Advanced Internet Bandwidth and Security Strategies Fred Miller Illinois Wesleyan University.

Slides:

Advertisements

Similar presentations

Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.

Advertisements

1 OpenFlow Research on the Georgia Tech Campus Network Russ Clark Nick Feamster Students: Yogesh Mundada, Hyojoon Kim, Ankur Nayak, Anirudh Ramachandran,

1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.

1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.

Managing P2P Applications or Where Did My Internet Bandwidth Go? David L. Merrifield University of Arkansas June 19, 2003.

Net security - budi rahardjo Overview of Network Security Budi Rahardjo CISCO seminar 13 March 2002.

Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.

Jonas Lippuner. Overview IPCop  Introduction  Network Structure  Services  Addons Installing IPCop on a SD card  Hardware  Installation.

Firewalls and Intrusion Detection Systems

Developing Network Security Strategies Network Security D ESIGN Network Security M ECHANISMS.

UNITS meeting September 30, 2004 Network Security Roger Safian

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.

NetPass and Northwestern By Julian Y. Koh As told by Robert Vance NUIT-Telecom & Network Services.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

IBM Security Network Protection (XGS)

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Network and Systems Security Security Awareness, Risk Management, Policies and Network Architecture.

INDIANAUNIVERSITYINDIANAUNIVERSITY Automated Network Isolation at Indiana University David A. Greenberg Information Technology Security and Policy Office.

Mobile Computing and Security Authenticated Network Access (ANA) Jon Peters Associate Director Dave Packham Manager of Network Engineering NetCom University.

Department Of Computer Engineering

Network security policy: best practices

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

Norman SecureSurf Protect your users when surfing the Internet.

Chapter 6 Configuring, Monitoring & Troubleshooting IPsec

Cisco PIX 515E Firewall. Overview What a PIX Firewall can do Adaptive Security Algorithm Address Translation Cut-Through Proxy Access Control Network.

Barracuda Load Balancer Server Availability and Scalability.

FIREWALL Mạng máy tính nâng cao-V1.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Connecting to the Network Networking for Home and Small Businesses.

Monitoring for network security and management Cyber Solutions Inc.

Module 4: Configuring ISA Server as a Firewall. Overview Using ISA Server as a Firewall Examining Perimeter Networks and Templates Configuring System.

Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.

Lanxin Ma Institute of High Energy physics (IHEP) Chinese Academy of Sciences September 30, 2004 CHEP 2004, Interlaken The Security Protection System at.

Security at NCAR David Mitchell February 20th, 2007.

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

1 Improving Security Through Automated Policy Compliance Christopher Stevens Director of Network and Technical Services Lewis & Clark College Educause.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Introducing Network Design Concepts Designing and Supporting Computer Networks.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Exploring the Enterprise Network Infrastructure Introducing Routing and Switching.

1 Implementing Monitoring and Reporting. 2 Why Should Implement Monitoring? One of the biggest complaints we hear about firewall products from almost.

1 HoneyNets. 2 Introduction Definition of a Honeynet Concept of Data Capture and Data Control Generation I vs. Generation II Honeynets Description of.

Wireless Intrusion Prevention System

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Introducing Network Design Concepts Designing and Supporting Computer Networks.

Module 11: Designing Security for Network Perimeters.

Managing Networks and Network Devices

Microsoft ISA Server 2000 Presented by Ricardo Diaz Ryan Fansa.

Security fundamentals Topic 10 Securing the network perimeter.

Chapter 8 Network Security Thanks and enjoy! JFK/KWR All material copyright J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking:

Security Discussion IST Retreat June IT Security Statement definition In the context of computer science, security is the prevention of, or protection.

Network and Computer Security in the Fermilab Accelerator Control System Timothy E. Zingelman Control System Cyber-Security Workshop (CS)2/HEP Knoxville,

I NTRUSION P REVENTION S YSTEM (IPS). O UTLINE Introduction Objectives IPS’s Detection methods Classifications IPS vs. IDS IPS vs. Firewall.

What's a Firewall? A security system that acts as a protective boundary between a network and the outside world Isolates computer from the internet using.

WINS Monthly Meeting 06/05/2003 WINS Monthly Meeting 06/05/2003.

IS3220 Information Technology Infrastructure Security

SMOOTHWALL FIREWALL By Nitheish Kumarr. INTRODUCTION  Smooth wall Express is a Linux based firewall produced by the Smooth wall Open Source Project Team.

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Intrusion Detection and Incidence Response Course Name – IT Intrusion Detection and Incidence.

25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.

OPEN SOURCE NETWORK MANAGEMENT TOOLS

Security fundamentals

Troubleshooting Networked Video

UTM Content Security Gateway

Instructor Materials Chapter 9: Testing and Troubleshooting

Securing the Network Perimeter with ISA 2004

Firewall – Survey Purpose of a Firewall Characteristic of a firewall

Lesson #10 MCTS Cert Guide Microsoft Windows 7, Configuring Chapter 10 Configuring Network and Firewall Settings.

