SC04 Network Security Wrap-Up Version 3. Role of Network Security in SCinet ISP role/rule in protecting network (1) Protect network infrastructure (2)

Slides:

Advertisements

Similar presentations

Getting Traffic to your Cluster. Where to Tap WAN or Internal – WAN Detect intrusion attempts and out-bound misbehavior – Internal Detect internal-internal.

Advertisements

The Return of the Cube: Spinning the Security of SCinet Stephen Lau NERSC Center Division, LBNL November 10, 2004.

 IPv6 Has built in security via IPsec (Internet Protocol Security). ◦ IPsec Operates at OSI layer 3 or internet layer of the Internet Protocol Suite.

© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 High-performance Gigabit Ethernet ports rapidly transfer large files supporting.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

IT Security Doug Brown Jeff Bollinger. What is security? P.H.P. People Have Problems Security is the mitigation and remediation of human error in information.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.

Exam ● On May 15, at 10:30am in this room ● Two hour exam ● Open Notes ● Will mostly cover material since Exam 2 ● No, You may not take it early.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Passive traffic measurement Capturing actual Internet packets in order to measure: –Packet sizes –Traffic volumes –Application utilisation –Resource utilisation.

Networking Components Chad Benedict – LTEC

Securing a Wireless Network

1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.

Windows XP Home Networking Scott Manchester Technical Evangelist Home Networking.

Scanners Inventory all machines on site; 12,000+ nmap farm All machines usually twice a day Find critical vulnerabilities and issue blocks Nessus Homegrown.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Troubleshooting Your Network Networking for Home and Small Businesses.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

Office of Science U.S. Department of Energy The Bro Intrusion Detection Stephen Lau NERSC/LBNL November 20, 2003 SC2003 Phoenix, AZ.

Home Networking. Objectives Understand the basics Network Addressing Learn the basic hardware needed to form a home network Learn basic Firewall functionality.

COEN 252 Computer Forensics

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter.

CERN’s Computer Security Challenge

HoneyD (Part 2) Small Business NIDS This presentation demonstrates the ability for Small Businesses to emulate virtual operating systems and conduct.

Agenda Review route summarization Cisco acquire Sourcefire Review Final Exam.

DECS Community IT DIVISION OF ENGINEERING COMPUTING SERVICES Michigan State University College of Engineering.

HUB Connects multiple workstations, servers, and other devices to a network. Can be used to connect two or more computers to one network port. Handles.

Module 11: Remote Access Fundamentals

Denial-of-Service Attacks Justin Steele Definition “A "denial-of-service" attack is characterized by an explicit attempt by attackers to prevent legitimate.

 An Internet Protocol address (IP address) is a numerical label assigned to each device (e.g., computer, printer) participating in a computer network.

NetFlow: Digging Flows Out of the Traffic Evandro de Souza ESnet ESnet Site Coordinating Committee Meeting Columbus/OH – July/2004.

Distributed IDS The implementation of a Distributed Intrusion Detection System over a medium scale open network where the focus is availability of services.

NETWORKING COMPONENTS AN OVERVIEW OF COMMONLY USED HARDWARE Christopher Johnson LTEC 4550.

Security at NCAR David Mitchell February 20th, 2007.

Securing and Monitoring 10GbE WAN Links Steven Carter Center for Computational Sciences Oak Ridge National Laboratory.

Linux Networking and Security

Networking Components Daniel Rosser LTEC Network Hub It is very difficult to find Hubs anymore Hubs sends data from one computer to all other computers.

Chapter 5: Implementing Intrusion Prevention

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 1: Introduction to Scaling Networks Scaling Networks.

MAC Registration or Fun with Wireless at the Member’s meeting.

Data Communications and Networks Chapter 10 – Network Hardware and Software ICT-BVF8.1- Data Communications and Network Trainer: Dr. Abbes Sebihi.

Module 7: Advanced Application and Web Filtering.

Supporting a Wireless Network By Gareth Ayres.

Retina Network Security Scanner

Chapter 3.  Upon completion of this chapter, you should be able to:  Select and install network cards to meet network connection requirements  Connect.

BNL PDN Enhancements. Perimeter Load Balancers Scaleable Performance Fault Tolerance Server Maintainability User Convenience Perimeter Security.

AQA A2 COMP 3: Internet Security. Lesson Aim By the end of the lesson: By the end of the lesson: Describe different security issues and recommend tools/techniques.

Computer Security Status C5 Meeting, 2 Nov 2001 Denise Heagerty, CERN Computer Security Officer.

Role Of Network IDS in Network Perimeter Defense.

Chapter 1-4 Home Networking. Introduction Setting up a home network is probably one of the first networks that the student sets up. This is an exciting.

