INDIANAUNIVERSITYINDIANAUNIVERSITY Automated Network Isolation at Indiana University David A. Greenberg Information Technology Security and Policy Office.

Slides:

Advertisements

Similar presentations

A Successful Help Desk Process for all IT Support

Advertisements

Office of Information Technology Affiliates/Guests – Who are these people and how do we give them services? Copyright, Barbara Hope, University of Maryland,

Making Sense out of the Information Security and Privacy Alphabet Soup in terms of Data Access A pragmatic, collaborative approach to promulgating campus-wide.

Student, Faculty, and Staff Data Availability and Protection What’s the Back-Up Plan? (for academic computing) Sponsored by.

Crisis Communications for Security Issues: A Nightmare You Can Manage Marilu Goodyear Donna Liss Allison Rose Lopez Jenny Mehmedovic The University of.

© Copyright Computer Lab Solutions All rights reserved. Do you need usage information about your computer labs? Copyright Computer Lab Solutions.

Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, This work is the intellectual property rights of the author.

Southwest Educause 2003 © Baylor University 2003 Adapting Enterprise Security to a University Environment Bob Hartland Director of IT Servers and Network.

Research and Educational Networking Information Analysis and Sharing Center (REN-ISAC) Mark S. Bruhn, Interim Director University Copyright.

Border Patrol: Access Denied! Robert Riley, Dan Rousseve, Bob Winding University of Notre Dame Copyright This work is the intellectual property of.

Educause Security Professionals Conference Network Access Control through Quarantine, Remediation, and Verification Jonny Sweeny Incident Response Manager.

Educause Security 2007ISC Information Security Copyright Joshua Beeman, This work is the intellectual property of the author. Permission is granted.

Advancing Security Programs through Partnerships Cathy HubbsShirley Payne IT Security Coordinator Director for Security Coordination & Policy George Mason.

How do Networks work – Really The purposes of set of slides is to show networks really work. Most people (including technical people) don’t know Many people.

Firewalls and Intrusion Detection Systems

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.

Advanced Internet Bandwidth and Security Strategies Fred Miller Illinois Wesleyan University.

Wireless LANs A Case Study of Baylor University’s Wireless Network Copyright Bob Hartland 2002 This work is the intellectual property of the author. Permission.

Unraveling Web Development PRESENTERS: Bob Nakles and Paras Kaul, George Mason University.

Mobile Computing and Security Authenticated Network Access (ANA) Jon Peters Associate Director Dave Packham Manager of Network Engineering NetCom University.

West Virginia University Office of Information Technology Support Services One Stop Shopping For IT Support Services Sid Morrison Director, OIT Support.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Fundamentals of Networking Discovery 1, Chapter 5 Network Addressing.

Tales from the Trenches Copyright Long, Mitrano, McGovern, and Orr, This work is the intellectual property of the authors. Permission is granted.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Copyright - L. Thanasides, 2002 Using the Right FACTS Can Be Informative: Florida’s Statewide Student Information System Linda Thanasides Marsha Stickel.

Information Resources and Communications University of California, Office of the President System-Wide Strategies for Achieving IT Security at the University.

I NDIANA U NIVERSITY C A N N I N G S P A M A T Copyright Notice Copyright Merri Beth Lavagnino, Marsha Waren, and Rick Jackson, This work is the.

1 No More Paper, No More Stamps: Targeted myWSU Communications Lavon R. Frazier April 27, 2005 Copyright Lavon R. Frazier, This work is the intellectual.

Stanford’s Patch Management Project   Ced Bennett May 17, 2004 Copyright Cedric Bennett This work is the intellectual property of the author. Permission.

Rutgers IT Complex Michael R Mundrane 4 December 2001 Rutgers University Computing Services.

Sharing Information and Controlling Content: Continuing Challenges for Higher Education Susanna Frederick Fischer Assistant Professor Columbus School of.

Information Technology Services 1 Copyright Copyright Marc Wallman and Theresa Semmens, This work is the intellectual property of the authors. Permission.

