1 / 14

Security at Line Speed: Integrating Academic Research and Enterprise Security

Security at Line Speed: Integrating Academic Research and Enterprise Security. Topics. Overview – Ken Klingenstein Wireless, Security and Performance: A Tale to Tell – Steve Wallace The needs of the many and the needs of the few – Terry Gray Nextsteps – Charles Yun. Acknowledgements.

leroy-kane
Download Presentation

Security at Line Speed: Integrating Academic Research and Enterprise Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security at Line Speed:Integrating Academic Research and Enterprise Security

  2. Topics Overview – Ken Klingenstein Wireless, Security and Performance: A Tale to Tell – Steve Wallace The needs of the many and the needs of the few – Terry Gray Nextsteps – Charles Yun

  3. Acknowledgements • National Science Foundation, ANIR • Internet2 support staff • Program Committee • Guy Almes, Jeff Schiller, Ken Klingenstein, Steve Wallace, Charles Yun • Terry Gray, fearless and tireless • Participants

  4. S@LS Workshop 2003 • NSF Sponsored workshop, in conjunction with Indiana University, Internet2, the Massachusetts Institute of Technology and the University of Washington. • 1.5 day Workshop • Held in Chicago, Illinois • 12-13 Aug 2003

  5. Project Goals • Effective practices whitepaper technology oriented, architectural principles and specific recommendations • Research agenda suggestions to NSF and any other agencies that might be interested • Recommendations for mechanisms for maintenance of the above

  6. Workshop Structure and Mechanics Big picture what are the basic tensions and dynamics what are the possible futures Drill downs IPv6, private addresses and NATs, firewalls, IDS Summaries and next steps Practical recommendations Policy requirements Research agenda

  7. A Few Thoughts • There needs to be some connection with a trust fabric, at several levels of the stack. • There are internal and external trust fabrics to consider • What does the potential existence of a middleware fabric (directories, authentication, authorization assertions, etc.) mean for the network? • What does reemergence of circuit-switched technologies mean for enterprise security? What does development of non-IP transports mean for enterprise security? • Performance requirements of research computing are easier to predict than configuration requirements. • Configuration requirements range from opening ports to multicast capabilities

  8. A few more thoughts • How do the requirements of universities for enterprise security compare to those at government labs? • How can enterprises work with research funding agencies ti improve the delivery of network services to campus based researchers?

  9. Workshop Findings • First, and foremost, this is getting a lot harder • 2003 seems to mark a couple of turning points • New levels of stresses • Necessary but doomed approaches • There are areas to work in • Architectures and technologies • Interactions with middleware • Education and awareness always a need • There is some applied research that would be helpful • There are some non-technical issues that need to be worked to achieve real security at real line speed…

  10. By “Line Speed”, we really mean… • High bandwidth • Exceptional low latency, e.g. remote instrument control • End-to-end clarity, e.g. Grids • Exceptional low jitter, e.g. real time interactive HDTV • Advanced features, e.g. multicast

  11. Architectures • A mix of perimeter defenses, careful subnetting, and desktop firewalls • Separation of internal and external servers (e.g. SMTP servers, routers, etc…) • Managed and unmanaged desktops • Cautions: • Cost • Traffic loads • Diagnostics

  12. Integration with middleware • Network authentication and authorization • Of users • Of devices • What is done after authentication? • Access • Scanning • Patching • Configuration of local firewalls • Subnetting • Configuration of performance parameters • Accommodating distinctive needs of higher education • Network mobility • Role-based access

  13. Applied Research and Research Computing • Policy-based firewalls • Easier connections of IDS with other enterprise services and systems • Unlisted IP addresses – asymmetric connectivity • --------------------------------------------------------- • Inform research computing environment developers (e.g. Grids) about the real world security issues and approaches being deployed.

  14. Non-technical issues • Proposals may be funded that haven’t gotten agreements from campus IT on architecture • Policies on encryption • Policies on permitting new applications (.e.g video) • Inconsistencies on what campuses will permit will affect inter-institutional collaborations • Trust fabrics need to underpin security • Pulling policies from several disparate but applicable sources

More Related