Georgia Tech Information Security Campus Architecture for ECE6612 November 2, 2005 Peter N. Wan Senior Information Security Engineer Office of Information.

Slides:



Advertisements
Similar presentations
Information Technology at Emory The Building Blocks for Security at Emory University Jay D. Flanagan Security Team Lead Technical Services Copyright Jay.
Advertisements

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
5-Network Defenses Dr. John P. Abraham Professor UTPA.
Winter CMPE 155 Week 7. Winter Assignment 6: Firewalls What is a firewall? –Security at the network level. Wide-area network access makes.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Firewalls and Intrusion Detection Systems
Group Presentation Design and Implementation of a company- wide networking & communication technologies strategy 9 th December 2003 Prepared By: …………
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
SIRT Contact Orientation Security Incident Response Team Departmental Security Contacts April 16, 2004.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
By Edith Butler Fall Our Security Ways we protect our valuables: Locks Security Alarm Video Surveillance, etc.
Host Intrusion Prevention Systems & Beyond
Secure Network Design: Designing a Secure Local Area Network IT352 | Network Security |Najwa AlGhamdi1 Case Study
Department Of Computer Engineering
Being Proactive with Computer Posture Assessment Department of Housing and Residence Education Charles Benjamin.
Security Guidelines and Management
Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?
Firewalls Marin Stamov. Introduction Technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.
Trend Micro Deployment Kelvin Hwang IT Services University of Windsor.
EDUCAUSE Security 2006 Internet John Brown University.
Information Security Information Technology and Computing Services Information Technology and Computing Services
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
1 Intrusion Detection Systems. 2 Intrusion Detection Intrusion is any use or attempted use of a system that exceeds authentication limits Intrusions are.
IT-security in the Ubiquitous Computing World Chris Kuo, CISSP, CISA Acer eDC (e-Enabling Data Center) Acer Inc. 2007/3/27.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
Chapter 2 Information Security Overview The Executive Guide to Information Security manual.
Leaders’ Forum, March 16, 2006 The Invisible Risk: Leaders’ Role in Protecting Western’s Electronic Information.
Internet Service Provisioning Phase - I August 29, 2003 TSPT Web:
FIREWALL Mạng máy tính nâng cao-V1.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
CERN’s Computer Security Challenge
Why do you need to think about security?  Data loss  System loss  Identity theft.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.
Safeguarding OECD Information Assets Frédéric CHALLAL Head, Systems Engineering Team OECD.
A virus is software that spreads from program to program, or from disk to disk, and uses each infected program or disk to make copies of itself. Basically.
Firewalls Nathan Long Computer Science 481. What is a firewall? A firewall is a system or group of systems that enforces an access control policy between.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Denial of Service (DoS) DoS attacks are aggressive attacks on an individual computer or groups of computers with the intent to deny services to intended.
1 Improving Security Through Automated Policy Compliance Christopher Stevens Director of Network and Technical Services Lewis & Clark College Educause.
What’s New in WatchGuard XCS v9.1 Update 1. WatchGuard XCS v9.1 Update 1  Enhancements that improve ease of use New Dashboard items  Mail Summary >
VolNet2 Bill White Network Services. September 20, 2004OIT Fall Staff Meeting Why Volnet2? Based on the Security Assessment findings Insecure protocols.
Note1 (Admi1) Overview of administering security.
Training and Dissemination Enabling Grids for E-sciencE Jinny Chien, ASGC 1 Training and Dissemination Jinny Chien Academia Sinica Grid.
1 HoneyNets. 2 Introduction Definition of a Honeynet Concept of Data Capture and Data Control Generation I vs. Generation II Honeynets Description of.
CU – Boulder Security Incidents Jon Giltner. Our Challenge.
EECS 4482 Fall 2014 Session 8 Slides. IT Security Standards and Procedures An information security policy is at a corporate, high level and generally.
Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.
Module 11: Designing Security for Network Perimeters.
Chapter 8 Network Security Thanks and enjoy! JFK/KWR All material copyright J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking:
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Network Forensics - III November 3, 2008.
Ed Tech Audit Case Study Pete Reilly. Process Meetings with the Superintendent Extended meetings with the technology coordinator Meeting with each administrator.
I NTRUSION P REVENTION S YSTEM (IPS). O UTLINE Introduction Objectives IPS’s Detection methods Classifications IPS vs. IDS IPS vs. Firewall.
Network Security Terms. Perimeter is the fortified boundary of the network that might include the following aspects: 1.Border routers 2.Firewalls 3.IDSs.
Role Of Network IDS in Network Perimeter Defense.
Bay Ridge Security Consulting (BRSC). Importance in Securing System  If don’t keep up with security issues or fixes Exploitation of root access Installation.
WINS Monthly Meeting 06/05/2003 WINS Monthly Meeting 06/05/2003.
Information Systems CS-507 Lecture 32. Physical Intrusion The intruder could physically enter an organization to steal information system assets or carry.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
Intrusion Detection and Prevention Systems By Colton Delman COSC 454 Information Assurance Management.
Georgia Tech Information Security
Working at a Small-to-Medium Business or ISP – Chapter 8
Critical Security Controls
Firewall – Survey Purpose of a Firewall Characteristic of a firewall
IS4680 Security Auditing for Compliance
Intrusion Prevention Systems
Session 20 INST 346 Technologies, Infrastructure and Architecture
Presentation transcript:

Georgia Tech Information Security Campus Architecture for ECE6612 November 2, 2005 Peter N. Wan Senior Information Security Engineer Office of Information Technology, Information Security Directorate

Information Security Architecture - Outline InfoSec Architecture diagram Network Architecture diagram Security Technology Policies User Awareness Campaign Q&A

Information Security Architecture(1) Still on Web – 4/23/2008

Information Security Architecture(2) Layered Defense in Depth Host firewalls and other defensive measures are still important even if there is a network firewall Business of the Institute must continue so security must help enable business processes

Network Architecture (1)

Network Architecture (2) Border routers receive traffic from Tech ISPs (Cogent, Quest, Level3, Peachnet, SoX/Abilene, etc.) Border routers feed traffic to campus gateway routers Campus gateway routers feed the campus backbone, where departmental and other routers/firewalls are connected

Campus Security Technology Border/Backbone Routers Intrusion Prevention Systems (not in production yet) Intrusion Detection Systems Network Firewalls Host-Based Security

Campus Security Technology – Border/Backbone Routers Pass traffic only Protocols that are not passed over a Wide Area Network (tftp, file sharing, database services, etc.) are blocked by internal firewalls, not ACLs at the border “Netflows” are collected at various routers to identify suspicious traffic; content is not examined

Campus Security Technology – Intrusion Prevention Systems Two ISS Proventia G1000F intrusion prevention devices were installed at the border of the campus network IPSes are designed to be installed in-line, and to provide blocking of traffic that does not meet their security policy (more flexibility than router port filters, which are all-or-none type enforcement) “Deep Inspection”

Campus Security Technology – Intrusion Detection Systems Campus border traffic is mirrored by a switch to two types of IDSes Enterasys Dragon is a signature-based IDS Lancope Stealthwatch is an anomaly- based IDS

Example Status from Lancope Stealthwatch P2P Worm Activity Worm Propagation SPAM Source _Mail Relay Comm. With Known Bad Host -Flood -Target SYNs

Campus Security Technology – Network Firewalls Business Office/Ferst Center incidents emphasized the need for better monitoring/control of certain departments/servers Program for deploying firewalls at the connection of departments to the campus network has been progressing

Campus Security Mechanisms – Host-Based Security(1) Antivirus software (NAI/McAfee site- licensed for campus) Host firewalls (ISS RealSecure Desktop Protector) Spyware removal software (no site- licensed packages currently, though Spybot Search & Destroy is free even for university use)

Campus Security Mechanisms – Host-Based Security(2) Operating system, application, utility patching very important; use vendor- supplied or 3 rd party products (e.g., PatchLink or HFNetChk) Activate automatic updates wherever possible (antivirus, spyware remover, operating system); this may not be appropriate for servers

Incident Response Many incidents consist of virus/spyware infections, and are handled locally by departments or ResNet/EastNet staff A “Sensitive Server Database” records machines which are critical to a unit’s function or which contain sensitive information (classifications per the Data Access Policy); incident response for these type of systems requires more attention Some incidents are serious enough to require disk/system forensic examinations

Campus Security Policies Federal/State/Local (FERPA, HIPAA, GLBA, Open Records, etc.) Campus Network Usage/Security Policy Unit Level Network Usage Policies Data Access Policy Copyrighted Material Usage (DMCA, fair use, etc.) Employee/Student Handbooks

User Awareness Security awareness tutorial at Educational campaign in Fall 2005 Semester with posters, etc. Outreach such as talks with classes and other groups For more information, please see the OIT- IS page at

Thank You! Any Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.