Presentation is loading. Please wait.

Presentation is loading. Please wait.

Internet2 Security Efforts - A brief overview of activities Ken Klingenstein 2004 July 21 Joint Techs- Columbus, Ohio.

Published byMarion Harmon Modified over 9 years ago

Similar presentations

Presentation on theme: "Internet2 Security Efforts - A brief overview of activities Ken Klingenstein 2004 July 21 Joint Techs- Columbus, Ohio."— Presentation transcript:

1 Internet2 Security Efforts - A brief overview of activities Ken Klingenstein 2004 July 21 Joint Techs- Columbus, Ohio

2 INSERT DATE2 Overview SALSA 2004 Summer Workshop Security and Internet2 SALSA What/Who is SALSA, Priorities, Membership, Activities Challenges and Q&A Total time ~25 mins

3 INSERT DATE3 SALSA Summer Workshop Workshop will be held immediately following Joint Techs Wednesday afternoon is open to those who are attending Joint Techs If you can stay for Thursday, please register Agenda includes: Small group discussions security tools and approaches Overview of working group activities Security and Middleware http://security.internet2.edu/salsa/workshops/2004summer.html Heads up…

4 INSERT DATE4 Context and Background Organizations are active in the security space, focusing on slightly different areas and with cooperative relationships REN-ISAC ISAC (information security and analysis center) R&E relationships with the public, private, corporate and government sectors The EDUCAUSE/Internet2 Security Task Force Security and Internet2

5 INSERT DATE5 S@LS Workshop 2003 Security at Line Speed Workshop NSF Sponsored 1.5 day workshop, in conjunction with Indiana University, Internet2, the Massachusetts Institute of Technology and the University of Washington. 30 individuals invited to participate Chicago, Illinois, 12-13 Aug 2003 Deliverables included: Effective practices whitepaper, research agenda suggestions, ongoing maintenance ( SALSA) Security and Internet2

6 INSERT DATE6 “Line Speed” means… It’s not just high bandwidth Exceptionally low latency, e.g. remote instrument control End-to-end clarity, e.g. Grids Exceptional low jitter, e.g. real time interactive HDTV Advanced features, e.g. multicast Line speed requires supporting the applications that our membership are building, inventing and creating http://apps.internet2.edu/sals/ Security and Internet2

7 INSERT DATE7 General Findings First, and foremost, this is getting a lot harder We seem to have hit a couple of turning points New levels of stresses Necessary but doomed approaches High performance security is approached by a set of specific tools that are assembled by applying general architectural principles to local conditions. The concept of the network perimeter is changing; desktop software limits security and performance options There are interactions with the emerging middleware layer that should be explored Tool integration is an overarching problem We are entering diagnostic hell

8 INSERT DATE8 Tradeoffs Host versus border security Deny/Allow versus Allow/deny approaches Unauthenticated versus authenticated network access Central versus end-user management Server-centric versus client-centric False positives versus zero-day attacks Organizational priorities between security and performance Perimeter protection versus user/staff confusion

9 INSERT DATE9 Trends More aggressive and frequent attacks, resulting in Desktop lockdowns and scanning New limits at the perimeter Increased tunneling and VPN’s More isolation approaches, straining the top of the desk Hosts as clients only Changes in technology Rise of encyption New attack vectors, such as P2P Higher speeds make for more expensive middleboxen Convergence of technology forces New policy drivers DHS, RIAA, etc. LCD solutions to hold down costs

10 INSERT DATE10 The Tool Matrix For a variety of network and host based security tools, Role in prevention/detection/reaction/analysis Description General issues Performance implications Operational Impacts Network Tools include host scanning, MAC registration, VLAN, Encrypted VPN’s and/or Layer 3 VPN’s, Firewalls, Source Address Verification, Port Mirroring, etc… Host Tools include host-based encryption, local firewalls, host-based intrusion detection/prevention, secure OS, automated patching systems, etc.

11 INSERT DATE11 Local Network Security Design Factors Size of class B address space Local fiber plant Medical school Geographic distribution of departments on campuses Distance to gigapops Policy Authority of Central IT Desktop diversity …

12 INSERT DATE12 Security and Trust Security without external trust results in a defensive, highly constraining position with limited effectiveness With trust, collaborative security and collaborative applications can be developed Currently, there are two promising trust fabrics to leverage Federations – emergent inter-enterprise P2P (the trust fabric, not the architecture) – ad hoc, currently “non-scalable”, but new technologies will be appearing shortly and widely

13 INSERT DATE13 SALSA Overview Technical steering committee composed of senior campus security architects Create understanding in the Internet2 community regarding the multiple aspects of security as it applies to advanced networking Deliverables that address need of members and produce tangible benefits Prioritizing opportunities and identifying resources Focused activities Interested in R&D security topics that can be smoothly transitioned to deployment SALSA

14 INSERT DATE14 Membership Current chair: Mark Poepping, CMU Currently a small, focused group with membership drawing from multiple communities: Academy Researchers Government Labs International participants Founding members drawn from the Security at Line Speed Workshop SALSA

