Presentation is loading. Please wait.

Presentation is loading. Please wait.

Uw network security 2003 Terry Gray University of Washington Computing & Communications 17 October 2003.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Uw network security 2003 Terry Gray University of Washington Computing & Communications 17 October 2003."— Presentation transcript:

1 uw network security 2003 Terry Gray University of Washington Computing & Communications 17 October 2003

2 UW campus network (backbone) border router border router backbone switches ~ 30 level one routers subnets (733 total; 150 c&c); over 60,000 live devices

3 UW campus network (typical subnet) Level One Router Aggregation Switch Edge Switch campus subnets are a mixture of shared 10Mbps switched 10Mbps switched 10/100Mbps

4 network facilities

5 typical core routers

6 campus network traffic

7 Pacific Northwest Gigapop The PNW’s access point to next generation Internets, including Internet2, high performance USA Federal Networks, and high speed commodity Internet A high speed peering point for regional and international networks R&D testbed inviting national and international experimentation with advanced Internet-based applications

8

9 Pacific Northwest Gigapop uw border uw border 3 diverse network providersInternet2 national & internat’nl nets Internet2 2.5Gbps (10Gbps upgrade underway) Three different 1Gbps connections to the Internet Multiple gigabits of connections to other networks 30+ network customers

10 K-12 (307) Community/Technical College (73) Public Baccalaureate (50) Library (65 in process) Independent Colleges (9 approved) K20 Network Sites

11 seven security axioms Network security is maximized when we assume there is no such thing. Large security perimeters mean large vulnerability zones. Firewalls are such a good idea, every computer should have one. Seriously. Remote access is fraught with peril, just like local access. One person's security perimeter is another's broken network. Isolation strategies are limited by how many PCs you want on your desk. Network security is about psychology as much as technology. Bonus: never forget that computer ownership is not for the feint-hearted.

12 credo focus first on the edge (perimeter protection paradox) add defense in depth as needed keep it manageable provide for local policy choice... avoid one-size-fits-all

13 gray’s defense-in-depth conjecture MTTE (exploit) = k * N**2 MTTI (innovation) = k * N**2 MTTR (repair) = k * N**2 where N = number of layers

14 C&C security activities logical firewalls project 172 network infrastructure protection reverse IDS (local infection detection) auto-block; self-reenable traffic monitoring tools who/where traceability tools nebula proactive probing honeypots security operations training; consulting

Download ppt "Uw network security 2003 Terry Gray University of Washington Computing & Communications 17 October 2003."

Similar presentations

David R. Richardson, Mgr. Network Engineering University of Washington Pacific Rim Networking Meeting Honolulu, Hawaii February 21-22, 2002.

David R. Richardson, Mgr. Network Engineering University of Washington Pacific Rim Networking Meeting Honolulu, Hawaii February 21-22, 2002.
Chapter 7: Intranet LAN Design

Chapter 7: Intranet LAN Design
Hierarchical Design.

Hierarchical Design.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.

SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.
Cisco Hierarchical Network Model RD-CSY2001-09/101.

Cisco Hierarchical Network Model RD-CSY /101.
Module 5 - Switches CCNA 3 version 3.0 Cabrillo College.

Module 5 - Switches CCNA 3 version 3.0 Cabrillo College.
Pacific Northwest Gigapop NGN Overview Kampala, Uganda Oct. 16th - 17th 2007.

Pacific Northwest Gigapop NGN Overview Kampala, Uganda Oct. 16th - 17th 2007.
Firewalls & VPNs Terry Gray UW Computing & Communications 13 September 2000.

Firewalls & VPNs Terry Gray UW Computing & Communications 13 September 2000.
1 University of WashingtonComputing & Communications security in the post-Internet era Terry Gray C&C all-hands meeting 09 March 2004.

1 University of WashingtonComputing & Communications security in the post-Internet era Terry Gray C&C all-hands meeting 09 March 2004.
University of WashingtonComputing & Communications Network Security Principles & Practice for UW Medicine Terry Gray April 2004.

University of WashingtonComputing & Communications Network Security Principles & Practice for UW Medicine Terry Gray April 2004.
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung(1203584897) SriramGopinath(1203800749)

Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) SriramGopinath( )
University of WashingtonComputing & Communications Ten Minutes on Five Nines Terry Gray Associate VP, IT Infrastructure University of Washington Common.

University of WashingtonComputing & Communications Ten Minutes on Five Nines Terry Gray Associate VP, IT Infrastructure University of Washington Common.
Network Insecurity: challenging conventional wisdom Terry Gray UW Computing & Communications 10 October 2000.

Network Insecurity: challenging conventional wisdom Terry Gray UW Computing & Communications 10 October 2000.
University of WashingtonComputing & Communications CAMPUS NETWORK DESIGN: Wired vs. Wireless Terry Gray Director, Networks & Distributed Computing UW Computing.

University of WashingtonComputing & Communications CAMPUS NETWORK DESIGN: Wired vs. Wireless Terry Gray Director, Networks & Distributed Computing UW Computing.
University of WashingtonComputing & Communications Networking Update Terry Gray Director, Networks & Distributed Computing University of Washington UW.

University of WashingtonComputing & Communications Networking Update Terry Gray Director, Networks & Distributed Computing University of Washington UW.
1 13-Jun-15 S Ward Abingdon and Witney College LAN design CCNA Exploration Semester 3 Chapter 1.

1 13-Jun-15 S Ward Abingdon and Witney College LAN design CCNA Exploration Semester 3 Chapter 1.
1 GENI: Global Environment for Network Innovations Jennifer Rexford Princeton University

1 GENI: Global Environment for Network Innovations Jennifer Rexford Princeton University
Ch.6 - Switches CCNA 3 version 3.0.

Ch.6 - Switches CCNA 3 version 3.0.
University of WashingtonComputing & Communications CAMPUS NETWORK STATUS/FUTURES Terry Gray Director, Networks & Distributed Computing UW Computing & Communications.

University of WashingtonComputing & Communications CAMPUS NETWORK STATUS/FUTURES Terry Gray Director, Networks & Distributed Computing UW Computing & Communications.

Similar presentations

Ads by Google