Security at Line Speed: Integrating Academic Research and Enterprise Security.

Slides:



Advertisements
Similar presentations
The Enterprise Guide to Video Conferencing Created using iThoughts [...] [...]
Advertisements

SIP Security & the Future of VoIP Nate Klingenstein APAN 26 Queenstown August 5, ~ndk/apanSIP.pdf.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Technical Review Group (TRG)Agenda 27/04/06 TRG Remit Membership Operation ICT Strategy ICT Roadmap.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Firewall Configuration Strategies
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
Middle Boxes Lixia Zhang UCLA Computer Science Dept Sprint Research Symposium March 8-9, 2000.
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
The Co-mingled Universe of R&E Networking: the reprise Ken Klingenstein Director, Internet2 Middleware and Security Ken Klingenstein Director, Internet2.
1 State of the Network 1 May 2007 Computing Support Meeting Terry Gray Assoc VP, Technology & Architecture C&C.
Security Issues on Distributed Systems 7 August, 1999 S 1 Prepared by : Lorrien K. Y. Lau Student I.D. : August 1999 The Chinese University.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Router Configuration for Home Security: Forward your Ports Presenter: Steve Harris SCTE Director Advanced Network Technologies Program Development.
Internet Protocol Security (IPSec)
Security Architectures and Advanced Networks Ken Klingenstein Day Job: Middleware Night Job: Network Security.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 10: Remote Access.
Firewalls CS158B Don Tran. What is a Firewall? A firewall can be a program or a device that controls access to a network.
Chapter 14 Managerial issues in networking. Overview Network design Network management – Hardware – Software Technology standards Role of government and.
Network Services Lesson 6. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Setting up common networking services Understanding.
Clinic Security and Policy Enforcement in Windows Server 2008.
4: Addressing Working At A Small-to-Medium Business or ISP.
Campus Firewalling Dearbhla O’Reilly Network Manager Dublin Institute of Technology.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
1 October 20-24, 2014 Georgian Technical University PhD Zaza Tsiramua Head of computer network management center of GTU South-Caucasus Grid.
Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.
Chapter 6: Packet Filtering
INTERNET2 COLLABORATIVE INNOVATION PROGRAM DEVELOPMENT Florence D. Hudson Senior Vice President and Chief Innovation.
Submission doc.: IEEE 11-12/0589r2 July 2012 Donald Eastlake 3rd, Huawei R&D USASlide 1 General Links Date: Authors:
Module 9: Configuring IPsec. Module Overview Overview of IPsec Configuring Connection Security Rules Configuring IPsec NAP Enforcement.
Module 4: Configuring ISA Server as a Firewall. Overview Using ISA Server as a Firewall Examining Perimeter Networks and Templates Configuring System.
11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.
The Singapore Advanced Research & Education Network.
Draft-chown-v6ops-campus-transition-00 Tim Chown v6ops WG, IETF 60, San Diego, August 2, 2004.
1 Second ATLAS-South Caucasus Software / Computing Workshop & Tutorial October 24, 2012 Georgian Technical University PhD Zaza Tsiramua Head of computer.
Russ Housley IETF Chair Internet2 Spring Member Meeting 28 April 2009 Successful Protocol Development.
IP Security IP sec IPsec is short for Internet Protocol Security. It was originally created as a part of IPv6, but has been retrofitted into IPv4. It.
The Future of the Internet and Internet2 IEC Executive 2001 Douglas E. Van Houweling President and CEO, UCAID IEC Executive
Internet2 Security Efforts - A brief overview of activities Ken Klingenstein 2004 July 21 Joint Techs- Columbus, Ohio.
Terri Lahey Control System Cyber-Security Workshop October 14, SLAC Controls Security Overview Introduction SLAC has multiple.
A Pattern Language for Firewalls Eduardo B. Fernandez, Maria M. Petrie, Naeem Seliya, Nelly Delessy, and Angela Herzberg.
Security fundamentals Topic 10 Securing the network perimeter.
Enterprise and Federated Security: Some Frontiers.
Defense in Depth. 1.A well-structured defense architecture treats security of the network like an onion. When you peel away the outermost layer, many.
Overview of Firewalls. Outline Objective Background Firewalls Software Firewall Hardware Firewall Demilitarized Zone (DMZ) Firewall Types Firewall Configuration.
Securing Data Transmission and Authentication. Securing Traffic with IPSec IPSec allows us to protect our network from within IPSec secures the IP protocol.
Security Environment Assessment. Outline  Overview  Key Sources and Participants  General Findings  Policy / Procedures  Host Systems  Network Components.
Module 12: Implementing ISA Server 2004 Enterprise Edition: Back-to-Back Firewall Scenario.
NSF Middleware Initiative Purpose To design, develop, deploy and support a set of reusable, expandable set of middleware functions and services that benefit.
Firewall Technology and InterCell Communication Peter T. Dinsmore Trusted Information Systems Network Associates Inc 3060 Washington Rd (Rt. 97) Glenwood,
Security Architectures and Advanced Networks Ken Klingenstein Day Job: Middleware Night Job: Network Security.
Company LOGO Network Architecture By Dr. Shadi Masadeh 1.
Can we save the OPEN Internet? with focus on The Two-Port Internet Problem and what to do about it Terry Gray Designated Prophet of Doom University of.
Federated Security Services Ken Klingenstein Day Job: Middleware Night Job: Network Security.
CSCD 433/533 Advanced Computer Networks Lecture 1 Course Overview Spring 2016.
© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 10 Network Security Management.
Internet2 Applications & Engineering Ted Hanss Director, Applications Development.
Mobile IP THE 12 TH MEETING. Mobile IP  Incorporation of mobile users in the network.  Cellular system (e.g., GSM) started with mobility in mind. 
Security fundamentals
Chapter 1 Introduction to Networking
Review of new Question descriptions under ITU-T SG11
IP Security IP sec IPsec is short for Internet Protocol Security. It was originally created as a part of IPv6, but has been retrofitted into IPv4. It works.
SECURING NETWORK TRAFFIC WITH IPSEC
EA C451 Vishal Gupta.
International Task Force Meeting – part 2
Planning the Addressing Structure
IT Management, Simplified
Presentation transcript:

