Presentation is loading. Please wait.

Presentation is loading. Please wait.

Salsa Bits: A few things that the analysts aren't talking about... December 2006.

Published byErica King Modified over 9 years ago

Similar presentations

Presentation on theme: "Salsa Bits: A few things that the analysts aren't talking about... December 2006."— Presentation transcript:

1 Salsa Bits: A few things that the analysts aren't talking about... December 2006

2 2 What analysts are saying is important (and we agree) Protecting sensitive data Not just the enterprise data, but the researcher data Identity management In higher-ed, there's a lot of business process and policy issues as well as technology Malware (viruses, worms, spyware, etc.) Distributed denial of service attacks

3 3 What analysts haven't started to talk about yet... The strategic importance of and expanding reliance on DNS The value of sector-based security operations and the REN-ISAC {Spam, DDOS, etc} and its impact on the infrastructure Evolving firewall management strategies to accommodate advanced applications Federated identity and leveraging it for access control

4 4 Domain Name System (DNS) DNS is the foundational service of the network; no service works without it. DNS itself needs better security Vulnerable to several attacks and can be exploited for other attacks Remedial steps (e.g. DNSSec) face critical bootstrap and mass adoption value DNS as the basis for many security enhancements Spam control mechanisms will leverage it Federated security services depend on it EDUCAUSE oversees.edu; chance for higher-ed to lead

5 5 Takeaway: Domain Name System (DNS) Make sure the campus DNS operations are adequately supported; check out www.dnsreport.com Campus DNS operations should plan to work with applications Make sure that you’re not part of the problem – filter outgoing spoofed traffic, don't operate open recursive servers, etc...

6 6 Sector-based security services Of the initial sector oriented security analysis centers, the best remaining one is the REN- ISAC New technical and advisory groups Today, offers early warning services gleaned from Abilene traffic, identification of botnets, interactions with DHS and vendors, exchanges with other cooperative security efforts Tomorrow, it could build better analytic tools, inter-realm security exchanges, and other community-based security services

7 7 Takeaway: Sector-based security Make sure your campus is plugged in: To the REN-ISAC trust community – it is a vehicle for sharing real time security information To the various lists that discuss sector security issues, e.g. the higher-ed mail admin list, the EDUCAUSE security list Understand that our distinctive requirements will require common security approaches

8 8 Attacks and their impacts on infrastructure IETF concerns at the amount of unwanted traffic… Chronic threats – e.g. spam, botnets, etc are dramatically up and more resistant to remedies Better tuned MS machines have significantly increased the DDOS potentials Stress the campus infrastructure – mail servers, spam filters, firewalls, etc.

9 9 Takeaway: Attacks and their impacts Harden the infrastructure High capacity networking links should include high capacity security mechanisms New retention laws, rise of spam, etc. may change the way we choose to communicate

10 10 Evolving perimeter defense strategies From the network perimeter to defense in depth The starbucks effect The internal threats Push the protection perimeter as close to the edge as feasible Need to deal with optical bypass Need to be flexible for different requirements Credit card requirements can factor in

11 11 Evolving perimeter defense tradeoffs Understand that perimeter defense security tools often involve tradeoffs VPN – security and opacity NAT – isolation and loss of collaboration Firewalls and performance Additional perimeters increase the complexity of problem diagnosis

12 12 Takeaway: Evolving perimeter defense Be prepared for changes to accommodate team science. Trust-mediated transparency will leverage identity management Be aware that fundamental network architecture discussions are examining clouds of gated communities vs. a network utility Mean time to diagnose and support implications Monitor, audit, non-repudiation moving beyond forensics to situational awareness and active management

13 13 Federated identity As touted, Identity Management is urgent and important Federated identity leverages institutional Identity Management in inter-institutional settings By itself federated identity can provide significant security value. Enables flexible LOA's, improves privacy, etc. As a new layer of infrastructure, it can be leveraged to provide new security services Improved guest access usability and accountability Privilege management for virtual organizations

14 14 Takeaway: Federated Identity Make sure your campus is coming to grips with IdM Business owners, data stewards, external constituency services (alumni, facilities management, etc), central IT Understand the policies, the state transitions and their triggers, the privileges per state, etc Check out the www.nmi-edit.org/ web site and CAMPS. Prepare for federation Internal federations with medical schools, engineering colleges, etc. Install federating software, e.g. Shibboleth Identify policy issues and groups to work on them Understand the value of strategic use of two factor authentication

15 15

Download ppt "Salsa Bits: A few things that the analysts aren't talking about... December 2006."

Similar presentations

Security Challenges for Future Internet Design Cybertrust PI Meeting Breakout.

Security Challenges for Future Internet Design Cybertrust PI Meeting Breakout.
Security BoF: What Are The Community's Open Questions? Joe St Sauver, Ph.D. or Manager, Internet2 Nationwide Security.

Security BoF: What Are The Community's Open Questions? Joe St Sauver, Ph.D. or Manager, Internet2 Nationwide Security.
Ethics, Privacy and Information Security

Ethics, Privacy and Information Security
Current impacts of cloud migration on broadband network operations and businesses David Sterling Partner, i 3 m 3 Solutions.

Current impacts of cloud migration on broadband network operations and businesses David Sterling Partner, i 3 m 3 Solutions.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Abilene Transit Security Policy Joint Techs Summer ’05 Vancouver, BC, CA Steve Cotter Director, Network Services Steve Cotter Director,

Abilene Transit Security Policy Joint Techs Summer ’05 Vancouver, BC, CA Steve Cotter Director, Network Services Steve Cotter Director,
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Research and Educational Networking Information Analysis and Sharing Center (REN-ISAC) Mark S. Bruhn, Interim Director University Copyright.

Research and Educational Networking Information Analysis and Sharing Center (REN-ISAC) Mark S. Bruhn, Interim Director University Copyright.
Federations in Texas Barry Ribbeck University of Texas Health Science Center at Houston.

Federations in Texas Barry Ribbeck University of Texas Health Science Center at Houston.
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.

Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.
(Geneva, Switzerland, September 2014)

(Geneva, Switzerland, September 2014)
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.

Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.
The Business of Identity Management Barry R. Ribbeck Director Systems Architecture & Infrastructure Rice University

The Business of Identity Management Barry R. Ribbeck Director Systems Architecture & Infrastructure Rice University
N. GSU Slide 1 Chapter 04 Cloud Computing Systems N. Xiong Georgia State University.

N. GSU Slide 1 Chapter 04 Cloud Computing Systems N. Xiong Georgia State University.
SANS Technology Institute - Candidate for Master of Science Degree Implementing and Automating Critical Control 19: Secure Network Engineering for Next.

SANS Technology Institute - Candidate for Master of Science Degree Implementing and Automating Critical Control 19: Secure Network Engineering for Next.
University of Missouri System 1 Security – Defending your Customers from Themselves StateNets Annual Meeting February, 2004.

University of Missouri System 1 Security – Defending your Customers from Themselves StateNets Annual Meeting February, 2004.
Firewalls and the Campus Grid: an Overview Bruce Beckles University of Cambridge Computing Service.

Firewalls and the Campus Grid: an Overview Bruce Beckles University of Cambridge Computing Service.

Similar presentations

Ads by Google