Presentation is loading. Please wait.

Presentation is loading. Please wait.

GÉANT - Implementing Security at Terabit Speed

Published byKenneth Rose Modified over 9 years ago

Similar presentations

Presentation on theme: "GÉANT - Implementing Security at Terabit Speed"— Presentation transcript:

1 GÉANT - Implementing Security at Terabit Speed
Security in Europe’s Research and Education Network Fotis Gagadis Security Officer Wayne Routly Head of Information & Infrastructure Security WISE Workshop, Barcelona.ES 20 October 2015

2 The New Security Reality
Diverse Environment: Multiple Pressure Points Understand where to focus What the NRENS actually needs Not Just Another tool: Must deliver value to NRENs Must enhance capabilities and not workload Automate, threshold, trigger No Crystal Ball is Ever Clear: Planning for an uncertain future Scalable, solve achievable problems

3

4 TRUST In The Integrity of the Network Security of the Network
Dedicated Security Officer Policy Creation & Enforcement (Acceptable Use, Patch Management) Yearly Peer Security Audit (Community Involvement) Measurable Security for Physical Infrastructure Risk Assess Co Locations Web Camera’s Access Control & Network Segmentation Triggers & Alerts

5 TRUST In The Integrity of the Networks Systems Risk & Vulnerability Assessment
Asset Discovery Vulnerability Detection Configuration Auditing Risk Assessment and Suggested fixes …more in depth view of vulnerabilities and any other kind of misconfiguration … at risk GÉANT infrastructure

6 A Modular Approach Towards Security
Security Services - Create encompassing security solution - NSHaRP Risk Posture - Monitor to ensure management controls are in place Anomaly Detection – Scalable mechanisms to report on Denial of Service trends Firewall on Demand – Technologies to grow with and defend the network

7 NSHaRP – Security Service For Users A GÉANT Solution
Complete Security Solution Provides mechanism to quickly and effectively inform parties Adds Value - Serves as an extension to NRENs CERTs An Automated Incident Notification & Handling System Extends NRENs detection and mitigation capability to GÉANT borders Innovative and Unique - Caters for different types of requirements

8 Effective Risk Management The GÉANT Approach
Understand the nature of the risks the organisation faces Become aware of the extent of risks Recognize our ability to control and reduce risk Report the risk status at any point in time Have in place risk event "early warning" factors and upward reporting thresholds

9 Example Risk Register

10 Proactive Risk Management Vulnerability & Patch Management Control
Proactive Approach Respond to New Threats Create Triggers, Thresholds Cleary Define & Identify Risk Areas Risk Register Approach Weekly Scans Backbone + Corporate Sent to Teams Directly Is it Improving? Drill-Down Capabilities

11 Proactive Risk Management Host Identification
Goes to core of controlling your network Ensures New Devices are Identified Ensures Devices are owned! Central to effective Risk Management What is on the Network? Weekly Scan of Backbone Does it belong to a Defined Zone? Have I seen it before? Differential Scans

12 Proactive Risk Management Access Management
What accounts are active? Control over script overload Misconfiguration? Notify someone – Reduce Noise Who are the real bad IP’s? See the forest for the trees…. Look for Trends Blacklist correlated & confirmed bad actors. Which would be an example of configuration mistake

13 Proactive Risk Management Remote Management
What accounts are active? Control over script overload Misconfiguration? Notify someone – Reduce Noise GeoIP Why is the NOC engineer in China? ….especially since he called me from the office

14 Multi-Faceted DDoS Detection System Alerting to Events

15 Structured Alerting Mechanism Require Clear & Rapid Notification
One event per mail for the most critical events Daily report for the less critical and/or “noisy” ones: - Text or HTML that can be parsed by the NREN Dear NREN, We have detected a CAT. event affecting your network. All the information pertaining to it can be found below: ============= #Start Time: :56:04 UTC #Protocol: UDP #Source IP: x.y.z.t #Target IPs: a.b.c.d #Ports: #Evidence: Source IP;Source port;Destination IP;Destination port;Protocol;Timestamp;Duration;Transferred;Packets;Flags;Source AS;Destination AS x.y.z.t;a.b.c.d;60312;UDP; :56:04.566;0;84500;500;......;36351;766   ============= If you wish to reply to this please leave the subject unaltered so the ticket can be updated accordingly. If no response is received, this ticket will be automatically closed after 5 working days. Regards, GEANT CERT (PGP Key ID: / Fingerprint: 3CBF F D 5839 BB27 BA6B F34A ) Phone no.: +44 (0) <ID>: num; <Category>: ANOMALY; <Type>: Behavior anomaly; <Perspective>: NREN; <Severity>: Critical; <Time>: :55:00; <Protocol>: ; <Source IP>: x.y.z.t; <Target IPs>: a.b.c.d; <Ports involved>: ; <Flows sample>: Source IP;Source port;Destination IP;Destination port;Protocol;Timestamp;Duration;Transferred;Packets;Flags; Source AS;Destination AS x.y.z.t;42096;a.b.c.d;24384;TCP; :54:31.770; ;208000;4000;.A....;786;2108

