The new state of the network: how security issues are reshaping our world Terry Gray UW Computing & Communications Quarterly Computing Support Meeting.

Slides:



Advertisements
Similar presentations
Rocket Software, Inc. Confidential James Storey General Manager, OSS Unit Rocket Software APNOMS 2003: Managing Pervasive Computing and Ubiquitous Communications.
Advertisements

Software Bundle ViPNet Secure Remote Access Arrangement using ViPNet Mobile © Infotecs.
Enabling IPv6 in Corporate Intranet Networks
4/27/2015Slide 1 Rethinking the design of the Internet: The end to end arguments vs. the brave new world Marjory S. Blumenthal Computer Science and Telecomms.
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
Chapter 10 Securing Windows Server 2008 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
Firewalls & VPNs Terry Gray UW Computing & Communications 13 September 2000.
Unleashing the Power of Ubiquitous Connectivity with IPv6 Sandeep K. Singhal, Ph.D Director of Program Management Windows Networking.
1 University of WashingtonComputing & Communications security in the post-Internet era Terry Gray C&C all-hands meeting 09 March 2004.
University of WashingtonComputing & Communications Network Security Principles & Practice for UW Medicine Terry Gray April 2004.
OAAIS Enterprise Information Security Security Awareness, Training & Education (SATE) Program or UCSF Campus VPN.
University of WashingtonComputing & Communications Ten Minutes on Five Nines Terry Gray Associate VP, IT Infrastructure University of Washington Common.
Network Research An Operator’s Perspective Terry Gray University of Washington Associate Vice President, Technology Engineering, C&C Affiliate Professor,
Network Insecurity: challenging conventional wisdom Terry Gray UW Computing & Communications 10 October 2000.
University of WashingtonComputing & Communications Networking Update Terry Gray Director, Networks & Distributed Computing University of Washington UW.
University of WashingtonComputing & Communications Recent Computer Security Incidents Terry Gray Director, Networks & Distributed Computing 03 October.
Uw network security 2003 Terry Gray University of Washington Computing & Communications 17 October 2003.
Impact of Mobile Technology Tim Nesler CIO and Associate VP for Information Technology Services Santa Fe College League for Innovation 2011 CIO Summit.
CS 239: Advanced Security Spring 04 Security in Pervasive and Ubiquitous Environments Sam Irvine
Security in the post-Internet era: the needs of the many the needs of the few Terry Gray University of Washington Fall Internet2 Meeting 16 October 2003.
Disconnect: security in the post-Internet era Terry Gray University of Washington 12 August 2003.
Network Access Management Trends in IT Applications for Management Prepared by: Ahmed Ibrahim S
Uw network security 2003 Terry Gray University of Washington Computing & Communications 17 October 2003.
1 University of WashingtonComputing & Communications UTAC SECURITY UPDATE Terry Gray 1 Oct 2004.
1 State of the Network 1 May 2007 Computing Support Meeting Terry Gray Assoc VP, Technology & Architecture C&C.
1 University of WashingtonComputing & Communications UW Network Status 2006 Terry Gray Computing Support Meeting 13 February 2006.
Network Topology. Cisco 2921 Integrated Services Router Security Embedded hardware-accelerated VPN encryption Secure collaborative communications with.
Software-defined Networks October 2009 With Martin Casado and Scott Shenker And contributions from many others.
©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone Endpoint Security Current portfolio and looking forward October 2010.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.
Embracing IP Multimedia Services for Strategic Business Advantage Rick Seeto VP & GM Enterprise Networks, Asia Pacific.
Intranet, Extranet, Firewall. Intranet and Extranet.
Supporting BYOD Dennis Cromwell Supporting BYOD  CISCO Study – 15B devices capable of connecting to a network by 2015  The Consumerization.
Using Windows Firewall and Windows Defender
VPN Protocol What is a VPN? A VPN is A network that uses Internet or other network service to transmit data. A VPN includes authentication and.
Dell Connected Security Solutions Simplify & unify.
[Unrestricted]—For everyone ©2009 Check Point Software Technologies Ltd. All rights reserved. Introducing Check Point’s Software Blade Architecture Juliette.
Module 8 Configuring Mobile Computing and Remote Access in Windows® 7.
Lecture 15 Page 1 Advanced Network Security Perimeter Defense in Networks: Firewalls Configuration and Management Advanced Network Security Peter Reiher.
Salsa Bits: A few things that the analysts aren't talking about... December 2006.
Your Business Challenges
K E M A, I N C. Ten Steps To Secure Control Systems APPA 2005 Conference Session: Securing SCADA Networks from Cyber Attacks Memphis, TN April 18, 2005.
Lecture 16 Page 1 Advanced Network Security Perimeter Defense in Networks: Virtual Private Networks Advanced Network Security Peter Reiher August, 2014.
Protecting Your Business! SBA Ft. Lauderdale November 15, 2006 Gregory Levine, Sr. Director Marketing.
Copyright © 2002 Intel Corporation. Intel Labs Towards Balanced Computing Weaving Peer-to-Peer Technologies into the Fabric of Computing over the Net Presented.
University of WashingtonComputing & Communications UW Medicine Networking Update Terry Gray Associate Vice President, IT Infrastructure University of Washington.
Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.
Jericho Commandments, Future Trends, & Positioning.
Module 10: Windows Firewall and Caching Fundamentals.
Understand Network Isolation Part 2 LESSON 3.3_B Security Fundamentals.
Be Microsoft’s first and best customer Enabling world-class and predictable customer, client, and partner experience Protecting Microsoft’s physical and.
Can we save the OPEN Internet? with focus on The Two-Port Internet Problem and what to do about it Terry Gray Designated Prophet of Doom University of.
Cyber Security in the Mobile Era KEEPING ENTERPRISE DATA SAFE IN THE BYOD ERA.
IS3220 Information Technology Infrastructure Security
©2012 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. Securing Your Data in Endpoint and Mobile Environments Frank Suijten Security.
Cyber Security for the real world Tim Brown Dell Fellow and CTO Dell Security Solutions.
1 OS Security. 2 Introduction Network/OS security represents a hot topic in the IT world. Security: warranty/steps that must be taken to protect a computer.
Juniper Software-Defined Secure Network
Barracuda Firewall The Next-Generation Firewall for Everyone
E-commerce companies Here the focus is on the different business models for selling online: Business-to-consumer (B2C): when a company sells to an individual;
Next Generation Network Security using Software-Defined Networking
Top Emerging E-commerce Magento trends. The progress of E-commerce industry is changing year by year, this evolution has made super easy for the online.
Introduction to WiFi Telephony
How to Mitigate the Consequences What are the Countermeasures?
My 7-Point Plan for Windows Security
Implementing Client Security on Windows 2000 and Windows XP Level 150
4/9/ :42 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Network Security in Academia: an Oxymoron?
Presentation transcript:

