Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 University of WashingtonComputing & Communications security in the post-Internet era Terry Gray C&C all-hands meeting 09 March 2004.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 University of WashingtonComputing & Communications security in the post-Internet era Terry Gray C&C all-hands meeting 09 March 2004."— Presentation transcript:

1 1 University of WashingtonComputing & Communications security in the post-Internet era Terry Gray C&C all-hands meeting 09 March 2004

2 2 University of WashingtonComputing & Communications thesis the Open Internet is history -- “get over it” destroyed by predictable reaction to recent attacks --but not without significant collateral damage replaced by the Indeterminate Internet --that most people haven’t and won’t notice we can and must protect the needs of the few --while still supporting the needs of the many

3 3 University of WashingtonComputing & Communications Internet metamorphosis 1969: “one network” 1983: “network of networks” 199-: “balkanization” begins 2003: “heat death” begins 2004: paradigm lost?

4 4 University of WashingtonComputing & Communications personal metamorphosis 1988: “five anti-interoperable networks” !! 2000: “network security credo” -manage those hosts! 2000: “my first NAT” -hardly hurt a bit 2002: S@LS planning -keeping the faith 2003: “slammer” -intervention 2003: “blaster” -wake 2004: “mydoom” -groundhog day 2005: “five anti-interoperable networks” ??

5 5 University of WashingtonComputing & Communications grief counseling coping with post-Internet intellectual trauma: –denial –anger –bargaining –depression –acceptance I had not understood that all of these emotions can occur simultaneously!

6 6 University of WashingtonComputing & Communications UW network security chronology 1988: Five anti-interoperable networks 1994: Nebula shows network utility model viable 1998: Defined OSFA border blocking policy 2000: Published Network Security Credo 2000: Added source address spoof filters 2000: Proposed med ctr network zone 2000: Proposed server sanctuaries 2001: Ban clear-text passwords on C&C systems 2001: Proposed pervasive host firewalls 2001: Developed logical firewall solution 2002: Developed Project-172 solution 2003: Slammer, Blaster… death of the Internet 2003: Begin work on flex-net architecture

7 7 University of WashingtonComputing & Communications security-related trends more life-critical applications more wireless use more VoIP (and soon, VoWLAN) faster networks class action lawsuits RIAA subpoenas SEC filings to include security info? more sophisticated attacks more spyware, encrypted backdoors less sophisticated attackers profit motive for attacks

8 8 University of WashingtonComputing & Communications end of an era gone: the open Internet (connection transparency) going: autonomous unmanaged PCs at risk: full digital convergence? the network utility model is dead –once hosts were all equally accessible –once network jacks were all the same (‘cept speed) –once all application ports were open welcome to the indeterminate Internet –“Heisenberg/Einstein” networking... –uncertain and relativistic connectivity –you can make no assumptions about what should work

9 9 University of WashingtonComputing & Communications how we lost it: inevitable trainwreck? fundamental contradiction –networking is about connectivity –security is about isolation conflicting roles and goals –vendors –networkers –security people –sys admins –oh yeah… and the users insecurity = liability –liability trumps innovation –liability trumps operator concerns –liability trumps user concerns

10 10 University of WashingtonComputing & Communications how we lost it: disconnects failure of “computer security” –vendors gave customers what they wanted, not what they needed –responsibility/authority/accountability disconnects guaranteed failure –the network brought the trouble; the network should fix it failure of networkers to understand what users wanted –not a completely open Internet! –importance of “unlisted numbers”

11 11 University of WashingtonComputing & Communications observations feedback loop: –closed nets encourage constrained apps –constrained apps encourage closed nets thus: the Indeterminate Internet may become the Single-Port Internet tunneling, encryption trends undermine perimeter defense effectiveness isolation strategies are limited by how many devices you want on your desk. blaster: triggered more perimeter defense, but showed futility of conventional perimeter defense

12 12 University of WashingtonComputing & Communications consequences more closed nets & VPNs (bug or feature?) more tunneling -“firewall friendly” apps more encryption (thanks to RIAA) more collateral harm -attack + remedy worse MTTR (complexity, broken tools) constrained innovation (e.g. p2p, voip) cost shifted from “guilty” to “innocent” pressure to fix problem at border pressure for private nets pressure to make network topology match organization boundaries

13 13 University of WashingtonComputing & Communications roads not taken what if windows XP had shipped with its integral firewall turned on? what if UW had mandated and funded positive desktop control? too late… so what can we do now to “protect and serve” our constituency in the post-Internet era?

14 14 University of WashingtonComputing & Communications bonus slides!

