Presentation is loading. Please wait.

Presentation is loading. Please wait.

SC04 Network Security Wrap-Up Version 3. Role of Network Security in SCinet ISP role/rule in protecting network (1) Protect network infrastructure (2)

Published byEarl Roberts Modified over 9 years ago

Similar presentations

Presentation on theme: "SC04 Network Security Wrap-Up Version 3. Role of Network Security in SCinet ISP role/rule in protecting network (1) Protect network infrastructure (2)"— Presentation transcript:

1 SC04 Network Security Wrap-Up Version 3

2 Role of Network Security in SCinet ISP role/rule in protecting network (1) Protect network infrastructure (2) Protect the Internet from SCinet (3) Help exhibitors and attendees Testbed new tools, techniques, systems

3 SCinet network architecture Simple campus architecture routed via Juniper T640, T320 and Cisco 6509 Bandwidth Challenge 10G participants given connectivity via Force10 WAN connections –OC3 commodity Internet service via Qwest –16 OC192 links (NLR, ESNet, Abilene, Teragrid, etc.) –1 OC768 link to PSC Wireless architecture (free/open system) –Integrated wireless system by Trapeze Wired conference network to every meeting room Argonne address space (140.221.128.0/17)

4

5 SCinet security team Timothy Toole - Sandia Stephen Lau - NERSC/LBL Jim Hutchins - Sandia Scott Campbell - NERSC/LBL Bill Nickless - PNNL Tim Witteveen - PNNL Roger Winslow - NERSC/LBL Patrick Stevens - Sandia

6 Network Security Features Three primary IDS systems –Mon, Bro, Snort Cisco port mirroring Packet Engines GigE Hub & NetOptics splitters RST responder, Desuckit application, SYN-ACK responder Password display MAC address blocking on wireless Experimental –Flo, OSX, AMD64 Opteron, Xyratex RAID system, S2IO 10GigE NICs

7 Expectations Whack-a-mole game with worms (wired and wireless) Expect about a handful of successful intrusions (requiring clean-up) Likely target of cluster/HPC systems –Valuable information provided by FBI –Expect to see outbound TCP 53 and 55 Expect other 'phone-home' mechanisms (bot-nets)

8

9 Worm infections (approx. 35) Never really attempted to identify the exact signature Location of infected device takes time, especially on DHCP wireless Repeat offenders Tried shunning in Trapeze system, but took time to implement (mainly due to 1 individual having access) Shunning induced a load through AP association reqs Much success in responding with SYN-acks and window sizes of zero –Significantly slowed down the infected host –Need a good windows administrator who's security conscious to help repair systems

10 Intrusions 11/07 @ 9:00 SCinet rental desktop –Very poorly configured from PC vendor 11/08 @ 11:53 VendorW booth (linux cluster) –Brute forced ssh password, outbound ftp & IRC 11/10 in the AM –MSSQL null SA password 11/11 @ 08:25 & 08:36 VendorX and BoothY (Linux systems) –Brute forced ssh password; identification of rootkit 11/11 @ 10:21-15:07 VendorZ (Windows laptop) –Windows file sharing exploit/whatever; became FTP server

11 Intrusion Summary At least 1 compromised system to deal with per day Windows boxes are low hanging fruit on open Internet Weak passwords are also low hanging fruit on open Internet Script-kiddie Romanians are a pain to deal with, but somewhat entertaining Need someone good at explaining problem to customer (definition of 0wn3d)

12 Lessons learned Intrusions were caught by good judgment Need to factor in 2x to 3x amount of time to get stuff done if (BitTorrent && Wireless) { wireless.usability = crap; } Users not courteous on wireless –500? users associated on empty exhibit hall RF interference, rogue AP's, mis-configured laptops, old drivers cause wireless problems Never got a good data stream to adequately test 10Gbe cards or application(s) Not sure how to educate this particular community on good practices Outbound IRC ports were easy to pickup suspicious traffic –Don't confuse GPFS with IRC Need IPv6 IDS, since we have some native v6 links

13 Future projects SCinet05 network architecture and its impact on network security 10Gbe IDS/Monitoring systems BPF/PCAP/IP/TCP on a 1/10Gig card Visualization Netflow analysis (help from CERT) User education?

Download ppt "SC04 Network Security Wrap-Up Version 3. Role of Network Security in SCinet ISP role/rule in protecting network (1) Protect network infrastructure (2)"

Similar presentations

Getting Traffic to your Cluster. Where to Tap WAN or Internal – WAN Detect intrusion attempts and out-bound misbehavior – Internal Detect internal-internal.

Getting Traffic to your Cluster. Where to Tap WAN or Internal – WAN Detect intrusion attempts and out-bound misbehavior – Internal Detect internal-internal.
The Return of the Cube: Spinning the Security of SCinet Stephen Lau NERSC Center Division, LBNL November 10, 2004.

The Return of the Cube: Spinning the Security of SCinet Stephen Lau NERSC Center Division, LBNL November 10, 2004.
 IPv6 Has built in security via IPsec (Internet Protocol Security). ◦ IPsec Operates at OSI layer 3 or internet layer of the Internet Protocol Suite.

 IPv6 Has built in security via IPsec (Internet Protocol Security). ◦ IPsec Operates at OSI layer 3 or internet layer of the Internet Protocol Suite.
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 High-performance Gigabit Ethernet ports rapidly transfer large files supporting.

© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 High-performance Gigabit Ethernet ports rapidly transfer large files supporting.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
IT Security Doug Brown Jeff Bollinger. What is security? P.H.P. People Have Problems Security is the mitigation and remediation of human error in information.

IT Security Doug Brown Jeff Bollinger. What is security? P.H.P. People Have Problems Security is the mitigation and remediation of human error in information.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Exam ● On May 15, at 10:30am in this room ● Two hour exam ● Open Notes ● Will mostly cover material since Exam 2 ● No, You may not take it early.

Exam ● On May 15, at 10:30am in this room ● Two hour exam ● Open Notes ● Will mostly cover material since Exam 2 ● No, You may not take it early.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Passive traffic measurement Capturing actual Internet packets in order to measure: –Packet sizes –Traffic volumes –Application utilisation –Resource utilisation.

Passive traffic measurement Capturing actual Internet packets in order to measure: –Packet sizes –Traffic volumes –Application utilisation –Resource utilisation.
Networking Components Chad Benedict – LTEC 4550 1.

Networking Components Chad Benedict – LTEC
Securing a Wireless Network

Securing a Wireless Network
1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.

1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.
Windows XP Home Networking Scott Manchester Technical Evangelist Home Networking.

Windows XP Home Networking Scott Manchester Technical Evangelist Home Networking.
Scanners Inventory all machines on site; 12,000+ nmap farm All machines usually twice a day Find critical vulnerabilities and issue blocks Nessus Homegrown.

Scanners Inventory all machines on site; 12,000+ nmap farm All machines usually twice a day Find critical vulnerabilities and issue blocks Nessus Homegrown.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Troubleshooting Your Network Networking for Home and Small Businesses.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Troubleshooting Your Network Networking for Home and Small Businesses.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Office of Science U.S. Department of Energy The Bro Intrusion Detection Stephen Lau NERSC/LBNL November 20, 2003 SC2003 Phoenix, AZ.

Office of Science U.S. Department of Energy The Bro Intrusion Detection Stephen Lau NERSC/LBNL November 20, 2003 SC2003 Phoenix, AZ.

Similar presentations

Ads by Google