Download Northwestern University

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
Document related concepts
no text concepts found
Transcript 
UNITS meeting
September 30, 2004
Network Security
Roger Safian
[email protected]
Agenda
• Our environment
• Statistics
• Why these incidents occur
– What can be done to prevent them
• Future improvements
• Questions
Firewalls
• Recommending personal firewalls
– Typically Zone Alarm or XP firewall
• Some departments have traditional
firewalls
– This number is growing
• Central IT has a purchasable solution
Optional Router Filters
• Block traffic from entering NU’s network
– On more than 75% of the network
– Use VPN to bypass filters
• Ports filtered
– MS networking - 135, 137, 138, 139, 445
– Unix NFS & portmapper - 111, 2049
– MS Terminal Services - 3389
– MS SQL – 1433, 1434
Packeteer
• Classifies traffic by application
• Per application bandwidth partitioning
– Mainly P2P
• Enforces service level agreements
– Research park
• Provides detailed flow information
• Very limited data lifespan
Flow Data
• Statistical data from border router
• Sampled – 1 in 100 packets
– Source and Destination address
– Source and Destination ports
– Byte count
– Timestamp
• Used to produce top 20 reports
Intrusion Detection System
• We use two solutions in parallel
• StealthWatch
– A statistical/anomaly based system
– Currently two devices
• One at the border the other at 2020 Ridge
• Snort
– Currently 15 devices
Get Control
• Home for NU security and virus
warnings
• Updated frequently
• Has tips on staying secure
• Contains instructions on removing
viruses
– Links to online removal tools
• http://www.it.northwestern.edu/security/index.html
• http://www.it.northwestern.edu/5steps/
Statistics
• FY 2002/2003
– Virus = 1166
– Compromised = 727
– Total incidents =
3042
• 9/1/02 – 8/31/03
• FY 2003/2004
– Virus = 7976
– Compromised = 467
– Total incidents =
9264
• 9/1/03 – 8/31/04
Why these incidents occur?
• Weak Passwords
– All machines and accounts need
passwords
– Use rules similar to the NetID rules
• Opening viral attachments
– Don’t open unexpected attachments
– Only open specific types of extensions
– Make sure to look at the LAST extension
Why these incidents occur?
(2)
• Updates not applied
– Ensure Windows update runs automatically
– Don’t forget about layered products
• Network use
– P2P
– Be careful when clicking on links
Why these incidents occur?
(3)
• Out of date anti-viral software
– Ensure you install the NU supplied
software
– Set to update automatically EVERY day
• Blended Threats
– Multiple attack vectors directed at hosts
• Home Networks
– Frequently attacked with little monitoring
Why these incidents occur?
(4)
• Lack of firewall
– Even if user has one they don’t understand
it
– Often installed after the infection
• Not a good idea
• This is most serious on home networks
– Mitigated by routers with NAT
NUSA
• Network User Status Agent
– Automatic notification
• Two events port off and display
– Allows authorized users to re-enable ports
– Accepts input from other sources
• Future use as data correlation agent
– Current systems are stand-alone
NetPass
• Current system NetReg
– Deployed in the dorms
– Associates MAC address with NetID
– Checks for 3 vulnerabilities
• NetPass
– Checks for 25 vulnerabilities
– Includes self-remediation
Questions?
• Contact Information
– 1-847-491-4058
– 1-847-467-6662 (NOC 24x7)
– [email protected][email protected]
Related documents
SEAs Sept 05
SEAs Sept 05
PUB 4.0 NLH NLH 2007 Capital Budget Page 1 of 1
PUB 4.0 NLH NLH 2007 Capital Budget Page 1 of 1
programs in northwestern North America was compiled. Over 100 amphibian... inhabit this area, with a large proportion of them facing... Project Title:
programs in northwestern North America was compiled. Over 100 amphibian... inhabit this area, with a large proportion of them facing... Project Title:
Postdoctoral Fellowship in Biomedical Engineering, Kiser Laboratory
Postdoctoral Fellowship in Biomedical Engineering, Kiser Laboratory
Spirometry (Flow Volume Loop)
Spirometry (Flow Volume Loop)
CS 110 Introduction to computer programming
CS 110 Introduction to computer programming
November Safety Meeting 2003
November Safety Meeting 2003
The Patient Safety Challenge in the UK
The Patient Safety Challenge in the UK
Pharmacologic Stress Echocardiogram
Pharmacologic Stress Echocardiogram
EMT Well Being - www.pccemt.org
EMT Well Being - www.pccemt.org
Uruguayan Defense Minister Creates National - Dialogo
Uruguayan Defense Minister Creates National - Dialogo
System Management Issues for the Future Real
System Management Issues for the Future Real
security - Binus Repository
security - Binus Repository
institute for translational neuroscience at northwestern medicine
institute for translational neuroscience at northwestern medicine
April to June 2015 - The Royal College of Anaesthetists
April to June 2015 - The Royal College of Anaesthetists
Critical Incidents
Critical Incidents
(ab)use of statistics in the legal case against the nurse
(ab)use of statistics in the legal case against the nurse
(ab)use of statistics in the legal case against the nurse Lucia de B.
(ab)use of statistics in the legal case against the nurse Lucia de B.
MAKING SENSE OF SHARED LEADERSHIP. A case
MAKING SENSE OF SHARED LEADERSHIP. A case