100 likes | 108 Views
Security on a (Science/Research) DMZ. Steve Lovaas Colorado State University Westnet : 9 June 2014. Security On a What? The concept of a DMZ. What’s THIS Presentation About? The Science or Research DMZ. DMZ?. DMZ Security Free-for-all? Contradiction?. Least secure. Actor A. The World.
E N D
Security on a (Science/Research) DMZ Steve Lovaas Colorado State University Westnet: 9 June 2014
What’s THIS Presentation About?The Science or Research DMZ DMZ?
DMZ SecurityFree-for-all? Contradiction? Least secure Actor A The World Agreement: no hostility here No agreement; policing Less secure Actor B Us Most secure
Caveat:DMZ in higher education networks Least secure The World Less secure Us Most secure
Next-Gen or Last-GenOne small step… backwards? PORT SESSION APPLICATION Speed Protection
What Then Shall We Do?Tune for performance, monitor, secure appropriately The Science DMZ: “…a portion of the network, built at or near the campus or laboratory’s local network perimeter that is designed such that the equipment, configuration, and security policies are optimized for high-performance scientific applications rather than for general-purpose business systems or ‘enterprise’ computing.” fasterdata.es.net/science-dmz
Tuning Security for Performance • ACLs for well-defined applications • Separate from campus LAN • No users • Host protection • Port blocking, rootkit detection, log analysis • Network protection • SNMP, flows, IDS, black-hole routing
Questions? Steve Lovaas Steven.Lovaas@ColoState.edu @srlovaas