A multi zone security model l.jpg
Sponsored Links
This presentation is the property of its rightful owner.
1 / 29

A Multi-Zone Security Model PowerPoint PPT Presentation


  • 58 Views
  • Uploaded on
  • Presentation posted in: General

A Multi-Zone Security Model. David Morton Lori Stevens 17 October 2007. Multi-Zoned Security. Each Zone plays a role in security of system Layered defenses within each Zone. Zones. Introduction. The Connector Zone. Joins networks together Goals: Protect the infrastructure

Download Presentation

A Multi-Zone Security Model

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


A Multi-Zone Security Model

David Morton

Lori Stevens

17 October 2007

University of Washington


Multi-Zoned Security

  • Each Zone plays a role in security of system

  • Layered defenses within each Zone

University of Washington


Zones

University of Washington


Introduction

The Connector Zone

  • Joins networks together

  • Goals:

    • Protect the infrastructure

    • Low latency, high performance is key

    • Traffic is originated elsewhere

    • Connector policies establish rules

    • Examples: PNWGP, PacificWave

University of Washington


PacificWave Infrastructure

The Connector Zone

University of Washington


Pacific Wave Security

The Connector Zone

  • Since Pacific Wave is a layer-2 exchange, it cannot directly mitigate and address participant behavior above layer-2, such as:

    • using BGP-4 for peering

    • routing traffic without an established peering agreement

    • generating traffic other than IP

  • Must work together in order to collectively mitigate such activities

    • Develop processes and procedures for proper escalation in the event of malicious or unauthorized activities are discovered

  • Implement policies and protections to:

    • Limit the hosts/networks that can manage the network devices

    • Make use of token based login or one time passwords

    • Limit which network devices (by MAC) can directly connect

University of Washington


The Connector Zone

CZ Layered

Layered Security

University of Washington


Introduction

The Campus Zone

  • Aggregates users to the connector

  • Goals:

    • Stop “bad” traffic with no impact to “good”

    • Isolate threats from the community

    • Control SPAM, Phishing and virus threats

    • Provide extra layers of protection as needed

    • Mitigate security incidents quickly

    • Minimize the impacts

University of Washington


Infrastructure

The Campus Zone

  • 120,000 devices

  • NO PERIMETER FIREWALLS

  • IPS at the core

University of Washington


Intrusion Prevention

The Campus Zone

  • Tipping Point IPS

    • Rich rule set to block “bad” traffic

    • Blocked at least 70 million attacks in 2006

      • That’s nearly 185,000 attacks a day

    • Ability to route some traffic around IPS for performance or policy

University of Washington


Email Defense Options

The Campus Zone

  • Appliance

    • Easy to setup

    • Simplified maintenance

    • Less flexible

  • Software Solution

    • Often more flexible, extensible to meet needs

    • Separate hardware platform and OS to maintain

University of Washington


Spam at the UW

The Campus Zone

  • January daily volume avg: ~3,040,000 messages, 76.6% spam

  • August daily volume avg: ~4,100,000 messages, 80.1% spam

  • Sept daily volume avg: ~4,560,000 messages, 88.5% spam

University of Washington


The Campus Zone

Spam at the UW

  • As much spam this year as all mail processed in 2006 and nearly twice as much total mail as we processed from 2003-2005

  • Be prepared for growth!

University of Washington


Email-born Viruses at the UW

The Campus Zone

  • 2003: 9,375,000 viruses detected in email

  • 2004: 20,000,000 viruses in email

  • 2007: 2,632,000 viruses

  • Not the threat it once was….

University of Washington


UW 2003-2006 Mail Stats

The Campus Zone

University of Washington


Network Firewalls

The Campus Zone

  • Two varieties

    • Logical Firewall

    • Subnet Firewall

  • Logical Firewall (self managed)

    • Selectively allows hosts to participate

    • http://staff.washington.edu/corey

  • Subnet Firewall (centrally managed)

    • Gibraltar (linux) or Cisco FW Services Module

University of Washington


Incident Response

The Campus Zone

  • Established incident response procedures

  • Automated protections against worms

  • Able to remotely capture network traffic

  • Partner with industry, peers, etc for up-to-date intelligence

University of Washington


CampZ Layered

The Campus Zone

Layered Security

University of Washington


Introduction

The Dorm Zone

  • Student housing

  • Goals:

    • Protect Dorms from world

    • And the world from the Dorms :)

    • Provide high bandwidth for acedemics, etc

    • Control illegal filesharing

    • Enforce administrative policies (ie no servers)

University of Washington


Infrastructure

The Dorm Zone

  • ~ 5,000 residents

  • IPS sandwich

  • Packeteer traffic shaper

  • Firewall policy enforcement

University of Washington


DormZ Layered

The Dorm Zone

Layered Security

University of Washington


Hosts: Defending Against Threats

The User/Host Zone

  • Anti-virus sw is critical to keeping our networked-hosts clean

    • configure to update itself automatically

    • use other features such as buffer overflow and web (http) browsing protection, where appropriate

  • Stay current on security updates and virus definitions/signatures

University of Washington


The User/Host Zone

Hosts: Defending Against Threats

  • Use complex passwords for critical devices, e.g. hosts, routers

  • Use logs to catch attacks or compromises

  • Software to detect inconsistencies

  • Best place for firewall as it’s easiest to define “good” traffic

    • can be complex to manage

University of Washington


The User/Host Zone

Hosts: Defending Against Threats

  • Isolation approach

    • Separate services across hosts

    • So one passwd doesn’t get you to everything

  • Block services that aren’t relevant

    • For example, block port 25/tcp to and from all hosts that are not mail servers

University of Washington


The User/Host Zone

Hosts: Defending Against Threats

  • Security is part of everything

    • design, build, implement, and buy

  • Fewer compromises where pervasive layer protection implemented

University of Washington


DormZ Layered

The User/Host Zone

Layered Security

University of Washington


Questions?

David [email protected]+1 (206) 221-7814

Lori [email protected]+1 (206) 685-6227

University of Washington


Resources

TippingPoint: http://www.tippingpoint.com/products_ips.html

PureMessage: http://sophos.com/products/enterprise/email/security-and-control/unix/index.html

General Security Info:http://www.securityfocus.com/http://www.sans.org/network_security.phphttp://onguardonline.gov/index.html

University of Washington


Questions?

University of Washington


  • Login