Security at Line Speed: Integrating Academic Research and Enterprise Security

Topics Overview – Ken Klingenstein Wireless, Security and Performance: A Tale to Tell – Steve Wallace The needs of the many and the needs of the few – Terry Gray Nextsteps – Charles Yun

Acknowledgements National Science Foundation, ANIR Internet2 support staff Program Committee Guy Almes, Jeff Schiller, Ken Klingenstein, Steve Wallace, Charles Yun Terry Gray, fearless and tireless Participants

Workshop 2003 NSF Sponsored workshop, in conjunction with Indiana University, Internet2, the Massachusetts Institute of Technology and the University of Washington. 1.5 day Workshop Held in Chicago, Illinois Aug 2003

Project Goals Effective practices whitepaper technology oriented, architectural principles and specific recommendations Research agenda suggestions to NSF and any other agencies that might be interested Recommendations for mechanisms for maintenance of the above

Workshop Structure and Mechanics Big picture what are the basic tensions and dynamics what are the possible futures Drill downs IPv6, private addresses and NATs, firewalls, IDS Summaries and next steps Practical recommendations Policy requirements Research agenda

A Few Thoughts There needs to be some connection with a trust fabric, at several levels of the stack. There are internal and external trust fabrics to consider What does the potential existence of a middleware fabric (directories, authentication, authorization assertions, etc.) mean for the network? What does reemergence of circuit-switched technologies mean for enterprise security? What does development of non-IP transports mean for enterprise security? Performance requirements of research computing are easier to predict than configuration requirements. Configuration requirements range from opening ports to multicast capabilities

A few more thoughts How do the requirements of universities for enterprise security compare to those at government labs? How can enterprises work with research funding agencies ti improve the delivery of network services to campus based researchers?

Workshop Findings First, and foremost, this is getting a lot harder 2003 seems to mark a couple of turning points New levels of stresses Necessary but doomed approaches There are areas to work in Architectures and technologies Interactions with middleware Education and awareness always a need There is some applied research that would be helpful There are some non-technical issues that need to be worked to achieve real security at real line speed…

By “Line Speed”, we really mean… High bandwidth Exceptional low latency, e.g. remote instrument control End-to-end clarity, e.g. Grids Exceptional low jitter, e.g. real time interactive HDTV Advanced features, e.g. multicast

Architectures A mix of perimeter defenses, careful subnetting, and desktop firewalls Separation of internal and external servers (e.g. SMTP servers, routers, etc…) Managed and unmanaged desktops Cautions: Cost Traffic loads Diagnostics

Integration with middleware Network authentication and authorization Of users Of devices What is done after authentication? Access Scanning Patching Configuration of local firewalls Subnetting Configuration of performance parameters Accommodating distinctive needs of higher education Network mobility Role-based access

Applied Research and Research Computing Policy-based firewalls Easier connections of IDS with other enterprise services and systems Unlisted IP addresses – asymmetric connectivity Inform research computing environment developers (e.g. Grids) about the real world security issues and approaches being deployed.

Non-technical issues Proposals may be funded that haven’t gotten agreements from campus IT on architecture Policies on encryption Policies on permitting new applications (.e.g video) Inconsistencies on what campuses will permit will affect inter- institutional collaborations Trust fabrics need to underpin security Pulling policies from several disparate but applicable sources