15 INSERT DATE15 SALSA Priorities Primarily, SALSA acts as a forum to increase sharing, data collection and integration between security researchers and backbone activities Data Sharing Extend S@LS Workshop deliverables Case studies, technology surveys, non-technical issues, research agenda Current Working Groups Network Authentication Architecture Cooperation, communication, coordination with other groups EDUCAUSE/Internet2 SecTF, REN-ISAC, international networks SALSA

16 INSERT DATE16 NetAuth WG Chaired by Chris Misra http://security.internet2.edu/netauth/index.html Initial activities Investigation of network database and registration services in support of network security management; investigation of extensions to these services to proactively detect and prevent unauthorized or malicious network activity. Pilot and eventual implementation to support network access to visiting scientists among federated institutions. Analysis of security applications that may result from extending these implementations. Initial deliverable Strategies for Automating Network Policy Enforcement Visiting scientist, taxonomy and next steps Working Groups

17 INSERT DATE17 Architecture WG Chaired by Marty Schulman http://security.internet2.edu/netauth/index.html The Architecture WG will consider issues related to: Identification of functions or components used to authorize access Selection of design rules to facilitate operations or enable new services. Adoption of specific techniques These activities must accommodate a wide range of campus and departmental security policies, procedures, and schemas - the details of which are beyond this group's scope. Working Groups

18 INSERT DATE18 Challenges Cooperation and community support Security threats are increasing and external pressure is increasing; lack of time to organize Heterogonous environments are resistant to homogeneous solutions “Security” is can be defined differently. Need to identify specific problems and solutions. Is network security staying with networks or moving to security as a hybrid? How to engage network management with network security Or, is Joint Techs the right place? Now that applications and middleware reaching down to the network… how do we address. SALSA

19 INSERT DATE19 Contact Info / Q&A Contact Information Mark Poepping poepping@cmu.edu T. Charles Yun charles@internet2.edu Online information regarding security and SALSA efforts zat http://security.internet2.edu/ Questions?

20 INSERT DATE20

21 INSERT DATE21 Architecture WG SALSA- Priorities

Download ppt "Internet2 Security Efforts - A brief overview of activities Ken Klingenstein 2004 July 21 Joint Techs- Columbus, Ohio."

Similar presentations

Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.

Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.
EInfrastructures (Internet and Grids) US Resource Centers Perspective: implementation and execution challenges Alan Blatecky Executive Director SDSC.

EInfrastructures (Internet and Grids) US Resource Centers Perspective: implementation and execution challenges Alan Blatecky Executive Director SDSC.
Research and Educational Networking Information Analysis and Sharing Center (REN-ISAC) Mark S. Bruhn, Interim Director University Copyright.

Research and Educational Networking Information Analysis and Sharing Center (REN-ISAC) Mark S. Bruhn, Interim Director University Copyright.
Systems Engineering in a System of Systems Context

Systems Engineering in a System of Systems Context
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Public Key Infrastructure at the University of Pittsburgh Robert F. Pack, Vice Provost Academic Planning and Resources Management March 27, 2000 CNI Spring.

Public Key Infrastructure at the University of Pittsburgh Robert F. Pack, Vice Provost Academic Planning and Resources Management March 27, 2000 CNI Spring.
The Co-mingled Universe of R&E Networking: the reprise Ken Klingenstein Director, Internet2 Middleware and Security Ken Klingenstein Director, Internet2.

The Co-mingled Universe of R&E Networking: the reprise Ken Klingenstein Director, Internet2 Middleware and Security Ken Klingenstein Director, Internet2.
Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.

Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.
The topics addressed in this briefing include:

The topics addressed in this briefing include:
Security Architectures and Advanced Networks Ken Klingenstein Day Job: Middleware Night Job: Network Security.

Security Architectures and Advanced Networks Ken Klingenstein Day Job: Middleware Night Job: Network Security.
Www.umbc.edu EDUCAUSE/Internet2 Computer and Network Security Task Force Update www.educause.edu/security Jack Suess February 3, 2004.

EDUCAUSE/Internet2 Computer and Network Security Task Force Update Jack Suess February 3, 2004.
Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.

Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.
Information Assurance and Higher Education Clifton Poole National Defense University Carl Landwehr National Science Foundation Tiffany Olson Jones Symantec.

Information Assurance and Higher Education Clifton Poole National Defense University Carl Landwehr National Science Foundation Tiffany Olson Jones Symantec.
Accessibility, Integrity, & Confidentiality: Security Challenges for E-Business Rodney J. Petersen University of Maryland & Educause/Internet2 Security.

Accessibility, Integrity, & Confidentiality: Security Challenges for E-Business Rodney J. Petersen University of Maryland & Educause/Internet2 Security.
CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,

CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
1 EDUCAUSE Midwest Regional Conference Top Strategies for Working with Stakeholders: Synopses of Recommendations from the Identity Management Summit Mark.

1 EDUCAUSE Midwest Regional Conference Top Strategies for Working with Stakeholders: Synopses of Recommendations from the Identity Management Summit Mark.

Similar presentations

Ads by Google