Security+ Guide to Network Security Fundamentals, Third Edition

Firewalls Purpose of a Firewall Characteristic of a firewall

Chapter 4: Protecting the Organization

Intrusion Detection system

Chapter 10: Advanced Cisco Adaptive Security Appliance

Presentation transcript:

Advanced Internet Bandwidth and Security Strategies Fred Miller Illinois Wesleyan University

Advanced Internet Bandwidth & Security Strategies How Illinois Wesleyan University: –Minimizes copyright infringement notices –Allows peer-to-peer computing –Maintains sub-second web performance –Mitigates denial of service attacks –Identifies virus infections –Controls illegal activities on the campus network

Advanced Internet Bandwidth & Security Strategies Layers of security Intrusion Detection –Host based intrusion detection –Network based intrusion detection Knowledge based Behavior based Bandwidth management & monitoring User education and enforcement

About Illinois Wesleyan University Liberal arts students –1800 on-campus residents IT Resource limitations –16 IT Staff –Voice, video, & data Environment –100mpbs switched port per pillow –18mbps Internet connection –No technology fee –Some wireless –LDAP authentication

Bandwidth & Security Strategies User Education (and results) Firewall & IP address policies Response Time Measurement Bandwidth Policies Monitoring and detection Redirection & quarantine Judicial procedures Future plans

User Education Computer Incident Factor Analysis and Categorization (CIFAC) Project –IT personnel More education and training… –Users More education and training… –Non IT Staff More education… –Networks More resources, more and better procedures…

User Illinois Wesleyan Freshman orientation Web site, portal & lists One on one training Help desk Assessment Our customers –Novices –“The Mistaken”

User Education - Results

Firewall & IP Address Policies No MAC registration (yet) DHCP All local 10.x.x.x IP numbers Ports blocked inbound, few outbound Restrict SMTP, SNMP, etc.

Response Time Measurement Library consortium RRDTOOL MRTG ping probe Packetshaper command: rtm sho

rtm sho

Bandwidth Policies Detail* Traffic classification Flow control Host lists Class licenses *Command line vs. web interface

Traffic classification Classify in and out - hundreds of classes No changes for time of day Can block/restrict by IP#, port, or protocol Partitions and policies Peer to peer - low priority, typically 10k policy in, 1k policy out Gamers are a challenge

Flow control Limits the number of new flows per minute for client or server actions

Classification and Flow Control No auto-discovery, but all traffic classified

Host lists Groups of internal or external IP numbers using bandwidth rules Quarantine internal users Limit groups of high bandwidth servers Quickly block intruders Identify servers for additional priority

Class licenses Limit how many connections per class

Know what’s typical and atypical Check for top bandwidth users Watch number of flows - active and failed Spot check Automation Community Monitoring and Detection

Know what’s typical & atypical –sys heal

Monitoring and Detection Check for top bandwidth users –Over time hos top sho /outbound Host top sho /inbound Host inf -sr -i –Right now Host inf -sr -n 10

Monitoring and Detection Watch number of flows - active and failed –host inf -sf -n 10 –host inf -sp -n 10

Monitoring and Detection Spot check –Overall (e.g., check tree) tr tr –Individual classifications tr fl -tupIc/outbound/discoveredports/students tr his recent /inbound/multimedia/mpeg-video –Individual machines (servers & clients) tr fl -tupIA10.x.x.x tr his find 10.x.x.x

Monitoring and Detection Automation  Rule sets: application and port rules  notifications  Identify & isolate violators  Packetshaper Adapative Response  Snort

Monitoring and Detection Automation - Packetshaper Adaptive Response

Monitoring and Detection Automation - Packetshaper Adaptive Response

Monitoring and Detection Automation - Snort  By Martin Roesch  Extensive rule sets  Henwen & Letterstick = Snort GUI for Mac

Monitoring & Detection

Monitoring and Detection Community - firewall log analysis  D-Shield Distributed Intrusion Detection System  D-Shield Academic  SANS Internet Storm Center Computer Emergency Response Team 

Redirection & Quarantine Soft quarantine Hard quarantine with redirect

Judicial Procedures Network disruption - logical disconnect RIAA notices - less than 1 per month Students referred to Associate Dean of Students for judicial processes

Future Plans Cisco ASA - firewall, VPN, intrusion detection More Adaptive Response More Snort 45mbps Internet NetReg? Clean Access? –VLAN Quarantine Wireless authentication

Advanced Internet Bandwidth & Security Strategies Summary –User education is key –Need layers of security –Bandwidth management & monitoring –Intrusion detection and prevention Hosts and network More application level detection Support more community efforts – Enforce policies with judicial procedures

Additional References… Packeteer Education list EDUCAUSE Intrusion Detection Resources CIFAC Project Report (volume 1) Illinois Wesleyan IT Policies Snort Henwen & Letterstick