Presentation is loading. Please wait.

Presentation is loading. Please wait.

Georgia Tech Information Security Campus Architecture for ECE6612 November 2, 2005 Peter N. Wan Senior Information Security Engineer Office of Information.

Published byOpal Payne Modified over 9 years ago

Similar presentations

Presentation on theme: "Georgia Tech Information Security Campus Architecture for ECE6612 November 2, 2005 Peter N. Wan Senior Information Security Engineer Office of Information."— Presentation transcript:

1 Georgia Tech Information Security Campus Architecture for ECE6612 November 2, 2005 Peter N. Wan Senior Information Security Engineer Office of Information Technology, Information Security Directorate

2 Information Security Architecture - Outline InfoSec Architecture diagram Network Architecture diagram Security Technology Policies User Awareness Campaign Q&A

3 Information Security Architecture(1) http://www.oit.gatech.edu/information_security/architecture/index.html http://www.oit.gatech.edu/information_security/architecture/index.html Still on Web – 4/23/2008

4 Information Security Architecture(2) Layered Defense in Depth Host firewalls and other defensive measures are still important even if there is a network firewall Business of the Institute must continue so security must help enable business processes

5 Network Architecture (1)

6 Network Architecture (2) Border routers receive traffic from Tech ISPs (Cogent, Quest, Level3, Peachnet, SoX/Abilene, etc.) Border routers feed traffic to campus gateway routers Campus gateway routers feed the campus backbone, where departmental and other routers/firewalls are connected

7 Campus Security Technology Border/Backbone Routers Intrusion Prevention Systems (not in production yet) Intrusion Detection Systems Network Firewalls Host-Based Security

8 Campus Security Technology – Border/Backbone Routers Pass traffic only Protocols that are not passed over a Wide Area Network (tftp, file sharing, database services, etc.) are blocked by internal firewalls, not ACLs at the border “Netflows” are collected at various routers to identify suspicious traffic; content is not examined

9 Campus Security Technology – Intrusion Prevention Systems Two ISS Proventia G1000F intrusion prevention devices were installed at the border of the campus network IPSes are designed to be installed in-line, and to provide blocking of traffic that does not meet their security policy (more flexibility than router port filters, which are all-or-none type enforcement) “Deep Inspection”

10 Campus Security Technology – Intrusion Detection Systems Campus border traffic is mirrored by a switch to two types of IDSes Enterasys Dragon is a signature-based IDS Lancope Stealthwatch is an anomaly- based IDS

11 Example Status from Lancope Stealthwatch P2P Worm Activity Worm Propagation SPAM Source _Mail Relay Comm. With Known Bad Host -Flood -Target SYNs 3000- 2000- 1000-

12 Campus Security Technology – Network Firewalls Business Office/Ferst Center incidents emphasized the need for better monitoring/control of certain departments/servers Program for deploying firewalls at the connection of departments to the campus network has been progressing

13 Campus Security Mechanisms – Host-Based Security(1) Antivirus software (NAI/McAfee site- licensed for campus) Host firewalls (ISS RealSecure Desktop Protector) Spyware removal software (no site- licensed packages currently, though Spybot Search & Destroy is free even for university use)

14 Campus Security Mechanisms – Host-Based Security(2) Operating system, application, utility patching very important; use vendor- supplied or 3 rd party products (e.g., PatchLink or HFNetChk) Activate automatic updates wherever possible (antivirus, spyware remover, operating system); this may not be appropriate for servers

15 Incident Response Many incidents consist of virus/spyware infections, and are handled locally by departments or ResNet/EastNet staff A “Sensitive Server Database” records machines which are critical to a unit’s function or which contain sensitive information (classifications per the Data Access Policy); incident response for these type of systems requires more attention Some incidents are serious enough to require disk/system forensic examinations

16 Campus Security Policies Federal/State/Local (FERPA, HIPAA, GLBA, Open Records, etc.) Campus Network Usage/Security Policy Unit Level Network Usage Policies Data Access Policy Copyrighted Material Usage (DMCA, fair use, etc.) Employee/Student Handbooks

17 User Awareness Security awareness tutorial at http://oit.gatech.edu/information_security/education_and_awareness/safe/ Educational campaign in Fall 2005 Semester with posters, etc. Outreach such as talks with classes and other groups For more information, please see the OIT- IS page at http://oit.gatech.edu/information_security

18 Thank You! Any Questions?

Download ppt "Georgia Tech Information Security Campus Architecture for ECE6612 November 2, 2005 Peter N. Wan Senior Information Security Engineer Office of Information."

Similar presentations

Information Technology at Emory The Building Blocks for Security at Emory University Jay D. Flanagan Security Team Lead Technical Services Copyright Jay.

Information Technology at Emory The Building Blocks for Security at Emory University Jay D. Flanagan Security Team Lead Technical Services Copyright Jay.
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
5-Network Defenses Dr. John P. Abraham Professor UTPA.

5-Network Defenses Dr. John P. Abraham Professor UTPA.
Winter 20021 CMPE 155 Week 7. Winter 20022 Assignment 6: Firewalls What is a firewall? –Security at the network level. Wide-area network access makes.

Winter CMPE 155 Week 7. Winter Assignment 6: Firewalls What is a firewall? –Security at the network level. Wide-area network access makes.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
Group Presentation Design and Implementation of a company- wide networking & communication technologies strategy 9 th December 2003 Prepared By: …………

Group Presentation Design and Implementation of a company- wide networking & communication technologies strategy 9 th December 2003 Prepared By: …………
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
SIRT Contact Orientation Security Incident Response Team Departmental Security Contacts April 16, 2004.

SIRT Contact Orientation Security Incident Response Team Departmental Security Contacts April 16, 2004.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
By Edith Butler Fall 2008. Our Security Ways we protect our valuables: Locks Security Alarm Video Surveillance, etc.

By Edith Butler Fall Our Security Ways we protect our valuables: Locks Security Alarm Video Surveillance, etc.
Host Intrusion Prevention Systems & Beyond

Host Intrusion Prevention Systems & Beyond
Secure Network Design: Designing a Secure Local Area Network IT352 | Network Security |Najwa AlGhamdi1 Case Study

Secure Network Design: Designing a Secure Local Area Network IT352 | Network Security |Najwa AlGhamdi1 Case Study
Department Of Computer Engineering

Department Of Computer Engineering
Being Proactive with Computer Posture Assessment Department of Housing and Residence Education Charles Benjamin.

Being Proactive with Computer Posture Assessment Department of Housing and Residence Education Charles Benjamin.
Security Guidelines and Management

Security Guidelines and Management
Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?
Firewalls Marin Stamov. Introduction Technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.

Firewalls Marin Stamov. Introduction Technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.

Similar presentations

Ads by Google