SALSA-NetAuth Joint Techs Vancouver, BC July 2005.

Slides:



Advertisements
Similar presentations
ICANN Plan for Enhancing Internet Security, Stability and Resiliency.
Advertisements

Identifying and Responding to Security Incidents in the Law Firm
SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.
SALSA-NetAuth SALSA-FWNA BoF Kevin Miller Duke University Internet2 Member Meeting May 2005.
Presented by: Thabet Kacem Spring Outline Contributions Introduction Proposed Approach Related Work Reconception of ADLs XTEAM Tool Chain Discussion.
Technical Review Group (TRG)Agenda 27/04/06 TRG Remit Membership Operation ICT Strategy ICT Roadmap.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
November IPsec Remote Access BOF Washington D.C. November
Advanced Metering Infrastructure AMI Security Roadmap April 13, 2007.
Computer Security: Principles and Practice
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
Stephen S. Yau CSE , Fall Security Strategies.
Network Architecture for Automatic Security and Policy Enforcement Internet2 Members Meeting Fall 2005 Eric Gauthier ~ Boston University Kevin Amorin ~
Office of Information Technologies CAMP: Bridging Security and Identity Management Christopher Misra 14 February 2008 Tempe, AZ Protecting Network Assets.
The Knowledge Resources Guide The SUVOT Project Sustainable and Vocational Tourism Rimini, 20 October 2005.
Final Design and Implementation
Website Hardening HUIT IT Security | Sep
Tackling the Policy Challenges of Health Information Exchange Carol Diamond, MD, MPH Managing Director, Markle Foundation.
The LOGIIC Consortium Zachary Tudor, CISSP, CISM, CCP Program Director SRI International.
“Behind the Scenes” of the Enterprise Development Reference Architecture (EDRA) Jonathan Wanagel Microsoft patterns & practices
1 Systems Analysis and Design in a Changing World, Fourth Edition.
HIPAA COMPLIANCE WITH DELL
Atlanta Public Schools Project Management Framework Proposed to the Atlanta Board of Education to Complete AdvancED/SACS “Required Actions” January 24,
11 SECURITY TEMPLATES AND PLANNING Chapter 7. Chapter 7: SECURITY TEMPLATES AND PLANNING2 OVERVIEW  Understand the uses of security templates  Explain.
Mantychore Oct 2010 WP 7 Andrew Mackarel. Agenda 1. Scope of the WP 2. Mm distribution 3. The WP plan 4. Objectives 5. Deliverables 6. Deadlines 7. Partners.
SALSA-FWNA Activity Update Kevin Miller Duke University Internet2 Member Meeting May 2005.
NSF and IT Security George O. Strawn NSF CIO. Outline Confessions of a CIO Otoh NSF matters IT security progress at NSF IT security progress in the Community.
Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.
1 Phil Rodrigues, Sr Network Security Analyst, NYU ITS Automated Policy Enforcement November 12, 2004.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
2005 © SWITCH Perspectives of Integrating AAI with Grid in EGEE-2 Christoph Witzig Amsterdam, October 17, 2005.
INCIDENT RESPONSE IMPLEMENTATION David Basham University of Advancing Technology Professor: Robert Chubbuck NTS435.
Enterprise Architecture, Enterprise Data Management, and Data Standardization Efforts at the U.S. Department of Education May 2006 Joe Rose, Chief Architect.
U.S. Department of Agriculture eGovernment Program eGovernment Working Group Meeting February 11, 2004.
Knowing What You Missed Forensic Techniques for Investigating Network Traffic.
NMI End-to-End Diagnostic Advisory Group BoF Fall 2003 Internet2 Member Meeting.
NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.
Internet2 Security Efforts - A brief overview of activities Ken Klingenstein 2004 July 21 Joint Techs- Columbus, Ohio.
The Impact of Evolving IT Security Concerns On Cornell Information Technology Policy.
CS460 Final Project Service Provider Scenario David Bergman Dong Jin Richard Bae Scott Greene Suraj Nellikar Wee Hong Yeo Virtual Customer: Mark Scifres.
Advanced attack techniques Advanced attack techniques Increased by passing techniques against the existing detection methods such as IDS and anti- virus.
Chapter 6: THE EIGHT STEP PROCESS FOCUS: This chapter provides a description of the application of customer-driven project management.
Security Patterns for Web Services 02/03/05 Nelly A. Delessy.
Security Environment Assessment. Outline  Overview  Key Sources and Participants  General Findings  Policy / Procedures  Host Systems  Network Components.
Information Technology Services Strategic Directions Approach and Proposal “Charting Our Course”
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
Architecture Task AR Status Presented to the July Meeting of the GEO and Architecture and Data Committee Dr. Thomas C. Adang AR Point.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
By Marwan Al-Namari & Hafezah Ben Othman Author: William Stallings College of Computer Science at Al-Qunfudah Umm Al-Qura University, KSA, Makkah 1.
3rd Helix Nebula Workshop on Interoperability among e-Infrastructures and Commercial Clouds Carmela ASERO, EGI.eu 17 September 2013, Madrid
IS3220 Information Technology Infrastructure Security
The NIST Special Publications for Security Management By: Waylon Coulter.
HHS Security and Improvement Recommendations Insert Name CSIA 412 Final Project Final Project.
Enterprise Architectures Course Code : CPIS-352 King Abdul Aziz University, Jeddah Saudi Arabia.
Enterprise Architectures Course Code : CPIS-352 King Abdul Aziz University, Jeddah Saudi Arabia.
Enterprise Security Program Overview Presenter: Braulio J. Cabral NCI-CBIIT/caBIG Enterprise Security Program Coordinator.
Welcome Information Security Office Services Available to Counties Security Operations Center Questions.
EAP WG EAP Key Management Framework Draft-ietf-eap-keying-05.txt Bernard Aboba Microsoft IETF 62, Minneapolis, MN.
DOE /ESnet-related IPv6 Activities Phil DeMar HEPix IPv6 Workshop (CERN) Sept. 6,
1. Definition : Malicious code refers to a program that is covertly inserted into another program with the intent to Malicious activities. 2.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
Description of Revision
IS4550 Security Policies and Implementation
I have many checklists: how do I get started with cyber security?
Mark Poepping, SALSA Chair
Protecting Network Assets
SISAI STATISTICAL INFORMATION SYSTEMS ARCHITECTURE AND INTEGRATION
Counter APT Counter APT HUNT operations combine best of breed endpoint detection response technology with an experienced cadre of cybersecurity experts.
1 Envision 3 Outline 4 Design
Fy ‘08 NETWORK PLANNING TASK FORCE
Presentation transcript:

SALSA-NetAuth Joint Techs Vancouver, BC July 2005

Agenda  NetAuth background  NetAuth Strategies Document  NetAuth Architecture Documents  Applicability to federated network access environments  What do we do next?

SALSA-NetAuth Charter  The SALSA-NetAuth Working Group will consider the data requirements, implementation, integration, and automation technologies associated with understanding and extending network security management related to:  1. Authorized network access (keyed by person and/or system)  2. Style and behavior of transit traffic (declarative and passive)  3. Forensic support for investigation of abuse

SALSA-NetAuth Working Group: Initial activities  Investigation of requirements and implementations of network database and registration services in support of network security management; - Complete, Strategies Document  Investigation of extensions to these services to proactively detect and prevent unauthorized or malicious network activity. – Strategies Document, Architecture Documents  Analysis and proposal toward a pilot and eventual implementation to support network access to visiting scientists among federated institutions. – In Progress – Architecture Documents  Analysis of security applications that may result from extending these implementations. – Overarching all activities

SALSA-NetAuth Working Group: Roadmap  Outlines the activities of the SALSA-NetAuth working group and all related sub-groups.  Reflects the overall direction of the working group(s) and maintain consistency between the various efforts  SALSA-NetAuth Working Group Roadmap  Christopher Misra, 25 April 2005 

SALSA-NetAuth Working Group: Initial Deliverables  Investigation of extensions to these services to proactively detect and prevent unauthorized or malicious network activity.  Strategies for Automating Network Policy Enforcement  Eric Gauthier, Phil Rodrigues, 20 April 2005  Final draft 

Strategies for Automating Network Policy Enforcement  “(A) Structure and summary of approaches for automating technical policy enforcement as a condition for network access in colleges and universities”  Host isolation into specialized networks  Conditional network access  Initial document  Not the final answer

Strategies for Automating Network Policy Enforcement  Preventative policy enforcement reduces  Total number of technical security vulnerabilities  The success of a particular piece of malware or attack technique.  Isolation networks separate compromised and infected hosts  Minimize the spread of infection  Block external access from attackers.  Automated remediation systems have a positive impact on a large number of hosts with a relatively small time investment from computing staff.

Strategies for Automating Network Policy Enforcement  The Common Process  Five steps  Registration  Detection  Isolation  Notification  Remediation  Not necessarily in this order.

What direction are we focusing current and future energies?  Architecture document(s)  How do we make NetAuth a designed infrastucture versus organic  We need a model to analyze these systems  How do we apply NetAuth systems to federated environments? (like FWNA/eduRoam)  What components implement this architecture

Architecture Document  A framework to develop standardized mechanisms and detailed descriptions of how to directly implement policy enforcement using existing devices  NetAuth Architecture for Automating Network Policy Enforcement  Kevin Amorin, Eric Gauthier, July 2005  Draft 03 

Architecture Document – Draft 03  To detail a policy enforcement architecture for network access.  For analysis in both intra-campus and federated environments  A guide for the development of new interoperable solutions.  Draft 04 out hopefully by mid-August

Architecture Document – Draft 03  Intended to be flexible, extensible, and interoperable with existing infrastructure  Provide the necessary hooks to accommodate upcoming technologies such as federated authentication and authorization schemes.  Shibboleth, etc.  How networks can implement network access policies even when network configurations and policies change dynamically

Policy Determination Process Policy determination is how the network determines whether or not a host is in compliance with network access policy

Network States To implement network policy, hosts and networks should move through these states Each time that a new state is entered, the network should follow the policy determination process

Components Document  How do we apply the above model to physical (and virtual) network components  Develop use cases and deployment scenarios  Understand interoperability of devices  Initial framework for possible code encouragement/development.  Work in progress

How can you help?  Participate in the NetAuth  Working group is open to all members of the Educause / Internet2 community.  Contribute to future documents  This documents are still the beginning of what we hope to accomplish.

 Homepage   Draft charter  Mailing list  Additional contacts  Steve Olshansky  Charles Yun  Christopher Misra SALSA-NetAuth Working Group: Volunteers needed