Salsa Bits: A few things that the analysts aren't talking about... December 2006.

Slides:

Advertisements

Similar presentations

Security Challenges for Future Internet Design Cybertrust PI Meeting Breakout.

Advertisements

Security BoF: What Are The Community's Open Questions? Joe St Sauver, Ph.D. or Manager, Internet2 Nationwide Security.

Ethics, Privacy and Information Security

Current impacts of cloud migration on broadband network operations and businesses David Sterling Partner, i 3 m 3 Solutions.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Abilene Transit Security Policy Joint Techs Summer ’05 Vancouver, BC, CA Steve Cotter Director, Network Services Steve Cotter Director,

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Research and Educational Networking Information Analysis and Sharing Center (REN-ISAC) Mark S. Bruhn, Interim Director University Copyright.

Federations in Texas Barry Ribbeck University of Texas Health Science Center at Houston.

1 Telstra in Confidence Managing Security for our Mobile Technology.

Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.

(Geneva, Switzerland, September 2014)

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.

The Business of Identity Management Barry R. Ribbeck Director Systems Architecture & Infrastructure Rice University

N. GSU Slide 1 Chapter 04 Cloud Computing Systems N. Xiong Georgia State University.

SANS Technology Institute - Candidate for Master of Science Degree Implementing and Automating Critical Control 19: Secure Network Engineering for Next.

University of Missouri System 1 Security – Defending your Customers from Themselves StateNets Annual Meeting February, 2004.

Firewalls and the Campus Grid: an Overview Bruce Beckles University of Cambridge Computing Service.

Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.

Introduction to Network Defense

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Security Imperatives in a New Workplace Partnering to Protect Digital Information in the 21st Century Presented by Michael Ferris, Alaska Enterprise Solutions.

© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.

Storage Security and Management: Security Framework

CHAPTER 3 Information Privacy and Security. CHAPTER OUTLINE  Ethical Issues in Information Systems  Threats to Information Security  Protecting Information.

How STERIS is using Cloud Technology to Protect Web Access Presented By: Ed Pollock, CISSP-ISSMP, CISM CISO STERIS Corporation “Enabling Business”

Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.

Dell Connected Security Solutions Simplify & unify.

Internet Drivers License CSS411/BIS421 Computing Technology & Public Policy Mark Kochanski Spring 2010.

SECURITY & THE UNIVERSITY INCLUDING A HOSPITAL October 3, 2008 Doyle Friskney Chief Technology Officer University of Kentucky.

VoIP Security in Service Provider Environment Bogdan Materna Chief Technology Officer Yariba Systems.

Pg 1 of 25 AGI IP-Based Network Solutions Phil Flores Major Account Manager – Cisco Systems, inc.

Shared Darknet Project Internet2 Spring 2006 Member Meeting Doug Pearson Technical Director, REN-ISAC.

Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:

Research and Education Networking Information Sharing and Analysis Center REN-ISAC John Hicks TransPAC2/Indiana University

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

12 Steps to Cloud Security A guide to securing your Cloud Deployment Vishnu Vettrivel Principal Engineering Lead,

Module 6: Designing Security for Network Hosts

Selling Strategies Microsoft Internet Security and Acceleration (ISA) Server 2004 Powerful Protection for Microsoft Applications.

NSF Cybersecuity Summit May REN-ISAC Goal The goal of the REN-ISAC is to aid and promote cyber security protection and response within the higher.

Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.

Module 11: Designing Security for Network Perimeters.

AUB Department of Electrical and Computer Engineering Imad H. Elhajj American University of Beirut Electrical and Computer Engineering

IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.

Security Discussion IST Retreat June IT Security Statement definition In the context of computer science, security is the prevention of, or protection.

IT Security Challenges In Higher Education Steve Schuster Cornell University Copyright Steve Schuster This work is the intellectual property of.

1 REN-ISAC Update Research and Education Networking Information Sharing and Analysis Center Joint Techs Madison WI July 2006.

University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Internet2 Abilene & REN-ISAC Arbor Networks Peakflow SP Identification and Response to DoS Joint Techs Winter 2006 Albuquerque Doug Pearson.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

REN-ISAC Research and Education Networking Information Sharing and Analysis Center Doug Pearson REN-ISAC Director Internet2 Security WG BoF October 14,

Delivering Assured Services John Weigelt National Technology Officer Microsoft Canada.

IS3220 Information Technology Infrastructure Security

Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.

PCs ENVIRONMENT and PERIPHERALS Lecture 10. Computer Threats: - Computer threats: - It means anything that has the potential to cause serious harm to.

INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.

CS457 Introduction to Information Security Systems

Critical Security Controls

Educause/Internet 2 Computer and Network Security Task Force

Advanced Threat Protection

Cisco Dumps PDF Implementing Cisco Network Security RealExamCollection.com.

CIS 333Competitive Success/tutorialrank.com

CIS 333 Education for Service-- tutorialrank.com.

Cybersecurity Strategy

The University of Adelaide, School of Computer Science

In the attack index…what number is your Company?

Presentation transcript:

Salsa Bits: A few things that the analysts aren't talking about... December 2006

2 What analysts are saying is important (and we agree) Protecting sensitive data Not just the enterprise data, but the researcher data Identity management In higher-ed, there's a lot of business process and policy issues as well as technology Malware (viruses, worms, spyware, etc.) Distributed denial of service attacks

3 What analysts haven't started to talk about yet... The strategic importance of and expanding reliance on DNS The value of sector-based security operations and the REN-ISAC {Spam, DDOS, etc} and its impact on the infrastructure Evolving firewall management strategies to accommodate advanced applications Federated identity and leveraging it for access control

4 Domain Name System (DNS) DNS is the foundational service of the network; no service works without it. DNS itself needs better security Vulnerable to several attacks and can be exploited for other attacks Remedial steps (e.g. DNSSec) face critical bootstrap and mass adoption value DNS as the basis for many security enhancements Spam control mechanisms will leverage it Federated security services depend on it EDUCAUSE oversees.edu; chance for higher-ed to lead

5 Takeaway: Domain Name System (DNS) Make sure the campus DNS operations are adequately supported; check out Campus DNS operations should plan to work with applications Make sure that you’re not part of the problem – filter outgoing spoofed traffic, don't operate open recursive servers, etc...

6 Sector-based security services Of the initial sector oriented security analysis centers, the best remaining one is the REN- ISAC New technical and advisory groups Today, offers early warning services gleaned from Abilene traffic, identification of botnets, interactions with DHS and vendors, exchanges with other cooperative security efforts Tomorrow, it could build better analytic tools, inter-realm security exchanges, and other community-based security services

7 Takeaway: Sector-based security Make sure your campus is plugged in: To the REN-ISAC trust community – it is a vehicle for sharing real time security information To the various lists that discuss sector security issues, e.g. the higher-ed mail admin list, the EDUCAUSE security list Understand that our distinctive requirements will require common security approaches

8 Attacks and their impacts on infrastructure IETF concerns at the amount of unwanted traffic… Chronic threats – e.g. spam, botnets, etc are dramatically up and more resistant to remedies Better tuned MS machines have significantly increased the DDOS potentials Stress the campus infrastructure – mail servers, spam filters, firewalls, etc.

9 Takeaway: Attacks and their impacts Harden the infrastructure High capacity networking links should include high capacity security mechanisms New retention laws, rise of spam, etc. may change the way we choose to communicate

10 Evolving perimeter defense strategies From the network perimeter to defense in depth The starbucks effect The internal threats Push the protection perimeter as close to the edge as feasible Need to deal with optical bypass Need to be flexible for different requirements Credit card requirements can factor in

11 Evolving perimeter defense tradeoffs Understand that perimeter defense security tools often involve tradeoffs VPN – security and opacity NAT – isolation and loss of collaboration Firewalls and performance Additional perimeters increase the complexity of problem diagnosis

12 Takeaway: Evolving perimeter defense Be prepared for changes to accommodate team science. Trust-mediated transparency will leverage identity management Be aware that fundamental network architecture discussions are examining clouds of gated communities vs. a network utility Mean time to diagnose and support implications Monitor, audit, non-repudiation moving beyond forensics to situational awareness and active management

13 Federated identity As touted, Identity Management is urgent and important Federated identity leverages institutional Identity Management in inter-institutional settings By itself federated identity can provide significant security value. Enables flexible LOA's, improves privacy, etc. As a new layer of infrastructure, it can be leveraged to provide new security services Improved guest access usability and accountability Privilege management for virtual organizations

14 Takeaway: Federated Identity Make sure your campus is coming to grips with IdM Business owners, data stewards, external constituency services (alumni, facilities management, etc), central IT Understand the policies, the state transitions and their triggers, the privileges per state, etc Check out the web site and CAMPS. Prepare for federation Internal federations with medical schools, engineering colleges, etc. Install federating software, e.g. Shibboleth Identify policy issues and groups to work on them Understand the value of strategic use of two factor authentication

15