A multi zone security model l.jpg
This presentation is the property of its rightful owner.
Sponsored Links
1 / 29

A Multi-Zone Security Model PowerPoint PPT Presentation


  • 51 Views
  • Uploaded on
  • Presentation posted in: General

A Multi-Zone Security Model. David Morton Lori Stevens 17 October 2007. Multi-Zoned Security. Each Zone plays a role in security of system Layered defenses within each Zone. Zones. Introduction. The Connector Zone. Joins networks together Goals: Protect the infrastructure

Download Presentation

A Multi-Zone Security Model

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


A multi zone security model l.jpg

A Multi-Zone Security Model

David Morton

Lori Stevens

17 October 2007

University of Washington


Multi zoned security l.jpg

Multi-Zoned Security

  • Each Zone plays a role in security of system

  • Layered defenses within each Zone

University of Washington


Zones l.jpg

Zones

University of Washington


Introduction l.jpg

Introduction

The Connector Zone

  • Joins networks together

  • Goals:

    • Protect the infrastructure

    • Low latency, high performance is key

    • Traffic is originated elsewhere

    • Connector policies establish rules

    • Examples: PNWGP, PacificWave

University of Washington


Pacificwave infrastructure l.jpg

PacificWave Infrastructure

The Connector Zone

University of Washington


Pacific wave security l.jpg

Pacific Wave Security

The Connector Zone

  • Since Pacific Wave is a layer-2 exchange, it cannot directly mitigate and address participant behavior above layer-2, such as:

    • using BGP-4 for peering

    • routing traffic without an established peering agreement

    • generating traffic other than IP

  • Must work together in order to collectively mitigate such activities

    • Develop processes and procedures for proper escalation in the event of malicious or unauthorized activities are discovered

  • Implement policies and protections to:

    • Limit the hosts/networks that can manage the network devices

    • Make use of token based login or one time passwords

    • Limit which network devices (by MAC) can directly connect

University of Washington


Cz layered l.jpg

The Connector Zone

CZ Layered

Layered Security

University of Washington


Introduction8 l.jpg

Introduction

The Campus Zone

  • Aggregates users to the connector

  • Goals:

    • Stop “bad” traffic with no impact to “good”

    • Isolate threats from the community

    • Control SPAM, Phishing and virus threats

    • Provide extra layers of protection as needed

    • Mitigate security incidents quickly

    • Minimize the impacts

University of Washington


Infrastructure l.jpg

Infrastructure

The Campus Zone

  • 120,000 devices

  • NO PERIMETER FIREWALLS

  • IPS at the core

University of Washington


Intrusion prevention l.jpg

Intrusion Prevention

The Campus Zone

  • Tipping Point IPS

    • Rich rule set to block “bad” traffic

    • Blocked at least 70 million attacks in 2006

      • That’s nearly 185,000 attacks a day

    • Ability to route some traffic around IPS for performance or policy

University of Washington


Email defense options l.jpg

Email Defense Options

The Campus Zone

  • Appliance

    • Easy to setup

    • Simplified maintenance

    • Less flexible

  • Software Solution

    • Often more flexible, extensible to meet needs

    • Separate hardware platform and OS to maintain

University of Washington


Spam at the uw l.jpg

Spam at the UW

The Campus Zone

  • January daily volume avg: ~3,040,000 messages, 76.6% spam

  • August daily volume avg: ~4,100,000 messages, 80.1% spam

  • Sept daily volume avg: ~4,560,000 messages, 88.5% spam

University of Washington


Spam at the uw13 l.jpg

The Campus Zone

Spam at the UW

  • As much spam this year as all mail processed in 2006 and nearly twice as much total mail as we processed from 2003-2005

  • Be prepared for growth!

University of Washington


Email born viruses at the uw l.jpg

Email-born Viruses at the UW

The Campus Zone

  • 2003: 9,375,000 viruses detected in email

  • 2004: 20,000,000 viruses in email

  • 2007: 2,632,000 viruses

  • Not the threat it once was….

University of Washington


Uw 2003 2006 mail stats l.jpg

UW 2003-2006 Mail Stats

The Campus Zone

University of Washington


Network firewalls l.jpg

Network Firewalls

The Campus Zone

  • Two varieties

    • Logical Firewall

    • Subnet Firewall

  • Logical Firewall (self managed)

    • Selectively allows hosts to participate

    • http://staff.washington.edu/corey

  • Subnet Firewall (centrally managed)

    • Gibraltar (linux) or Cisco FW Services Module

University of Washington


Incident response l.jpg

Incident Response

The Campus Zone

  • Established incident response procedures

  • Automated protections against worms

  • Able to remotely capture network traffic

  • Partner with industry, peers, etc for up-to-date intelligence

University of Washington


Campz layered l.jpg

CampZ Layered

The Campus Zone

Layered Security

University of Washington


Introduction19 l.jpg

Introduction

The Dorm Zone

  • Student housing

  • Goals:

    • Protect Dorms from world

    • And the world from the Dorms :)

    • Provide high bandwidth for acedemics, etc

    • Control illegal filesharing

    • Enforce administrative policies (ie no servers)

University of Washington


Infrastructure20 l.jpg

Infrastructure

The Dorm Zone

  • ~ 5,000 residents

  • IPS sandwich

  • Packeteer traffic shaper

  • Firewall policy enforcement

University of Washington


Dormz layered l.jpg

DormZ Layered

The Dorm Zone

Layered Security

University of Washington


Hosts defending against threats l.jpg

Hosts: Defending Against Threats

The User/Host Zone

  • Anti-virus sw is critical to keeping our networked-hosts clean

    • configure to update itself automatically

    • use other features such as buffer overflow and web (http) browsing protection, where appropriate

  • Stay current on security updates and virus definitions/signatures

University of Washington


Hosts defending against threats23 l.jpg

The User/Host Zone

Hosts: Defending Against Threats

  • Use complex passwords for critical devices, e.g. hosts, routers

  • Use logs to catch attacks or compromises

  • Software to detect inconsistencies

  • Best place for firewall as it’s easiest to define “good” traffic

    • can be complex to manage

University of Washington


Hosts defending against threats24 l.jpg

The User/Host Zone

Hosts: Defending Against Threats

  • Isolation approach

    • Separate services across hosts

    • So one passwd doesn’t get you to everything

  • Block services that aren’t relevant

    • For example, block port 25/tcp to and from all hosts that are not mail servers

University of Washington


Hosts defending against threats25 l.jpg

The User/Host Zone

Hosts: Defending Against Threats

  • Security is part of everything

    • design, build, implement, and buy

  • Fewer compromises where pervasive layer protection implemented

University of Washington


Dormz layered26 l.jpg

DormZ Layered

The User/Host Zone

Layered Security

University of Washington


Questions l.jpg

Questions?

David [email protected]+1 (206) 221-7814

Lori [email protected]+1 (206) 685-6227

University of Washington


Resources l.jpg

Resources

TippingPoint: http://www.tippingpoint.com/products_ips.html

PureMessage: http://sophos.com/products/enterprise/email/security-and-control/unix/index.html

General Security Info:http://www.securityfocus.com/http://www.sans.org/network_security.phphttp://onguardonline.gov/index.html

University of Washington


Questions29 l.jpg

Questions?

University of Washington


  • Login