a convenient Internet connectivity.

Intranet, Extranet, Firewall. Intranet and Extranet.

Network Security Essentials Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.

Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 1: Exploring the Network Introduction to Networks.

OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

SECURITY ZONES. Security Zones  A security zone is a logical grouping of resources, such as systems, networks, or processes, that are similar in the.

11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.

VoIP Security in Service Provider Environment Bogdan Materna Chief Technology Officer Yariba Systems.

OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

Firewalls Nathan Long Computer Science 481. What is a firewall? A firewall is a system or group of systems that enforces an access control policy between.

Firewall Technologies Prepared by: Dalia Al Dabbagh Manar Abd Al- Rhman University of Palestine

CSC 382: Computer SecuritySlide #1 Firewalls. CSC 382: Computer SecuritySlide #2 Single Host Firewall Simplest type of firewall—one host acts as a gateway.

Thoughts on Firewalls: Topologies, Application Impact, Network Management, Tech Support and more Deke Kassabian, April 2007.

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a firewall? What can a firewall do? What can a firewall.

© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.

Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.

University of WashingtonComputing & Communications UW Medicine Networking Update Terry Gray Associate Vice President, IT Infrastructure University of Washington.

Security and Firewalls Ref: Keeping Your Site Comfortably Secure: An Introduction to Firewalls John P. Wack and Lisa J. Carnahan NIST Special Publication.

Computer Security Risks for Control Systems at CERN Denise Heagerty, CERN Computer Security Officer, 12 Feb 2003.

Security fundamentals Topic 10 Securing the network perimeter.

Understand Network Isolation Part 2 LESSON 3.3_B Security Fundamentals.

Network Security Terms. Perimeter is the fortified boundary of the network that might include the following aspects: 1.Border routers 2.Firewalls 3.IDSs.

IS3220 Information Technology Infrastructure Security

Securing Access to Data Using IPsec Josh Jones Cosc352.

EN Spring 2016 Lecture Notes FUNDAMENTALS OF SECURE DESIGN (NETWORK TOPOLOGY)

Internet security for the home Paul Norton MEng(Hons) MIEE Electronic engineer working for Pascall Electronics Ltd. on the Isle of Wight A talk on Internet.

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

Security fundamentals

Critical Security Controls

Firewall – Survey Purpose of a Firewall Characteristic of a firewall

IS4680 Security Auditing for Compliance

Network Security in Academia: an Oxymoron?

Presentation transcript:

University of WashingtonComputing & Communications Network Security Principles & Practice for UW Medicine Terry Gray April 2004

University of WashingtonComputing & Communications 2 executive summary conflicting goals: security, usability, supportability network availability depends on host security still no substitute for proper host management perimeter defense is a two-edged sword inline subnet firewalls are especially problematic essential to focus on security and supportability recommend balanced approach to provide security with minimum collateral damage

University of WashingtonComputing & Communications 3 recent events attacks –slammer (Jan 2003) –blaster (Aug 2003) –sobig (Sep 2003) –mydoom (Feb 2004) –witty (Mar 2004) impact –demise of the open/transparent/deterministic Internet –demise of the network utility model –demise of the unmanaged/autonomous PC –demise of reliable

University of WashingtonComputing & Communications 4 the problem Design a network computing environment –with excellent security –excellent supportability –that users find reliable and responsive

University of WashingtonComputing & Communications 5 institutional success criteria nobody gets hurt, nobody goes to jail low legal/regulatory costs low identity theft, loss of privacy low lost productivity low life-cycle cost quick to diagnose/fix flexible connection security/transparency choices avoidance of unfair cost-shifting minimal user confusion

University of WashingtonComputing & Communications 6 operational success criteria simplicity –lower cost –higher MTBF –lower MTTR consistency –deterministic outlet behavior (Network Utility Model) –connection transparency (open/deterministic Internet) –easier problem diagnosis

University of WashingtonComputing & Communications 7 conflicting perspectives system administrator view –some prefer local control/responsibility –some prefer central/big-perimeter defense –some underestimate cost impact on others user view –want just enough openness to run apps –prefer “unlisted numbers”? network operator view –concerned about increased support costs and repair times due to growing complexity and unpredictability –concerned about loss of network functionality

University of WashingtonComputing & Communications 8 generic security toolkit host choice: truly thin clients; species diversity host configuration management conventional firewalls logical firewalls private addressing (e.g. project 172) IDS, IPS, ADS vulnerability scanning, anti-virus tools QoS (to protect critical traffic types) isolated networks (physical, VLAN, VPN) non-technical: policies, education, staff

