Download presentation
Presentation is loading. Please wait.
Published byTobias Shepherd Modified over 9 years ago
1
Advanced Internet Bandwidth and Security Strategies Fred Miller Illinois Wesleyan University
2
Advanced Internet Bandwidth & Security Strategies How Illinois Wesleyan University: –Minimizes copyright infringement notices –Allows peer-to-peer computing –Maintains sub-second web performance –Mitigates denial of service attacks –Identifies virus infections –Controls illegal activities on the campus network
3
Advanced Internet Bandwidth & Security Strategies Layers of security Intrusion Detection –Host based intrusion detection –Network based intrusion detection Knowledge based Behavior based Bandwidth management & monitoring User education and enforcement
4
About Illinois Wesleyan University Liberal arts - 2100 students –1800 on-campus residents IT Resource limitations –16 IT Staff –Voice, video, & data Environment –100mpbs switched port per pillow –18mbps Internet connection –No technology fee –Some wireless –LDAP authentication
5
Bandwidth & Security Strategies User Education (and results) Firewall & IP address policies Response Time Measurement Bandwidth Policies Monitoring and detection Redirection & quarantine Judicial procedures Future plans
6
User Education Computer Incident Factor Analysis and Categorization (CIFAC) Project –IT personnel More education and training… –Users More education and training… –Non IT Staff More education… –Networks More resources, more and better procedures…
7
User Education @ Illinois Wesleyan Freshman orientation Web site, portal & e-mail lists One on one training Help desk Assessment Our customers –Novices –“The Mistaken”
8
User Education - Results
10
Firewall & IP Address Policies No MAC registration (yet) DHCP All local 10.x.x.x IP numbers Ports blocked inbound, few outbound Restrict SMTP, SNMP, etc.
11
Response Time Measurement Library consortium RRDTOOL MRTG ping probe Packetshaper command: rtm sho
12
rtm sho
13
Bandwidth Policies Detail* Traffic classification Flow control Host lists Class licenses *Command line vs. web interface
14
Traffic classification Classify in and out - hundreds of classes No changes for time of day Can block/restrict by IP#, port, or protocol Partitions and policies Peer to peer - low priority, typically 10k policy in, 1k policy out Gamers are a challenge
16
Flow control Limits the number of new flows per minute for client or server actions
17
Classification and Flow Control No auto-discovery, but all traffic classified
18
Host lists Groups of internal or external IP numbers using bandwidth rules Quarantine internal users Limit groups of high bandwidth servers Quickly block intruders Identify servers for additional priority
20
Class licenses Limit how many connections per class
21
Know what’s typical and atypical Check for top bandwidth users Watch number of flows - active and failed Spot check Automation Community Monitoring and Detection
22
Know what’s typical & atypical –sys heal
23
Monitoring and Detection Check for top bandwidth users –Over time hos top sho /outbound Host top sho /inbound Host inf -sr -i –Right now Host inf -sr -n 10
24
Monitoring and Detection Watch number of flows - active and failed –host inf -sf -n 10 –host inf -sp -n 10
25
Monitoring and Detection Spot check –Overall (e.g., check tree) tr tr –Individual classifications tr fl -tupIc/outbound/discoveredports/students tr his recent /inbound/multimedia/mpeg-video –Individual machines (servers & clients) tr fl -tupIA10.x.x.x tr his find 10.x.x.x
26
Monitoring and Detection Automation Rule sets: application and port rules E-mail notifications Identify & isolate violators Packetshaper Adapative Response Snort
27
Monitoring and Detection Automation - Packetshaper Adaptive Response
28
Monitoring and Detection Automation - Packetshaper Adaptive Response
29
Monitoring and Detection Automation - Snort By Martin Roesch Extensive rule sets Henwen & Letterstick = Snort GUI for Mac
30
Monitoring & Detection
31
Monitoring and Detection Community - firewall log analysis D-Shield Distributed Intrusion Detection System http://www.dshield.org/ http://www.dshield.org/ D-Shield Academic http://dshield.infosecurityresearch.org/ http://dshield.infosecurityresearch.org/ SANS Internet Storm Center http://isc.sans.org http://isc.sans.org Computer Emergency Response Team http://www.cert.org http://www.cert.org
32
Redirection & Quarantine Soft quarantine Hard quarantine with redirect
33
Judicial Procedures Network disruption - logical disconnect RIAA notices - less than 1 per month Students referred to Associate Dean of Students for judicial processes
34
Future Plans Cisco ASA - firewall, VPN, intrusion detection More Adaptive Response More Snort 45mbps Internet NetReg? Clean Access? –VLAN Quarantine Wireless authentication
35
Advanced Internet Bandwidth & Security Strategies Summary –User education is key –Need layers of security –Bandwidth management & monitoring –Intrusion detection and prevention Hosts and network More application level detection Support more community efforts – Enforce policies with judicial procedures
36
Additional References… Packeteer Education e-mail list http://www.packeteer.com/prod-sol/stanford.cfm http://www.packeteer.com/prod-sol/stanford.cfm EDUCAUSE Intrusion Detection Resources http://www.educause.edu/Browse/645?PARENT_ID=661 http://www.educause.edu/Browse/645?PARENT_ID=661 CIFAC Project Report (volume 1) http://www.educause.edu/LibraryDetailPage/666?ID=CSD4207 http://www.educause.edu/LibraryDetailPage/666?ID=CSD4207 Illinois Wesleyan IT Policies http://titan.iwu.edu/IT/policies/ http://titan.iwu.edu/IT/policies/ Snort http://www.snort.org http://www.snort.org Henwen & Letterstick http://seiryu.home.comcast.net/henwen.html http://seiryu.home.comcast.net/henwen.html
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.