Chapter 3.  Help you understand what hardware is required to allow networks to work including: ◦ Repeaters ◦ Hub ◦ Switch ◦ Bridge ◦ Gateway (not needed.

Network Devices and Firewalls Lesson 14. It applies to our class…

SMOOTHWALL FIREWALL By Nitheish Kumarr. INTRODUCTION  Smooth wall Express is a Linux based firewall produced by the Smooth wall Open Source Project Team.

SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #

Chapter 14.  Upon completion of this chapter, you should be able to:  Identify different types of Intrusion Detection Systems and Prevention Systems.

Networking Objectives Recap and understand the following network addressing terms – IP address – MAC address – Packet – protocol.

Network Load Balancing Addressing

Chapter Objectives In this chapter, you will learn:

Module 1: Understanding Local Area Networks

Instructor Materials Chapter 1: LAN Design

Working at a Small-to-Medium Business or ISP – Chapter 8

Instructor Materials Chapter 7 Network Security

Instructor Materials Chapter 9: Testing and Troubleshooting

Configuration for Network Security

Security in Networking

NETW 208 Enthusiastic Studysnaptutorial.com

Digital Pacman: Firewall Edition

Chapter 3 VLANs Chaffee County Academy

Network hardening Chapter 14.

Presentation transcript:

SC04 Network Security Wrap-Up Version 3

Role of Network Security in SCinet ISP role/rule in protecting network (1) Protect network infrastructure (2) Protect the Internet from SCinet (3) Help exhibitors and attendees Testbed new tools, techniques, systems

SCinet network architecture Simple campus architecture routed via Juniper T640, T320 and Cisco 6509 Bandwidth Challenge 10G participants given connectivity via Force10 WAN connections –OC3 commodity Internet service via Qwest –16 OC192 links (NLR, ESNet, Abilene, Teragrid, etc.) –1 OC768 link to PSC Wireless architecture (free/open system) –Integrated wireless system by Trapeze Wired conference network to every meeting room Argonne address space ( /17)

SCinet security team Timothy Toole - Sandia Stephen Lau - NERSC/LBL Jim Hutchins - Sandia Scott Campbell - NERSC/LBL Bill Nickless - PNNL Tim Witteveen - PNNL Roger Winslow - NERSC/LBL Patrick Stevens - Sandia

Network Security Features Three primary IDS systems –Mon, Bro, Snort Cisco port mirroring Packet Engines GigE Hub & NetOptics splitters RST responder, Desuckit application, SYN-ACK responder Password display MAC address blocking on wireless Experimental –Flo, OSX, AMD64 Opteron, Xyratex RAID system, S2IO 10GigE NICs

Expectations Whack-a-mole game with worms (wired and wireless) Expect about a handful of successful intrusions (requiring clean-up) Likely target of cluster/HPC systems –Valuable information provided by FBI –Expect to see outbound TCP 53 and 55 Expect other 'phone-home' mechanisms (bot-nets)

Worm infections (approx. 35) Never really attempted to identify the exact signature Location of infected device takes time, especially on DHCP wireless Repeat offenders Tried shunning in Trapeze system, but took time to implement (mainly due to 1 individual having access) Shunning induced a load through AP association reqs Much success in responding with SYN-acks and window sizes of zero –Significantly slowed down the infected host –Need a good windows administrator who's security conscious to help repair systems

Intrusions 9:00 SCinet rental desktop –Very poorly configured from PC vendor 11:53 VendorW booth (linux cluster) –Brute forced ssh password, outbound ftp & IRC 11/10 in the AM –MSSQL null SA password 08:25 & 08:36 VendorX and BoothY (Linux systems) –Brute forced ssh password; identification of rootkit 10:21-15:07 VendorZ (Windows laptop) –Windows file sharing exploit/whatever; became FTP server

Intrusion Summary At least 1 compromised system to deal with per day Windows boxes are low hanging fruit on open Internet Weak passwords are also low hanging fruit on open Internet Script-kiddie Romanians are a pain to deal with, but somewhat entertaining Need someone good at explaining problem to customer (definition of 0wn3d)

Lessons learned Intrusions were caught by good judgment Need to factor in 2x to 3x amount of time to get stuff done if (BitTorrent && Wireless) { wireless.usability = crap; } Users not courteous on wireless –500? users associated on empty exhibit hall RF interference, rogue AP's, mis-configured laptops, old drivers cause wireless problems Never got a good data stream to adequately test 10Gbe cards or application(s) Not sure how to educate this particular community on good practices Outbound IRC ports were easy to pickup suspicious traffic –Don't confuse GPFS with IRC Need IPv6 IDS, since we have some native v6 links

Future projects SCinet05 network architecture and its impact on network security 10Gbe IDS/Monitoring systems BPF/PCAP/IP/TCP on a 1/10Gig card Visualization Netflow analysis (help from CERT) User education?