15 15 University of WashingtonComputing & Communications design tradeoffs  networks = connectivity ; security = isolation  fault zone size vs. economy/simplicity  reliability vs. complexity  prevention vs. (fast) remediation  security vs. supportability vs. functionality (conflicting admin, ops, user perspectives)  differences in NetSec approaches relate to:  Balancing priorities (security vs. ops vs. function)  Local technical and institutional feasibility

16 16 University of WashingtonComputing & Communications design tradeoff examples defense-in-depth conjecture (for N layers) –Security: MTTE (exploit)  N**2 –Functionality: MTTI (innovation)  N**2 –Supportability: MTTR (repair)  N**2 Perimeter Protection Paradox (for D devices) –Firewall efficiency/value  D –Firewall effectiveness  1 / D border blocking criteria (OSFA policy) –Threat can’t reasonably be addressed at edge –Won’t harm network (performance, stateless block) –Widespread consensus to do it security by IP address

17 17 University of WashingtonComputing & Communications preserving the network utility model goal: connection transparency importance: improves MTTR, innovation status: globally, dead… locally, ??? incompatible with perimeter security? NUM-preserving perimeter defense –Logical Firewalls –Project 172 foiled: security based on static IP addresses –Requires all hosts be reconfigured

18 18 University of WashingtonComputing & Communications lines of defense Network isolation for critical services. Host integrity. (Make the OS is net-safe.) Host perimeter. (OS integrity; firewalling) Cluster/lab perimeter. Network zone perimeter. Real-time attack detection and containment.

19 19 University of WashingtonComputing & Communications next-gen network architecture  parallel networks; more redundancy  supportable (geographic) topology  med ctr subnets = separate backbone zone  perimeter, sanctuary, and end-point defense  higher performance  high-availability strategies  Workstations spread across independent nets  Redundant routers  Dual-homed servers

20 20 University of WashingtonComputing & Communications final metamorphosis success then –transparent/open Internet (network utility model) –effective end-point security success now? –nobody gets hurt, nobody goes to jail –“works fine, lasts a long time” –easy to diagnose/fix –flexible connection transparency choices –unfair cost-shifting avoided

21 21 University of WashingtonComputing & Communications lessons  net reliability & host security are inextricably linked  five 9s (5 min/yr) is hard (unless we only attach phones?)  even host firewalls don’t guarantee safety  perimeter firewalls may increase user confusion, MTTR  perimeter firewalls won’t stop next-generation attacks  it only takes one compromise inside to defeat a firewall  Nebula existence proof: security in an open network  DDOS attacks: defense-in-depth is a Good Thing  controlling net devices is hard --hublets, wireless  security via static IP configuration does not scale  never underestimate non-technical barriers to progress

22 22 University of WashingtonComputing & Communications questions? comments?

Download ppt "1 University of WashingtonComputing & Communications security in the post-Internet era Terry Gray C&C all-hands meeting 09 March 2004."

Similar presentations

Enabling IPv6 in Corporate Intranet Networks

Enabling IPv6 in Corporate Intranet Networks
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University

Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University
4/27/2015Slide 1 Rethinking the design of the Internet: The end to end arguments vs. the brave new world Marjory S. Blumenthal Computer Science and Telecomms.

4/27/2015Slide 1 Rethinking the design of the Internet: The end to end arguments vs. the brave new world Marjory S. Blumenthal Computer Science and Telecomms.
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)

Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
Cosc 4765 Network Security: Routers, Firewall, filtering, NAT, and VPN.

Cosc 4765 Network Security: Routers, Firewall, filtering, NAT, and VPN.
Firewalls & VPNs Terry Gray UW Computing & Communications 13 September 2000.

Firewalls & VPNs Terry Gray UW Computing & Communications 13 September 2000.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
University of WashingtonComputing & Communications Network Security Principles & Practice for UW Medicine Terry Gray April 2004.

University of WashingtonComputing & Communications Network Security Principles & Practice for UW Medicine Terry Gray April 2004.
Firewall Configuration Strategies

Firewall Configuration Strategies
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
University of WashingtonComputing & Communications Ten Minutes on Five Nines Terry Gray Associate VP, IT Infrastructure University of Washington Common.

University of WashingtonComputing & Communications Ten Minutes on Five Nines Terry Gray Associate VP, IT Infrastructure University of Washington Common.
Network Research An Operator’s Perspective Terry Gray University of Washington Associate Vice President, Technology Engineering, C&C Affiliate Professor,

Network Research An Operator’s Perspective Terry Gray University of Washington Associate Vice President, Technology Engineering, C&C Affiliate Professor,
Network Insecurity: challenging conventional wisdom Terry Gray UW Computing & Communications 10 October 2000.

Network Insecurity: challenging conventional wisdom Terry Gray UW Computing & Communications 10 October 2000.
1 Emulab Security. 2 Current Security Model Threat model: No malicious authenticated users, Bad Guys are all “outside” –Protect against accidents on the.

1 Emulab Security. 2 Current Security Model Threat model: No malicious authenticated users, Bad Guys are all “outside” –Protect against accidents on the.
University of WashingtonComputing & Communications Open Network Security or “closed network” insecurity? Terry Gray Director, Networks & Distributed Computing.

University of WashingtonComputing & Communications Open Network Security or “closed network” insecurity? Terry Gray Director, Networks & Distributed Computing.
University of WashingtonComputing & Communications Networking Update Terry Gray Director, Networks & Distributed Computing University of Washington UW.

University of WashingtonComputing & Communications Networking Update Terry Gray Director, Networks & Distributed Computing University of Washington UW.
Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.

Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.
University of WashingtonComputing & Communications Recent Computer Security Incidents Terry Gray Director, Networks & Distributed Computing 03 October.

University of WashingtonComputing & Communications Recent Computer Security Incidents Terry Gray Director, Networks & Distributed Computing 03 October.

Similar presentations

Ads by Google