Network Insecurity: challenging conventional wisdom Terry Gray UW Computing & Communications 10 October 2000.

Slides:



Advertisements
Similar presentations
Network Security Essentials Chapter 11
Advertisements

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Guide to Network Defense and Countermeasures Second Edition
Computer Security II Lecturer – Lynn Ackler – Office – CSC 222 – Office Hours 9:00 – 10:00 M,W Course – CS 457 – CS 557.
FIREWALLS Chapter 11.
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Fall 2008CS 334: Computer Security1 Firewalls Special Thanks to our friends at The Blekinge Institute of Technology, Sweden for providing the basis for.
1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.
Computer Security Workshops Security Introduction, Central Principles and Concepts.
NCAR National Center for Atmospheric Research 1 Security At NCAR Pete Siemsen National Center for Atmospheric Research November 22, 1999.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
Firewalls & VPNs Terry Gray UW Computing & Communications 13 September 2000.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
How (not) to use your firewall Jurjen N.E. Bos Information Security Consultant.
Security+ Guide to Network Security Fundamentals
University of WashingtonComputing & Communications Firewalls for Open Networks Terry Gray Director, Networks & Distributed Computing University of Washington.
Firewalls and Intrusion Detection Systems
Chapter 12 Network Security.
1 Emulab Security. 2 Current Security Model Threat model: No malicious authenticated users, Bad Guys are all “outside” –Protect against accidents on the.
University of WashingtonComputing & Communications Open Network Security or “closed network” insecurity? Terry Gray Director, Networks & Distributed Computing.
Uw network security 2003 Terry Gray University of Washington Computing & Communications 17 October 2003.
University of WashingtonComputing & Communications Firewalls for Open Networks Terry Gray Director, Networks & Distributed Computing University of Washington.
Security in the post-Internet era: the needs of the many the needs of the few Terry Gray University of Washington Fall Internet2 Meeting 16 October 2003.
University of WashingtonComputing & Communications Network Insecurity: challenging conventional wisdom Terry Gray Director, Networks & Distributed Computing.
The new state of the network: how security issues are reshaping our world Terry Gray UW Computing & Communications Quarterly Computing Support Meeting.
1 University of WashingtonComputing & Communications UTAC SECURITY UPDATE Terry Gray 1 Oct 2004.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Internet Protocol Security (IPSec)
Department Of Computer Engineering
Copyright Microsoft Corp Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.
Firewalls and the Campus Grid: an Overview Bruce Beckles University of Cambridge Computing Service.
Introduction to Network Defense
Website Hardening HUIT IT Security | Sep
Chapter 6 Configuring, Monitoring & Troubleshooting IPsec
Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.
NW Security and Firewalls Network Security
Network Security Essentials Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.
Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.
October 15, 2002Serguei A. Mokhov, 1 Intro to Internet-services from Security Standpoint SOEN321-Information-Systems Security Revision.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Module 9: Configuring IPsec. Module Overview Overview of IPsec Configuring Connection Security Rules Configuring IPsec NAP Enforcement.
1 Chapter 20: Firewalls Fourth Edition by William Stallings Lecture slides by Lawrie Brown(modified by Prof. M. Singhal, U of Kentucky)
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Firewall Technologies Prepared by: Dalia Al Dabbagh Manar Abd Al- Rhman University of Palestine
1 CHAPTER 2 LAWS OF SECURITY. 2 What Are the Laws of Security Client side security doesn’t work Client side security doesn’t work You can’t exchange encryption.
Securing IPv6 Ken Renard WareOnEarth Communications, Inc.
Thoughts on Firewalls: Topologies, Application Impact, Network Management, Tech Support and more Deke Kassabian, April 2007.
Lecture 16 Page 1 Advanced Network Security Perimeter Defense in Networks: Virtual Private Networks Advanced Network Security Peter Reiher August, 2014.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
1 Network Security Issues Pete Siemsen National Center for Atmospheric Research April 24 th, 2002.
CPT 123 Internet Skills Class Notes Internet Security Session A.
Network Security Chapter 11 powered by DJ 1. Chapter Objectives  Describe today's increasing network security threats and explain the need to implement.
Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.
SECURITY Professor Mona Mursi. ENVIRONMENT IT infrastructures are made up of many components, abstractly: IT infrastructures are made up of many components,
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
Lecture 19 Page 1 CS 236 Online Securing Your System CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Chapter 8 Network Security Thanks and enjoy! JFK/KWR All material copyright J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking:
Understand Network Isolation Part 2 LESSON 3.3_B Security Fundamentals.
CHAPTER 2 Laws of Security. Introduction Laws of security enable user make the judgment about the security of a system. Some of the “laws” are not really.
Role Of Network IDS in Network Perimeter Defense.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
EN Lecture Notes Spring 2016
Putting It All Together
Putting It All Together
Firewall – Survey Purpose of a Firewall Characteristic of a firewall
Implementing Client Security on Windows 2000 and Windows XP Level 150
6. Application Software Security
Network Security in Academia: an Oxymoron?
Presentation transcript:

Network Insecurity: challenging conventional wisdom Terry Gray UW Computing & Communications 10 October 2000

Words to live by... “If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology. “ Bruce Schneier Secrets and Lies

Start with a Security Policy Defining who can/cannot do what to whom... Identification and prioritization of threats Identification of assumptions, e.g. –Security perimeters –Trusted systems and infrastructure Policy drives security… lack of policy drives insecurity

Approaches Operational Issues –Prevention –Detection –Recovery Policy Issues –Risk Management –Liability Management

Policy Priorities Education/Awareness: Security is everyone’s responsibility; there are no silver bullets. Standards and adequate resources for computer administration.

Technical Priorities Application security (e.g. SSH, SSL) Host security (patches, minimum svcs) Strong authentication (e.g. SecureID) Net security (VPNs, firewalling)

Network Security Axioms Network security is maximized… when we assume there is no such thing. Firewalls are such a good idea… every host should have one. Remote access is fraught with peril… just like local access.

The SCCA VPN Issue Problems with border-to-border VPNs –Costs a lot & doesn’t improve security Advantages of end-to-end strategies –Needed anyway Misconceptions about the Gigapop –Is it really a “public” network?

Perimeter Protection Paradox Firewall “perceived value” is proportional to number of systems protected. Firewall effectiveness is inversely proportional to number of systems protected.

Network Risk Profile

Bad Ideas Departmental firewalls within the core. VPNs only between institution borders. Over-reliance on large-perimeter defenses... E.G. believing firewalls can substitute for good host administration...

When do VPNs make sense? When legacy apps cannot be accessed via secure protocols, e.g. SSH, SSL, K5. AND When the tunnel end-points are on or very near the end-systems. See also ‘IPSEC enclaves’

When does Firewalling make sense? Large perimeter: –To block things end-system administrators cannot, e.g. spoofed source addresses. –When there is widespread consensus to block certain ports. Small perimeter/edge: –Cluster firewalls –Personal firewalls

The Dark Side of Firewalls Large-perimeter firewalls are often sold as panaceas but they don’t live up to the hype, because they: –Assume fixed security perimeter –Give a false sense of security –May inhibit legitimate activities –May be hard to manage –Won't stop many threats –Are a performance bottleneck –Encourage backdoors

Even with Firewalls... Bad guys aren’t always "outside" the moat One person’s “security perimeter” is another’s “broken network” Organization boundaries and filtering requirements constantly change Security perimeters only protect against a limited percentage of threats… must examine entire system: –Cannot ignore end-system management –Use of secure applications is a key strategy

More words to live by... "It's naive to assume that just installing a firewall is going to protect you from all potential security threat. That assumption creates a false sense of security, and having a false sense of security is worse than having no security at all." Kevin Mitnick eWeek 28 Sep 00

Suggestions Do the application, host, and auth stuff. Try to cluster critical servers, then evaluate additional protection measures... –Physical firewall protecting server rack? –Local addressing + NAT? –IPSEC enclave? –Logical firewall/Inverse VPN? –Personal firewalls, e.g. ZoneAlarm?

Policy & Procedure Need to work on policies, resources, and consensus (e.g. re tightening perimeters.) UW C&C Efforts: –Dittrich & Co. –Trying to get more high-level support. –Writing white papers. –Pro-active probing. –Security consulting services. –IDS, attack analysis, etc. –Virus scanning measures. –Acquiring/distributing tools, e.g.SSH. –Evaluating more aggressive port blocking.

Resources

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.