The new state of the network: how security issues are reshaping our world Terry Gray UW Computing & Communications Quarterly Computing Support Meeting 28 October 2003

security in the post-Internet era : the needs of the many vs. the needs of the few

2003: security ”annus horribilis” Slammer Blaster Sobig.F increasing spyware threat attackers discover encryption hints of more “advanced” attacks and let’s not even talk about spam…

2003: security-related trends more critical application roll-outs more mobile devices growing wireless use VoIP over pilots faster networks new network designs (e.g. lambda) class action lawsuits RIAA subpoenas SEC filings on security?

Security Trouble Ticket Trend

impact end of an era… say farewell to  the open Internet  autonomous unmanaged PCs  full digital convergence? say hello to  one-size-fits-all (OSFA) solutions  conflict... everyone wants security and max availability, speed, autonomy, flexibility min hassle, cost the needs of the many trump the needs of the few (but at what cost?)

consequences more closed nets (bug or feature?) more VPNs (bug or feature?) more tunneling -“firewall friendly” apps more encryption (thanks to RIAA) more collateral harm -attack + remedy worse MTTR (complexity, broken tools) constrained innovation (e.g. p2p voip) cost shifted from “guilty” to “innocent” pressure to fix problem at border pressure for private nets

consequences (2) mindset: “computer security” failed, so “network security” must be the answer pressure to make network topology match organization boundaries ”network of networks” evolution  1982: minimum impedance between nets  2003: maximum impedance between nets loss of Network Utility Model  “Heisen/stein” networking...  uncertain and relativistic connectivity

metamorphosis: Internet paradigm 1969: “one network” 1983: “network of networks” 199x: balkanization begins 2003: “heat death” begins 2004: paradigm lost?

how we lost it: inevitable trainwreck? fundamental contradiction  networking is about connectivity  security is about isolation  vendors sell what users want, not need conflicting roles  the networking guy  the security guy  the sys admin  oh yeah… and the user insecurity = liability  liability trumps innovation  liability trumps operator concerns  liability trumps user concerns

observations system administrator view  some prefer local control/responsibility  some prefer central/big-perimeter defense  some underestimate cost impact on others user view  want “unlisted numbers”  want “enough openness” to run apps network operator view  frustration over loss of diagnosability  despair over loss of utility vision  dismay over increasing mgt cost, complexity

observations (2) feedback loop:  closed nets encourage constrained apps  constrained apps encourage closed nets tunneling, encryption trends undermine perimeter defense effectiveness isolation strategies are limited by how many devices you want on your desk. roads not taken:  What if windows XP had shipped with its integral firewall turned on?  What if UW had mandated and funded positive desktop control?

gray’s defense-in-depth conjecture given N layers of topological device defense… MTTE (exploit) = k * N**2 MTTI (innovation) = k * N**2 MTTR (repair) = k * N**2 NB: there is also “vertical” D-I-D for info/session protection, e.g. IPSEC + SSL… but those equations would look different.

never say die goal: simple core, local policy choice how to avoid OSFA closed-net future?  design net for local open or closed choice  pervasive IPSEC  asymmetric connectivity (“unlisted numbers”) combine with tools for “rapid response won’t reverse trend toward closed nets,  but may avoid undesirable cost shifts alternative: only closed nets, policy wars

questions? comments?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.