Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 1 Managing Network Threat Information  Giri Raichur, Network Services.

Slides:

Advertisements

Similar presentations

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Advertisements

Copyright © 2012 Certification Partners, LLC -- All Rights Reserved Lesson 4: Web Browsing.

© 2003 Carnegie Mellon University slide 1 Building CSIRT Capabilities and the State of the Practice Georgia Killcrece CSIRT Development Team CERT ® Training.

Introducing Kaspersky OpenSpace TM Security Introducing Kaspersky ® OpenSpace TM Security Available February 15, 2007.

Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D LANS Company Sensitive — unauthorized release or dissemination prohibited.

Introduction to ISA 2004 Dana Epp Microsoft Security MVP.

Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 1 Roles Based Network Access Controls James R. Clifford Los Alamos.

Web Server Administration

Implementing Default-Deny while Enabling End-to-end Performance Damian Doyle Jack Suess.

KYUNG HWA KIM HENNING SCHULZRINNE Internet Real-Time Lab Columbia University June 2011 Distributed Network Fault Diagnosis System DYSWIS (Do You See What.

What’s New in WatchGuard XCS 10.0 Update 3 WatchGuard Training.

Nikolay Tomitov Technical Trainer SoftAcad.bg.  What are Amazon Web services (AWS) ?  What’s cool when developing with AWS ?  Architecture of AWS 

IT CONCEPTS An Online Course # IT Concepts covers the concepts and vocabulary needed to grasp the basics of information technology. The course.

Chapter 4 Database Management Systems. Chapter 4Slide 2 What is a Database Management System (DBMS)?  Database An organized collection of related data.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.

A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.

Printing Terminology. Requirements for Network Printing At least one computer to operate as the print server Sufficient RAM to process documents Sufficient.

Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

Firewalls CS158B Don Tran. What is a Firewall? A firewall can be a program or a device that controls access to a network.

Norman SecureSurf Protect your users when surfing the Internet.

Managing Client Access

DYNAMIC HOST CONFIGURATION PROTOCOL (DHCP) BY: SAMHITA KAW IS 373.

BY- NIKHIL TRIPATHI 12MCMB10.  What is a FIREWALL?  Can & Can’t in Firewall perspective  Development of Firewalls  Firewall Architectures  Some Generalization.

1 ISA Server 2004 Installation & Configuration Overview By Nicholas Quinn.

Dienst Distributed Networked Publishing Carl Lagoze Digital Library Scientist Cornell University.

Why do we need Firewalls? Internet connectivity is a must for most people and organizations  especially for me But a convenient Internet connectivity.

Intranet, Extranet, Firewall. Intranet and Extranet.

B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel

Copyright © cs-tutorial.com. Introduction to Web Development In 1990 and 1991,Tim Berners-Lee created the World Wide Web at the European Laboratory for.

By : Himanshu Mishra Nimish Agarwal CPSC 624.  A system designed to prevent unauthorized access to or from a private network.  It must have at least.

1 Web Server Administration Chapter 1 The Basics of Server and Web Server Administration.

Microsoft Active Directory(AD) A presentation by Robert, Jasmine, Val and Scott IMT546 December 11, 2004.

SOS EGEE ‘06 GGF Security Auditing Service: Draft Architecture Brian Tierney Dan Gunter Lawrence Berkeley National Laboratory Marty Humphrey University.

FIREWALLS Prepared By: Hilal TORGAY Uğurcan SOYLU.

Lecture#1 on Internet. Internet Addressing IP address: pattern of 32 or 128 bits often represented in dotted decimal notation IP address: pattern of 32.

Module 4: Configuring ISA Server as a Firewall. Overview Using ISA Server as a Firewall Examining Perimeter Networks and Templates Configuring System.

Module 11: Remote Access Fundamentals

Windows Small Business Server 2003 Setting up and Connecting David Overton Partner Technical Specialist.

Module 2: Installing and Maintaining ISA Server. Overview Installing ISA Server 2004 Choosing ISA Server Clients Installing and Configuring Firewall Clients.

PowerLink Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions.

Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.

1 Installing and Maintaining ISA Server Planning an ISA Server Deployment Understand the current network infrastructure. Review company security.