University of WashingtonComputing & Communications 9 UW lines of defense network isolation for critical services host integrity (Make the OS net-safe) host perimeter (integral ACLs/firewalling) cluster/lab perimeter (sanctuary, FW, LFW) network zone perimeter (P172, FW) real-time attack detection and containment user education

University of WashingtonComputing & Communications 10 perimeter firewalls increase time-to-infection increase time-to-repair provide defense-in-depth may look like a broken network to users are defeated by a single hacked host are defeated by tunneling/encryption often give a false sense of security encourage backdoors may be a performance bottleneck may inhibit legitimate activities, innovation create a vulnerability zone that is hard to protect: –vpns, laptops, wifi, usb drives, social engr attacks –the more you depend on perimeter defense, the more you must invest in defending the perimeter

University of WashingtonComputing & Communications 11 operational impact by firewall type host -- best case; user interaction w/FW possible cluster -- no impact on net diagnosis “beyond” logical -- low impact on basic net diagnosis subnet -- impacts almost all diagnosis zone -- impacts inter-zone diagnosis border --impacts inter-enterprise diagnosis NB: cost of maintaining firewall config depends on who is doing it, and how many rules/exceptions there are.

University of WashingtonComputing & Communications 12 preserving the network utility model goal: consistent behavior across outlets importance: improves MTTR status: at risk problem: conflict with perimeter security? options for NUM-friendly perimeter defense: –Logical Firewalls –Project 172 barrier: security based on static IP addresses –requires host & table updates for network changes –sDHCP project will help to avoid touching each host

University of WashingtonComputing & Communications 13 recommendations data defense –secure application protocols (SSH, SSL, K5, RDP) –transport encryption (e.g. IPSEC) –backups host defense –central configuration management (enforcing good passwords, disabling unneeded services, auditing) –host-based firewalls –p172 addressing (with NAT or web proxy) –vulnerability and AV scanning –honeypots, IDS, ADS perimeter defense –cluster/lab firewalls –logical firewalls (LFW) –medical center zone (p172, FW)

University of WashingtonComputing & Communications 14 anti-recommendations Avoid inline subnet firewalls –Why? Impact on MTBF, MTTR (try LFWs or cluster FWs) Avoid individual IP-based filtering –Why? Doesn’t scale; impedes network upgrades Avoid perverting network topology to match organizational boundaries –Why? VLAN complexity increases MTTR Avoid simple solutions that are too simple (OSFA) –Why? Unfair cost-shifting Avoid VPNs exporting protected address space –Why? VPN = attack gateway (use RDP, SSH, SSL, K5, SSL VPNs)

University of WashingtonComputing & Communications 15 next-gen med net architecture  parallel networks; more redundancy  supportable (geographic) topology  med ctr subnets = separate backbone zone  perimeter, sanctuary, and end-point defense  higher performance  high-availability strategies  Workstations spread across independent nets  Redundant routers  Dual-homed servers

University of WashingtonComputing & Communications 16 key lessons  network reliability & host security are inextricably linked  $ for $, best security investment is central host management  five 9s (5 min/yr) is hard (unless we only attach phones?)  controlling “inside” access is hard --hublets, wireless, laptops, VPNs  even host firewalls don’t guarantee safety  perimeter firewalls may increase user confusion, MTTR  perimeter firewalls won’t stop next-generation attacks  it only takes one compromise inside to defeat a firewall  Nebula existence proof: security in an open network is possible  DDOS attacks: defense-in-depth is a Good Thing  security via individual static IP configuration does not scale well  NAT survives pending a better “unlisted number” mechanism  security/liability trumps innovation/philosophy/ops costs  never underestimate non-technical barriers to progress

University of WashingtonComputing & Communications additional background

University of WashingtonComputing & Communications 18 context: a perfect storm  increased dependence on network apps  decreased tolerance for outages  decades of deferred maintenance...  inadequate infrastructure investment  some old/unfortunate design decisions  some fragile applications  fragmented host management  increasingly hostile security environment  increasing legal/regulatory liability  importance of research/clinical leverage

University of WashingtonComputing & Communications 19 seven security axioms 1. Network security is maximized when we assume there is no such thing. 2. Large security perimeters mean large vulnerability zones. 3. Firewalls are such a good idea, every computer should have one. Seriously. 4. Remote access is fraught with peril, just like local access. 5. One person's security perimeter is another's broken network. 6. Private networks won't help (Limits of isolation). 7. Network security is about psychology as well as technology.

