Securing Enterprise Networks with Traffic Tainting Anirudh Ramachandran Nick Feamster Yogesh Mundada Mukarram bin Tariq.

Slides:

Advertisements

Similar presentations

Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.

Advertisements

11/20/09 ONR MURI Project Kick-Off 1 Network-Level Monitoring for Tracking Botnets Nick Feamster School of Computer Science Georgia Institute of Technology.

1 OpenFlow Research on the Georgia Tech Campus Network Russ Clark Nick Feamster Students: Yogesh Mundada, Hyojoon Kim, Ankur Nayak, Anirudh Ramachandran,

Packets with Provenance Anirudh, Mukarram, Nick, Kaushik.

Network Security Highlights Nick Feamster Georgia Tech.

1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.

Network Security Highlights Nick Feamster Georgia Tech.

1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)

Any Questions?.

Network Security Essentials Chapter 11

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

Winter CMPE 155 Week 7. Winter Assignment 6: Firewalls What is a firewall? –Security at the network level. Wide-area network access makes.

SilverLine: Preventing Data Leaks from Compromised Web Applications Yogesh Mundada Anirudh Ramachandran Nick Feamster Georgia Tech 1 Appeared in Annual.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

Access Control for Networks Problems: –Enforce an access control policy Allow trust relationships among machines –Protect local internet from outsiders.

Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

A Guide to major network components

Firewall and Proxy Server Director: Dr. Mort Anvari Name: Anan Chen Date: Summer 2000.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

Hafez Barghouthi. Model for Network Access Security (our concern) Patrick BoursAuthentication Course 2007/20082.

Why do we need Firewalls? Internet connectivity is a must for most people and organizations  especially for me But a convenient Internet connectivity.

NW Security and Firewalls Network Security

1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.

Current Job Components Information Technology Department Network Systems Administration Telecommunications Database Design and Administration.

Firewall Dave Grizzanti Steve Curti. What is an Internet Firewall? An Internet firewall is most often installed at the point where your protected internal.

OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

CONTENTS  INTRODUCTION.  KEYWORDS  WHAT IS FIREWALL ?  WHY WE NEED FIREWALL ?  WHY NOT OTHER SECURITY MECHANISM ?  HOW FIREWALL WORKS ?  WHAT IT.

Module 4: Configuring ISA Server as a Firewall. Overview Using ISA Server as a Firewall Examining Perimeter Networks and Templates Configuring System.

OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

Firewalls Nathan Long Computer Science 481. What is a firewall? A firewall is a system or group of systems that enforces an access control policy between.

Firewall Technologies Prepared by: Dalia Al Dabbagh Manar Abd Al- Rhman University of Palestine

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

NETWORK SECURITY USING IPTABLES. TOPICS OF DISCUSSION NETWORK TRAFFIC IN PRESENT SCENARIO !! WHY WE NEED SECURITY ? T TYPE OF ATTACKS & WAYS TO TACKLE.

Module 4 Quiz. 1. Which of the following statements about Network Address Translation (NAT) are true? Each correct answer represents a complete solution.

1 Implementing Monitoring and Reporting. 2 Why Should Implement Monitoring? One of the biggest complaints we hear about firewall products from almost.

Note1 (Admi1) Overview of administering security.

Pedigree: Network-wide Protection Against Enterprise Data Leaks Team: Nick Feamster, Assistant Professor, School of CS Anirudh Ramachandran, PhD candidate,

Copyright © cs-tutorial.com. Overview Introduction Architecture Implementation Evaluation.

Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.

1.1 1 Purpose of firewall : –Control access to or from a protected network; –Implements network access policy connections pass through firewall and are.

5 Firewalls in VoIP Selected Topics in Information Security – Bazara Barry.

1 OFF SYMB - 12/7/2015 Firewalls Basics. 2 OFF SYMB - 12/7/2015 Overview Why we have firewalls What a firewall does Why is the firewall configured the.