1 Firewall Rules. 2 Firewall Configuration l Firewalls can generally be configured in one of two fundamental ways. –Permit all that is not expressly denied.

CITA 310 Section 3 Additional Topics. Common IPv4 Classes ClassFirst numberSubnet maskNumber of networks Number of addresses Class A0 – ,777,216.

AQA A2 COMP 3: Internet Security. Lesson Aim By the end of the lesson: By the end of the lesson: Describe different security issues and recommend tools/techniques.

6.1 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 6: Designing.

Introduction to Active Directory

Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F.

Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.

FIREWALLS Created and Presented by: Dawn Blitch & Fredda Hutchinson.

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

Copyright © 2009 Trusted Computing Group An Introduction to Federated TNC Josh Howlett, JANET(UK) 11 June, 2009.

أمن المعلومات لـ أ. عبدالرحمن محجوب حمد mtc.edu.sd أمن المعلومات Information Security أمن المعلومات Information Security  أ. عبدالرحمن محجوب  Lec (5)

Web and Proxy Server.

Palo Alto Networks Certified Network Security Engineer (PCNSE) 7 Exam

TMG Client Protection 6NPS – Session 7.

Top 5 Open Source Firewall Software for Linux User

Géant-TrustBroker Dynamic inter-federation identity management

Computer Data Security & Privacy

Prepared By : Pina Chhatrala

Securing the Network Perimeter with ISA 2004

Welcome To : Group 1 VC Presentation

What’s New in Fireware v12.1.1

Lecture # 7 Firewalls الجدر النارية. Lecture # 7 Firewalls الجدر النارية.

Database Management System (DBMS)

Chapter 27: System Security

Firewalls Jiang Long Spring 2002.

COMPUTER NETWORK TECHNOLOGY

Presentation transcript:

Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 1 Managing Network Threat Information  Giri Raichur, Network Services Team  Jim Clifford, TL, Network Services Team  Current implementation, future directions and opportunities for inter- laboratory collaboration.

Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 2 Managing Network Threat Information  Network threats - viruses, phishing attacks, malware etc.  Availability of alert information  Incorporating information into network control points

Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 3 How CSIRT manages threat information Uses mySQL database with a web front end. Host IP addresses and domains names of attack sites are propagated to DNS servers, firewalls and proxies and blocked within minutes. The central repository and automatic updates allow CSIRT staff to manage blocking information without relying on system and network administration experts Web requests to blocked sites are redirected to an informative web page. The database helps support staff troubleshoot connectivity problems.

Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 4 Sources of threat information US-CERT, DOE-CIRC Local intelligence

Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 5 Current Implementation

Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 6 Black Hole Interface Uses a python API written to be shared by several different blocking mechanisms. The API tracks the change history. History Reads of the rule list can be done without the API. Blocks automatically expire.

Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 7

Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 8 DNS BlackHole Interface

Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 9 Firewall Interface

Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 10

Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 11 Advantages of using LANL’s approach The authoritative data resides in one central database The access control lists are pushed/pulled into various control points Access information is “standardized” Easy to use user interface Authorized user can add/delete without knowing formats for specific applications like DNS and IPtables Changes are near real time New control points can be added easily to use existing access information Access information is available to help desks and other support staff Access information can be audited and tested

Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 12 Future direction Federated access policies using "TNC IF-MAP protocol"

Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 13 What is IF-MAP? IF-MAP describes a database that contains metadata about systems and users currently connected to a network. Uses a publish/subscribe model, where all the network and security applications can participate in updating and querying the IF-MAP server XML-based protocol that uses SOAP (Simple Object Access Protocol) specification as defined ty the W3C Published in May 2008 by the Trusted Computing Group Freely available for anyone to implement Growing base of vendor and product support Aggregates real-time information from various sources. Uses both standard data types and vendor-specific extensions

Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 14 IF-MAP Makes it Easy for Devices and Systems to Share Data

Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 15 Further discussions Fast response to immediate threats is not unique to LANL What do other sites do? How can we minimize redundant access lists based on inter-site intelligence instead of each site maintaining that list? How can we share data that is useful and timely? Any interest in a collaborative effort?