Internet2 Security Efforts - A brief overview of activities Ken Klingenstein 2004 July 21 Joint Techs- Columbus, Ohio.

Slides:

Advertisements

Similar presentations

Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.

Advertisements

EInfrastructures (Internet and Grids) US Resource Centers Perspective: implementation and execution challenges Alan Blatecky Executive Director SDSC.

Research and Educational Networking Information Analysis and Sharing Center (REN-ISAC) Mark S. Bruhn, Interim Director University Copyright.

Systems Engineering in a System of Systems Context

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Public Key Infrastructure at the University of Pittsburgh Robert F. Pack, Vice Provost Academic Planning and Resources Management March 27, 2000 CNI Spring.

The Co-mingled Universe of R&E Networking: the reprise Ken Klingenstein Director, Internet2 Middleware and Security Ken Klingenstein Director, Internet2.

Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.

The topics addressed in this briefing include:

Security Architectures and Advanced Networks Ken Klingenstein Day Job: Middleware Night Job: Network Security.

EDUCAUSE/Internet2 Computer and Network Security Task Force Update Jack Suess February 3, 2004.

Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.

Information Assurance and Higher Education Clifton Poole National Defense University Carl Landwehr National Science Foundation Tiffany Olson Jones Symantec.

Accessibility, Integrity, & Confidentiality: Security Challenges for E-Business Rodney J. Petersen University of Maryland & Educause/Internet2 Security.

CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Norman SecureSurf Protect your users when surfing the Internet.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

1 EDUCAUSE Midwest Regional Conference Top Strategies for Working with Stakeholders: Synopses of Recommendations from the Identity Management Summit Mark.

BCNET Security Policies Jens Haeusser Information Security Officer, UBC and Chair, Security Working Group, BCNET Internet2 Joint Techs Vancouver, BC July.

Presentation title SUB TITLE HERE Intelligent 21st Century Strategies for Broadband and Cyber Infrastructures Security By Dr. Emmanuel Hooper, PhD, PhD,

Copyright © 2006 CyberRAVE LLC. All rights reserved. 1 Virtual Private Network Service Grid A Fixed-to-Mobile Secure Communications Framework Managed Security.

INTERNET2 COLLABORATIVE INNOVATION PROGRAM DEVELOPMENT Florence D. Hudson Senior Vice President and Chief Innovation.

Stages of Commitment to Change: Leading Institutional Engagement Lorilee R. Sandmann, University of Georgia Jeri Childers, Virginia Tech National Outreach.

© 2001 Carnegie Mellon University S8A-1 OCTAVE SM Process 8 Develop Protection Strategy Workshop A: Protection Strategy Development Software Engineering.

Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.

SALSA-NetAuth Joint Techs Vancouver, BC July 2005.

Salsa Bits: A few things that the analysts aren't talking about... December 2006.

 What is intranet What is intranet  FeaturesFeatures  ArchitectureArchitecture  MeritsMerits  applicationsapplications  What is ExtranetWhat is.

AREVA T&D Security Focus Group - 09/14/091 Security Focus Group A Vendor & Customer Collaboration EMS Users Conference September 14, 2009 Rich White AREVA.

Research and Education Networking Information Sharing and Analysis Center REN-ISAC John Hicks TransPAC2/Indiana University

April_2010 Partnering initiatives at country level Proposed partnering process to build a national stop tuberculosis (TB) partnership.

U.S. Department of Agriculture eGovernment Program July 9, 2003 eAuthentication Initiative Update for the eGovernment Working Group eGovernment Program.

EDUCAUSE LIVE EDUCAUSE/Internet2 Computer and Network Security Task Force Update Jack Suess January 21, 2004.

GRID ARCHITECTURE Chintan O.Patel. CS 551 Fall 2002 Workshop 1 Software Architectures 2 What is Grid ? "...a flexible, secure, coordinated resource- sharing.

The Impact of Evolving IT Security Concerns On Cornell Information Technology Policy.

Interagency Collaboration: Transition’s Reality Show Sharon deFur Jeanne Repetto coe.ufl.edu.

1 CAI-Asia China Project CAI-Asia China Project Inception Workshop October, 2005 Beijing PRC.

GRID Overview Internet2 Member Meeting Spring 2003 Sandra Redman Information Technology and Systems Center and Information Technology Research Center National.

