NetPass and Northwestern By Julian Y. Koh As told by Robert Vance NUIT-Telecom & Network Services.

Slides:



Advertisements
Similar presentations
Designing for Pervasive Network Security. Designing for Security Our aim in this section will be to concentrate on how campus Networks can be designed.
Advertisements

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)
Application Guide For Mesh AP – MAP-3120
 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
System and Network Security Practices COEN 351 E-Commerce Security.
Firewalls and Intrusion Detection Systems
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D.
April 11, Implementation of Virtual LANs for Virus Containment Aaron Soto April 11, 2005 In partnership with: New Mexico Tech Information Services.
UNITS meeting September 30, 2004 Network Security Roger Safian
Providing secure open- access networks Oliver Gorwits Oxford University Computing Services.
1 Computer System Evolution Central Data Processing System: - with directly attached peripherals (card reader, magnetic tapes, line printer). Local Area.
Firewalls Presented by: Sarah Castro Karen Correa Kelley Gates.
Terri Lahey LCLS Facility Advisory Committee 20 April 2006 LCLS Network Security Terri Lahey.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Advanced Internet Bandwidth and Security Strategies Fred Miller Illinois Wesleyan University.
Computer Security Update Bob Cowles, SLAC stanford.edu Presented at HEPiX - TRIUMF 23 Oct 2003 Work supported by U. S. Department of Energy.
Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.
Your Network Security Babelfish a.k.a. Security Event Actionable Log Parser Mike Halsall & Graeme Connell ©, Michael T. Halsall, 2006.
Viruses, Worms and Spam Definitions Virus - unauthorized software, embedded in other programs and with the ability to propagate when the host program is.
EDUCAUSE Security 2006 Internet John Brown University.
Advanced Networking for DVRs
Virtual IP Network Windows Server 2012 Windows 08 Dual Subnets.
CN2668 Routers and Switches Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
Day15 IP Space/Setup. IP Suite of protocols –TCP –UDP –ICMP –GRE… Gives us many benefits –Routing of packets over internet –Fragmentation/Reassembly of.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.
Windows Internet Connection Sharing Dave Eitelbach Program Manager Networking And Communications Microsoft Corporation.
Module 7: Configuring TCP/IP Addressing and Name Resolution.
Barracuda Load Balancer Server Availability and Scalability.
1 Network Admission Control to WLAN at WIT Presented by: Aidan McGrath B.Sc. M.A.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
York Secure Scan vs Microsoft Windows Our story and how we dealt with it.
Internal NetworkExternal Network. Hub Internal NetworkExternal Network WS.
CERN’s Computer Security Challenge
Module 7: Firewalls and Port Forwarding 1. Overview Firewall configuration for Web Application Hosting Forwarding necessary ports for Web Application.
1 The Firewall Menu. 2 Firewall Overview The GD eSeries appliance provides multiple pre-defined firewall components/sections which you can configure uniquely.
University of Montana - Missoula Adam Ormesher & Chase Maier.
1 Phil Rodrigues, Sr Network Security Analyst, NYU ITS Automated Policy Enforcement November 12, 2004.
Bypass a VPN, ACL, and VLAN ECE 4112 Alaric Craig and Pritesh Patel.
RINGS (ResNet Integrated Next Generation Solution) Educause Security Professionals Conference 2006.
1 Figure 4-16: Malicious Software (Malware) Malware: Malicious software Essentially an automated attack robot capable of doing much damage Usually target-of-opportunity.
Securing Wired Local Area Networks(LANs)
Security at NCAR David Mitchell February 20th, 2007.
Overview of Microsoft ISA Server. Introducing ISA Server New Product—Proxy Server In 1996, Netscape had begun to sell a web proxy product, which optimized.
Denial of Service (DoS) DoS attacks are aggressive attacks on an individual computer or groups of computers with the intent to deny services to intended.
1 Improving Security Through Automated Policy Compliance Christopher Stevens Director of Network and Technical Services Lewis & Clark College Educause.
1 CERN’s Computer Security Challenges Denise Heagerty CERN Computer Security Officer Openlab Security Workshop, 27 Apr 2004.
Firewall Security.
Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.
McLean HIGHER COMPUTER NETWORKING Lesson 13 Denial of Service Attacks Description of the denial of service attack: effect: disruption or denial of.
4061 Session 26 (4/19). Today Network security Sockets: building a server.
Computer Security Status Update FOCUS Meeting, 28 March 2002 Denise Heagerty, CERN Computer Security Officer.
Open Malicious Source Symantec Security Response Kaoru Hayashi.
Firewalls A brief introduction to firewalls. What does a Firewall do? Firewalls are essential tools in managing and controlling network traffic Firewalls.
CSC 116 Nov Administrative Required 2 nd exam will be next week on Wed  Nov 18th It will be short (10 questions) It will only cover chapters.
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
Remote Access Using a Netgear DG834 Router 1http://
Also known as hardware/physi cal address Customer Computer (Client) Internet Service Provider (ISP) MAC Address Each Computer has: Given by NIC card.
LINCWorks Mesh Networking User Guide. This user guide will give a brief overview of mesh networking followed by step by step instructions for configuring.
IPv6 Security Issues Georgios Koutepas, NTUA IPv6 Technology and Advanced Services Oct.19, 2004.
FIREWALLS Created and Presented by: Dawn Blitch & Fredda Hutchinson.
SOHO Security Recommendations. Change default user/password Of the AP/router Typical  admin – admin  root – root  root – 1234  Admin - There are web.
Microsoft OS Vulnerabilities April 1, 2010 MIS 4600 – MBA © Abdou Illia.
Computer Data Security & Privacy
Welcome! Thank you for joining us. We’ll get started in a few minutes.
Firewall – Survey Purpose of a Firewall Characteristic of a firewall
Information Security Session October 24, 2005
Lecture 3: Secure Network Architecture
Presentation transcript:

NetPass and Northwestern By Julian Y. Koh As told by Robert Vance NUIT-Telecom & Network Services

Outline A Brief History Past Tools and Solutions What is NetPass? How Does NetPass Work? What Will NetPass Become?

A Brief History Pre-2003 –Relatively few virus/worm outbreaks –Quickly contained –Slowly increasing frequency And then……

History - Winter 2003 MS SQL Slammer Worm –Aggressive scanning on TCP Port 1434 –<30 infected hosts crippled over half the network –Still quickly contained

History - Summer/Fall 2003 Blaster Worm –Exploited DCOM RPC hole –Scanned on TCP port 135 Welchia Worm –Patched Blaster DCOM hole –Scanned on TCP ports 135 and 80 –Opened backdoor port 707 –Aggressive ICMP pinging to find hosts

History - Winter Viruses –SoBig –Beagle –NetSky –Backdoors used for spam proxying!

History - Spring 2004 Sasser Worm –Exploited LSASS hole –Scanned on TCP port 445 Gaobot/Agobot –Rise of the Botnet –IRC command/control channel –Scanned for previous worm backdoors –Denial of Service attacks swamp Internet connectivity

Past Tools and Solutions Turning Off Ports –Disruptive to users –No easy self-fixing or information provided –Machine can move Disabling NetIDs –Very disruptive

Past Tools and Solutions NUSA –Allowed tech support admins to receive automated reports and reactivate ports NetReg –Associated NetID with MAC address via DHCP –Rudimentary port scanning

Limitations of NetReg Relied on DHCP for quarantining Still had to shut off ports Problem machines could move ports to regain connectivity

What is NetPass? Layer 2 quarantine Selective access Host-based registration –Associate NetID with MAC address Vulnerability/Infection scanning Per-event per-network self-remediation instructions Integration with other systems

How Does NetPass Work? General Principles –All ports default to QUAR network –Same DHCP server, DNS server, and IP addresses for QUAR and UNQUAR networks –Traffic routing depends solely on QUAR/UNQUAR switch port assignment –Access allowed to certain Web sites Windows Update, Symantec, etc.

NetPass Network Diagram DHCP Server Internet!! ResNet Computer Switch Router VLAN 200 NetPass Server VLAN 100 External IP UNQUAR VLAN 200 QUAR VLAN 100

NetPass User Experience User Connects Scan Pass Scan? Already Scanned? User Disconnects Move to QUAR Remediate No Yes Log In No Move to UNQUAR Yes

Additional Capabilities PQUAR - Permanent Quarantine –Used instead of shutting off ports PUNQUAR - Permanent Unquarantine –Used for manually registered devices

Interesting Situations Cookies required Machine must source network traffic soon after bringing up Ethernet link –Effect: user must launch web browser to force NetPass to recognize the machine Firewalls –Scan can take up to 1 minute

Interesting Situations Hublet/Switchlet –NetPass sees multiple MAC addresses –All MAC addresses will have to be registered before port will be moved to UNQUAR Router or NAT device –NetPass will only see 1 MAC address –If client machines move to other ports, they will have to be scanned again

NetPass Administration Must connect to VPN from dorms first All Rescons and SC cons should have access to QuarControl and Manual Registration Note: with great power comes great responsibility! Remember to log out!!!

NetPass Futures Snort IDS integration –Automatic QUAR on suspicious network traffic Software client integration –More accurate than external scanning –Eliminates firewall problem

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.