Firewalls, Networking and Monitoring Rolly Gilmour Object: to discuss issues relating to the Operation of the Grid and Grid middleware in a campus network.

Slides:

Advertisements

Similar presentations

Designing for Pervasive Network Security. Designing for Security Our aim in this section will be to concentrate on how campus Networks can be designed.

Advertisements

Duke University SDN Approaches and Uses GENI CIO Workshop – July 12, 2012.

© 2000, Cisco Systems, Inc. Cisco Video Conferencing Gatekeeper Design Scott Kirby Distinguished Systems Engineer.

Logically Centralized Control Class 2. Types of Networks ISP Networks – Entity only owns the switches – Throughput: 100GB-10TB – Heterogeneous devices:

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

FIREWALLS Chapter 11.

Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.

QoS Solutions Confidential 2010 NetQuality Analyzer and QPerf.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

1 Some TCP/IP Basics....NFSDNSTELNETSMTPFTP UDPTCP IP and ICMP Ethernet, serial line,..etc. Application Layer Transport Layer Network Layer Low-level &

NetFlow Analyzer Drilldown to the root-QoS Product Overview.

The Future of the Internet Jennifer Rexford ’91 Computer Science Department Princeton University

Firewalls and VPNS Team 9 Keith Elliot David Snyder Matthew While.

Computer Networks IGCSE ICT Section 4.

(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,

Firewalls and the Campus Grid: an Overview Bruce Beckles University of Cambridge Computing Service.

Lawrence G. Roberts CEO Anagran September 2005 Advances Toward Economic and Efficient Terabit LANs and WANs.

 A network simulator is a piece of software or hardware that predicts the behavior of a network, without an actual network being present.

Networking Components

Campus Firewalling Dearbhla O’Reilly Network Manager Dublin Institute of Technology.

Guide to TCP/IP, Third Edition

UK GRID Firewall Workshop Matthew J. Dovey Technical Manager Oxford e-Science Centre.

Intrusion Prevention System. Module Objectives By the end of this module, participants will be able to: Use the FortiGate Intrusion Prevention System.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Identifying Application Impacts on Network Design Designing and Supporting Computer.

1 The Firewall Menu. 2 Firewall Overview The GD eSeries appliance provides multiple pre-defined firewall components/sections which you can configure uniquely.

2 July 2002UK MAN Managers' Group1 Schools networks England RBC interconnection Scotland LA interconnection (?) and transit Wales LLNW interconnection.

Information Assurance Program Manager U.S. Army Europe and Seventh Army Information Assurance in Large-Scale Practice International Scientific NATO PfP/PWP.

MPLS and Traffic Engineering Ji-Hoon Yun Computer Communications and Switching Systems Lab.

Windows 7 Firewall.

Module 4: Designing Routing and Switching Requirements.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Identifying Application Impacts on Network Design Designing and Supporting.

1 LAN design- Chapter 1 CCNA Exploration Semester 3 Modified by Profs. Ward and Cappellino.

Service Tools Meeting your needs with additional features!

Virtual Private Ad Hoc Networking Jeroen Hoebeke, Gerry Holderbeke, Ingrid Moerman, Bard Dhoedt and Piet Demeester 2006 July 15, 2009.

Computing Infrastructure for Large Ecommerce Systems -- based on material written by Jacob Lindeman.

Campus Network Development Network Architecture, Universal Access & Security.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Introducing Network Design Concepts Designing and Supporting Computer Networks.

Chapter 7 Backbone Network. Announcements and Outline Announcements Outline Backbone Network Components  Switches, Routers, Gateways Backbone Network.

Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Introducing Network Design Concepts Designing and Supporting Computer Networks.

ACCESS CONTROL LIST.

BNL PDN Enhancements. Perimeter Load Balancers Scaleable Performance Fault Tolerance Server Maintainability User Convenience Perimeter Security.

NETGEAR CONFIDENTIAL FVS338 ProSafe VPN Firewall 50.

Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 1 Multicasting within UCS Qiese Dides.

Introducing a New Concept in Networking Fluid Networking S. Wood Nov Copyright 2006 Modern Systems Research.

Network Router Security Packeting Filtering. OSI Model 1.It is the most commonly refrenced protocol model. It provides common ground when describing any.

7/11/0666th IETF1 QoS Enhancements to BGP in Support of Multiple Classes of Service Andreas Terzis Computer Science Department Johns Hopkins University.

Characteristics of Scaleable Internetworks

Networking Components Assignment 3 Corbin Watkins.

9/29/04 GGF Random Thoughts on Application Performance and Network Characteristics Distributed Systems Department Lawrence Berkeley National Laboratory.

Cryptography and Network Security

BDTS and Its Evaluation on IGTMD link C. Chen, S. Soudan, M. Pasin, B. Chen, D. Divakaran, P. Primet CC-IN2P3, LIP ENS-Lyon

IPv6 Security Issues Georgios Koutepas, NTUA IPv6 Technology and Advanced Services Oct.19, 2004.