University of WashingtonComputing & Communications 20 design tradeoffs  networks = connectivity ; security = isolation  fault zone size vs. economy/simplicity  reliability vs. complexity  prevention vs. (fast) remediation  security vs. supportability vs. functionality (conflicting admin, ops, user perspectives)  policy control via host address vs. enet jack  differences in NetSec approaches relate to:  Balancing priorities (security vs. ops vs. function)  Local technical and institutional feasibility

University of WashingtonComputing & Communications 21 design tradeoff examples defense-in-depth conjecture (for N layers) –Security: MTTE (exploit)  N**2 –Functionality: MTTI (innovation)  N**2 –Supportability: MTTR (repair)  N**2 Perimeter Protection Paradox (for D devices) –Firewall efficiency/value  D –Firewall effectiveness  1 / D border blocking criteria (OSFA policy) –Threat can’t reasonably be addressed at edge –Won’t harm network (performance, stateless block) –Widespread consensus to do it security by IP address

University of WashingtonComputing & Communications 22 limits of isolation: attack gateways  hosts connected to two different networks can become attack gateways between the two  example: home PCs with VPN connection to protected network  safer remote access: SSH, SSL, K5, RDP, SSL VPNs

University of WashingtonComputing & Communications 23 med center zone perimeter purpose –time to defend against zero-day events –protect the otherwise unprotected –defense-in-depth –reduced annoyance/noise traffic –DOS attack mitigation options –conventional inline firewall –private addressing + NAT or proxies –both

University of WashingtonComputing & Communications 24 protecting non-fixable devices  FDA-approved devices, printers, etc  protection options (besides zone perimeter):  private addressing  individual firewall, VPN, or NAT box ($25 - $2500) --depending on performance requirements  cluster/lab perimeter firewalls  logical firewalls

University of WashingtonComputing & Communications NOC view of firewall approaches EPFW = End-Point Firewall LFW = Logical Firewall w/masquerading NAT SFW = Subnet Firewall BZFW = Border or Zone Firewall P172 = Project 172-phase III (Private addresses with NAT) IDEAL EPFW LFW P172 SFW BZFW Policy Enforcement Point? Host Host Subnet Zone Subnet Zone Requires host reconfigure? No Yes Yes Yes No No Requires network reconfig? No No No No Yes Yes Destroys E2E transparency? No No No No Yes Yes Assured NOC access to switches? Yes Yes Yes Yes No* No* User sees why app failed? Yes Yes No No No No NOC-Predictable semantics? Yes No No Yes No No Inherent "unlisted number"? - No Yes Yes No No "unlisted number" possible? Yes Yes Yes Yes Yes Yes Adverse impact on internal network troubleshooting: Low Low Med Med High Low Adverse impact on external network troubleshooting: Low Low Med Med High High Size of vulnerability zone: Small Small Med Large Med Large * Can be mitigated by proper access lists and/or OOB connectivity

University of WashingtonComputing & Communications 26 history

University of WashingtonComputing & Communications 27 UW network security chronology 1988: Five anti-interoperable networks 1994: Nebula shows network utility model viable 1998: Defined OSFA border blocking policy 2000: Published Network Security Credo 2000: Added source address spoofing filters 2000: Proposed separate medical center network zone 2000: Proposed server sanctuaries 2001: Ban clear-text passwords on C&C systems 2001: Proposed pervasive host firewalls 2001: Developed logical firewall solution 2002: Developed Project-172 solution 2003: Slammer, Blaster… death of the open Internet 2003: Begin work on flex-net architecture

University of WashingtonComputing & Communications 28 Network Security Trends High Low password guessing self-replicating code password cracking exploiting known vulnerabilities disabling audits back doors hijacking sessions sniffers packet spoofing automated probes/scans denial of service www attacks Attack Sophistication “stealth” / advanced scanning techniques burglaries DDOS attacks Source: Blended attacks

University of WashingtonComputing & Communications 29 impact of recent security events more perimeter firewalls (demise of open Internet, NUM) more VPNs more tunneling (“firewall friendly” apps) more encryption (thanks to RIAA) more collateral damage (from attacks & remedies) worse MTTR (complexity, broken tools) constrained innovation (e.g. p2p, voip) cost shifted from “guilty” to “innocent” pressure to fix computer security problems in network pressure for private nets pressure to make network topology match org boundaries blaster: triggered more perimeter defense, but showed weakness of conventional perimeter defense