Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
A Multi-Zone Security Model David Morton Lori Stevens 17 October 2007 University of Washington Multi-Zoned Security • Each Zone plays a role in security of system • Layered defenses within each Zone University of Washington Zones University of Washington The Connector Zone Introduction •Joins networks together •Goals: –Protect the infrastructure –Low latency, high performance is key –Traffic is originated elsewhere –Connector policies establish rules –Examples: PNWGP, PacificWave University of Washington The Connector Zone PacificWave Infrastructure University of Washington The Connector Zone Pacific Wave Security • Since Pacific Wave is a layer-2 exchange, it cannot directly mitigate and address participant behavior above layer-2, such as: – using BGP-4 for peering – routing traffic without an established peering agreement – generating traffic other than IP • Must work together in order to collectively mitigate such activities – Develop processes and procedures for proper escalation in the event of malicious or unauthorized activities are discovered • Implement policies and protections to: – Limit the hosts/networks that can manage the network devices – Make use of token based login or one time passwords – Limit which network devices (by MAC) can directly connect University of Washington The Connector Zone Layered Security QuickTime™ and a TIFF (LZW) decompressor are needed to see this picture. University of Washington The Campus Zone Introduction •Aggregates users to the connector •Goals: –Stop “bad” traffic with no impact to “good” –Isolate threats from the community –Control SPAM, Phishing and virus threats –Provide extra layers of protection as needed –Mitigate security incidents quickly –Minimize the impacts University of Washington The Campus Zone Infrastructure • 120,000 devices • NO PERIMETER FIREWALLS • IPS at the core University of Washington The Campus Zone Intrusion Prevention •Tipping Point IPS – Rich rule set to block “bad” traffic – Blocked at least 70 million attacks in 2006 –That’s nearly 185,000 attacks a day – Ability to route some traffic around IPS for performance or policy University of Washington The Campus Zone Email Defense Options • Appliance – Easy to setup – Simplified maintenance – Less flexible • Software Solution – Often more flexible, extensible to meet needs – Separate hardware platform and OS to maintain University of Washington The Campus Zone Spam at the UW • January daily volume avg: ~3,040,000 messages, 76.6% spam • August daily volume avg: ~4,100,000 messages, 80.1% spam • Sept daily volume avg: ~4,560,000 messages, 88.5% spam University of Washington The Campus Zone Spam at the UW • As much spam this year as all mail processed in 2006 and nearly twice as much total mail as we processed from 2003-2005 • Be prepared for growth! University of Washington The Campus Zone Email-born Viruses at the UW • 2003: 9,375,000 viruses detected in email • 2004: 20,000,000 viruses in email • 2007: 2,632,000 viruses • Not the threat it once was…. University of Washington The Campus Zone UW 2003-2006 Mail Stats University of Washington The Campus Zone Network Firewalls • Two varieties – Logical Firewall – Subnet Firewall • Logical Firewall (self managed) • Selectively allows hosts to participate • http://staff.washington.edu/corey • Subnet Firewall (centrally managed) • Gibraltar (linux) or Cisco FW Services Module University of Washington The Campus Zone Incident Response • Established incident response procedures • Automated protections against worms • Able to remotely capture network traffic • Partner with industry, peers, etc for up-to-date intelligence University of Washington The Campus Zone Layered Security QuickTime™ and a TIFF (LZW) decompressor are needed to see this picture. QuickTime™ and a TIFF (LZW) decompressor are needed to see this picture. University of Washington The Dorm Zone Introduction •Student housing •Goals: –Protect Dorms from world –And the world from the Dorms :) –Provide high bandwidth for acedemics, etc –Control illegal filesharing –Enforce administrative policies (ie no servers) University of Washington The Dorm Zone Infrastructure • ~ 5,000 residents • IPS sandwich • Packeteer traffic shaper • Firewall policy enforcement University of Washington The Dorm Zone Layered Security QuickTime™ and a TIFF (LZW) decompressor are needed to see this picture. QuickTime™ and a TIFF (LZW) decompressor are needed to see this picture. University of Washington The User/Host Zone Hosts: Defending Against Threats • Anti-virus sw is critical to keeping our networked-hosts clean – configure to update itself automatically – use other features such as buffer overflow and web (http) browsing protection, where appropriate • Stay current on security updates and virus definitions/signatures University of Washington The User/Host Zone Hosts: Defending Against Threats • Use complex passwords for critical devices, e.g. hosts, routers • Use logs to catch attacks or compromises • Software to detect inconsistencies • Best place for firewall as it’s easiest to define “good” traffic – can be complex to manage University of Washington The User/Host Zone Hosts: Defending Against Threats • Isolation approach – Separate services across hosts – So one passwd doesn’t get you to everything • Block services that aren’t relevant – For example, block port 25/tcp to and from all hosts that are not mail servers University of Washington The User/Host Zone Hosts: Defending Against Threats • Security is part of everything – design, build, implement, and buy • Fewer compromises where pervasive layer protection implemented University of Washington The User/Host Zone Layered Security QuickTime™ and a TIFF (LZW) decompressor are needed to see this picture. QuickTime™ and a TIFF (LZW) decompressor are needed to see this picture. University of Washington Questions? QuickTime™ and a TIFF (LZW) decompressor are needed to see this picture. David Morton [email protected] +1 (206) 221-7814 Lori Stevens [email protected] +1 (206) 685-6227 University of Washington Resources • TippingPoint: http://www.tippingpoint.com/products_ips.html • PureMessage: http://sophos.com/products/enterprise/email/securityand-control/unix/index.html • General Security Info: http://www.securityfocus.com/ http://www.sans.org/network_security.php http://onguardonline.gov/index.html University of Washington Questions? University of Washington