1 / 10

Security on a (Science/Research) DMZ

Security on a (Science/Research) DMZ. Steve Lovaas Colorado State University Westnet : 9 June 2014. Security On a What? The concept of a DMZ. What’s THIS Presentation About? The Science or Research DMZ. DMZ?. DMZ Security Free-for-all? Contradiction?. Least secure. Actor A. The World.

pfan
Download Presentation

Security on a (Science/Research) DMZ

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security on a (Science/Research) DMZ Steve Lovaas Colorado State University Westnet: 9 June 2014

  2. Security On a What?The concept of a DMZ

  3. What’s THIS Presentation About?The Science or Research DMZ DMZ?

  4. DMZ SecurityFree-for-all? Contradiction? Least secure Actor A The World Agreement: no hostility here No agreement; policing Less secure Actor B Us Most secure

  5. Caveat:DMZ in higher education networks Least secure The World Less secure Us Most secure

  6. Next-Gen or Last-GenOne small step… backwards? PORT SESSION APPLICATION Speed Protection

  7. What Then Shall We Do?Tune for performance, monitor, secure appropriately The Science DMZ: “…a portion of the network, built at or near the campus or laboratory’s local network perimeter that is designed such that the equipment, configuration, and security policies are optimized for high-performance scientific applications rather than for general-purpose business systems or ‘enterprise’ computing.” fasterdata.es.net/science-dmz

  8. Tuning Security for Performance • ACLs for well-defined applications • Separate from campus LAN • No users • Host protection • Port blocking, rootkit detection, log analysis • Network protection • SNMP, flows, IDS, black-hole routing

  9. Summary

  10. Questions? Steve Lovaas Steven.Lovaas@ColoState.edu @srlovaas

More Related