Distributed Network Security Using Free Tools in University Environments Jeff Bollinger, CISSP, GSEC Doug Brown, CISSP, GSEC University of North Carolina.

Student 2 Student Help The Ohio State University Newark/Central Ohio Technical College Information & Technology Services TechConnect Student-to-Student.

FIREWALL Mạng máy tính nâng cao-V1.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

COEN 252 Computer Forensics

COEN 252 Computer Forensics Collecting Network-based Evidence.

Network Addressing Networking for Home & Small Business.

Note1 (Admi1) Overview of administering security.

Network Security Chapter 11 powered by DJ 1. Chapter Objectives  Describe today's increasing network security threats and explain the need to implement.

Secure Wired Local Area Network( LAN ) By Sentuya Francis Derrick ID Module code:CT3P50N BSc Computer Networking London Metropolitan University.

Copyright [Dr. Michael Hoadley, Chat Chatterji, and John Henderson ] [2004]. This work is the intellectual property of the authors. Permission is granted.

1 Effective Incident Response Presented by Greg Hedrick, Manager of Security Services Copyright Purdue University This work is the intellectual property.

IT Security Challenges In Higher Education Steve Schuster Cornell University Copyright Steve Schuster This work is the intellectual property of.

Quickly Establishing A Workable IT Security Program EDUCAUSE Mid-Atlantic Regional Conference January 10-12, 2006 Copyright Robert E. Neale This.

Isolating Threats on the University Network Tom N. Jagatic IT Policy Office.

Cisco Router Technology. Overview Topics :- Overview of cisco Overview of cisco Introduction of Router Introduction of Router How Router Works How Router.

This courseware is copyrighted © 2016 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.

1 Network Security. 2 Security Services Confidentiality: protection of any information from being exposed to unintended entities. –Information content.

25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.

University of Southern California Identity and Access Management (IAM)

Breaking Down Barriers & Building Bridges Improves Customer Satisfaction & Efficiency Wendy Woodward | March 15, 2011 Copyright Wendy Woodward 2011.

Copyright Joel Rosenblatt 2010

SIP Protocol overview SIP Workshop APAN Taipei Taiwan 23rd Aug 2005

Julian Hooker Assistant Managing Director Educause Southwest

Adapting Enterprise Security to a University Environment

Decentralization in a Centralized IT Environment

Growing Your Incident Response Toolbox

Firewall – Survey Purpose of a Firewall Characteristic of a firewall

Introduction to Networking

Firewalls at UNM 11/8/2018 Chad VanPelt Sean Taylor.

University of Southern California Identity and Access Management (IAM)

Project for OnLine Instructional Support (POLIS)

myIS.neu.edu – presentation screen shots accompany:

An App A Day Copyright Tina Oestreich and Brian Yuhnke This work is the intellectual property of the author. Permission is granted for this material.

Managing Enterprise Directories: Operational Issues

AbbottLink™ - IP Address Overview

Presentation transcript:

INDIANAUNIVERSITYINDIANAUNIVERSITY Automated Network Isolation at Indiana University David A. Greenberg Information Technology Security and Policy Office Indiana University Copyright Indiana University This work is the intellectual property of the author. Permission is granted for this material to be shared for non- commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author."

INDIANAUNIVERSITYINDIANAUNIVERSITY Indiana University Founded in campuses ~100,000 Students ~18,000 Faculty and Staff

INDIANAUNIVERSITYINDIANAUNIVERSITY IT Security and Policy Office Reports directly to CIO University-wide office Staff responsible for a wide range of technologies

INDIANAUNIVERSITYINDIANAUNIVERSITY Incident Response Coordinating response to incidents of abuse or inappropriate use of information or information technology, such as: –Computer and network security breaches –Unauthorized disclosure or modification of electronic information –Denial of service attacks –Port probes, scans –Identifying virus infected machines –Copyright infringement (DMCA) –Forgery, fraud, harassment, chain mail, etc.

