GÉANT - Implementing Security at Terabit Speed

Slides:



Advertisements
Similar presentations
Network Monitoring System In CSTNET Long Chun China Science & Technology Network.
Advertisements

Security Administration Tools and Practices Amit Bhan Usable Privacy and Security.
LeadManager™- Internet Marketing Lead Management Solution May, 2009.
Creating the global research village The DANTE NOC Network Monitoring System Xavier Martins-Rivas, DANTE TNC 2010, Vilnius, 2 nd June 2010.
NORDUnet Nordic Infrastructure for Research & Education DDoS Mitigation at NORDUnet Lars Fischer (w/ big thanks to Martin Aldrin) TF-MSP Meeting Malta,
The Threat Within September Copyright © 2004 Q1 Labs. All Rights Reserved Agenda Customer Pain Industry Solutions Network Behavior Enforcement Example.
New Solutions to New Threats. The Threats, They Are A Changing Page 2 | © 2008 Palo Alto Networks. Proprietary and Confidential.
SIEM Based Intrusion Detection Jim Beechey May 2010 GSEC, GCIA, GCIH, GCFA, GCWN twitter: jim_beechey.
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.
Use Cases for I2RS I2RS Interim Meeting Nicolai Leymann, Deutsche Telekom AG
University of Florida Incident Tracking and Reporting Kathy Bergsma
1 SANS Technology Institute - Candidate for Master of Science Degree 1 SIEM Based Intrusion Detection Jim Beechey March 2010 GSEC Gold, GCIA Gold, GCIH,
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
© Copyright Lumension Security Lumension Security PatchLink Enterprise Reporting™ 6.4 Overview and What’s New.
An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.
Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
(Geneva, Switzerland, September 2014)
Stephen S. Yau CSE , Fall Security Strategies.
1 | © 2013 Infoblox Inc. All Rights Reserved. Authoritative IP Address Management (IPAM) and its Security Implications Rick Bylina, Sr. Product Marketing.
Department Of Computer Engineering
Network security policy: best practices
Firewall on Demand A multidomain approach Leonidas Poulopoulos, Yannis Mitsos – GRNET NOC Firewall on Demand workshop TF-MSP meeting.
Security Guidelines and Management
CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,
Internet/Intranet firewall security – policy, architecture and transaction services Written by Ray Hunt This presentation will Examines Policies that influence.
Skybox® Security Solutions for Symantec CCS Comprehensive IT Governance Risk and Access Compliance Management Skybox Security's.
Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
Barracuda Load Balancer Server Availability and Scalability.
HIPAA COMPLIANCE WITH DELL
What is FORENSICS? Why do we need Network Forensics?
RiT ’ s Dashboard. An intuitive graphical online management tool with unique personalization capabilities enabling managers to flexibly and proactively.
Firewall and Internet Access Mechanism that control (1)Internet access, (2)Handle the problem of screening a particular network or an organization from.
Module 10: Monitoring ISA Server Overview Monitoring Overview Configuring Alerts Configuring Session Monitoring Configuring Logging Configuring.
Event Management & ITIL V3
1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
1 © 2001, Cisco Systems, Inc. All rights reserved. Cisco Info Center for Security Monitoring.
SiteWiz – RiT ’ s CAM Solution. Daily IT Challenges Overload of infrastructure information Numerous daily changes Many departments involved No clear picture.
Chapter 5: Implementing Intrusion Prevention
7400 Samsung Confidential & Proprietary Information Copyright 2006, All Rights Reserved. -0/17- OfficeServ 7400 Enterprise IP Solutions Quick Install Guide.
The Real Deal With SIM/SEM The Promise of Security Information / Event Management Scott Sidel Sr. Security Manager Computer Sciences Corp.
Network Security Chapter 11 powered by DJ 1. Chapter Objectives  Describe today's increasing network security threats and explain the need to implement.
Network security Product Group 2 McAfee Network Security Platform.
PwC New Technologies New Risks. PricewaterhouseCoopers Technology and Security Evolution Mainframe Technology –Single host –Limited Trusted users Security.
Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.
Attacking on IPv6 W.lilakiatsakun Ref: ipv6-attack-defense-33904http://
Information Security In the Corporate World. About Me Graduated from Utica College with a degree in Economic Crime Investigation (ECI) in Spring 2005.
Internet2 Abilene & REN-ISAC Arbor Networks Peakflow SP Identification and Response to DoS Joint Techs Winter 2006 Albuquerque Doug Pearson.
Role Of Network IDS in Network Perimeter Defense.
IS3220 Information Technology Infrastructure Security
Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.
GRC: Aligning Policy, Risk and Compliance
Acme Packet Palladion 04/26/12. Palladion Software Suite 5/26/122 Acme Packet confidential.
Networks ∙ Services ∙ People GEANT Information & Infrastructure Security Team TNC16 – Networking Conference Introduction DDoS at GÉANT Prague.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
SYMANTEC ENDPOINT SECURITY SERVICE PROVIDERS | ALLIANCE PRO IT HYDERABAD (CORPORATE OFFICE) ALLIANCE PRO IT PRIVATE LIMITED, 3A, HYNDAVA TECHNO PARK, TECHNO.
SYMANTEC ENDPOINT SECURITY SERVICE PROVIDERS | ALLIANCE PRO IT HYDERABAD (CORPORATE OFFICE) ALLIANCE PRO IT PRIVATE LIMITED, 3A, HYNDAVA TECHNO PARK, TECHNO.
SIEM Rotem Mesika System security engineering
OIT Security Operations
Deployment Planning Services
Routing and Switching Essentials v6.0
* Essential Network Security Book Slides.
Microsoft Data Insights Summit
AT&T Firewall Battlecard
Global One Communications
AIR-T11 What We’ve Learned Building a Cyber Security Operation Center: du Case Study Tamer El Refaey Senior Director, Security Monitoring and Operations.
Presentation transcript:

GÉANT - Implementing Security at Terabit Speed Security in Europe’s Research and Education Network Fotis Gagadis Security Officer Wayne Routly Head of Information & Infrastructure Security WISE Workshop, Barcelona.ES 20 October 2015

The New Security Reality Diverse Environment: Multiple Pressure Points Understand where to focus What the NRENS actually needs Not Just Another tool: Must deliver value to NRENs Must enhance capabilities and not workload Automate, threshold, trigger No Crystal Ball is Ever Clear: Planning for an uncertain future Scalable, solve achievable problems

TRUST In The Integrity of the Network Security of the Network Dedicated Security Officer Policy Creation & Enforcement (Acceptable Use, Patch Management) Yearly Peer Security Audit (Community Involvement) Measurable Security for Physical Infrastructure Risk Assess Co Locations Web Camera’s Access Control & Network Segmentation Triggers & Alerts

TRUST In The Integrity of the Networks Systems Risk & Vulnerability Assessment Asset Discovery Vulnerability Detection Configuration Auditing Risk Assessment and Suggested fixes …more in depth view of vulnerabilities and any other kind of misconfiguration … at risk GÉANT infrastructure

A Modular Approach Towards Security Security Services - Create encompassing security solution - NSHaRP Risk Posture - Monitor to ensure management controls are in place Anomaly Detection – Scalable mechanisms to report on Denial of Service trends Firewall on Demand – Technologies to grow with and defend the network

NSHaRP – Security Service For Users A GÉANT Solution Complete Security Solution Provides mechanism to quickly and effectively inform parties Adds Value - Serves as an extension to NRENs CERTs An Automated Incident Notification & Handling System Extends NRENs detection and mitigation capability to GÉANT borders Innovative and Unique - Caters for different types of requirements

Effective Risk Management The GÉANT Approach Understand the nature of the risks the organisation faces Become aware of the extent of risks Recognize our ability to control and reduce risk Report the risk status at any point in time Have in place risk event "early warning" factors and upward reporting thresholds

Example Risk Register

Proactive Risk Management Vulnerability & Patch Management Control Proactive Approach Respond to New Threats Create Triggers, Thresholds Cleary Define & Identify Risk Areas Risk Register Approach Weekly Scans Backbone + Corporate Sent to Teams Directly Is it Improving? Drill-Down Capabilities