3 December 2015 Examples of partnerships and collaborations from the Internet2 experience Interworking2004 Ottawa, Canada Heather Boyles, Internet2

Connect. Communicate. Collaborate Click to edit Master title style PERT OPERATIONS.

A Vehicle Manufacturer’s Perspective on VII Christopher Wilson ITS Oregon- Feb 1, 2005 Christopher Wilson.

Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.

Enterprise and Federated Security: Some Frontiers.

Security at Line Speed: Integrating Academic Research and Enterprise Security.

Internet2 Applications Group: Renater Group Presentation T. Charles Yun Internet2 Program Manager, Applications Group 30 October 2001.

1 REN-ISAC Update Research and Education Networking Information Sharing and Analysis Center Joint Techs Madison WI July 2006.

6 February 2004 Internet2 Priorities 2004 Internet2 Industry Strategy Council Douglas Van Houweling.

What’s Happening at Internet2 Renee Woodten Frost Associate Director Middleware and Security 8 March 2005.

Securing the Grid & other Middleware Challenges Ian Foster Mathematics and Computer Science Division Argonne National Laboratory and Department of Computer.

GRID ANATOMY Advanced Computing Concepts – Dr. Emmanuel Pilli.

Security Architectures and Advanced Networks Ken Klingenstein Day Job: Middleware Night Job: Network Security.

Internet2 Strategic Directions October Fundamental Questions  What does higher education (and the rest of the world) require from the Internet.

1 Network Security: Introduction Behzad Akbari Fall 2009 In the Name of the Most High.

Middleware Deployment Issues: The Institutional Environment Mark Crase, California State University Office of the Chancellor Internet2 Middleware CAMP.

REN-ISAC Research and Education Networking Information Sharing and Analysis Center Doug Pearson REN-ISAC Director Internet2 Security WG BoF October 14,

IS3220 Information Technology Infrastructure Security

Federated Security Services Ken Klingenstein Day Job: Middleware Night Job: Network Security.

Network Architecture and Security Ten Years Out Internet2 Member Meeting; Fall 2005 Deke Kassabian – University of Pennsylvania Mark Poepping – Carnegie.

Incident Response Strategy and Implementation Anthony J. Scaturro University IT Security Officer September 22, 2004.

Update from the Faster Payments Task Force

InCommon Steward Program: Community Review

IT Governance Planning Overview

Mark Poepping, SALSA Chair

Finance & Planning Committee of the San Francisco Health Commission

Agenda Purpose for Project Goals & Objectives Project Process & Status Common Themes Outcomes & Deliverables Next steps.

PLANNING A SECURE BASELINE INSTALLATION

Presentation transcript:

Internet2 Security Efforts - A brief overview of activities Ken Klingenstein 2004 July 21 Joint Techs- Columbus, Ohio

INSERT DATE2 Overview SALSA 2004 Summer Workshop Security and Internet2 SALSA What/Who is SALSA, Priorities, Membership, Activities Challenges and Q&A Total time ~25 mins

INSERT DATE3 SALSA Summer Workshop Workshop will be held immediately following Joint Techs Wednesday afternoon is open to those who are attending Joint Techs If you can stay for Thursday, please register Agenda includes: Small group discussions security tools and approaches Overview of working group activities Security and Middleware Heads up…

INSERT DATE4 Context and Background Organizations are active in the security space, focusing on slightly different areas and with cooperative relationships REN-ISAC ISAC (information security and analysis center) R&E relationships with the public, private, corporate and government sectors The EDUCAUSE/Internet2 Security Task Force Security and Internet2

INSERT DATE5 Workshop 2003 Security at Line Speed Workshop NSF Sponsored 1.5 day workshop, in conjunction with Indiana University, Internet2, the Massachusetts Institute of Technology and the University of Washington. 30 individuals invited to participate Chicago, Illinois, Aug 2003 Deliverables included: Effective practices whitepaper, research agenda suggestions, ongoing maintenance ( SALSA) Security and Internet2

INSERT DATE6 “Line Speed” means… It’s not just high bandwidth Exceptionally low latency, e.g. remote instrument control End-to-end clarity, e.g. Grids Exceptional low jitter, e.g. real time interactive HDTV Advanced features, e.g. multicast Line speed requires supporting the applications that our membership are building, inventing and creating Security and Internet2