16 What actions can NRENs request
Filter / Block You can request the Security Team to Filter / Block traffic from and or to a specific IP and or prefix. Specific port ranges can be included in this block. The OC Security Team will apply this block for a period of time after which you will be given the option to remove the block or have it kept in place. Monitor You can request the OC Security Team to monitor this incident for a specific period of time. After the time has elapsed and you request the ticket to be closed, the Security team will inform you of all incidents linked to the original ticket if any have been alerted. Investigate You can request the OC Security Team to provide additional information about the incident. For example, you may require additional flow records for a larger time window. Nothing Ticket closes automatically after 5 working days

17 Firewall on Demand - Next Generation Firewall Filtering Designed and Developed by GRnet
BGP Flowspec defined in RFC 5575 Layer 4 (TCP and UDP) firewall filters distributed in BGP on both a intra-domain and inter-domain basis Benefits Gives users flexibility; Alternative Use Cases? AAI NREN Credentials to login and stop attacks Limit Accidental & Damaging blocks “Better” in terms of Granularity: Per-flow level (Source/Dest IP/Ports, TCP flag) Action: Drop, rate-limit, redirect Speed: More responsive Efficiency: Closer to the source, Multi Domain Automation: Integration with other systems (NSHaRP)

18 Firewall on Demand Interface

19 Conclusions Delivering a Comprehensive & Future-Driven Security Eco-System benefiting the GÉANT Community Take a holistic approach towards defending your network Understand the risks the organisation faces Collate, correlate, and automate your capabilities Make changes that have significant impacts Use tools that radically improve your capabilities Use tools that provide flexibility

20 Questions

Download ppt "GÉANT - Implementing Security at Terabit Speed"

Similar presentations

Network Monitoring System In CSTNET Long Chun China Science & Technology Network.

Network Monitoring System In CSTNET Long Chun China Science & Technology Network.
Security Administration Tools and Practices Amit Bhan Usable Privacy and Security.

Security Administration Tools and Practices Amit Bhan Usable Privacy and Security.
LeadManager™- Internet Marketing Lead Management Solution May, 2009.

LeadManager™- Internet Marketing Lead Management Solution May, 2009.
Creating the global research village The DANTE NOC Network Monitoring System Xavier Martins-Rivas, DANTE TNC 2010, Vilnius, 2 nd June 2010.

Creating the global research village The DANTE NOC Network Monitoring System Xavier Martins-Rivas, DANTE TNC 2010, Vilnius, 2 nd June 2010.
NORDUnet Nordic Infrastructure for Research & Education DDoS Mitigation at NORDUnet Lars Fischer (w/ big thanks to Martin Aldrin) TF-MSP Meeting Malta,

NORDUnet Nordic Infrastructure for Research & Education DDoS Mitigation at NORDUnet Lars Fischer (w/ big thanks to Martin Aldrin) TF-MSP Meeting Malta,
The Threat Within September 2004. Copyright © 2004 Q1 Labs. All Rights Reserved Agenda Customer Pain Industry Solutions Network Behavior Enforcement Example.

The Threat Within September Copyright © 2004 Q1 Labs. All Rights Reserved Agenda Customer Pain Industry Solutions Network Behavior Enforcement Example.
New Solutions to New Threats. The Threats, They Are A Changing Page 2 | © 2008 Palo Alto Networks. Proprietary and Confidential.

New Solutions to New Threats. The Threats, They Are A Changing Page 2 | © 2008 Palo Alto Networks. Proprietary and Confidential.
SIEM Based Intrusion Detection Jim Beechey May 2010 GSEC, GCIA, GCIH, GCFA, GCWN twitter: jim_beechey.

SIEM Based Intrusion Detection Jim Beechey May 2010 GSEC, GCIA, GCIH, GCFA, GCWN twitter: jim_beechey.
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.

SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.
Use Cases for I2RS I2RS Interim Meeting Nicolai Leymann, Deutsche Telekom AG 19.04.2013.

Use Cases for I2RS I2RS Interim Meeting Nicolai Leymann, Deutsche Telekom AG
University of Florida Incident Tracking and Reporting Kathy Bergsma

University of Florida Incident Tracking and Reporting Kathy Bergsma
1 SANS Technology Institute - Candidate for Master of Science Degree 1 SIEM Based Intrusion Detection Jim Beechey March 2010 GSEC Gold, GCIA Gold, GCIH,

1 SANS Technology Institute - Candidate for Master of Science Degree 1 SIEM Based Intrusion Detection Jim Beechey March 2010 GSEC Gold, GCIA Gold, GCIH,
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Www.lumension.com © Copyright 2008 - Lumension Security Lumension Security PatchLink Enterprise Reporting™ 6.4 Overview and What’s New.

© Copyright Lumension Security Lumension Security PatchLink Enterprise Reporting™ 6.4 Overview and What’s New.
An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.

An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.
Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
(Geneva, Switzerland, September 2014)

(Geneva, Switzerland, September 2014)
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
1 | © 2013 Infoblox Inc. All Rights Reserved. Authoritative IP Address Management (IPAM) and its Security Implications Rick Bylina, Sr. Product Marketing.

1 | © 2013 Infoblox Inc. All Rights Reserved. Authoritative IP Address Management (IPAM) and its Security Implications Rick Bylina, Sr. Product Marketing.

Similar presentations

Ads by Google