INDIANAUNIVERSITYINDIANAUNIVERSITY Incident Response Process Reports sent in to our tracking system Gather supporting technical data Interact with computer security officers to assist with technical investigation Package technical information for IU governance agencies, IU legal counsel, law enforcement, prosecutors, university administration, etc.

INDIANAUNIVERSITYINDIANAUNIVERSITY Incident Response Statistics

INDIANAUNIVERSITYINDIANAUNIVERSITY What types of common blocks exist? On Campus –DHCP lease –Switch port –Null Route –Router ACL Remote Access –Dialup modem pool –VPN access

INDIANAUNIVERSITYINDIANAUNIVERSITY Null Route A route that goes nowhere > route add mask Unicast Reverse Path Filtering (RPF) –Prevents traffic sourced from the null routed IP

INDIANAUNIVERSITYINDIANAUNIVERSITY Internet Router Null Routing

INDIANAUNIVERSITYINDIANAUNIVERSITY Block characteristics The device can communicate with other hosts on the same VLAN, yet is not routed beyond. Typically used as an easier to implement switch port block.

INDIANAUNIVERSITYINDIANAUNIVERSITY Null Route Pros –Blocks take effect almost instantaneously –Can block many devices efficiently –Integration with web interface and shell interface Cons –Devices on same VLAN still exposed to threat –Reporting limited (no means to associate IPs belonging to computer support staff yet) –Only keeps track of IPs –Not suitable for dynamic ips

INDIANAUNIVERSITYINDIANAUNIVERSITY IU Core Network Map

INDIANAUNIVERSITYINDIANAUNIVERSITY Automated Network Isolation (ANI) The coupling of Network Intrusion Detection and Null Routing made easy In a nutshell –ITSO Intrusion Detection Sensors (IDS) detect malicious activity –IDS notifies Null Route Injector “hub” to block IP –ANI block is set with an expiration time of 10 mins Limited view ability

INDIANAUNIVERSITYINDIANAUNIVERSITY ANI cont’d Ideal for people that have the authority to block devices from the network but do not maintain network hardware. Initial automated ANI rollout focused on only one IDS rule, with fairly low incidence and high confidence.

INDIANAUNIVERSITYINDIANAUNIVERSITY

INDIANAUNIVERSITYINDIANAUNIVERSITY

INDIANAUNIVERSITYINDIANAUNIVERSITY Block List

INDIANAUNIVERSITYINDIANAUNIVERSITY 3-way Handshake SYN SYN + ACK ACK FIN ACK FIN ACK CLIENTSERVER

INDIANAUNIVERSITYINDIANAUNIVERSITY SSH brute force attack 13:01: IP y.z.22 > aa.bb.49343: F ack 13:01: IP y.z.22 > aa.bb.49358: S ack 13:01: IP aa.bb > y.z.22:. ack 13:01: IP aa.bb > y.z.22:. ack 13:01: IP y.z.22 > aa.bb.49358:. ack

INDIANAUNIVERSITYINDIANAUNIVERSITY SSH attack after ANI block 13:01: IP aa.bb > x.y.22: F 0:0(0) ack 13:01: IP aa.bb > a.b.22: F 469:469(0) ack 13:01: IP aa.bb > a.b.22: F 469:469(0) ack 13:01: IP aa.bb > c.d.22: F 468:468(0) ack 13:01: IP aa.bb > c.d.22: F 449:449(0) ack 13:01: IP aa.bb > e.f.22: F 468:468(0) ack 13:01: IP aa.bb > g.h.22: F 469:469(0) ack

INDIANAUNIVERSITYINDIANAUNIVERSITY Additional Resources Indiana University IT Security Office – IU Knowledge Base – Indiana University –

INDIANAUNIVERSITYINDIANAUNIVERSITY

INDIANAUNIVERSITYINDIANAUNIVERSITY

INDIANAUNIVERSITYINDIANAUNIVERSITY Data submission my $wddx_data = { requestor => "$user via sniffer", action => "BLOCK", ipaddr => $ipaddr, expire => $expire_time, itso_reason => $sig, itpo_incident => "$incident" };