INSERT DATE7 General Findings First, and foremost, this is getting a lot harder We seem to have hit a couple of turning points New levels of stresses Necessary but doomed approaches High performance security is approached by a set of specific tools that are assembled by applying general architectural principles to local conditions. The concept of the network perimeter is changing; desktop software limits security and performance options There are interactions with the emerging middleware layer that should be explored Tool integration is an overarching problem We are entering diagnostic hell

INSERT DATE8 Tradeoffs Host versus border security Deny/Allow versus Allow/deny approaches Unauthenticated versus authenticated network access Central versus end-user management Server-centric versus client-centric False positives versus zero-day attacks Organizational priorities between security and performance Perimeter protection versus user/staff confusion

INSERT DATE9 Trends More aggressive and frequent attacks, resulting in Desktop lockdowns and scanning New limits at the perimeter Increased tunneling and VPN’s More isolation approaches, straining the top of the desk Hosts as clients only Changes in technology Rise of encyption New attack vectors, such as P2P Higher speeds make for more expensive middleboxen Convergence of technology forces New policy drivers DHS, RIAA, etc. LCD solutions to hold down costs

INSERT DATE10 The Tool Matrix For a variety of network and host based security tools, Role in prevention/detection/reaction/analysis Description General issues Performance implications Operational Impacts Network Tools include host scanning, MAC registration, VLAN, Encrypted VPN’s and/or Layer 3 VPN’s, Firewalls, Source Address Verification, Port Mirroring, etc… Host Tools include host-based encryption, local firewalls, host-based intrusion detection/prevention, secure OS, automated patching systems, etc.

INSERT DATE11 Local Network Security Design Factors Size of class B address space Local fiber plant Medical school Geographic distribution of departments on campuses Distance to gigapops Policy Authority of Central IT Desktop diversity …

INSERT DATE12 Security and Trust Security without external trust results in a defensive, highly constraining position with limited effectiveness With trust, collaborative security and collaborative applications can be developed Currently, there are two promising trust fabrics to leverage Federations – emergent inter-enterprise P2P (the trust fabric, not the architecture) – ad hoc, currently “non-scalable”, but new technologies will be appearing shortly and widely

INSERT DATE13 SALSA Overview Technical steering committee composed of senior campus security architects Create understanding in the Internet2 community regarding the multiple aspects of security as it applies to advanced networking Deliverables that address need of members and produce tangible benefits Prioritizing opportunities and identifying resources Focused activities Interested in R&D security topics that can be smoothly transitioned to deployment SALSA

INSERT DATE14 Membership Current chair: Mark Poepping, CMU Currently a small, focused group with membership drawing from multiple communities: Academy Researchers Government Labs International participants Founding members drawn from the Security at Line Speed Workshop SALSA

INSERT DATE15 SALSA Priorities Primarily, SALSA acts as a forum to increase sharing, data collection and integration between security researchers and backbone activities Data Sharing Extend Workshop deliverables Case studies, technology surveys, non-technical issues, research agenda Current Working Groups Network Authentication Architecture Cooperation, communication, coordination with other groups EDUCAUSE/Internet2 SecTF, REN-ISAC, international networks SALSA

INSERT DATE16 NetAuth WG Chaired by Chris Misra Initial activities Investigation of network database and registration services in support of network security management; investigation of extensions to these services to proactively detect and prevent unauthorized or malicious network activity. Pilot and eventual implementation to support network access to visiting scientists among federated institutions. Analysis of security applications that may result from extending these implementations. Initial deliverable Strategies for Automating Network Policy Enforcement Visiting scientist, taxonomy and next steps Working Groups

INSERT DATE17 Architecture WG Chaired by Marty Schulman The Architecture WG will consider issues related to: Identification of functions or components used to authorize access Selection of design rules to facilitate operations or enable new services. Adoption of specific techniques These activities must accommodate a wide range of campus and departmental security policies, procedures, and schemas - the details of which are beyond this group's scope. Working Groups

INSERT DATE18 Challenges Cooperation and community support Security threats are increasing and external pressure is increasing; lack of time to organize Heterogonous environments are resistant to homogeneous solutions “Security” is can be defined differently. Need to identify specific problems and solutions. Is network security staying with networks or moving to security as a hybrid? How to engage network management with network security Or, is Joint Techs the right place? Now that applications and middleware reaching down to the network… how do we address. SALSA

INSERT DATE19 Contact Info / Q&A Contact Information Mark Poepping T. Charles Yun Online information regarding security and SALSA efforts zat Questions?

INSERT DATE20

INSERT DATE21 Architecture WG SALSA- Priorities