Multiprotocol Label Switching (MPLS) Routing algorithms provide support for performance goals – Distributed and dynamic React to congestion Load balance.

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

Network Troubleshooting CT NWT NameTP No. Gan Pei ShanTP Tan Ming FattTP Elamparithi A/L ThuraisamyTP Tan Ken SingTP

GGF 17 - May, 11th 2006 FI-RG: Firewall Issues Overview Document update and discussion The “Firewall Issues Overview” document.

25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.

UNM SCIENCE DMZ Sean Taylor Senior Network Engineer.

Advanced Network Labs & Remote Network Agent

Lab A: Planning an Installation

CONNECTING TO THE INTERNET

ETHANE: TAKING CONTROL OF THE ENTERPRISE

Computer Data Security & Privacy

Prepared By : Pina Chhatrala

Introduction to Networking

AbbottLink™ - IP Address Overview

Presentation transcript:

Firewalls, Networking and Monitoring Rolly Gilmour Object: to discuss issues relating to the Operation of the Grid and Grid middleware in a campus network environment

Firewalls - fact of life for many Institutions What is a firewall –Router with ACLs providing Port/Address Filters –Commodity system (e.g PC) running Open source or commercial Firewall code –Custom appliance Features may range from –ACLs providing IP port and address filters –Statefull inspection - monitoring and controlling discrete flows –Application aware e.g H323

Firewalls - Grid Rrequirements Need to open access for certain ports –gatekeeper –GRIS/GIIS2135 –GridFTP2811 –GSI Enabled SSH22 –Plus Port range defined by Globus_TCP_Port_Range These requirements relate specifically to Globus Access Grid Node and other Apps will impose additional requirements

Firewalls - Operational Constraints Institutional security Policy Political Consideration Firewall performance –Filtering and Forwarding capabilities Throughput –Number of Flows supported –Effect on performance of adding additional rulesets Knowledge of Grid applications and their behavior –Effect on site security –Effect on Firewall performance/stability Opening port range considered bad practice

Firewalls - Possible solutions Better understanding and confidence: –Grid applications and behavior –Grid Middleware security –Globus security audit ByPass Firewalls –Parallel Universe –Grid Application Proxies Grid Application aware Firewalls (Proxies) Standardize Globus port range –IANA assigned –If not then agreement at UK level Consider multiple site firewalls rather than single Institutional firewall

Firewalls - Recommendations Improve dialogue between Grid community and CS Departments Improve CS Departments knowledge and understanding of Grid applications and middleware Improve Grid communities understanding of CS departments responsibilities, priorities and available resources Request IANA assigned port range for Grid Applications Attempt to produce best practice guide for different scenarios –Single institutional firewall –Firewall By-Pass –Multiple site firewalls GNT to discuss requirements with CS departments

Networking - Grid Requirements Anticipated Demand –Massive bandwidth Low latency and Jitter Actual Demand –Not yet known Multicast support for Access Grid Node

Networking - Operational Constraints Institutions current campus Network Institutions link to MAN MANs link to SuperJANET Location of Grid Activity –Consolidated –Dispersed Funding source for Grid resources –Specific –Shared

Networking - Possible solutions Better understanding and confidence: –Grid applications and behavior Campus LAN Upgrades –Parallel Universe (costly) –Overlay on campus LAN VLANS QoS Treat as just another application –Add QoS as and when required Upgrade Institutions link to MAN Negotiate Private Grid feed to SuperJANET –May need special engineering Parallel Universe or Overlay Routing Policies

Networking - Recommendations Improve dialogue between Grid community and CS Departments Improve CS Departments knowledge of Grid applications including Multicast, Bandwidth and QoS requirements Improve Grid communities understanding of CS departments responsibilities, priorities and available resources Capacity Planning for Institutions Grid activities Attempt to produce best practice guides for different scenarios –Parallel Universe –Overlay with QoS –Just another set of applications GNT to discuss requirements with CS departments and MAN RNOs

Monitoring - Grid Requirements Data Grid Monitoring Tools – End-to-End probes to determine capacity, loss, latency and jitter between source and destination sites Possible uses –Validate SLAs QoS profiles –Determine viability of proposed bulk transfers

Monitoring - Operational Constraints Site policy may block probes To many probes from different Grid activities may cause operational problems Lack of knowledge of local, MAN and SJ topologies may give rise to misleading interpretations Sites may also wish to monitor Grid activity for possible effects on Network performance, Firewall friendliness and application behavior

Monitoring - Recommendations Improve dialogue between Grid community and CS Departments Improve CS Departments knowledge of Grid applications including Multicast, Bandwidth and QoS requirements Improve Grid communities understanding of CS departments responsibilities, priorities and available resources Liaise with CS departments on Monitoring requirements Consider asking CS to perform monitoring or work closely with them Attempt to produce best practice guides for monitoring activities GNT to discuss requirements with CS departments and MAN RNOs