Module 10: Windows Firewall and Caching Fundamentals.

1 Firewalls - Introduction l What is a firewall? –Firewalls are frequently thought of as a very complex system that is some sort of magical, mystical..

Firewall C. Edward Chow CS691 – Chapter 26.3 of Matt Bishop Linux Iptables Tutorial by Oskar Andreasson.

Firewall Matthew Prestifilippo, Bill Kazmierski, Pat Sparrow.

DATA COMPROMISE Controlling the flow of sensitive electronic information remains a major challenge, ranging from theft to accidental violation of policies.

Computer Security By Duncan Hall.

BUFFERZONE Advanced Endpoint Security Data Connectors-Charlotte January 2016 Company Confidential.

Security risks in a network. Remote access  When you connect a computer to a network it is visible to all other computers on the network. When you connect.

A MAIN PROJECT SEMINAR ON PACKET FILTERING FIREWALL USING NETFILTERS IN LINUX FOR ARM9 BY: R. SRINIVASULU (07N21A0446) CH. SHIVA RAM (07N21A0442) K. MALLIKARJUNA.

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

1 Network Security. 2 Security Services Confidentiality: protection of any information from being exposed to unintended entities. –Information content.

Chapter 40 Internet Security.

CompTIA Security+ Study Guide (SY0-401)

Chapter 6: Securing the Cloud

What is a Firewall?.

Critical Security Controls

Securing the Network Perimeter with ISA 2004

CompTIA Security+ Study Guide (SY0-401)

IS4550 Security Policies and Implementation

Firewalls Jiang Long Spring 2002.

Lecture 3: Secure Network Architecture

AbbottLink™ - IP Address Overview

Presentation transcript:

Securing Enterprise Networks with Traffic Tainting Anirudh Ramachandran Nick Feamster Yogesh Mundada Mukarram bin Tariq

Motivation Main goal: Control the flow of traffic within an enterprise network Two scenarios –Preventing confidential documents from leaving the enterprise ~1/3 of companies victims of insider fraud –Controlling the spread of malware Damages from malware exceed $13 Billion

Scenario #1: Confidential Documents

Existing Approaches Network firewalls –Inspecting content may require deep-packet inspection: difficult at high-speed Host firewalls –Must implement policies on host Restricted use (or separate machines)

Scenario #2: Malware Spreading Malware enters enterprise over thenetwork (e.g., remote exploit, Web application), mobile device, etc. System administrators rely on virus scanners, host AV, etc. –Problem: Payloads may change, hard to keep AV up- to-date

Pedigree Design Trusted tagging component on host Arbiter on network switch

Tag Structure and Function

Design Decisions Specify and enforce policy in the network (not at the host). Taint files and processes. Implement tagger as a kernel module. Use a separate control channel to associate tags with network connections.

Transferring Taints System calls (e.g., read, write ) intercepted, used to track taints Sets of taints stored in separate tag store –Mounted on separate device Implementation: Linux Security Modules

Assumptions and Trust Model Network elements dont modify tags End host has a trusted component –Privileged process –Kernel module –Hypervisor –Outside the host

Scenario: Exfiltration Prevention Users can use a tainting service to assign security classes to files.

Concerns Performance Overhead –Connection setup overhead –System call overhead –Storage overhead Overflow of taint set –Size of taint set could become quite large How to identify taints that reflect a certain class of traffic?

Connection Setup 1 MB TCP Transfers: < 30% Overhead for < 10 concurrent connection initiations.

System Call Overhead 18-30% overhead on read- intensive processes

How Many Taints? Our research group: 15,000 unique binaries Ways to deal with large sets of taints –Compression (Bloom filter) –Aggregation (Second-level taints) –Bottom security level

Summary Enterprises need to control information flow within their networks –Data leak/loss prevention –Malware containment Idea: Track information flow across processes. Implement control in network.