Proactive Risk Management Host Identification Goes to core of controlling your network Ensures New Devices are Identified Ensures Devices are owned! Central to effective Risk Management What is on the Network? Weekly Scan of Backbone Does it belong to a Defined Zone? Have I seen it before? Differential Scans

Proactive Risk Management Access Management What accounts are active? Control over script overload Misconfiguration? Notify someone – Reduce Noise Who are the real bad IP’s? See the forest for the trees…. Look for Trends Blacklist correlated & confirmed bad actors. Which would be an example of configuration mistake

Proactive Risk Management Remote Management What accounts are active? Control over script overload Misconfiguration? Notify someone – Reduce Noise GeoIP Why is the NOC engineer in China? ….especially since he called me from the office

Multi-Faceted DDoS Detection System Alerting to Events

Structured Alerting Mechanism Require Clear & Rapid Notification One event per mail for the most critical events Daily report for the less critical and/or “noisy” ones: - Text or HTML that can be parsed by the NREN Dear NREN,   We have detected a CAT. event affecting your network. All the information pertaining to it can be found below: ============= #Start Time: 2015-05-14 01:56:04 UTC #Protocol: UDP #Source IP: x.y.z.t #Target IPs: a.b.c.d #Ports: 60312 #Evidence: Source IP;Source port;Destination IP;Destination port;Protocol;Timestamp;Duration;Transferred;Packets;Flags;Source AS;Destination AS x.y.z.t;a.b.c.d;60312;UDP;2015-05-14 02:56:04.566;0;84500;500;......;36351;766   ============= If you wish to reply to this email please leave the subject unaltered so the ticket can be updated accordingly. If no response is received, this ticket will be automatically closed after 5 working days. Regards, GEANT CERT cert@oc.geant.net (PGP Key ID: 99833085 / Fingerprint: 3CBF F211 8305 635D 5839 BB27 BA6B F34A 9983 3085) Phone no.: +44 (0)1223 866 140 <ID>: num; <Category>: ANOMALY; <Type>: Behavior anomaly; <Perspective>: NREN; <Severity>: Critical; <Time>: 2015-05-13 09:55:00; <Protocol>: ; <Source IP>: x.y.z.t; <Target IPs>: a.b.c.d; <Ports involved>: ; <Flows sample>: Source IP;Source port;Destination IP;Destination port;Protocol;Timestamp;Duration;Transferred;Packets;Flags; Source AS;Destination AS x.y.z.t;42096;a.b.c.d;24384;TCP;2015-05-13 10:54:31.770;3.43900012969971;208000;4000;.A....;786;2108

What actions can NRENs request Filter / Block You can request the Security Team to Filter / Block traffic from and or to a specific IP and or prefix. Specific port ranges can be included in this block. The OC Security Team will apply this block for a period of time after which you will be given the option to remove the block or have it kept in place. Monitor You can request the OC Security Team to monitor this incident for a specific period of time. After the time has elapsed and you request the ticket to be closed, the Security team will inform you of all incidents linked to the original ticket if any have been alerted. Investigate You can request the OC Security Team to provide additional information about the incident. For example, you may require additional flow records for a larger time window. Nothing Ticket closes automatically after 5 working days

Firewall on Demand - Next Generation Firewall Filtering Designed and Developed by GRnet BGP Flowspec defined in RFC 5575 Layer 4 (TCP and UDP) firewall filters distributed in BGP on both a intra-domain and inter-domain basis Benefits Gives users flexibility; Alternative Use Cases? AAI NREN Credentials to login and stop attacks Limit Accidental & Damaging blocks “Better” in terms of Granularity: Per-flow level (Source/Dest IP/Ports, TCP flag) Action: Drop, rate-limit, redirect Speed: More responsive Efficiency: Closer to the source, Multi Domain Automation: Integration with other systems (NSHaRP)

Firewall on Demand Interface

Conclusions Delivering a Comprehensive & Future-Driven Security Eco-System benefiting the GÉANT Community Take a holistic approach towards defending your network Understand the risks the organisation faces Collate, correlate, and automate your capabilities Make changes that have significant impacts Use tools that radically improve your capabilities Use tools that provide flexibility

Questions wayne.routly@geant.org fotis.gagadis@geant.org

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.