Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Northwestern University
Document related concepts
no text concepts found
Transcript
UNITS meeting September 30, 2004 Network Security Roger Safian [email protected] Agenda • Our environment • Statistics • Why these incidents occur – What can be done to prevent them • Future improvements • Questions Firewalls • Recommending personal firewalls – Typically Zone Alarm or XP firewall • Some departments have traditional firewalls – This number is growing • Central IT has a purchasable solution Optional Router Filters • Block traffic from entering NU’s network – On more than 75% of the network – Use VPN to bypass filters • Ports filtered – MS networking - 135, 137, 138, 139, 445 – Unix NFS & portmapper - 111, 2049 – MS Terminal Services - 3389 – MS SQL – 1433, 1434 Packeteer • Classifies traffic by application • Per application bandwidth partitioning – Mainly P2P • Enforces service level agreements – Research park • Provides detailed flow information • Very limited data lifespan Flow Data • Statistical data from border router • Sampled – 1 in 100 packets – Source and Destination address – Source and Destination ports – Byte count – Timestamp • Used to produce top 20 reports Intrusion Detection System • We use two solutions in parallel • StealthWatch – A statistical/anomaly based system – Currently two devices • One at the border the other at 2020 Ridge • Snort – Currently 15 devices Get Control • Home for NU security and virus warnings • Updated frequently • Has tips on staying secure • Contains instructions on removing viruses – Links to online removal tools • http://www.it.northwestern.edu/security/index.html • http://www.it.northwestern.edu/5steps/ Statistics • FY 2002/2003 – Virus = 1166 – Compromised = 727 – Total incidents = 3042 • 9/1/02 – 8/31/03 • FY 2003/2004 – Virus = 7976 – Compromised = 467 – Total incidents = 9264 • 9/1/03 – 8/31/04 Why these incidents occur? • Weak Passwords – All machines and accounts need passwords – Use rules similar to the NetID rules • Opening viral attachments – Don’t open unexpected attachments – Only open specific types of extensions – Make sure to look at the LAST extension Why these incidents occur? (2) • Updates not applied – Ensure Windows update runs automatically – Don’t forget about layered products • Network use – P2P – Be careful when clicking on links Why these incidents occur? (3) • Out of date anti-viral software – Ensure you install the NU supplied software – Set to update automatically EVERY day • Blended Threats – Multiple attack vectors directed at hosts • Home Networks – Frequently attacked with little monitoring Why these incidents occur? (4) • Lack of firewall – Even if user has one they don’t understand it – Often installed after the infection • Not a good idea • This is most serious on home networks – Mitigated by routers with NAT NUSA • Network User Status Agent – Automatic notification • Two events port off and display – Allows authorized users to re-enable ports – Accepts input from other sources • Future use as data correlation agent – Current systems are stand-alone NetPass • Current system NetReg – Deployed in the dorms – Associates MAC address with NetID – Checks for 3 vulnerabilities • NetPass – Checks for 25 vulnerabilities – Includes self-remediation Questions? • Contact Information – 1-847-491-4058 – 1-847-467-6662 (NOC 24x7) – [email protected] – [email protected]
