Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Security in Academia: an Oxymoron?

Published byMeghan Lorena Owens Modified over 5 years ago

Similar presentations

Presentation on theme: "Network Security in Academia: an Oxymoron?"— Presentation transcript:

1 Network Security in Academia: an Oxymoron?
Terry Gray Director, Networks & Distributed Computing Computing & Communications University of Washington April 8, 1999

2 Contradictions Researchers want open access
Clinicians, administrators want closed access Everyone wants fast access Almost everyone wears more than one hat Traditional network security measures are based on physical locality and constrained use

3 Threats Probing, Sniffing (when done by foes) Denial of Service (DOS)
Penetration Account take-over Connection hijacking Data Crimes Theft/Disclosure Corruption/Destruction Impersonation/Fraud (e.g. web spoofing)

4 Security is not free In fact: Security is very expensive
Costs include: inconvenience reduced performance complexity; management overhead requiring more staff, more time Use "Appropriate technology"

5 Threat Sources Outsiders Insiders Outsiders who become insiders
Insiders who become outsiders >> Benign neglect is also a threat!

6 Security Perimeters Physical/Topological: Logical/Organizational: site
subnet host Logical/Organizational: consortium or community of interest enterprise campus department workgroup individual

7 Security Policy Defining who can/cannot do what to whom...
Identification and prioritization of threats Identification of assumptions, e.g. Security perimeters Trusted systems and infrastructure Policy drives security… lack of policy drives insecurity

8 Security approaches (Guns, Fences, Hounddogs, Camouflage)
Network Perimeter security (Firewalls, NATs) Path isolation (Switches, VPNs, IPsec) System Host OS security (wrappers, patches, etc) Application security (SSH, SSL, Steganography...) Other Vulnerability detection Intrusion detection Better development tools and developers!

9 Security Usually Implies Isolation
Network security = network isolation (what's wrong with that picture?) Physical isolation Separate wires/fiber low-level multiplexing, e.g. TDM Logical isolation Access control Encryption

10 Defense in Depth Security is additive No single solution
Examine cost/benefit of each approach vs. cost of security incidents Focus first on biggest vulnerabilities Then knock off the “easy to do” items

11 Cost: Time & Inconvenience
In order of increasing sys-admin time: Application security Vulnerability & intrusion detection Path isolation (VPNs) Perimeter security (Firewalls) Host security Incident cleanup (compound frustration!) In order of increasing user inconvenience: Incident cleanup

12 The Dark Side of Firewalls
Firewalls are often viewed as a security panacea But they don’t live up to the hype, because they: Assume fixed security perimeter Give false sense of security May inhibit legitimate activities May be hard to manage Won't stop many threats Are a performance bottleneck

13 Assessing the value of Firewalls
Let E = % of attacks originating outside firewall B = % of external attacks actually blocked H = Number of hosts to be protected P = Number of security policies Firewall Value ~ E * B * H / P In the limit, P may approach H ! Must weigh cost of managing v. alternatives

14 Campus Network "Firewalls” (Router packet filtering)
Criteria: Low impact on network performance High degree of campus consensus; no flaming C&C! Can't reasonably be done at end-systems Now: Prevent source address spoofing Other possibilities under consideration

15 Even with Firewalls... Bad guys aren’t always "outside" the moat
One person’s “security perimeter” is another’s “broken network” Organization boundaries and filtering requirements constantly change Security perimeters only protect against a limited percentage of threats… must examine entire system: Cannot ignore end-system management Use of secure applications is a key strategy

16 Conclusions… Security: "pay now or pay later”
No silver bullets, only thankless effort Computer ownership has responsibilities… Each hacked system is a threat to neighbors Organizational boundaries rarely map to physical topology Suggested security priorities: Application > Host > Path > Perimeter

Download ppt "Network Security in Academia: an Oxymoron?"

Similar presentations

Network Security Essentials Chapter 11

Network Security Essentials Chapter 11
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University

Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University
5-Network Defenses Dr. John P. Abraham Professor UTPA.

5-Network Defenses Dr. John P. Abraham Professor UTPA.
1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.

1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.
NCAR National Center for Atmospheric Research 1 Security At NCAR Pete Siemsen National Center for Atmospheric Research November 22, 1999.

NCAR National Center for Atmospheric Research 1 Security At NCAR Pete Siemsen National Center for Atmospheric Research November 22, 1999.
Firewalls & VPNs Terry Gray UW Computing & Communications 13 September 2000.

Firewalls & VPNs Terry Gray UW Computing & Communications 13 September 2000.
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.

Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
Chapter 12 Network Security.

Chapter 12 Network Security.
Network Insecurity: challenging conventional wisdom Terry Gray UW Computing & Communications 10 October 2000.

Network Insecurity: challenging conventional wisdom Terry Gray UW Computing & Communications 10 October 2000.
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.

Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Firewalls1 Firewalls Mert Özarar Bilkent University, Turkey

Firewalls1 Firewalls Mert Özarar Bilkent University, Turkey
University of WashingtonComputing & Communications Network Insecurity: challenging conventional wisdom Terry Gray Director, Networks & Distributed Computing.

University of WashingtonComputing & Communications Network Insecurity: challenging conventional wisdom Terry Gray Director, Networks & Distributed Computing.
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
Secure Network Design: Designing a Secure Local Area Network IT352 | Network Security |Najwa AlGhamdi1 Case Study

Secure Network Design: Designing a Secure Local Area Network IT352 | Network Security |Najwa AlGhamdi1 Case Study
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

Similar presentations

Ads by Google